harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1 from friendica/master

Browse Source 
get changes
This commit is contained in:
MicMee 2013-01-23 04:55:09 -08:00
commit 9996d5ee9b
49 changed files with 1335 additions and 1127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
boot.php
View File

@ -16,7 +16,7 @@ require_once('include/features.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica Red');
define ( 'FRIENDICA_VERSION', trim(file_get_contents('version.inc')) . 'R');
define ( 'ZOT_REVISION', 1 );
define ( 'DB_UPDATE_VERSION', 1020 );
define ( 'DB_UPDATE_VERSION', 1021 );
define ( 'EOL', '<br />' . "\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );
@ -266,6 +266,8 @@ define ( 'HUBLOC_FLAGS_PRIMARY', 0x0001);
define ( 'HUBLOC_FLAGS_UNVERIFIED', 0x0002);
define ( 'XCHAN_FLAGS_HIDDEN', 0x0001);
/**
* Tag/term types
@ -454,7 +456,7 @@ if(! class_exists('App')) {
private $widgets = array(); // widgets for this page
public $groups;
public $language;
public $module_loaded = false;
public $query_string;
@ -749,6 +751,13 @@ if(! class_exists('App')) {
$this->apps = $arr;
}
function set_groups($g) {
$this->groups = $g;
}
function get_groups() {
return $this->groups;
}
function set_widget($title,$html, $location = 'aside') {
$this->widgets[] = array('title' => $title, 'html' => $html, 'location' => $location);
@ -1179,7 +1188,7 @@ if(! function_exists('local_user')) {
if(! function_exists('remote_user')) {
function remote_user() {
if((x($_SESSION,'authenticated')) && (x($_SESSION,'visitor_id')))
return intval($_SESSION['visitor_id']);
return $_SESSION['visitor_id'];
return false;
}
}
@ -1258,7 +1267,7 @@ function profile_load(&$a, $nickname, $profile = 0) {
require_once('include/permissions.php');
if(! perm_is_allowed($user[0]['channel_id'],$observer['xchan_hash'],'view_profile')) {
// permission denied
notice( t(' Sorry, you don't have the permission to view this profile. ') . EOL);
notice( t(' Sorry, you don\'t have the permission to view this profile. ') . EOL);
return;
}

38
done
View File

@ -15,7 +15,7 @@ include/
+ account.php
acl_selectors.php
+ activities.php
api.php
? api.php
? attach.php
+ auth.php
- bb2diaspora.php (check for function dependencies before removing)
@ -34,7 +34,7 @@ include/
+ directory.php
- email.php
+ enotify.php
event.php
+ event.php
+ expire.php
fcontact.php
? follow.php
@ -47,23 +47,23 @@ include/
? items.php
+ js_strings.php
+ language.php
message.php
? message.php
- msgclean.php
? nav.php
network.php
notifier.php
+ notifier.php
oauth.php
oembed.php
? onepoll.php
? onepoll.php
? Photo.php
? plugin.php
? poller.php
? poller.php
? profile_advanced.php
profile_selectors.php
? queue_fn.php
? queue.php
- salmon.php
Scrape.php
= Scrape.php
+ security.php
? session.php
socgraph.php
@ -87,14 +87,14 @@ mod/
- cb.php
common.php
community.php
contactgroup.php
+ contactgroup.php
crepair.php
delegate.php
directory.php
? directory.php
dirfind.php
display.php
editpost.php
events.php
? events.php
fbrowser.php
feed.php
filerm.php
@ -104,17 +104,17 @@ mod/
fsuggest.php
+ group.php
- hcard.php -> not needed
help.php
= help.php
+ home.php
hostxrd.php -> probably not needed
? install.php
invite.php
+ item.php
+ like.php
lockview.php
+ lockview.php
+ login.php
lostpass.php
magic.php
? magic.php
+ manage.php
match.php
? message.php
@ -157,15 +157,15 @@ mod/
suggest.php
tagger.php
tagrm.php
uexport.php
update_community.php - needs converting to json
update_network.php - needs converting to json
update_profile.php - needs converting to json
? uexport.php
? update_community.php - needs converting to json
? update_network.php - needs converting to json
? update_profile.php - needs converting to json
viewcontacts.php
view.php
+ viewsrc.php
? wall_attach.php (needs remote permissions refactor)
? wall_upload.php (needs remote permissions refactor)
+ wall_attach.php (needs remote permissions refactor)
+ wall_upload.php (needs remote permissions refactor)
webfinger.php
+ _well_known.php
xrd.php

5
include/ItemObject.php
View File

@ -49,6 +49,7 @@ class Item extends BaseObject {
// fixme
$this->writable = ($this->get_data_value('writable') || $this->get_data_value('self'));
// FIXME - base this on observer permissions
$this->writable = ((local_user() && $channel['channel_hash'] === $item['owner_xchan']) ? true : false);
@ -227,8 +228,8 @@ class Item extends BaseObject {
'body' => $body_e,
'text' => strip_tags($body_e),
'id' => $this->get_id(),
'linktitle' => sprintf( t('View %s\'s profile @ %s'), $profile_name, ((strlen($item['author-link'])) ? $item['author-link'] : $item['url'])),
'olinktitle' => sprintf( t('View %s\'s profile @ %s'), $this->get_owner_name(), ((strlen($item['owner-link'])) ? $item['owner-link'] : $item['url'])),
'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']),
'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']),
'to' => t('to'),
'wall' => t('Wall-to-Wall'),
'vwall' => t('via Wall-To-Wall:'),

18
include/Photo.php
View File

@ -523,7 +523,7 @@ class Photo {
public function store($uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $profile = 0, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '') {
$x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `scale` = %d limit 1",
dbesc($rid),
@ -533,6 +533,7 @@ class Photo {
);
if(count($x)) {
$r = q("UPDATE `photo`
set `aid` = %d,
set `uid` = %d,
`xchan` = '%s',
`resource_id` = '%s',
@ -544,6 +545,7 @@ class Photo {
`height` = %d,
`width` = %d,
`data` = '%s',
`size` = %d,
`scale` = %d,
`profile` = %d,
`allow_cid` = '%s',
@ -552,6 +554,7 @@ class Photo {
`deny_gid` = '%s'
where id = %d limit 1",
intval($aid),
intval($uid),
dbesc($xchan),
dbesc($rid),
@ -563,6 +566,7 @@ class Photo {
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
intval(strlen($this->imageString())),
intval($scale),
intval($profile),
dbesc($allow_cid),
@ -574,8 +578,9 @@ class Photo {
}
else {
$r = q("INSERT INTO `photo`
( `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, '%s', '%s', '%s', '%s' )",
( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, type, `album`, `height`, `width`, `data`, `size`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )",
intval($aid),
intval($uid),
dbesc($xchan),
dbesc($rid),
@ -587,6 +592,7 @@ class Photo {
intval($this->getHeight()),
intval($this->getWidth()),
dbesc($this->imageString()),
intval(strlen($this->imageString())),
intval($scale),
intval($profile),
dbesc($allow_cid),
@ -669,21 +675,21 @@ function import_profile_photo($photo,$xchan) {
$img->scaleImageSquare(175);
$r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 4 );
$r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 5 );
$r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 5 );
if($r === false)
$photo_failure = true;
$img->scaleImage(48);
$r = $img->store(0, $xchan, $hash, $filename, 'Contact Photos', 6 );
$r = $img->store(0, 0, $xchan, $hash, $filename, 'Contact Photos', 6 );
if($r === false)
$photo_failure = true;

348
include/api.php
View File

@ -1,10 +1,11 @@
<?php
require_once("bbcode.php");
require_once("datetime.php");
require_once("conversation.php");
require_once("oauth.php");
require_once("html2plain.php");
require_once('include/security.php');
require_once("bbcode.php");
require_once("datetime.php");
require_once("conversation.php");
require_once("oauth.php");
require_once("html2plain.php");
require_once('include/security.php');
/*
*
@ -12,7 +13,13 @@
*
*/
$API = Array();
/**
** TWITTER API
*/
$API = array();
$called_api = Null;
// All commands which require authentication accept a "channel" parameter
@ -114,6 +121,7 @@
/**************************
* MAIN API ENTRY POINT *
**************************/
function api_call(&$a){
GLOBAL $API, $called_api;
@ -373,30 +381,20 @@
}
function api_item_get_user(&$a, $item) {
global $usercache;
// The author is our direct contact, in a conversation with us.
if(link_compare($item['url'],$item['author-link'])) {
return api_get_user($a,$item['cid']);
}
else {
// The author may be a contact of ours, but is replying to somebody else.
// Figure out if we know him/her.
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
return api_get_user($a,$a->contacts[$normalised]['id']);
if($item['author']['abook_id']) {
return api_get_user($a,$item['author']['abook_id']);
}
// We don't know this person directly.
list($nick, $name) = array_map("trim",explode("(",$item['author-name']));
$name=str_replace(")","",$name);
if ($name == '')
$name = $nick;
if ($nick == '')
$nick = $name;
$nick = substr($item['author']['xchan_addr'],0,strpos($item['author']['xchan_addr'],'@'));
$name = $item['author']['xchan_name'];
// Generating a random ID
if (is_null($usercache[$nick]) or !array_key_exists($nick, $usercache))
@ -408,8 +406,8 @@
'screen_name' => $nick,
'location' => '', //$uinfo[0]['default-location'],
'description' => '',
'profile_image_url' => $item['author-avatar'],
'url' => $item['author-link'],
'profile_image_url' => $item['author']['xchan_photo_m'],
'url' => $item['author']['xchan_url'],
'protected' => false, #
'followers_count' => 0,
'friends_count' => 0,
@ -466,9 +464,6 @@
return $ret;
}
/**
** TWITTER API
*/
/**
* Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful;
@ -524,27 +519,27 @@
function api_statuses_mediap(&$a, $type) {
if (api_user()===false) {
logger('api_statuses_update: no user');
return false;
}
$user_info = api_get_user($a);
if (api_user() === false) {
logger('api_statuses_update: no user');
return false;
}
$user_info = api_get_user($a);
$_REQUEST['type'] = 'wall';
$_REQUEST['profile_uid'] = api_user();
$_REQUEST['api_source'] = true;
$txt = requestdata('status');
//$txt = urldecode(requestdata('status'));
$_REQUEST['type'] = 'wall';
$_REQUEST['profile_uid'] = api_user();
$_REQUEST['api_source'] = true;
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
$txt = requestdata('status');
if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
if((strpos($txt,'<') !== false) || (strpos($txt,'>') !== false)) {
$txt = html2bb_video($txt);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
$txt = $purifier->purify($txt);
$txt = $purifier->purify($txt);
}
$txt = html2bbcode($txt);
@ -552,10 +547,10 @@
$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
require_once('mod/wall_upload.php');
$bebop = wall_upload_post($a);
$posted = wall_upload_post($a);
//now that we have the img url in bbcode we can add it to the status and insert the wall item.
$_REQUEST['body']=$txt."\n\n".$bebop;
$_REQUEST['body']=$txt."\n\n".$posted;
require_once('mod/item.php');
item_post($a);
@ -564,8 +559,6 @@
}
api_register_func('api/statuses/mediap','api_statuses_mediap', true);
function api_statuses_update(&$a, $type) {
if (api_user() === false) {
logger('api_statuses_update: no user');
@ -647,13 +640,15 @@
// get last public message
require_once('include/security.php');
$lastwall = q("SELECT * from item where 1
and not ( item_flags & %d ) and item_restrict = 0
and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
and uid in ( " . stream_perms_api_uids() . " )
order by created desc limit 1",
intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@ -717,13 +712,15 @@
function api_users_show(&$a, $type){
$user_info = api_get_user($a);
require_once('include/security.php');
$lastwall = q("SELECT * from item where 1
and not ( item_flags & %d ) and item_restrict = 0
and item_private != 0 and item_restrict = 0
and author_xchan = '%s'
and allow_cid = '' and allow_gid = '' and deny_cid = '' and deny_gid = ''
and verb = '%s'
and uid in ( " . stream_perms_api_uids() . " )
order by created desc limit 1",
intval(ITEM_PRIVATE),
dbesc($user_info['guid']),
dbesc(ACTIVITY_POST)
);
@ -784,18 +781,20 @@
*/
function api_statuses_home_timeline(&$a, $type){
if (api_user()===false) return false;
if (api_user() === false)
return false;
$user_info = api_get_user($a);
// get last newtork messages
// get last network messages
// params
$count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if ($page<0) $page=0;
$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
$count = (x($_REQUEST,'count')?$_REQUEST['count']:20);
$page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0);
if($page < 0)
$page = 0;
$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0);
$exclude_replies = (x($_REQUEST,'exclude_replies')?1:0);
//$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
@ -809,33 +808,40 @@
if ($exclude_replies > 0)
$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`uid` = %d
AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
if (api_user() != $user_info['uid']) {
$observer = get_app()->get_observer();
require_once('include/permissions.php');
if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
return '';
$sql_extra .= " and item_private = 0 ";
}
$r = q("SELECT * from item WHERE uid = %d and item_restrict = 0
$sql_extra
AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
AND id > %d
ORDER BY received DESC LIMIT %d ,%d ",
intval($user_info['uid']),
intval($since_id),
intval($start), intval($count)
intval($start),
intval($count)
);
xchan_query($r,true);
$ret = api_format_items($r,$user_info);
// We aren't going to try to figure out at the item, group, and page
// level which items you've seen and which you haven't. If you're looking
// at the network timeline just mark everything seen.
$r = q("UPDATE `item` SET `unseen` = 0
WHERE `unseen` = 1 AND `uid` = %d",
intval($user_info['uid'])
);
if (api_user() == $user_info['uid']) {
$r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d )
WHERE item_flags & %d and uid = %d",
intval(ITEM_UNSEEN),
intval(ITEM_UNSEEN),
intval($user_info['uid'])
);
}
$data = array('$statuses' => $ret);
@ -878,42 +884,22 @@
if ($max_id > 0)
$sql_extra = 'AND `item`.`id` <= '.intval($max_id);
require_once('include/security.php');
/*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$r = q("select * from item where item_restrict = 0
and allow_cid = '' and allow_gid = ''
and deny_cid = '' and deny_gid = ''
and item_private = 0
and uid in ( " . stream_perms_api_uids() . " )
$sql_extra
AND `item`.`id`>%d
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
AND id > %d group by uri
order by received desc LIMIT %d, %d ",
intval($since_id),
intval($start), intval($count)
);*/
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
`user`.`nickname`, `user`.`hidewall`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''
AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''
AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
AND `item`.`id`>%d
ORDER BY `received` DESC LIMIT %d, %d ",
intval($since_id),
intval($start),
intval($count));
intval($start),
intval($count)
);
xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@ -926,7 +912,7 @@
break;
case "as":
$as = api_format_as($a, $ret, $user_info);
$as['title'] = $a->config['sitename']." Public Timeline";
$as['title'] = $a->config['sitename']. " " . t('Public Timeline');
$as['link']['url'] = $a->get_baseurl()."/";
return($as);
break;
@ -938,6 +924,7 @@
/**
*
*/
function api_statuses_show(&$a, $type){
if (api_user()===false) return false;
@ -945,7 +932,7 @@
$user_info = api_get_user($a);
// params
$id = intval($a->argv[3]);
$id = intval(argv(3));
logger('API: api_statuses_show: '.$id);
@ -958,17 +945,10 @@
else
$sql_extra .= " AND `item`.`id` = %d";
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra",
$r = q("select * from item where item_restrict = 0 $sql_extra",
intval($id)
);
xchan_query($r,true);
$ret = api_format_items($r,$user_info);
@ -997,34 +977,31 @@
$user_info = api_get_user($a);
// params
$id = intval($a->argv[3]);
$id = intval(argv(3));
logger('API: api_statuses_repeat: '.$id);
//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`nick` as `reply_author`,
`contact`.`name`, `contact`.`photo`, `contact`.`url` as `reply_url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn_id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
AND `item`.`id`=%d",
$observer = get_app()->get_observer();
$r = q("SELECT * from item where item_restrict = 0 and id = %d limit 1",
intval($id)
);
if ($r[0]['body'] != "") {
$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
$_REQUEST['profile_uid'] = api_user();
$_REQUEST['type'] = 'wall';
$_REQUEST['api_source'] = true;
if(perm_is_allowed($r[0]['uid'],$observer['xchan_hash'],'view_stream')) {
if ($r[0]['body'] != "") {
$_REQUEST['body'] = html_entity_decode("&#x2672; ", ENT_QUOTES, 'UTF-8')."[url=".$r[0]['reply_url']."]".$r[0]['reply_author']."[/url] \n".$r[0]['body'];
$_REQUEST['profile_uid'] = api_user();
$_REQUEST['type'] = 'wall';
$_REQUEST['api_source'] = true;
require_once('mod/item.php');
item_post($a);
require_once('mod/item.php');
item_post($a);
}
}
else
return false;
if ($type == 'xml')
$ok = "true";
@ -1038,13 +1015,14 @@
/**
*
*/
function api_statuses_destroy(&$a, $type){
if (api_user()===false) return false;
$user_info = api_get_user($a);
// params
$id = intval($a->argv[3]);
$id = intval(argv(3));
logger('API: api_statuses_destroy: '.$id);
@ -1065,6 +1043,8 @@
* http://developer.twitter.com/doc/get/statuses/mentions
*
*/
// FIXME
function api_statuses_mentions(&$a, $type){
if (api_user()===false) return false;
@ -1142,6 +1122,7 @@
return api_apply_template("timeline", $type, $data);
}
api_register_func('api/statuses/mentions','api_statuses_mentions', true);
// FIXME?? I don't think mentions and replies are congruent in this case
api_register_func('api/statuses/replies','api_statuses_mentions', true);
@ -1149,7 +1130,7 @@
if (api_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
// get last network messages
logger("api_statuses_user_timeline: api_user: ". api_user() .
@ -1325,7 +1306,7 @@
function api_format_messages($item, $recipient, $sender) {
// standard meta information
$ret=Array(
$ret = array(
'id' => $item['id'],
'created_at' => api_date($item['created']),
'sender_id' => $sender['id'] ,
@ -1364,25 +1345,27 @@
//logger('api_format_items: ' . print_r($user_info,true));
$a = get_app();
$ret = Array();
$ret = array();
foreach($r as $item) {
localize_item($item);
$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
if ($item['parent']!=$item['id']) {
$r = q("select id from item where parent=%s and id<%s order by id desc limit 1",
intval($item['parent']), intval($item['id']));
$status_user = (($item['author_xchan']==$user_info['guid'])?$user_info: api_item_get_user($a,$item));
if($item['parent'] != $item['id']) {
$r = q("select id from item where parent= %d and id < %d order by id desc limit 1",
intval($item['parent']),
intval($item['id'])
);
if ($r)
$in_reply_to_status_id = $r[0]['id'];
else
$in_reply_to_status_id = $item['parent'];
$r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact
where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id));
xchan_query($r,true);
$in_reply_to_screen_name = $r[0]['author-name'];
$in_reply_to_user_id = $r[0]['contact-id'];
$in_reply_to_screen_name = $r[0]['author']['xchan_name'];
$in_reply_to_user_id = $r[0]['author']['abook_id'];
} else {
$in_reply_to_screen_name = '';
@ -1399,41 +1382,39 @@
else
$statustext = trim($statustitle."\n\n".$statusbody);
if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000))
$statustext = substr($statustext, 0, 1000)."... \n".$item["plink"];
$status = array(
'text' => $statustext,
'truncated' => False,
'created_at'=> api_date($item['created']),
'in_reply_to_status_id' => $in_reply_to_status_id,
'source' => (($item['app']) ? $item['app'] : 'web'),
'id' => intval($item['id']),
'in_reply_to_user_id' => $in_reply_to_user_id,
'in_reply_to_screen_name' => $in_reply_to_screen_name,
'geo' => '',
'favorited' => $item['starred'] ? true : false,
'user' => $status_user ,
'statusnet_html' => trim(bbcode($item['body'])),
'text' => $statustext,
'truncated' => False,
'created_at' => api_date($item['created']),
'in_reply_to_status_id' => $in_reply_to_status_id,
'source' => (($item['app']) ? $item['app'] : 'web'),
'id' => intval($item['id']),
'in_reply_to_user_id' => $in_reply_to_user_id,
'in_reply_to_screen_name' => $in_reply_to_screen_name,
'geo' => '',
'favorited' => (($item['item_flags'] & ITEM_STARRED) ? true : false),
'user' => $status_user ,
'statusnet_html' => trim(bbcode($item['body'])),
'statusnet_conversation_id' => $item['parent'],
);
// Seesmic doesn't like the following content
if ($_SERVER['HTTP_USER_AGENT'] != 'Seesmic') {
$status2 = array(
'updated' => api_date($item['edited']),
'published' => api_date($item['created']),
'message_id' => $item['uri'],
'url' => ($item['plink']!=''?$item['plink']:$item['author-link']),
'coordinates' => $item['coord'],
'place' => $item['location'],
'updated' => api_date($item['edited']),
'published' => api_date($item['created']),
'message_id' => $item['uri'],
'url' => $item['plink'],
'coordinates' => $item['coord'],
'place' => $item['location'],
'contributors' => '',
'annotations' => '',
'entities' => '',
'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
'entities' => '',
'objecttype' => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
);
$status = array_merge($status, $status2);
@ -1499,12 +1480,14 @@
return false;
}
// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
$sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
$sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
$r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);
@ -1611,13 +1594,16 @@
if(! api_user())
return false;
// For Red, the closest thing we can do to figure out if you're friends is if both of you are sending each other your streams.
// This won't work if either of you send your stream to everybody on the network
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
$sql_extra = sprintf(" AND ( their_perms & %d ) and ( my_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
$sql_extra = sprintf(" AND ( my_perms & %d ) and not ( their_perms & %d ) ", intval(PERMS_W_STREAM), intval(PERMS_W_STREAM));
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
$r = q("SELECT id FROM abook where abook_flags = 0 and abook_channel = %d $sql_extra",
intval(api_user())
);

25
include/auth.php
View File

@ -63,16 +63,21 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
info( t('Logged out.') . EOL);
goaway(z_root());
}
// if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
// $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
// intval($_SESSION['visitor_id'])
// );
// if(count($r)) {
// $a->contact = $r[0];
// }
// }
dbg(1);
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_hash = '%s' limit 1",
dbesc($_SESSION['visitor_id'])
);
if($r) {
get_app()->set_observer($r[0]);
}
else {
unset($_SESSION['visitor_id']);
unset($_SESSION['authenticated']);
}
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
}
dbg(0);
if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
// already logged in user returning

34
include/contact_widgets.php
View File

@ -116,23 +116,23 @@ function common_friends_visitor_widget($profile_uid) {
}
// FIXME
if(! $cid) {
if(get_my_url()) {
$r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
dbesc(normalise_link(get_my_url())),
intval($profile_uid)
);
if(count($r))
$cid = $r[0]['id'];
else {
$r = q("select id from gcontact where nurl = '%s' limit 1",
dbesc(normalise_link(get_my_url()))
);
if(count($r))
$zcid = $r[0]['id'];
}
}
}
// if(! $cid) {
// if(get_my_url()) {
// $r = q("select id from contact where nurl = '%s' and uid = %d limit 1",
// dbesc(normalise_link(get_my_url())),
// intval($profile_uid)
// );
// if(count($r))
// $cid = $r[0]['id'];
// else {
// $r = q("select id from gcontact where nurl = '%s' limit 1",
// dbesc(normalise_link(get_my_url()))
// );
// if(count($r))
// $zcid = $r[0]['id'];
// }
// }
// }
if($cid == 0 && $zcid == 0)
return;

68
include/event.php
View File

@ -205,30 +205,36 @@ function event_store($arr) {
$a = get_app();
$arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
$arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert());
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
$arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert());
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['event_xchan'] = (($arr['event_xchan']) ? $arr['event_xchan'] : '');
// Existing event being modified
if($arr['id']) {
if($arr['id'] || $arr['event_hash']) {
// has the event actually changed?
$r = q("SELECT * FROM `event` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($arr['id']),
intval($arr['uid'])
);
if((! $r) || ($r[0]['edited'] === $arr['edited'])) {
// Nothing has changed. Grab the item id to return.
$r = q("SELECT id FROM item WHERE resource_type = 'event' and resource_id = '%s' AND uid = %d LIMIT 1",
intval($arr['event_hash']),
if($arr['event_hash']) {
$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($arr['event_hash']),
intval($arr['uid'])
);
return(($r) ? $r[0]['id'] : 0);
}
else {
$r = q("SELECT * FROM event WHERE id = %d AND uid = %d LIMIT 1",
intval($arr['id']),
intval($arr['uid'])
);
}
if(! $r)
return 0;
if($r[0]['edited'] === $arr['edited']) {
// Nothing has changed. Return the ID.
return $r[0]['id'];
}
// The event changed. Update it.
@ -262,12 +268,12 @@ function event_store($arr) {
dbesc($arr['allow_gid']),
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
intval($arr['id']),
intval($r[0]['id']),
intval($arr['uid'])
);
$r = q("SELECT * FROM item left join xchan on author_xchan = xchan_hash WHERE resource_id = '%s' AND resource_type = 'event' and uid = %d LIMIT 1",
intval($arr['event_hash']),
intval($r[0]['event_hash']),
intval($arr['uid'])
);
@ -291,7 +297,8 @@ function event_store($arr) {
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d WHERE id = %d AND uid = %d LIMIT 1",
q("UPDATE item SET title = '%s', body = '%s', object = '%s', allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', edited = '%s', item_flags = %d, item_private = %d WHERE id = %d AND uid = %d LIMIT 1",
dbesc($arr['summary']),
dbesc(format_event_bbcode($arr)),
dbesc($object),
@ -300,7 +307,8 @@ function event_store($arr) {
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
dbesc($arr['edited']),
intval(($private && ($r[0]['item_flags'] & ITEM_PRIVATE)) ? $r[0]['item_flags'] : $r[0]['item_flags'] ^ ITEM_PRIVATE),
intval($r[0]['item_flags']),
intval($private),
intval($r[0]['id']),
intval($arr['uid'])
);
@ -320,8 +328,12 @@ function event_store($arr) {
$hash = random_string();
$r = q("INSERT INTO `event` ( `uid`,`aid`,`event_xchan`,`event_hash`,`created`,`edited`,`start`,`finish`,`summary`, `desc`,`location`,`type`,
`adjust`,`nofinish`,`allow_cid`,`allow_gid`,`deny_cid`,`deny_gid`)
if(! $arr['uri'])
$arr['uri'] = item_message_id();
$r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary, desc,location,type,
adjust,nofinish,allow_cid,allow_gid,deny_cid,deny_gid)
VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' ) ",
intval($arr['uid']),
intval($arr['account']),
@ -344,7 +356,7 @@ function event_store($arr) {
);
$r = q("SELECT * FROM `event` WHERE `event_hash` = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
dbesc($hash),
intval($arr['uid'])
);
@ -364,19 +376,14 @@ function event_store($arr) {
$item_flags |= ITEM_ORIGIN;
}
$uri = item_message_id();
$private = (($arr['allow_cid'] || $arr['allow_gid'] || $arr['deny_cid'] || $arr['deny_gid']) ? 1 : 0);
if($private)
$item_flags |= ITEM_PRIVATE;
$item_arr = array();
$item_arr['uid'] = $arr['uid'];
$item_arr['author_xchan'] = $arr['event_xchan'];
$item_arr['uri'] = $uri;
$item_arr['parent_uri'] = $uri;
$item_arr['uri'] = $arr['uri'];
$item_arr['parent_uri'] = $arr['uri'];
$item_arr['item_flags'] = $item_flags;
@ -387,12 +394,13 @@ function event_store($arr) {
$item_arr['allow_gid'] = $arr['allow_gid'];
$item_arr['deny_cid'] = $arr['deny_cid'];
$item_arr['deny_gid'] = $arr['deny_gid'];
$item_arr['item_private'] = $private;
$item_arr['verb'] = ACTIVITY_POST;
$item_arr['resource_type'] = 'event';
$item_arr['resource_id'] = $hash;
$item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
$item_arr['obj_type'] = ACTIVITY_OBJ_EVENT;
$item_arr['body'] = format_event_bbcode($arr);
$x = q("select * from xchan where xchan_hash = '%s' limit 1",

3
include/group.php
View File

@ -169,7 +169,7 @@ function group_add_member($uid,$name,$member,$gid = 0) {
function group_get_members($gid) {
$ret = array();
if(intval($gid)) {
$r = q("SELECT abook.*,xchan.*,group_member.* FROM `group_member`
$r = q("SELECT * FROM `group_member`
LEFT JOIN abook ON abook_xchan = `group_member`.`xchan` left join xchan on xchan_hash = abook_xchan
WHERE `gid` = %d AND `group_member`.`uid` = %d and not ( abook_flags & %d ) and not ( abook_flags & %d ) and not ( abook_flags & %d ) ORDER BY xchan_name ASC ",
intval($gid),
@ -228,7 +228,6 @@ function group_side($every="contacts",$each="group",$edit = false, $group_id = 0
);
$r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC",
intval($_SESSION['uid'])
);

2
include/html2plain.php
View File

@ -205,7 +205,7 @@ function html2plain($html, $wraplength = 75, $compact = false)
if (!$compact) {
$counter = 1;
foreach ($urls as $id=>$url)
if (strpos($message, $url) == false)
if ($url && strpos($message, $url) === false)
$message .= "\n".$url." ";
//$message .= "\n[".($counter++)."] ".$url;
}

48
include/identity.php
View File

@ -201,6 +201,9 @@ function identity_basic_export($channel_id) {
*/
$ret = array();
$ret['compatibility'] = array('project' => FRIENDICA_PLATFORM, 'version' => FRIENDICA_VERSION, 'database' => DB_UPDATE_VERSION);
$r = q("select * from channel where channel_id = %d limit 1",
intval($channel_id)
);
@ -240,4 +243,49 @@ function identity_basic_export($channel_id) {
function identity_basic_import($arr, $seize_primary = false) {
$ret = array('result' => false );
if($arr['channel']) {
// import channel
// create a new xchan (if necessary)
// create a new hubloc and seize control if applicable
}
if($arr['profile']) {
// FIXME - change profile assignment to a hash instead of an id we have to fix
}
if($arr['xchan']) {
// import any xchan and hubloc which are not yet available on this site
// Unset primary for all other hubloc on our own record if $seize_primary
}
if($arr['abook']) {
// import the abook entries
}
if($seize_primary) {
// send a refresh message to all our friends, telling them we've moved
}
$ret['result'] = true ;
return $ret;
}

11
include/items.php
View File

@ -1598,17 +1598,16 @@ function tag_deliver($uid,$item_id) {
$private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
$flag_bits = ITEM_WALL|ITEM_ORIGIN|ITEM_UPLINK;
if($private)
$flag_bits = $flag_bits | ITEM_PRIVATE;
$r = q("update item set item_flags = ( $item_flags | %d ), owner_xchan = '%s', allow_cid = '%s', allow_gid = '%s',
deny_cid = '%s', deny_gid = '%s' where id = %d limit 1",
deny_cid = '%s', deny_gid = '%s', item_private = %d where id = %d limit 1",
intval($flag_bits),
dbesc($u[0]['channel_hash']),
dbesc($u[0]['allow_cid']),
dbesc($u[0]['allow_gid']),
dbesc($u[0]['deny_cid']),
dbesc($u[0]['deny_gid']),
intval($private),
intval($item_id)
);
if($r)
@ -2081,13 +2080,13 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0)
$img->scaleImageSquare(175);
$hash = $resource_id;
$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
$img->scaleImage(80);
$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
$img->scaleImage(48);
$r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
$r = $img->store(0, $contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
$a = get_app();

13
include/nav.php
View File

@ -90,8 +90,12 @@ EOT;
);
}
$nav['lock'] = array('rmagic','',(($observer) ? 'lock' : 'unlock'), (($observer) ? $observer['xchan_addr'] : t('Click to authenticate to your home hub')));
if($observer)
$nav['lock'] = array('logout','','lock',
sprintf( t('%s - click to logout'), $observer['xchan_addr']));
else
$nav['lock'] = array('rmagic','','unlock',
t('Click to authenticate to your home hub'));
/**
* "Home" should also take you home from an authenticated remote profile connection
@ -118,9 +122,9 @@ EOT;
$nav['search'] = array('search', t('Search'), "", t('Search site content'));
$gdirpath = 'directory';
$nav['directory'] = array($gdirpath, t('Directory'), "", t('People directory'));
$nav['directory'] = array('directory', t('Channel Directory'), "", t('Channel Locator'));
/**
*
@ -199,6 +203,7 @@ EOT;
'$localuser' => local_user(),
'$sel' => $a->nav_sel,
'$apps' => $a->get_apps(),
'$pleasewait' => t('Please wait...')
));
call_hooks('page_header', $a->page['nav']);

8
include/onepoll.php
View File

@ -113,16 +113,14 @@ function onepoll_run($argv, $argc){
// set last updated timestamp
$r = null;
if($contact['xchan_connurl']) {
$r = q("SELECT xlink_id from xlink
where xlink_xchan = '%s' and xlink_updated > UTC_TIMESTAMP() - INTERVAL 1 DAY",
intval($contact['xchan_hash'])
);
}
if($r) {
poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
if($r) {
poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
}
}
return;

37
include/security.php
View File

@ -236,7 +236,7 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* default permissions - anonymous user
*/
$sql = " AND not (item_flags & " . ITEM_PRIVATE . ") ";
$sql = " AND not item_private ";
/**
@ -349,7 +349,7 @@ if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
$groups = array();
$r = q("SELECT gid FROM group_member WHERE xchan = '%s' ",
intval($contact_id)
dbesc($contact_id)
);
if(count($r)) {
foreach($r as $rr)
@ -359,3 +359,36 @@ function init_groups_visitor($contact_id) {
}}
// This is used to determine which uid have posts which are visible to the logged in user (from the API) for the
// public_timeline, and we can use this in a community page by making $perms_min = PERMS_NETWORK unless logged in.
// Collect uids of everybody on this site who has opened their posts to everybody on this site (or greater visibility)
// We always include yourself if logged in because you can always see your own posts
// resolving granular permissions for the observer against every person and every post on the site
// will likely be too expensive.
// Returns a string list of comma separated channel_ids suitable for direct inclusion in a SQL query
function stream_perms_api_uids($perms_min = PERMS_SITE) {
$ret = array();
if(local_user())
$ret[] = local_user();
$r = q("select channel_id from channel where channel_r_stream <= %d",
intval($perms_min)
);
if($r)
foreach($r as $rr)
if(! in_array($rr['channel_id'],$ret))
$ret[] = $rr['channel_id'];
$str = '';
if($ret)
foreach($ret as $rr) {
if($str)
$str .= ',';
$str .= intval($rr);
}
return $str;
}

77
include/socgraph.php
View File

@ -23,12 +23,11 @@ function poco_load($xchan = null,$url = null) {
$a = get_app();
if($xchan && ! $url) {
$r = q("select xchan_connurl from xchan where xchan_hash = %d limit 1",
intval($xchan)
$r = q("select xchan_connurl from xchan where xchan_hash = '%s' limit 1",
dbesc($xchan)
);
if($r) {
$url = $r[0]['xchan_connurl'];
$uid = $r[0]['abook_channel'];
}
}
@ -109,24 +108,25 @@ function poco_load($xchan = null,$url = null) {
}
$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
dbesc($xchan),
dbesc($hash)
);
if(! $r) {
q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
if($xchan) {
$r = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' limit 1",
dbesc($xchan),
dbesc($hash),
dbesc(datetime_convert())
dbesc($hash)
);
if(! $r) {
q("insert into xlink ( xlink_xchan, xlink_link, xlink_updated ) values ( '%s', '%s', '%s' ) ",
dbesc($xchan),
dbesc($hash),
dbesc(datetime_convert())
);
}
else {
q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
dbesc(datetime_convert()),
intval($r[0]['xlink_id'])
);
}
}
else {
q("update xlink set xlink_updated = '%s' where xlink_id = %d limit 1",
dbesc(datetime_convert()),
intval($r[0]['xlink_id'])
);
}
}
logger("poco_load: loaded $total entries",LOGGER_DEBUG);
@ -295,37 +295,38 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
function update_suggestions() {
// FIXME
return;
$a = get_app();
$done = array();
poco_load(0,0,0,$a->get_baseurl() . '/poco');
// fix this to get a json list from an upstream directory
// poco_load(0,0,0,$a->get_baseurl() . '/poco');
$done[] = $a->get_baseurl() . '/poco';
// $done[] = $a->get_baseurl() . '/poco';
if(strlen(get_config('system','directory_submit_url'))) {
$x = fetch_url('http://dir.friendica.com/pubsites');
if($x) {
$j = json_decode($x);
if($j->entries) {
foreach($j->entries as $entry) {
$url = $entry->url . '/poco';
if(! in_array($url,$done))
poco_load(0,0,0,$entry->url . '/poco');
}
}
}
}
// if(strlen(get_config('system','directory_submit_url'))) {
// $x = fetch_url('http://dir.friendica.com/pubsites');
// if($x) {
// $j = json_decode($x);
// if($j->entries) {
// foreach($j->entries as $entry) {
// $url = $entry->url . '/poco';
// if(! in_array($url,$done))
// poco_load(0,0,0,$entry->url . '/poco');
// }
// }
// }
// }
$r = q("select distinct(poco) as poco from contact where network = '%s'",
dbesc(NETWORK_DFRN)
);
$r = q("select distinct(xchan_connurl) as poco from xchan where xchan_network = 'zot'");
if(count($r)) {
if($r) {
foreach($r as $rr) {
$base = substr($rr['poco'],0,strrpos($rr['poco'],'/'));
if(! in_array($base,$done))
poco_load(0,0,0,$base);
poco_load('',$base);
}
}
}

51
include/text.php
View File

@ -302,26 +302,33 @@ function paginate(&$a) {
}}
if(! function_exists('alt_pager')) {
function alt_pager(&$a, $i) {
$o = '';
function alt_pager(&$a, $i, $more = '', $less = '') {
$o = '';
if(! $more)
$more = t('older');
if(! $less)
$less = t('newer');
$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
$stripped = str_replace('q=','',$stripped);
$stripped = trim($stripped,'/');
$pagenum = $a->pager['page'];
$url = $a->get_baseurl() . '/' . $stripped;
$url = $a->get_baseurl() . '/' . $stripped;
$o .= '<div class="pager">';
$o .= '<div class="pager">';
if($a->pager['page']>1)
$o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . t('newer') . '</a>';
if($i>0) {
if($a->pager['page']>1)
$o .= "&nbsp;-&nbsp;";
$o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('older') . '</a>';
if($a->pager['page'] > 1)
$o .= "<a href=\"$url"."&page=".($a->pager['page'] - 1).'">' . $less . '</a>';
if($i > 0 && $i == $a->pager['itemspage']) {
if($a->pager['page']>1)
$o .= " | ";
$o .= "<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . $more . '</a>';
}
$o .= '</div>'."\r\n";
$o .= '</div>'."\r\n";
return $o;
}}
@ -1711,7 +1718,11 @@ function ids_to_querystr($arr,$idx = 'id') {
return(implode(',', $t));
}
function xchan_query(&$items) {
// Fetches xchan and hubloc data for an array of items with only an
// author_xchan and owner_xchan. If $abook is true also include the abook info.
// This is needed in the API to save extra per item lookups there.
function xchan_query(&$items,$abook = false) {
$arr = array();
if($items && count($items)) {
foreach($items as $item) {
@ -1722,8 +1733,14 @@ function xchan_query(&$items) {
}
}
if(count($arr)) {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
if($abook) {
$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
}
else {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash
where xchan_hash in (" . implode(',', $arr) . ") and ( hubloc_flags & " . intval(HUBLOC_FLAGS_PRIMARY) . " )");
}
}
if($items && count($items) && $chans && count($chans)) {
for($x = 0; $x < count($items); $x ++) {
@ -1781,9 +1798,11 @@ function magic_link($s) {
return $s;
}
function stringify_array_elms(&$arr) {
// if $escape is true, dbesc() each element before adding quotes
function stringify_array_elms(&$arr,$escape = false) {
for($x = 0; $x < count($arr); $x ++)
$arr[$x] = "'" . $arr[$x] . "'";
$arr[$x] = "'" . (($escape) ? dbesc($arr[$x]) : $arr[$x]) . "'";
}
/**

320
include/user.php
View File

@ -1,320 +0,0 @@
<?php
require_once('include/config.php');
require_once('include/network.php');
require_once('include/plugin.php');
require_once('include/text.php');
require_once('include/language.php');
require_once('include/datetime.php');
function create_user($arr) {
// Required: { username, nickname, email } or { openid_url }
$a = get_app();
$result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
$using_invites = get_config('system','invitation_only');
$num_invites = get_config('system','number_invites');
$invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : '');
$username = ((x($arr,'username')) ? notags(trim($arr['username'])) : '');
$nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : '');
$email = ((x($arr,'email')) ? notags(trim($arr['email'])) : '');
$openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : '');
$photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : '');
$password = ((x($arr,'password')) ? trim($arr['password']) : '');
$blocked = ((x($arr,'blocked')) ? intval($arr['blocked']) : 0);
$verified = ((x($arr,'verified')) ? intval($arr['verified']) : 0);
$publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
$tmp_str = $openid_url;
if($using_invites) {
if(! $invite_id) {
$result['message'] .= t('An invitation is required.') . EOL;
return $result;
}
$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
if(! results($r)) {
$result['message'] .= t('Invitation could not be verified.') . EOL;
return $result;
}
}
if((! x($username)) || (! x($email)) || (! x($nickname))) {
if($openid_url) {
if(! validate_url($tmp_str)) {
$result['message'] .= t('Invalid OpenID url') . EOL;
return $result;
}
$_SESSION['register'] = 1;
$_SESSION['openid'] = $openid_url;
require_once('library/openid.php');
$openid = new LightOpenID;
$openid->identity = $openid_url;
$openid->returnUrl = $a->get_baseurl() . '/openid';
$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
goaway($openid->authUrl());
// NOTREACHED
}
notice( t('Please enter the required information.') . EOL );
return;
}
if(! validate_url($tmp_str))
$openid_url = '';
$err = '';
// collapse multiple spaces in name
$username = preg_replace('/ +/',' ',$username);
if(mb_strlen($username) > 48)
$result['message'] .= t('Please use a shorter name.') . EOL;
if(mb_strlen($username) < 3)
$result['message'] .= t('Name too short.') . EOL;
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// So now we are just looking for a space in the full name.
$loose_reg = get_config('system','no_regfullname');
if(! $loose_reg) {
$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
if(! strpos($username,' '))
$result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
}
if(! allowed_email($email))
$result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
if((! valid_email($email)) || (! validate_email($email)))
$result['message'] .= t('Not a valid email address.') . EOL;
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if(count($r))
$result['message'] .= t('Cannot use that email.') . EOL;
}
$nickname = $arr['nickname'] = strtolower($nickname);
if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
$result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
// Check deleted accounts that had this nickname. Doesn't matter to us,
// but could be a security issue for federated platforms.
$r = q("SELECT * FROM `userd`
WHERE `username` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
if(strlen($result['message'])) {
return $result;
}
$new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999));
$new_password_encoded = hash('whirlpool',$new_password);
$result['password'] = $new_password;
require_once('include/crypto.php');
$keys = new_keypair(4096);
if($keys === false) {
$result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
return $result;
}
$default_service_class = get_config('system','default_service_class');
if(! $default_service_class)
$default_service_class = '';
$prvkey = $keys['prvkey'];
$pubkey = $keys['pubkey'];
$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
`pubkey`, `prvkey`, `register_date`, `verified`, `blocked`, `timezone`, `service_class` )
VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC', '%s' )",
dbesc(generate_user_guid()),
dbesc($username),
dbesc($new_password_encoded),
dbesc($email),
dbesc($openid_url),
dbesc($nickname),
dbesc($pubkey),
dbesc($prvkey),
dbesc(datetime_convert()),
intval($verified),
intval($blocked),
dbesc($default_service_class)
);
if($r) {
$r = q("SELECT * FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
dbesc($username),
dbesc($new_password_encoded)
);
if($r !== false && count($r)) {
$u = $r[0];
$newuid = intval($r[0]['uid']);
}
}
else {
$result['message'] .= t('An error occurred during registration. Please try again.') . EOL ;
return $result;
}
/**
* if somebody clicked submit twice very quickly, they could end up with two accounts
* due to race condition. Remove this one.
*/
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' ",
dbesc($nickname)
);
if((count($r) > 1) && $newuid) {
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
intval($newuid)
);
return $result;
}
if(x($newuid) !== false) {
$r = q("INSERT INTO `profile` ( `uid`, `profile_name`, `is_default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
intval($newuid),
t('default'),
1,
dbesc($username),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
intval($publish),
intval($netpublish)
);
if($r === false) {
$result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL;
// Start fresh next time.
$r = q("DELETE FROM `user` WHERE `uid` = %d",
intval($newuid));
return $result;
}
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
`request`, `notify`, `poll`, `confirm`, `poco`, `name_date`, `uri_date`, `avatar_date`, `closeness` )
VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
intval($newuid),
datetime_convert(),
dbesc($username),
dbesc($nickname),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
dbesc($a->get_baseurl() . "/channel/$nickname"),
dbesc(normalise_link($a->get_baseurl() . "/channel/$nickname")),
dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
dbesc($a->get_baseurl() . "/poco/$nickname"),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert())
);
// Create a group with no members. This allows somebody to use it
// right away as a default group for new contacts.
require_once('include/group.php');
group_add($newuid, t('Friends'));
}
// if we have no OpenID photo try to look up an avatar
if(! strlen($photo))
$photo = avatar_img($email);
// unless there is no avatar-plugin loaded
if(strlen($photo)) {
require_once('include/Photo.php');
$photo_failure = false;
$filename = basename($photo);
$img_str = fetch_url($photo,true);
// guess mimetype from headers or filename
$type = guess_image_type($photo,true);
$img = new Photo($img_str, $type);
if($img->is_valid()) {
$img->scaleImageSquare(175);
$hash = photo_new_resource();
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
if($r === false)
$photo_failure = true;
$img->scaleImage(48);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
if($r === false)
$photo_failure = true;
if(! $photo_failure) {
q("UPDATE `photo` SET `profile` = 1 WHERE `resource_id` = '%s' ",
dbesc($hash)
);
}
}
}
call_hooks('register_account', $newuid);
$result['success'] = true;
$result['user'] = $u;
return $result;
}

42
include/zot.php
View File

@ -101,12 +101,13 @@ function zot_build_packet($channel,$type = 'notify',$recipients = null, $remote_
'version' => ZOT_REVISION
);
if($recipients)
$data['recipients'] = $recipients;
if($secret)
if($secret) {
$data['secret'] = $secret;
$data['secret_sig'] = base64url_encode(rsa_sign($secret,$channel['channel_prvkey']));
}
logger('zot_build_packet: ' . print_r($data,true));
@ -530,14 +531,35 @@ function import_xchan($arr) {
dbesc($xchan_hash)
);
if($r) {
if($r[0]['xchan_photo_date'] != $arr['photo_updated'])
$update_photos = true;
if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url'])) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s' where xchan_hash = '%s' limit 1",
$import_photos = true;
// if we import an entry from a site that's not ours and either or both of us is off the grid - hide the entry.
// TODO: check if we're the same directory realm, which would mean we are allowed to see it
$dirmode = get_config('system','directory_mode');
if((($arr['site']['directory_mode'] === 'standalone') || ($dirmode & DIRECTORY_MODE_STANDALONE))
&& ($arr['site']['url'] != z_root()))
$arr['searchable'] = false;
// Be careful - XCHAN_FLAGS_HIDDEN should evaluate to 1
if(($r[0]['xchan_flags'] & XCHAN_FLAGS_HIDDEN) != $arr['searchable'])
$new_flags = $r[0]['xchan_flags'] ^ XCHAN_FLAGS_HIDDEN;
else
$new_flags = $r[0]['xchan_flags'];
if(($r[0]['xchan_name_date'] != $arr['name_updated']) || ($r[0]['xchan_connurl'] != $arr['connections_url']) || ($r[0]['xchan_flags'] != $new_flags)) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s', xchan_connurl = '%s', xchan_flags = %d where xchan_hash = '%s' limit 1",
dbesc($arr['name']),
dbesc($arr['name_updated']),
dbesc($arr['connections_url']),
intval($new_flags),
dbesc($xchan_hash)
);
}
@ -901,16 +923,18 @@ function process_delivery($sender,$arr,$deliveries,$relay) {
$ev['uid'] = $channel['channel_id'];
$ev['account'] = $channel['channel_account_id'];
$ev['edited'] = $arr['edited'];
$ev['uri'] = $arr['uri'];
$ev['private'] = $arr['item_private'];
// is this an edit?
$r = q("SELECT * FROM event left join item on resource_id = event_hash WHERE resource_type = 'event' and
`uri` = '%s' AND event.uid = %d LIMIT 1",
$r = q("SELECT resource_id FROM item where uri = '%s' and uid = %d and resource_type = 'event' limit 1",
dbesc($arr['uri']),
intval($channel['channel_id'])
);
if($r)
$ev['event_hash'] = $r[0]['event_hash'];
if($r) {
$ev['event_hash'] = $r[0]['resource_id'];
}
dbg(1);
$xyz = event_store($ev);
dbg(0);

4
install/database.sql
View File

@ -630,8 +630,6 @@ CREATE TABLE IF NOT EXISTS `photo` (
`aid` int(10) unsigned NOT NULL DEFAULT '0',
`uid` int(10) unsigned NOT NULL,
`xchan` char(255) NOT NULL DEFAULT '',
`contact-id` int(10) unsigned NOT NULL DEFAULT '0',
`guid` char(64) NOT NULL,
`resource_id` char(255) NOT NULL,
`created` datetime NOT NULL,
`edited` datetime NOT NULL,
@ -652,7 +650,7 @@ CREATE TABLE IF NOT EXISTS `photo` (
`deny_gid` mediumtext NOT NULL,
PRIMARY KEY (`id`),
KEY `uid` (`uid`),
KEY `resource-id` (`resource_id`),
KEY `resource_id` (`resource_id`),
KEY `album` (`album`),
KEY `scale` (`scale`),
KEY `profile` (`profile`),

9
install/update.php
View File

@ -1,6 +1,6 @@
<?php
define( 'UPDATE_VERSION' , 1020 );
define( 'UPDATE_VERSION' , 1021 );
/**
*
@ -285,3 +285,10 @@ function update_r1019() {
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}
function update_r1020() {
$r = q("alter table photo drop `contact-id`, drop guid, drop index `resource-id`, add index ( `resource_id` )");
if($r)
return UPDATE_SUCCESS;
return UPDATE_FAILED;
}

2
library/jquery_ac/friendica.complete.js
View File

@ -242,6 +242,7 @@
} else if (!this.isBadQuery(q)) {
me = this;
me.options.params.query = q;
$('#nav-search-spinner').show();
$.get(this.serviceUrl, me.options.params, function(txt) { me.processResponse(txt); }, 'text');
}
},
@ -304,6 +305,7 @@
this.data = response.data;
this.suggest();
}
$('#nav-search-spinner').hide();
},
activate: function(index) {

97
mod/acl.php
View File

@ -5,6 +5,7 @@ require_once("include/acl_selectors.php");
function acl_init(&$a){
// logger('mod_acl: ' . print_r($_REQUEST,true));
$start = (x($_REQUEST,'start')?$_REQUEST['start']:0);
$count = (x($_REQUEST,'count')?$_REQUEST['count']:100);
@ -21,12 +22,11 @@ function acl_init(&$a){
}
if(! (local_user() || $type == 'x'))
return "";
if(!(local_user()))
if($type != 'x')
killme();
if ($search!=""){
if ($search != "") {
$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . ") ";
@ -150,18 +150,31 @@ function acl_init(&$a){
);
}
elseif($type == 'x') {
$r = q("SELECT xchan_name as id, xchan_name as name, xchan_photo_s as micro, xchan_url as url from xchan
where 1
$sql_extra3
ORDER BY `xchan_name` ASC ",
intval(local_user())
);
$r = navbar_complete($a);
$x = array();
$x['query'] = $search;
$x['photos'] = array();
$x['links'] = array();
$x['suggestions'] = array();
$x['data'] = array();
if($r) {
foreach($r as $g) {
$x['photos'][] = $g['photo'];
$x['links'][] = $g['url'];
$x['suggestions'][] = '@' . $g['name'];
$x['data'][] = $g['name'];
}
}
echo json_encode($x);
killme();
}
else
$r = array();
if($type == 'm' || $type == 'a' || $type == 'x') {
if($type == 'm' || $type == 'a') {
$x = array();
$x['query'] = $search;
$x['photos'] = array();
@ -172,7 +185,7 @@ function acl_init(&$a){
foreach($r as $g) {
$x['photos'][] = $g['micro'];
$x['links'][] = $g['url'];
$x['suggestions'][] = (($type === 'x') ? '@' : '') . $g['name'];
$x['suggestions'][] = $g['name'];
$x['data'][] = $g['id'];
}
}
@ -188,8 +201,8 @@ function acl_init(&$a){
"name" => $g['name'],
"id" => $g['id'],
"xid" => $g['hash'],
"link" => $g['url'],
"nick" => $g['nick'],
"link" => $g['nick'],
"nick" => substr($g['nick'],0,strpos($g['nick'],'@'))
);
}
}
@ -209,3 +222,57 @@ function acl_init(&$a){
}
function navbar_complete(&$a) {
// logger('navbar_complete');
$dirmode = intval(get_config('system','directory_mode'));
$search = ((x($_REQUEST,'query')) ? htmlentities($_REQUEST['query'],ENT_COMPAT,'UTF-8',false) : '');
if(! $search || mb_strlen($search) < 2)
return array();
$star = false;
$address = false;
if(substr($search,0,1) === '@')
$search = substr($search,1);
if(substr($search,0,1) === '*') {
$star = true;
$search = substr($search,1);
}
if(strpos($search,'@') !== false) {
$address = true;
}
if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
$url = z_root() . '/dirsearch';
}
if(! $url) {
$directory = find_upstream_directory($dirmode);
if($directory) {
$url = $directory['url'];
}
else {
$url = DIRECTORY_FALLBACK_MASTER . '/dirsearch';
}
}
if($url) {
$query = $url . '?f=' ;
$query .= '&name=' . urlencode($search) . '&limit=50' . (($address) ? '&address=' . urlencode($search) : '');
$x = z_fetch_url($query);
if($x['success']) {
$t = 0;
$j = json_decode($x['body'],true);
if($j && $j['results']) {
return $j['results'];
}
}
}
return array();
}

62
mod/chanview.php
View File

@ -1,9 +1,11 @@
<?php
require_once('include/Contact.php');
require_once('include/zot.php');
function chanview_content(&$a) {
$observer = $a->get_observer();
$xchan = null;
$r = null;
@ -13,6 +15,11 @@ function chanview_content(&$a) {
dbesc($_REQUEST['hash'])
);
}
if($_REQUEST['address']) {
$r = q("select * from xchan where xchan_addr = '%s' limit 1",
dbesc($_REQUEST['address'])
);
}
elseif(local_user() && intval($_REQUEST['cid'])) {
$r = q("SELECT abook.*, xchan.*
FROM abook left join xchan on abook_xchan = xchan_hash
@ -25,22 +32,61 @@ function chanview_content(&$a) {
$r = q("select * from xchan where xchan_url = '%s' limit 1",
dbesc($_REQUEST['url'])
);
if(! $r)
$r = array(array('xchan_url' => $_REQUEST['url']));
}
if($r) {
$xchan = $r[0];
if($xchan['xchan_hash'])
$a->set_widget('vcard',vcard_from_xchan($xchan));
}
else {
notice( t('No valid channel provided.') . EOL);
// Here, let's see if we have an xchan. If we don't, how we proceed is determined by what
// info we do have. If it's a URL, we can offer to visit it directly. If it's a webbie or
// address, we can and should try to import it. If it's just a hash, we can't continue, but we
// probably wouldn't have a hash if we don't already have an xchan for this channel.
if(! $xchan) {
logger('mod_chanview: fallback');
// This is hackish - construct a zot address from the url
if($_REQUEST['url']) {
if(preg_match('/https?\:\/\/(.*?)(\/channel\/|\/profile\/)(.*?)$/ism',$_REQUEST['url'],$matches)) {
$_REQUEST['address'] = $matches[3] . '@' . $matches[1];
}
logger('mod_chanview: constructed address ' . print_r($matches,true));
}
if($_REQUEST['address']) {
$ret = zot_finger($_REQUEST['address'],null);
if($ret['success']) {
$j = json_decode($ret['body'],true);
if($j)
import_xchan($j);
$r = q("select * from xchan where xchan_addr = '%s' limit 1",
dbesc($_REQUEST['address'])
);
if($r)
$xchan = $r[0];
}
}
}
if(! $xchan) {
notice( t('Channel not found.') . EOL);
return;
}
if($xchan['xchan_hash'])
$a->set_widget('vcard',vcard_from_xchan($xchan));
$url = (($observer)
? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
: $xchan['xchan_url']
);
$o = replace_macros(get_markup_template('chanview.tpl'),array(
'$url' => z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr']
'$url' => $url
));
return $o;

2
mod/connections.php
View File

@ -34,7 +34,7 @@ function connections_aside(&$a) {
$a->set_widget('follow', follow_widget());
}
$a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_id'] : '')));
$a->set_widget('collections', group_side('connnections','group',false,0,((array_key_exists('abook',$a->data)) ? $a->data['abook']['abook_xchan'] : '')));
$a->set_widget('findpeople',findpeople_widget());
}

22
mod/contactgroup.php
View File

@ -4,27 +4,27 @@ require_once('include/group.php');
function contactgroup_content(&$a) {
if(! local_user()) {
killme();
}
if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
intval($a->argv[2]),
intval(local_user())
if((argc() > 2) && (intval(argv(1))) && (argv(2))) {
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1",
dbesc(argv(2)),
intval(local_user()),
intval(ABOOK_FLAG_SELF)
);
if(count($r))
$change = intval($a->argv[2]);
if($r)
$change = $r[0]['abook_xchan'];
}
if(($a->argc > 1) && (intval($a->argv[1]))) {
if((argc() > 1) && (intval(argv(1)))) {
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
intval($a->argv[1]),
intval(argv(1)),
intval(local_user())
);
if(! count($r)) {
if(! $r) {
killme();
}
@ -33,7 +33,7 @@ function contactgroup_content(&$a) {
$preselected = array();
if(count($members)) {
foreach($members as $member)
$preselected[] = $member['id'];
$preselected[] = $member['xchan_hash'];
}
if($change) {

231
mod/directory.php
View File

@ -38,148 +38,145 @@ function directory_content(&$a) {
$dirmode = intval(get_config('system','directory_mode'));
// if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
// $localdir = true;
// return;
// }
// FIXME
$localdir = true;
if(! $localdir) {
if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
$url = z_root() . '/dirsearch';
}
if(! $url) {
$directory = find_upstream_directory($dirmode);
if($directory) {
$url = $directory['url'];
}
else {
$url = DIRECTORY_FALLBACK_MASTER . '/post';
$url = DIRECTORY_FALLBACK_MASTER . '/dirsearch';
}
}
if($localdir) {
if($url) {
$query = $url . '?f=' ;
if($search)
$search = dbesc($search);
$sql_extra = ((strlen($search)) ? " AND MATCH ( xchan_name, xchan_addr, xprof_desc, xprof_locale, xprof_region, xprof_country, xprof_gender, xprof_marital ) AGAINST ('$search' IN BOOLEAN MODE) " : "");
$query .= '&name=' . urlencode($search);
if(strpos($search,'@'))
$query .= '&address=' . urlencode($search);
// group_concat(xtag_term separator ', ') as tags
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash $sql_extra");
if($r)
$a->set_pager_total($r[0]['total']);
if($a->pager['page'] != 1)
$query .= '&p=' . $a->pager['page'];
$order = " ORDER BY `xchan_name` ASC ";
logger('mod_directory: query: ' . $query);
$x = z_fetch_url($query);
logger('directory: return from upstream: ' . print_r($x,true));
if($x['success']) {
$t = 0;
$j = json_decode($x['body'],true);
if($j) {
if($j['results']) {
$entries = array();
$photo = 'thumb';
foreach($j['results'] as $rr) {
$profile_link = chanlink_url($rr['url']);
$pdesc = (($rr['description']) ? $rr['description'] . '<br />' : '');
$details = '';
if(strlen($rr['locale']))
$details .= $rr['locale'];
if(strlen($rr['region'])) {
if(strlen($rr['locale']))
$details .= ', ';
$details .= $rr['region'];
}
if(strlen($rr['country'])) {
if(strlen($details))
$details .= ', ';
$details .= $rr['country'];
}
if(strlen($rr['birthday'])) {
if(($years = age($rr['birthday'],'UTC','')) != 0)
$details .= '<br />' . t('Age: ') . $years ;
}
if(strlen($rr['gender']))
$details .= '<br />' . t('Gender: ') . $rr['gender'];
$page_type = '';
$profile = $rr;
if ((x($profile,'locale') == 1)
|| (x($profile,'region') == 1)
|| (x($profile,'postcode') == 1)
|| (x($profile,'country') == 1))
$location = t('Location:');
$gender = ((x($profile,'gender') == 1) ? t('Gender:') : False);
$marital = ((x($profile,'marital') == 1) ? t('Status:') : False);
$homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False);
$about = ((x($profile,'about') == 1) ? t('About:') : False);
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash $sql_extra $order LIMIT %d , %d ",
intval($a->pager['start']),
intval($a->pager['itemspage'])
);
$entry = array(
'id' => ++$t,
'profile_link' => $profile_link,
'photo' => $rr['photo'],
'alttext' => $rr['name'] . ' ' . $rr['address'],
'name' => $rr['name'],
'details' => $pdesc . $details,
'profile' => $profile,
'location' => $location,
'gender' => $gender,
'pdesc' => $pdesc,
'marital' => $marital,
'homepage' => $homepage,
'about' => $about,
);
$arr = array('contact' => $rr, 'entry' => $entry);
call_hooks('directory_item', $arr);
$entries[] = $entry;
unset($profile);
unset($location);
if($r) {
}
$entries = array();
logger('mod_directory: entries: ' . print_r($entries,true), LOGGER_DATA);
$photo = 'thumb';
$o .= replace_macros($tpl, array(
'$search' => $search,
'$desc' => t('Find'),
'$finddsc' => t('Finding:'),
'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
'$entries' => $entries,
'$dirlbl' => t('Directory'),
'$submit' => t('Find')
));
foreach($r as $rr) {
$profile_link = chanlink_hash($rr['xchan_hash']);
$o .= alt_pager($a,$j['records'], t('more'), t('back'));
$pdesc = (($rr['xprof_desc']) ? $rr['xprof_desc'] . '<br />' : '');
$details = '';
if(strlen($rr['xprof_locale']))
$details .= $rr['xprof_locale'];
if(strlen($rr['xprof_region'])) {
if(strlen($rr['xprof_locale']))
$details .= ', ';
$details .= $rr['xprof_region'];
}
if(strlen($rr['xprof_country'])) {
if(strlen($details))
$details .= ', ';
$details .= $rr['xprof_country'];
else {
if($a->pager['page'] == 1 && $j['records'] == 0 && strpos($search,'@')) {
goaway(z_root() . '/chanview/?f=&address=' . $search);
}
info( t("No entries (some entries may be hidden).") . EOL);
}
if(strlen($rr['xprof_dob'])) {
if(($years = age($rr['xprof_dob'],'UTC','')) != 0)
$details .= '<br />' . t('Age: ') . $years ;
}
if(strlen($rr['xprof_gender']))
$details .= '<br />' . t('Gender: ') . $rr['xprof_gender'];
$page_type = '';
$profile = $rr;
if ((x($profile,'xprof_locale') == 1)
|| (x($profile,'xprof_region') == 1)
|| (x($profile,'xprof_postcode') == 1)
|| (x($profile,'xprof_country') == 1))
$location = t('Location:');
$gender = ((x($profile,'xprof_gender') == 1) ? t('Gender:') : False);
$marital = ((x($profile,'marital') == 1) ? t('Status:') : False);
$homepage = ((x($profile,'homepage') == 1) ? t('Homepage:') : False);
$about = ((x($profile,'about') == 1) ? t('About:') : False);
$t = 0;
$entry = array(
'id' => ++$t,
'profile_link' => $profile_link,
'photo' => $rr[xchan_photo_m],
'alttext' => $rr['xchan_name'],
'name' => $rr['xchan_name'],
'details' => $pdesc . $details,
'profile' => $profile,
'location' => $location,
'gender' => $gender,
'pdesc' => $pdesc,
'marital' => $marital,
'homepage' => $homepage,
'about' => $about,
);
$arr = array('contact' => $rr, 'entry' => $entry);
call_hooks('directory_item', $arr);
unset($profile);
unset($location);
$entries[] = $entry;
}
logger('entries: ' . print_r($entries,true));
$o .= replace_macros($tpl, array(
'$search' => $search,
'$desc' => t('Find'),
'$finddsc' => t('Finding:'),
'$safetxt' => htmlspecialchars($search,ENT_QUOTES,'UTF-8'),
'$entries' => $entries,
'$dirlbl' => t('Directory'),
'$submit' => t('Find')
));
$o .= paginate($a);
}
else
info( t("No entries (some entries may be hidden).") . EOL);
}
return $o;
}

59
mod/dirsearch.php
View File

@ -4,7 +4,7 @@ require_once('include/dir_fns.php');
function dirsearch_init(&$a) {
$a->set_pager_itemspage(60);
$a->set_pager_itemspage(80);
}
@ -14,16 +14,12 @@ function dirsearch_content(&$a) {
// If you've got a public directory server, you probably shouldn't block public access
if((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
$ret['message'] = t('Public access denied.');
return;
}
$dirmode = intval(get_config('system','directory_mode'));
if($dirmode == DIRECTORY_MODE_NORMAL) {
$ret['message'] = t('This site is not a directory server');
return;
json_return_and_die($ret);
}
$name = ((x($_REQUEST,'name')) ? $_REQUEST['name'] : '');
@ -36,49 +32,66 @@ function dirsearch_content(&$a) {
$marital = ((x($_REQUEST,'marital')) ? $_REQUEST['marital'] : '');
$keywords = ((x($_REQUEST,'keywords')) ? $_REQUEST['keywords'] : '');
// TODO - a meta search which joins all of these things to one search string
$sql_extra = '';
if($name)
$sql_extra .= " AND xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' ";
if($addr)
$sql_extra .= " AND xchan_addr like '" . protect_sprintf( '%' . dbesc($addr) . '%' ) . "' ";
$sql_extra .= " OR xchan_name like '" . protect_sprintf( '%' . dbesc($name) . '%' ) . "' ";
if($address)
$sql_extra .= " OR xchan_addr like '" . protect_sprintf( '%' . dbesc($address) . '%' ) . "' ";
if($city)
$sql_extra .= " AND xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' ";
$sql_extra .= " OR xprof_locale like '" . protect_sprintf( '%' . dbesc($city) . '%' ) . "' ";
if($region)
$sql_extra .= " AND xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' ";
$sql_extra .= " OR xprof_region like '" . protect_sprintf( '%' . dbesc($region) . '%' ) . "' ";
if($post)
$sql_extra .= " AND xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' ";
$sql_extra .= " OR xprof_postcode like '" . protect_sprintf( '%' . dbesc($post) . '%' ) . "' ";
if($country)
$sql_extra .= " AND xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' ";
$sql_extra .= " OR xprof_country like '" . protect_sprintf( '%' . dbesc($country) . '%' ) . "' ";
if($gender)
$sql_extra .= " AND xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' ";
$sql_extra .= " OR xprof_gender like '" . protect_sprintf( '%' . dbesc($gender) . '%' ) . "' ";
if($marital)
$sql_extra .= " AND xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' ";
$sql_extra .= " OR xprof_marital like '" . protect_sprintf( '%' . dbesc($marital) . '%' ) . "' ";
if($keywords)
$sql_extra .= " AND xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' ";
$sql_extra .= " OR xprof_keywords like '" . protect_sprintf( '%' . dbesc($keywords) . '%' ) . "' ";
$perpage = (($_REQUEST['n']) ? $_REQUEST['n'] : 80);
$page = (($_REQUEST['p']) ? intval($_REQUEST['p'] - 1) : 0);
$startrec = (($page+1) * $perpage) - $perpage;
$limit = (($_REQUEST['limit']) ? intval($_REQUEST['limit']) : 0);
$return_total = ((x($_REQUEST,'return_total')) ? intval($_REQUEST['return_total']) : 0);
// ok a separate tag table won't work.
// merge them into xprof
$ret['success'] = true;
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra");
if($r) {
$ret['total_items'] = $r[0]['total'];
// If &limit=n, return at most n entries
// If &return_total=1, we count matching entries and return that as 'total_items' for use in pagination.
// By default we return one page (default 80 items maximum) and do not count total entries
$logic = ((strlen($sql_extra)) ? 0 : 1);
dbg(1);
if($limit)
$qlimit = " LIMIT $limit ";
else {
$qlimit = " LIMIT " . intval($startrec) . " , " . intval($perpage);
if($return_total) {
$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d) ",
intval(XCHAN_FLAGS_HIDDEN)
);
if($r) {
$ret['total_items'] = $r[0]['total'];
}
}
}
$order = " ORDER BY `xchan_name` ASC ";
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where 1 $sql_extra $order LIMIT %d , %d ",
intval($startrec),
intval($perpage)
$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and not ( xchan_flags & %d ) $order $qlimit ",
intval(XCHAN_FLAGS_HIDDEN)
);
dbg(0);
$ret['page'] = $page + 1;
$ret['records'] = count($r);

4
mod/group.php
View File

@ -201,7 +201,7 @@ function group_content(&$a) {
$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
foreach($members as $member) {
if($member['xchan_url']) {
$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;';
$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;';
$groupeditor['members'][] = micropro($member,true,'mpgroup', $textmode);
}
else
@ -219,7 +219,7 @@ function group_content(&$a) {
$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
foreach($r as $member) {
if(! in_array($member['xchan_hash'],$preselected)) {
$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return true;';
$member['click'] = 'groupChangeMember(' . $group['id'] . ',\'' . $member['xchan_hash'] . '\',\'' . $sec_token . '\'); return false;';
$groupeditor['contacts'][] = micropro($member,true,'mpall', $textmode);
}
}

7
mod/intro.php
View File

@ -6,9 +6,10 @@ function intro_post(&$a) {
if(! intval($_REQUEST['contact_id']))
return;
$approved = false;
$flags = 0;
if($_REQUEST['submit'] == t('Approve')) {
;
$approved = true;
}
elseif($_REQUEST['submit'] == t('Block')) {
$flags = ABOOK_FLAG_BLOCKED;
@ -29,6 +30,10 @@ function intro_post(&$a) {
else
notice( t('Connection update failed.') . EOL);
if($approved)
goaway(z_root() . '/connections/' . $_REQUEST['contact_id']);
}
function intro_aside(&$a) {

26
mod/item.php
View File

@ -889,29 +889,33 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
}
}
if($tagcid) { //if there was an id
//select contact with that id from the logged in user's contact list
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash
WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
intval($tagcid),
intval($profile_uid)
);
}
else {
$newname = str_replace('_',' ',$name);
//select someone from this user's contacts by name
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM abook left join xchan on abook_xchan - xchan_hash
WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1",
dbesc($newname),
intval($profile_uid)
);
if(! $r) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
/* $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
dbesc($name),
dbesc($name),
intval($profile_uid)
);
}
*/ }
}
/* } elseif(strstr($name,'_') || strstr($name,' ')) { //no id
//get the real name
@ -931,16 +935,8 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
}*/
//$r is set, if someone could be selected
if(count($r)) {
$profile = $r[0]['url'];
//set newname to nick, find alias
if($r[0]['network'] === 'stat') {
$newname = $r[0]['nick'];
$stat = true;
if($r[0]['alias'])
$alias = $r[0]['alias'];
}
else
$newname = $r[0]['name'];
$profile = chanlink_url($r[0]['xchan_url']);
$newname = $r[0]['xchan_name'];
//add person's id to $inform
if(strlen($inform))
$inform .= ',';
@ -952,7 +948,7 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
$replaced = true;
//create profile link
$profile = str_replace(',','%2c',$profile);
$url = $profile;
$url = chanlink_url($profile);
$newtag = '@[url=' . $profile . ']' . $newname . '[/url]';
$body = str_replace('@' . $name, $newtag, $body);
//append tag to str_tags

50
mod/lockview.php
View File

@ -3,12 +3,12 @@
function lockview_content(&$a) {
$type = (($a->argc > 1) ? $a->argv[1] : 0);
$type = ((argc() > 1) ? argv(1) : 0);
if (is_numeric($type)) {
$item_id = intval($type);
$type='item';
} else {
$item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0);
$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
}
if(! $item_id)
@ -17,20 +17,20 @@ function lockview_content(&$a) {
if (!in_array($type, array('item','photo','event')))
killme();
$r = q("SELECT * FROM `%s` WHERE `id` = %d LIMIT 1",
$r = q("SELECT * FROM %s WHERE id = %d LIMIT 1",
dbesc($type),
intval($item_id)
);
if(! count($r))
if(! $r)
killme();
$item = $r[0];
if($item['uid'] != local_user())
killme();
if(($item['private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid']))
&& (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) {
echo t('Remote privacy information not available.') . '<br />';
killme();
}
@ -43,40 +43,34 @@ function lockview_content(&$a) {
$o = t('Visible to:') . '<br />';
$l = array();
stringify_array_elms($allowed_groups,true);
stringify_array_elms($allowed_users,true);
stringify_array_elms($deny_groups,true);
stringify_array_elms($deny_users,true);
if(count($allowed_groups)) {
$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
dbesc(implode(', ', $allowed_groups))
);
if(count($r))
$r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
if($r)
foreach($r as $rr)
$l[] = '<b>' . $rr['name'] . '</b>';
}
if(count($allowed_users)) {
$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
dbesc(implode(', ',$allowed_users))
);
if(count($r))
$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ',$allowed_users) . " )");
if($r)
foreach($r as $rr)
$l[] = $rr['name'];
$l[] = $rr['xchan_name'];
}
if(count($deny_groups)) {
$r = q("SELECT `name` FROM `group` WHERE `id` IN ( %s )",
dbesc(implode(', ', $deny_groups))
);
if(count($r))
$r = q("SELECT name FROM group WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
if($r)
foreach($r as $rr)
$l[] = '<b><strike>' . $rr['name'] . '</strike></b>';
}
if(count($deny_users)) {
$r = q("SELECT `name` FROM `contact` WHERE `id` IN ( %s )",
dbesc(implode(', ',$deny_users))
);
if(count($r))
$r = q("SELECT xchan_name FROM xchan WHERE xchan_hash IN ( " . implode(', ', $deny_users) . " )");
if($r)
foreach($r as $rr)
$l[] = '<strike>' . $rr['name'] . '</strike>';
$l[] = '<strike>' . $rr['xchan_name'] . '</strike>';
}
echo $o . implode(', ', $l);

130
mod/magic.php
View File

@ -4,58 +4,81 @@
function magic_init(&$a) {
$url = ((x($_REQUEST,'url')) ? $_REQUEST['url'] : '');
$addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : '');
$hash = ((x($_REQUEST,'hash')) ? $_REQUEST['hash'] : '');
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
if($hash) {
$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
where hublock_hash = '%s' and (hubloc_flags & %d) limit 1",
intval(HUBLOC_FLAGS_PRIMARY)
);
}
elseif($addr) {
$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
dbesc($addr),
intval(HUBLOC_FLAGS_PRIMARY)
);
}
if(! $x) {
// Finger them if they've never been seen here before
if($addr) {
$ret = zot_finger($addr,null);
if($ret['success']) {
$j = json_decode($ret['body'],true);
if($j)
import_xchan($j);
$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
dbesc($addr),
intval(HUBLOC_FLAGS_PRIMARY)
);
}
}
}
if(! $x) {
notice( t('Channel not found.') . EOL);
return;
}
if($x[0]['hubloc_url'] === z_root()) {
$webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr']));
switch($dest) {
case 'channel':
$desturl = z_root() . '/channel/' . $webbie;
break;
case 'photos':
$desturl = z_root() . '/photos/' . $webbie;
break;
case 'profile':
$desturl = z_root() . '/profile/' . $webbie;
break;
default:
$desturl = $dest;
break;
}
// We are already authenticated on this site and a registered observer.
// Just redirect.
goaway($desturl);
}
if(local_user()) {
if($hash) {
$x = q("select xchan.xchan_url, hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
where hublock_hash = '%s' and (hubloc_flags & %d) limit 1",
intval(HUBLOC_FLAGS_PRIMARY)
);
}
elseif($addr) {
$x = q("select hubloc.* from xchan left join hubloc on xchan_hash = hubloc_hash
where xchan_addr = '%s' and (hubloc_flags & %d) limit 1",
dbesc($addr),
intval(HUBLOC_FLAGS_PRIMARY)
);
}
if(! $x) {
notice( t('Channel not found.') . EOL);
return;
}
if($x[0]['hubloc_url'] === z_root()) {
$webbie = substr($x[0]['hubloc_addr'],0,strpos('@',$x[0]['hubloc_addr']));
switch($dest) {
case 'channel':
$desturl = z_root() . '/channel/' . $webbie;
break;
case 'photos':
$desturl = z_root() . '/photos/' . $webbie;
break;
case 'profile':
$desturl = z_root() . '/profile/' . $webbie;
break;
default:
$desturl = $dest;
break;
}
// We are already authenticated on this site and a registered observer.
// Just redirect.
goaway($desturl);
}
$channel = $a->get_channel();
$token = random_string();
$token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
$channel['token'] = $token;
$channel['token_sig'] = $token_sig;
$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
$channel = $a->get_channel();
$hash = random_string();
$r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')",
@ -66,25 +89,12 @@ function magic_init(&$a) {
dbesc(datetime_convert())
);
$packet = zot_build_packet($channel,'auth',$recip,$x[0]['hubloc_sitekey'],$hash);
$result = zot_zot($x[0]['hubloc_callback'],$packet);
if($result['success']) {
$j = json_decode($result['body'],true);
if($j['iv']) {
$y = aes_unencapsulate($j,$channel['prvkey']);
$j = json_decode($y,true);
}
if($j['token'] && $j['ticket'] && $j['token'] === $token) {
$r = q("delete from verify where token = '%s' and type = '%s' and channel = %d limit 1",
dbesc($token),
dbesc('auth'),
intval($channel['channel_id'])
);
goaway($x[0]['callback'] . '?f=&ticket=' . $ticket . '&dest=' . $dest);
}
}
goaway($dest);
goaway($x[0]['hubloc_callback'] . '/' . substr($x[0]['hubloc_addr'],0,strpos($x[0]['hubloc_addr'],'@'))
. '/?f=&auth=' . $channel['channel_address'] . '@' . $a->get_hostname()
. '&sec=' . $token . '&dest=' . $dest . '&version=' . ZOT_REVISION);
}
if(strpos($dest,'/'))
goaway($dest);
goaway(z_root());
}

11
mod/photos.php
View File

@ -30,7 +30,7 @@ function photos_init(&$a) {
$o .= '<div class="vcard">';
$o .= '<div class="fn">' . $a->data['channel']['channel_name'] . '</div>';
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_cached_avatar_image($a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id']) . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
$o .= '<div id="profile-photo-wrapper"><img class="photo" style="width: 175px; height: 175px;" src="' . $a->get_baseurl() . '/photo/profile/l/' . $a->data['channel']['channel_id'] . '" alt="' . $a->data['channel']['channel_name'] . '" /></div>';
$o .= '</div>';
@ -790,7 +790,9 @@ function photos_post(&$a) {
$photo_hash = photo_new_resource();
$r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$page_owner_aid = $a->data['channel']['channel_account_id'];
$r = $ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if(! $r) {
logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG);
@ -800,13 +802,13 @@ function photos_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
$ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store($page_owner_aid, $page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
@ -928,6 +930,7 @@ function photos_content(&$a) {
$contact_id = 0;
$owner_uid = $a->data['channel']['channel_id'];
$owner_aid = $a->data['channel']['channel_account_id'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);

3
mod/poco.php
View File

@ -7,7 +7,6 @@ function poco_init(&$a) {
if(intval(get_config('system','block_public')))
http_status_exit(401);
$observer = $a->get_observer();
if(argc() > 1) {
@ -15,7 +14,7 @@ function poco_init(&$a) {
}
if(! x($user)) {
$c = q("select * from pconfig where cat = 'system' and k = 'suggestme' and v = 1");
if(! count($c))
if(! $c)
http_status_exit(401);
$system_mode = true;
}

152
mod/post.php
View File

@ -7,6 +7,111 @@
require_once('include/zot.php');
function post_init(&$a) {
// All other access to this endpoint is via the post method.
// Here we will pick out the magic auth params which arrive
// as a get request.
if(argc() > 1) {
$webbie = argv(1);
if(array_key_exists('auth',$_REQUEST)) {
$address = $_REQUEST['auth'];
$dest = $_REQUEST['dest'];
$sec = $_REQUEST['sec'];
$version = $_REQUEST['version'];
switch($dest) {
case 'channel':
$desturl = z_root() . '/channel/' . $webbie;
break;
case 'photos':
$desturl = z_root() . '/photos/' . $webbie;
break;
case 'profile':
$desturl = z_root() . '/profile/' . $webbie;
break;
default:
$desturl = $dest;
break;
}
$c = q("select * from channel where channel_address = '%s' limit 1",
dbesc($webbie)
);
if(! $c) {
logger('mod_zot: auth: unable to find channel ' . $webbie);
// They'll get a notice when they hit the page, we don't need two.
goaway($desturl);
}
// Try and find a hubloc for the person attempting to auth
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
dbesc($address)
);
if(! $x) {
// finger them if they can't be found.
$ret = zot_finger($addr,null);
if($ret['success']) {
$j = json_decode($ret['body'],true);
if($j)
import_xchan($j);
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
dbesc($address)
);
}
}
if(! $x)
goaway($desturl);
// check credentials and access
// Auth packets MUST use ultra top-secret hush-hush mode
$p = zot_build_packet($c[0],$type = 'auth_check',array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec);
$result = zot_zot($x[0]['hubloc_callback'],$p);
if($result['success']) {
$j = json_decode($result['body'],true);
if($j['result']) {
// everything is good... maybe
if(local_user()) {
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry') . EOL);
goaway($desturl);
}
// log them in
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$a->set_observer($x[0]);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
}
}
goaway($desturl);
}
logger('mod_zot: invalid args: ' . print_r($a->argv,true));
killme();
}
return;
}
function post_post(&$a) {
logger('mod_zot: ' . print_r($_REQUEST,true), LOGGER_DEBUG);
@ -165,6 +270,51 @@ function post_post(&$a) {
}
if($msgtype === 'auth_check') {
$arr = $data['sender'];
$sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
dbesc($sender_hash)
);
if((! $y) || (! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$y[0]['xchan_pubkey']))) {
logger('mod_zot: auth_check: sender not found or secret_sig invalid.');
json_return_and_die($ret);
}
if($data['recipients']) {
$arr = $data['recipients'][0];
$recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
$c = q("select channel_id from channel where channel_hash = '%s' limit 1",
dbesc($recip_hash)
);
if(! $c) {
logger('mod_zot: auth_check: recipient channel not found.');
json_return_and_die($ret);
}
$z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' limit 1",
intval($c[0]['channel_id']),
dbesc($data['secret'])
);
if(! $z) {
logger('mod_zot: auth_check: verification key not found.');
json_return_and_die($ret);
}
$r = q("delete from verify where id = %d limit 1",
intval($z[0]['id'])
);
$ret['result'] = true;
json_return_and_die($ret);
}
json_return_and_die($ret);
}
// catchall
json_return_and_die($ret);
}

11
mod/profile_photo.php
View File

@ -81,8 +81,9 @@ function profile_photo_post(&$a) {
$im = new Photo($base_image['data'], $base_image['type']);
if($im->is_valid()) {
$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
$aid = get_account_id();
$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'],
$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'],
t('Profile Photos'), 4, $is_default_profile);
if($r === false)
@ -90,7 +91,7 @@ function profile_photo_post(&$a) {
$im->scaleImage(80);
$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'],
$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'],
t('Profile Photos'), 5, $is_default_profile);
if($r === false)
@ -98,7 +99,7 @@ function profile_photo_post(&$a) {
$im->scaleImage(48);
$r = $im->store(local_user(), 0, $base_image['resource_id'],$base_image['filename'],
$r = $im->store($aid, local_user(), '', $base_image['resource_id'],$base_image['filename'],
t('Profile Photos'), 6, $is_default_profile);
if($r === false)
@ -308,7 +309,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
$smallest = 0;
$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 0 );
$r = $ph->store(get_account_id(), local_user(), '', $hash, $filename, t('Profile Photos'), 0 );
if($r)
info( t('Image uploaded successfully.') . EOL );
@ -317,7 +318,7 @@ function profile_photo_crop_ui_head(&$a, $ph){
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store(local_user(), 0 , $hash, $filename, t('Profile Photos'), 1 );
$r = $ph->store(get_account_id(), local_user(), '' , $hash, $filename, t('Profile Photos'), 1 );
if($r === false)
notice( sprintf(t('Image size reduction [%s] failed.'),"640") . EOL );

2
mod/profiles.php
View File

@ -620,7 +620,7 @@ function profiles_content(&$a) {
foreach($r as $rr) {
$o .= replace_macros($tpl, array(
'$photo' => $a->get_cached_avatar_image($rr['thumb']),
'$photo' => $rr['thumb'],
'$id' => $rr['id'],
'$alt' => t('Profile Image'),
'$profile_name' => $rr['profile_name'],

12
mod/search.php
View File

@ -113,8 +113,13 @@ function search_content(&$a) {
$search = substr($search,1);
}
if(strpos($search,'@') === 0) {
require_once('mod/dirfind.php');
return dirfind_content($a);
$search = substr($search,1);
goaway(z_root() . '/directory' . '?f=1&search=' . $search);
}
// look for a naked webbie
if(strpos($search,'@') !== false) {
goaway(z_root() . '/directory' . '?f=1&search=' . $search);
}
if(! $search)
@ -186,11 +191,10 @@ function search_content(&$a) {
if($load) {
$r = q("SELECT distinct(uri), item.* from item
WHERE item_restrict = 0
AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND not ( item_flags & %d ))
AND (( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 )
OR ( `item`.`uid` = %d ))
$sql_extra
group by uri ORDER BY created DESC $pager_sql ",
intval(ITEM_PRIVATE),
intval(local_user()),
intval(ABOOK_FLAG_BLOCKED)

73
mod/wall_attach.php
View File

@ -13,13 +13,13 @@ function wall_attach_post(&$a) {
$r = q("SELECT channel.* from channel where channel_address = '%s' limit 1",
dbesc($nick)
);
if(! ($r && count($r)))
return;
if(! $r)
killme();
$channel = $r[0];
}
else
return;
killme();
$can_post = false;
@ -29,43 +29,10 @@ function wall_attach_post(&$a) {
$page_owner_uid = $channel['channel_id'];
$observer = $a->get_observer();
// $page_owner_cid = $r[0]['id'];
// $page_owner_nick = $r[0]['nickname'];
// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $page_owner_uid))
$can_post = true;
// FIXME for forum and guests
// else {
// if($community_page && remote_user()) {
// $cid = 0;
// if(is_array($_SESSION['remote'])) {
// foreach($_SESSION['remote'] as $v) {
// if($v['uid'] == $page_owner_uid) {
// $cid = $v['cid'];
// break;
// }
// }
// }
// if($cid) {//
// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
// intval($cid),
// intval($page_owner_uid)
// );
// if(count($r)) {
// $can_post = true;
// $visitor = $cid;
// }
// }
// }
// }
if(! $can_post) {
notice( t('Permission denied.') . EOL );
if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'write_storage')) {
notice( t('Permission denied.') . EOL);
killme();
}
@ -81,28 +48,28 @@ function wall_attach_post(&$a) {
if(($maxfilesize) && ($filesize > $maxfilesize)) {
notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
@unlink($src);
return;
}
$r = q("select sum(octet_length(data)) as total from attach where uid = %d ",
intval($page_owner_uid)
);
$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
echo upgrade_message(true) . EOL ;
@unlink($src);
killme();
}
$limit = service_class_fetch($page_owner_uid,'attach_upload_limit');
if($limit !== false) {
$r = q("select sum(filesize) as total from attach where uid = %d ",
intval($page_owner_uid)
);
if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
echo upgrade_message(true) . EOL ;
@unlink($src);
killme();
}
}
$filedata = @file_get_contents($src);
$mimetype = z_mime_content_type($filename);
$hash = random_string();
$created = datetime_convert();
$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
$r = q("INSERT INTO `attach` ( `aid`, `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
VALUES ( %d, %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
intval($channel['channel_account_id']),
intval($page_owner_uid),
dbesc($hash),
dbesc($filename),

153
mod/wall_upload.php
View File

@ -2,73 +2,59 @@
require_once('Photo.php');
function wall_upload_post(&$a) {
if(argc() > 1) {
if(! x($_FILES,'media')) {
$using_api = ((x($_FILES,'media')) ? true : false);
if($using_api) {
require_once('include/api.php');
$user_info = api_get_user($a);
$nick = $user_info['screen_name'];
}
else {
if(argc() > 1)
$nick = argv(1);
}
else {
$user_info = api_get_user($a);
$nick = $user_info['screen_name'];
}
}
$channel = null;
if($nick) {
$r = q("SELECT channel.* from channel where channel_address = '%s' limit 1",
dbesc($nick)
);
if(! ($r && count($r)))
return;
$channel = $r[0];
if($r)
$channel = $r[0];
}
else
return;
if(! $channel) {
if($using_api)
return;
else {
notice( t('Channel not found.') . EOL);
killme();
}
}
$can_post = false;
$visitor = 0;
$page_owner_uid = $r[0]['channel_id'];
// $default_cid = $r[0]['id'];
$page_owner_nick = $r[0]['channel_address'];
$observer = $a->get_observer();
// $community_page = (($r[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
if((local_user()) && (local_user() == $page_owner_uid))
$can_post = true;
// else {
// if($community_page && remote_user()) {
// $cid = 0;
// if(is_array($_SESSION['remote'])) {
// foreach($_SESSION['remote'] as $v) {
// if($v['uid'] == $page_owner_uid) {
// $cid = $v['cid'];
// break;
// }
// }
// }
// if($cid) {
// $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
// intval($cid),
// intval($page_owner_uid)
// );
// if(count($r)) {
// $can_post = true;
// $visitor = $cid;
// }
// }
// }
// }
if(! $can_post) {
notice( t('Permission denied.') . EOL );
killme();
if(! perm_is_allowed($page_owner_uid,$observer['xchan_hash'],'post_photos')) {
if($using_api)
return;
else {
notice( t('Permission denied.') . EOL);
killme();
}
}
if(! x($_FILES,'userfile') && ! x($_FILES,'media'))
killme();
if(x($_FILES,'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
@ -81,36 +67,58 @@ function wall_upload_post(&$a) {
$filesize = intval($_FILES['media']['size']);
$filetype = $_FILES['media']['type'];
}
else {
if($using_api)
return;
else {
notice( t('Empty upload.') . EOL);
killme();
}
}
if ($filetype=="") $filetype=guess_image_type($filename);
if($filetype == "")
$filetype=guess_image_type($filename);
$maximagesize = get_config('system','maximagesize');
if(($maximagesize) && ($filesize > $maximagesize)) {
echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
@unlink($src);
killme();
if($using_api)
return;
else {
echo sprintf( t('Image exceeds size limit of %d'), $maximagesize) . EOL;
killme();
}
}
$r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ",
intval($page_owner_uid)
);
$limit = service_class_fetch($page_owner_uid,'photo_upload_limit');
if(($limit !== false) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
echo upgrade_message(true) . EOL ;
@unlink($src);
killme();
if($limit !== false) {
$r = q("select sum(size) as total from photo where uid = %d and scale = 0 ",
intval($page_owner_uid)
);
if(($r) && (($r[0]['total'] + strlen($imagedata)) > $limit)) {
@unlink($src);
if($using_api)
return;
else {
echo upgrade_message(true) . EOL ;
killme();
}
}
}
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata, $filetype);
if(! $ph->is_valid()) {
echo ( t('Unable to process image.') . EOL);
@unlink($src);
killme();
if($using_api)
return;
else {
echo ( t('Unable to process image.') . EOL);
killme();
}
}
$ph->orient($src);
@ -130,31 +138,36 @@ function wall_upload_post(&$a) {
$smallest = 0;
$defperm = '<' . $channel['channel_hash'] . '>';
$aid = $channel['channel_account_id'];
$visitor = ((remote_user()) ? remote_user() : '');
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
if(! $r) {
echo ( t('Image upload failed.') . EOL);
killme();
if($using_api)
return;
else {
echo ( t('Image upload failed.') . EOL);
killme();
}
}
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
if($r)
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
$r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
$r = $ph->store($aid, $page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
if($r)
$smallest = 2;
}
$basename = basename($filename);
if($_REQUEST['silent']) {
$m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}.".$ph->getExt()."[/img][/url]";
return($m);

6
mod/zfinger.php
View File

@ -72,8 +72,8 @@ function zfinger_init(&$a) {
$id = $e['channel_id'];
$searchable = (($e['channel_pageflags'] & PAGE_HIDDEN) ? false : true);
if($e['xchan_flags'] & XCHAN_FLAGS_HIDDEN)
$searchable = false;
// This is for birthdays and keywords, but must check access permissions
$p = q("select * from profile where uid = %d and is_default = 1",
@ -180,7 +180,7 @@ function zfinger_init(&$a) {
elseif($dirmode == DIRECTORY_MODE_STANDALONE)
$ret['site']['directory_mode'] = 'standalone';
if($dirmode != DIRECTORY_MODE_NORMAL)
$ret['site']['directory_url'] = z_root() . '/dir';
$ret['site']['directory_url'] = z_root() . '/dirsearch';
json_return_and_die($ret);

2
version.inc
View File

@ -1 +1 @@
2013-01-16.202
2013-01-22.208

159
view/theme/redbasic/css/style.css
View File

@ -1,17 +1,22 @@
/**
* duepuntozero Frindika style
* Fabio Comuni <fabrix.xm@gmail.com>
* Redbasic
*
* Based on duepuntozero Friendica style
* by Fabio Comuni <fabrix.xm@gmail.com>
*/
/* generals */
body {
font-family: helvetica,arial,freesans,clean,sans-serif;
font-family: arial,freesans,clean,sans-serif;
font-size: 12px;
background-color: #ffffff;
color: #000000;
margin: 0px;
}
.jslider {
font-family: arial,freesans,clean,sans-serif;
}
abbr {
border-bottom: none;
@ -19,7 +24,7 @@ abbr {
aside {
border: none;
color: #d00;
color: #0080FF;
}
/* icons */
@ -64,7 +69,7 @@ color: #d00;
background-image: url("../img/network.png");
min-width: 22px;
height: 22px;
margin-top: -4px;
margin-top: -3px;
background-position: left center;
padding: 1px;
}
@ -96,8 +101,13 @@ color: #d00;
padding: 1px;
}
a, a:visited, a:link, .fakelink, .fakelink:visited, .fakelink:link { color: #dd0000; text-decoration: none; }
a:hover, .fakelink:hover { color: #dd0000; text-decoration: underline; }
a, a:visited, a:link, .fakelink, .fakelink:visited, .fakelink:link {
font-weight: bold;
color: #0080FF;
text-decoration: none;
}
a:hover, .fakelink:hover { color: #44AAFF; text-decoration: underline; }
.fakelink {
cursor: pointer;
@ -336,11 +346,6 @@ footer {
font-weight: bold;
}
div.wall-item-content-wrapper.shiny {
background: #f4f4f4;
border: none;
}
.preview {
background: lightyellow;
}
@ -660,12 +665,11 @@ input#dfrn-url {
padding: 0px 0px 5px 0px;
font-size: 120%;
font-weight: bold;
color: #dd0000;
color: #0080FF;
}
.vcard .title {
margin-bottom: 5px;
margin-left: 12px;
}
.vcard dl {
@ -1063,9 +1067,9 @@ input#dfrn-url {
margin-top: 10px;
position: relative;
background: #fff;
border-radius: 5px;
/* border-radius: 5px; */
/* box-shadow: 12px 12px 12px #111; */
border: 1px solid #eec;
border-left: 1px solid #eec;
}
.wall-item-content-wrapper.comment {
@ -1266,7 +1270,6 @@ input#dfrn-url {
.wall-item-tools {
clear: both;
background: #eee;
padding: 5px 10px;
}
@ -1409,7 +1412,7 @@ input#dfrn-url {
font-size: 1.2em;
height: auto;
width: auto;
background-color: #dd0000;
background-color: #0080FF;
border-radius: 5px;
border: 2px outset;
box-shadow: 5px 5px 5px #666;
@ -1876,7 +1879,7 @@ tr.mceLast {
#profile-jot-submit {
height: auto;
background-color: #dd0000;
background-color: #0080FF;
color: #eeeeec;
font-weight: bold;
-webkit-border-radius: 5px;
@ -2569,6 +2572,13 @@ aside input[type='text'] {
margin-top: 4px;
}
#nav-search-spinner {
float: right;
margin-top: 8px;
margin-left: 5px;
margin-right: 5px;
}
#nav-search-text:hover {
background-color: #FFF;
color: #000;
@ -3584,8 +3594,9 @@ nav .nav-menu {
nav .nav-menu.selected {
border-bottom: 4px solid #CCCCCC;
}
nav .nav-notify {
background-color: #0d0;
background-color: #0080FF;
color: #fff;
-moz-border-radius: 5px 5px 5px 5px;
-webkit-border-radius: 5px 5px 5px 5px;
@ -3622,7 +3633,7 @@ ul.menu-popup {
position: absolute;
display: none;
width: 10em;
background: #dd0000;
background: #0080FF;
color: #eec;
padding: 0px;
list-style: none;
@ -3634,13 +3645,15 @@ ul.menu-popup {
}
ul.menu-popup a {
display: block;
color: #eec;
color: #;
padding: 5px 10px;
text-decoration: none;
}
ul.menu-popup a:hover {
background-color: #eec;
color: #d00;
background-color: #888888;
color: #000000;
}
ul.menu-popup .menu-sep {
border-top: 1px solid #9eabb0;
@ -3772,3 +3785,101 @@ ul.menu-popup {
.tabs-end {
clear: both;
}
#acl-wrapper {
width: 690px;
float:left;
}
#acl-search {
float:right;
background: #ffffff url("../../../../images/search_18.png") no-repeat right center;
padding-right:20px;
}
#acl-showall {
float: left;
display: block;
width: auto;
height: 18px;
background-color: #cccccc;
background-image: url("../../../../images/show_all_off.png");
background-position: 7px 7px;
background-repeat: no-repeat;
padding: 7px 5px 0px 30px;
-webkit-border-radius: 5px ;
-moz-border-radius: 5px;
border-radius: 5px;
color: #999999;
}
#acl-showall.selected {
color: #000000;
background-color: #ff9900;
background-image: url("../../../../images/show_all_on.png");
}
#acl-list {
height: 210px;
border: 1px solid #cccccc;
clear: both;
margin-top: 30px;
overflow: auto;
}
#acl-list-content {
}
.acl-list-item {
display: block;
width: 150px;
height: 30px;
border: 1px solid #cccccc;
margin: 5px;
float: left;
}
.acl-list-item img{
width:22px;
height: 22px;
float: left;
margin: 4px;
}
.acl-list-item p { height: 12px; font-size: 10px; margin: 0px; padding: 2px 0px 1px; overflow: hidden;}
.acl-list-item a {
font-size: 8px;
display: block;
width: 40px;
height: 10px;
float: left;
color: #999999;
background-color: #cccccc;
background-position: 3px 3px;
background-repeat: no-repeat;
margin-right: 5px;
-webkit-border-radius: 2px ;
-moz-border-radius: 2px;
border-radius: 2px;
padding-left: 15px;
}
#acl-wrapper a:hover {
text-decoration: none;
color:#000000;
}
.acl-button-show { background-image: url("../../../../images/show_off.png"); }
.acl-button-hide { background-image: url("../../../../images/hide_off.png"); }
.acl-button-show.selected {
color: #000000;
background-color: #9ade00;
background-image: url("../../../../images/show_on.png");
}
.acl-button-hide.selected {
color: #000000;
background-color: #ff4141;
background-image: url("../../../../images/hide_on.png");
}
.acl-list-item.groupshow { border-color: #9ade00; }
.acl-list-item.grouphide { border-color: #ff4141; }
.contact-block-content {
margin-top: 8px;
}

BIN
view/theme/redbasic/img/introductions.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
view/theme/redbasic/img/network.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 1.6 KiB

14
view/tpl/jot-header.tpl
View File

@ -134,7 +134,7 @@ function enableOnUser(){
var uploader = new window.AjaxUpload(
'wall-image-upload',
{ action: 'wall_upload/$nickname',
{ action: '$baseurl/wall_upload/$nickname',
name: 'userfile',
onSubmit: function(file,ext) { $('#profile-rotator').show(); },
onComplete: function(file,response) {
@ -145,7 +145,7 @@ function enableOnUser(){
);
var file_uploader = new window.AjaxUpload(
'wall-file-upload',
{ action: 'wall_attach/$nickname',
{ action: '$baseurl/wall_attach/$nickname',
name: 'userfile',
onSubmit: function(file,ext) { $('#profile-rotator').show(); },
onComplete: function(file,response) {
@ -181,7 +181,7 @@ function enableOnUser(){
if(reply && reply.length) {
reply = bin2hex(reply);
$('#profile-rotator').show();
$.get('parse_url?binurl=' + reply, function(data) {
$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
addeditortext(data);
$('#profile-rotator').hide();
});
@ -214,7 +214,7 @@ function enableOnUser(){
if ($('#jot-popup').length != 0) $('#jot-popup').show();
$('#like-rotator-' + id).show();
$.get('share/' + id, function(data) {
$.get('$baseurl/share/' + id, function(data) {
if (!editor) $("#profile-jot-text").val("");
initEditor(function(){
addeditortext(data);
@ -238,7 +238,7 @@ function enableOnUser(){
if(reply && reply.length) {
reply = bin2hex(reply);
$('#profile-rotator').show();
$.get('parse_url?binurl=' + reply, function(data) {
$.get('$baseurl/parse_url?binurl=' + reply, function(data) {
if (!editor) $("#profile-jot-text").val("");
initEditor(function(){
addeditortext(data);
@ -257,7 +257,7 @@ function enableOnUser(){
commentBusy = true;
$('body').css('cursor', 'wait');
$.get('tagger/' + id + '?term=' + reply);
$.get('$baseurl/tagger/' + id + '?term=' + reply);
if(timer) clearTimeout(timer);
timer = setTimeout(NavUpdate,3000);
liking = 1;
@ -284,7 +284,7 @@ function enableOnUser(){
if(reply && reply.length) {
commentBusy = true;
$('body').css('cursor', 'wait');
$.get('filer/' + id + '?term=' + reply, NavUpdate);
$.get('$baseurl/filer/' + id + '?term=' + reply, NavUpdate);
// if(timer) clearTimeout(timer);
// timer = setTimeout(NavUpdate,3000);
liking = 1;

2
view/tpl/nav.tpl
View File

@ -86,6 +86,7 @@
<li id="nav-site-linkmenu" class="nav-menu-icon"><a href="#" rel="#nav-site-menu"><span class="icon s22 gear">$nav.settings.1</span></a>
<ul id="nav-site-menu" class="menu-popup">
{{ if $nav.settings }}<li><a class="$nav.settings.2" href="$nav.settings.0" title="$nav.settings.3">$nav.settings.1</a></li>{{ endif }}
{{ if $nav.directory }}<li><a class="$nav.directory.2" href="$nav.directory.0" title="$nav.directory.3">$nav.directory.1</a></li>{{ endif }}
{{ if $nav.admin }}<li><a class="$nav.admin.2" href="$nav.admin.0" title="$nav.admin.3" >$nav.admin.1</a></li>{{ endif }}
@ -133,6 +134,7 @@
<input id="nav-search-text" type="text" value="" placeholder="$nav.search.1" name="search" title="$nav.search.3" onclick="this.submit();" />
</form>
</li>
<img src="images/rotator.gif" id="nav-search-spinner" style="display: none;" alt="$pleasewait" />
</ul>
</nav>

2
view/tpl/smarty3/nav.tpl
View File

@ -86,6 +86,7 @@
<li id="nav-site-linkmenu" class="nav-menu-icon"><a href="#" rel="#nav-site-menu"><span class="icon s22 gear">{{$nav.settings.1}}</span></a>
<ul id="nav-site-menu" class="menu-popup">
{{if $nav.settings}}<li><a class="{{$nav.settings.2}}" href="{{$nav.settings.0}}" title="{{$nav.settings.3}}">{{$nav.settings.1}}</a></li>{{/if}}
{{if $nav.directory}}<li><a class="{{$nav.directory.2}}" href="{{$nav.directory.0}}" title="{{$nav.directory.3}}">{{$nav.directory.1}}</a></li>{{/if}}
{{if $nav.admin}}<li><a class="{{$nav.admin.2}}" href="{{$nav.admin.0}}" title="{{$nav.admin.3}}" >{{$nav.admin.1}}</a></li>{{/if}}
@ -133,6 +134,7 @@
<input id="nav-search-text" type="text" value="" placeholder="{{$nav.search.1}}" name="search" title="{{$nav.search.3}}" onclick="this.submit();" />
</form>
</li>
<img src="images/rotator.gif" id="nav-search-spinner" style="display: none;" alt="{{$pleasewait}}" />
</ul>
</nav>