remote sharing seemed so easy. It's not. It's not happening today. But at least we've got the important bits in place and the reasons why it doesn't work are known and somewhat documented.

mod/share.php

@@ -1,20 +1,45 @@
 <?php
 
+require_once('include/security.php');
 require_once('bbcode.php');
 
 function share_init(&$a) {
 
 	$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
-	if((! $post_id) || (! local_user()))
+
+	if(! $post_id)
 		killme();
 
-	$r = q("SELECT * from item WHERE id = %d AND uid = %d and item_restrict = 0 LIMIT 1",
+	if(! (local_user() || remote_user()))
+		killme();
+
+
+	$r = q("SELECT * from item WHERE id = %d  LIMIT 1",
 		intval($post_id),
-		intval(local_user())
 	);
 	if((! $r) || $r[0]['item_private'])
 		killme();
 
+	$sql_extra = item_permissions_sql($r[0]['uid']);
+
+	$r = q("select * from item where id = %d $sql_extra",
+		intval($post_id)
+	);
+	if(! $r)
+		killme();
+
+	// FIXME - we only share bbcode
+
+	if($r[0]['mimetype'] !== 'text/bbcode')
+		killme();
+
+	// FIXME - eventually we want to post remotely via rpost
+	// on your home site.
+	// When that works remove this next bit:
+
+	if(! local_user())
+		killme();
+
 	xchan_query($r);
 
 	if (strpos($r[0]['body'], "[/share]") !== false) {
@@ -32,7 +57,24 @@ function share_init(&$a) {
 		$o.= "[/share]";
 	}
 
+	if(local_user()) {
 		echo $o;
 		killme();
+	}
+	
+	$observer = $a->get_observer();
+	$parsed = $observer['xchan_url'];
+	if($parsed) {
+		$post_url = $parsed['scheme'] . ':' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : '')
+			. '/rpost';
+		// FIXME - we were probably called from JS
+		// so we don't know the return page.
+		// in fact we won't be able to load the remote page.
+		// we might need an iframe
+
+		$x = z_post_url($post_url, array('f' => '', 'body' => $o ));
+		killme();
+	}
+	
 
 }