harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '2.0RC'

Browse Source
This commit is contained in:
Mario Vavti 2016-12-23 10:09:46 +01:00
commit 3b9b03cf86
506 changed files with 73281 additions and 37727 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.gitignore vendored
View File

@ -60,11 +60,13 @@ nbproject/
.idea/
# composer files (at the moment composer is not officially supported and only used to add SabreDAV, we should add these)
composer.*
# When we include composer we should exclude vendor/
## composer
# locally installed composer binary
composer.phar
# vendor/ is managed by composer, no need to include in our repository
# requires new deployment and needs discussion first
#vendor/
# Exclude at least some vendor test files, examples, etc.
vendor/sabre/*/tests/
# Exclude at least some vendor test files, examples, etc. so far
vendor/**/tests/
vendor/**/Test/
vendor/sabre/*/examples/

12
.travis.yml
View File

@ -5,10 +5,6 @@ language: php
php:
# using major version aliases
# aliased to a recent 5.4.x version
- 5.4
# aliased to a recent 5.5.x version
- 5.5
# aliased to a recent 5.6.x version
- 5.6
# aliased to a recent 7.x version
@ -27,7 +23,6 @@ matrix:
# - php: hhvm
# env: DB=pgsql # PDO driver for pgsql is unsupported by HHVM (3rd party install for support)
allow_failures:
- php: 7.0
- php: hhvm
# execute any number of scripts before the test run, custom env's are available as variables
@ -36,11 +31,14 @@ matrix:
# - if [[ "$DB" == "pgsql" ]]; then psql -c "create database hello_world_test;" -U postgres; fi
# - if [[ "$DB" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS hello_world_test;" -uroot; fi
install:
- composer require phpunit/phpunit
# omitting "script:" will default to phpunit
# use the $DB env variable to determine the phpunit.xml to use
script: phpunit tests/*php
script: vendor/bin/phpunit tests/unit/
# configure notifications (email, IRC, campfire etc)
notifications:
# irc: "irc.freenode.org#yourfavouriteroomfortravis"
# a plugin/script to post to a hubzilla channel would be neat here
# a plugin/script to post to a hubzilla channel would be neat here

96
CHANGELOG
View File

@ -1,3 +1,99 @@
Hubzilla 2.0 (2016-12-23)
- Deprecate bb_iframe
- Note widget: resize the textarea to reveal full content
- Implement fixed left aside
- Implement lockview for wikilist
- Simplify wikilist widget
- Router error reporting
- Setup changes to check for shell_exec and exec functions
- Extensible permissions upgrade handling for channels with custom permission roles
- Allow plugins to cancel item_store() and item_store_update()
- ZOT version 1.2 provides negotiation of cryptographic algorithms
- Provide a fresh new look and cleaner layout and more relevant information to siteinfo
- Introduce highlight bbcode [hl]
- Implement wiki mimetypes markdown or bbcode
- Doc pages refactoring
- Update webpages and wiki context help
- Make a git commit when a new wiki page is created
- Prev-next navigation for mod_connedit to ease bulk connection edits
- Move the remote user homebutton to the user menu
- Do not render maps/locations for Diaspora destinations
- Provide 'per-page' caching for is_matrix_url() results to reduce duplicate queries
- Don't send notification for posts/comments on old conversations that were refetched after having expired
- Numerous wiki UI improvements
- Move twitter api to addon
- Cleanup and re-organise the voting and attendance buttons
- Reorganise emoticons
- Collapse navbar-collapse-1 if avatar menu is clicked.
- New display setting: static page update as opposed to live update
- Command line administrative channel connect utility
- Modernise chanview
- Implement edit activities to share post/comment edits with protocols which do not support them (e.g. Diaspora)
- Wiki export
- Numerous postgres compatibility fixes
- Remove requirement that imported profile photos be in the profile photos album
- Change event behaviour - share by default.
- Use PDO database driver exclusively (deprecate drivers that are separately maintained)
- Zot API re-write and extended
Bugfixes
- Fix z_fetch_url() incorrect variable
- Fix SQL error with app categories
- Fix do not show revert buttons if we do not have write perms
- Fix dropdown positions
- Fix do not increase opacity to more than 1
- Fix clone sync missing for some item delete operations
- Fix embed-image for fullscreen mode
- Fix attach_list_files()
- Fix full screen for embedded videos
- Fix the forum widget for forums with custom perms
- Fix issue #607 parens not recognised inside urls
- Fix pubsites: don't list dead sites
- Fix issue #596 silence headers already sent warning
- Fix missing plugins in zot-info
- Fix notification issue
- Fix issue #594 like of thing appears as profile owner like
- Fix export issue
- Fix checklist bbcode - only turn [] and [x] into checkboxes if it is found inside a checklist
- Fix wiki permissions issues
- Fix public calendar leaks connection information (birthdays) when view_contacts is not allowed
- Fix attach_rename: flaw in duplicate filename detection resulted in filename(1)(1)(1).ext
- Fix a fatal error with incorrect DB object access
- Provide /locs link on settings page if there is more than one hubloc for this channnel *that isn't deleted*.
- Fix issue #577 if connecting to a channel that is already pending, undo the pending and set connect permissions accordingly
- Fix issue #575, when 'nofinish' is set on an event, invalid date was generated/stored
- Fix bbcode event formatting issue
- Fix zot_finger from navbar people search looping
- Fix fromStandalonePermission()
Plugins
- GNU Social: removed from addons for security reasons - it might be re-implemented once it is properly reviewed
- Diaspora: missing item author when diaspora public comment received from relay
- Superblock: refactoring
- New addon: tripleaes for pro
- Cdav: "if not exists" only supported starting with postgresql v. 9.5 debian stable has 9.4
- Rendezvous: added markers and members export tool at /rendezvous/[group_id]/export/{markers,members}
- Twitter: move twitter api to addon
- New addon: b2tbtn (back to top button)
- Diaspora: import public diaspora messages to sys if applicable
- Diaspora: try and handle singletons better and simplify the associated notifier decisions
- Rendezvous: add proximity alert feature to members to issue notification when member is within a specified distance.
- New addon: diaspora_reconnect to refriend diaspora/friendica connections from a clone or channel move
- Diaspora: change the logic for deciding between upstream and downstream message flow for notifier plugins
- Rendezvous: prompt member to share their location by activating the GPS control using a tooltip and pulsing visibility
- statistics_json: fix nodeinfo
- Rendezvous: restored the lost gps-icon.png and corrected the OpenStreetMap tile server URL to avoid insecure content warnings
- Rendezvous: use observer name if available
- std_embeds: missing backslash
- Diaspora: postgres fixes issue #31
- Rendezvous: added marker list with centering buttons and popup open.
- Rendezvous: added control to see list of members sharing their location, with buttons to pan the map to center them
- Diaspora: system level diaspora toggle
- Rendezvous: added control that displays members.
- Diaspora: rename diaspora2bb() to markdown_to_bb() in core
- Hubwall: remove illegal unescaped angle chars
- Rendezvous: Add control to delete member if not updated in over 14 minutes
Hubzilla 1.14 (2016-10-13)
- New hook bbcode_filter
- Unify the various mail sending instance to enotify::send() and z_mail()

45
Zotlabs/Access/PermissionRoles.php
View File

@ -7,6 +7,9 @@ use Zotlabs\Lib as Zlib;
class PermissionRoles {
static public function version() {
return 1;
}
static function role_perms($role) {
@ -160,6 +163,7 @@ class PermissionRoles {
$ret['limits'] = PermissionLimits::Std_Limits();
break;
case 'custom':
default:
break;
}
@ -174,7 +178,48 @@ class PermissionRoles {
return $ret;
}
static public function new_custom_perms($uid,$perm,$abooks) {
// set permissionlimits for this permission here, for example:
// if($perm === 'mynewperm')
// \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
// set autoperms here if applicable
// choices are to set to 0, 1, or the value of an existing perm
if(get_pconfig($uid,'system','autoperms')) {
$c = channelx_by_n($uid);
$value = 0;
// if($perm === 'mynewperm')
// $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm'));
if($c) {
set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value);
}
}
// now set something for all existing connections.
if($abooks) {
foreach($abooks as $ab) {
switch($perm) {
// case 'mynewperm':
// choices are to set to 1, set to 0, or clone an existing perm
// set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
// get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm'));
default:
break;
}
}
}
}
static public function roles() {

16
Zotlabs/Access/Permissions.php
View File

@ -10,9 +10,20 @@ class Permissions {
/**
* Extensible permissions.
* To add new permissions, add to the list of $perms below, with a simple description.
*
* Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
* if this permission should be granted to new connections.
*
* Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom
* permission roles. You will want to set a default PermissionLimit for each channel and also
* provide a sane default for any existing connections. You may or may not wish to provide a
* default auto permission. If in doubt, leave this alone as custom permissions by definition
* are the responsbility of the channel owner to manage. You just don't want to create any
* suprises or break things so you have an opportunity to provide sane settings.
*
* Update the version here and in PermissionRoles
*
*
* Permissions with 'view' in the name are considered read permissions. Anything
* else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
* is given PERMS_SPECIFIC.
@ -23,6 +34,11 @@ class Permissions {
*
*/
static public function version() {
// This must match the version in PermissionRoles.php before permission updates can run.
return 1;
}
static public function Perms($filter = '') {

3
Zotlabs/Daemon/Master.php
View File

@ -24,8 +24,7 @@ class Master {
static public function Release($argc,$argv) {
cli_startup();
logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
require_once('Zotlabs/Daemon/' . $argv[0] . '.php');
$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
$cls::run($argc,$argv);
}
}
}

16
Zotlabs/Daemon/Notifier.php
View File

@ -4,6 +4,7 @@ namespace Zotlabs\Daemon;
require_once('include/queue_fn.php');
require_once('include/html2plain.php');
require_once('include/conversation.php');
/*
* This file was at one time responsible for doing all deliveries, but this caused
@ -120,7 +121,7 @@ class Notifier {
$normal_mode = false;
$mail = true;
$private = true;
$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
$message = q("SELECT * FROM mail WHERE id = %d LIMIT 1",
intval($item_id)
);
if(! $message) {
@ -371,12 +372,13 @@ class Notifier {
if(! $encoded_item['flags'])
$encoded_item['flags'] = array();
$encoded_item['flags'][] = 'relay';
$upstream = true;
}
else {
logger('notifier: normal distribution', LOGGER_DEBUG);
if($cmd === 'relay')
logger('notifier: owner relay');
$upstream = false;
// if our parent is a tag_delivery recipient, uplink to the original author causing
// a delivery fork.
@ -445,6 +447,7 @@ class Notifier {
$narr = array(
'channel' => $channel,
'upstream' => $upstream,
'env_recips' => $env_recips,
'packet_recips' => $packet_recips,
'recipients' => $recipients,
@ -488,7 +491,7 @@ class Notifier {
// Now we have collected recipients (except for external mentions, FIXME)
// Let's reduce this to a set of hubs.
$r = q("select * from hubloc where hubloc_hash in (" . implode(',',$recipients) . ")
$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ")
and hubloc_error = 0 and hubloc_deleted = 0"
);
@ -546,6 +549,7 @@ class Notifier {
$narr = array(
'channel' => $channel,
'upstream' => $upstream,
'env_recips' => $env_recips,
'packet_recips' => $packet_recips,
'recipients' => $recipients,
@ -599,8 +603,8 @@ class Notifier {
$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
}
elseif($packet_type === 'request') {
$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hash,
array('message_id' => $request_message_id)
$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hub['site_crypto'],
$hash, array('message_id' => $request_message_id)
);
}
@ -614,7 +618,7 @@ class Notifier {
));
}
else {
$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash);
$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);
queue_insert(array(
'hash' => $hash,
'account_id' => $target_item['aid'],

2
Zotlabs/Daemon/Ratenotif.php
View File

@ -77,7 +77,7 @@ class Ratenotif {
continue;
$hash = random_string();
$n = zot_build_packet($channel,'notify',null,null,$hash);
$n = zot_build_packet($channel,'notify',null,null,'',$hash);
queue_insert(array(
'hash' => $hash,

10
Zotlabs/Extend/Hook.php
View File

@ -10,7 +10,7 @@ class Hook {
$function = serialize($function);
}
$r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d LIMIT 1",
$r = q("SELECT * FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d LIMIT 1",
dbesc($hook),
dbesc($file),
dbesc($function),
@ -23,13 +23,13 @@ class Hook {
// To aid in upgrade and transition, remove old settings for any registered hooks that match in all respects except
// for priority or hook_version
$r = q("DELETE FROM `hook` where `hook` = '%s' and `file` = '%s' and `fn` = '%s'",
$r = q("DELETE FROM hook where hook = '%s' and file = '%s' and fn = '%s'",
dbesc($hook),
dbesc($file),
dbesc($function)
);
$r = q("INSERT INTO `hook` (`hook`, `file`, `fn`, `priority`, `hook_version`) VALUES ( '%s', '%s', '%s', %d, %d )",
$r = q("INSERT INTO hook (hook, file, fn, priority, hook_version) VALUES ( '%s', '%s', '%s', %d, %d )",
dbesc($hook),
dbesc($file),
dbesc($function),
@ -44,7 +44,7 @@ class Hook {
if(is_array($function)) {
$function = serialize($function);
}
$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d",
$r = q("DELETE FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d",
dbesc($hook),
dbesc($file),
dbesc($function),
@ -60,7 +60,7 @@ class Hook {
static public function unregister_by_file($file) {
$r = q("DELETE FROM hook WHERE `file` = '%s' ",
$r = q("DELETE FROM hook WHERE file = '%s' ",
dbesc($file)
);

4
Zotlabs/Lib/AConfig.php
View File

@ -10,8 +10,8 @@ class AConfig {
return XConfig::Load('a_' . $account_id);
}
static public function Get($account_id,$family,$key) {
return XConfig::Get('a_' . $account_id,$family,$key);
static public function Get($account_id,$family,$key,$default = false) {
return XConfig::Get('a_' . $account_id,$family,$key, $default);
}
static public function Set($account_id,$family,$key,$value) {

4
Zotlabs/Lib/AbConfig.php
View File

@ -16,7 +16,7 @@ class AbConfig {
}
static public function Get($chan,$xhash,$family,$key) {
static public function Get($chan,$xhash,$family,$key, $default = false) {
$r = q("select * from abconfig where chan = %d and xchan = '%s' and cat = '%s' and k = '%s' limit 1",
intval($chan),
dbesc($xhash),
@ -26,7 +26,7 @@ class AbConfig {
if($r) {
return ((preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
}
return false;
return $default;
}

6
Zotlabs/Lib/Apps.php
View File

@ -68,7 +68,7 @@ class Apps {
if($id !== true) {
// if we already installed this app, but it changed, preserve any categories we created
$s = '';
$r = q("select * from term where otype = %d and oid = d",
$r = q("select * from term where otype = %d and oid = %d",
intval(TERM_OBJ_APP),
intval($id)
);
@ -203,7 +203,7 @@ class Apps {
static public function translate_system_apps(&$arr) {
$apps = array(
'Site Admin' => t('Site Admin'),
'Bug Report' => t('Bug Report'),
'Report Bug' => t('Report Bug'),
'View Bookmarks' => t('View Bookmarks'),
'My Chatrooms' => t('My Chatrooms'),
'Connections' => t('Connections'),
@ -359,7 +359,7 @@ class Apps {
if($r) {
if(! $r[0]['app_system']) {
if($app['categories'] && (! $app['term'])) {
$r[0]['term'] = q("select * from term where otype = %d and oid = d",
$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
intval(TERM_OBJ_APP),
intval($r[0]['id'])
);

6
Zotlabs/Lib/Config.php
View File

@ -98,13 +98,13 @@ class Config {
* @return mixed Return value or false on error or if not set
*/
static public function Get($family,$key) {
static public function Get($family,$key,$default = false) {
if((! array_key_exists($family, \App::$config)) || (! array_key_exists('config_loaded', \App::$config[$family])))
self::Load($family);
if(array_key_exists('config_loaded', \App::$config[$family])) {
if(! array_key_exists($key, \App::$config[$family])) {
return false;
return $default;
}
return ((! is_array(\App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$family][$key]))
? unserialize(\App::$config[$family][$key])
@ -112,7 +112,7 @@ class Config {
);
}
return false;
return $default;
}
/**

92
Zotlabs/Lib/Enotify.php
View File

@ -78,15 +78,12 @@ class Enotify {
$sender_email = get_config('system','from_email');
if(! $sender_email)
$sender_email = 'Administrator' . '@' . \App::get_hostname();
$sender_name = get_config('system','from_email_name');
if(! $sender_name)
$sender_name = \Zotlabs\Lib\System::get_site_name();
$additional_mail_header = "";
if(array_key_exists('item', $params)) {
@ -105,6 +102,10 @@ class Enotify {
$title = $params['item']['title'];
$body = $params['item']['body'];
}
if($params['item']['created'] < datetime_convert('UTC','UTC','now - 1 month')) {
logger('notification invoked for an old item which may have been refetched.',LOGGER_DEBUG,LOG_INFO);
return;
}
}
else {
$title = $body = '';
@ -216,6 +217,85 @@ class Enotify {
$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
}
if ($params['type'] == NOTIFY_LIKE) {
// logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
$itemlink = $params['link'];
// ignore like/unlike activity on posts - they probably require a separate notification preference
if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
logger('notification: not a like activity. Ignoring.');
pop_lang();
return;
}
$parent_mid = $params['parent_mid'];
// Check to see if there was already a notify for this post.
// If so don't create a second notification
$p = null;
$p = q("select id from notify where link = '%s' and uid = %d limit 1",
dbesc($params['link']),
intval($recip['channel_id'])
);
if ($p) {
logger('notification: like already notified');
pop_lang();
return;
}
// if it's a post figure out who's post it is.
$p = null;
if($params['otype'] === 'item' && $parent_mid) {
$p = q("select * from item where mid = '%s' and uid = %d limit 1",
dbesc($parent_mid),
intval($recip['channel_id'])
);
}
xchan_query($p);
$item_post_type = item_post_type($p[0]);
// $private = $p[0]['item_private'];
$parent_id = $p[0]['id'];
$parent_item = $p[0];
// "your post"
if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
$recip['channel_name'],
'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
$itemlink,
$item_post_type);
else {
pop_lang();
return;
}
// Some mail softwares relies on subject field for threading.
// So, we cannot have different subjects for notifications of the same thread.
// Before this we have the name of the replier on the subject rendering
// differents subjects for messages on the same thread.
$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']);
$epreamble = $dest_str;
$sitelink = t('Please visit %s to view and/or reply to the conversation.');
$tsitelink = sprintf( $sitelink, $siteurl );
$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
}
if($params['type'] == NOTIFY_WALL) {
$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
@ -364,7 +444,7 @@ class Enotify {
do {
$dups = false;
$hash = random_string();
$r = q("SELECT `id` FROM `notify` WHERE `hash` = '%s' LIMIT 1",
$r = q("SELECT id FROM notify WHERE hash = '%s' LIMIT 1",
dbesc($hash));
if ($r)
$dups = true;
@ -633,7 +713,7 @@ class Enotify {
call_hooks('email_send', $params);
if($params['sent']) {
logger("notification: enotify::send (addon) returns " . $params['result'], LOGGER_DEBUG);
logger("notification: enotify::send (addon) returns " . (($params['result']) ? 'success' : 'failure'), LOGGER_DEBUG);
return $params['result'];
}
@ -676,7 +756,7 @@ class Enotify {
$multipartMessageBody, // message body
$messageHeader // message headers
);
logger("notification: enotify::send returns " . $res, LOGGER_DEBUG);
logger("notification: enotify::send returns " . (($res) ? 'success' : 'failure'), LOGGER_DEBUG);
return $res;
}

6
Zotlabs/Lib/IConfig.php
View File

@ -10,7 +10,7 @@ class IConfig {
return;
}
static public function Get(&$item, $family, $key) {
static public function Get(&$item, $family, $key, $default = false) {
$is_item = false;
@ -28,7 +28,7 @@ class IConfig {
$iid = $item;
if(! $iid)
return false;
return $default;
if(is_array($item) && array_key_exists('iconfig',$item) && is_array($item['iconfig'])) {
foreach($item['iconfig'] as $c) {
@ -48,7 +48,7 @@ class IConfig {
$item['iconfig'][] = $r[0];
return $r[0]['v'];
}
return false;
return $default;
}

22
Zotlabs/Lib/PConfig.php
View File

@ -67,16 +67,16 @@ class PConfig {
* @return mixed Stored value or false if it does not exist
*/
static public function Get($uid,$family,$key,$instore = false) {
static public function Get($uid,$family,$key,$default = false) {
if(is_null($uid) || $uid === false)
return false;
return $default;
if(! array_key_exists($uid, \App::$config))
self::Load($uid);
if((! array_key_exists($family, \App::$config[$uid])) || (! array_key_exists($key, \App::$config[$uid][$family])))
return false;
return $default;
return ((! is_array(\App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$uid][$family][$key]))
? unserialize(\App::$config[$uid][$family][$key])
@ -185,13 +185,17 @@ class PConfig {
$ret = false;
if(array_key_exists($key, \App::$config[$uid][$family]))
if(array_key_exists($uid,\App::$config)
&& is_array(\App::$config['uid'])
&& array_key_exists($family,\App::$config['uid'])
&& array_key_exists($key, \App::$config[$uid][$family]))
unset(\App::$config[$uid][$family][$key]);
$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
intval($uid),
dbesc($family),
dbesc($key)
);
$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
intval($uid),
dbesc($family),
dbesc($key)
);
return $ret;
}

54
Zotlabs/Lib/PermissionDescription.php
View File

@ -12,22 +12,25 @@ require_once("include/text.php");
* permission settings for an item with an empty ACL.
* i.e the caption, icon, and tooltip for the no-ACL option in the ACL dialog.
*/
class PermissionDescription {
class PermissionDescription {
private $global_perm;
private $channel_perm;
private $fallback_description;
/**
* Constructor is private.
* Use static methods fromGlobalPermission(), fromStandalonePermission(), or fromDescription()
* to create instances.
* Use static methods fromGlobalPermission(), fromStandalonePermission(),
* or fromDescription() to create instances.
*
* @internal
* @param int $global_perm
* @param int $channel_perm
* @param string $description (optional) default empty
*/
private function __construct($global_perm, $channel_perm, $description = '') {
$this->global_perm = $global_perm;
$this->channel_perm = $channel_perm;
$this->fallback_description = ($description == '') ? t('Visible to your default audience') : $description;
}
@ -43,23 +46,22 @@ class PermissionDescription {
return new PermissionDescription('', 0x80000, $description);
}
/**
* Use this method only if the interpretation of an empty ACL doesn't fall back to a global
* default permission. You should pass one of the constants from boot.php - PERMS_PUBLIC,
* PERMS_NETWORK etc.
*
*
* @param integer $perm - a single enumerated constant permission - PERMS_PUBLIC, PERMS_NETWORK etc.
* @return a new instance of PermissionDescription
*/
public static function fromStandalonePermission($perm) {
$result = new PermissionDescription('', $perm);
$checkPerm = $this->get_permission_description();
if ($checkPerm == $this->fallback_description) {
$checkPerm = $result->get_permission_description();
if($checkPerm == $result->fallback_description) {
$result = null;
logger('null PermissionDescription from unknown standalone permission: ' . $perm ,LOGGER_DEBUG, LOG_ERROR);
logger('null PermissionDescription from unknown standalone permission: ' . $perm, LOGGER_DEBUG, LOG_ERR);
}
return $result;
@ -67,9 +69,9 @@ class PermissionDescription {
/**
* This is the preferred way to create a PermissionDescription, as it provides the most details.
* Use this method if you know an empty ACL will result in one of the global default permissions
* Use this method if you know an empty ACL will result in one of the global default permissions
* being used, such as channel_r_stream (for which you would pass 'view_stream').
*
*
* @param string $permname - a key for the global perms array from get_perms() in permissions.php,
* e.g. 'view_stream', 'view_profile', etc.
* @return a new instance of PermissionDescription
@ -80,19 +82,19 @@ class PermissionDescription {
$global_perms = \Zotlabs\Access\Permissions::Perms();
if (array_key_exists($permname, $global_perms)) {
if(array_key_exists($permname, $global_perms)) {
$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'], $permname);
$result = new PermissionDescription('', $channelPerm);
} else {
// The acl dialog can handle null arguments, but it shouldn't happen
logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
logger('null PermissionDescription from unknown global permission: ' . $permname, LOGGER_DEBUG, LOG_ERR);
}
return $result;
}
/**
* Gets a localized description of the permission, or a generic message if the permission
* is unknown.
@ -101,8 +103,7 @@ class PermissionDescription {
*/
public function get_permission_description() {
switch($this->channel_perm) {
switch($this->channel_perm) {
case 0: return t('Only me');
case PERMS_PUBLIC: return t('Public');
case PERMS_NETWORK: return t('Anybody in the $Projectname network');
@ -117,19 +118,18 @@ class PermissionDescription {
/**
* Returns an icon css class name if an appropriate one is available, e.g. "fa-globe" for Public,
* otherwise returns empty string.
* otherwise returns empty string.
*
* @return string icon css class name (often FontAwesome)
*/
public function get_permission_icon() {
switch($this->channel_perm) {
switch($this->channel_perm) {
case 0:/* only me */ return 'fa-eye-slash';
case PERMS_PUBLIC: return 'fa-globe';
case PERMS_NETWORK: return 'fa-share-alt-square'; // fa-share-alt-square is very similiar to the hubzilla logo, but we should create our own logo class to use
case PERMS_SITE: return 'fa-sitemap';
case PERMS_CONTACTS: return 'fa-group';
case PERMS_SITE: return 'fa-sitemap';
case PERMS_CONTACTS: return 'fa-group';
case PERMS_SPECIFIC: return 'fa-list';
case PERMS_AUTHED: return '';
case PERMS_PENDING: return '';
@ -137,7 +137,6 @@ class PermissionDescription {
}
}
/**
* Returns a localized description of where the permission came from, if this is known.
* If it's not know, or if the permission is standalone and didn't come from a default
@ -147,8 +146,7 @@ class PermissionDescription {
*/
public function get_permission_origin_description() {
switch($this->global_perm) {
switch($this->global_perm) {
case PERMS_R_STREAM: return t('This is your default setting for the audience of your normal stream, and posts.');
case PERMS_R_PROFILE: return t('This is your default setting for who can view your default channel profile');
case PERMS_R_ABOOK: return t('This is your default setting for who can view your connections');

28
Zotlabs/Lib/System.php
View File

@ -32,16 +32,30 @@ class System {
static public function get_notify_icon() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
return \App::$config['system']['email_notify_icon_url'];
return z_root() . '/images/hz-white-32.png';
return z_root() . DEFAULT_NOTIFY_ICON;
}
static public function get_site_icon() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
return \App::$config['system']['site_icon_url'];
return z_root() . '/images/hz-32.png';
return z_root() . DEFAULT_PLATFORM_ICON ;
}
static public function get_project_link() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_link'])
return \App::$config['system']['project_link'];
return 'https://hubzilla.org';
}
static public function get_project_srclink() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
return \App::$config['system']['project_srclink'];
return 'https://github.com/redmatrix/hubzilla';
}
static public function get_server_role() {
if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['server_role'])
return \App::$config['system']['server_role'];
@ -54,5 +68,15 @@ class System {
return '0.0.0';
}
static public function compatible_project($p) {
if(get_directory_realm() != DIRECTORY_REALM)
return true;
foreach(['hubzilla','zap'] as $t) {
if(stristr($p,$t))
return true;
}
return false;
}
}

21
Zotlabs/Lib/Techlevels.php Normal file
View File

@ -0,0 +1,21 @@
<?php
namespace Zotlabs\Lib;
class Techlevels {
static public function levels() {
$techlevels = [
'0' => t('Beginner/Basic'),
'1' => t('Novice - not skilled but willing to learn'),
'2' => t('Intermediate - somewhat comfortable'),
'3' => t('Advanced - very comfortable'),
'4' => t('Expert - I can write computer code'),
'5' => t('Wizard - I probably know more than you do')
];
return $techlevels;
}
}

6
Zotlabs/Lib/ThreadItem.php
View File

@ -44,7 +44,7 @@ class ThreadItem {
* Only add those that will be displayed
*/
if((! visible_activity($item)) || array_key_exists('author_blocked',$item)) {
if((! visible_activity($item)) || array_key_exists('blocked',$item)) {
continue;
}
@ -355,6 +355,10 @@ class ThreadItem {
'unverified' => $unverified,
'forged' => $forged,
'location' => $location,
'attend_label' => t('Attend'),
'attend_title' => t('Attendance Options'),
'vote_label' => t('Vote'),
'vote_title' => t('Voting Options'),
'indent' => $indent,
'owner_url' => $this->get_owner_url(),
'owner_photo' => $this->get_owner_photo(),

6
Zotlabs/Lib/ThreadStream.php
View File

@ -58,7 +58,7 @@ class ThreadStream {
case 'display':
// in this mode we set profile_owner after initialisation (from conversation()) and then
// pull some trickery which allows us to re-invoke this function afterward
// it's an ugly hack so FIXME
// it's an ugly hack so @FIXME
$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
break;
case 'page':
@ -160,9 +160,9 @@ class ThreadStream {
}
elseif(($this->observer) && (! $item->is_commentable())) {
if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
$item->set_commentable(perm_is_allowed($this->profile_owner,$this->observer['xchan_hash'],'post_comments'));
$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
else
$item->set_commentable(can_comment_on_post($this->observer['xchan_hash'],$item->data));
$item->set_commentable(can_comment_on_post($ob_hash,$item->data));
}
}
require_once('include/channel.php');

6
Zotlabs/Lib/XConfig.php
View File

@ -59,16 +59,16 @@ class XConfig {
* @return mixed Stored $value or false if it does not exist
*/
static public function Get($xchan, $family, $key) {
static public function Get($xchan, $family, $key, $default = false) {
if(! $xchan)
return false;
return $default;
if(! array_key_exists($xchan, \App::$config))
load_xconfig($xchan);
if((! array_key_exists($family, \App::$config[$xchan])) || (! array_key_exists($key, \App::$config[$xchan][$family])))
return false;
return $default;
return ((! is_array(\App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$xchan][$family][$key]))
? unserialize(\App::$config[$xchan][$family][$key])

6
Zotlabs/Module/Acl.php
View File

@ -77,7 +77,7 @@ class Acl extends \Zotlabs\Web\Controller {
if($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'" : "%'")) . ") ";
// This horrible mess is needed because position also returns 0 if nothing is found.
@ -105,9 +105,9 @@ class Acl extends \Zotlabs\Web\Controller {
if($type == '' || $type == 'g') {
$r = q("SELECT groups.id, groups.hash, groups.gname
FROM groups,group_member
FROM groups, group_member
WHERE groups.deleted = 0 AND groups.uid = %d
AND group_member.gid=groups.id
AND group_member.gid = groups.id
$sql_extra
GROUP BY groups.id
ORDER BY groups.gname

58
Zotlabs/Module/Admin.php
View File

@ -1,21 +1,20 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/admin.php
* @file Zotlabs/Module/Admin.php
* @brief Hubzilla's admin controller.
*
* Controller for the /admin/ area.
*/
namespace Zotlabs\Module;
require_once('include/queue_fn.php');
require_once('include/account.php');
/**
* @param App &$a
* @brief Admin area.
*
*/
class Admin extends \Zotlabs\Web\Controller {
private $sm = null;
@ -26,36 +25,35 @@ class Admin extends \Zotlabs\Web\Controller {
function post(){
logger('admin_post', LOGGER_DEBUG);
if(! is_site_admin()) {
return;
}
if (argc() > 1) {
$this->sm->call('post');
}
goaway(z_root() . '/admin' );
}
/**
* @return string
*/
function get() {
logger('admin_content', LOGGER_DEBUG);
if(! is_site_admin()) {
return login(false);
}
/*
* Page content
*/
$o = '';
if(argc() > 1) {
$o = $this->sm->call('get');
if($o === false) {
@ -65,9 +63,9 @@ class Admin extends \Zotlabs\Web\Controller {
else {
$o = $this->admin_page_summary();
}
if(is_ajax()) {
echo $o;
echo $o;
killme();
return '';
}
@ -75,16 +73,15 @@ class Admin extends \Zotlabs\Web\Controller {
return $o;
}
}
/**
* @brief Returns content for Admin Summary Page.
*
* @param App &$a
* @return string HTML from parsed admin_summary.tpl
*/
function admin_page_summary() {
// list total user accounts, expirations etc.
$accounts = array();
$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account",
@ -99,11 +96,11 @@ class Admin extends \Zotlabs\Web\Controller {
$accounts['expired'] = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']);
$accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']);
}
// pending registrations
$r = q("SELECT COUNT(id) AS `count` FROM `register` WHERE `uid` != '0'");
$pending = $r[0]['count'];
$r = q("SELECT COUNT(id) AS rtotal FROM register WHERE uid != '0'");
$pending = $r[0]['rtotal'];
// available channels, primary and clones
$channels = array();
$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
@ -112,15 +109,15 @@ class Admin extends \Zotlabs\Web\Controller {
$channels['main'] = array('label' => t('# primary'), 'val' => $r[0]['main']);
$channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']);
}
// We can do better, but this is a quick queue status
$r = q("SELECT COUNT(outq_delivered) AS total FROM outq WHERE outq_delivered = 0");
$queue = (($r) ? $r[0]['total'] : 0);
$queues = array( 'label' => t('Message queues'), 'queue' => $queue );
// If no plugins active return 0, otherwise list of plugin names
$plugins = (count(\App::$plugins) == 0) ? count(\App::$plugins) : \App::$plugins;
// Could be extended to provide also other alerts to the admin
$alertmsg = '';
// annoy admin about upcoming unsupported PHP version
@ -135,7 +132,6 @@ class Admin extends \Zotlabs\Web\Controller {
$upgrade = ((version_compare(STD_VERSION,$vmaster) < 0) ? t('Your software should be updated') : '');
$t = get_markup_template('admin_summary.tpl');
return replace_macros($t, array(
'$title' => t('Administration'),
@ -150,10 +146,8 @@ class Admin extends \Zotlabs\Web\Controller {
'$vmaster' => array( t('Repository version (master)'), $vmaster),
'$vdev' => array( t('Repository version (dev)'), $vdev),
'$upgrade' => $upgrade,
'$build' => get_config('system', 'db_version')
'$build' => get_config('system', 'db_version')
));
}
}

20
Zotlabs/Module/Admin/Account_edit.php
View File

@ -29,6 +29,22 @@ class Account_edit {
info( sprintf( t('Password changed for account %d.'), $account_id). EOL);
}
$service_class = trim($_REQUEST['service_class']);
$account_level = intval(trim($_REQUEST['account_level']));
$account_language = trim($_REQUEST['account_language']);
$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s'
where account_id = %d",
dbesc($service_class),
intval($account_level),
dbesc($account_language),
intval($account_id)
);
if($r)
info( t('Account settings updated.') . EOL);
goaway(z_root() . '/admin/accounts');
}
@ -46,11 +62,15 @@ class Account_edit {
return '';
}
$a = replace_macros(get_markup_template('admin_account_edit.tpl'), [
'$account' => $x[0],
'$title' => t('Account Edit'),
'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
'$account_level' => [ 'account_level', t('Technical skill level'), $x[0]['account_level'], '', \Zotlabs\Lib\Techlevels::levels() ],
'$account_language' => [ 'account_language' , t('Account language (for emails)'), $x[0]['account_language'], '', language_list() ],
'$service_class' => [ 'service_class', t('Service class'), $x[0]['account_service_class'], '' ],
'$submit' => t('Submit'),
]
);

7
Zotlabs/Module/Admin/Accounts.php
View File

@ -133,10 +133,9 @@ class Accounts {
$base = z_root() . '/admin/accounts?f=';
$odir = (($dir === 'asc') ? '0' : '1');
$users = q("SELECT `account_id` , `account_email`, `account_lastlog`, `account_created`, `account_expires`, " . "`account_service_class`, ( account_flags & %d ) > 0 as `blocked`, " .
"(SELECT %s FROM channel as ch " .
"WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as `channels` " .
"FROM account as ac where true $serviceclass order by $key $dir limit %d offset %d ",
$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked,
(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac
where true $serviceclass order by $key $dir limit %d offset %d ",
intval(ACCOUNT_BLOCKED),
db_concat('ch.channel_address', ' '),
intval(\App::$pager['itemspage']),

90
Zotlabs/Module/Admin/Channels.php
View File

@ -2,35 +2,36 @@
namespace Zotlabs\Module\Admin;
/**
* @brief Admin Module for Channels.
*
*/
class Channels {
/**
* @brief Channels admin page.
* @brief Handle POST actions on channels admin page.
*
* @param App &$a
*/
function post() {
$channels = ( x($_POST, 'channel') ? $_POST['channel'] : Array() );
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels');
$xor = db_getfunc('^');
if (x($_POST,'page_channels_block')){
foreach($channels as $uid){
if(x($_POST, 'page_channels_block')) {
foreach($channels as $uid) {
q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
intval(PAGE_CENSORED),
intval( $uid )
);
\Zotlabs\Daemon\Master::Summon(array('Directory',$uid,'nopush'));
\Zotlabs\Daemon\Master::Summon(array('Directory', $uid, 'nopush'));
}
notice( sprintf( tt("%s channel censored/uncensored", "%s channels censored/uncensored", count($channels)), count($channels)) );
}
if (x($_POST,'page_channels_code')){
foreach($channels as $uid){
if(x($_POST, 'page_channels_code')) {
foreach($channels as $uid) {
q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
intval(PAGE_ALLOWCODE),
intval( $uid )
@ -38,74 +39,71 @@ class Channels {
}
notice( sprintf( tt("%s channel code allowed/disallowed", "%s channels code allowed/disallowed", count($channels)), count($channels)) );
}
if (x($_POST,'page_channels_delete')){
foreach($channels as $uid){
channel_remove($uid,true);
if(x($_POST, 'page_channels_delete')) {
foreach($channels as $uid) {
channel_remove($uid, true);
}
notice( sprintf( tt("%s channel deleted", "%s channels deleted", count($channels)), count($channels)) );
}
goaway(z_root() . '/admin/channels' );
}
/**
* @brief
* @brief Generate channels admin page and handle single item operations.
*
* @return string
* @return string with parsed HTML
*/
function get() {
if(argc() > 2) {
$uid = argv(3);
$channel = q("SELECT * FROM channel WHERE channel_id = %d",
intval($uid)
);
if(! $channel) {
notice( t('Channel not found') . EOL);
goaway(z_root() . '/admin/channels' );
}
switch(argv(2)) {
case "delete":{
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
// delete channel
channel_remove($uid,true);
notice( sprintf(t("Channel '%s' deleted"), $channel[0]['channel_name']) . EOL);
}; break;
case "block":{
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_CENSORED;
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_CENSORED;
q("UPDATE channel SET channel_pageflags = %d where channel_id = %d",
intval($pflags),
intval( $uid )
);
\Zotlabs\Daemon\Master::Summon(array('Directory',$uid,'nopush'));
notice( sprintf( (($pflags & PAGE_CENSORED) ? t("Channel '%s' censored"): t("Channel '%s' uncensored")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL);
}; break;
case "code":{
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_ALLOWCODE;
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_ALLOWCODE;
q("UPDATE channel SET channel_pageflags = %d where channel_id = %d",
intval($pflags),
intval( $uid )
);
notice( sprintf( (($pflags & PAGE_ALLOWCODE) ? t("Channel '%s' code allowed"): t("Channel '%s' code disallowed")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL);
}; break;
default:
default:
break;
}
goaway(z_root() . '/admin/channels' );
}
$key = (($_REQUEST['key']) ? dbesc($_REQUEST['key']) : 'channel_id');
$dir = 'asc';
if(array_key_exists('dir',$_REQUEST))
@ -114,10 +112,8 @@ class Channels {
$base = z_root() . '/admin/channels?f=';
$odir = (($dir === 'asc') ? '0' : '1');
/* get channels */
$total = q("SELECT count(*) as total FROM channel where channel_removed = 0 and channel_system = 0");
if($total) {
\App::set_pager_total($total[0]['total']);
@ -135,15 +131,15 @@ class Channels {
$channels[$x]['blocked'] = true;
else
$channels[$x]['blocked'] = false;
if($channels[$x]['channel_pageflags'] & PAGE_ALLOWCODE)
$channels[$x]['allowcode'] = true;
else
$channels[$x]['allowcode'] = false;
}
}
$t = get_markup_template("admin_channels.tpl");
$t = get_markup_template('admin_channels.tpl');
$o = replace_macros($t, array(
// strings //
'$title' => t('Administration'),
@ -158,29 +154,23 @@ class Channels {
'$h_channels' => t('Channel'),
'$base' => $base,
'$odir' => $odir,
'$th_channels' => array(
'$th_channels' => array(
[ t('UID'), 'channel_id' ],
[ t('Name'), 'channel_name' ],
[ t('Address'), 'channel_address' ]),
'$confirm_delete_multi' => t('Selected channels will be deleted!\n\nEverything that was posted in these channels on this site will be permanently deleted!\n\nAre you sure?'),
'$confirm_delete' => t('The channel {0} will be deleted!\n\nEverything that was posted in this channel on this site will be permanently deleted!\n\nAre you sure?'),
'$form_security_token' => get_form_security_token("admin_channels"),
'$form_security_token' => get_form_security_token('admin_channels'),
// values //
'$baseurl' => z_root(),
'$channels' => $channels,
));
$o .= paginate($a);
return $o;
}
}

2
Zotlabs/Module/Admin/Dbsync.php
View File

@ -42,7 +42,7 @@ class Dbsync {
}
$failed = array();
$r = q("select * from config where `cat` = 'database' ");
$r = q("select * from config where cat = 'database' ");
if(count($r)) {
foreach($r as $rr) {
$upd = intval(substr($rr['k'],8));

112
Zotlabs/Module/Admin/Site.php
View File

@ -5,11 +5,9 @@ namespace Zotlabs\Module\Admin;
class Site {
/**
* @brief POST handler for Admin Site Page.
*
* @param App &$a
*/
function post(){
if (!x($_POST, 'page_site')) {
@ -17,38 +15,39 @@ class Site {
}
check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
$sitename = ((x($_POST,'sitename')) ? notags(trim($_POST['sitename'])) : '');
$server_role = ((x($_POST,'server_role')) ? notags(trim($_POST['server_role'])) : 'standard');
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
$banner = ((x($_POST,'banner')) ? trim($_POST['banner']) : false);
$admininfo = ((x($_POST,'admininfo')) ? trim($_POST['admininfo']) : false);
$siteinfo = ((x($_POST,'siteinfo')) ? trim($_POST['siteinfo']) : '');
$language = ((x($_POST,'language')) ? notags(trim($_POST['language'])) : '');
$theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme'])) : '');
$theme_mobile = ((x($_POST,'theme_mobile')) ? notags(trim($_POST['theme_mobile'])) : '');
// $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : '');
// $site_channel = ((x($_POST,'site_channel')) ? notags(trim($_POST['site_channel'])) : '');
$maximagesize = ((x($_POST,'maximagesize')) ? intval(trim($_POST['maximagesize'])) : 0);
$register_policy = ((x($_POST,'register_policy')) ? intval(trim($_POST['register_policy'])) : 0);
$access_policy = ((x($_POST,'access_policy')) ? intval(trim($_POST['access_policy'])) : 0);
$invite_only = ((x($_POST,'invite_only')) ? True : False);
$abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0);
$invite_only = ((x($_POST,'invite_only')) ? True : False);
$abandon_days = ((x($_POST,'abandon_days')) ? intval(trim($_POST['abandon_days'])) : 0);
$register_text = ((x($_POST,'register_text')) ? notags(trim($_POST['register_text'])) : '');
$frontpage = ((x($_POST,'frontpage')) ? notags(trim($_POST['frontpage'])) : '');
$mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0);
$directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
$allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : '');
$force_publish = ((x($_POST,'publish_all')) ? True : False);
$disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? False : True);
$login_on_homepage = ((x($_POST,'login_on_homepage')) ? True : False);
$enable_context_help = ((x($_POST,'enable_context_help')) ? True : False);
$frontpage = ((x($_POST,'frontpage')) ? notags(trim($_POST['frontpage'])) : '');
$mirror_frontpage = ((x($_POST,'mirror_frontpage')) ? intval(trim($_POST['mirror_frontpage'])) : 0);
$directory_server = ((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
$allowed_sites = ((x($_POST,'allowed_sites')) ? notags(trim($_POST['allowed_sites'])) : '');
$force_publish = ((x($_POST,'publish_all')) ? True : False);
$disable_discover_tab = ((x($_POST,'disable_discover_tab')) ? False : True);
$login_on_homepage = ((x($_POST,'login_on_homepage')) ? True : False);
$enable_context_help = ((x($_POST,'enable_context_help')) ? True : False);
$global_directory = ((x($_POST,'directory_submit_url')) ? notags(trim($_POST['directory_submit_url'])) : '');
$no_community_page = !((x($_POST,'no_community_page')) ? True : False);
$default_expire_days = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
$verifyssl = ((x($_POST,'verifyssl')) ? True : False);
$proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : '');
$proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : '');
@ -62,11 +61,9 @@ class Site {
$techlevel_lock = ((x($_POST,'techlock')) ? intval($_POST['techlock']) : 0);
$techlevel = null;
if(array_key_exists('techlevel',$_POST))
if(array_key_exists('techlevel', $_POST))
$techlevel = intval($_POST['techlevel']);
set_config('system', 'server_role', $server_role);
set_config('system', 'feed_contacts', $feed_contacts);
set_config('system', 'delivery_interval', $delivery_interval);
@ -84,16 +81,16 @@ class Site {
if(! is_null($techlevel))
set_config('system', 'techlevel', $techlevel);
if($directory_server)
set_config('system','directory_server',$directory_server);
if ($banner == '') {
del_config('system', 'banner');
} else {
set_config('system', 'banner', $banner);
}
if ($admininfo == ''){
del_config('system', 'admininfo');
} else {
@ -101,6 +98,7 @@ class Site {
linkify_tags($a, $admininfo, local_channel());
set_config('system', 'admininfo', $admininfo);
}
set_config('system','siteinfo',$siteinfo);
set_config('system', 'language', $language);
set_config('system', 'theme', $theme);
if ( $theme_mobile === '---' ) {
@ -110,9 +108,9 @@ class Site {
}
// set_config('system','site_channel', $site_channel);
set_config('system','maximagesize', $maximagesize);
set_config('system','register_policy', $register_policy);
set_config('system','invitation_only', $invite_only);
set_config('system','invitation_only', $invite_only);
set_config('system','access_policy', $access_policy);
set_config('system','account_abandon_days', $abandon_days);
set_config('system','register_text', $register_text);
@ -124,14 +122,14 @@ class Site {
} else {
set_config('system', 'directory_submit_url', $global_directory);
}
set_config('system','no_community_page', $no_community_page);
set_config('system','no_utf', $no_utf);
set_config('system','verifyssl', $verifyssl);
set_config('system','proxyuser', $proxyuser);
set_config('system','proxy', $proxy);
set_config('system','curl_timeout', $timeout);
info( t('Site settings updated.') . EOL);
goaway(z_root() . '/admin/site' );
}
@ -139,15 +137,14 @@ class Site {
/**
* @brief Admin page site.
*
* @return string
* @return string with HTML
*/
function get() {
/* Installed langs */
$lang_choices = array();
$langs = glob('view/*/hstrings.php');
if(is_array($langs) && count($langs)) {
if(! in_array('view/en/hstrings.php',$langs))
$langs[] = 'view/en/';
@ -157,7 +154,7 @@ class Site {
$lang_choices[$t[1]] = $t[1];
}
}
/* Installed themes */
$theme_choices_mobile["---"] = t("Default");
$theme_choices = array();
@ -184,13 +181,13 @@ class Site {
}
}
}
$dir_choices = null;
$dirmode = get_config('system','directory_mode');
$realm = get_directory_realm();
// directory server should not be set or settable unless we are a directory client
if($dirmode == DIRECTORY_MODE_NORMAL) {
$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'",
intval(DIRECTORY_MODE_SECONDARY),
@ -204,25 +201,25 @@ class Site {
}
}
}
/* Banner */
$banner = get_config('system', 'banner');
if($banner === false)
if($banner === false)
$banner = get_config('system','sitename');
$banner = htmlspecialchars($banner);
/* Admin Info */
$admininfo = get_config('system', 'admininfo');
/* Register policy */
$register_choices = Array(
REGISTER_CLOSED => t("No"),
REGISTER_APPROVE => t("Yes - with approval"),
REGISTER_OPEN => t("Yes")
);
/* Acess policy */
$access_choices = Array(
ACCESS_PRIVATE => t("My site is not a public server"),
@ -230,36 +227,32 @@ class Site {
ACCESS_FREE => t("My site has free access only"),
ACCESS_TIERED => t("My site offers free accounts with optional paid upgrades")
);
$discover_tab = get_config('system','disable_discover_tab');
// $disable public streams by default
if($discover_tab === false)
$discover_tab = 1;
// now invert the logic for the setting.
$discover_tab = (1 - $discover_tab);
$server_roles = [
'basic' => t('Basic/Minimal Social Networking'),
'standard' => t('Standard Configuration (default)'),
'pro' => t('Professional')
];
$techlevels = [
'0' => t('Beginner/Basic'),
'1' => t('Novice - not skilled but willing to learn'),
'2' => t('Intermediate - somewhat comfortable'),
'3' => t('Advanced - very comfortable'),
'4' => t('Expert - I can write computer code'),
'4' => t('Expert - I can write computer code'),
'5' => t('Wizard - I probably know more than you do')
];
$homelogin = get_config('system','login_on_homepage');
$enable_context_help = get_config('system','enable_context_help');
$t = get_markup_template("admin_site.tpl");
return replace_macros($t, array(
'$title' => t('Administration'),
@ -269,7 +262,7 @@ class Site {
'$upload' => t('File upload'),
'$corporate' => t('Policies'),
'$advanced' => t('Advanced'),
'$baseurl' => z_root(),
// name, label, value, help string, extra data...
'$sitename' => array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
@ -280,14 +273,14 @@ class Site {
'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
'$banner' => array('banner', t("Banner/Logo"), $banner, ""),
'$admininfo' => array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators. Displayed on siteinfo page. BBCode can be used here")),
'$siteinfo' => array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site. Displayed on siteinfo page. BBCode can be used here")),
'$language' => array('language', t("System language"), get_config('system','language'), "", $lang_choices),
'$theme' => array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
'$theme_mobile' => array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
// '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
'$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')),
// '$site_channel' => array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
'$feed_contacts' => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')),
'$maximagesize' => array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
'$register_policy' => array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices),
'$invite_only' => array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")),
@ -302,9 +295,9 @@ class Site {
'$disable_discover_tab' => array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')),
'$login_on_homepage' => array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
'$enable_context_help' => array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),
'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
'$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
'$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
'$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
@ -316,8 +309,5 @@ class Site {
'$form_security_token' => get_form_security_token("admin_site"),
));
}
}

32
Zotlabs/Module/Api.php
View File

@ -3,10 +3,22 @@ namespace Zotlabs\Module;
require_once('include/api.php');
class Api extends \Zotlabs\Web\Controller {
function init() {
zot_api_init();
api_register_func('api/client/register', 'api_client_register', false);
api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
$args = [];
call_hooks('api_register',$args);
return;
}
function post() {
if(! local_channel()) {
notice( t('Permission denied.') . EOL);
@ -17,13 +29,13 @@ class Api extends \Zotlabs\Web\Controller {
function get() {
if(\App::$cmd=='api/oauth/authorize'){
if(\App::$cmd === 'api/oauth/authorize'){
/*
* api/oauth/authorize interact with the user. return a standard page
*/
\App::$page['template'] = "minimal";
\App::$page['template'] = 'minimal';
// get consumer/client from request token
try {
@ -42,8 +54,8 @@ class Api extends \Zotlabs\Web\Controller {
$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
$verifier = md5($app['secret'].local_channel());
set_config("oauth", $verifier, local_channel());
$verifier = md5($app['secret'] . local_channel());
set_config('oauth', $verifier, local_channel());
if($consumer->callback_url != null) {
@ -78,11 +90,11 @@ class Api extends \Zotlabs\Web\Controller {
$tpl = get_markup_template('oauth_authorize.tpl');
$o = replace_macros($tpl, array(
'$title' => t('Authorize application connection'),
'$app' => $app,
'$title' => t('Authorize application connection'),
'$app' => $app,
'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
'$yes' => t('Yes'),
'$no' => t('No'),
'$yes' => t('Yes'),
'$no' => t('No'),
));
//echo "<pre>"; var_dump($app); killme();

4
Zotlabs/Module/Cal.php
View File

@ -109,7 +109,7 @@ class Cal extends \Zotlabs\Web\Controller {
/* edit/create form */
if($event_id) {
$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($event_id),
intval($channel['channel_id'])
);
@ -228,7 +228,7 @@ class Cal extends \Zotlabs\Web\Controller {
$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
from event left join item on event_hash = resource_id
where resource_type = 'event' and event.uid = %d $ignored
where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored
AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )
OR ( adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) $sql_extra ",
intval($channel['channel_id']),

68
Zotlabs/Module/Channel.php
View File

@ -1,6 +1,6 @@
<?php
namespace Zotlabs\Module;
namespace Zotlabs\Module;
require_once('include/contact_widgets.php');
require_once('include/items.php');
@ -10,6 +10,10 @@ require_once('include/conversation.php');
require_once('include/acl_selectors.php');
require_once('include/permissions.php');
/**
* @brief Channel Controller
*
*/
class Channel extends \Zotlabs\Web\Controller {
function init() {
@ -34,7 +38,7 @@ class Channel extends \Zotlabs\Web\Controller {
if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
$which = $channel['channel_address'];
$profile = argv(1);
$profile = argv(1);
}
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Posts and comments') . '" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n" ;
@ -48,12 +52,10 @@ class Channel extends \Zotlabs\Web\Controller {
// we start loading content
profile_load($which,$profile);
}
function get($update = 0, $load = false) {
if($load)
$_SESSION['loadtime'] = datetime_convert();
@ -66,12 +68,13 @@ class Channel extends \Zotlabs\Web\Controller {
$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
if(observer_prohibited(true)) {
if(observer_prohibited(true)) {
return login();
}
$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
$groups = array();
@ -108,15 +111,17 @@ class Channel extends \Zotlabs\Web\Controller {
if(! $update) {
$static = channel_manual_conv_update(\App::$profile['profile_uid']);
$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
if($channel && $is_owner) {
$channel_acl = array(
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'allow_cid' => $channel['channel_allow_cid'],
'allow_gid' => $channel['channel_allow_gid'],
'deny_cid' => $channel['channel_deny_cid'],
'deny_gid' => $channel['channel_deny_gid']
);
}
@ -143,9 +148,9 @@ class Channel extends \Zotlabs\Web\Controller {
'bbco_autocomplete' => 'bbcode',
'bbcode' => true,
'jotnets' => true
);
);
$o .= status_editor($a,$x);
$o .= status_editor($a,$x);
}
}
@ -168,12 +173,15 @@ class Channel extends \Zotlabs\Web\Controller {
$simple_update = (($update) ? " AND item_unseen = 1 " : '');
\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
if($update && $_SESSION['loadtime'])
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
if($load)
$simple_update = '';
if($static && $simple_update)
$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
if(($update) && (! $load)) {
if($mid) {
@ -183,9 +191,9 @@ class Channel extends \Zotlabs\Web\Controller {
intval(\App::$profile['profile_uid'])
);
$_SESSION['loadtime'] = datetime_convert();
}
}
else {
$r = q("SELECT distinct parent AS `item_id`, created from item
$r = q("SELECT distinct parent AS item_id, created from item
left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
WHERE uid = %d $item_normal
AND item_wall = 1 $simple_update
@ -201,10 +209,10 @@ class Channel extends \Zotlabs\Web\Controller {
else {
if(x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if(x($hashtags)) {
$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
}
if($datequery) {
@ -228,10 +236,9 @@ class Channel extends \Zotlabs\Web\Controller {
if (! $r) {
notice( t('Permission denied.') . EOL);
}
}
}
else {
$r = q("SELECT distinct id AS item_id, created FROM item
$r = q("SELECT distinct id AS item_id, created FROM item
left join abook on item.author_xchan = abook.abook_xchan
WHERE uid = %d $item_normal
AND item_wall = 1 and item_thread_top = 1
@ -250,11 +257,11 @@ class Channel extends \Zotlabs\Web\Controller {
if($r) {
$parents_str = ids_to_querystr($r,'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id`
FROM `item`
WHERE `item`.`uid` = %d $item_normal
AND `item`.`parent` IN ( %s )
$items = q("SELECT item.*, item.id AS item_id
FROM item
WHERE item.uid = %d $item_normal
AND item.parent IN ( %s )
$sql_extra ",
intval(\App::$profile['profile_uid']),
dbesc($parents_str)
@ -270,8 +277,7 @@ class Channel extends \Zotlabs\Web\Controller {
notice( t('Permission denied.') . EOL);
}
}
else {
} else {
$items = array();
}
@ -285,7 +291,7 @@ class Channel extends \Zotlabs\Web\Controller {
$maxheight = 400;
$o .= '<div id="live-channel"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . \App::$profile['profile_uid']
$o .= "<script> var profile_uid = " . \App::$profile['profile_uid']
. "; var netargs = '?f='; var profile_page = " . \App::$pager['page']
. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
@ -304,6 +310,7 @@ class Channel extends \Zotlabs\Web\Controller {
'$nouveau' => '0',
'$wall' => '1',
'$fh' => '0',
'$static' => $static,
'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
'$search' => '',
'$order' => '',
@ -317,7 +324,6 @@ class Channel extends \Zotlabs\Web\Controller {
'$dbegin' => $datequery2
));
}
$update_unseen = '';
@ -325,10 +331,10 @@ class Channel extends \Zotlabs\Web\Controller {
if($page_mode === 'list') {
/**
* in "list mode", only mark the parent item and any like activities as "seen".
* in "list mode", only mark the parent item and any like activities as "seen".
* We won't distinguish between comment likes and post likes. The important thing
* is that the number of unseen comments will be accurate. The SQL to separate the
* comment likes could also get somewhat hairy.
* comment likes could also get somewhat hairy.
*/
if($parents_str) {
@ -351,7 +357,7 @@ class Channel extends \Zotlabs\Web\Controller {
if($checkjs->disabled()) {
$o .= conversation($a,$items,'channel',$update,'traditional');
}
}
else {
$o .= conversation($a,$items,'channel',$update,$page_mode);
}
@ -362,7 +368,7 @@ class Channel extends \Zotlabs\Web\Controller {
\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
}
if($mid)
if($mid)
$o .= '<div id="content-complete"></div>';
return $o;

76
Zotlabs/Module/Chanview.php
View File

@ -58,7 +58,9 @@ class Chanview extends \Zotlabs\Web\Controller {
}
logger('mod_chanview: constructed address ' . print_r($matches,true));
}
$r = null;
if($_REQUEST['address']) {
$j = \Zotlabs\Zot\Finger::run($_REQUEST['address'],null);
if($j['success']) {
@ -66,40 +68,74 @@ class Chanview extends \Zotlabs\Web\Controller {
$r = q("select * from xchan where xchan_addr = '%s' limit 1",
dbesc($_REQUEST['address'])
);
if($r)
if($r) {
\App::$poi = $r[0];
}
}
if(! $r) {
if(discover_by_webbie($_REQUEST['address'])) {
$r = q("select * from xchan where xchan_addr = '%s' limit 1",
dbesc($_REQUEST['address'])
);
if($r) {
\App::$poi = $r[0];
}
}
}
}
}
if(! \App::$poi) {
// We don't know who this is, and we can't figure it out from the URL
// On the plus side, there's a good chance we know somebody else at that
// hub so sending them there with a Zid will probably work anyway.
// We don't know who this is, and we can't figure it out from the URL
// On the plus side, there's a good chance we know somebody else at that
// hub so sending them there with a Zid will probably work anyway.
$url = ($_REQUEST['url']);
if(! $url) {
notice( t('Channel not found.') . EOL);
return;
}
if($observer)
$url = zid($url);
}
$is_zot = false;
if (\App::$poi) {
$url = \App::$poi['xchan_url'];
if($observer)
$url = zid($url);
$url = \App::$poi['xchan_url'];
if(\App::$poi['xchan_network'] === 'zot') {
$is_zot = true;
}
}
// let somebody over-ride the iframed viewport presentation
// or let's just declare this a failed experiment.
// We will load the chanview template if it's a foreign network,
// just so that we can provide a connect button along with a profile
// photo. Chances are we can't load the remote profile into an iframe
// because of cross-domain security headers. So provide a link to
// the remote profile.
// Zot channels will usually have a connect link.
// If it isn't zot, 'pro' members won't be able to use the connect
// button as it is a foreign network so just send them to the remote
// profile.
// if((! local_channel()) || (get_pconfig(local_channel(),'system','chanview_full')))
goaway($url);
// $o = replace_macros(get_markup_template('chanview.tpl'),array(
// '$url' => $url,
// '$full' => t('toggle full screen mode')
// ));
// return $o;
if($is_zot || \Zotlabs\Lib\System::get_server_role() === 'pro') {
if($is_zot && $observer) {
$url = zid($url);
}
goaway($url);
}
else {
$o = replace_macros(get_markup_template('chanview.tpl'),array(
'$url' => $url,
'$full' => t('toggle full screen mode')
));
return $o;
}
}
}

51
Zotlabs/Module/Cloud.php
View File

@ -1,7 +1,7 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/cloud.php
* @file Zotlabs/Module/Cloud.php
* @brief Initialize Hubzilla's cloud (SabreDAV).
*
* Module for accessing the DAV storage area.
@ -17,34 +17,35 @@ require_once('include/attach.php');
/**
* @brief Fires up the SabreDAV server.
* @brief Cloud Module.
*
* @param App &$a
*/
class Cloud extends \Zotlabs\Web\Controller {
/**
* @brief Fires up the SabreDAV server.
*
*/
function init() {
if (! is_dir('store'))
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
$which = null;
if (argc() > 1)
$which = argv(1);
$profile = 0;
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
if ($which)
profile_load( $which, $profile);
$auth = new \Zotlabs\Storage\BasicAuth();
$ob_hash = get_observer_hash();
if ($ob_hash) {
if (local_channel()) {
$channel = \App::get_channel();
@ -57,40 +58,40 @@ class Cloud extends \Zotlabs\Web\Controller {
}
$auth->observer = $ob_hash;
}
if ($_GET['davguest'])
$_SESSION['davguest'] = true;
$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
// A SabreDAV server-object
$server = new SDAV\Server($rootDirectory);
// prevent overwriting changes each other with a lock backend
$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
$server->addPlugin($lockPlugin);
$is_readable = false;
// provide a directory view for the cloud in Hubzilla
$browser = new \Zotlabs\Storage\Browser($auth);
$auth->setBrowserPlugin($browser);
$server->addPlugin($browser);
// Experimental QuotaPlugin
// require_once('\Zotlabs\Storage/QuotaPlugin.php');
// $server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
ob_start();
// All we need to do now, is to fire up the server
$server->exec();
@ -99,5 +100,5 @@ class Cloud extends \Zotlabs\Web\Controller {
killme();
}
}

4
Zotlabs/Module/Connect.php
View File

@ -29,7 +29,7 @@ class Connect extends \Zotlabs\Web\Controller {
profile_load($which,'');
}
function post() {
function post() {
if(! array_key_exists('channel', \App::$data))
return;
@ -78,7 +78,7 @@ class Connect extends \Zotlabs\Web\Controller {
function get() {
function get() {
$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);

57
Zotlabs/Module/Connedit.php
View File

@ -41,11 +41,13 @@ class Connedit extends \Zotlabs\Web\Controller {
}
}
$channel = \App::get_channel();
if($channel)
head_set_icon($channel['xchan_photo_s']);
}
/* @brief Evaluate posted values and set changes
*
@ -96,7 +98,7 @@ class Connedit extends \Zotlabs\Web\Controller {
$profile_id = $_POST['profile_assign'];
if($profile_id) {
$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND uid = %d LIMIT 1",
dbesc($profile_id),
intval(local_channel())
);
@ -396,6 +398,7 @@ class Connedit extends \Zotlabs\Web\Controller {
return login();
}
$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
$channel = \App::get_channel();
$my_perms = get_channel_default_perms(local_channel());
$role = get_pconfig(local_channel(),'system','permissions_role');
@ -448,7 +451,7 @@ class Connedit extends \Zotlabs\Web\Controller {
}
if($cmd === 'resetphoto') {
q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s' limit 1",
q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s'",
dbesc($orig_record[0]['xchan_hash'])
);
$cmd = 'refresh';
@ -521,11 +524,12 @@ class Connedit extends \Zotlabs\Web\Controller {
if($cmd === 'drop') {
// FIXME
// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
// in the background there could be a race condition preventing this packet from being sent in all cases.
// PLACEHOLDER
// @FIXME
// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier
// runs in the background there could be a race condition preventing this packet from being sent in all
// cases.
// PLACEHOLDER
contact_remove(local_channel(), $orig_record[0]['abook_id']);
build_sync_packet(0 /* use the current local_channel */,
@ -545,9 +549,33 @@ class Connedit extends \Zotlabs\Web\Controller {
if(\App::$poi) {
$abook_prev = 0;
$abook_next = 0;
$contact_id = \App::$poi['abook_id'];
$contact = \App::$poi;
$cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 order by xchan_name",
intval(local_channel())
);
if($cn) {
$pntotal = count($cn);
for($x = 0; $x < $pntotal; $x ++) {
if($cn[$x]['abook_id'] == $contact_id) {
if($x === 0)
$abook_prev = 0;
else
$abook_prev = $cn[$x - 1]['abook_id'];
if($x === $pntotal)
$abook_next = 0;
else
$abook_next = $cn[$x +1]['abook_id'];
}
}
}
$tools = array(
'view' => array(
@ -614,8 +642,10 @@ class Connedit extends \Zotlabs\Web\Controller {
$self = false;
if(intval($contact['abook_self']))
if(intval($contact['abook_self'])) {
$self = true;
$abook_prev = $abook_next = 0;
}
$tpl = get_markup_template("abook_edit.tpl");
@ -750,6 +780,7 @@ class Connedit extends \Zotlabs\Web\Controller {
'$header' => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
'$autoperms' => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no),
'$addr' => $contact['xchan_addr'],
'$section' => $section,
'$addr_text' => t('This connection\'s primary address is'),
'$loc_text' => t('Available locations:'),
'$locstr' => $locstr,
@ -791,7 +822,8 @@ class Connedit extends \Zotlabs\Web\Controller {
'$multiprofs' => $multiprofs,
'$contact_id' => $contact['abook_id'],
'$name' => $contact['xchan_name'],
'$abook_prev' => $abook_prev,
'$abook_next' => $abook_next
));
$arr = array('contact' => $contact,'output' => $o);
@ -800,9 +832,6 @@ class Connedit extends \Zotlabs\Web\Controller {
return $arr['output'];
}
}
}
}

2
Zotlabs/Module/Contactgroup.php
View File

@ -23,7 +23,7 @@ class Contactgroup extends \Zotlabs\Web\Controller {
if((argc() > 1) && (intval(argv(1)))) {
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
intval(argv(1)),
intval(local_channel())
);

6
Zotlabs/Module/Cover_photo.php
View File

@ -88,7 +88,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
if($r) {
$base_image = $r[0];
$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents($base_image['content']) : dbunescbin($base_image['content']));
$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
$im = photo_factory($base_image['content'], $base_image['mimetype']);
if($im->is_valid()) {
@ -309,7 +309,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
$havescale = true;
}
$r = q("SELECT `content`, `mimetype`, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
intval($r[0]['id']),
intval(local_channel())
@ -320,7 +320,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
}
if(intval($r[0]['os_storage']))
$data = @file_get_contents($r[0]['content']);
$data = @file_get_contents(dbunescbin($r[0]['content']));
else
$data = dbunescbin($r[0]['content']);

40
Zotlabs/Module/Dav.php
View File

@ -1,31 +1,26 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/dav.php
* @file Zotlabs/Module/Dav.php
* @brief Initialize Hubzilla's cloud (SabreDAV).
*
* Module for accessing the DAV storage area from a DAV client.
*/
namespace Zotlabs\Module;
use \Sabre\DAV as SDAV;
use \Zotlabs\Storage;
// composer autoloader for SabreDAV
require_once('vendor/autoload.php');
require_once('include/attach.php');
/**
* @brief Fires up the SabreDAV server.
*
* @param App &$a
*/
class Dav extends \Zotlabs\Web\Controller {
/**
* @brief Fires up the SabreDAV server.
*
*/
function init() {
// workaround for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
@ -47,16 +42,16 @@ class Dav extends \Zotlabs\Web\Controller {
if (! is_dir('store'))
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
if (argc() > 1)
profile_load(argv(1),0);
$auth = new \Zotlabs\Storage\BasicAuth();
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
// A SabreDAV server-object
$server = new SDAV\Server($rootDirectory);
@ -68,21 +63,20 @@ class Dav extends \Zotlabs\Web\Controller {
// prevent overwriting changes each other with a lock backend
$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// provide a directory view for the cloud in Hubzilla
$browser = new \Zotlabs\Storage\Browser($auth);
$auth->setBrowserPlugin($browser);
// Experimental QuotaPlugin
// require_once('Zotlabs/Storage/QuotaPlugin.php');
// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
// All we need to do now, is to fire up the server
$server->exec();
killme();
}
}

1
Zotlabs/Module/Directory.php
View File

@ -1,4 +1,5 @@
<?php
namespace Zotlabs\Module;
require_once('include/socgraph.php');

8
Zotlabs/Module/Dirsearch.php
View File

@ -12,7 +12,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
}
function get() {
function get() {
$ret = array('success' => false);
@ -185,7 +185,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
else {
$qlimit = " LIMIT " . intval($perpage) . " OFFSET " . intval($startrec);
if($return_total) {
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
$r = q("SELECT COUNT(xchan_hash) AS total FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
if($r) {
$ret['total_items'] = $r[0]['total'];
}
@ -457,6 +457,6 @@ class Dirsearch extends \Zotlabs\Web\Controller {
}
}
return $ret;
}
}
}

22
Zotlabs/Module/Display.php
View File

@ -121,6 +121,8 @@ class Display extends \Zotlabs\Web\Controller {
return '';
}
}
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
$simple_update = (($update) ? " AND item_unseen = 1 " : '');
@ -130,10 +132,13 @@ class Display extends \Zotlabs\Web\Controller {
if($load)
$simple_update = '';
if($static && $simple_update)
$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
if((! $update) && (! $load)) {
$static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
$o .= '<div id="live-display"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
@ -154,6 +159,7 @@ class Display extends \Zotlabs\Web\Controller {
'$fh' => '0',
'$nouveau' => '0',
'$wall' => '0',
'$static' => $static,
'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$search' => '',
@ -214,8 +220,8 @@ class Display extends \Zotlabs\Web\Controller {
$r = q("SELECT * from item
WHERE mid = '%s'
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d )
$sql_extra )
@ -258,8 +264,8 @@ class Display extends \Zotlabs\Web\Controller {
$r = q("SELECT * from item
WHERE mid = '%s'
AND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
AND (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
OR uid = %d )
$sql_extra )
@ -282,8 +288,8 @@ class Display extends \Zotlabs\Web\Controller {
$parents_str = ids_to_querystr($r,'id');
if($parents_str) {
$items = q("SELECT `item`.*, `item`.`id` AS `item_id`
FROM `item`
$items = q("SELECT item.*, item.id AS item_id
FROM item
WHERE parent in ( %s ) $item_normal ",
dbesc($parents_str)
);
@ -321,7 +327,7 @@ class Display extends \Zotlabs\Web\Controller {
/*
elseif((! $update) && (! {
$r = q("SELECT `id`, item_flags FROM `item` WHERE `id` = '%s' OR `mid` = '%s' LIMIT 1",
$r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1",
dbesc($item_hash),
dbesc($item_hash)
);

8
Zotlabs/Module/Dreport.php
View File

@ -21,10 +21,11 @@ class Dreport extends \Zotlabs\Web\Controller {
$table = 'push';
$mid = ((argc() > 2) ? argv(2) : '');
if($mid) {
$i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d",
$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
dbesc($mid),
intval($channel['channel_id']),
dbesc($channel['channel_hash']),
intval($channel['channel_id'])
dbesc($channel['channel_hash'])
);
if($i) {
\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]);
@ -47,8 +48,9 @@ class Dreport extends \Zotlabs\Web\Controller {
switch($table) {
case 'item':
$i = q("select id from item where mid = '%s' and author_xchan = '%s' ",
$i = q("select id from item where mid = '%s' and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
dbesc($mid),
dbesc($channel['channel_hash']),
dbesc($channel['channel_hash'])
);
break;

2
Zotlabs/Module/Editblock.php
View File

@ -80,7 +80,7 @@ class Editblock extends \Zotlabs\Web\Controller {
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
intval($post_id),
intval($owner)
);

2
Zotlabs/Module/Editlayout.php
View File

@ -91,7 +91,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
intval($post_id),
intval($owner)
);

3
Zotlabs/Module/Editpost.php
View File

@ -25,7 +25,7 @@ class Editpost extends \Zotlabs\Web\Controller {
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
$itm = q("SELECT * FROM item WHERE id = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
intval($post_id),
dbesc(get_observer_hash()),
dbesc(get_observer_hash())
@ -85,6 +85,7 @@ class Editpost extends \Zotlabs\Web\Controller {
'hide_voting' => true,
'hide_future' => true,
'hide_location' => true,
'parent' => (($itm[0]['mid'] === $itm[0]['parent_mid']) ? 0 : $itm[0]['parent']),
'mimetype' => $itm[0]['mimetype'],
'ptyp' => $itm[0]['obj_type'],
'body' => htmlspecialchars_decode(undo_post_tagging($itm[0]['body']),ENT_COMPAT),

2
Zotlabs/Module/Editwebpage.php
View File

@ -95,7 +95,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
$sql_extra = item_permissions_sql($owner);
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
$itm = q("SELECT * FROM item WHERE id = %d and uid = %s $sql_extra LIMIT 1",
intval($post_id),
intval($owner)
);

218
Zotlabs/Module/Embedphotos.php
View File

@ -1,99 +1,96 @@
<?php
namespace Zotlabs\Module;
/**
* @brief
*
* This is the POST destination for the embedphotos button
*
*/
*/
class Embedphotos extends \Zotlabs\Web\Controller {
function get() {
}
/**
*
* This is the POST destination for the embedphotos button
*
*/
function post() {
if (argc() > 1 && argv(1) === 'album') {
// API: /embedphotos/album
$name = (x($_POST,'name') ? $_POST['name'] : null );
if (!$name) {
json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false));
}
$album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name));
json_return_and_die(array('status' => true, 'content' => $album));
}
if (argc() > 1 && argv(1) === 'albumlist') {
// API: /embedphotos/albumlist
$album_list = $this->embedphotos_album_list($a);
json_return_and_die(array('status' => true, 'albumlist' => $album_list));
}
if (argc() > 1 && argv(1) === 'photolink') {
// API: /embedphotos/photolink
$href = (x($_POST,'href') ? $_POST['href'] : null );
if (!$href) {
json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false));
}
$resource_id = array_pop(explode("/", $href));
$r = q("SELECT obj,body from item where resource_type = 'photo' and resource_id = '%s' limit 1",
dbesc($resource_id)
);
if(!$r) {
json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
}
$obj = json_decode($r[0]['obj'], true);
if(x($obj,'body')) {
$photolink = $obj['body'];
} elseif (x($obj,'bbcode')) {
$photolink = $obj['bbcode'];
} elseif ($r[0]['body'] !== '') {
$photolink = $r[0]['body'];
} else {
json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
}
json_return_and_die(array('status' => true, 'photolink' => $photolink));
}
if (argc() > 1 && argv(1) === 'album') {
// API: /embedphotos/album
$name = (x($_POST,'name') ? $_POST['name'] : null );
if(!$name) {
json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false));
}
$album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name));
json_return_and_die(array('status' => true, 'content' => $album));
}
if(argc() > 1 && argv(1) === 'albumlist') {
// API: /embedphotos/albumlist
$album_list = $this->embedphotos_album_list($a);
json_return_and_die(array('status' => true, 'albumlist' => $album_list));
}
if(argc() > 1 && argv(1) === 'photolink') {
// API: /embedphotos/photolink
$href = (x($_POST,'href') ? $_POST['href'] : null );
if(!$href) {
json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false));
}
$resource_id = array_pop(explode("/", $href));
$r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1",
dbesc($resource_id)
);
if(!$r) {
json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
}
$obj = json_decode($r[0]['obj'], true);
if(x($obj,'body')) {
$photolink = $obj['body'];
} elseif (x($obj,'bbcode')) {
$photolink = $obj['bbcode'];
} else {
json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
}
json_return_and_die(array('status' => true, 'photolink' => $photolink));
}
}
/**
* Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
* the input array as in widget_item()
* @param type $name
* @return string
*/
function embedphotos_widget_album($args) {
$channel_id = 0;
if(array_key_exists('channel',$args))
$channel = $args['channel'];
$channel_id = intval($channel['channel_id']);
if(! $channel_id)
$channel_id = \App::$profile_uid;
if(! $channel_id)
return '';
/**
* Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
* the input array as in widget_item()
*
* @param array $args
* @return string with HTML
*/
function embedphotos_widget_album($args) {
$channel_id = 0;
if(array_key_exists('channel', $args))
$channel = $args['channel'];
$channel_id = intval($channel['channel_id']);
if(! $channel_id)
$channel_id = \App::$profile_uid;
if(! $channel_id)
return '';
$owner_uid = $channel_id;
require_once('include/security.php');
$sql_extra = permissions_sql($channel_id);
require_once('include/security.php');
$sql_extra = permissions_sql($channel_id);
if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage'))
return '';
if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage'))
return '';
if($args['album'])
$album = (($args['album'] === '/') ? '' : $args['album'] );
if($args['title'])
$title = $args['title'];
if($args['album'])
$album = $args['album'];
if($args['title'])
$title = $args['title'];
/**
/**
* This may return incorrect permissions if you have multiple directories of the same name.
* It is a limitation of the photo table using a name for a photo album instead of a folder hash
*/
if($album) {
$x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
dbesc($album),
@ -109,34 +106,33 @@ function embedphotos_widget_album($args) {
$order = 'DESC';
$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN
(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph
(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph
ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)
ORDER BY created $order",
intval($owner_uid),
dbesc($album),
intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE)
ORDER BY created $order",
intval($owner_uid),
dbesc($album),
intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE)
);
$photos = array();
if(count($r)) {
$twist = 'rotright';
foreach($r as $rr) {
if($twist == 'rotright')
$twist = 'rotleft';
else
$twist = 'rotright';
$ext = $phototypes[$rr['mimetype']];
$imgalt_e = $rr['filename'];
$desc_e = $rr['description'];
$imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id']
if(count($r)) {
$twist = 'rotright';
foreach($r as $rr) {
if($twist == 'rotright')
$twist = 'rotleft';
else
$twist = 'rotright';
$ext = $phototypes[$rr['mimetype']];
$imgalt_e = $rr['filename'];
$desc_e = $rr['description'];
$imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id']
. (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''));
$photos[] = array(
$photos[] = array(
'id' => $rr['id'],
'twist' => ' ' . $twist . rand(2,4),
'link' => $imagelink,
@ -148,8 +144,8 @@ function embedphotos_widget_album($args) {
'hash'=> $rr['resource_id'],
'unknown' => t('Unknown')
);
}
}
}
$tpl = get_markup_template('photo_album.tpl');
$o .= replace_macros($tpl, array(
@ -165,18 +161,16 @@ function embedphotos_widget_album($args) {
));
return $o;
}
}
function embedphotos_album_list($a) {
$o = '';
require_once('include/photos.php');
$p = photos_albums_list(\App::get_channel(), \App::get_observer());
if ($p['success']) {
return $p['albums'];
} else {
return null;
}
}
function embedphotos_album_list($a) {
require_once('include/photos.php');
$p = photos_albums_list(\App::get_channel(), \App::get_observer());
if($p['success']) {
return $p['albums'];
} else {
return null;
}
}
}

43
Zotlabs/Module/Events.php
View File

@ -57,9 +57,6 @@ class Events extends \Zotlabs\Web\Controller {
$start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute);
}
if($nofinish) {
$finish = NULL_DATE;
}
if($finish_text) {
$finish = $finish_text;
@ -67,6 +64,11 @@ class Events extends \Zotlabs\Web\Controller {
else {
$finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute);
}
if($nofinish) {
$finish = NULL_DATE;
}
if($adjust) {
$start = datetime_convert(date_default_timezone_get(),'UTC',$start);
@ -118,8 +120,10 @@ class Events extends \Zotlabs\Web\Controller {
goaway($onerror_url);
}
$share = ((intval($_POST['distr'])) ? intval($_POST['distr']) : 0);
// $share = ((intval($_POST['distr'])) ? intval($_POST['distr']) : 0);
$share = 1;
$channel = \App::get_channel();
$acl = new \Zotlabs\Access\AccessList(false);
@ -207,7 +211,6 @@ class Events extends \Zotlabs\Web\Controller {
$event = event_store_event($datarray);
if($post_tags)
$datarray['term'] = $post_tags;
@ -336,7 +339,7 @@ class Events extends \Zotlabs\Web\Controller {
/* edit/create form */
if($event_id) {
$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($event_id),
intval(local_channel())
);
@ -438,8 +441,6 @@ class Events extends \Zotlabs\Web\Controller {
$permissions = ((x($orig_event)) ? $orig_event : $perm_defaults);
//print_r(acl2json($permissions['allow_gid'])); killme();
$tpl = get_markup_template('event_form.tpl');
$form = replace_macros($tpl,array(
@ -467,9 +468,6 @@ class Events extends \Zotlabs\Web\Controller {
'$l_text' => (($event_id) ? t('Edit Location') : t('Location')),
'$l_orig' => $l_orig,
'$t_orig' => $t_orig,
'$sh_text' => t('Share this event'),
'$sh_checked' => $sh_checked,
'$share' => array('distr', t('Share this event'), $sh_checked, '', array(t('No'),t('Yes'))),
'$preview' => t('Preview'),
'$perms_label' => t('Permission settings'),
// populating the acl dialog was a permission description from view_stream because Cal.php, which
@ -481,6 +479,8 @@ class Events extends \Zotlabs\Web\Controller {
'$deny_cid' => acl2json($permissions['deny_cid']),
'$deny_gid' => acl2json($permissions['deny_gid']),
'$lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'),
'$submit' => t('Submit'),
'$advanced' => t('Advanced Options')
@ -545,8 +545,8 @@ class Events extends \Zotlabs\Web\Controller {
);
} elseif($export) {
$r = q("SELECT * from event where uid = %d
AND (( `adjust` = 0 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' )
OR ( `adjust` = 1 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' )) ",
AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )
OR ( adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
intval(local_channel()),
dbesc($start),
dbesc($finish),
@ -559,10 +559,10 @@ class Events extends \Zotlabs\Web\Controller {
// There's still an issue if the finish date crosses the end of month.
// Noting this for now - it will need to be fixed here and in Friendica.
// Ultimately the finish date shouldn't be involved in the query.
$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
from event left join item on event_hash = resource_id
where resource_type = 'event' and event.uid = %d $ignored
where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored
AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )
OR ( adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
intval(local_channel()),
@ -571,7 +571,6 @@ class Events extends \Zotlabs\Web\Controller {
dbesc($adjust_start),
dbesc($adjust_finish)
);
}
$links = array();
@ -609,6 +608,12 @@ class Events extends \Zotlabs\Web\Controller {
$end = null;
} else {
$end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c'));
// give a fake end to birthdays so they get crammed into a
// single day on the calendar
if($rr['etype'] === 'birthday')
$end = null;
}
@ -694,7 +699,7 @@ class Events extends \Zotlabs\Web\Controller {
}
if($mode === 'drop' && $event_id) {
$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($event_id),
intval(local_channel())
);
@ -702,7 +707,7 @@ class Events extends \Zotlabs\Web\Controller {
$sync_event = $r[0];
if($r) {
$r = q("delete from event where event_hash = '%s' and uid = %d limit 1",
$r = q("delete from event where event_hash = '%s' and uid = %d",
dbesc($event_id),
intval(local_channel())
);

12
Zotlabs/Module/Fbrowser.php
View File

@ -32,7 +32,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
$sql_extra2 = " ORDER BY created DESC LIMIT 0, 10";
if (\App::$argc==2){
$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ",
$albums = q("SELECT distinct(album) AS album FROM photo WHERE uid = %d ",
intval(local_channel())
);
// anon functions only from 5.3.0... meglio tardi che mai..
@ -43,14 +43,14 @@ class Fbrowser extends \Zotlabs\Web\Controller {
$album = "";
if (\App::$argc==3){
$album = hex2bin(\App::$argv[2]);
$sql_extra = sprintf("AND `album` = '%s' ",dbesc($album));
$sql_extra = sprintf("AND album = '%s' ",dbesc($album));
$sql_extra2 = "";
$path[]=array(z_root() . "/fbrowser/image/" . \App::$argv[2] . "/", $album);
}
$r = q("SELECT `resource_id`, `id`, `filename`, type, min(`imgscale`) AS `hiq`,max(`imgscale`) AS `loq`, `description`
FROM `photo` WHERE `uid` = %d $sql_extra
GROUP BY `resource_id` $sql_extra2",
$r = q("SELECT resource_id, id, filename, type, min(imgscale) AS hiq,max(imgscale) AS loq, description
FROM photo WHERE uid = %d $sql_extra
GROUP BY resource_id $sql_extra2",
intval(local_channel())
);
@ -70,7 +70,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
break;
case "file":
if (\App::$argc==2){
$files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ",
$files = q("SELECT id, filename, filetype FROM attach WHERE uid = %d ",
intval(local_channel())
);

2
Zotlabs/Module/File_upload.php
View File

@ -12,7 +12,7 @@ class File_upload extends \Zotlabs\Web\Controller {
// logger('file upload: ' . print_r($_REQUEST,true));
$channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null);
$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
if(! $channel) {
logger('channel not found');

74
Zotlabs/Module/Filestorage.php
View File

@ -1,7 +1,7 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/filestorage.php
* @file Zotlabs/Module/Filestorage.php
*
*/
@ -16,43 +16,43 @@ require_once('include/attach.php');
class Filestorage extends \Zotlabs\Web\Controller {
function post() {
$channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0);
if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) {
notice( t('Permission denied.') . EOL);
return;
}
$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
$resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : '');
$notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0);
if(! $resource) {
notice(t('Item not found.') . EOL);
return;
}
$channel = \App::get_channel();
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_REQUEST);
$x = $acl->get();
$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
//get the object before permissions change so we can catch eventual former allowed members
$object = get_file_activity_object($channel_id, $resource, $cloudPath);
attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
goaway($cloudPath);
}
function get() {
if(argc() > 1)
$which = argv(1);
else {
@ -60,7 +60,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
\App::$error = 404;
return;
}
$r = q("select * from channel where channel_address = '%s'",
dbesc($which)
);
@ -68,32 +68,32 @@ class Filestorage extends \Zotlabs\Web\Controller {
$channel = $r[0];
$owner = intval($r[0]['channel_id']);
}
$observer = \App::get_observer();
$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
$perms = get_all_perms($owner, $ob_hash);
if(! $perms['view_storage']) {
notice( t('Permission denied.') . EOL);
return;
}
// Since we have ACL'd files in the wild, but don't have ACL here yet, we
// need to return for anyone other than the owner, despite the perms check for now.
$is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false);
if(! $is_owner) {
info( t('Permission Denied.') . EOL );
return;
}
if(argc() > 3 && argv(3) === 'delete') {
if(! $perms['write_storage']) {
notice( t('Permission denied.') . EOL);
return;
}
$file = intval(argv(2));
$r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1",
dbesc($file),
@ -103,17 +103,17 @@ class Filestorage extends \Zotlabs\Web\Controller {
notice( t('File not found.') . EOL);
goaway(z_root() . '/cloud/' . $which);
}
$f = $r[0];
$channel = \App::get_channel();
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
attach_delete($owner, $f['hash']);
goaway($parentpath);
}
if(argc() > 3 && argv(3) === 'edit') {
require_once('include/acl_selectors.php');
if(! $perms['write_storage']) {
@ -121,23 +121,23 @@ class Filestorage extends \Zotlabs\Web\Controller {
return;
}
$file = intval(argv(2));
$r = q("select id, uid, folder, filename, revision, flags, is_dir, os_storage, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1",
intval($file),
intval($owner)
);
$f = $r[0];
$channel = \App::get_channel();
$cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : '');
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
$is_a_dir = (intval($f['is_dir']) ? true : false);
$lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock');
$lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock');
// Encode path that is used for link so it's a valid URL
// Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly
$encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath));
@ -167,12 +167,12 @@ class Filestorage extends \Zotlabs\Web\Controller {
'$link_btn_title' => t('Show URL to this file'),
'$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))),
));
echo $o;
killme();
}
goaway(z_root() . '/cloud/' . $which);
}
}

3
Zotlabs/Module/Follow.php
View File

@ -20,9 +20,6 @@ class Follow extends \Zotlabs\Web\Controller {
$channel = \App::get_channel();
// Warning: Do not edit the following line. The first symbol is UTF-8 &#65312;
$url = str_replace('@','@',$url);
$result = new_contact($uid,$url,$channel,true,$confirm);
if($result['success'] == false) {

10
Zotlabs/Module/Group.php
View File

@ -34,7 +34,7 @@ class Group extends \Zotlabs\Web\Controller {
if((argc() == 2) && (intval(argv(1)))) {
check_form_security_token_redirectOnErr('/group', 'group_edit');
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
intval(argv(1)),
intval(local_channel())
);
@ -48,7 +48,7 @@ class Group extends \Zotlabs\Web\Controller {
$public = intval($_POST['public']);
if((strlen($groupname)) && (($groupname != $group['gname']) || ($public != $group['visible']))) {
$r = q("UPDATE `groups` SET `gname` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d",
$r = q("UPDATE groups SET gname = '%s', visible = %d WHERE uid = %d AND id = %d",
dbesc($groupname),
intval($public),
intval(local_channel()),
@ -101,7 +101,7 @@ class Group extends \Zotlabs\Web\Controller {
check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
if(intval(argv(2))) {
$r = q("SELECT `gname` FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT gname FROM groups WHERE id = %d AND uid = %d LIMIT 1",
intval(argv(2)),
intval(local_channel())
);
@ -133,7 +133,7 @@ class Group extends \Zotlabs\Web\Controller {
if((argc() > 1) && (intval(argv(1)))) {
require_once('include/acl_selectors.php');
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
intval(argv(1)),
intval(local_channel())
);
@ -212,7 +212,7 @@ class Group extends \Zotlabs\Web\Controller {
group_rmv_member(local_channel(),$group['gname'],$member['xchan_hash']);
}
$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
intval(local_channel())
);

84
Zotlabs/Module/Help.php
View File

@ -1,66 +1,100 @@
<?php
namespace Zotlabs\Module;
require_once('include/help.php');
/**
* You can create local site resources in doc/Site.md and either link to doc/Home.md for the standard resources
* or use our include mechanism to include it on your local page.
*
*@code
* #include doc/Home.md;
*@endcode
*
* The syntax is somewhat strict.
*
* The syntax is somewhat strict.
*/
class Help extends \Zotlabs\Web\Controller {
function get() {
nav_set_selected('help');
if($_REQUEST['search']) {
$o .= '<div id="help-content" class="generic-content-wrapper">';
$o .= '<div class="section-title-wrapper">';
$o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
$o .= '</div>';
$o .= '<div class="section-content-wrapper">';
$r = search_doc_files($_REQUEST['search']);
if($r) {
$o .= '<ul class="help-searchlist">';
foreach($r as $rr) {
$dirname = dirname($rr['v']);
$fname = basename($rr['v']);
$fname = substr($fname,0,strrpos($fname,'.'));
$path = trim(substr($dirname,4),'/');
$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br />'
. '<b><i>' . 'help/' . (($path) ? $path . '/' : '') . $fname . '</i></b><br />' .
'...' . str_replace('$Projectname',\Zotlabs\Lib\System::get_platform_name(),$rr['text']) . '...<br /><br /></li>';
$fname = substr($fname, 0, strrpos($fname, '.'));
$path = trim(substr($dirname, 4), '/');
$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br>'
. '<b><i>' . 'help/' . (($path) ? $path . '/' : '') . $fname . '</i></b><br>'
. '...' . str_replace('$Projectname', \Zotlabs\Lib\System::get_platform_name(), $rr['text']) . '...<br><br></li>';
}
$o .= '</ul>';
$o .= '</div>';
$o .= '</div>';
}
return $o;
}
if(argc() > 2 && argv(argc()-2) === 'assets') {
$path = '';
for($x = 1; $x < argc(); $x ++) {
if(strlen($path))
$path .= '/';
$path .= argv($x);
}
$realpath = 'doc/' . $path;
//Set the content-type header as appropriate
$imageInfo = getimagesize($realpath);
switch ($imageInfo[2]) {
case IMAGETYPE_JPEG:
header("Content-Type: image/jpeg");
break;
case IMAGETYPE_GIF:
header("Content-Type: image/gif");
break;
case IMAGETYPE_PNG:
header("Content-Type: image/png");
break;
default:
break;
}
header("Content-Length: " . filesize($realpath));
$content = get_help_content();
// dump the picture and stop the script
readfile($realpath);
killme();
}
$headings = [
'about' => t('About'),
'member' => t('Members'),
'admin' => t('Administrators'),
'developer' => t('Developers'),
'tutorials' => t('Tutorials')
];
return replace_macros(get_markup_template("help.tpl"), array(
if(array_key_exists(argv(1), $headings))
$heading = $headings[argv(1)];
$content = get_help_content();
return replace_macros(get_markup_template('help.tpl'), array(
'$title' => t('$Projectname Documentation'),
'$content' => $content
'$tocHeading' => t('Contents'),
'$content' => $content,
'$heading' => $heading
));
}
}

63
Zotlabs/Module/Import.php
View File

@ -77,23 +77,27 @@ class Import extends \Zotlabs\Web\Controller {
$channelname = substr($old_address,0,strpos($old_address,'@'));
$servername = substr($old_address,strpos($old_address,'@')+1);
$scheme = 'https://';
$api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname;
$api_path = probe_api_path($servername);
if(! $api_path) {
notice( t('Unable to download data from old server') . EOL);
return;
}
$api_path .= 'channel/export/basic?f=&channel=' . $channelname;
if($import_posts)
$api_path .= '&posts=1';
$binary = false;
$redirects = 0;
$opts = array('http_auth' => $email . ':' . $password);
$url = $scheme . $servername . $api_path;
$ret = z_fetch_url($url, $binary, $redirects, $opts);
if(! $ret['success'])
$ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts);
if($ret['success'])
$ret = z_fetch_url($api_path, $binary, $redirects, $opts);
if($ret['success']) {
$data = $ret['body'];
else
}
else {
notice( t('Unable to download data from old server') . EOL);
return;
}
}
if(! $data) {
@ -294,15 +298,8 @@ class Import extends \Zotlabs\Web\Controller {
);
if($r)
continue;
dbesc_array($xchan);
$r = dbq("INSERT INTO xchan (`"
. implode("`, `", array_keys($xchan))
. "`) VALUES ('"
. implode("', '", array_values($xchan))
. "')" );
create_table_from_array('xchan',$xchan);
require_once('include/photo/photo_driver.php');
$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
@ -382,13 +379,8 @@ class Import extends \Zotlabs\Web\Controller {
continue;
}
dbesc_array($abook);
$r = dbq("INSERT INTO abook (`"
. implode("`, `", array_keys($abook))
. "`) VALUES ('"
. implode("', '", array_values($abook))
. "')" );
create_table_from_array('abook',$abook);
$friends ++;
if(intval($abook['abook_feed']))
$feeds ++;
@ -423,15 +415,11 @@ class Import extends \Zotlabs\Web\Controller {
unset($group['name']);
}
unset($group['id']);
$group['uid'] = $channel['channel_id'];
dbesc_array($group);
$r = dbq("INSERT INTO groups (`"
. implode("`, `", array_keys($group))
. "`) VALUES ('"
. implode("', '", array_values($group))
. "')" );
$group['uid'] = $channel['channel_id'];
create_table_from_array('groups',$group);
}
$r = q("select * from `groups` where uid = %d",
$r = q("select * from groups where uid = %d",
intval($channel['channel_id'])
);
if($r) {
@ -451,12 +439,7 @@ class Import extends \Zotlabs\Web\Controller {
if($x['old'] == $group_member['gid'])
$group_member['gid'] = $x['new'];
}
dbesc_array($group_member);
$r = dbq("INSERT INTO group_member (`"
. implode("`, `", array_keys($group_member))
. "`) VALUES ('"
. implode("', '", array_values($group_member))
. "')" );
create_table_from_array('group_member',$group_member);
}
}
logger('import step 9');

2
Zotlabs/Module/Invite.php
View File

@ -111,7 +111,7 @@ class Invite extends \Zotlabs\Web\Controller {
$invite_code = autoname(8) . rand(1000,9999);
$nmessage = str_replace('$invite_code',$invite_code,$message);
$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
$r = q("INSERT INTO register (hash,created) VALUES ('%s', '%s') ",
dbesc($invite_code),
dbesc(datetime_convert())
);

54
Zotlabs/Module/Item.php
View File

@ -126,6 +126,8 @@ class Item extends \Zotlabs\Web\Controller {
$ret = $this->item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
if (!$ret['success']) {
notice( t($ret['message']) . EOL) ;
if($api_source)
return ( [ 'success' => false, 'message' => 'service class exception' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -156,13 +158,13 @@ class Item extends \Zotlabs\Web\Controller {
$obj_type = ACTIVITY_OBJ_COMMENT;
if($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
intval($parent)
);
}
elseif($parent_mid && $uid) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d LIMIT 1",
dbesc($parent_mid),
intval($uid)
);
@ -172,7 +174,7 @@ class Item extends \Zotlabs\Web\Controller {
$parid = $r[0]['parent'];
$parent_mid = $r[0]['mid'];
if($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = parent AND parent = %d LIMIT 1",
intval($parid)
);
}
@ -180,6 +182,8 @@ class Item extends \Zotlabs\Web\Controller {
if(($r === false) || (! count($r))) {
notice( t('Unable to locate original post.') . EOL);
if($api_source)
return ( [ 'success' => false, 'message' => 'invalid post id' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -214,6 +218,8 @@ class Item extends \Zotlabs\Web\Controller {
if(! $can_comment) {
notice( t('Permission denied.') . EOL) ;
if($api_source)
return ( [ 'success' => false, 'message' => 'permission denied' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -222,6 +228,8 @@ class Item extends \Zotlabs\Web\Controller {
else {
if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) {
notice( t('Permission denied.') . EOL) ;
if($api_source)
return ( [ 'success' => false, 'message' => 'permission denied' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -246,7 +254,7 @@ class Item extends \Zotlabs\Web\Controller {
$iconfig = null;
if($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
$i = q("SELECT * FROM item WHERE uid = %d AND id = %d LIMIT 1",
intval($profile_uid),
intval($post_id)
);
@ -276,6 +284,8 @@ class Item extends \Zotlabs\Web\Controller {
if(! $channel) {
logger("mod_item: no channel.");
if($api_source)
return ( [ 'success' => false, 'message' => 'no channel' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -291,6 +301,8 @@ class Item extends \Zotlabs\Web\Controller {
}
else {
logger("mod_item: no owner.");
if($api_source)
return ( [ 'success' => false, 'message' => 'no owner' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -433,6 +445,8 @@ class Item extends \Zotlabs\Web\Controller {
if($preview)
killme();
info( t('Empty post discarded.') . EOL );
if($api_source)
return ( [ 'success' => false, 'message' => 'no content' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -473,6 +487,8 @@ class Item extends \Zotlabs\Web\Controller {
}
else {
notice( t('Executable content type not permitted to this channel.') . EOL);
if($api_source)
return ( [ 'success' => false, 'message' => 'forbidden content type' ] );
if(x($_REQUEST,'return'))
goaway(z_root() . "/" . $return_path );
killme();
@ -508,7 +524,7 @@ class Item extends \Zotlabs\Web\Controller {
// $body = escape_tags(trim($body));
// $body = str_replace("\n",'<br />', $body);
// $body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);
// $body = diaspora2bb($body,true);
// $body = markdown_to_bb($body,true);
// $body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
// }
@ -553,8 +569,8 @@ class Item extends \Zotlabs\Web\Controller {
$body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body);
$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", 'nakedoembed', $body);
$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", '\red_zrl_callback', $body);
$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\(\)]+)/ism", 'nakedoembed', $body);
$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,\(\)]+)/ism", '\red_zrl_callback', $body);
$body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body);
$body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body);
@ -863,7 +879,8 @@ class Item extends \Zotlabs\Web\Controller {
logger('mod_item: post cancelled by plugin or duplicate suppressed.');
if($return_path)
goaway(z_root() . "/" . $return_path);
if($api_source)
return ( [ 'success' => false, 'message' => 'operation cancelled' ] );
$json = array('cancel' => 1);
$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
echo json_encode($json);
@ -901,6 +918,8 @@ class Item extends \Zotlabs\Web\Controller {
$x = item_store_update($datarray,$execflag);
item_create_edit_activity($x);
if(! $parent) {
$r = q("select * from item where id = %d",
intval($post_id)
@ -914,6 +933,10 @@ class Item extends \Zotlabs\Web\Controller {
if(! $nopush)
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'edit_post', $post_id));
if($api_source)
return($x);
if((x($_REQUEST,'return')) && strlen($return_path)) {
logger('return: ' . $return_path);
goaway(z_root() . "/" . $return_path );
@ -988,8 +1011,11 @@ class Item extends \Zotlabs\Web\Controller {
else {
logger('mod_item: unable to retrieve post that was just stored.');
notice( t('System error. Post not saved.') . EOL);
goaway(z_root() . "/" . $return_path );
// NOTREACHED
if($return_path)
goaway(z_root() . "/" . $return_path );
if($api_source)
return ( [ 'success' => false, 'message' => 'system error' ] );
killme();
}
if(($parent) && ($parent != $post_id)) {
@ -1082,6 +1108,14 @@ class Item extends \Zotlabs\Web\Controller {
else {
// complex deletion that needs to propagate and be performed in phases
drop_item($i[0]['id'],true,DROPITEM_PHASE1);
$r = q("select * from item where id = %d",
intval($i[0]['id'])
);
if($r) {
xchan_query($r);
$sync_item = fetch_post_tags($r);
build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
}
tag_deliver($i[0]['uid'],$i[0]['id']);
}
}

2
Zotlabs/Module/Like.php
View File

@ -226,7 +226,7 @@ class Like extends \Zotlabs\Web\Controller {
$z[0]['deleted'] = 1;
build_sync_packet($ch[0]['channel_id'],array('likes' => $z));
q("delete from likes where id = %d limit 1",
q("delete from likes where id = %d",
intval($z[0]['id'])
);
if($z[0]['i_mid']) {

17
Zotlabs/Module/Linkinfo.php
View File

@ -13,7 +13,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
$text = null;
$str_tags = '';
$process_oembed = true;
$br = "\n";
@ -22,6 +22,11 @@ class Linkinfo extends \Zotlabs\Web\Controller {
else
$url = trim($_GET['url']);
if(substr($url,0,1) === '!') {
$process_oembed = false;
$url = substr($url,1);
}
$url = strip_zids($url);
if((substr($url,0,1) != '/') && (substr($url,0,4) != 'http'))
@ -91,10 +96,12 @@ class Linkinfo extends \Zotlabs\Web\Controller {
killme();
}
$x = oembed_process($url);
if($x) {
echo $x;
killme();
if($process_oembed) {
$x = oembed_process($url);
if($x) {
echo $x;
killme();
}
}
if($url && $title && $text) {

4
Zotlabs/Module/Lockview.php
View File

@ -102,7 +102,7 @@ class Lockview extends \Zotlabs\Web\Controller {
stringify_array_elms($deny_users,true);
if(count($allowed_groups)) {
$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
if($r)
foreach($r as $rr)
$l[] = '<li><b>' . $rr['gname'] . '</b></li>';
@ -121,7 +121,7 @@ class Lockview extends \Zotlabs\Web\Controller {
}
}
if(count($deny_groups)) {
$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
if($r)
foreach($r as $rr)
$l[] = '<li><b><strike>' . $rr['gname'] . '</strike></b></li>';

2
Zotlabs/Module/Locs.php
View File

@ -80,7 +80,7 @@ class Locs extends \Zotlabs\Web\Controller {
function get() {
function get() {
if(! local_channel()) {

20
Zotlabs/Module/Mail.php
View File

@ -83,10 +83,24 @@ class Mail extends \Zotlabs\Web\Controller {
linkify_tags($a, $body, local_channel());
if($preview) {
$mail = [
'mailbox' => 'outbox',
'id' => 0,
'mid' => 'M0',
'from_name' => $channel['xchan_name'],
'from_url' => $channel['xchan_url'],
'from_photo' => $channel['xchan_photo_s'],
'subject' => smilies(bbcode($subject)),
'body' => smilies(bbcode($body)),
'attachments' => '',
'can_recall' => false,
'is_recalled' => '',
'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c')
];
echo replace_macros(get_markup_template('mail_conv.tpl'), [ '$mail' => $mail ] );
killme();
}
if(! $recipient) {

6
Zotlabs/Module/Manage.php
View File

@ -93,9 +93,9 @@ class Manage extends \Zotlabs\Web\Controller {
$channels[$x]['mail'] = intval($mails[0]['total']);
$events = q("SELECT etype, dtstart, adjust FROM `event`
WHERE `event`.`uid` = %d AND dtstart < '%s' AND dtstart > '%s' and `dismissed` = 0
ORDER BY `dtstart` ASC ",
$events = q("SELECT etype, dtstart, adjust FROM event
WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0
ORDER BY dtstart ASC ",
intval($channels[$x]['channel_id']),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))

2
Zotlabs/Module/Match.php
View File

@ -25,7 +25,7 @@ class Match extends \Zotlabs\Web\Controller {
$o .= '<h2>' . t('Profile Match') . '</h2>';
$r = q("SELECT `keywords` FROM `profile` WHERE `is_default` = 1 AND `uid` = %d LIMIT 1",
$r = q("SELECT keywords FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1",
intval(local_channel())
);
if (! count($r))

47
Zotlabs/Module/Msearch.php
View File

@ -1,47 +0,0 @@
<?php
namespace Zotlabs\Module;
class Msearch extends \Zotlabs\Web\Controller {
function post() {
$perpage = (($_POST['n']) ? $_POST['n'] : 80);
$page = (($_POST['p']) ? intval($_POST['p'] - 1) : 0);
$startrec = (($page+1) * $perpage) - $perpage;
$search = $_POST['s'];
if(! strlen($search))
killme();
$r = q("SELECT COUNT(*) AS `total` FROM `profile` LEFT JOIN `user` ON `user`.`uid` = `profile`.`uid` WHERE `is_default` = 1 AND `user`.`hidewall` = 0 AND MATCH `keywords` AGAINST ('%s') ",
dbesc($search)
);
if(count($r))
$total = $r[0]['total'];
$r = q("SELECT `keywords`, `username`, `nickname`, `user`.`uid` FROM `user` LEFT JOIN `profile` ON `user`.`uid` = `profile`.`uid` WHERE `is_default` = 1 AND `user`.`hidewall` = 0 AND MATCH `keywords` AGAINST ('%s') LIMIT %d , %d ",
dbesc($search),
intval($startrec),
intval($perpage)
);
$results = array();
if(count($r)) {
foreach($r as $rr)
$results[] = array(
'name' => $rr['name'],
'url' => z_root() . '/channel/' . $rr['nickname'],
'photo' => z_root() . '/photo/avatar/' . $rr['uid'],
'tags' => str_replace(array(',',' '),array(' ',' '),$rr['keywords'])
);
}
$output = array('total' => $total, 'items_page' => $perpage, 'page' => $page + 1, 'results' => $results);
echo json_encode($output);
killme();
}
}

12
Zotlabs/Module/Network.php
View File

@ -54,6 +54,7 @@ class Network extends \Zotlabs\Web\Controller {
$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
$nouveau = ((x($_GET,'new')) ? intval($_GET['new']) : 0);
$static = ((x($_GET,'static')) ? intval($_GET['static']) : 0);
$gid = ((x($_GET,'gid')) ? intval($_GET['gid']) : 0);
$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
@ -186,6 +187,8 @@ class Network extends \Zotlabs\Web\Controller {
$status_editor = status_editor($a,$x);
$o .= $status_editor;
$static = channel_manual_conv_update(local_channel());
}
@ -201,7 +204,7 @@ class Network extends \Zotlabs\Web\Controller {
$sql_nets = '';
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE item_thread_top = 1 $sql_options ) ";
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE item_thread_top = 1 $sql_options ) ";
if($group) {
$contact_str = '';
@ -295,6 +298,7 @@ class Network extends \Zotlabs\Web\Controller {
'$fh' => (($firehose) ? $firehose : '0'),
'$nouveau' => (($nouveau) ? $nouveau : '0'),
'$wall' => '0',
'$static' => $static,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
'$search' => (($search) ? $search : ''),
@ -401,7 +405,8 @@ class Network extends \Zotlabs\Web\Controller {
$page_mode = 'client';
$simple_update = (($update) ? " and item_unseen = 1 " : '');
// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
// or three and look at your matrix page - after opening up your browser. The first page loads just as it
// should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page
@ -418,6 +423,9 @@ class Network extends \Zotlabs\Web\Controller {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
if($load)
$simple_update = '';
if($static && $simple_update)
$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
if($nouveau && $load) {
// "New Item View" - show all items unthreaded in reverse created date order

113
Zotlabs/Module/Notifications.php
View File

@ -1,70 +1,11 @@
<?php
namespace Zotlabs\Module;
require_once('include/bbcode.php');
class Notifications extends \Zotlabs\Web\Controller {
function post() {
if(! local_channel()) {
goaway(z_root());
}
$request_id = ((\App::$argc > 1) ? \App::$argv[1] : 0);
if($request_id === "all")
return;
if($request_id) {
$r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($request_id),
intval(local_channel())
);
if(count($r)) {
$intro_id = $r[0]['id'];
$contact_id = $r[0]['contact-id'];
}
else {
notice( t('Invalid request identifier.') . EOL);
return;
}
// If it is a friend suggestion, the contact is not a new friend but an existing friend
// that should not be deleted.
$fid = $r[0]['fid'];
if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d",
intval($intro_id)
);
if(! $fid) {
// The check for blocked and pending is in case the friendship was already approved
// and we just want to get rid of the now pointless notification
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1",
intval($contact_id),
intval(local_channel())
);
}
goaway(z_root() . '/notifications/intros');
}
if($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d",
intval($intro_id));
goaway(z_root() . '/notifications/intros');
}
}
}
function get() {
function get() {
if(! local_channel()) {
notice( t('Permission denied.') . EOL);
@ -74,36 +15,32 @@ class Notifications extends \Zotlabs\Web\Controller {
nav_set_selected('notifications');
$o = '';
$notif_tpl = get_markup_template('notifications.tpl');
$r = q("SELECT * from notify where uid = %d and seen = 0 order by created desc",
intval(local_channel())
);
$not_tpl = get_markup_template('notify.tpl');
require_once('include/bbcode.php');
$r = q("SELECT * from notify where uid = %d and seen = 0 order by created desc",
intval(local_channel())
);
if ($r > 0) {
$notifications_available =1;
foreach ($r as $it) {
$notif_content .= replace_macros($not_tpl,array(
'$item_link' => z_root().'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['created'])
));
}
} else {
$notif_content .= t('No more system notifications.');
if($r) {
$notifications_available = 1;
foreach ($r as $it) {
$notif_content .= replace_macros(get_markup_template('notify.tpl'),array(
'$item_link' => z_root().'/notify/view/'. $it['id'],
'$item_image' => $it['photo'],
'$item_text' => strip_tags(bbcode($it['msg'])),
'$item_when' => relative_date($it['created'])
));
}
}
else {
$notif_content .= t('No more system notifications.');
}
$o .= replace_macros($notif_tpl,array(
'$notif_header' => t('System Notifications'),
'$notif_link_mark_seen' => t('Mark all system notifications seen'),
'$notif_content' => $notif_content,
'$notifications_available' => $notifications_available,
));
$o .= replace_macros(get_markup_template('notifications.tpl'),array(
'$notif_header' => t('System Notifications'),
'$notif_link_mark_seen' => t('Mark all system notifications seen'),
'$notif_content' => $notif_content,
'$notifications_available' => $notifications_available,
));
return $o;
}

25
Zotlabs/Module/Photo.php
View File

@ -127,17 +127,7 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
// If using resolution 1, make sure it exists before proceeding:
if($resolution == 1) {
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
dbesc($photo),
intval($resolution)
);
if(! $r) {
$resolution = 2;
}
}
$r = q("SELECT uid FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
dbesc($photo),
intval($resolution)
@ -166,6 +156,14 @@ class Photo extends \Zotlabs\Web\Controller {
intval($resolution)
);
$d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ];
call_hooks('get_photo',$d);
$resolution = $d['imgscale'];
$photo = $d['resource_id'];
$r = $d['photo'];
$allowed = $d['allowed'];
if($r && $allowed) {
$data = dbunescbin($r[0]['content']);
$mimetype = $r[0]['mimetype'];
@ -183,7 +181,7 @@ class Photo extends \Zotlabs\Web\Controller {
// they won't have the photo link, so there's a reasonable chance that the person
// might be able to obtain permission to view it.
$r = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `imgscale` = %d LIMIT 1",
$r = q("SELECT * FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
dbesc($photo),
intval($resolution)
);
@ -200,6 +198,9 @@ class Photo extends \Zotlabs\Web\Controller {
}
}
if(! isset($data)) {
if(isset($resolution)) {
switch($resolution) {

38
Zotlabs/Module/Photos.php
View File

@ -195,7 +195,7 @@ class Photos extends \Zotlabs\Web\Controller {
if(! $ob_hash)
goaway(z_root() . '/' . $_SESSION['photo_return']);
$r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1",
$r = q("SELECT id, resource_id FROM photo WHERE ( xchan = '%s' or uid = %d ) AND resource_id = '%s' LIMIT 1",
dbesc($ob_hash),
intval(local_channel()),
dbesc(\App::$argv[2])
@ -241,12 +241,12 @@ class Photos extends \Zotlabs\Web\Controller {
( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) {
logger('rotate');
$r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1",
$r = q("select * from photo where resource_id = '%s' and uid = %d and imgscale = 0 limit 1",
dbesc($resource_id),
intval($page_owner_uid)
);
if(count($r)) {
$d = (($r[0]['os_storage']) ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']));
$d = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($r[0]['content'])) : dbunescbin($r[0]['content']));
$ph = photo_factory($d, $r[0]['mimetype']);
if($ph->is_valid()) {
$rotate_deg = ( (intval($_POST['rotate']) == 1) ? 270 : 90 );
@ -259,7 +259,7 @@ class Photos extends \Zotlabs\Web\Controller {
@file_put_contents($r[0]['content'],$ph->imageString());
$data = $r[0]['content'];
$fsize = @filesize($r[0]['content']);
q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1",
q("update attach set filesize = %d where hash = '%s' and uid = %d",
intval($fsize),
dbesc($resource_id),
intval($page_owner_uid)
@ -270,7 +270,7 @@ class Photos extends \Zotlabs\Web\Controller {
$fsize = strlen($data);
}
$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0",
$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
dbescbin($data),
intval($fsize),
intval($height),
@ -285,7 +285,7 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1",
$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
dbescbin($ph->imageString()),
intval($height),
intval($width),
@ -300,7 +300,7 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2",
$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
dbescbin($ph->imageString()),
intval($height),
intval($width),
@ -315,7 +315,7 @@ class Photos extends \Zotlabs\Web\Controller {
$width = $ph->getWidth();
$height = $ph->getHeight();
$x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3",
$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
dbescbin($ph->imageString()),
intval($height),
intval($width),
@ -333,7 +333,7 @@ class Photos extends \Zotlabs\Web\Controller {
if($p) {
$ext = $phototypes[$p[0]['mimetype']];
$r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d",
$r = q("UPDATE photo SET description = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' WHERE resource_id = '%s' AND uid = %d",
dbesc($desc),
dbesc($perm['allow_cid']),
dbesc($perm['allow_gid']),
@ -367,7 +367,7 @@ class Photos extends \Zotlabs\Web\Controller {
}
if($item_id) {
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = %d AND uid = %d LIMIT 1",
intval($item_id),
intval($page_owner_uid)
);
@ -695,8 +695,8 @@ class Photos extends \Zotlabs\Web\Controller {
\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
$r = q("SELECT `resource_id`, max(`imgscale`) AS `imgscale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
AND `imgscale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`",
$r = q("SELECT resource_id, max(imgscale) AS imgscale FROM photo WHERE uid = %d AND album = '%s'
AND imgscale <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id",
intval($owner_uid),
dbesc($album),
intval(PHOTO_NORMAL),
@ -843,8 +843,8 @@ class Photos extends \Zotlabs\Web\Controller {
// fetch image, item containing image, then comments
$ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'
$sql_extra ORDER BY `imgscale` ASC ",
$ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,description,album,filename,mimetype,height,width,filesize,imgscale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM photo WHERE uid = %d AND resource_id = '%s'
$sql_extra ORDER BY imgscale ASC ",
intval($owner_uid),
dbesc($datum)
);
@ -875,8 +875,8 @@ class Photos extends \Zotlabs\Web\Controller {
$order = 'DESC';
$prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `imgscale` = 0
$sql_extra ORDER BY `created` $order ",
$prvnxt = q("SELECT resource_id FROM photo WHERE album = '%s' AND uid = %d AND imgscale = 0
$sql_extra ORDER BY created $order ",
dbesc($ph[0]['album']),
intval($owner_uid)
);
@ -993,7 +993,7 @@ class Photos extends \Zotlabs\Web\Controller {
}
if((local_channel()) && (local_channel() == $link_item['uid'])) {
q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1",
q("UPDATE item SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1",
intval($link_item['parent']),
intval(local_channel())
);
@ -1283,8 +1283,8 @@ class Photos extends \Zotlabs\Web\Controller {
\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
$r = q("SELECT `resource_id`, max(`imgscale`) AS `imgscale` FROM `photo` WHERE `uid` = %d
and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY `resource_id`",
$r = q("SELECT resource_id, max(imgscale) AS imgscale FROM photo WHERE uid = %d
and photo_usage in ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id",
intval(\App::$data['channel']['channel_id']),
intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE),

223
Zotlabs/Module/Ping.php
View File

@ -1,32 +1,27 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/ping.php
*
*/
namespace Zotlabs\Module;
require_once('include/bbcode.php');
/**
* @brief do several updates when pinged.
* @brief Ping Controller.
*
* This function does several tasks. Whenever called it checks for new messages,
* introductions, notifications, etc. and returns a json with the results.
*
* @param App &$a
* @result JSON
*/
class Ping extends \Zotlabs\Web\Controller {
/**
* @brief do several updates when pinged.
*
* This function does several tasks. Whenever called it checks for new messages,
* introductions, notifications, etc. and returns a json with the results.
*
* @result JSON
*/
function init() {
$result = array();
$notifs = array();
$result['notify'] = 0;
$result['home'] = 0;
$result['network'] = 0;
@ -41,45 +36,45 @@ class Ping extends \Zotlabs\Web\Controller {
$result['all_events_today'] = 0;
$result['notice'] = array();
$result['info'] = array();
$t0 = dba_timer();
header("content-type: application/json");
$vnotify = false;
$item_normal = item_normal();
if(local_channel()) {
if(local_channel()) {
$vnotify = get_pconfig(local_channel(),'system','vnotify');
$evdays = intval(get_pconfig(local_channel(),'system','evdays'));
$ob_hash = get_observer_hash();
}
// if unset show all visual notification types
if($vnotify === false)
$vnotify = (-1);
if($evdays < 1)
$evdays = 3;
/**
* If you have several windows open to this site and switch to a different channel
* in one of them, the others may get into a confused state showing you a page or options
* in one of them, the others may get into a confused state showing you a page or options
* on that page which were only valid under the old identity. You session has changed.
* Therefore we send a notification of this fact back to the browser where it is picked up
* in javascript and which reloads the page it is on so that it is valid under the context
* of the now current channel.
* of the now current channel.
*/
$result['invalid'] = ((intval($_GET['uid'])) && (intval($_GET['uid']) != local_channel()) ? 1 : 0);
/**
* Send all system messages (alerts) to the browser.
* Some are marked as informational and some represent
* errors or serious notifications. These typically
* will popup on the current page (no matter what page it is)
*/
if(x($_SESSION, 'sysmsg')){
foreach ($_SESSION['sysmsg'] as $m){
$result['notice'][] = array('message' => $m);
@ -96,17 +91,16 @@ class Ping extends \Zotlabs\Web\Controller {
$result['info'] = array();
if(! ($vnotify & VNOTIFY_ALERT))
$result['notice'] = array();
if(\App::$install) {
echo json_encode($result);
killme();
}
/**
* Update chat presence indication (if applicable)
*/
if(get_observer_hash() && (! $result['invalid'])) {
$r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1",
dbesc(get_observer_hash()),
@ -114,7 +108,7 @@ class Ping extends \Zotlabs\Web\Controller {
);
$basic_presence = false;
if($r) {
$basic_presence = true;
$basic_presence = true;
q("update chatpresence set cp_last = '%s' where cp_id = %d",
dbesc(datetime_convert()),
intval($r[0]['cp_id'])
@ -130,40 +124,39 @@ class Ping extends \Zotlabs\Web\Controller {
);
}
}
/**
* Chatpresence continued... if somebody hasn't pinged recently, they've most likely left the page
* and shouldn't count as online anymore. We allow an expection for bots.
*/
q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ",
db_utcnow(), db_quoteinterval('3 MINUTE')
);
);
if((! local_channel()) || ($result['invalid'])) {
echo json_encode($result);
killme();
}
/**
* Everything following is only permitted under the context of a locally authenticated site member.
*/
/**
* Handle "mark all xyz notifications read" requests.
*/
// mark all items read
if(x($_REQUEST, 'markRead') && local_channel()) {
switch($_REQUEST['markRead']) {
case 'network':
$r = q("update item set item_unseen = 0 where item_unseen = 1 and uid = %d",
$r = q("update item set item_unseen = 0 where item_unseen = 1 and uid = %d",
intval(local_channel())
);
break;
case 'home':
$r = q("update item set item_unseen = 0 where item_unseen = 1 and item_wall = 1 and uid = %d",
$r = q("update item set item_unseen = 0 where item_unseen = 1 and item_wall = 1 and uid = %d",
intval(local_channel())
);
break;
@ -173,7 +166,7 @@ class Ping extends \Zotlabs\Web\Controller {
);
break;
case 'all_events':
$r = q("update event set `dismissed` = 1 where `dismissed` = 0 and uid = %d AND dtstart < '%s' AND dtstart > '%s' ",
$r = q("update event set dismissed = 1 where dismissed = 0 and uid = %d AND dtstart < '%s' AND dtstart > '%s' ",
intval(local_channel()),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))
@ -188,21 +181,18 @@ class Ping extends \Zotlabs\Web\Controller {
break;
}
}
if(x($_REQUEST, 'markItemRead') && local_channel()) {
$r = q("update item set item_unseen = 0 where parent = %d and uid = %d",
$r = q("update item set item_unseen = 0 where parent = %d and uid = %d",
intval($_REQUEST['markItemRead']),
intval(local_channel())
);
}
/**
* URL ping/something will return detail for "something", e.g. a json list with which to populate a notification
* dropdown menu.
*/
if(argc() > 1 && argv(1) === 'notify') {
$t = q("select count(*) as total from notify where uid = %d and seen = 0",
intval(local_channel())
@ -212,8 +202,7 @@ class Ping extends \Zotlabs\Web\Controller {
and seen = 0 order by created desc limit 50",
intval(local_channel())
);
}
else {
} else {
$z1 = q("select * from notify where uid = %d
and seen = 0 order by created desc limit 50",
intval(local_channel())
@ -225,62 +214,62 @@ class Ping extends \Zotlabs\Web\Controller {
);
$z = array_merge($z1,$z2);
}
if(count($z)) {
foreach($z as $zz) {
$notifs[] = array(
'notify_link' => z_root() . '/notify/view/' . $zz['id'],
'notify_link' => z_root() . '/notify/view/' . $zz['id'],
'name' => $zz['xname'],
'url' => $zz['url'],
'photo' => $zz['photo'],
'when' => relative_date($zz['created']),
'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'),
'when' => relative_date($zz['created']),
'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'),
'message' => strip_tags(bbcode($zz['msg']))
);
}
}
echo json_encode(array('notify' => $notifs));
killme();
}
if(argc() > 1 && argv(1) === 'messages') {
$channel = \App::get_channel();
$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
where channel_id = %d and mail_seen = 0 and mail_deleted = 0
$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
where channel_id = %d and mail_seen = 0 and mail_deleted = 0
and from_xchan != '%s' order by created desc limit 50",
intval(local_channel()),
dbesc($channel['channel_hash'])
);
if($t) {
foreach($t as $zz) {
$notifs[] = array(
'notify_link' => z_root() . '/mail/' . $zz['id'],
'notify_link' => z_root() . '/mail/' . $zz['id'],
'name' => $zz['xchan_name'],
'url' => $zz['xchan_url'],
'photo' => $zz['xchan_photo_s'],
'when' => relative_date($zz['created']),
'hclass' => (intval($zz['mail_seen']) ? 'notify-seen' : 'notify-unseen'),
'when' => relative_date($zz['created']),
'hclass' => (intval($zz['mail_seen']) ? 'notify-seen' : 'notify-unseen'),
'message' => t('sent you a private message'),
);
}
}
echo json_encode(array('notify' => $notifs));
killme();
}
if(argc() > 1 && (argv(1) === 'network' || argv(1) === 'home')) {
$result = array();
$r = q("SELECT * FROM item
WHERE item_unseen = 1 and uid = %d $item_normal
and author_xchan != '%s' ORDER BY created DESC limit 300",
intval(local_channel()),
dbesc($ob_hash)
);
if($r) {
xchan_query($r);
foreach($r as $item) {
@ -289,18 +278,18 @@ class Ping extends \Zotlabs\Web\Controller {
$result[] = \Zotlabs\Lib\Enotify::format($item);
}
}
// logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA);
// logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA);
echo json_encode(array('notify' => $result));
killme();
}
if(argc() > 1 && (argv(1) === 'intros')) {
$result = array();
$r = q("SELECT * FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ORDER BY abook_created DESC LIMIT 50",
intval(local_channel())
);
if($r) {
foreach($r as $rr) {
$result[] = array(
@ -308,8 +297,8 @@ class Ping extends \Zotlabs\Web\Controller {
'name' => $rr['xchan_name'],
'url' => $rr['xchan_url'],
'photo' => $rr['xchan_photo_s'],
'when' => relative_date($rr['abook_created']),
'hclass' => ('notify-unseen'),
'when' => relative_date($rr['abook_created']),
'hclass' => ('notify-unseen'),
'message' => t('added your channel')
);
}
@ -318,40 +307,35 @@ class Ping extends \Zotlabs\Web\Controller {
echo json_encode(array('notify' => $result));
killme();
}
if(argc() > 1 && (argv(1) === 'all_events')) {
$bd_format = t('g A l F d') ; // 8 AM Friday January 18
$result = array();
$r = q("SELECT * FROM event left join xchan on event_xchan = xchan_hash
WHERE `event`.`uid` = %d AND dtstart < '%s' AND dtstart > '%s' and `dismissed` = 0
WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0
and etype in ( 'event', 'birthday' )
ORDER BY `dtstart` DESC LIMIT 1000",
ORDER BY dtstart DESC LIMIT 1000",
intval(local_channel()),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))
);
if($r) {
foreach($r as $rr) {
if($rr['adjust'])
$md = datetime_convert('UTC', date_default_timezone_get(), $rr['dtstart'], 'Y/m');
else
$md = datetime_convert('UTC', 'UTC', $rr['dtstart'], 'Y/m');
$strt = datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['dtstart']);
$today = ((substr($strt, 0, 10) === datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d')) ? true : false);
$when = day_translate(datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['dtstart'], $bd_format)) . (($today) ? ' ' . t('[today]') : '');
$result[] = array(
'notify_link' => z_root() . '/events', // FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'],
'notify_link' => z_root() . '/events', /// @FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event --> '/events/event/' . $rr['event_hash'],
'name' => $rr['xchan_name'],
'url' => $rr['xchan_url'],
'photo' => $rr['xchan_photo_s'],
'when' => $when,
'hclass' => ('notify-unseen'),
'hclass' => ('notify-unseen'),
'message' => t('posted an event')
);
}
@ -360,13 +344,10 @@ class Ping extends \Zotlabs\Web\Controller {
echo json_encode(array('notify' => $result));
killme();
}
/**
* Normal ping - just the counts, no detail
*/
if($vnotify & VNOTIFY_SYSTEM) {
$t = q("select count(*) as total from notify where uid = %d and seen = 0",
intval(local_channel())
@ -374,9 +355,9 @@ class Ping extends \Zotlabs\Web\Controller {
if($t)
$result['notify'] = intval($t[0]['total']);
}
$t1 = dba_timer();
if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) {
$r = q("SELECT id, item_wall FROM item
WHERE item_unseen = 1 and uid = %d
@ -385,11 +366,11 @@ class Ping extends \Zotlabs\Web\Controller {
intval(local_channel()),
dbesc($ob_hash)
);
if($r) {
if($r) {
$arr = array('items' => $r);
call_hooks('network_ping', $arr);
foreach ($r as $it) {
if(intval($it['item_wall']))
$result['home'] ++;
@ -402,24 +383,23 @@ class Ping extends \Zotlabs\Web\Controller {
$result['network'] = 0;
if(! ($vnotify & VNOTIFY_CHANNEL))
$result['home'] = 0;
$t2 = dba_timer();
if($vnotify & VNOTIFY_INTRO) {
$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
intval(local_channel())
);
$t3 = dba_timer();
if($intr)
$result['intros'] = intval($intr[0]['total']);
}
$t4 = dba_timer();
$channel = \App::get_channel();
if($vnotify & VNOTIFY_MAIL) {
$mails = q("SELECT count(id) as total from mail
WHERE channel_id = %d AND mail_seen = 0 and from_xchan != '%s' ",
@ -429,7 +409,7 @@ class Ping extends \Zotlabs\Web\Controller {
if($mails)
$result['mail'] = intval($mails[0]['total']);
}
if($vnotify & VNOTIFY_REGISTER) {
if (\App::$config['system']['register_policy'] == REGISTER_APPROVE && is_site_admin()) {
$regs = q("SELECT count(account_id) as total from account where (account_flags & %d) > 0",
@ -438,23 +418,23 @@ class Ping extends \Zotlabs\Web\Controller {
if($regs)
$result['register'] = intval($regs[0]['total']);
}
}
}
$t5 = dba_timer();
if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) {
$events = q("SELECT etype, dtstart, adjust FROM `event`
WHERE `event`.`uid` = %d AND dtstart < '%s' AND dtstart > '%s' and `dismissed` = 0
$events = q("SELECT etype, dtstart, adjust FROM event
WHERE event.uid = %d AND dtstart < '%s' AND dtstart > '%s' and dismissed = 0
and etype in ( 'event', 'birthday' )
ORDER BY `dtstart` ASC ",
ORDER BY dtstart ASC ",
intval(local_channel()),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + ' . intval($evdays) . ' days')),
dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days'))
);
if($events) {
$result['all_events'] = count($events);
if($result['all_events']) {
$str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d');
foreach($events as $x) {
@ -483,16 +463,15 @@ class Ping extends \Zotlabs\Web\Controller {
$result['all_events_today'] = $result['events_today'] = 0;
if(! ($vnotify & VNOTIFY_BIRTHDAY))
$result['birthdays'] = 0;
$x = json_encode($result);
$t6 = dba_timer();
// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
// logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
echo $x;
killme();
}
}

30
Zotlabs/Module/Post.php
View File

@ -1,36 +1,34 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/post.php
* @file Zotlabs/Module/Post.php
*
* @brief Zot endpoint.
*
*/
namespace Zotlabs\Module;
require_once('include/zot.php');
/**
* @brief Post module.
*
*/
class Post extends \Zotlabs\Web\Controller {
function init() {
if (array_key_exists('auth', $_REQUEST)) {
if(array_key_exists('auth', $_REQUEST)) {
$x = new \Zotlabs\Zot\Auth($_REQUEST);
exit;
}
}
function post() {
$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'],get_config('system','prvkey'), new \Zotlabs\Zot\ZotHandler());
function post() {
$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler());
// notreached;
exit;
}
}

52
Zotlabs/Module/Profile_photo.php
View File

@ -98,7 +98,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
if($r) {
$base_image = $r[0];
$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents($base_image['content']) : dbunescbin($base_image['content']));
$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
$im = photo_factory($base_image['content'], $base_image['mimetype']);
if($im->is_valid()) {
@ -149,7 +149,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
if($is_default_profile) {
$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d
AND resource_id != '%s' AND `uid` = %d",
AND resource_id != '%s' AND uid = %d",
intval(PHOTO_NORMAL),
intval(PHOTO_PROFILE),
dbesc($base_image['resource_id']),
@ -205,15 +205,23 @@ class Profile_photo extends \Zotlabs\Web\Controller {
$hash = photo_new_resource();
$importing = false;
$smallest = 0;
require_once('include/attach.php');
if($_REQUEST['importfile']) {
$hash = $_REQUEST['importfile'];
$importing = true;
}
else {
require_once('include/attach.php');
$res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Profile Photos'), 'hash' => $hash));
$res = attach_store(\App::get_channel(), get_observer_hash(), '', array('album' => t('Profile Photos'), 'hash' => $hash));
logger('attach_store: ' . print_r($res,true));
logger('attach_store: ' . print_r($res,true));
}
if($res && intval($res['data']['is_photo'])) {
if(($res && intval($res['data']['is_photo'])) || $importing) {
$i = q("select * from photo where resource_id = '%s' and uid = %d order by imgscale",
dbesc($hash),
intval(local_channel())
@ -235,7 +243,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
}
}
$imagedata = (($os_storage) ? @file_get_contents($imagedata) : $imagedata);
$imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata));
$ph = photo_factory($imagedata, $filetype);
if(! $ph->is_valid()) {
@ -284,14 +292,17 @@ class Profile_photo extends \Zotlabs\Web\Controller {
// When using an existing photo, we don't have a dialogue to offer a choice of profiles,
// so it gets attached to the default
$p = q("select id from profile where is_default = 1 and uid = %d",
$c = q("select id, is_default from profile where uid = %d",
intval(local_channel())
);
if($p) {
$_REQUEST['profile'] = $p[0]['id'];
$multi_profiles = true;
if(($c) && (count($c) === 1) && (intval($c[0]['is_default']))) {
$_REQUEST['profile'] = $c[0]['id'];
$multi_profiles = false;
}
$r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC",
intval(local_channel()),
dbesc($resource_id)
@ -308,7 +319,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
// set an already loaded and cropped photo as profile photo
if(($r[0]['album'] == t('Profile Photos')) && ($havescale)) {
if($havescale) {
// unset any existing profile photos
$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d",
intval(PHOTO_NORMAL),
@ -343,7 +354,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
}
if(intval($r[0]['os_storage']))
$data = @file_get_contents($r[0]['content']);
$data = @file_get_contents(dbunescbin($r[0]['content']));
else
$data = dbunescbin($r[0]['content']);
@ -366,9 +377,15 @@ class Profile_photo extends \Zotlabs\Web\Controller {
}
}
$this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest);
if($multi_profiles) {
\App::$data['importfile'] = $resource_id;
}
else {
$this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest);
}
// falls through with App::$data['imagecrop'] set so we go straight to the cropping section
}
@ -377,6 +394,8 @@ class Profile_photo extends \Zotlabs\Web\Controller {
$profiles = q("select id, profile_name as name, is_default from profile where uid = %d order by id asc",
intval(local_channel())
);
$importing = ((array_key_exists('importfile',\App::$data)) ? true : false);
if(! x(\App::$data,'imagecrop')) {
@ -384,10 +403,11 @@ class Profile_photo extends \Zotlabs\Web\Controller {
$o .= replace_macros($tpl,array(
'$user' => \App::$channel['channel_address'],
'$importfile' => (($importing) ? \App::$data['importfile'] : ''),
'$lbl_upfile' => t('Upload File:'),
'$lbl_profiles' => t('Select a profile:'),
'$title' => t('Upload Profile Photo'),
'$submit' => t('Upload'),
'$title' => (($importing) ? t('Use Photo for Profile') : t('Upload Profile Photo')),
'$submit' => (($importing) ? t('Use') : t('Upload')),
'$profiles' => $profiles,
'$single' => ((count($profiles) == 1) ? true : false),
'$profile0' => $profiles[0],

108
Zotlabs/Module/Profiles.php
View File

@ -16,7 +16,7 @@ class Profiles extends \Zotlabs\Web\Controller {
}
if((argc() > 2) && (argv(1) === "drop") && intval(argv(2))) {
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is_default` = 0 LIMIT 1",
$r = q("SELECT * FROM profile WHERE id = %d AND uid = %d AND is_default = 0 LIMIT 1",
intval(argv(2)),
intval(local_channel())
);
@ -31,12 +31,12 @@ class Profiles extends \Zotlabs\Web\Controller {
// move every contact using this profile as their default to the user default
$r = q("UPDATE abook SET abook_profile = (SELECT profile_guid AS FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1) WHERE abook_profile = '%s' AND abook_channel = %d ",
$r = q("UPDATE abook SET abook_profile = (SELECT profile_guid FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1) WHERE abook_profile = '%s' AND abook_channel = %d ",
intval(local_channel()),
dbesc($profile_guid),
intval(local_channel())
);
$r = q("DELETE FROM `profile` WHERE `id` = %d AND `uid` = %d",
$r = q("DELETE FROM profile WHERE id = %d AND uid = %d",
intval(argv(2)),
intval(local_channel())
);
@ -61,16 +61,16 @@ class Profiles extends \Zotlabs\Web\Controller {
// check_form_security_token_redirectOnErr('/profiles', 'profile_new', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
$r0 = q("SELECT id FROM profile WHERE uid = %d",
intval(local_channel()));
$num_profiles = count($r0);
$name = t('Profile-') . ($num_profiles + 1);
$r1 = q("SELECT `fullname`, `photo`, `thumb` FROM `profile` WHERE `uid` = %d AND `is_default` = 1 LIMIT 1",
$r1 = q("SELECT fullname, photo, thumb FROM profile WHERE uid = %d AND is_default = 1 LIMIT 1",
intval(local_channel()));
$r2 = q("INSERT INTO `profile` (`aid`, `uid` , `profile_guid`, `profile_name` , `fullname`, `photo`, `thumb`)
$r2 = q("INSERT INTO profile (aid, uid , profile_guid, profile_name , fullname, photo, thumb)
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s' )",
intval(get_account_id()),
intval(local_channel()),
@ -81,7 +81,7 @@ class Profiles extends \Zotlabs\Web\Controller {
dbesc($r1[0]['thumb'])
);
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile_name` = '%s' LIMIT 1",
$r3 = q("SELECT id FROM profile WHERE uid = %d AND profile_name = '%s' LIMIT 1",
intval(local_channel()),
dbesc($name)
);
@ -97,12 +97,12 @@ class Profiles extends \Zotlabs\Web\Controller {
check_form_security_token_redirectOnErr('/profiles', 'profile_clone', 't');
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
$r0 = q("SELECT id FROM profile WHERE uid = %d",
intval(local_channel()));
$num_profiles = count($r0);
$name = t('Profile-') . ($num_profiles + 1);
$r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1",
$r1 = q("SELECT * FROM profile WHERE uid = %d AND id = %d LIMIT 1",
intval(local_channel()),
intval(\App::$argv[2])
);
@ -117,15 +117,9 @@ class Profiles extends \Zotlabs\Web\Controller {
$r1[0]['profile_name'] = dbesc($name);
$r1[0]['profile_guid'] = dbesc(random_string());
dbesc_array($r1[0]);
create_table_from_array('profile', $r1[0]);
$r2 = dbq("INSERT INTO `profile` (`"
. implode("`, `", array_keys($r1[0]))
. "`) VALUES ('"
. implode("', '", array_values($r1[0]))
. "')" );
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile_name` = '%s' LIMIT 1",
$r3 = q("SELECT id FROM profile WHERE uid = %d AND profile_name = '%s' LIMIT 1",
intval(local_channel()),
dbesc($name)
);
@ -143,7 +137,7 @@ class Profiles extends \Zotlabs\Web\Controller {
if((argc() > 2) && (argv(1) === 'export')) {
$r1 = q("SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d LIMIT 1",
$r1 = q("SELECT * FROM profile WHERE uid = %d AND id = %d LIMIT 1",
intval(local_channel()),
intval(argv(2))
);
@ -181,7 +175,7 @@ class Profiles extends \Zotlabs\Web\Controller {
if($x)
$id = $x[0]['id'];
}
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM profile WHERE id = %d AND uid = %d LIMIT 1",
intval($id),
intval(local_channel())
);
@ -238,7 +232,7 @@ class Profiles extends \Zotlabs\Web\Controller {
if((argc() > 1) && (argv(1) !== "new") && intval(argv(1))) {
$orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$orig = q("SELECT * FROM profile WHERE id = %d AND uid = %d LIMIT 1",
intval(\App::$argv[1]),
intval(local_channel())
);
@ -484,41 +478,41 @@ class Profiles extends \Zotlabs\Web\Controller {
}
$r = q("UPDATE `profile`
SET `profile_name` = '%s',
`fullname` = '%s',
`pdesc` = '%s',
`gender` = '%s',
`dob` = '%s',
`address` = '%s',
`locality` = '%s',
`region` = '%s',
`postal_code` = '%s',
`country_name` = '%s',
`marital` = '%s',
`partner` = '%s',
`howlong` = '%s',
`sexual` = '%s',
`homepage` = '%s',
`hometown` = '%s',
`politic` = '%s',
`religion` = '%s',
`keywords` = '%s',
`likes` = '%s',
`dislikes` = '%s',
`about` = '%s',
`interest` = '%s',
`contact` = '%s',
`channels` = '%s',
`music` = '%s',
`book` = '%s',
`tv` = '%s',
`film` = '%s',
`romance` = '%s',
`employment` = '%s',
`education` = '%s',
`hide_friends` = %d
WHERE `id` = %d AND `uid` = %d",
$r = q("UPDATE profile
SET profile_name = '%s',
fullname = '%s',
pdesc = '%s',
gender = '%s',
dob = '%s',
address = '%s',
locality = '%s',
region = '%s',
postal_code = '%s',
country_name = '%s',
marital = '%s',
partner = '%s',
howlong = '%s',
sexual = '%s',
homepage = '%s',
hometown = '%s',
politic = '%s',
religion = '%s',
keywords = '%s',
likes = '%s',
dislikes = '%s',
about = '%s',
interest = '%s',
contact = '%s',
channels = '%s',
music = '%s',
book = '%s',
tv = '%s',
film = '%s',
romance = '%s',
employment = '%s',
education = '%s',
hide_friends = %d
WHERE id = %d AND uid = %d",
dbesc($profile_name),
dbesc($name),
dbesc($pdesc),
@ -617,7 +611,7 @@ class Profiles extends \Zotlabs\Web\Controller {
if($x)
$id = $x[0]['id'];
}
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM profile WHERE id = %d AND uid = %d LIMIT 1",
intval($id),
intval(local_channel())
);
@ -755,7 +749,7 @@ class Profiles extends \Zotlabs\Web\Controller {
}
else {
$r = q("SELECT * FROM `profile` WHERE `uid` = %d",
$r = q("SELECT * FROM profile WHERE uid = %d",
local_channel());
if($r) {

2
Zotlabs/Module/Profperm.php
View File

@ -55,7 +55,7 @@ class Profperm extends \Zotlabs\Web\Controller {
if((argc() > 1) && (intval(argv(1)))) {
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is_default` = 0 LIMIT 1",
$r = q("SELECT * FROM profile WHERE id = %d AND uid = %d AND is_default = 0 LIMIT 1",
intval(argv(1)),
intval(local_channel())
);

2
Zotlabs/Module/Pubsites.php
View File

@ -36,7 +36,7 @@ class Pubsites extends \Zotlabs\Web\Controller {
$o .= '</tr>';
if($j['sites']) {
foreach($j['sites'] as $jj) {
if(! $jj['project'])
if(! \Zotlabs\Lib\System::compatible_project($jj['project']))
continue;
if(strpos($jj['version'],' ')) {
$x = explode(' ', $jj['version']);

11
Zotlabs/Module/Pubstream.php
View File

@ -21,8 +21,13 @@ class Pubstream extends \Zotlabs\Web\Controller {
return;
$item_normal = item_normal();
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
if(! $update) {
$static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
$maxheight = get_config('system','home_divmore_height');
if(! $maxheight)
@ -49,6 +54,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
'$nouveau' => '0',
'$wall' => '0',
'$list' => '0',
'$static' => $static,
'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
'$search' => '',
'$order' => 'comment',
@ -96,7 +102,10 @@ class Pubstream extends \Zotlabs\Web\Controller {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
if($load)
$simple_update = '';
if($static && $simple_update)
$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
//logger('update: ' . $update . ' load: ' . $load);
if($update) {

5
Zotlabs/Module/Regdir.php
View File

@ -54,8 +54,7 @@ class Regdir extends \Zotlabs\Web\Controller {
if ($url) {
$m = parse_url($url);
if ((! $m) || ((! @dns_get_record($m['host'], DNS_A + DNS_CNAME + DNS_PTR)) && (! filter_var($m['host'], FILTER_VALIDATE_IP) ))) {
if ((! $m) || (! z_dns_check($m['host']))) {
$result['message'] = 'unparseable url';
json_return_and_die($result);
}
@ -71,7 +70,7 @@ class Regdir extends \Zotlabs\Web\Controller {
if(! $result['success'])
$valid = 0;
q("update site set site_valid = %d where site_url = '%s' limit 1",
q("update site set site_valid = %d where site_url = '%s'",
intval($valid),
strtolower($url)
);

19
Zotlabs/Module/Search.php
View File

@ -53,6 +53,8 @@ class Search extends \Zotlabs\Web\Controller {
$tag = true;
$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
}
$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
if((! local_channel()) || (! feature_enabled(local_channel(),'savedsearch')))
$o .= search($search,'search-box','/search',((local_channel()) ? true : false));
@ -79,7 +81,7 @@ class Search extends \Zotlabs\Web\Controller {
return $o;
if($tag) {
$sql_extra = sprintf(" AND `item`.`id` IN (select `oid` from term where otype = %d and ttype in ( %d , %d) and term = '%s') ",
$sql_extra = sprintf(" AND item.id IN (select oid from term where otype = %d and ttype in ( %d , %d) and term = '%s') ",
intval(TERM_OBJ_POST),
intval(TERM_HASHTAG),
intval(TERM_COMMUNITYTAG),
@ -88,7 +90,7 @@ class Search extends \Zotlabs\Web\Controller {
}
else {
$regstr = db_getfunc('REGEXP');
$sql_extra = sprintf(" AND `item`.`body` $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search))));
$sql_extra = sprintf(" AND item.body $regstr '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
// Here is the way permissions work in the search module...
@ -96,8 +98,12 @@ class Search extends \Zotlabs\Web\Controller {
// OR your own posts if you are a logged in member
// No items will be shown if the member has a blocked profile wall.
if((! $update) && (! $load)) {
$static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
@ -120,6 +126,7 @@ class Search extends \Zotlabs\Web\Controller {
'$fh' => '0',
'$nouveau' => '0',
'$wall' => '0',
'$static' => $static,
'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
'$search' => (($tag) ? urlencode('#') : '') . $search,
@ -165,8 +172,8 @@ class Search extends \Zotlabs\Web\Controller {
}
if(local_channel()) {
$r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
OR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' )
WHERE ((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = '' AND item.deny_gid = '' AND item_private = 0 )
OR ( item.uid = %d )) OR item.owner_xchan = '%s' )
$item_normal
$sql_extra
$suffix $pager_sql ",
@ -176,8 +183,8 @@ class Search extends \Zotlabs\Web\Controller {
}
if($r === null) {
$r = q("SELECT $prefix mid, item.id as item_id, item.* from item
WHERE (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''
AND `item`.`deny_gid` = '' AND item_private = 0 )
WHERE (((( item.allow_cid = '' AND item.allow_gid = '' AND item.deny_cid = ''
AND item.deny_gid = '' AND item_private = 0 )
and owner_xchan in ( " . stream_perms_xchans(($observer) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
$pub_sql ) OR owner_xchan = '%s')
$item_normal

10
Zotlabs/Module/Settings/Account.php
View File

@ -101,15 +101,7 @@ class Account {
$email = \App::$account['account_email'];
$techlevels = [
'0' => t('Beginner/Basic'),
'1' => t('Novice - not skilled but willing to learn'),
'2' => t('Intermediate - somewhat comfortable'),
'3' => t('Advanced - very comfortable'),
'4' => t('Expert - I can write computer code'),
'5' => t('Wizard - I probably know more than you do')
];
$techlevels = \Zotlabs\Lib\Techlevels::levels();
$def_techlevel = \App::$account['account_level'];
$techlock = get_config('system','techlevel_lock');

13
Zotlabs/Module/Settings/Channel.php
View File

@ -289,7 +289,7 @@ class Channel {
$yes_no = array(t('No'),t('Yes'));
$p = q("SELECT * FROM `profile` WHERE `is_default` = 1 AND `uid` = %d LIMIT 1",
$p = q("SELECT * FROM profile WHERE is_default = 1 AND uid = %d LIMIT 1",
intval(local_channel())
);
if(count($p))
@ -326,7 +326,11 @@ class Channel {
$permiss[] = array($k,$perm,$limits[$k],'',$options);
}
// logger('permiss: ' . print_r($permiss,true));
$username = $channel['channel_name'];
$nickname = $channel['channel_address'];
$timezone = $channel['channel_timezone'];
@ -400,8 +404,11 @@ class Channel {
'$desc' => t('Your channel address is'),
'$nickname' => $nickname,
'$subdir' => $subdir,
'$davdesc' => t('Your files/photos are accessible via WebDAV at'),
'$davpath' => ((get_account_techlevel() > 3) ? z_root() . '/dav/' . $nickname : ''),
'$basepath' => \App::get_hostname()
));
$stpl = get_markup_template('settings.tpl');
@ -511,6 +518,8 @@ class Channel {
'$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, '', $yes_no),
'$notify8' => array('notify8', t('You are poked/prodded/etc. in a post'), ($notify & NOTIFY_POKE), NOTIFY_POKE, '', $yes_no),
'$notify9' => array('notify9', t('Someone likes your post/comment'), ($notify & NOTIFY_LIKE), NOTIFY_LIKE, '', $yes_no),
'$lbl_vnot' => t('Show visual notifications including:'),

7
Zotlabs/Module/Settings/Display.php
View File

@ -28,6 +28,7 @@ class Display {
$title_tosource = ((x($_POST,'title_tosource')) ? intval($_POST['title_tosource']) : 0);
$channel_list_mode = ((x($_POST,'channel_list_mode')) ? intval($_POST['channel_list_mode']) : 0);
$network_list_mode = ((x($_POST,'network_list_mode')) ? intval($_POST['network_list_mode']) : 0);
$manual_update = ((array_key_exists('manual_update',$_POST)) ? intval($_POST['manual_update']) : 0);
$channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400);
if($channel_divmore_height < 50)
@ -61,6 +62,7 @@ class Display {
set_pconfig(local_channel(),'system','network_list_mode', $network_list_mode);
set_pconfig(local_channel(),'system','channel_divmore_height', $channel_divmore_height);
set_pconfig(local_channel(),'system','network_divmore_height', $network_divmore_height);
set_pconfig(local_channel(),'system','manual_conversation_update', $manual_update);
$newschema = '';
if($theme == $existing_theme){
@ -157,7 +159,7 @@ class Display {
$preload_images = (($preload_images===false)? '0': $preload_images); // default if not set: 0
$user_scalable = get_pconfig(local_channel(),'system','user_scalable');
$user_scalable = (($user_scalable===false)? '1': $user_scalable); // default if not set: 1
$user_scalable = (($user_scalable===false)? '0': $user_scalable); // default if not set: 0
$browser_update = intval(get_pconfig(local_channel(), 'system','update_interval'));
$browser_update = (($browser_update == 0) ? 80 : $browser_update / 1000); // default if not set: 40 seconds
@ -204,6 +206,7 @@ class Display {
'$ajaxint' => array('browser_update', t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')),
'$itemspage' => array('itemspage', t("Maximum number of conversations to load at any time:"), $itemspage, t('Maximum of 100 items')),
'$nosmile' => array('nosmile', t("Show emoticons (smilies) as images"), 1-intval($nosmile), '', $yes_no),
'$manual_update' => array('manual_update', t('Manual conversation updates'), channel_manual_conv_update(local_channel()), t('Default is automatic, which may increase screen jumping'), $yes_no),
'$title_tosource' => array('title_tosource', t("Link post titles to source"), $title_tosource, '', $yes_no),
'$layout_editor' => t('System Page Layout Editor - (advanced)'),
'$theme_config' => $theme_config,
@ -237,4 +240,4 @@ class Display {
}
}

2
Zotlabs/Module/Settings/Featured.php
View File

@ -19,7 +19,7 @@ class Featured {
$o = '';
$r = q("SELECT * FROM `hook` WHERE `hook` = 'feature_settings' ");
$r = q("SELECT * FROM hook WHERE hook = 'feature_settings' ");
if(! $r)
$settings_addons = t('No feature settings configured');

2
Zotlabs/Module/Settings/Tokens.php
View File

@ -115,6 +115,7 @@ class Tokens {
$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
$global_perms = \Zotlabs\Access\Permissions::Perms();
$their_perms = [];
$existing = get_all_perms(local_channel(),(($atoken_xchan) ? $atoken_xchan : ''));
@ -123,7 +124,6 @@ class Tokens {
intval(local_channel()),
dbesc($atoken_xchan)
);
$their_perms = array();
if($theirs) {
foreach($theirs as $t) {
$their_perms[$t['k']] = $t['v'];

294
Zotlabs/Module/Setup.php
View File

@ -1,9 +1,9 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/setup.php
* @file Zotlabs/Module/Setup.php
*
* Controller for the initial setup/installation.
* @brief Controller for the initial setup/installation.
*
* @todo This setup module could need some love and improvements.
*/
@ -13,51 +13,50 @@ namespace Zotlabs\Module;
* @brief Initialisation for the setup module.
*
*/
class Setup extends \Zotlabs\Web\Controller {
private static $install_wizard_pass = 1;
/**
* {@inheritDoc}
* @see \\Zotlabs\\Web\\Controller::init()
*/
function init() {
// Ensure that if somebody hasn't read the install documentation and doesn't have all
// the required modules or has a totally borked shared hosting provider and they can't
// figure out what the hell is going on - that we at least spit out an error message which
// we can inquire about when they write to tell us that our software doesn't work.
// The worst thing we can do at this point is throw a white screen of death and rely on
// them knowing about servers and php modules and logfiles enough so that we can guess
// at the source of the problem. As ugly as it may be, we need to throw a technically worded
// PHP error message in their face. Once installation is complete application errors will
// throw a white screen because these error messages divulge information which can
// potentially be useful to hackers.
error_reporting(E_ERROR | E_WARNING | E_PARSE );
ini_set('log_errors', '0');
ini_set('display_errors', '1');
// $baseurl/setup/testrwrite to test if rewite in .htaccess is working
if (argc() == 2 && argv(1) == "testrewrite") {
echo 'ok';
killme();
}
if (x($_POST, 'pass')) {
$this->install_wizard_pass = intval($_POST['pass']);
}
else {
} else {
$this->install_wizard_pass = 1;
}
}
/**
* @brief Handle the actions of the different setup steps.
*
*/
function post() {
switch($this->install_wizard_pass) {
case 1:
case 2:
@ -77,15 +76,15 @@ class Setup extends \Zotlabs\Web\Controller {
$server_role = trim($_POST['server_role']);
if(! $server_role)
$server_role = 'standard';
// $siteurl should not have a trailing slash
$siteurl = rtrim($siteurl,'/');
require_once('include/dba/dba_driver.php');
$db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
if(! \DBA::$dba->connected) {
echo 'Database Connect failed: ' . \DBA::$dba->error;
killme();
@ -107,7 +106,7 @@ class Setup extends \Zotlabs\Web\Controller {
$server_role = trim($_POST['server_role']);
if(! $server_role)
$server_role = 'standard';
if($siteurl != z_root()) {
$test = z_fetch_url($siteurl."/setup/testrewrite");
if((! $test['success']) || ($test['body'] != 'ok')) {
@ -116,7 +115,7 @@ class Setup extends \Zotlabs\Web\Controller {
return;
}
}
if(! \DBA::$dba->connected) {
// connect to db
$db = \DBA::dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
@ -126,7 +125,7 @@ class Setup extends \Zotlabs\Web\Controller {
echo 'CRITICAL: DB not connected.';
killme();
}
$tpl = get_intltext_template('htconfig.tpl');
$txt = replace_macros($tpl,array(
'$dbhost' => $dbhost,
@ -142,33 +141,26 @@ class Setup extends \Zotlabs\Web\Controller {
'$phpath' => $phpath,
'$adminmail' => $adminmail
));
$result = file_put_contents('.htconfig.php', $txt);
if(! $result) {
\App::$data['txt'] = $txt;
}
$errors = $this->load_database($db);
if($errors)
\App::$data['db_failed'] = $errors;
else
\App::$data['db_installed'] = true;
return;
// implied break;
default:
break;
}
}
function get_db_errno() {
if(class_exists('mysqli'))
return mysqli_connect_errno();
else
return mysql_errno();
}
/**
* @brief Get output for the setup page.
*
@ -178,11 +170,11 @@ class Setup extends \Zotlabs\Web\Controller {
*/
function get() {
$o = '';
$wizard_status = '';
$install_title = t('$Projectname Server - Setup');
if(x(\App::$data, 'db_conn_failed')) {
$this->install_wizard_pass = 2;
$wizard_status = t('Could not connect to database.');
@ -193,7 +185,7 @@ class Setup extends \Zotlabs\Web\Controller {
if(\App::$data['url_error'])
$wizard_status .= ' ' . \App::$data['url_error'];
}
if(x(\App::$data, 'db_create_failed')) {
$this->install_wizard_pass = 2;
$wizard_status = t('Could not create table.');
@ -211,7 +203,7 @@ class Setup extends \Zotlabs\Web\Controller {
$db_return_text .= $txt;
}
if(\DBA::$dba && \DBA::$dba->connected) {
$r = q("SELECT COUNT(*) as `total` FROM `account`");
$r = q("SELECT COUNT(*) as total FROM account");
if($r && count($r) && $r[0]['total']) {
$tpl = get_markup_template('install.tpl');
return replace_macros($tpl, array(
@ -222,11 +214,11 @@ class Setup extends \Zotlabs\Web\Controller {
));
}
}
if(x(\App::$data, 'txt') && strlen(\App::$data['txt'])) {
$db_return_text .= $this->manual_config($a);
}
if ($db_return_text != "") {
$tpl = get_markup_template('install.tpl');
return replace_macros($tpl, array(
@ -235,33 +227,33 @@ class Setup extends \Zotlabs\Web\Controller {
'$text' => $db_return_text . $this->what_next(),
));
}
switch ($this->install_wizard_pass){
case 1: { // System check
$checks = array();
$this->check_funcs($checks);
$this->check_htconfig($checks);
$this->check_store($checks);
$this->check_smarty3($checks);
$this->check_keys($checks);
if (x($_POST, 'phpath'))
$phpath = notags(trim($_POST['phpath']));
$this->check_php($phpath, $checks);
$this->check_phpconfig($checks);
$this->check_htaccess($checks);
$checkspassed = array_reduce($checks, "self::check_passed", true);
$tpl = get_markup_template('install_checks.tpl');
$o .= replace_macros($tpl, array(
'$title' => $install_title,
@ -276,9 +268,9 @@ class Setup extends \Zotlabs\Web\Controller {
));
return $o;
}; break;
case 2: { // Database config
$dbhost = ((x($_POST,'dbhost')) ? trim($_POST['dbhost']) : '127.0.0.1');
$dbuser = trim($_POST['dbuser']);
$dbport = intval(trim($_POST['dbport']));
@ -288,7 +280,7 @@ class Setup extends \Zotlabs\Web\Controller {
$phpath = trim($_POST['phpath']);
$adminmail = trim($_POST['adminmail']);
$siteurl = trim($_POST['siteurl']);
$tpl = get_markup_template('install_db.tpl');
$o .= replace_macros($tpl, array(
'$title' => $install_title,
@ -296,24 +288,24 @@ class Setup extends \Zotlabs\Web\Controller {
'$info_01' => t('In order to install $Projectname we need to know how to connect to your database.'),
'$info_02' => t('Please contact your hosting provider or site administrator if you have questions about these settings.'),
'$info_03' => t('The database you specify below should already exist. If it does not, please create it before continuing.'),
'$status' => $wizard_status,
'$dbhost' => array('dbhost', t('Database Server Name'), $dbhost, t('Default is 127.0.0.1')),
'$dbport' => array('dbport', t('Database Port'), $dbport, t('Communication port number - use 0 for default')),
'$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''),
'$dbpass' => array('dbpass', t('Database Login Password'), $dbpass, ''),
'$dbdata' => array('dbdata', t('Database Name'), $dbdata, ''),
'$dbtype' => array('dbtype', t('Database Type'), $dbtype, '', array( 0=>'MySQL', 1=>'PostgreSQL' )),
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
'$lbl_10' => t('Please select a default timezone for your website'),
'$baseurl' => z_root(),
'$phpath' => $phpath,
'$submit' => t('Submit'),
));
return $o;
@ -327,11 +319,11 @@ class Setup extends \Zotlabs\Web\Controller {
$dbdata = trim($_POST['dbdata']);
$dbtype = intval(trim($_POST['dbtype']));
$phpath = trim($_POST['phpath']);
$adminmail = trim($_POST['adminmail']);
$siteurl = trim($_POST['siteurl']);
$timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles');
$server_roles = [
'basic' => t('Basic/Minimal Social Networking'),
'standard' => t('Standard Configuration (default)'),
@ -343,7 +335,7 @@ class Setup extends \Zotlabs\Web\Controller {
'$title' => $install_title,
'$pass' => t('Site settings'),
'$status' => $wizard_status,
'$dbhost' => $dbhost,
'$dbport' => $dbport,
'$dbuser' => $dbuser,
@ -351,24 +343,24 @@ class Setup extends \Zotlabs\Web\Controller {
'$dbdata' => $dbdata,
'$phpath' => $phpath,
'$dbtype' => $dbtype,
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
'$server_role' => array('server_role', t("Server Configuration/Role"), 'standard','',$server_roles),
'$server_role' => array('server_role', t("Server Configuration/Role"), 'standard','',$server_roles),
'$timezone' => array('timezone', t('Please select a default timezone for your website'), $timezone, '', get_timezones()),
'$baseurl' => z_root(),
'$submit' => t('Submit'),
));
return $o;
}; break;
}
}
/**
* @brief Add a check result to the array for output.
*
@ -376,7 +368,7 @@ class Setup extends \Zotlabs\Web\Controller {
* @param string $title a title for the check
* @param boolean $status
* @param boolean $required
* @param[optional] string $help optional help string
* @param string $help optional help string
*/
function check_add(&$checks, $title, $status, $required, $help = '') {
$checks[] = array(
@ -386,7 +378,7 @@ class Setup extends \Zotlabs\Web\Controller {
'help' => $help
);
}
/**
* @brief Checks the PHP environment.
*
@ -395,7 +387,7 @@ class Setup extends \Zotlabs\Web\Controller {
*/
function check_php(&$phpath, &$checks) {
$help = '';
if(version_compare(PHP_VERSION, '5.5') < 0) {
$help .= t('PHP version 5.5 or greater is required.');
$this->check_add($checks, t('PHP version'), false, false, $help);
@ -403,15 +395,16 @@ class Setup extends \Zotlabs\Web\Controller {
if (strlen($phpath)) {
$passed = file_exists($phpath);
} else {
}
elseif(function_exists('shell_exec')) {
if(is_windows())
$phpath = trim(shell_exec('where php'));
else
$phpath = trim(shell_exec('which php'));
$passed = strlen($phpath);
}
if(!$passed) {
$help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL;
$help .= t('If you don\'t have a command line version of PHP installed on server, you will not be able to run background polling via cron.') . EOL;
@ -422,24 +415,28 @@ class Setup extends \Zotlabs\Web\Controller {
));
$phpath = '';
}
$this->check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help);
if($passed) {
$str = autoname(8);
$cmd = "$phpath install/testargs.php $str";
$result = trim(shell_exec($cmd));
$passed2 = $result == $str;
$help = '';
if(function_exists('shell_exec'))
$result = trim(shell_exec($cmd));
else
$help .= t('Unable to check command line PHP, as shell_exec() is disabled. This is required.') . EOL;
$passed2 = (($result == $str) ? true : false);
if(!$passed2) {
$help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL;
$help .= t('This is required for message delivery to work.');
}
$this->check_add($checks, t('PHP register_argc_argv'), $passed, true, $help);
}
}
/**
* @brief Some PHP configuration checks.
*
@ -450,20 +447,20 @@ class Setup extends \Zotlabs\Web\Controller {
*/
function check_phpconfig(&$checks) {
require_once 'include/environment.php';
$help = '';
$result = getPhpiniUploadLimits();
$help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'),
userReadableSize($result['post_max_size']),
userReadableSize($result['max_upload_filesize']),
$result['max_file_uploads']
);
$help .= '<br>' . t('You can adjust these settings in the servers php.ini.');
$help .= '<br>' . t('You can adjust these settings in the server php.ini file.');
$this->check_add($checks, t('PHP upload limits'), true, false, $help);
}
/**
* @brief Check if the openssl implementation can generate keys.
*
@ -472,7 +469,7 @@ class Setup extends \Zotlabs\Web\Controller {
function check_keys(&$checks) {
$help = '';
$res = false;
if (function_exists('openssl_pkey_new')) {
$res = openssl_pkey_new(array(
'digest_alg' => 'sha1',
@ -480,17 +477,17 @@ class Setup extends \Zotlabs\Web\Controller {
'encrypt_key' => false)
);
}
// Get private key
if (! $res) {
$help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL;
$help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".');
}
$this->check_add($checks, t('Generate encryption keys'), $res, true, $help);
}
/**
* @brief Check for some PHP functions and modules.
*
@ -498,15 +495,15 @@ class Setup extends \Zotlabs\Web\Controller {
*/
function check_funcs(&$checks) {
$ck_funcs = array();
// add check metadata, the real check is done bit later and return values set
$this->check_add($ck_funcs, t('libCurl PHP module'), true, true);
$this->check_add($ck_funcs, t('GD graphics PHP module'), true, true);
$this->check_add($ck_funcs, t('OpenSSL PHP module'), true, true);
$this->check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true);
$this->check_add($ck_funcs, t('PDO database PHP module'), true, true);
$this->check_add($ck_funcs, t('mb_string PHP module'), true, true);
$this->check_add($ck_funcs, t('xml PHP module'), true, true);
if(function_exists('apache_get_modules')){
if (! in_array('mod_rewrite', apache_get_modules())) {
$this->check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.'));
@ -514,13 +511,19 @@ class Setup extends \Zotlabs\Web\Controller {
$this->check_add($ck_funcs, t('Apache mod_rewrite module'), true, true);
}
}
if((! function_exists('proc_open')) || strstr(ini_get('disable_functions'),'proc_open')) {
$this->check_add($ck_funcs, t('proc_open'), false, true, t('Error: proc_open is required but is either not installed or has been disabled in php.ini'));
if((! function_exists('exec')) || strstr(ini_get('disable_functions'),'exec')) {
$this->check_add($ck_funcs, t('exec'), false, true, t('Error: exec is required but is either not installed or has been disabled in php.ini'));
}
else {
$this->check_add($ck_funcs, t('proc_open'), true, true);
$this->check_add($ck_funcs, t('exec'), true, true);
}
if((! function_exists('shell_exec')) || strstr(ini_get('disable_functions'),'shell_exec')) {
$this->check_add($ck_funcs, t('shell_exec'), false, true, t('Error: shell_exec is required but is either not installed or has been disabled in php.ini'));
}
else {
$this->check_add($ck_funcs, t('shell_exec'), true, true);
}
if(! function_exists('curl_init')) {
$ck_funcs[0]['status'] = false;
$ck_funcs[0]['help'] = t('Error: libCURL PHP module required but not installed.');
@ -533,9 +536,9 @@ class Setup extends \Zotlabs\Web\Controller {
$ck_funcs[2]['status'] = false;
$ck_funcs[2]['help'] = t('Error: openssl PHP module required but not installed.');
}
if(! function_exists('mysqli_connect') && !function_exists('pg_connect')) {
if(! class_exists('PDO')) {
$ck_funcs[3]['status'] = false;
$ck_funcs[3]['help'] = t('Error: mysqli or postgres PHP module required but neither are installed.');
$ck_funcs[3]['help'] = t('Error: PDO database PHP module required but not installed.');
}
if(! function_exists('mb_strlen')) {
$ck_funcs[4]['status'] = false;
@ -545,10 +548,10 @@ class Setup extends \Zotlabs\Web\Controller {
$ck_funcs[6]['status'] = false;
$ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.');
}
$checks = array_merge($checks, $ck_funcs);
}
/**
* @brief Check for .htconfig requirements.
*
@ -557,7 +560,7 @@ class Setup extends \Zotlabs\Web\Controller {
function check_htconfig(&$checks) {
$status = true;
$help = '';
if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
(!file_exists('.htconfig.php') && !is_writable('.')) ) {
$status = false;
@ -566,10 +569,10 @@ class Setup extends \Zotlabs\Web\Controller {
$help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
$help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
}
$this->check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
}
/**
* @brief Checks for our templating engine Smarty3 requirements.
*
@ -578,18 +581,18 @@ class Setup extends \Zotlabs\Web\Controller {
function check_smarty3(&$checks) {
$status = true;
$help = '';
if(! is_writable(TEMPLATE_BUILD_PATH) ) {
$status = false;
$help = t('Red uses the Smarty3 template engine to render its web views. Smarty3 compiles templates to PHP to speed up rendering.') .EOL;
$help = t('This software uses the Smarty3 template engine to render its web views. Smarty3 compiles templates to PHP to speed up rendering.') .EOL;
$help .= sprintf( t('In order to store these compiled templates, the web server needs to have write access to the directory %s under the top level web folder.'), TEMPLATE_BUILD_PATH) . EOL;
$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
$help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL;
}
$this->check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help);
}
/**
* @brief Check for store directory.
*
@ -598,18 +601,18 @@ class Setup extends \Zotlabs\Web\Controller {
function check_store(&$checks) {
$status = true;
$help = '';
@os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true);
if(! is_writable('store')) {
$status = false;
$help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
$help = t('This software uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the top level web folder') . EOL;
$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
}
$this->check_add($checks, t('store is writable'), $status, true, $help);
}
/**
* @brief Check URL rewrite und SSL certificate.
*
@ -620,9 +623,9 @@ class Setup extends \Zotlabs\Web\Controller {
$status = true;
$help = '';
$ssl_error = false;
$url = z_root() . '/setup/testrewrite';
if (function_exists('curl_init')){
$test = z_fetch_url($url);
if(! $test['success']) {
@ -638,7 +641,7 @@ class Setup extends \Zotlabs\Web\Controller {
$ssl_error = true;
}
}
if($ssl_error) {
$help = t('SSL certificate cannot be validated. Fix certificate or disable https access to this site.') . EOL;
$help .= t('If you have https access to your website or allow connections to TCP port 443 (the https: port), you MUST use a browser-valid certificate. You MUST NOT use self-signed certificates!') . EOL;
@ -649,31 +652,35 @@ class Setup extends \Zotlabs\Web\Controller {
$help .= t('If you are confident that the certificate is valid and signed by a trusted authority, check to see if you have failed to install an intermediate cert. These are not normally required by browsers, but are required for server-to-server communications.') . EOL;
$this->check_add($checks, t('SSL certificate validation'), false, true, $help);
}
}
if ((! $test['success']) || ($test['body'] != "ok")) {
$status = false;
$help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
}
$this->check_add($checks, t('Url rewrite is working'), $status, true, $help);
} else {
// cannot check modrewrite if libcurl is not installed
}
}
/**
* @brief
*
* @param App &$a
* @return string with paresed HTML
*/
function manual_config(&$a) {
$data = htmlspecialchars(\App::$data['txt'], ENT_COMPAT, 'UTF-8');
$o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
$o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
return $o;
}
function load_database_rem($v, $i){
$l = trim($i);
if (strlen($l)>1 && ($l[0]=="-" || ($l[0]=="/" && $l[1]=="*"))){
@ -682,11 +689,11 @@ class Setup extends \Zotlabs\Web\Controller {
return $v."\n".$i;
}
}
function load_database($db) {
$str = file_get_contents(\DBA::$dba->get_install_script());
$arr = explode(';',$str);
$arr = explode(';', $str);
$errors = false;
foreach($arr as $a) {
if(strlen(trim($a))) {
@ -696,21 +703,25 @@ class Setup extends \Zotlabs\Web\Controller {
}
}
}
return $errors;
}
/**
* @brief
*
* @return string with parsed HTML
*/
function what_next() {
$a = get_app();
// install the standard theme
set_config('system', 'allowed_themes', 'redbasic');
// Set a lenient list of ciphers if using openssl. Other ssl engines
// (e.g. NSS used in RedHat) require different syntax, so hopefully
// the default curl cipher list will work for most sites. If not,
// this can set via config. Many distros are now disabling RC4,
// but many Red sites still use it and are unable to change it.
// but many existing sites still use it and are unable to change it.
// We do not use SSL for encryption, only to protect session cookies.
// z_fetch_url() is also used to import shared links and other content
// so in theory most any cipher could show up and we should do our best
@ -718,15 +729,15 @@ class Setup extends \Zotlabs\Web\Controller {
// weird SSL error which they can't do anything about. This does not affect
// the SSL server, but is only a client negotiation to find something workable.
// Hence it will not make your system susceptible to POODL or other nasties.
$x = curl_version();
if(stristr($x['ssl_version'],'openssl'))
set_config('system','curl_ssl_ciphers','ALL:!eNULL');
// Create a system channel
require_once ('include/channel.php');
create_sys_channel();
$baseurl = z_root();
return
t('<h1>What next</h1>')
@ -737,13 +748,18 @@ class Setup extends \Zotlabs\Web\Controller {
."</p>";
}
/**
* @brief
*
* @param unknown $v
* @param array $c
* @return array
*/
static private function check_passed($v, $c) {
if ($c['required'])
$v = $v && $c['status'];
return $v;
}
}

80
Zotlabs/Module/Siteinfo.php
View File

@ -15,63 +15,33 @@ class Siteinfo extends \Zotlabs\Web\Controller {
function get() {
if(! get_config('system','hidden_version_siteinfo')) {
$version = sprintf( t('Version %s'), \Zotlabs\Lib\System::get_project_version());
if(@is_dir('.git') && function_exists('shell_exec')) {
$commit = @shell_exec('git log -1 --format="%h"');
$tag = \Zotlabs\Lib\System::get_std_version(); // @shell_exec('git describe --tags --abbrev=0');
}
if(! isset($commit) || strlen($commit) > 16)
$commit = '';
}
else {
$version = $commit = '';
}
$siteinfo = replace_macros(get_markup_template('siteinfo.tpl'),
[
'$title' => t('About this site'),
'$sitenametxt' => t('Site Name'),
'$sitename' => \Zotlabs\Lib\System::get_site_name(),
'$headline' => t('Site Information'),
'$site_about' => bbcode(get_config('system','siteinfo')),
'$admin_headline' => t('Administrator'),
'$admin_about' => bbcode(get_config('system','admininfo')),
'$terms' => t('Terms of Service'),
'$prj_header' => t('Software and Project information'),
'$prj_name' => t('This site is powered by $Projectname'),
'$prj_transport' => t('Federated and decentralised networking and identity services provided by Zot'),
'$transport_link' => '<a href="https://zotlabs.com">https://zotlabs.com</a>',
'$prj_version' => ((get_config('system','hidden_version_siteinfo')) ? '' : sprintf( t('Version %s'), \Zotlabs\Lib\System::get_project_version())),
'$prj_linktxt' => t('Project homepage'),
'$prj_srctxt' => t('Developer homepage'),
'$prj_link' => \Zotlabs\Lib\System::get_project_link(),
'$prj_src' => \Zotlabs\Lib\System::get_project_srclink(),
]
);
$plugins_list = implode(', ',visible_plugin_list());
call_hooks('about_hook', $siteinfo);
return $siteinfo;
if($plugins_list)
$plugins_text = t('Installed plugins/addons/apps:');
else
$plugins_text = t('No installed plugins/addons/apps');
$txt = get_config('system','admininfo');
$admininfo = bbcode($txt);
if(file_exists('doc/site_donate.html'))
$donate .= file_get_contents('doc/site_donate.html');
if(function_exists('sys_getloadavg'))
$loadavg = sys_getloadavg();
$o = replace_macros(get_markup_template('siteinfo.tpl'), array(
'$title' => t('$Projectname'),
'$description' => t('This is a hub of $Projectname - a global cooperative network of decentralized privacy enhanced websites.'),
'$version' => $version,
'$tag_txt' => t('Tag: '),
'$tag' => $tag,
'$polled' => t('Last background fetch: '),
'$lastpoll' => get_poller_runtime(),
'$load_average' => t('Current load average: '),
'$loadavg_all' => $loadavg[0] . ', ' . $loadavg[1] . ', ' . $loadavg[2],
'$commit' => $commit,
'$web_location' => t('Running at web location') . ' ' . z_root(),
'$visit' => t('Please visit <a href="http://hubzilla.org">hubzilla.org</a> to learn more about $Projectname.'),
'$bug_text' => t('Bug reports and issues: please visit'),
'$bug_link_url' => 'https://github.com/redmatrix/hubzilla/issues',
'$bug_link_text' => t('$projectname issues'),
'$contact' => t('Suggestions, praise, etc. - please email "redmatrix" at librelist - dot com'),
'$donate' => $donate,
'$adminlabel' => t('Site Administrators'),
'$admininfo' => $admininfo,
'$plugins_text' => $plugins_text,
'$plugins_list' => $plugins_list
));
call_hooks('about_hook', $o);
return $o;
}
}

105
Zotlabs/Module/Snap.php Normal file
View File

@ -0,0 +1,105 @@
<?php
namespace Zotlabs\Module;
/**
* @brief Initialize Hubzilla's cloud (SabreDAV).
*
* Module for accessing the DAV storage area from a DAV client.
*/
use \Sabre\DAV as SDAV;
use \Zotlabs\Storage;
// composer autoloader for SabreDAV
require_once('vendor/autoload.php');
/**
* @brief Fires up the SabreDAV server.
*
* @param App &$a
*/
class Snap extends \Zotlabs\Web\Controller {
function init() {
// workaround for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
if(strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
if(strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (! is_dir('store'))
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
$which = null;
if (argc() > 1)
$which = argv(1);
$profile = 0;
if($which)
profile_load( $which, $profile);
else
killme();
if($_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_USER'] !== $which)
killme();
if(local_channel()) {
$c = \App::get_channel();
if($c && $c['channel_address'] !== $which)
killme();
}
if(! in_array(strtolower($_SERVER['REQUEST_METHOD']),['propfind','get','head']))
killme();
$auth = new \Zotlabs\Storage\BasicAuth();
$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
$rootDirectory = new SDAV\FS\Directory("store");
// The server object is responsible for making sense out of the WebDAV protocol
$server = new SDAV\Server($rootDirectory);
$authPlugin = new \Sabre\DAV\Auth\Plugin($auth);
$server->addPlugin($authPlugin);
// If your server is not on your webroot, make sure the following line has the
// correct information
$server->setBaseUri('/snap');
// The lock manager is reponsible for making sure users don't overwrite
// each others changes.
$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
$server->addPlugin($lockPlugin);
// This ensures that we get a pretty index in the browser, but it is
// optional.
// $server->addPlugin(new SDAV\Browser\Plugin());
// All we need to do now, is to fire up the server
$server->exec();
killme();
}
}

19
Zotlabs/Module/Sslify.php
View File

@ -10,21 +10,16 @@ class Sslify extends \Zotlabs\Web\Controller {
$h = explode("\n",$x['header']);
foreach ($h as $l) {
list($k,$v) = array_map("trim", explode(":", trim($l), 2));
$hdrs[$k] = $v;
$hdrs[strtolower($k)] = $v;
}
if (array_key_exists('Content-Type', $hdrs))
$type = $hdrs['Content-Type'];
header('Content-Type: ' . $type);
if (array_key_exists('content-type', $hdrs)) {
$type = $hdrs['content-type'];
header('Content-Type: ' . $type);
}
echo $x['body'];
killme();
}
killme();
// for some reason when this fallback is in place - it gets triggered
// often, (creating mixed content exceptions) even though there is
// nothing obvious missing on the page when we bypass it.
goaway($_REQUEST['url']);
}
}
}

6
Zotlabs/Module/Tagrm.php
View File

@ -18,7 +18,7 @@ class Tagrm extends \Zotlabs\Web\Controller {
$tag = ((x($_POST,'tag')) ? trim($_POST['tag']) : '');
$item = ((x($_POST,'item')) ? intval($_POST['item']) : 0 );
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = %d AND uid = %d LIMIT 1",
intval($item),
intval(local_channel())
);
@ -67,7 +67,7 @@ class Tagrm extends \Zotlabs\Web\Controller {
$item = intval(argv(2));
$tag = argv(3);
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = %d AND uid = %d LIMIT 1",
intval($item),
intval(local_channel())
);
@ -107,7 +107,7 @@ class Tagrm extends \Zotlabs\Web\Controller {
$item = intval(argv(2));
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM item WHERE id = %d AND uid = %d LIMIT 1",
intval($item),
intval(local_channel())
);

2
Zotlabs/Module/Tasks.php
View File

@ -45,7 +45,7 @@ class Tasks extends \Zotlabs\Web\Controller {
if((argc() > 2) && (argv(1) === 'complete') && intval(argv(2))) {
$ret = array('success' => false);
$r = q("select * from event where `etype` = 'task' and uid = %d and id = %d limit 1",
$r = q("select * from event where etype = 'task' and uid = %d and id = %d limit 1",
intval(local_channel()),
intval(argv(2))
);

158
Zotlabs/Module/Thing.php
View File

@ -1,10 +1,10 @@
<?php
namespace Zotlabs\Module;
/**
* @file mod/thing.php
* @brief
* @file Zotlabs/Module/Thing.php
*/
namespace Zotlabs\Module;
require_once('include/items.php');
require_once('include/security.php');
require_once('include/selectors.php');
@ -14,72 +14,72 @@ require_once('include/acl_selectors.php');
class Thing extends \Zotlabs\Web\Controller {
function init() {
if(! local_channel())
return;
$channel = \App::get_channel();
$term_hash = (($_REQUEST['term_hash']) ? $_REQUEST['term_hash'] : '');
$name = escape_tags($_REQUEST['term']);
$verb = escape_tags($_REQUEST['verb']);
$activity = intval($_REQUEST['activity']);
$profile_guid = escape_tags($_REQUEST['profile_assign']);
$url = $_REQUEST['url'];
$photo = $_REQUEST['img'];
$hash = random_string();
$verbs = obj_verbs();
/**
* verbs: [0] = first person singular, e.g. "I want", [1] = 3rd person singular, e.g. "Bill wants"
* verbs: [0] = first person singular, e.g. "I want", [1] = 3rd person singular, e.g. "Bill wants"
* We use the first person form when creating an activity, but the third person for use in activities
* @FIXME There is no accounting for verb gender for languages where this is significant. We may eventually
* require obj_verbs() to provide full conjugations and specify which form to use in the $_REQUEST params to this module.
*/
$translated_verb = $verbs[$verb][1];
/*
* The site administrator can do things that normals cannot.
* This is restricted because it will likely cause
* an activitystreams protocol violation and the activity might
* choke in some other network and result in unnecessary
* choke in some other network and result in unnecessary
* support requests. It isn't because we're trying to be heavy-handed
* about what you can and can't do.
* about what you can and can't do.
*/
if(! $translated_verb) {
if(is_site_admin())
$translated_verb = $verb;
}
/*
* Things, objects: We do not provide definite (a, an) or indefinite (the) articles or singular/plural designators
* That needs to be specified in your thing. e.g. Mike has "a carrot", Greg wants "balls", Bob likes "the Boston Red Sox".
* That needs to be specified in your thing. e.g. Mike has "a carrot", Greg wants "balls", Bob likes "the Boston Red Sox".
*/
/*
* Future work on this module might produce more complex activities with targets, e.g. Phillip likes Karen's moustache
* and to describe other non-thing objects like channels, such as Karl wants Susan - where Susan represents a channel profile.
*/
if((! $name) || (! $translated_verb))
return;
$acl = new \Zotlabs\Access\AccessList($channel);
if(array_key_exists('contact_allow',$_REQUEST)
|| array_key_exists('group_allow',$_REQUEST)
|| array_key_exists('contact_deny',$_REQUEST)
|| array_key_exists('group_deny',$_REQUEST)) {
$acl->set_from_array($_REQUEST);
}
$x = $acl->get();
if($term_hash) {
$t = q("select * from obj where obj_obj = '%s' and obj_channel = %d limit 1",
dbesc($term_hash),
@ -97,7 +97,7 @@ class Thing extends \Zotlabs\Web\Controller {
}
else
$local_photo = $orig_record['obj_imgurl'];
$r = q("update obj set obj_term = '%s', obj_url = '%s', obj_imgurl = '%s', obj_edited = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where obj_obj = '%s' and obj_channel = %d ",
dbesc($name),
dbesc(($url) ? $url : z_root() . '/thing/' . $term_hash),
@ -110,9 +110,9 @@ class Thing extends \Zotlabs\Web\Controller {
dbesc($term_hash),
intval(local_channel())
);
info( t('Thing updated') . EOL);
$r = q("select * from obj where obj_channel = %d and obj_obj = '%s' limit 1",
intval(local_channel()),
dbesc($term_hash)
@ -120,31 +120,31 @@ class Thing extends \Zotlabs\Web\Controller {
if($r) {
build_sync_packet(0, array('obj' => $r));
}
return;
}
$sql = (($profile_guid) ? " and profile_guid = '" . dbesc($profile_guid) . "' " : " and is_default = 1 ");
$p = q("select profile_guid, is_default from profile where uid = %d $sql limit 1",
intval(local_channel())
);
if($p)
$profile = $p[0];
else
return;
$local_photo = null;
if($photo) {
$arr = import_xchan_photo($photo,get_observer_hash(),true);
$local_photo = $arr[0];
$local_photo_type = $arr[3];
}
$created = datetime_convert();
$url = (($url) ? $url : z_root() . '/thing/' . $hash);
$r = q("insert into obj ( obj_page, obj_verb, obj_type, obj_channel, obj_obj, obj_term, obj_url, obj_imgurl, obj_created, obj_edited, allow_cid, allow_gid, deny_cid, deny_gid ) values ('%s','%s', %d, %d, '%s','%s','%s','%s','%s','%s','%s','%s','%s','%s') ",
dbesc($profile['profile_guid']),
dbesc($verb),
@ -161,14 +161,14 @@ class Thing extends \Zotlabs\Web\Controller {
dbesc($x['deny_cid']),
dbesc($x['deny_gid'])
);
if(! $r) {
notice( t('Object store: failed'));
return;
}
info( t('Thing added'));
$r = q("select * from obj where obj_channel = %d and obj_obj = '%s' limit 1",
intval(local_channel()),
dbesc($hash)
@ -176,15 +176,15 @@ class Thing extends \Zotlabs\Web\Controller {
if($r) {
build_sync_packet(0, array('obj' => $r));
}
if($activity) {
$arr = array();
$links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $url));
if($local_photo)
$links[] = array('rel' => 'photo', 'type' => $local_photo_type, 'href' => $local_photo);
$objtype = ACTIVITY_OBJ_THING;
$obj = json_encode(array(
'type' => $objtype,
'id' => $url,
@ -192,28 +192,28 @@ class Thing extends \Zotlabs\Web\Controller {
'title' => $name,
'content' => $name
));
$bodyverb = str_replace('OBJ: ', '',t('OBJ: %1$s %2$s %3$s'));
$arr['owner_xchan'] = $channel['channel_hash'];
$arr['author_xchan'] = $channel['channel_hash'];
$arr['item_origin'] = 1;
$arr['item_wall'] = 1;
$arr['item_thread_top'] = 1;
$ulink = '[zrl=' . $channel['xchan_url'] . ']' . $channel['channel_name'] . '[/zrl]';
$plink = '[zrl=' . $url . ']' . $name . '[/zrl]';
$arr['body'] = sprintf( $bodyverb, $ulink, $translated_verb, $plink );
if($local_photo)
$arr['body'] .= "\n\n[zmg]" . $local_photo . "[/zmg]";
$arr['verb'] = $verb;
$arr['obj_type'] = $objtype;
$arr['obj'] = $obj;
if(! $profile['is_default']) {
$arr['item_private'] = true;
$str = '';
@ -229,37 +229,37 @@ class Thing extends \Zotlabs\Web\Controller {
else
$arr['allow_cid'] = '<' . get_observer_hash() . '>';
}
$ret = post_activity_item($arr);
}
}
function get() {
// @FIXME one problem with things is we can't share them unless we provide the channel in the url
// so we can definitively lookup the owner.
// so we can definitively lookup the owner.
if(argc() == 2) {
$r = q("select obj_channel from obj where obj_type = %d and obj_obj = '%s' limit 1",
intval(TERM_OBJ_THING),
dbesc(argv(1))
);
if($r)
if($r)
$sql_extra = permissions_sql($r[0]['obj_channel']);
$r = q("select * from obj where obj_type = %d and obj_obj = '%s' $sql_extra limit 1",
intval(TERM_OBJ_THING),
dbesc(argv(1))
);
if($r) {
return replace_macros(get_markup_template('show_thing.tpl'), array(
'$header' => t('Show Thing'),
'$edit' => t('Edit'),
'$delete' => t('Delete'),
'$canedit' => ((local_channel() && local_channel() == $r[0]['obj_channel']) ? true : false),
'$canedit' => ((local_channel() && local_channel() == $r[0]['obj_channel']) ? true : false),
'$thing' => $r[0] ));
}
else {
@ -267,34 +267,34 @@ class Thing extends \Zotlabs\Web\Controller {
return;
}
}
$channel = \App::get_channel();
if(! (local_channel() && $channel)) {
notice( t('Permission denied.') . EOL);
return;
}
$acl = new \Zotlabs\Access\AccessList($channel);
$channel_acl = $acl->get();
$lockstate = (($acl->is_private()) ? 'lock' : 'unlock');
$thing_hash = '';
if(argc() == 3 && argv(1) === 'edit') {
$thing_hash = argv(2);
$r = q("select * from obj where obj_type = %d and obj_obj = '%s' limit 1",
intval(TERM_OBJ_THING),
dbesc($thing_hash)
);
if((! $r) || ($r[0]['obj_channel'] != local_channel())) {
notice( t('Permission denied.') . EOL);
return '';
}
$o .= replace_macros(get_markup_template('thing_edit.tpl'),array(
'$thing_hdr' => t('Edit Thing'),
'$multiprof' => feature_enabled(local_channel(),'multi_profiles'),
@ -319,36 +319,36 @@ class Thing extends \Zotlabs\Web\Controller {
'$lockstate' => $lockstate,
'$submit' => t('Submit')
));
return $o;
}
if(argc() == 3 && argv(1) === 'drop') {
$thing_hash = argv(2);
$r = q("select * from obj where obj_type = %d and obj_obj = '%s' limit 1",
intval(TERM_OBJ_THING),
dbesc($thing_hash)
);
if((! $r) || ($r[0]['obj_channel'] != local_channel())) {
notice( t('Permission denied.') . EOL);
return '';
}
$x = q("delete from obj where obj_obj = '%s' and obj_type = %d and obj_channel = %d",
dbesc($thing_hash),
intval(TERM_OBJ_THING),
intval(local_channel())
);
$r[0]['obj_deleted'] = 1;
build_sync_packet(0,array('obj' => $r));
return $o;
}
$o .= replace_macros(get_markup_template('thing_input.tpl'),array(
'$thing_hdr' => t('Add Thing to your Profile'),
'$multiprof' => feature_enabled(local_channel(),'multi_profiles'),
@ -369,8 +369,8 @@ class Thing extends \Zotlabs\Web\Controller {
'$lockstate' => $lockstate,
'$submit' => t('Submit')
));
return $o;
}
}

19
Zotlabs/Module/Wall_attach.php
View File

@ -12,15 +12,20 @@ class Wall_attach extends \Zotlabs\Web\Controller {
$using_api = false;
if(\App::$data['api_info'] && array_key_exists('media',$_FILES)) {
if($_REQUEST['api_source'] && array_key_exists('media',$_FILES)) {
$using_api = true;
$user_info = \App::$data['api_info'];
$nick = $user_info['screen_name'];
$channel = get_channel_by_nick($user_info['screen_name']);
}
elseif(argc() > 1)
$channel = get_channel_by_nick(argv(1));
if($using_api) {
require_once('include/api.php');
if(api_user())
$channel = channelx_by_n(api_user());
}
else {
if(argc() > 1)
$channel = channelx_by_nick(argv(1));
}
if(! $channel)
killme();

8
Zotlabs/Module/Wall_upload.php
View File

@ -17,16 +17,14 @@ class Wall_upload extends \Zotlabs\Web\Controller {
if($using_api) {
require_once('include/api.php');
$user_info = api_get_user($a);
$nick = $user_info['screen_name'];
if(api_user())
$channel = channelx_by_n(api_user());
}
else {
if(argc() > 1)
$nick = argv(1);
$channel = channelx_by_nick(argv(1));
}
$channel = (($nick) ? get_channel_by_nick($nick) : false);
if(! $channel) {
if($using_api)
return;

432
Zotlabs/Module/Wiki.php
View File

@ -34,77 +34,134 @@ class Wiki extends \Zotlabs\Web\Controller {
notice( t('Not found') . EOL);
return;
}
$tab = 'wiki';
require_once('include/wiki.php');
require_once('include/acl_selectors.php');
require_once('include/conversation.php');
require_once('include/bbcode.php');
// TODO: Combine the interface configuration into a unified object
// Something like $interface = array('new_page_button' => false, 'new_wiki_button' => false, ...)
$wiki_owner = false;
$showNewWikiButton = false;
$showCommitMsg = false;
$hidePageHistory = false;
$pageHistory = array();
$local_observer = null;
$resource_id = '';
// init() should have forced the URL to redirect to /wiki/channel so assume argc() > 1
$nick = argv(1);
$channel = get_channel_by_nick($nick); // The channel who owns the wikis being viewed
if(! $channel) {
notice('Invalid channel' . EOL);
$owner = channelx_by_nick($nick); // The channel who owns the wikis being viewed
if(! $owner) {
notice( t('Invalid channel') . EOL);
goaway('/' . argv(0));
}
// Determine if the observer is the channel owner so the ACL dialog can be populated
if (local_channel() === intval($channel['channel_id'])) {
$local_observer = \App::get_channel();
if (local_channel() === intval($owner['channel_id'])) {
$wiki_owner = true;
// Obtain the default permission settings of the channel
$channel_acl = array(
'allow_cid' => $local_observer['channel_allow_cid'],
'allow_gid' => $local_observer['channel_allow_gid'],
'deny_cid' => $local_observer['channel_deny_cid'],
'deny_gid' => $local_observer['channel_deny_gid']
$owner_acl = array(
'allow_cid' => $owner['channel_allow_cid'],
'allow_gid' => $owner['channel_allow_gid'],
'deny_cid' => $owner['channel_deny_cid'],
'deny_gid' => $owner['channel_deny_gid']
);
// Initialize the ACL to the channel default permissions
$x = array(
'lockstate' => (( $local_observer['channel_allow_cid'] ||
$local_observer['channel_allow_gid'] ||
$local_observer['channel_deny_cid'] ||
$local_observer['channel_deny_gid'])
'lockstate' => (( $owner['channel_allow_cid'] ||
$owner['channel_allow_gid'] ||
$owner['channel_deny_cid'] ||
$owner['channel_deny_gid'])
? 'lock' : 'unlock'
),
'acl' => populate_acl($channel_acl),
'allow_cid' => acl2json($channel_acl['allow_cid']),
'allow_gid' => acl2json($channel_acl['allow_gid']),
'deny_cid' => acl2json($channel_acl['deny_cid']),
'deny_gid' => acl2json($channel_acl['deny_gid']),
'acl' => populate_acl($owner_acl),
'allow_cid' => acl2json($owner_acl['allow_cid']),
'allow_gid' => acl2json($owner_acl['allow_gid']),
'deny_cid' => acl2json($owner_acl['deny_cid']),
'deny_gid' => acl2json($owner_acl['deny_gid']),
'bang' => ''
);
} else {
// Not the channel owner
$channel_acl = $x = array();
$owner_acl = $x = array();
}
$is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false);
$o = profile_tabs($a, $is_owner, \App::$profile['channel_address']);
// Download a wiki
if((argc() > 3) && (argv(2) === 'download') && (argv(3) === 'wiki')) {
$resource_id = argv(4);
$w = wiki_get_wiki($resource_id);
if(!$w['path']) {
notice(t('Error retrieving wiki') . EOL);
}
$zip_folder_name = random_string(10);
$zip_folderpath = '/tmp/' . $zip_folder_name;
if(!mkdir($zip_folderpath, 0770, false)) {
logger('Error creating zip file export folder: ' . $zip_folderpath, LOGGER_NORMAL);
notice(t('Error creating zip file export folder') . EOL);
}
$zip_filename = $w['urlName'];
$zip_filepath = '/tmp/' . $zip_folder_name . '/' . $zip_filename;
// Generate the zip file
\Zotlabs\Lib\ExtendedZip::zipTree($w['path'], $zip_filepath, \ZipArchive::CREATE);
// Output the file for download
header('Content-disposition: attachment; filename="' . $zip_filename . '.zip"');
header('Content-Type: application/zip');
$success = readfile($zip_filepath);
if(!$success) {
logger('Error downloading wiki: ' . $resource_id);
notice(t('Error downloading wiki: ' . $resource_id) . EOL);
}
// delete temporary files
rrmdir($zip_folderpath);
killme();
}
switch (argc()) {
case 2:
// Configure page template
$wikiheaderName = t('Wiki');
$wikiheaderPage = t('Sandbox');
require_once('library/markdown.php');
$content = t('"# Wiki Sandbox\n\nContent you **edit** and **preview** here *will not be saved*."');
$renderedContent = Markdown(json_decode($content));
$hide_editor = false;
$showPageControls = false;
$showNewWikiButton = $wiki_owner;
$showNewPageButton = false;
$hidePageHistory = true;
$showCommitMsg = false;
$wikis = wiki_list($owner, get_observer_hash());
if ($wikis) {
$o .= replace_macros(get_markup_template('wikilist.tpl'), array(
'$header' => t('Wikis'),
'$channel' => $owner['channel_address'],
'$wikis' => $wikis['wikis'],
// If the observer is the local channel owner, show the wiki controls
'$owner' => ((local_channel() && local_channel() === intval(\App::$profile['uid'])) ? true : false),
'$edit' => t('Edit'),
'$download' => t('Download'),
'$view' => t('View'),
'$create' => t('Create New'),
'$submit' => t('Submit'),
'$wikiName' => array('wikiName', t('Wiki name')),
'$mimeType' => array('mimeType', t('Content type'), '', '', ['text/markdown' => 'Markdown', 'text/bbcode' => 'BB Code']),
'$name' => t('Name'),
'$type' => t('Type'),
'$lockstate' => $x['lockstate'],
'$acl' => $x['acl'],
'$allow_cid' => $x['allow_cid'],
'$allow_gid' => $x['allow_gid'],
'$deny_cid' => $x['deny_cid'],
'$deny_gid' => $x['deny_gid'],
'$notify' => array('postVisible', t('Create a status post for this wiki'), '', '', array(t('No'), t('Yes')))
));
return $o;
}
break;
case 3:
// /wiki/channel/wiki -> No page was specified, so redirect to Home.md
@ -115,20 +172,23 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch the wiki info and determine observer permissions
$wikiUrlName = urlencode(argv(2));
$pageUrlName = urlencode(argv(3));
$w = wiki_exists_by_name($channel['channel_id'], $wikiUrlName);
$w = wiki_exists_by_name($owner['channel_id'], $wikiUrlName);
if(!$w['resource_id']) {
notice('Wiki not found' . EOL);
notice(t('Wiki not found') . EOL);
goaway('/'.argv(0).'/'.argv(1));
return; //not reached
}
$resource_id = $w['resource_id'];
if (!$wiki_owner) {
// Check for observer permissions
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
notice('Permission denied.' . EOL);
notice(t('Permission denied.') . EOL);
goaway('/'.argv(0).'/'.argv(1));
return; //not reached
}
if($perms['write']) {
$wiki_editor = true;
@ -140,69 +200,59 @@ class Wiki extends \Zotlabs\Web\Controller {
}
$wikiheaderName = urldecode($wikiUrlName);
$wikiheaderPage = urldecode($pageUrlName);
$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
$p = wiki_get_page_content(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if(!$p['success']) {
notice('Error retrieving page content' . EOL);
notice(t('Error retrieving page content') . EOL);
goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName);
return; //not reached
}
$content = ($p['content'] !== '' ? htmlspecialchars_decode($p['content'],ENT_COMPAT) : '"# New page\n"');
$mimeType = $p['mimeType'];
$rawContent = (($p['mimeType'] == 'text/bbcode') ? htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT) : htmlspecialchars_decode($p['content'],ENT_COMPAT));
$content = ($p['content'] !== '' ? $rawContent : '"# New page\n"');
// Render the Markdown-formatted page content in HTML
require_once('library/markdown.php');
$html = wiki_generate_toc(purify_html(Markdown(wiki_bbcode(json_decode($content)))));
$renderedContent = wiki_convert_links($html,argv(0).'/'.argv(1).'/'.$wikiUrlName);
$hide_editor = false;
if($mimeType == 'text/bbcode') {
$renderedContent = wiki_convert_links(bbcode($content),argv(0).'/'.argv(1).'/'.$wikiUrlName);
}
else {
require_once('library/markdown.php');
$html = wiki_generate_toc(zidify_text(purify_html(Markdown(wiki_bbcode(json_decode($content))))));
$renderedContent = wiki_convert_links($html,argv(0).'/'.argv(1).'/'.$wikiUrlName);
}
$showPageControls = $wiki_editor;
$showNewWikiButton = $wiki_owner;
$showNewPageButton = $wiki_editor;
$hidePageHistory = false;
$showCommitMsg = true;
$pageHistory = wiki_page_history(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
break;
default: // Strip the extraneous URL components
goaway('/'.argv(0).'/'.argv(1).'/'.$wikiUrlName.'/'.$pageUrlName);
goaway('/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName);
return; //not reached
}
$wikiModalID = random_string(3);
$wikiModal = replace_macros(
get_markup_template('generic_modal.tpl'), array(
'$id' => $wikiModalID,
'$title' => t('Revision Comparison'),
'$ok' => t('Revert'),
'$cancel' => t('Cancel')
)
);
$wikiModal = replace_macros(get_markup_template('generic_modal.tpl'), array(
'$id' => $wikiModalID,
'$title' => t('Revision Comparison'),
'$ok' => (($showPageControls) ? t('Revert') : ''),
'$cancel' => t('Cancel')
));
$is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false);
$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
$o .= replace_macros(get_markup_template('wiki.tpl'),array(
'$wikiheaderName' => $wikiheaderName,
'$wikiheaderPage' => $wikiheaderPage,
'$hideEditor' => $hide_editor,
'$renamePage' => $renamePage,
'$showPageControls' => $showPageControls,
'$showNewWikiButton'=> $showNewWikiButton,
'$showNewPageButton'=> $showNewPageButton,
'$hidePageHistory' => $hidePageHistory,
'$showCommitMsg' => $showCommitMsg,
'$channel' => $channel['channel_address'],
'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
'$tools_label' => 'Page Tools',
'$channel' => $owner['channel_address'],
'$resource_id' => $resource_id,
'$page' => $pageUrlName,
'$lockstate' => $x['lockstate'],
'$acl' => $x['acl'],
'$allow_cid' => $x['allow_cid'],
'$allow_gid' => $x['allow_gid'],
'$deny_cid' => $x['deny_cid'],
'$deny_gid' => $x['deny_gid'],
'$bang' => $x['bang'],
'$mimeType' => $mimeType,
'$content' => $content,
'$renderedContent' => $renderedContent,
'$wikiName' => array('wikiName', t('Enter the name of your new wiki:'), '', ''),
'$pageName' => array('pageName', t('Enter the name of the new page:'), '', ''),
'$pageRename' => array('pageRename', t('Enter the new name:'), '', ''),
'$commitMsg' => array('commitMsg', '', '', '', '', 'placeholder="(optional) Enter a custom message when saving the page..."'),
'$pageHistory' => $pageHistory['history'],
'$pageRename' => array('pageRename', t('New page name'), '', ''),
'$commitMsg' => array('commitMsg', '', '', '', '', 'placeholder="Short description of your changes (optional)"'),
'$wikiModal' => $wikiModal,
'$wikiModalID' => $wikiModalID,
'$commit' => 'HEAD',
@ -212,43 +262,63 @@ class Wiki extends \Zotlabs\Web\Controller {
'$embedPhotosModalOK' => t('OK'),
'$modalchooseimages' => t('Choose images to embed'),
'$modalchoosealbum' => t('Choose an album'),
'$modaldiffalbum' => t('Choose a different album...'),
'$modaldiffalbum' => t('Choose a different album'),
'$modalerrorlist' => t('Error getting album list'),
'$modalerrorlink' => t('Error getting photo link'),
'$modalerroralbum' => t('Error getting album'),
));
head_add_js('library/ace/ace.js'); // Ace Code Editor
if($p['mimeType'] != 'text/bbcode')
head_add_js('library/ace/ace.js'); // Ace Code Editor
return $o;
}
function post() {
require_once('include/wiki.php');
require_once('include/bbcode.php');
$nick = argv(1);
$owner = channelx_by_nick($nick);
$observer_hash = get_observer_hash();
if(! $owner) {
notice( t('Permission denied.') . EOL);
return;
}
// /wiki/channel/preview
// Render mardown-formatted text in HTML for preview
if((argc() > 2) && (argv(2) === 'preview')) {
$content = $_POST['content'];
$resource_id = $_POST['resource_id'];
require_once('library/markdown.php');
$content = wiki_bbcode($content);
$html = wiki_generate_toc(purify_html(Markdown($content)));
$resource_id = $_POST['resource_id'];
$w = wiki_get_wiki($resource_id);
$wikiURL = argv(0).'/'.argv(1).'/'.$w['urlName'];
$html = wiki_convert_links($html,$wikiURL);
$mimeType = $w['mimeType'];
if($mimeType == 'text/bbcode') {
$html = wiki_convert_links(bbcode($content),$wikiURL);
}
else {
require_once('library/markdown.php');
$content = wiki_bbcode($content);
$html = wiki_generate_toc(zidify_text(purify_html(Markdown($content))));
$html = wiki_convert_links($html,$wikiURL);
}
json_return_and_die(array('html' => $html, 'success' => true));
}
// Create a new wiki
// /wiki/channel/create/wiki
if ((argc() > 3) && (argv(2) === 'create') && (argv(3) === 'wiki')) {
$nick = argv(1);
$channel = get_channel_by_nick($nick);
// Determine if observer has permission to create wiki
$observer_hash = get_observer_hash();
// Only the channel owner can create a wiki, at least until we create a
// more detail permissions framework
if (local_channel() !== intval($channel['channel_id'])) {
goaway('/'.argv(0).'/'.$nick.'/');
if (local_channel() !== intval($owner['channel_id'])) {
goaway('/' . argv(0) . '/' . $nick . '/');
}
$wiki = array();
// Generate new wiki info from input name
@ -256,35 +326,37 @@ class Wiki extends \Zotlabs\Web\Controller {
$wiki['rawName'] = $_POST['wikiName'];
$wiki['htmlName'] = escape_tags($_POST['wikiName']);
$wiki['urlName'] = urlencode($_POST['wikiName']);
$wiki['mimeType'] = $_POST['mimeType'];
if($wiki['urlName'] === '') {
notice('Error creating wiki. Invalid name.');
notice( t('Error creating wiki. Invalid name.') . EOL);
goaway('/wiki');
}
// Get ACL for permissions
$acl = new \Zotlabs\Access\AccessList($channel);
$acl = new \Zotlabs\Access\AccessList($owner);
$acl->set_from_array($_POST);
$r = wiki_create_wiki($channel, $observer_hash, $wiki, $acl);
$r = wiki_create_wiki($owner, $observer_hash, $wiki, $acl);
if ($r['success']) {
$homePage = wiki_create_page('Home', $r['item']['resource_id']);
if(!$homePage['success']) {
notice('Wiki created, but error creating Home page.');
notice( t('Wiki created, but error creating Home page.'));
goaway('/wiki/'.$nick.'/'.$wiki['urlName']);
}
goaway('/wiki/'.$nick.'/'.$wiki['urlName'].'/'.$homePage['page']['urlName']);
} else {
notice('Error creating wiki');
notice(t('Error creating wiki'));
goaway('/wiki');
}
}
// Delete a wiki
if ((argc() > 3) && (argv(2) === 'delete') && (argv(3) === 'wiki')) {
$nick = argv(1);
$channel = get_channel_by_nick($nick);
// Only the channel owner can delete a wiki, at least until we create a
// more detail permissions framework
if (local_channel() !== intval($channel['channel_id'])) {
logger('Wiki delete permission denied.' . EOL);
if (local_channel() !== intval($owner['channel_id'])) {
logger('Wiki delete permission denied.');
json_return_and_die(array('message' => 'Wiki delete permission denied.', 'success' => false));
}
$resource_id = $_POST['resource_id'];
@ -297,27 +369,38 @@ class Wiki extends \Zotlabs\Web\Controller {
}
}
// Create a page
if ((argc() === 4) && (argv(2) === 'create') && (argv(3) === 'page')) {
$nick = argv(1);
$resource_id = $_POST['resource_id'];
// Determine if observer has permission to create a page
$channel = get_channel_by_nick($nick);
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$name = $_POST['name']; //Get new page name
if(urlencode(escape_tags($_POST['name'])) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false));
}
$page = wiki_create_page($name, $resource_id);
if ($page['success']) {
json_return_and_die(array('url' => '/'.argv(0).'/'.argv(1).'/'.$page['wiki']['urlName'].'/'.urlencode($page['page']['urlName']), 'success' => true));
$ob = \App::get_observer();
$commit = wiki_git_commit(array(
'commit_msg' => t('New page created'),
'resource_id' => $resource_id,
'observer' => $ob,
'files' => array($page['page']['fileName'])
));
if($commit['success']) {
json_return_and_die(array('url' => '/'.argv(0).'/'.argv(1).'/'.$page['wiki']['urlName'].'/'.$page['page']['urlName'], 'success' => true));
} else {
json_return_and_die(array('message' => 'Error making git commit','url' => '/'.argv(0).'/'.argv(1).'/'.$page['wiki']['urlName'].'/'.urlencode($page['page']['urlName']),'success' => false));
}
} else {
logger('Error creating page');
json_return_and_die(array('message' => 'Error creating page.', 'success' => false));
@ -327,15 +410,13 @@ class Wiki extends \Zotlabs\Web\Controller {
// Fetch page list for a wiki
if ((argc() === 5) && (argv(2) === 'get') && (argv(3) === 'page') && (argv(4) === 'list')) {
$resource_id = $_POST['resource_id']; // resource_id for wiki in db
$channel = get_channel_by_nick(argv(1));
$observer_hash = get_observer_hash();
if (local_channel() !== intval($channel['channel_id'])) {
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));
}
$page_list_html = widget_wiki_pages(array(
'resource_id' => $resource_id,
'refresh' => true,
@ -354,16 +435,12 @@ class Wiki extends \Zotlabs\Web\Controller {
if ($commitMsg === '') {
$commitMsg = 'Updated ' . $pageHtmlName;
}
$nick = argv(1);
$channel = get_channel_by_nick($nick);
// Determine if observer has permission to save content
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$saved = wiki_save_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'content' => $content));
@ -373,7 +450,7 @@ class Wiki extends \Zotlabs\Web\Controller {
'commit_msg' => $commitMsg,
'resource_id' => $resource_id,
'observer' => $ob,
'files' => array($pageUrlName.'.md')
'files' => array($saved['fileName'])
));
if($commit['success']) {
json_return_and_die(array('message' => 'Wiki git repo commit made', 'success' => true));
@ -392,20 +469,19 @@ class Wiki extends \Zotlabs\Web\Controller {
$resource_id = $_POST['resource_id'];
$pageUrlName = $_POST['name'];
$nick = argv(1);
$channel = get_channel_by_nick($nick);
// Determine if observer has permission to read content
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
}
$historyHTML = widget_wiki_page_history(array(
'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName
'resource_id' => $resource_id,
'pageUrlName' => $pageUrlName,
'permsWrite' => $perms['write']
));
json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true));
}
@ -418,16 +494,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Cannot delete Home','success' => false));
}
// Determine if observer has permission to delete pages
$nick = argv(1);
$channel = get_channel_by_nick($nick);
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$deleted = wiki_delete_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($deleted['success']) {
$ob = \App::get_observer();
@ -453,16 +526,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$pageUrlName = $_POST['name'];
$commitHash = $_POST['commitHash'];
// Determine if observer has permission to revert pages
$nick = argv(1);
$channel = get_channel_by_nick($nick);
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied.' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied.' . EOL);
json_return_and_die(array('success' => false));
}
$reverted = wiki_revert_page(array('commitHash' => $commitHash, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($reverted['success']) {
json_return_and_die(array('content' => $reverted['content'], 'message' => '', 'success' => true));
@ -478,16 +548,13 @@ class Wiki extends \Zotlabs\Web\Controller {
$compareCommit = $_POST['compareCommit'];
$currentCommit = $_POST['currentCommit'];
// Determine if observer has permission to revert pages
$nick = argv(1);
$channel = get_channel_by_nick($nick);
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['read']) {
logger('Wiki read permission denied.' . EOL);
json_return_and_die(array('success' => false));
}
$compare = wiki_compare_page(array('currentCommit' => $currentCommit, 'compareCommit' => $compareCommit, 'resource_id' => $resource_id, 'pageUrlName' => $pageUrlName));
if($compare['success']) {
$diffHTML = '<table class="text-center" width="100%"><tr><td class="lead" width="50%">Current Revision</td><td class="lead" width="50%">Selected Revision</td></tr></table>' . $compare['diff'];
@ -509,16 +576,13 @@ class Wiki extends \Zotlabs\Web\Controller {
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
}
// Determine if observer has permission to rename pages
$nick = argv(1);
$channel = get_channel_by_nick($nick);
if (local_channel() !== intval($channel['channel_id'])) {
$observer_hash = get_observer_hash();
$perms = wiki_get_permissions($resource_id, intval($channel['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$perms = wiki_get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
if(!$perms['write']) {
logger('Wiki write permission denied. ' . EOL);
json_return_and_die(array('success' => false));
}
$renamed = wiki_rename_page(array('resource_id' => $resource_id, 'pageUrlName' => $pageUrlName, 'pageNewName' => $pageNewName));
if($renamed['success']) {
$ob = \App::get_observer();
@ -526,7 +590,7 @@ class Wiki extends \Zotlabs\Web\Controller {
'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
'resource_id' => $resource_id,
'observer' => $ob,
'files' => array($pageUrlName . '.md', $renamed['page']['fileName']),
'files' => array($pageUrlName . substr($renamed['page']['fileName'], -3), $renamed['page']['fileName']),
'all' => true
));
if($commit['success']) {
@ -539,7 +603,7 @@ class Wiki extends \Zotlabs\Web\Controller {
}
}
//notice('You must be authenticated.');
//notice( t('You must be authenticated.'));
json_return_and_die(array('message' => 'You must be authenticated.', 'success' => false));
}

32
Zotlabs/Storage/BasicAuth.php
View File

@ -12,7 +12,7 @@ use Sabre\HTTP\ResponseInterface;
* This class also contains some data which is not necessary for authentication
* like timezone settings.
*
* @extends Sabre\DAV\Auth\Backend\AbstractBasic
* @extends \\Sabre\\DAV\\Auth\\Backend\\AbstractBasic
*
* @link http://github.com/friendica/red
* @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
@ -24,37 +24,37 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
*
* It is used for building path in filestorage/.
*
* @var string|null
* @var string|null $channel_name
*/
protected $channel_name = null;
/**
* channel_id of the current channel of the logged-in account.
* @brief channel_id of the current channel of the logged-in account.
*
* @var int
* @var int $channel_id
*/
public $channel_id = 0;
/**
* channel_hash of the current channel of the logged-in account.
* @brief channel_hash of the current channel of the logged-in account.
*
* @var string
* @var string $channel_hash
*/
public $channel_hash = '';
/**
* Set in mod/cloud.php to observer_hash.
* @brief Set in mod/cloud.php to observer_hash.
*
* @var string
* @var string $observer
*/
public $observer = '';
/**
*
* @see Browser::set_writeable()
* @var \Sabre\DAV\Browser\Plugin
* @var \\Sabre\\DAV\\Browser\\Plugin $browser
*/
public $browser;
/**
* channel_id of the current visited path. Set in Directory::getDir().
* @brief channel_id of the current visited path. Set in Directory::getDir().
*
* @var int
* @var int $owner_id
*/
public $owner_id = 0;
/**
@ -62,15 +62,15 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
*
* Used for creating the path in cloud/
*
* @var string
* @var string $owner_nick
*/
public $owner_nick = '';
/**
* Timezone from the visiting channel's channel_timezone.
*
* Used in @ref RedBrowser
* Used in @ref Browser
*
* @var string
* @var string $timezone
*/
protected $timezone = '';
@ -82,7 +82,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
* @brief Validates a username and password.
*
*
* @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass
* @see \\Sabre\\DAV\\Auth\\Backend\\AbstractBasic::validateUserPass
* @param string $username
* @param string $password
* @return bool
@ -211,7 +211,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
*
* If nobody is currently logged in, this method should return null.
*
* @see \Sabre\DAV\Auth\Backend\AbstractBasic::getCurrentUser
* @see \\Sabre\\DAV\\Auth\\Backend\\AbstractBasic::getCurrentUser
* @return string|null
*/
public function getCurrentUser() {

29
Zotlabs/Storage/Browser.php
View File

@ -7,10 +7,10 @@ use Sabre\DAV;
/**
* @brief Provides a DAV frontend for the webbrowser.
*
* RedBrowser is a SabreDAV server-plugin to provide a view to the DAV storage
* Browser is a SabreDAV server-plugin to provide a view to the DAV storage
* for the webbrowser.
*
* @extends \Sabre\DAV\Browser\Plugin
* @extends \\Sabre\\DAV\\Browser\\Plugin
*
* @link http://github.com/friendica/red
* @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
@ -19,13 +19,13 @@ class Browser extends DAV\Browser\Plugin {
/**
* @see set_writeable()
* @see \Sabre\DAV\Auth\Backend\BackendInterface
* @var RedBasicAuth
* @see \\Sabre\\DAV\\Auth\\Backend\\BackendInterface
* @var BasicAuth $auth
*/
private $auth;
/**
* @brief Constructor for RedBrowser class.
* @brief Constructor for Browser class.
*
* $enablePost will be activated through set_writeable() in a later stage.
* At the moment the write_storage permission is only valid for the whole
@ -36,7 +36,7 @@ class Browser extends DAV\Browser\Plugin {
* Disable assets with $enableAssets = false. Should get some thumbnail views
* anyway.
*
* @param RedBasicAuth &$auth
* @param BasicAuth &$auth
*/
public function __construct(&$auth) {
$this->auth = $auth;
@ -95,7 +95,6 @@ class Browser extends DAV\Browser\Plugin {
'{DAV:}getlastmodified',
), 1);
$parent = $this->server->tree->getNodeForPath($path);
$parentpath = array();
@ -263,10 +262,11 @@ class Browser extends DAV\Browser\Plugin {
* @brief Creates a form to add new folders and upload files.
*
* @param \Sabre\DAV\INode $node
* @param string &$output
* @param[in,out] string &$output
* @param string $path
*/
public function htmlActionsPanel(DAV\INode $node, &$output, $path) {
if (! $node instanceof DAV\ICollection)
if(! $node instanceof DAV\ICollection)
return;
// We also know fairly certain that if an object is a non-extended
@ -278,9 +278,9 @@ class Browser extends DAV\Browser\Plugin {
$aclselect = null;
$lockstate = '';
if ($this->auth->owner_id) {
if($this->auth->owner_id) {
$channel = channelx_by_n($this->auth->owner_id);
if ($channel) {
if($channel) {
$acl = new \Zotlabs\Access\AccessList($channel);
$channel_acl = $acl->get();
$lockstate = (($acl->is_private()) ? 'lock' : 'unlock');
@ -295,12 +295,12 @@ class Browser extends DAV\Browser\Plugin {
intval($this->auth->channel_account_id)
);
$used = $r[0]['total'];
if ($used) {
if($used) {
$quotaDesc = t('You are using %1$s of your available file storage.');
$quotaDesc = sprintf($quotaDesc,
userReadableSize($used));
}
if ($limit && $used) {
if($limit && $used) {
$quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s&#37;)');
$quotaDesc = sprintf($quotaDesc,
userReadableSize($used),
@ -355,7 +355,7 @@ class Browser extends DAV\Browser\Plugin {
*
* @param int $owner
* The owner_id
* @param string $hash
* @param string $parentHash
* The parent's folder hash
* @param string $attachName
* The name of the attachment
@ -373,6 +373,7 @@ class Browser extends DAV\Browser\Plugin {
$hash = $rr['hash'];
}
}
return $hash;
}

48
Zotlabs/Storage/Directory.php
View File

@ -9,9 +9,9 @@ use Sabre\DAV;
*
* A class that represents a directory.
*
* @extends \Sabre\DAV\Node
* @implements \Sabre\DAV\ICollection
* @implements \Sabre\DAV\IQuota
* @extends \\Sabre\\DAV\\Node
* @implements \\Sabre\\DAV\\ICollection
* @implements \\Sabre\\DAV\\IQuota
*
* @link http://github.com/friendica/red
* @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
@ -21,7 +21,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
/**
* @brief The path inside /cloud
*
* @var string
* @var string $red_path
*/
private $red_path;
private $folder_hash;
@ -29,7 +29,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
* @brief The full path as seen in the browser.
* /cloud + $red_path
* @todo I think this is not used anywhere, we always strip '/cloud' and only use it in debug
* @var string
* @var string $ext_path
*/
private $ext_path;
private $root_dir = '';
@ -38,7 +38,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
* @brief The real path on the filesystem.
* The actual path in store/ with the hashed names.
*
* @var string
* @var string $os_path
*/
private $os_path = '';
@ -46,7 +46,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
* @brief Sets up the directory node, expects a full path.
*
* @param string $ext_path a full path
* @param RedBasicAuth &$auth_plugin
* @param BasicAuth &$auth_plugin
*/
public function __construct($ext_path, &$auth_plugin) {
// $ext_path = urldecode($ext_path);
@ -55,14 +55,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
// remove "/cloud" from the beginning of the path
$modulename = \App::$module;
$this->red_path = ((strpos($ext_path, '/' . $modulename) === 0) ? substr($ext_path, strlen($modulename) + 1) : $ext_path);
if (! $this->red_path) {
if(! $this->red_path) {
$this->red_path = '/';
}
$this->auth = $auth_plugin;
$this->folder_hash = '';
$this->getDir();
if ($this->auth->browser) {
if($this->auth->browser) {
$this->auth->browser->set_writeable();
}
}
@ -76,8 +76,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
/**
* @brief Returns an array with all the child nodes.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @return array \Sabre\DAV\INode[]
* @throw "\Sabre\DAV\Exception\Forbidden"
* @return array \\Sabre\\DAV\\INode[]
*/
public function getChildren() {
logger('children for ' . $this->ext_path, LOGGER_DATA);
@ -98,8 +98,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
/**
* @brief Returns a child by name.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @throw \Sabre\DAV\Exception\NotFound
* @throw "\Sabre\DAV\Exception\Forbidden"
* @throw "\Sabre\DAV\Exception\NotFound"
* @param string $name
*/
public function getChild($name) {
@ -141,7 +141,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
*
* @todo handle duplicate directory name
*
* @throw \Sabre\DAV\Exception\Forbidden
* @throw "\Sabre\DAV\Exception\Forbidden"
* @param string $name The new name of the directory.
* @return void
*/
@ -186,7 +186,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
* After successful creation of the file, you may choose to return the ETag
* of the new file here.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @throw "\Sabre\DAV\Exception\Forbidden"
* @param string $name Name of the file
* @param resource|string $data Initial payload
* @return null|string ETag
@ -244,8 +244,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
$deny_gid = $c[0]['channel_deny_gid'];
}
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, content, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
$r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, content, created, edited, os_path, display_path, allow_cid, allow_gid, deny_cid, deny_gid )
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($c[0]['channel_account_id']),
intval($c[0]['channel_id']),
dbesc($hash),
@ -260,6 +260,8 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
dbesc($f),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
'', //TODO: use os_path
'', //TODO: use display_path
dbesc($allow_cid),
dbesc($allow_gid),
dbesc($deny_cid),
@ -431,7 +433,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
/**
* @todo add description of what this function does.
*
* @throw \Sabre\DAV\Exception\NotFound
* @throw "\Sabre\DAV\Exception\NotFound"
* @return void
*/
function getDir() {
@ -557,13 +559,13 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
/**
* @brief Array with all Directory and File DAV\Node items for the given path.
* @brief Array with all Directory and File DAV\\Node items for the given path.
*
* @param string $file path to a directory
* @param \Zotlabs\Storage\BasicAuth &$auth
* @returns null|array \Sabre\DAV\INode[]
* @throw \Sabre\DAV\Exception\Forbidden
* @throw \Sabre\DAV\Exception\NotFound
* @returns null|array \\Sabre\\DAV\\INode[]
* @throw "\Sabre\DAV\Exception\Forbidden"
* @throw "\Sabre\DAV\Exception\NotFound"
*/
function CollectionData($file, &$auth) {
$ret = array();
@ -710,7 +712,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
* @param BasicAuth &$auth
* @param boolean $test (optional) enable test mode
* @return File|Directory|boolean|null
* @throw \Sabre\DAV\Exception\Forbidden
* @throw "\Sabre\DAV\Exception\Forbidden"
*/
function FileData($file, &$auth, $test = false) {
logger($file . (($test) ? ' (test mode) ' : ''), LOGGER_DATA);

48
Zotlabs/Storage/File.php
View File

@ -9,8 +9,8 @@ use Sabre\DAV;
*
* It provides all functions to work with files in Red's cloud through DAV protocol.
*
* @extends \Sabre\DAV\Node
* @implements \Sabre\DAV\IFile
* @extends \\Sabre\\DAV\\Node
* @implements \\Sabre\\DAV\\IFile
*
* @link http://github.com/friendica/red
* @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
@ -20,20 +20,20 @@ class File extends DAV\Node implements DAV\IFile {
/**
* The file from attach table.
*
* @var array
* data
* flags
* filename (string)
* filetype (string)
* @var array $data
* * data
* * flags
* * filename (string)
* * filetype (string)
*/
private $data;
/**
* @see \Sabre\DAV\Auth\Backend\BackendInterface
* @var \RedMatrix\RedDAV\RedBasicAuth
* @see \\Sabre\\DAV\\Auth\\Backend\\BackendInterface
* @var \\Zotlabs\\Storage\\BasicAuth $auth
*/
private $auth;
/**
* @var string
* @var string $name
*/
private $name;
@ -65,8 +65,8 @@ class File extends DAV\Node implements DAV\IFile {
/**
* @brief Renames the file.
*
* @throw Sabre\DAV\Exception\Forbidden
* @param string $name The new name of the file.
* @throw "\Sabre\DAV\Exception\Forbidden"
* @param string $newName The new name of the file.
* @return void
*/
public function setName($newName) {
@ -95,7 +95,7 @@ class File extends DAV\Node implements DAV\IFile {
$ch = channelx_by_n($this->auth->owner_id);
if($ch) {
$sync = attach_export_data($ch,$this->data['hash']);
if($sync)
if($sync)
build_sync_packet($ch['channel_id'],array('file' => array($sync)));
}
}
@ -138,7 +138,7 @@ class File extends DAV\Node implements DAV\IFile {
$album = $f1[0]['filename'];
$direct = $f1[0];
}
}
}
$fname = dbunescbin($d[0]['content']);
if(strpos($fname,'store') === false)
$f = 'store/' . $this->auth->owner_nick . '/' . $fname ;
@ -151,11 +151,11 @@ class File extends DAV\Node implements DAV\IFile {
logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
}
$gis = @getimagesize($f);
logger('getimagesize: ' . print_r($gis,true), LOGGER_DATA);
logger('getimagesize: ' . print_r($gis,true), LOGGER_DATA);
if(($gis) && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
$is_photo = 1;
}
}
}
else {
// this shouldn't happen any more
$r = q("UPDATE attach SET content = '%s' WHERE hash = '%s' AND uid = %d",
@ -222,7 +222,7 @@ class File extends DAV\Node implements DAV\IFile {
$sync = attach_export_data($c[0],$this->data['hash']);
if($sync)
if($sync)
build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
}
@ -322,16 +322,16 @@ class File extends DAV\Node implements DAV\IFile {
* This method checks the permissions and then calls attach_delete() function
* to actually remove the file.
*
* @throw \Sabre\DAV\Exception\Forbidden
* @throw "\Sabre\DAV\Exception\Forbidden"
*/
public function delete() {
logger('delete file ' . basename($this->name), LOGGER_DEBUG);
if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
if((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
if ($this->auth->owner_id !== $this->auth->channel_id) {
if($this->auth->owner_id !== $this->auth->channel_id) {
if (($this->auth->observer !== $this->data['creator']) || intval($this->data['is_dir'])) {
throw new DAV\Exception\Forbidden('Permission denied.');
}
@ -340,14 +340,14 @@ class File extends DAV\Node implements DAV\IFile {
if(get_pconfig($this->auth->owner_id,'system','os_delete_prohibit') && \App::$module == 'dav') {
throw new DAV\Exception\Forbidden('Permission denied.');
}
attach_delete($this->auth->owner_id, $this->data['hash']);
$ch = channelx_by_n($this->auth->owner_id);
if($ch) {
$sync = attach_export_data($ch,$this->data['hash'],true);
if($sync)
build_sync_packet($ch['channel_id'],array('file' => array($sync)));
$sync = attach_export_data($ch, $this->data['hash'], true);
if($sync)
build_sync_packet($ch['channel_id'], array('file' => array($sync)));
}
}
}

116
Zotlabs/Web/Router.php
View File

@ -2,51 +2,53 @@
namespace Zotlabs\Web;
/**
*
* We have already parsed the server path into App::$argc and App::$argv
*
* App::$argv[0] is our module name. Let's call it 'foo'. We will load the
* Zotlabs/Module/Foo.php (object) or file mod/foo.php (procedural)
* and use it for handling our URL request to 'https://ourgreatwebsite.something/foo' .
* The module file contains a few functions that we call in various circumstances
* and in the following order:
* @code{.php}
* Object:
* class Foo extends \Zotlabs\Web\Controller {
* function init() { init function }
* function post() { post function }
* function get() { normal page function }
* }
*
* Procedual interface:
* foo_init()
* foo_post() (only called if there are $_POST variables)
* foo_content() - the string return of this function contains our page body
* @endcode
* Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
* so within the module init and/or post functions and then invoke killme() to terminate
* further processing.
*/
class Router {
private $modname = '';
private $controller = null;
/**
* @brief Router constructor
*
* @param[in,out] App &$a
* @throws Exception module not found
*/
function __construct(&$a) {
/**
*
* We have already parsed the server path into App::$argc and App::$argv
*
* App::$argv[0] is our module name. Let's call it 'foo'. We will load the
* Zotlabs/Module/Foo.php (object) or file mod/foo.php (procedural)
* and use it for handling our URL request to 'https://ourgreatwebsite.something/foo' .
* The module file contains a few functions that we call in various circumstances
* and in the following order:
*
* Object:
* class Foo extends Zotlabs\Web\Controller {
* function init() { init function }
* function post() { post function }
* function get() { normal page function }
* }
*
* Procedual interface:
* foo_init()
* foo_post() (only called if there are $_POST variables)
* foo_content() - the string return of this function contains our page body
*
* Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
* so within the module init and/or post functions and then invoke killme() to terminate
* further processing.
*/
$module = \App::$module;
$modname = "Zotlabs\\Module\\" . ucfirst($module);
if(strlen($module)) {
/**
*
/*
* We will always have a module name.
* First see if we have a plugin which is masquerading as a module.
*
*/
if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
@ -66,7 +68,7 @@ class Router {
goaway(z_root());
}
/**
/*
* If the site has a custom module to over-ride the standard module, use it.
* Otherwise, look for the standard program module
*/
@ -101,13 +103,13 @@ class Router {
}
}
}
/**
* This provides a place for plugins to register module handlers which don't otherwise exist
* on the system, or to completely over-ride an existing module.
/*
* This provides a place for plugins to register module handlers which don't otherwise exist
* on the system, or to completely over-ride an existing module.
* If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if
* there is no specific module file or matching plugin name.
* The plugin should catch at least one of the module hooks for this URL.
* The plugin should catch at least one of the module hooks for this URL.
*/
$x = array('module' => $module, 'installed' => \App::$module_loaded, 'controller' => $this->controller);
@ -117,7 +119,7 @@ class Router {
$this->controller = $x['controller'];
}
/**
/*
* The URL provided does not resolve to a valid module.
*
* On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
@ -135,15 +137,21 @@ class Router {
killme();
}
logger("Module {$module} not found.", LOGGER_DEBUG, LOG_WARNING);
if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && \App::$config['system']['dreamhost_error_hack']) {
logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
if((x($_SERVER, 'QUERY_STRING'))
&& ($_SERVER['QUERY_STRING'] === 'q=internal_error.html')
&& \App::$config['system']['dreamhost_error_hack']) {
logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI'],LOGGER_DEBUG);
goaway(z_root() . $_SERVER['REQUEST_URI']);
}
logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
if(get_config('system','log_404',true)) {
logger("Module {$module} not found.", LOGGER_DEBUG, LOG_WARNING);
logger('index.php: page not found: ' . $_SERVER['REQUEST_URI']
. ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: '
. $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
}
header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
$tpl = get_markup_template('404.tpl');
\App::$page['content'] = replace_macros($tpl, array(
'$message' => t('Page not found.')
@ -157,7 +165,11 @@ class Router {
}
}
/**
* @brief
*
* @param[in,out] App &$a
*/
function Dispatch(&$a) {
/**
@ -168,14 +180,14 @@ class Router {
\App::$page['page_title'] = \App::$module;
$placeholder = '';
/**
/*
* No theme has been specified when calling the module_init functions
* For this reason, please restrict the use of templates to those which
* do not provide any presentation details - as themes will not be able
* to over-ride them.
*/
$arr = array('init' => true, 'replace' => false);
$arr = array('init' => true, 'replace' => false);
call_hooks(\App::$module . '_mod_init', $arr);
if(! $arr['replace']) {
if($this->controller && method_exists($this->controller,'init')) {
@ -187,7 +199,7 @@ class Router {
}
}
/**
/*
* Do all theme initialisation here before calling any additional module functions.
* The module_init function may have changed the theme.
* Additionally any page with a Comanche template may alter the theme.
@ -195,7 +207,7 @@ class Router {
*/
/**
/*
* In case a page has overloaded a module, see if we already have a layout defined
* otherwise, if a PDL file exists for this module, use it
* The member may have also created a customised PDL that's stored in the config
@ -203,7 +215,7 @@ class Router {
load_pdl($a);
/**
/*
* load current theme info
*/
@ -226,7 +238,7 @@ class Router {
}
}
if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) {
if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) {
call_hooks(\App::$module . '_mod_post', $_POST);
if($this->controller && method_exists($this->controller,'post')) {
@ -238,7 +250,7 @@ class Router {
}
}
if(! \App::$error) {
if(! \App::$error) {
$arr = array('content' => \App::$page['content'], 'replace' => false);
call_hooks(\App::$module . '_mod_content', $arr);
\App::$page['content'] = $arr['content'];

10
Zotlabs/Web/SessionHandler.php
View File

@ -18,13 +18,13 @@ class SessionHandler implements \SessionHandlerInterface {
function read ($id) {
if($id) {
$r = q("SELECT `sess_data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
$r = q("SELECT sess_data FROM session WHERE sid= '%s'", dbesc($id));
if($r) {
return $r[0]['sess_data'];
}
else {
q("INSERT INTO `session` (sess_data, sid, expire) values ('%s', '%s', '%s')",
q("INSERT INTO session (sess_data, sid, expire) values ('%s', '%s', '%s')",
dbesc(''),
dbesc($id),
dbesc(time() + 300)
@ -59,8 +59,8 @@ class SessionHandler implements \SessionHandlerInterface {
$expire = time() + (60 * 60 * 24 * 1);
}
q("UPDATE `session`
SET `sess_data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
q("UPDATE session
SET sess_data = '%s', expire = '%s' WHERE sid = '%s'",
dbesc($data),
dbesc($expire),
dbesc($id)
@ -76,7 +76,7 @@ class SessionHandler implements \SessionHandlerInterface {
function destroy ($id) {
q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
q("DELETE FROM session WHERE sid = '%s'", dbesc($id));
return true;
}

Some files were not shown because too many files have changed in this diff Show More