harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'friendika/master' into newui

Browse Source
This commit is contained in:
fabrixxm
2011-08-17 17:35:37 +02:00
parent 6c423feed2 db03b1ab17
commit bdf42473a0
101 changed files with 9954 additions and 6168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
include/Scrape.php
View File

@@ -1,6 +1,7 @@
<?php
require_once('library/HTML5/Parser.php');
require_once('include/crypto.php');
if(! function_exists('scrape_dfrn')) {
function scrape_dfrn($url) {
@@ -171,6 +172,8 @@ function scrape_vcard($url) {
// Pull out hCard profile elements
$largest_photo = 0;
$items = $dom->getElementsByTagName('*');
foreach($items as $item) {
if(attribute_contains($item->getAttribute('class'), 'vcard')) {
@@ -179,8 +182,13 @@ function scrape_vcard($url) {
if(attribute_contains($x->getAttribute('class'),'fn'))
$ret['fn'] = $x->textContent;
if((attribute_contains($x->getAttribute('class'),'photo'))
|| (attribute_contains($x->getAttribute('class'),'avatar')))
$ret['photo'] = $x->getAttribute('src');
|| (attribute_contains($x->getAttribute('class'),'avatar'))) {
$size = intval($x->getAttribute('width'));
if(($size > $largest_photo) || (! $largest_photo)) {
$ret['photo'] = $x->getAttribute('src');
$largest_photo = $size;
}
}
if((attribute_contains($x->getAttribute('class'),'nickname'))
|| (attribute_contains($x->getAttribute('class'),'uid')))
$ret['nick'] = $x->textContent;
@@ -289,13 +297,24 @@ function probe_url($url) {
if(! $url)
return $result;
$diaspora = false;
$diaspora = false;
$diaspora_base = '';
$diaspora_guid = '';
$diaspora_key = '';
$email_conversant = false;
$twitter = ((strpos($url,'twitter.com') !== false) ? true : false);
$at_addr = ((strpos($url,'@') !== false) ? true : false);
if(! $twitter) {
$links = lrdd($url);
if(strpos($url,'mailto:') !== false && $at_addr) {
$url = str_replace('mailto:','',$url);
$links = array();
}
else
$links = lrdd($url);
if(count($links)) {
logger('probe_url: found lrdd links: ' . print_r($links,true), LOGGER_DATA);
@@ -312,8 +331,19 @@ function probe_url($url) {
$hcard = unamp($link['@attributes']['href']);
if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
$profile = unamp($link['@attributes']['href']);
if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location')
if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') {
$diaspora_base = unamp($link['@attributes']['href']);
$diaspora = true;
}
if($link['@attributes']['rel'] === 'http://joindiaspora.com/guid') {
$diaspora_guid = unamp($link['@attributes']['href']);
$diaspora = true;
}
if($link['@attributes']['rel'] === 'diaspora-public-key') {
$diaspora_key = base64_decode(unamp($link['@attributes']['href']));
$pubkey = rsatopem($diaspora_key);
$diaspora = true;
}
}
// Status.Net can have more than one profile URL. We need to match the profile URL
@@ -411,8 +441,17 @@ function probe_url($url) {
}
}
if($diaspora && $diaspora_base && $diaspora_guid) {
$notify = $diaspora_base . 'receive/post/' . $diaspora_guid;
if(strpos($url,'@'))
$addr = str_replace('acct:', '', $url);
}
if($network !== NETWORK_ZOT && $network !== NETWORK_DFRN && $network !== NETWORK_MAIL) {
$network = NETWORK_OSTATUS;
if($diaspora)
$network = NETWORK_DIASPORA;
else
$network = NETWORK_OSTATUS;
$priority = 0;
if($hcard) {
@@ -429,13 +468,6 @@ function probe_url($url) {
logger('probe_url: scrape_vcard: ' . print_r($vcard,true), LOGGER_DATA);
}
if(! $profile) {
if($diaspora)
$profile = $hcard;
else
$profile = $url;
}
if($twitter) {
logger('twitter: setup');
$tid = basename($url);
@@ -451,10 +483,18 @@ function probe_url($url) {
if(x($vcard,'nick'))
$vcard['fn'] = $vcard['nick'];
if(((! isset($vcard)) && (! $poll)) || ($twitter)) {
$check_feed = false;
$feedret = scrape_feed($url);
if($twitter || ! $poll)
$check_feed = true;
if((! isset($vcard)) || (! $profile))
$check_feed = true;
if(($at_addr) && (! count($links)))
$check_feed = false;
if($check_feed) {
$feedret = scrape_feed(($poll) ? $poll : $url);
logger('probe_url: scrape_feed returns: ' . print_r($feedret,true), LOGGER_DATA);
if(count($feedret) && ($feedret['feed_atom'] || $feedret['feed_rss'])) {
$poll = ((x($feedret,'feed_atom')) ? unamp($feedret['feed_atom']) : unamp($feedret['feed_rss']));
@@ -488,6 +528,8 @@ function probe_url($url) {
if(strpos($vcard['fn'],'@') !== false)
$vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@'));
$email = unxmlify($author->get_email());
if(! $profile && $author->get_link())
$profile = trim(unxmlify($author->get_link()));
if(! $vcard['photo']) {
$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
if($rawtags) {
@@ -508,6 +550,8 @@ function probe_url($url) {
if(strpos($vcard['fn'],'@') !== false)
$vcard['fn'] = substr($vcard['fn'],0,strpos($vcard['fn'],'@'));
$email = unxmlify($author->get_email());
if(! $profile && $author->get_link())
$profile = trim(unxmlify($author->get_link()));
}
if(! $vcard['photo']) {
$rawmedia = $item->get_item_tags('http://search.yahoo.com/mrss/','thumbnail');
@@ -545,8 +589,10 @@ function probe_url($url) {
if(strpos($vcard['nick'],' '))
$vcard['nick'] = trim(substr($vcard['nick'],0,strpos($vcard['nick'],' ')));
}
$network = 'feed';
$priority = 2;
if(! $network)
$network = 'feed';
if(! $priority)
$priority = 2;
}
}
@@ -554,8 +600,12 @@ function probe_url($url) {
$a = get_app();
$vcard['photo'] = $a->get_baseurl() . '/images/default-profile.jpg' ;
}
if(! $profile)
$profile = $url;
$vcard['fn'] = notags($vcard['fn']);
$vcard['nick'] = notags($vcard['nick']);
$vcard['nick'] = str_replace(' ','',notags($vcard['nick']));
$result['name'] = $vcard['fn'];

4
include/acl.js
View File

@@ -153,6 +153,9 @@ ACL.prototype.updateview = function(){
$('#jot-perms-icon').removeClass('lock').addClass('unlock');
$('#jot-public').show();
$('.profile-jot-net input').attr('disabled', false);
if(editor != false) {
$('#profile-jot-desc').html(ispublic);
}
} else {
that.showall.removeClass("selected");
@@ -160,6 +163,7 @@ ACL.prototype.updateview = function(){
$('#jot-perms-icon').removeClass('unlock').addClass('lock');
$('#jot-public').hide();
$('.profile-jot-net input').attr('disabled', 'disabled');
$('#profile-jot-desc').html('&nbsp;');
}
$("#acl-list-content .acl-list-item").each(function(){

4
include/acl_selectors.php
View File

@@ -96,7 +96,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) {
$sql_extra = '';
if($x['mutual']) {
$sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD));
$sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
}
if(intval($x['exclude']))
@@ -163,7 +163,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
$sql_extra = '';
if($privmail || $celeb) {
$sql_extra .= sprintf(" AND `rel` = %d ", intval(REL_BUD));
$sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
}
if($privmail) {

469
include/api.php
View File

@@ -10,10 +10,9 @@
$API = Array();
function api_date($str){
//Wed May 23 06:01:13 +0000 2007
return datetime_convert('UTC', 'UTC', $str, "D M d h:i:s +0000 Y" );
return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" );
}
@@ -111,7 +110,11 @@
if ($info['auth']===true && local_user()===false) {
api_login($a);
}
load_contact_links(local_user());
logger('API call for ' . $a->user['username'] . ': ' . $a->query_string);
logger('API parameters: ' . print_r($_REQUEST,true));
$type="json";
if (strpos($a->query_string, ".xml")>0) $type="xml";
if (strpos($a->query_string, ".json")>0) $type="json";
@@ -145,7 +148,26 @@
//echo "<pre>"; var_dump($r); die();
}
}
return false;
$r = '<status><error>not implemented</error></status>';
switch($type){
case "xml":
header ("Content-Type: text/xml");
return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
break;
case "json":
header ("Content-Type: application/json");
return json_encode(array('error' => 'not implemented'));
break;
case "rss":
header ("Content-Type: application/rss+xml");
return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
break;
case "atom":
header ("Content-Type: application/atom+xml");
return '<?xml version="1.0" encoding="UTF-8"?>'."\n".$r;
break;
}
}
/**
@@ -157,7 +179,9 @@
$arr['$rss'] = array(
'alternate' => $user_info['url'],
'self' => $a->get_baseurl(). "/". $a->query_string,
'base' => $a->get_baseurl(),
'updated' => api_date(null),
'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME),
'language' => $user_info['language'],
'logo' => $a->get_baseurl()."/images/friendika-32.png",
);
@@ -168,9 +192,10 @@
/**
* Returns user info array.
*/
function api_get_user(&$a, $contact_id=Null){
function api_get_user(&$a, $contact_id = Null){
$user = null;
$extra_query = "";
if(!is_null($contact_id)){
$user=$contact_id;
$extra_query = "AND `contact`.`id` = %d ";
@@ -185,7 +210,7 @@
$extra_query = "AND `contact`.`nick` = '%s' ";
}
if (is_null($user)){
if (is_null($user) && $a->argc > 3){
list($user, $null) = explode(".",$a->argv[3]);
if(is_numeric($user)){
$user = intval($user);
@@ -196,17 +221,17 @@
}
}
if ($user==='') {
if (! $user) {
if (local_user()===false) {
api_login($a); return False;
} else {
$user = $_SESSION['uid'];
$extra_query = "AND `contact`.`uid` = %d ";
$extra_query = "AND `contact`.`uid` = %d AND `contact`.`self` = 1 ";
}
}
logger('api_user: ' . $extra_query . ' ' , $user);
// user info
$uinfo = q("SELECT *, `contact`.`id` as `cid` FROM `contact`
WHERE 1
@@ -217,43 +242,135 @@
return False;
}
// count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `uid` = %d
AND `type`='wall'
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
intval($uinfo[0]['uid'])
);
$countitms = $r[0]['count'];
if($uinfo[0]['self']) {
$usr = q("select * from user where uid = %d limit 1",
intval(local_user())
);
$profile = q("select * from profile where uid = %d and `is-default` = 1 limit 1",
intval(local_user())
);
// count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `uid` = %d
AND `type`='wall'
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
intval($uinfo[0]['uid'])
);
$countitms = $r[0]['count'];
}
else {
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `contact-id` = %d
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
intval($uinfo[0]['id'])
);
$countitms = $r[0]['count'];
}
// count friends
$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
WHERE `uid` = %d
WHERE `uid` = %d AND `rel` IN ( %d, %d )
AND `self`=0 AND `blocked`=0",
intval($uinfo[0]['uid'])
intval($uinfo[0]['uid']),
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND)
);
$countfriends = $r[0]['count'];
$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
WHERE `uid` = %d AND `rel` IN ( %d, %d )
AND `self`=0 AND `blocked`=0",
intval($uinfo[0]['uid']),
intval(CONTACT_IS_FOLLOWER),
intval(CONTACT_IS_FRIEND)
);
$countfollowers = $r[0]['count'];
$r = q("SELECT count(`id`) as `count` FROM item where starred = 1 and uid = %d and deleted = 0",
intval($uinfo[0]['uid'])
);
$starred = $r[0]['count'];
if(! $uinfo[0]['self']) {
$countfriends = 0;
$countfollowers = 0;
$starred = 0;
}
$ret = Array(
'uid' => $uinfo[0]['uid'],
'id' => $uinfo[0]['cid'],
'uid' => intval($uinfo[0]['uid']),
'id' => intval($uinfo[0]['cid']),
'name' => $uinfo[0]['name'],
'screen_name' => $uinfo[0]['nick'],
'location' => '', //$uinfo[0]['default-location'],
'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']),
'location' => ($usr) ? $usr[0]['default-location'] : '',
'profile_image_url' => $uinfo[0]['micro'],
'url' => $uinfo[0]['url'],
'contact_url' => $a->get_baseurl()."/contacts/".$uinfo[0]['cid'],
'protected' => false, #
'friends_count' => $countfriends,
'protected' => false,
'friends_count' => intval($countfriends),
'created_at' => api_date($uinfo[0]['name-date']),
'utc_offset' => "+00:00",
'time_zone' => 'UTC', //$uinfo[0]['timezone'],
'geo_enabled' => false,
'statuses_count' => intval($countitms), #XXX: fix me
'lang' => 'en', #XXX: fix me
'description' => (($profile) ? $profile[0]['pdesc'] : ''),
'followers_count' => intval($countfollowers),
'favourites_count' => intval($starred),
'contributors_enabled' => false,
'follow_request_sent' => false,
'profile_background_color' => 'cfe8f6',
'profile_text_color' => '000000',
'profile_link_color' => 'FF8500',
'profile_sidebar_fill_color' =>'AD0066',
'profile_sidebar_border_color' => 'AD0066',
'profile_background_image_url' => '',
'profile_background_tile' => false,
'profile_use_background_image' => false,
'notifications' => false,
'following' => '', #XXX: fix me
'verified' => true, #XXX: fix me
#'status' => null
);
return $ret;
}
function api_item_get_user(&$a, $item) {
// The author is our direct contact, in a conversation with us.
if(link_compare($item['url'],$item['author-link'])) {
return api_get_user($a,$item['cid']);
}
else {
// The author may be a contact of ours, but is replying to somebody else.
// Figure out if we know him/her.
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
return api_get_user($a,$a->contacts[$normalised]['id']);
}
// We don't know this person directly.
$ret = array(
'uid' => 0,
'id' => 0,
'name' => $item['author-name'],
'screen_name' => $item['author_name'],
'location' => '', //$uinfo[0]['default-location'],
'profile_image_url' => $item['author-avatar'],
'url' => $item['author-link'],
'contact_url' => 0,
'protected' => false, #
'friends_count' => 0,
'created_at' => '',
'utc_offset' => 0, #XXX: fix me
'time_zone' => '', //$uinfo[0]['timezone'],
'geo_enabled' => false,
'statuses_count' => $countitms, #XXX: fix me
'statuses_count' => 0,
'lang' => 'en', #XXX: fix me
'description' => '',
'followers_count' => $countfriends, #XXX: fix me
'followers_count' => 0,
'favourites_count' => 0,
'contributors_enabled' => false,
'follow_request_sent' => false,
@@ -270,9 +387,8 @@
'followers' => '', #XXX: fix me
#'status' => null
);
return $ret;
return $ret;
}
/**
@@ -281,7 +397,7 @@
function api_xmlify($val){
if (is_bool($val)) return $val?"true":"false";
if (is_array($val)) return array_map('api_xmlify', $val);
return xmlify($val);
return xmlify((string) $val);
}
/**
@@ -289,9 +405,11 @@
*/
function api_apply_template($templatename, $type, $data){
$a = get_app();
switch($type){
case "rss":
case "atom":
case "rss":
case "xml":
$data = api_xmlify($data);
$tpl = get_markup_template("api_".$templatename."_".$type.".tpl");
@@ -323,20 +441,39 @@
api_register_func('api/account/verify_credentials','api_account_verify_credentials', true);
/**
* get data from $_POST or $_GET
*/
function requestdata($k){
if (isset($_POST[$k])){
return $_POST[$k];
}
if (isset($_GET[$k])){
return $_GET[$k];
}
return null;
}
// TODO - media uploads
function api_statuses_update(&$a, $type) {
if (local_user()===false) return false;
$user_info = api_get_user($a);
// convert $_POST array items to the form we use for web posts.
$_POST['body'] = urldecode($_POST['status']);
$_POST['parent'] = $_POST['in_reply_to_status_id'];
if($_POST['lat'] && $_POST['long'])
$_POST['coord'] = sprintf("%s %s",$_POST['lat'],$_POST['long']);
// logger('api_post: ' . print_r($_POST,true));
$_POST['body'] = urldecode(requestdata('status'));
$parent = requestdata('in_reply_to_status_id');
if(ctype_digit($parent))
$_POST['parent'] = $parent;
else
$_POST['parent_uri'] = $parent;
if(requestdata('lat') && requestdata('long'))
$_POST['coord'] = sprintf("%s %s",requestdata('lat'),requestdata('long'));
$_POST['profile_uid'] = local_user();
if($_POST['parent'])
if(requestdata('parent'))
$_POST['type'] = 'net-comment';
else
$_POST['type'] = 'wall';
@@ -473,7 +610,7 @@
$user_info = api_get_user($a);
// get last newtork messages
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
@@ -485,42 +622,13 @@
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
ORDER BY `item`.`created` DESC LIMIT %d ,%d ",
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
);
$ret = Array();
foreach($r as $item) {
$status_user = (($item['cid']==$user_info['id'])?$user_info: api_get_user($a,$item['cid']));
$status = array(
'created_at'=> api_date($item['created']),
'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME),
'id' => $item['id'],
'text' => strip_tags(bbcode($item['body'])),
'html' => bbcode($item['body']),
'source' => (($item['app']) ? $item['app'] : 'web'),
'url' => ($item['plink']!=''?$item['plink']:$item['author-link']),
'truncated' => False,
'in_reply_to_status_id' => ($item['parent']!=$item['id']?$item['parent']:''),
'in_reply_to_user_id' => '',
'favorited' => false,
'in_reply_to_screen_name' => '',
'geo' => '',
'coordinates' => $item['coord'],
'place' => $item['location'],
'contributors' => '',
'annotations' => '',
'entities' => '',
'user' => $status_user ,
'objecttype' => $item['object-type'],
'verb' => $item['verb'],
'self' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type,
'edit' => $a->get_baseurl()."/api/statuses/show/".$ite['id'].".".$type,
);
$ret[]=$status;
};
$ret = api_format_items($r,$user_info);
$data = array('$statuses' => $ret);
switch($type){
@@ -533,9 +641,130 @@
}
api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true);
api_register_func('api/statuses/friends_timeline','api_statuses_home_timeline', true);
api_register_func('api/statuses/user_timeline','api_statuses_home_timeline', true);
# TODO: user_timeline should be profile view
function api_statuses_user_timeline(&$a, $type){
if (local_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`uid` = %d
AND `item`.`visible` = 1 AND `item`.`deleted` = 0
AND `item`.`wall` = 1
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
);
$ret = api_format_items($r,$user_info);
$data = array('$statuses' => $ret);
switch($type){
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("timeline", $type, $data);
}
api_register_func('api/statuses/user_timeline','api_statuses_user_timeline', true);
function api_favorites(&$a, $type){
if (local_user()===false) return false;
$user_info = api_get_user($a);
// get last newtork messages
// $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` ) ";
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item`, `contact`
WHERE `item`.`uid` = %d
AND `item`.`visible` = 1 AND `item`.`deleted` = 0
AND `item`.`starred` = 1
AND `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
$sql_extra
ORDER BY `item`.`received` DESC LIMIT %d ,%d ",
intval($user_info['uid']),
0,20
);
$ret = api_format_items($r,$user_info);
$data = array('$statuses' => $ret);
switch($type){
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("timeline", $type, $data);
}
api_register_func('api/favorites','api_favorites', true);
function api_format_items($r,$user_info) {
//logger('api_format_items: ' . print_r($r,true));
//logger('api_format_items: ' . print_r($user_info,true));
$a = get_app();
$ret = Array();
foreach($r as $item) {
$status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item));
$status = array(
'created_at'=> api_date($item['created']),
'published' => datetime_convert('UTC','UTC',$item['created'],ATOM_TIME),
'updated' => datetime_convert('UTC','UTC',$item['edited'],ATOM_TIME),
'id' => intval($item['id']),
'message_id' => $item['uri'],
'text' => strip_tags(bbcode($item['body'])),
'statusnet_html' => bbcode($item['body']),
'source' => (($item['app']) ? $item['app'] : 'web'),
'url' => ($item['plink']!=''?$item['plink']:$item['author-link']),
'truncated' => False,
'in_reply_to_status_id' => ($item['parent']!=$item['id']? intval($item['parent']):''),
'in_reply_to_user_id' => '',
'favorited' => $item['starred'] ? true : false,
'in_reply_to_screen_name' => '',
'geo' => '',
'coordinates' => $item['coord'],
'place' => $item['location'],
'contributors' => '',
'annotations' => '',
'entities' => '',
'user' => $status_user ,
'objecttype' => (($item['object-type']) ? $item['object-type'] : ACTIVITY_OBJ_NOTE),
'verb' => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
'self' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
'edit' => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
);
$ret[]=$status;
};
return $ret;
}
function api_account_rate_limit_status(&$a,$type) {
@@ -550,3 +779,93 @@
}
api_register_func('api/account/rate_limit_status','api_account_rate_limit_status',true);
function api_statusnet_config(&$a,$type) {
$name = $a->config['sitename'];
$server = $a->get_hostname();
$logo = $a->get_baseurl() . '/images/friendika-64.png';
$email = $a->config['admin_email'];
$closed = (($a->config['register_policy'] == REGISTER_CLOSED) ? 'true' : 'false');
$private = (($a->config['system']['block_public']) ? 'true' : 'false');
$textlimit = (string) (($a->config['max_import_size']) ? $a->config['max_import_size'] : 200000);
if($a->config['api_import_size'])
$texlimit = string($a->config['api_import_size']);
$ssl = (($a->config['system']['have_ssl']) ? 'true' : 'false');
$sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : '');
$config = array(
'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
'logo' => $logo, 'fancy' => 'true', 'language' => 'en', 'email' => $email, 'broughtby' => '',
'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
'shorturllength' => '30'
),
);
return api_apply_template('config', $type, array('$config' => $config));
}
api_register_func('api/statusnet/config','api_statusnet_config',false);
function api_statusnet_version(&$a,$type) {
// liar
if($type === 'xml') {
header("Content-type: application/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<version>0.9.7</version>' . "\r\n";
killme();
}
elseif($type === 'json') {
header("Content-type: application/json");
echo '"0.9.7"';
killme();
}
}
api_register_func('api/statusnet/version','api_statusnet_version',false);
function api_ff_ids(&$a,$type,$qtype) {
if(! local_user())
return false;
if($qtype == 'friends')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND));
if($qtype == 'followers')
$sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(CONTACT_IS_FOLLOWER), intval(CONTACT_IS_FRIEND));
$r = q("SELECT id FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 AND `pending` = 0 $sql_extra",
intval(local_user())
);
if(is_array($r)) {
if($type === 'xml') {
header("Content-type: application/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n" . '<ids>' . "\r\n";
foreach($r as $rr)
echo '<id>' . $rr['id'] . '</id>' . "\r\n";
echo '</ids>' . "\r\n";
killme();
}
elseif($type === 'json') {
$ret = array();
header("Content-type: application/json");
foreach($r as $rr) $ret[] = $rr['id'];
echo json_encode($ret);
killme();
}
}
}
function api_friends_ids(&$a,$type) {
api_ff_ids($a,$type,'friends');
}
function api_followers_ids(&$a,$type) {
api_ff_ids($a,$type,'followers');
}
api_register_func('api/friends/ids','api_friends_ids',true);
api_register_func('api/followers/ids','api_followers_ids',true);

11
include/attach.php
View File

@@ -1,7 +1,7 @@
<?php
if(!function_exists('mime_content_type')) {
function mime_content_type($filename) {
function z_mime_content_type($filename) {
$mime_types = array(
@@ -61,8 +61,9 @@ function mime_content_type($filename) {
'ods' => 'application/vnd.oasis.opendocument.spreadsheet',
);
if(strpos($filename,'.') !== false) {
$ext = strtolower(array_pop(explode('.',$filename)));
$dot = strpos($filename,'.');
if($dot !== false) {
$ext = strtolower(substr($filename,$dot+1));
if (array_key_exists($ext, $mime_types)) {
return $mime_types[$ext];
}
@@ -76,5 +77,5 @@ function mime_content_type($filename) {
else {
return 'application/octet-stream';
}
}}
}

12
include/auth.php
View File

@@ -25,7 +25,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
nuke_session();
info( t('Logged out.') . EOL);
goaway($a->get_baseurl());
goaway(z_root());
}
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
@@ -45,7 +45,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
// extra paranoia - if the IP changed, log them out
if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) {
nuke_session();
goaway($a->get_baseurl());
goaway(z_root());
}
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
@@ -54,7 +54,7 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
if(! count($r)) {
nuke_session();
goaway($a->get_baseurl());
goaway(z_root());
}
// initialise user environment
@@ -118,7 +118,7 @@ else {
if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
$a = get_app();
notice( t('Login failed.') . EOL);
goaway($a->get_baseurl());
goaway(z_root());
// NOTREACHED
}
@@ -143,7 +143,7 @@ else {
if($a->config['register_policy'] == REGISTER_CLOSED) {
$a = get_app();
notice( t('Login failed.') . EOL);
goaway($a->get_baseurl());
goaway(z_root());
// NOTREACHED
}
// new account
@@ -196,7 +196,7 @@ else {
if((! $record) || (! count($record))) {
logger('authenticate: failed login attempt: ' . trim($_POST['openid_url']));
notice( t('Login failed.') . EOL );
goaway($a->get_baseurl());
goaway(z_root());
}
$_SESSION['uid'] = $record['uid'];

218
include/config.php Normal file
View File

@@ -0,0 +1,218 @@
<?php
/**
*
* Arbitrary configuration storage
* Note:
* Please do not store booleans - convert to 0/1 integer values
* The get_?config() functions return boolean false for keys that are unset,
* and this could lead to subtle bugs.
*
* There are a few places in the code (such as the admin panel) where boolean
* configurations need to be fixed as of 10/08/2011.
*/
// retrieve a "family" of config variables from database to cached storage
if(! function_exists('load_config')) {
function load_config($family) {
global $a;
$r = q("SELECT * FROM `config` WHERE `cat` = '%s'",
dbesc($family)
);
if(count($r)) {
foreach($r as $rr) {
$k = $rr['k'];
if ($rr['cat'] === 'config') {
$a->config[$k] = $rr['v'];
} else {
$a->config[$family][$k] = $rr['v'];
}
}
}
}}
// get a particular config variable given the family name
// and key. Returns false if not set.
// $instore is only used by the set_config function
// to determine if the key already exists in the DB
// If a key is found in the DB but doesn't exist in
// local config cache, pull it into the cache so we don't have
// to hit the DB again for this item.
if(! function_exists('get_config')) {
function get_config($family, $key, $instore = false) {
global $a;
if(! $instore) {
if(isset($a->config[$family][$key])) {
if($a->config[$family][$key] === '!<unset>!') {
return false;
}
return $a->config[$family][$key];
}
}
$ret = q("SELECT `v` FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
dbesc($family),
dbesc($key)
);
if(count($ret)) {
// manage array value
$val = (preg_match("|^a:[0-9]+:{.*}$|", $ret[0]['v'])?unserialize( $ret[0]['v']):$ret[0]['v']);
$a->config[$family][$key] = $val;
return $val;
}
else {
$a->config[$family][$key] = '!<unset>!';
}
return false;
}}
// Store a config value ($value) in the category ($family)
// under the key ($key)
// Return the value, or false if the database update failed
if(! function_exists('set_config')) {
function set_config($family,$key,$value) {
global $a;
// manage array value
$dbvalue = (is_array($value)?serialize($value):$value);
if(get_config($family,$key,true) === false) {
$a->config[$family][$key] = $value;
$ret = q("INSERT INTO `config` ( `cat`, `k`, `v` ) VALUES ( '%s', '%s', '%s' ) ",
dbesc($family),
dbesc($key),
dbesc($dbvalue)
);
if($ret)
return $value;
return $ret;
}
$ret = q("UPDATE `config` SET `v` = '%s' WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
dbesc($dbvalue),
dbesc($family),
dbesc($key)
);
$a->config[$family][$key] = $value;
if($ret)
return $value;
return $ret;
}}
if(! function_exists('load_pconfig')) {
function load_pconfig($uid,$family) {
global $a;
$r = q("SELECT * FROM `pconfig` WHERE `cat` = '%s' AND `uid` = %d",
dbesc($family),
intval($uid)
);
if(count($r)) {
foreach($r as $rr) {
$k = $rr['k'];
$a->config[$uid][$family][$k] = $rr['v'];
}
}
}}
if(! function_exists('get_pconfig')) {
function get_pconfig($uid,$family, $key, $instore = false) {
global $a;
if(! $instore) {
if(isset($a->config[$uid][$family][$key])) {
if($a->config[$uid][$family][$key] === '!<unset>!') {
return false;
}
return $a->config[$uid][$family][$key];
}
}
$ret = q("SELECT `v` FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
intval($uid),
dbesc($family),
dbesc($key)
);
if(count($ret)) {
$a->config[$uid][$family][$key] = $ret[0]['v'];
return $ret[0]['v'];
}
else {
$a->config[$uid][$family][$key] = '!<unset>!';
}
return false;
}}
if(! function_exists('del_config')) {
function del_config($family,$key) {
global $a;
if(x($a->config[$family],$key))
unset($a->config[$family][$key]);
$ret = q("DELETE FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
dbesc($cat),
dbesc($key)
);
return $ret;
}}
// Same as above functions except these are for personal config storage and take an
// additional $uid argument.
if(! function_exists('set_pconfig')) {
function set_pconfig($uid,$family,$key,$value) {
global $a;
if(get_pconfig($uid,$family,$key,true) === false) {
$a->config[$uid][$family][$key] = $value;
$ret = q("INSERT INTO `pconfig` ( `uid`, `cat`, `k`, `v` ) VALUES ( %d, '%s', '%s', '%s' ) ",
intval($uid),
dbesc($family),
dbesc($key),
dbesc($value)
);
if($ret)
return $value;
return $ret;
}
$ret = q("UPDATE `pconfig` SET `v` = '%s' WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
dbesc($value),
intval($uid),
dbesc($family),
dbesc($key)
);
$a->config[$uid][$family][$key] = $value;
if($ret)
return $value;
return $ret;
}}
if(! function_exists('del_pconfig')) {
function del_pconfig($uid,$family,$key) {
global $a;
if(x($a->config[$uid][$family],$key))
unset($a->config[$uid][$family][$key]);
$ret = q("DELETE FROM `pconfig` WHERE `uid` = %d AND `cat` = '%s' AND `k` = '%s' LIMIT 1",
intval($uid),
dbesc($family),
dbesc($key)
);
return $ret;
}}

46
include/conversation.php
View File

@@ -283,14 +283,14 @@ function conversation(&$a, $items, $mode, $update) {
continue;
$toplevelpost = (($item['id'] == $item['parent']) ? true : false);
$toplevelprivate = false;
// Take care of author collapsing and comment collapsing
// If a single author has more than 3 consecutive top-level posts, squash the remaining ones.
// If there are more than two comments, squash all but the last 2.
if($toplevelpost) {
$toplevelprivate = (($toplevelpost && $item['private']) ? true : false);
$item_writeable = (($item['writable'] || $item['self']) ? true : false);
if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) {
@@ -312,9 +312,12 @@ function conversation(&$a, $items, $mode, $update) {
$comments_seen = 0;
$comments_collapsed = false;
}
else
else {
// prevent private email from leaking into public conversation
if((! $toplevelpost) && (! toplevelprivate) && ($item['private']) && ($profile_owner != local_user()))
continue;
$comments_seen ++;
}
$override_comment_box = ((($page_writeable) && ($item_writeable)) ? true : false);
$show_comment_box = ((($page_writeable) && ($item_writeable) && ($comments_seen == $comments[$item['parent']])) ? true : false);
@@ -347,7 +350,7 @@ function conversation(&$a, $items, $mode, $update) {
if(($toplevelpost) && (! $item['self']) && ($mode !== 'profile')) {
if($item['type'] === 'wall') {
if($item['wall']) {
// On the network page, I am the owner. On the display page it will be the profile owner.
// This will have been stored in $a->page_contact by our calling page.
@@ -359,7 +362,7 @@ function conversation(&$a, $items, $mode, $update) {
$template = $wallwall;
$commentww = 'ww';
}
if(($item['type'] === 'remote') && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
if((! $item['wall']) && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
// Could be anybody.
@@ -444,7 +447,7 @@ function conversation(&$a, $items, $mode, $update) {
$profile_link = '';
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $thumb);
@@ -533,33 +536,6 @@ function conversation(&$a, $items, $mode, $update) {
return $o;
}
if(! function_exists('load_contact_links')) {
function load_contact_links($uid) {
$a = get_app();
$ret = array();
if(! $uid || x($a->contacts,'empty'))
return;
$r = q("SELECT `id`,`network`,`url`,`thumb` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 ",
intval($uid)
);
if(count($r)) {
foreach($r as $rr){
$url = normalise_link($rr['url']);
$ret[$url] = $rr;
}
}
else
$ret['empty'] = true;
$a->contacts = $ret;
return;
}}
function best_link_url($item,&$sparkle) {
$a = get_app();

43
include/cronhooks.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
require_once("boot.php");
function cronhooks_run($argv, $argc){
global $a, $db;
if(is_null($a)) {
$a = new App;
}
if(is_null($db)) {
@include(".htconfig.php");
require_once("dba.php");
$db = new dba($db_host, $db_user, $db_pass, $db_data);
unset($db_host, $db_user, $db_pass, $db_data);
};
require_once('include/session.php');
require_once('include/datetime.php');
load_config('config');
load_config('system');
$a->set_baseurl(get_config('system','url'));
load_hooks();
logger('cronhooks: start');
$d = datetime_convert();
call_hooks('cron', $d);
return;
}
if (array_search(__file__,get_included_files())===0){
cronhooks_run($argv,$argc);
killme();
}

184
include/crypto.php Normal file
View File

@@ -0,0 +1,184 @@
<?php
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
function rsa_sign($data,$key) {
$sig = '';
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
openssl_sign($data,$sig,$key,'sha256');
}
else {
if(strlen($key) < 1024 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->loadKey($key);
$sig = $rsa->sign($data);
}
else {
logger('rsa_sign: insecure algorithm used. Please upgrade PHP to 5.3');
openssl_private_encrypt(hex2bin('3031300d060960864801650304020105000420') . hash('sha256',$data,true), $sig, $key);
}
}
return $sig;
}
function rsa_verify($data,$sig,$key) {
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
$verify = openssl_verify($data,$sig,$key,'sha256');
}
else {
if(strlen($key) <= 300 || extension_loaded('gmp')) {
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->loadKey($key);
$verify = $rsa->verify($data,$sig);
}
else {
// fallback sha256 verify for PHP < 5.3 and large key lengths
$rawsig = '';
openssl_public_decrypt($sig,$rawsig,$key);
$verify = (($rawsig && substr($rawsig,-32) === hash('sha256',$data,true)) ? true : false);
}
}
return $verify;
}
function DerToPem($Der, $Private=false)
{
//Encode:
$Der = base64_encode($Der);
//Split lines:
$lines = str_split($Der, 65);
$body = implode("\n", $lines);
//Get title:
$title = $Private? 'RSA PRIVATE KEY' : 'PUBLIC KEY';
//Add wrapping:
$result = "-----BEGIN {$title}-----\n";
$result .= $body . "\n";
$result .= "-----END {$title}-----\n";
return $result;
}
function DerToRsa($Der)
{
//Encode:
$Der = base64_encode($Der);
//Split lines:
$lines = str_split($Der, 65);
$body = implode("\n", $lines);
//Get title:
$title = 'RSA PUBLIC KEY';
//Add wrapping:
$result = "-----BEGIN {$title}-----\n";
$result .= $body . "\n";
$result .= "-----END {$title}-----\n";
return $result;
}
function pkcs8_encode($Modulus,$PublicExponent) {
//Encode key sequence
$modulus = new ASNValue(ASNValue::TAG_INTEGER);
$modulus->SetIntBuffer($Modulus);
$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
$publicExponent->SetIntBuffer($PublicExponent);
$keySequenceItems = array($modulus, $publicExponent);
$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
$keySequence->SetSequence($keySequenceItems);
//Encode bit string
$bitStringValue = $keySequence->Encode();
$bitStringValue = chr(0x00) . $bitStringValue; //Add unused bits byte
$bitString = new ASNValue(ASNValue::TAG_BITSTRING);
$bitString->Value = $bitStringValue;
//Encode body
$bodyValue = "\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00" . $bitString->Encode();
$body = new ASNValue(ASNValue::TAG_SEQUENCE);
$body->Value = $bodyValue;
//Get DER encoded public key:
$PublicDER = $body->Encode();
return $PublicDER;
}
function pkcs1_encode($Modulus,$PublicExponent) {
//Encode key sequence
$modulus = new ASNValue(ASNValue::TAG_INTEGER);
$modulus->SetIntBuffer($Modulus);
$publicExponent = new ASNValue(ASNValue::TAG_INTEGER);
$publicExponent->SetIntBuffer($PublicExponent);
$keySequenceItems = array($modulus, $publicExponent);
$keySequence = new ASNValue(ASNValue::TAG_SEQUENCE);
$keySequence->SetSequence($keySequenceItems);
//Encode bit string
$bitStringValue = $keySequence->Encode();
return $bitStringValue;
}
function metopem($m,$e) {
$der = pkcs8_encode($m,$e);
$key = DerToPem($der,false);
return $key;
}
function pubrsatome($key,&$m,&$e) {
require_once('library/asn1.php');
require_once('include/salmon.php');
$lines = explode("\n",$key);
unset($lines[0]);
unset($lines[count($lines)]);
$x = base64_decode(implode('',$lines));
$r = ASN_BASE::parseASNString($x);
$m = base64url_decode($r[0]->asnData[0]->asnData);
$e = base64url_decode($r[0]->asnData[1]->asnData);
}
function rsatopem($key) {
pubrsatome($key,$m,$e);
return(metopem($m,$e));
}
function pemtorsa($key) {
pemtome($key,$m,$e);
return(metorsa($m,$e));
}
function pemtome($key,&$m,&$e) {
require_once('include/salmon.php');
$lines = explode("\n",$key);
unset($lines[0]);
unset($lines[count($lines)]);
$x = base64_decode(implode('',$lines));
$r = ASN_BASE::parseASNString($x);
$m = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[0]->asnData);
$e = base64url_decode($r[0]->asnData[1]->asnData[0]->asnData[1]->asnData);
}
function metorsa($m,$e) {
$der = pkcs1_encode($m,$e);
$key = DerToRsa($der);
return $key;
}
function salmon_key($pubkey) {
pemtome($pubkey,$m,$e);
return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
}

107
include/datetime.php
View File

@@ -84,12 +84,47 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d
function dob($dob) {
list($year,$month,$day) = sscanf($dob,'%4d-%2d-%2d');
$y = datetime_convert('UTC',date_default_timezone_get(),'now','Y');
$o = datesel('',1920,$y,true,$year,$month,$day);
$f = get_config('system','birthday_input_format');
if(! $f)
$f = 'ymd';
$o = datesel($f,'',1920,$y,true,$year,$month,$day);
return $o;
}
function datesel_format($f) {
$o = '';
if(strlen($f)) {
for($x = 0; $x < strlen($f); $x ++) {
switch($f[$x]) {
case 'y':
if(strlen($o))
$o .= '-';
$o .= t('year');
break;
case 'm':
if(strlen($o))
$o .= '-';
$o .= t('month');
break;
case 'd':
if(strlen($o))
$o .= '-';
$o .= t('day');
break;
default:
break;
}
}
}
return $o;
}
// returns a date selector.
// $f = format string, e.g. 'ymd' or 'mdy'
// $pre = prefix (if needed) for HTML name and class fields
// $ymin = first year shown in selector dropdown
// $ymax = last year shown in selector dropdown
@@ -99,40 +134,52 @@ function dob($dob) {
// $d = already selected day
if(! function_exists('datesel')) {
function datesel($pre,$ymin,$ymax,$allow_blank,$y,$m,$d) {
function datesel($f,$pre,$ymin,$ymax,$allow_blank,$y,$m,$d) {
$o = '';
$o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">";
if($allow_blank) {
$sel = (($y == '0000') ? " selected=\"selected\" " : "");
$o .= "<option value=\"0000\" $sel ></option>";
}
if($ymax > $ymin) {
for($x = $ymax; $x >= $ymin; $x --) {
$sel = (($x == $y) ? " selected=\"selected\" " : "");
$o .= "<option value=\"$x\" $sel>$x</option>";
}
}
else {
for($x = $ymax; $x <= $ymin; $x ++) {
$sel = (($x == $y) ? " selected=\"selected\" " : "");
$o .= "<option value=\"$x\" $sel>$x</option>";
}
}
if(strlen($f)) {
for($z = 0; $z < strlen($f); $z ++) {
if($f[$z] === 'y') {
$o .= "<select name=\"{$pre}year\" class=\"{$pre}year\" size=\"1\">";
if($allow_blank) {
$sel = (($y == '0000') ? " selected=\"selected\" " : "");
$o .= "<option value=\"0000\" $sel ></option>";
}
if($ymax > $ymin) {
for($x = $ymax; $x >= $ymin; $x --) {
$sel = (($x == $y) ? " selected=\"selected\" " : "");
$o .= "<option value=\"$x\" $sel>$x</option>";
}
}
else {
for($x = $ymax; $x <= $ymin; $x ++) {
$sel = (($x == $y) ? " selected=\"selected\" " : "");
$o .= "<option value=\"$x\" $sel>$x</option>";
}
}
}
elseif($f[$z] == 'm') {
$o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">";
for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) {
$sel = (($x == $m) ? " selected=\"selected\" " : "");
$y = (($x) ? $x : '');
$o .= "<option value=\"$x\" $sel>$y</option>";
}
$o .= "</select> <select name=\"{$pre}month\" class=\"{$pre}month\" size=\"1\">";
for($x = (($allow_blank) ? 0 : 1); $x <= 12; $x ++) {
$sel = (($x == $m) ? " selected=\"selected\" " : "");
$y = (($x) ? $x : '');
$o .= "<option value=\"$x\" $sel>$y</option>";
}
}
elseif($f[$z] == 'd') {
$o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">";
for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) {
$sel = (($x == $d) ? " selected=\"selected\" " : "");
$y = (($x) ? $x : '');
$o .= "<option value=\"$x\" $sel>$y</option>";
$o .= "</select> <select name=\"{$pre}day\" class=\"{$pre}day\" size=\"1\">";
for($x = (($allow_blank) ? 0 : 1); $x <= 31; $x ++) {
$sel = (($x == $d) ? " selected=\"selected\" " : "");
$y = (($x) ? $x : '');
$o .= "<option value=\"$x\" $sel>$y</option>";
}
}
}
}
$o .= "</select>";

815
include/diaspora.php Normal file
View File

@@ -0,0 +1,815 @@
<?php
require_once('include/crypto.php');
require_once('include/items.php');
function get_diaspora_key($uri) {
$key = '';
logger('Fetching diaspora key for: ' . $uri);
$arr = lrdd($uri);
if(is_array($arr)) {
foreach($arr as $a) {
if($a['@attributes']['rel'] === 'diaspora-public-key') {
$key = base64_decode($a['@attributes']['href']);
}
}
}
else {
return '';
}
if($key)
return rsatopem($key);
return '';
}
function diaspora_base_message($type,$data) {
$tpl = get_markup_template('diaspora_' . $type . '.tpl');
if(! $tpl)
return '';
return replace_macros($tpl,$data);
}
function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey) {
$a = get_app();
$inner_aes_key = random_string(32);
$b_inner_aes_key = base64_encode($inner_aes_key);
$inner_iv = random_string(32);
$b_inner_iv = base64_encode($inner_iv);
$outer_aes_key = random_string(32);
$b_outer_aes_key = base64_encode($outer_aes_key);
$outer_iv = random_string(32);
$b_outer_iv = base64_encode($outer_iv);
$handle = 'acct:' . $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$padded_data = pkcs5_pad($msg,16);
$inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv);
$b64_data = base64_encode($inner_encrypted);
$b64url_data = base64url_encode($b64_data);
$b64url_stripped = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data);
$lines = str_split($b64url_stripped,60);
$data = implode("\n",$lines);
$data = $data . (($data[-1] != "\n") ? "\n" : '') ;
$type = 'application/atom+xml';
$encoding = 'base64url';
$alg = 'RSA-SHA256';
$signable_data = $data . '.' . base64url_encode($type) . "\n" . '.'
. base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
$signature = rsa_sign($signable_data,$prvkey);
$sig = base64url_encode($signature);
$decrypted_header = <<< EOT
<decrypted_header>
<iv>$b_inner_iv</iv>
<aes_key>$b_inner_aes_key</aes_key>
<author>
<name>{$user['username']}</name>
<uri>$handle</uri>
</author>
</decrypted_header>
EOT;
$decrypted_header = pkcs5_pad($decrypted_header,16);
$ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv);
$outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key));
$encrypted_outer_key_bundle = '';
openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey);
$b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle);
$encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle),
'ciphertext' => base64_encode($ciphertext)));
$encrypted_header = '<encrypted_header>' . base64_encode($encrypted_header_json_object) . '</encrypted_header>';
$magic_env = <<< EOT
<?xml version='1.0' encoding='UTF-8'?>
<entry xmlns='http://www.w3.org/2005/Atom'>
$encrypted_header
<me:env xmlns:me="http://salmon-protocol.org/ns/magic-env">
<me:encoding>base64url</me:encoding>
<me:alg>RSA-SHA256</me:alg>
<me:data type="application/atom+xml">$data</me:data>
<me:sig>$sig</me:sig>
</me:env>
</entry>
EOT;
return $magic_env;
}
/**
*
* diaspora_decode($importer,$xml)
* array $importer -> from user table
* string $xml -> urldecoded Diaspora salmon
*
* Returns array
* 'message' -> decoded Diaspora XML message
* 'author' -> author diaspora handle
* 'key' -> author public key (converted to pkcs#8)
*
* Author and key are used elsewhere to save a lookup for verifying replies and likes
*/
function diaspora_decode($importer,$xml) {
$basedom = parse_xml_string($xml);
$atom = $basedom->children(NAMESPACE_ATOM1);
// Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace
$encrypted_header = json_decode(base64_decode($atom->encrypted_header));
$encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key);
$ciphertext = base64_decode($encrypted_header->ciphertext);
$outer_key_bundle = '';
openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']);
$j_outer_key_bundle = json_decode($outer_key_bundle);
$outer_iv = base64_decode($j_outer_key_bundle->iv);
$outer_key = base64_decode($j_outer_key_bundle->key);
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv);
$decrypted = pkcs5_unpad($decrypted);
/**
* $decrypted now contains something like
*
* <decrypted_header>
* <iv>8e+G2+ET8l5BPuW0sVTnQw==</iv>
* <aes_key>UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU=</aes_key>
* <author>
* <name>Ryan Hughes</name>
* <uri>acct:galaxor@diaspora.pirateship.org</uri>
* </author>
* </decrypted_header>
*/
logger('decrypted: ' . $decrypted);
$idom = parse_xml_string($decrypted,false);
$inner_iv = base64_decode($idom->iv);
$inner_aes_key = base64_decode($idom->aes_key);
$author_link = str_replace('acct:','',$idom->author->uri);
$dom = $basedom->children(NAMESPACE_SALMON_ME);
// figure out where in the DOM tree our data is hiding
if($dom->provenance->data)
$base = $dom->provenance;
elseif($dom->env->data)
$base = $dom->env;
elseif($dom->data)
$base = $dom;
if(! $base) {
logger('mod-diaspora: unable to locate salmon data in xml ');
http_status_exit(400);
}
// Stash the signature away for now. We have to find their key or it won't be good for anything.
$signature = base64url_decode($base->sig);
// unpack the data
// strip whitespace so our data element will return to one big base64 blob
$data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data);
// Add back the 60 char linefeeds
// Diaspora devs: This completely violates the entire principle of salmon magic signatures,
// which was to have a message signing format that was completely ambivalent to linefeeds
// and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby
// use different linelengths for base64 output.
$lines = str_split($data,60);
$data = implode("\n",$lines);
// stash away some other stuff for later
$type = $base->data[0]->attributes()->type[0];
$keyhash = $base->sig[0]->attributes()->keyhash[0];
$encoding = $base->encoding;
$alg = $base->alg;
// Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec.
$signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n";
// decode the data
$data = base64url_decode($data);
// Now pull out the inner encrypted blob
$inner_encrypted = base64_decode($data);
$inner_decrypted =
$inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv);
$inner_decrypted = pkcs5_unpad($inner_decrypted);
if(! $author_link) {
logger('mod-diaspora: Could not retrieve author URI.');
http_status_exit(400);
}
// Once we have the author URI, go to the web and try to find their public key
// *** or look it up locally ***
logger('mod-diaspora: Fetching key for ' . $author_link );
// Get diaspora public key (pkcs#1) and convert to pkcs#8
$key = get_diaspora_key($author_link);
if(! $key) {
logger('mod-diaspora: Could not retrieve author key.');
http_status_exit(400);
}
$verify = rsa_verify($signed_data,$signature,$key);
if(! $verify) {
logger('mod-diaspora: Message did not verify. Discarding.');
http_status_exit(400);
}
logger('mod-diaspora: Message verified.');
return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key);
}
function diaspora_get_contact_by_handle($uid,$handle) {
$r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `addr` = '%s' LIMIT 1",
dbesc(NETWORK_DIASPORA),
intval($uid),
dbesc($handle)
);
if($r && count($r))
return $r[0];
return false;
}
function find_person_by_handle($handle) {
// we don't care about the uid, we just want to save an expensive webfinger probe
$r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1",
dbesc(NETWORK_DIASPORA),
dbesc($handle)
);
if(count($r))
return $r[0];
$r = probe_url($handle);
// need to cached this, perhaps in fcontact
if(count($r))
return ($r);
return false;
}
function diaspora_request($importer,$xml) {
$sender_handle = unxmlify($xml->sender_handle);
$recipient_handle = unxmlify($xml->recipient_handle);
if(! $sender_handle || ! $recipient_handle)
return;
$contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle);
if($contact) {
// perhaps we were already sharing with this person. Now they're sharing with us.
// That makes us friends.
if($contact['rel'] == CONTACT_IS_FOLLOWER) {
q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval(CONTACT_IS_FRIEND),
intval($contact['id']),
intval($importer['uid'])
);
}
// send notification?
return;
}
require_once('include/Scrape.php');
$ret = probe_url($sender_handle);
if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) {
logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle);
return;
}
$r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`)
VALUES ( %d, '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ",
intval($importer['uid']),
dbesc($ret['network']),
dbesc($ret['addr']),
datetime_convert(),
dbesc($ret['url']),
dbesc($ret['name']),
dbesc($ret['nick']),
dbesc($ret['photo']),
dbesc($ret['pubkey']),
dbesc($ret['notify']),
dbesc($ret['poll']),
1,
2
);
// find the contact record we just created
$contact_record = diaspora_get_contact_by_handle($importer['uid'],$sender_handle);
$hash = random_string() . (string) time(); // Generate a confirm_key
if($contact_record) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`,`blocked`)
VALUES ( %d, %d, 1, %d, '%s', '%s', '%s', 0 )",
intval($importer['uid']),
intval($contact_record['id']),
0,
dbesc( t('Sharing notification from Diaspora network')),
dbesc($hash),
dbesc(datetime_convert())
);
}
return;
}
function diaspora_post($importer,$xml) {
$guid = notags(unxmlify($xml->guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
logger('diaspora_post: Ignoring this author.');
http_status_exit(202);
// NOTREACHED
}
$message_id = $diaspora_handle . ':' . $guid;
$r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($message_id),
dbesc($guid)
);
if(count($r))
return;
// allocate a guid on our system - we aren't fixing any collisions.
// we're ignoring them
$g = q("select * from guid where guid = '%s' limit 1",
dbesc($guid)
);
if(! count($g)) {
q("insert into guid ( guid ) values ( '%s' )",
dbesc($guid)
);
}
$created = unxmlify($xml->created_at);
$private = ((unxmlify($xml->public) == 'false') ? 1 : 0);
$body = unxmlify($xml->raw_message);
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
$maxlen = get_max_import_size();
if($maxlen && (strlen($body) > $maxlen))
$body = substr($body,0, $maxlen);
if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
$body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
'[youtube]$1[/youtube]', $body);
$body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
'[youtube]$1[/youtube]', $body);
$body = oembed_html2bbcode($body);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
$body = $purifier->purify($body);
$body = html2bbcode($body);
}
$datarray = array();
$datarray['uid'] = $importer['uid'];
$datarray['contact-id'] = $contact['id'];
$datarray['wall'] = 0;
$datarray['guid'] = $guid;
$datarray['uri'] = $datarray['parent-uri'] = $message_id;
$datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created);
$datarray['private'] = $private;
$datarray['parent'] = 0;
$datarray['owner-name'] = $contact['name'];
$datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = $contact['thumb'];
$datarray['author-name'] = $contact['name'];
$datarray['author-link'] = $contact['url'];
$datarray['author-avatar'] = $contact['thumb'];
$datarray['body'] = $body;
item_store($datarray);
return;
}
function diaspora_comment($importer,$xml,$msg) {
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$target_type = notags(unxmlify($xml->target_type));
$text = unxmlify($xml->text);
$author_signature = notags(unxmlify($xml->author_signature));
$parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : '');
$text = $xml->text;
$contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']);
if(! $contact)
return;
if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
logger('diaspora_comment: Ignoring this author.');
http_status_exit(202);
// NOTREACHED
}
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($parent_guid)
);
if(! count($r)) {
logger('diaspora_comment: parent item not found: ' . $guid);
return;
}
$parent_item = $r[0];
$author_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle;
$author_signature = base64_decode($author_signature);
if(stricmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
$person = find_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
else {
logger('diaspora_comment: unable to find author details');
return;
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
logger('diaspora_comment: verification failed.');
return;
}
if($parent_author_signature) {
$owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author'];
$parent_author_signature = base64_decode($parent_author_signature);
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
logger('diaspora_comment: owner verification failed.');
return;
}
}
// Phew! Everything checks out. Now create an item.
require_once('library/HTMLPurifier.auto.php');
require_once('include/html2bbcode.php');
$body = $text;
$maxlen = get_max_import_size();
if($maxlen && (strlen($body) > $maxlen))
$body = substr($body,0, $maxlen);
if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
$body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
'[youtube]$1[/youtube]', $body);
$body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s',
'[youtube]$1[/youtube]', $body);
$body = oembed_html2bbcode($body);
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.DefinitionImpl', null);
$purifier = new HTMLPurifier($config);
$body = $purifier->purify($body);
$body = html2bbcode($body);
}
$message_id = $diaspora_handle . ':' . $guid;
$datarray = array();
$datarray['uid'] = $importer['uid'];
$datarray['contact-id'] = $contact['id'];
$datarray['wall'] = $parent_item['wall'];
$datarray['gravity'] = GRAVITY_COMMENT;
$datarray['guid'] = $guid;
$datarray['uri'] = $message_id;
$datarray['parent-uri'] = $parent_item['uri'];
// No timestamps for comments? OK, we'll the use current time.
$datarray['created'] = $datarray['edited'] = datetime_convert();
$datarray['private'] = $parent_item['private'];
$datarray['owner-name'] = $contact['name'];
$datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = $contact['thumb'];
$datarray['author-name'] = $person['name'];
$datarray['author-link'] = $person['url'];
$datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$datarray['body'] = $body;
item_store($datarray);
return;
}
function diaspora_like($importer,$xml,$msg) {
$guid = notags(unxmlify($xml->guid));
$parent_guid = notags(unxmlify($xml->parent_guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$target_type = notags(unxmlify($xml->target_type));
$positive = notags(unxmlify($xml->positive));
$author_signature = notags(unxmlify($xml->author_signature));
$parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : '');
// likes on comments not supported here and likes on photos not supported by Diaspora
if($target_type !== 'Post')
return;
$contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']);
if(! $contact)
return;
if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
logger('diaspora_like: Ignoring this author.');
http_status_exit(202);
// NOTREACHED
}
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($parent_guid)
);
if(! count($r)) {
logger('diaspora_like: parent item not found: ' . $guid);
return;
}
$parent_item = $r[0];
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1",
intval($importer['uid']),
dbesc($guid)
);
if(count($r)) {
if($positive === 'true') {
logger('diaspora_like: duplicate like: ' . $guid);
return;
}
if($positive === 'false') {
q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($r[0]['id']),
intval($importer['uid'])
);
// FIXME
// send notification via proc_run()
return;
}
}
if($positive === 'false') {
logger('diaspora_like: unlike received with no corresponding like');
return;
}
$author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle;
$author_signature = base64_decode($author_signature);
if(stricmp($diaspora_handle,$msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
}
else {
$person = find_person_by_handle($diaspora_handle);
if(is_array($person) && x($person,'pubkey'))
$key = $person['pubkey'];
else {
logger('diaspora_comment: unable to find author details');
return;
}
}
if(! rsa_verify($author_signed_data,$author_signature,$key)) {
logger('diaspora_like: verification failed.');
return;
}
if($parent_author_signature) {
$owner_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $msg['author'];
$parent_author_signature = base64_decode($parent_author_signature);
$key = $msg['key'];
if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) {
logger('diaspora_like: owner verification failed.');
return;
}
}
// Phew! Everything checks out. Now create an item.
$uri = $diaspora_handle . ':' . $guid;
$activity = ACTIVITY_LIKE;
$post_type = (($parent_item['resource-id']) ? t('photo') : t('status'));
$objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
$link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . '" />' . "\n") ;
$body = $parent_item['body'];
$obj = <<< EOT
<object>
<type>$objtype</type>
<local>1</local>
<id>{$parent_item['uri']}</id>
<link>$link</link>
<title></title>
<content>$body</content>
</object>
EOT;
$bodyverb = t('%1$s likes %2$s\'s %3$s');
$arr = array();
$arr['uri'] = $uri;
$arr['uid'] = $importer['uid'];
$arr['contact-id'] = $contact['id'];
$arr['type'] = 'activity';
$arr['wall'] = $parent_item['wall'];
$arr['gravity'] = GRAVITY_LIKE;
$arr['parent'] = $parent_item['id'];
$arr['parent-uri'] = $parent_item['uri'];
$datarray['owner-name'] = $contact['name'];
$datarray['owner-link'] = $contact['url'];
$datarray['owner-avatar'] = $contact['thumb'];
$datarray['author-name'] = $person['name'];
$datarray['author-link'] = $person['url'];
$datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']);
$ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]';
$alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]';
$plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]';
$arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink );
$arr['private'] = $parent_item['private'];
$arr['verb'] = $activity;
$arr['object-type'] = $objtype;
$arr['object'] = $obj;
$arr['visible'] = 1;
$arr['unseen'] = 1;
$arr['last-child'] = 0;
$post_id = item_store($arr);
// FIXME send notification
}
function diaspora_retraction($importer,$xml) {
$guid = notags(unxmlify($xml->guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle);
if(! $contact)
return;
// if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) {
// logger('diaspora_retraction: Ignoring this author.');
// http_status_exit(202);
// // NOTREACHED
// }
}
function diaspora_share($me,$contact) {
$a = get_app();
$myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
$tpl = get_markup_template('diaspora_share.tpl');
$msg = replace_macros($tpl, array(
'$sender' => myaddr,
'$recipient' => $theiraddr
));
$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']));
post_url($contact['notify'],$slap);
$return_code = $a->get_curl_code();
return $return_code;
}
function diaspora_send_status($item,$owner,$contact) {
$a = get_app();
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr'];
require_once('include/bbcode.php');
$body = xmlify(bbcode($item['body']));
$public = (($item['private']) ? 'false' : 'true');
require_once('include/datetime.php');
$created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d h:i:s \U\T\C');
$tpl = get_markup_template('diaspora_post.tpl');
$msg = replace_macros($tpl, array(
'$body' => $body,
'$guid' => $item['guid'],
'$handle' => xmlify($myaddr),
'$public' => $public,
'$created' => $created
));
logger('diaspora_send_status: base message: ' . $msg, LOGGER_DATA);
$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey']));
post_url($contact['notify'],$slap);
$return_code = $a->get_curl_code();
logger('diaspora_send_status: returns: ' . $return_code);
return $return_code;
}

13
include/event.php
View File

@@ -197,6 +197,7 @@ function event_store($arr) {
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['cid'] = ((intval($arr['cid'])) ? intval($arr['cid']) : 0);
$arr['uri'] = (x($arr,'uri') ? $arr['uri'] : item_new_uri($a->get_hostname(),$arr['uid']));
$arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0);
if($arr['cid'])
$c = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
@@ -275,7 +276,7 @@ function event_store($arr) {
$object .= '</object>' . "\n";
q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s', `private` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc(format_event_bbcode($arr)),
dbesc($object),
dbesc($arr['allow_cid']),
@@ -283,6 +284,7 @@ function event_store($arr) {
dbesc($arr['deny_cid']),
dbesc($arr['deny_gid']),
dbesc($arr['edited']),
intval($arr['private']),
intval($r[0]['id']),
intval($arr['uid'])
);
@@ -341,10 +343,11 @@ function event_store($arr) {
$item_arr['author-link'] = $contact['url'];
$item_arr['author-avatar'] = $contact['thumb'];
$item_arr['title'] = '';
$item_arr['allow_cid'] = $str_contact_allow;
$item_arr['allow_gid'] = $str_group_allow;
$item_arr['deny_cid'] = $str_contact_deny;
$item_arr['deny_gid'] = $str_group_deny;
$item_arr['allow_cid'] = $arr['allow_cid'];
$item_arr['allow_gid'] = $arr['allow_gid'];
$item_arr['deny_cid'] = $arr['deny_cid'];
$item_arr['deny_gid'] = $arr['deny_gid'];
$item_arr['private'] = $arr['private'];
$item_arr['last-child'] = 1;
$item_arr['visible'] = 1;
$item_arr['verb'] = ACTIVITY_POST;

28
include/group.php
View File

@@ -136,7 +136,7 @@ function group_public_members($gid) {
function group_side($every="contacts",$each="group",$edit = false, $group_id = 0) {
function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = 0) {
$o = '';
@@ -160,10 +160,19 @@ EOT;
$r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC",
intval($_SESSION['uid'])
);
if($cid) {
$member_of = groups_containing(local_user(),$cid);
}
if(count($r)) {
foreach($r as $rr) {
$selected = (($group_id == $rr['id']) ? ' class="group-selected" ' : '');
$o .= ' <li class="sidebar-group-li">' . (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit') . "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "") . "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
$o .= ' <li class="sidebar-group-li">'
. (($edit) ? "<a href=\"group/{$rr['id']}\" title=\"" . t('Edit')
. "\" ><img src=\"images/spencil.gif\" alt=\"" . t('Edit') . "\"></a> " : "")
. (($cid) ? '<input type="checkbox" class="' . (($selected) ? 'ticked' : 'unticked') . '" onclick="contactgroupChangeMember(' . $rr['id'] . ',' . $cid . ');return true;" '
. ((in_array($rr['id'],$member_of)) ? ' checked="checked" ' : '') . '/>' : '')
. "<a href=\"$each/{$rr['id']}\" $selected >{$rr['name']}</a></li>\r\n";
}
}
$o .= " </ul>\r\n </div>";
@@ -204,3 +213,18 @@ function member_of($c) {
}
function groups_containing($uid,$c) {
$r = q("SELECT `gid` FROM `group_member` WHERE `uid` = %d AND `group_member`.`contact-id` = %d ",
intval($uid),
intval($c)
);
$ret = array();
if(count($r)) {
foreach($r as $rr)
$ret[] = $rr['gid'];
}
return $ret;
}

12
include/hostxrd.php
View File

@@ -1,12 +0,0 @@
<?php
function hostxrd($baseurl) {
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = file_get_contents('view/xrd_host.tpl');
echo str_replace('$domain',$baseurl,$tpl);
session_write_close();
exit();
}

46
include/items.php
View File

@@ -6,7 +6,6 @@ require_once('include/salmon.php');
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
// default permissions - anonymous user
if(! strlen($owner_nick))
@@ -113,7 +112,7 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
$items = $r;
$feed_template = get_markup_template('atom_feed.tpl');
$feed_template = get_markup_template(($dfrn_id) ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
$atom = '';
@@ -154,6 +153,9 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
if($dfrn_id === '') {
$type = 'html';
// catch any email that's in a public conversation and make sure it doesn't leak
if($item['private'])
continue;
}
else {
$type = 'text';
@@ -485,7 +487,6 @@ function get_atom_elements($feed,$item) {
if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow'))
$res['verb'] = ACTIVITY_UNFOLLOW;
$cats = $item->get_categories();
if($cats) {
$tag_arr = array();
@@ -520,7 +521,7 @@ function get_atom_elements($feed,$item) {
if(! $type)
$type = 'application/octet-stream';
$att_arr[] = '[attach]href="' . $link . '" size="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
$att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
}
$res['attach'] = implode(',', $att_arr);
}
@@ -720,6 +721,13 @@ function item_store($arr,$force_parent = false) {
if($r[0]['uri'] != $r[0]['parent-uri']) {
$arr['thr-parent'] = $arr['parent-uri'];
$arr['parent-uri'] = $r[0]['parent-uri'];
$z = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `parent-uri` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['parent-uri']),
dbesc($r[0]['parent-uri']),
intval($arr['uid'])
);
if($z && count($z))
$r = $z;
}
$parent_id = $r[0]['id'];
@@ -749,6 +757,8 @@ function item_store($arr,$force_parent = false) {
}
}
$arr['guid'] = get_guid();
call_hooks('post_remote',$arr);
dbesc_array($arr);
@@ -917,7 +927,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['dissolve'] = '1';
if((($contact['rel']) && ($contact['rel'] != REL_FAN) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
$postvars['data'] = $atom;
$postvars['perm'] = 'rw';
}
@@ -997,6 +1007,11 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
require_once('library/simplepie/simplepie.inc');
if(! strlen($xml)) {
logger('consume_feed: empty input');
return;
}
$feed = new SimplePie();
$feed->set_raw_data($xml);
if($datedir)
@@ -1023,7 +1038,9 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
if(count($hubs))
$hub = implode(',', $hubs);
$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
$rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner');
if(! $rawtags)
$rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
if($rawtags) {
$elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
@@ -1349,6 +1366,7 @@ function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $secure_fee
$ev['uid'] = $importer['uid'];
$ev['uri'] = $item_id;
$ev['edited'] = $datarray['edited'];
$ev['private'] = $datarray['private'];
if(is_array($contact))
$ev['cid'] = $contact['id'];
@@ -1444,9 +1462,9 @@ function new_follower($importer,$contact,$datarray,$item) {
$nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'];
if(is_array($contact)) {
if($contact['network'] == 'stat' && $contact['rel'] == REL_FAN) {
if($contact['network'] == 'stat' && $contact['rel'] == CONTACT_IS_SHARING) {
$r = q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval(REL_BUD),
intval(CONTACT_IS_FRIEND),
intval($contact['id']),
intval($importer['uid'])
);
@@ -1468,12 +1486,12 @@ function new_follower($importer,$contact,$datarray,$item) {
dbesc($nick),
dbesc($photo),
dbesc('stat'),
intval(REL_VIP)
intval(CONTACT_IS_FOLLOWER)
);
$r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 AND `rel` = %d LIMIT 1",
intval($importer['uid']),
dbesc($url),
intval(REL_VIP)
intval(CONTACT_IS_FOLLOWER)
);
if(count($r))
$contact_record = $r[0];
@@ -1518,9 +1536,9 @@ function new_follower($importer,$contact,$datarray,$item) {
function lose_follower($importer,$contact,$datarray,$item) {
if(($contact['rel'] == REL_BUD) || ($contact['rel'] == REL_FAN)) {
if(($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_SHARING)) {
q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d LIMIT 1",
intval(REL_FAN),
intval(CONTACT_IS_SHARING),
intval($contact['id'])
);
}
@@ -1726,11 +1744,11 @@ function item_getfeedattach($item) {
if(count($arr)) {
foreach($arr as $r) {
$matches = false;
$cnt = preg_match('|\[attach\]href=\"(.*?)\" size=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
$cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
if($cnt) {
$ret .= '<link rel="enclosure" href="' . xmlify($matches[1]) . '" type="' . xmlify($matches[3]) . '" ';
if(intval($matches[2]))
$ret .= 'size="' . intval($matches[2]) . '" ';
$ret .= 'length="' . intval($matches[2]) . '" ';
if($matches[4] !== ' ')
$ret .= 'title="' . xmlify(trim($matches[4])) . '" ';
$ret .= ' />' . "\r\n";

12
include/main.js
View File

@@ -194,7 +194,8 @@
else {
$('#' + ident + ' ' + '.wall-item-ago').replaceWith($(this).find('.wall-item-ago'));
$('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper'));
if($('#' + ident + ' ' + '.comment-edit-text-empty').length)
$('#' + ident + ' ' + '.wall-item-comment-wrapper').replaceWith($(this).find('.wall-item-comment-wrapper'));
$('#' + ident + ' ' + '.wall-item-like').replaceWith($(this).find('.wall-item-like'));
$('#' + ident + ' ' + '.wall-item-dislike').replaceWith($(this).find('.wall-item-dislike'));
$('#' + ident + ' ' + '.my-comment-photo').each(function() {
@@ -361,6 +362,14 @@
});
}
function contactgroupChangeMember(gid,cid) {
$('body').css('cursor', 'wait');
$.get('contactgroup/' + gid + '/' + cid, function(data) {
$('body').css('cursor', 'auto');
});
}
function checkboxhighlight(box) {
if($(box).is(':checked')) {
$(box).addClass('checkeditem');
@@ -414,3 +423,4 @@ Array.prototype.remove = function(item) {
this.length = from < 0 ? this.length + from : from;
return this.push.apply(this, rest);
};

695
include/network.php Normal file
View File

@@ -0,0 +1,695 @@
<?php
// curl wrapper. If binary flag is true, return binary
// results.
if(! function_exists('fetch_url')) {
function fetch_url($url,$binary = false, &$redirects = 0, $timeout = 0) {
$a = get_app();
$ch = curl_init($url);
if(($redirects > 8) || (! $ch))
return false;
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
if(intval($timeout)) {
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
}
else {
$curl_time = intval(get_config('system','curl_timeout'));
curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
}
// by default we will allow self-signed certs
// but you can override this
$check_cert = get_config('system','verifyssl');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
$prx = get_config('system','proxy');
if(strlen($prx)) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $prx);
$prxusr = get_config('system','proxyuser');
if(strlen($prxusr))
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
}
if($binary)
curl_setopt($ch, CURLOPT_BINARYTRANSFER,1);
$a->set_curl_code(0);
// don't let curl abort the entire application
// if it throws any errors.
$s = @curl_exec($ch);
$base = $s;
$curl_info = curl_getinfo($ch);
$http_code = $curl_info['http_code'];
$header = '';
// Pull out multiple headers, e.g. proxy and continuation headers
// allow for HTTP/2.x without fixing code
while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
$header .= $chunk;
$base = substr($base,strlen($chunk));
}
if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307) {
$matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches));
$url_parsed = @parse_url($url);
if (isset($url_parsed)) {
$redirects++;
return fetch_url($url,$binary,$redirects,$timeout);
}
}
$a->set_curl_code($http_code);
$body = substr($s,strlen($header));
$a->set_curl_headers($header);
curl_close($ch);
return($body);
}}
// post request to $url. $params is an array of post variables.
if(! function_exists('post_url')) {
function post_url($url,$params, $headers = null, &$redirects = 0, $timeout = 0) {
$a = get_app();
$ch = curl_init($url);
if(($redirects > 8) || (! $ch))
return false;
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,$params);
curl_setopt($ch, CURLOPT_USERAGENT, "Friendika");
if(intval($timeout)) {
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
}
else {
$curl_time = intval(get_config('system','curl_timeout'));
curl_setopt($ch, CURLOPT_TIMEOUT, (($curl_time !== false) ? $curl_time : 60));
}
if(defined('LIGHTTPD')) {
if(!is_array($headers)) {
$headers = array('Expect:');
} else {
if(!in_array('Expect:', $headers)) {
array_push($headers, 'Expect:');
}
}
}
if($headers)
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$check_cert = get_config('system','verifyssl');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, (($check_cert) ? true : false));
$prx = get_config('system','proxy');
if(strlen($prx)) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
curl_setopt($ch, CURLOPT_PROXY, $prx);
$prxusr = get_config('system','proxyuser');
if(strlen($prxusr))
curl_setopt($ch, CURLOPT_PROXYUSERPWD, $prxusr);
}
$a->set_curl_code(0);
// don't let curl abort the entire application
// if it throws any errors.
$s = @curl_exec($ch);
$base = $s;
$curl_info = curl_getinfo($ch);
$http_code = $curl_info['http_code'];
$header = '';
// Pull out multiple headers, e.g. proxy and continuation headers
// allow for HTTP/2.x without fixing code
while(preg_match('/^HTTP\/[1-2].+? [1-5][0-9][0-9]/',$base)) {
$chunk = substr($base,0,strpos($base,"\r\n\r\n")+4);
$header .= $chunk;
$base = substr($base,strlen($chunk));
}
if($http_code == 301 || $http_code == 302 || $http_code == 303) {
$matches = array();
preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
$url = trim(array_pop($matches));
$url_parsed = @parse_url($url);
if (isset($url_parsed)) {
$redirects++;
return post_url($url,$params,$headers,$redirects,$timeout);
}
}
$a->set_curl_code($http_code);
$body = substr($s,strlen($header));
$a->set_curl_headers($header);
curl_close($ch);
return($body);
}}
// Generic XML return
// Outputs a basic dfrn XML status structure to STDOUT, with a <status> variable
// of $st and an optional text <message> of $message and terminates the current process.
if(! function_exists('xml_status')) {
function xml_status($st, $message = '') {
$xml_message = ((strlen($message)) ? "\t<message>" . xmlify($message) . "</message>\r\n" : '');
if($st)
logger('xml_status returning non_zero: ' . $st . " message=" . $message);
header( "Content-type: text/xml" );
echo '<?xml version="1.0" encoding="UTF-8"?>'."\r\n";
echo "<result>\r\n\t<status>$st</status>\r\n$xml_message</result>\r\n";
killme();
}}
if(! function_exists('http_status_exit')) {
function http_status_exit($val) {
if($val >= 400)
$err = 'Error';
if($val >= 200 && $val < 300)
$err = 'OK';
logger('http_status_exit ' . $val);
header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err);
killme();
}}
// convert an XML document to a normalised, case-corrected array
// used by webfinger
if(! function_exists('convert_xml_element_to_array')) {
function convert_xml_element_to_array($xml_element, &$recursion_depth=0) {
// If we're getting too deep, bail out
if ($recursion_depth > 512) {
return(null);
}
if (!is_string($xml_element) &&
!is_array($xml_element) &&
(get_class($xml_element) == 'SimpleXMLElement')) {
$xml_element_copy = $xml_element;
$xml_element = get_object_vars($xml_element);
}
if (is_array($xml_element)) {
$result_array = array();
if (count($xml_element) <= 0) {
return (trim(strval($xml_element_copy)));
}
foreach($xml_element as $key=>$value) {
$recursion_depth++;
$result_array[strtolower($key)] =
convert_xml_element_to_array($value, $recursion_depth);
$recursion_depth--;
}
if ($recursion_depth == 0) {
$temp_array = $result_array;
$result_array = array(
strtolower($xml_element_copy->getName()) => $temp_array,
);
}
return ($result_array);
} else {
return (trim(strval($xml_element)));
}
}}
// Given an email style address, perform webfinger lookup and
// return the resulting DFRN profile URL, or if no DFRN profile URL
// is located, returns an OStatus subscription template (prefixed
// with the string 'stat:' to identify it as on OStatus template).
// If this isn't an email style address just return $s.
// Return an empty string if email-style addresses but webfinger fails,
// or if the resultant personal XRD doesn't contain a supported
// subscription/friend-request attribute.
if(! function_exists('webfinger_dfrn')) {
function webfinger_dfrn($s) {
if(! strstr($s,'@')) {
return $s;
}
$links = webfinger($s);
logger('webfinger_dfrn: ' . $s . ':' . print_r($links,true), LOGGER_DATA);
if(count($links)) {
foreach($links as $link)
if($link['@attributes']['rel'] === NAMESPACE_DFRN)
return $link['@attributes']['href'];
foreach($links as $link)
if($link['@attributes']['rel'] === NAMESPACE_OSTATUSSUB)
return 'stat:' . $link['@attributes']['template'];
}
return '';
}}
// Given an email style address, perform webfinger lookup and
// return the array of link attributes from the personal XRD file.
// On error/failure return an empty array.
if(! function_exists('webfinger')) {
function webfinger($s) {
$host = '';
if(strstr($s,'@')) {
$host = substr($s,strpos($s,'@') + 1);
}
if(strlen($host)) {
$tpl = fetch_lrdd_template($host);
logger('webfinger: lrdd template: ' . $tpl);
if(strlen($tpl)) {
$pxrd = str_replace('{uri}', urlencode('acct:' . $s), $tpl);
logger('webfinger: pxrd: ' . $pxrd);
$links = fetch_xrd_links($pxrd);
if(! count($links)) {
// try with double slashes
$pxrd = str_replace('{uri}', urlencode('acct://' . $s), $tpl);
logger('webfinger: pxrd: ' . $pxrd);
$links = fetch_xrd_links($pxrd);
}
return $links;
}
}
return array();
}}
if(! function_exists('lrdd')) {
function lrdd($uri) {
$a = get_app();
// default priority is host priority, host-meta first
$priority = 'host';
// All we have is an email address. Resource-priority is irrelevant
// because our URI isn't directly resolvable.
if(strstr($uri,'@')) {
return(webfinger($uri));
}
// get the host meta file
$host = @parse_url($uri);
if($host) {
$url = ((x($host,'scheme')) ? $host['scheme'] : 'http') . '://';
$url .= $host['host'] . '/.well-known/host-meta' ;
}
else
return array();
logger('lrdd: constructed url: ' . $url);
$xml = fetch_url($url);
$headers = $a->get_curl_headers();
if (! $xml)
return array();
logger('lrdd: host_meta: ' . $xml, LOGGER_DATA);
$h = parse_xml_string($xml);
if(! $h)
return array();
$arr = convert_xml_element_to_array($h);
if(isset($arr['xrd']['property'])) {
$property = $arr['crd']['property'];
if(! isset($property[0]))
$properties = array($property);
else
$properties = $property;
foreach($properties as $prop)
if((string) $prop['@attributes'] === 'http://lrdd.net/priority/resource')
$priority = 'resource';
}
// save the links in case we need them
$links = array();
if(isset($arr['xrd']['link'])) {
$link = $arr['xrd']['link'];
if(! isset($link[0]))
$links = array($link);
else
$links = $link;
}
// do we have a template or href?
if(count($links)) {
foreach($links as $link) {
if($link['@attributes']['rel'] && attribute_contains($link['@attributes']['rel'],'lrdd')) {
if(x($link['@attributes'],'template'))
$tpl = $link['@attributes']['template'];
elseif(x($link['@attributes'],'href'))
$href = $link['@attributes']['href'];
}
}
}
if((! isset($tpl)) || (! strpos($tpl,'{uri}')))
$tpl = '';
if($priority === 'host') {
if(strlen($tpl))
$pxrd = str_replace('{uri}', urlencode($uri), $tpl);
elseif(isset($href))
$pxrd = $href;
if(isset($pxrd)) {
logger('lrdd: (host priority) pxrd: ' . $pxrd);
$links = fetch_xrd_links($pxrd);
return $links;
}
$lines = explode("\n",$headers);
if(count($lines)) {
foreach($lines as $line) {
if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) {
return(fetch_xrd_links($matches[1]));
break;
}
}
}
}
// priority 'resource'
$html = fetch_url($uri);
$headers = $a->get_curl_headers();
logger('lrdd: headers=' . $headers, LOGGER_DEBUG);
// don't try and parse raw xml as html
if(! strstr($html,'<?xml')) {
require_once('library/HTML5/Parser.php');
$dom = @HTML5_Parser::parse($html);
if($dom) {
$items = $dom->getElementsByTagName('link');
foreach($items as $item) {
$x = $item->getAttribute('rel');
if($x == "lrdd") {
$pagelink = $item->getAttribute('href');
break;
}
}
}
}
if(isset($pagelink))
return(fetch_xrd_links($pagelink));
// next look in HTTP headers
$lines = explode("\n",$headers);
if(count($lines)) {
foreach($lines as $line) {
// TODO alter the following regex to support multiple relations (space separated)
if((stristr($line,'link:')) && preg_match('/<([^>].*)>.*rel\=[\'\"]lrdd[\'\"]/',$line,$matches)) {
$pagelink = $matches[1];
break;
}
// don't try and run feeds through the html5 parser
if(stristr($line,'content-type:') && ((stristr($line,'application/atom+xml')) || (stristr($line,'application/rss+xml'))))
return array();
if(stristr($html,'<rss') || stristr($html,'<feed'))
return array();
}
}
if(isset($pagelink))
return(fetch_xrd_links($pagelink));
// If we haven't found any links, return the host xrd links (which we have already fetched)
if(isset($links))
return $links;
return array();
}}
// Given a host name, locate the LRDD template from that
// host. Returns the LRDD template or an empty string on
// error/failure.
if(! function_exists('fetch_lrdd_template')) {
function fetch_lrdd_template($host) {
$tpl = '';
$url1 = 'https://' . $host . '/.well-known/host-meta' ;
$url2 = 'http://' . $host . '/.well-known/host-meta' ;
$links = fetch_xrd_links($url1);
logger('fetch_lrdd_template from: ' . $url1);
logger('template (https): ' . print_r($links,true));
if(! count($links)) {
logger('fetch_lrdd_template from: ' . $url2);
$links = fetch_xrd_links($url2);
logger('template (http): ' . print_r($links,true));
}
if(count($links)) {
foreach($links as $link)
if($link['@attributes']['rel'] && $link['@attributes']['rel'] === 'lrdd')
$tpl = $link['@attributes']['template'];
}
if(! strpos($tpl,'{uri}'))
$tpl = '';
return $tpl;
}}
// Given a URL, retrieve the page as an XRD document.
// Return an array of links.
// on error/failure return empty array.
if(! function_exists('fetch_xrd_links')) {
function fetch_xrd_links($url) {
$xrd_timeout = intval(get_config('system','xrd_timeout'));
$redirects = 0;
$xml = fetch_url($url,false,$redirects,(($xrd_timeout) ? $xrd_timeout : 30));
logger('fetch_xrd_links: ' . $xml, LOGGER_DATA);
if ((! $xml) || (! stristr($xml,'<xrd')))
return array();
$h = parse_xml_string($xml);
if(! $h)
return array();
$arr = convert_xml_element_to_array($h);
$links = array();
if(isset($arr['xrd']['link'])) {
$link = $arr['xrd']['link'];
if(! isset($link[0]))
$links = array($link);
else
$links = $link;
}
if(isset($arr['xrd']['alias'])) {
$alias = $arr['xrd']['alias'];
if(! isset($alias[0]))
$aliases = array($alias);
else
$aliases = $alias;
if(count($aliases)) {
foreach($aliases as $alias) {
$links[]['@attributes'] = array('rel' => 'alias' , 'href' => $alias);
}
}
}
logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA);
return $links;
}}
// Take a URL from the wild, prepend http:// if necessary
// and check DNS to see if it's real
// return true if it's OK, false if something is wrong with it
if(! function_exists('validate_url')) {
function validate_url(&$url) {
if(substr($url,0,4) != 'http')
$url = 'http://' . $url;
$h = @parse_url($url);
if(($h) && (dns_get_record($h['host'], DNS_A + DNS_CNAME + DNS_PTR))) {
return true;
}
return false;
}}
// checks that email is an actual resolvable internet address
if(! function_exists('validate_email')) {
function validate_email($addr) {
if(! strpos($addr,'@'))
return false;
$h = substr($addr,strpos($addr,'@') + 1);
if(($h) && (dns_get_record($h, DNS_A + DNS_CNAME + DNS_PTR + DNS_MX))) {
return true;
}
return false;
}}
// Check $url against our list of allowed sites,
// wildcards allowed. If allowed_sites is unset return true;
// If url is allowed, return true.
// otherwise, return false
if(! function_exists('allowed_url')) {
function allowed_url($url) {
$h = @parse_url($url);
if(! $h) {
return false;
}
$str_allowed = get_config('system','allowed_sites');
if(! $str_allowed)
return true;
$found = false;
$host = strtolower($h['host']);
// always allow our own site
if($host == strtolower($_SERVER['SERVER_NAME']))
return true;
$fnmatch = function_exists('fnmatch');
$allowed = explode(',',$str_allowed);
if(count($allowed)) {
foreach($allowed as $a) {
$pat = strtolower(trim($a));
if(($fnmatch && fnmatch($pat,$host)) || ($pat == $host)) {
$found = true;
break;
}
}
}
return $found;
}}
// check if email address is allowed to register here.
// Compare against our list (wildcards allowed).
// Returns false if not allowed, true if allowed or if
// allowed list is not configured.
if(! function_exists('allowed_email')) {
function allowed_email($email) {
$domain = strtolower(substr($email,strpos($email,'@') + 1));
if(! $domain)
return false;
$str_allowed = get_config('system','allowed_email');
if(! $str_allowed)
return true;
$found = false;
$fnmatch = function_exists('fnmatch');
$allowed = explode(',',$str_allowed);
if(count($allowed)) {
foreach($allowed as $a) {
$pat = strtolower(trim($a));
if(($fnmatch && fnmatch($pat,$domain)) || ($pat == $domain)) {
$found = true;
break;
}
}
}
return $found;
}}
if(! function_exists('gravatar_img')) {
function gravatar_img($email) {
$size = 175;
$opt = 'identicon'; // psuedo-random geometric pattern if not found
$rating = 'pg';
$hash = md5(trim(strtolower($email)));
$url = 'http://www.gravatar.com/avatar/' . $hash . '.jpg'
. '?s=' . $size . '&d=' . $opt . '&r=' . $rating;
logger('gravatar: ' . $email . ' ' . $url);
return $url;
}}
if(! function_exists('parse_xml_string')) {
function parse_xml_string($s,$strict = true) {
if($strict) {
if(! strstr($s,'<?xml'))
return false;
$s2 = substr($s,strpos($s,'<?xml'));
}
else
$s2 = $s;
libxml_use_internal_errors(true);
$x = @simplexml_load_string($s2);
if(! $x) {
logger('libxml: parse: error: ' . $s2, LOGGER_DATA);
foreach(libxml_get_errors() as $err)
logger('libxml: parse: ' . $err->code." at ".$err->line.":".$err->column." : ".$err->message, LOGGER_DATA);
libxml_clear_errors();
}
return $x;
}}

69
include/notifier.php
View File

@@ -50,8 +50,10 @@ function notifier_run($argv, $argc){
$recipients = array();
$url_recipients = array();
if($cmd === 'mail') {
$normal_mode = true;
if($cmd === 'mail') {
$normal_mode = false;
$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
@@ -64,6 +66,7 @@ function notifier_run($argv, $argc){
}
elseif($cmd === 'expire') {
$normal_mode = false;
$expire = true;
$items = q("SELECT * FROM `item` WHERE `uid` = %d AND `wall` = 1
AND `deleted` = 1 AND `changed` > UTC_TIMESTAMP - INTERVAL 10 MINUTE",
@@ -75,6 +78,7 @@ function notifier_run($argv, $argc){
return;
}
elseif($cmd === 'suggest') {
$normal_mode = false;
$suggest = q("SELECT * FROM `fsuggest` WHERE `id` = %d LIMIT 1",
intval($item_id)
);
@@ -95,7 +99,7 @@ function notifier_run($argv, $argc){
return;
}
$parent_item = $r[0];
$target_item = $r[0];
$parent_id = intval($r[0]['parent']);
$uid = $r[0]['uid'];
$updated = $r[0]['edited'];
@@ -119,7 +123,8 @@ function notifier_run($argv, $argc){
$top_level = true;
}
$r = q("SELECT `contact`.*, `user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`,
$r = q("SELECT `contact`.*, `user`.`pubkey` AS `upubkey`, `user`.`prvkey` AS `uprvkey`,
`user`.`timezone`, `user`.`nickname`, `user`.`sprvkey`, `user`.`spubkey`,
`user`.`page-flags`, `user`.`prvnets`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
@@ -145,7 +150,7 @@ function notifier_run($argv, $argc){
$parent = $items[0];
if($parent['type'] === 'remote' && (! $expire)) {
if($parent['wall'] == 0 && (! $expire)) {
// local followup to remote post
$followup = true;
$notify_hub = false; // not public
@@ -289,6 +294,11 @@ function notifier_run($argv, $argc){
if(! $item['parent'])
continue;
// private emails may be in included in public conversations. Filter them.
if(($notify_hub) && $item['private'])
continue;
$contact = get_item_contact($item,$contacts);
if(! $contact)
continue;
@@ -311,9 +321,9 @@ function notifier_run($argv, $argc){
$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
if(! $mail_disabled) {
if((! strlen($parent_item['allow_cid'])) && (! strlen($parent_item['allow_gid']))
&& (! strlen($parent_item['deny_cid'])) && (! strlen($parent_item['deny_gid']))
&& (intval($parent_item['pubmail']))) {
if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid']))
&& (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid']))
&& (intval($target_item['pubmail']))) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
intval($uid),
dbesc(NETWORK_MAIL)
@@ -346,7 +356,7 @@ function notifier_run($argv, $argc){
$deliver_status = 0;
switch($contact['network']) {
case 'dfrn':
case NETWORK_DFRN:
logger('notifier: dfrndelivery: ' . $contact['name']);
$deliver_status = dfrn_deliver($owner,$contact,$atom);
@@ -364,7 +374,7 @@ function notifier_run($argv, $argc){
);
}
break;
case 'stat':
case NETWORK_OSTATUS:
// Do not send to otatus if we are not configured to send to public networks
if($owner['prvnets'])
@@ -414,7 +424,7 @@ function notifier_run($argv, $argc){
}
break;
case 'mail':
case NETWORK_MAIL:
if(get_config('system','dfrn_only'))
break;
@@ -491,9 +501,34 @@ function notifier_run($argv, $argc){
mail($addr, $subject, $message, $headers);
}
break;
case 'feed':
case 'face':
case 'dspr':
case NETWORK_DIASPORA:
if(get_config('system','dfrn_only') || (! get_config('diaspora_enabled')) || (! $normal_mode))
break;
if($target_item['deleted']) {
// diaspora delete, (check for like)
break;
}
elseif($followup) {
// send to owner to relay
break;
}
elseif($target_item['parent'] != $target_item['id']) {
// we are the relay
break;
}
elseif($top_level) {
diaspora_send_status($target_item,$owner,$contact);
break;
}
break;
case NETWORK_FEED:
case NETWORK_FACEBOOK:
if(get_config('system','dfrn_only'))
break;
default:
@@ -504,7 +539,7 @@ function notifier_run($argv, $argc){
// send additional slaps to mentioned remote tags (@foo@example.com)
if($slap && count($url_recipients) && $followup && $notify_hub && (! $expire)) {
if($slap && count($url_recipients) && ($followup || $top_level) && $notify_hub && (! $expire)) {
if(! get_config('system','dfrn_only')) {
foreach($url_recipients as $url) {
if($url) {
@@ -542,7 +577,7 @@ function notifier_run($argv, $argc){
*
*/
$max_allowed = ((get_config('system','maxpubdeliver') === false) ? 150 : intval(get_config('system','maxpubdeliver')));
$max_allowed = ((get_config('system','maxpubdeliver') === false) ? 999 : intval(get_config('system','maxpubdeliver')));
/**
*
@@ -552,10 +587,10 @@ function notifier_run($argv, $argc){
*/
$r = q("SELECT `id`, `name` FROM `contact`
WHERE `network` = 'dfrn' AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
WHERE `network` = NETWORK_DFRN AND `uid` = %d AND `blocked` = 0 AND `pending` = 0
AND `rel` != %d ",
intval($owner['uid']),
intval(REL_FAN)
intval(CONTACT_IS_SHARING)
);
if((count($r)) && (($max_allowed == 0) || (count($r) < $max_allowed))) {

6
include/oembed.php
View File

@@ -7,6 +7,7 @@ function oembed_replacecb($matches){
function oembed_fetch_url($embedurl){
$r = q("SELECT v FROM `cache` WHERE k='%s'",
dbesc($embedurl));
@@ -16,7 +17,10 @@ function oembed_fetch_url($embedurl){
$txt = "";
// try oembed autodiscovery
$html_text = fetch_url($embedurl);
$redirects = 0;
$html_text = fetch_url($embedurl, false, $redirects, 15);
if(! $html_text)
return;
$dom = @DOMDocument::loadHTML($html_text);
if ($dom){
$xpath = new DOMXPath($dom);

199
include/plugin.php Normal file
View File

@@ -0,0 +1,199 @@
<?php
// install and uninstall plugin
if (! function_exists('uninstall_plugin')){
function uninstall_plugin($plugin){
logger("Addons: uninstalling " . $plugin);
q("DELETE FROM `addon` WHERE `name` = '%s' LIMIT 1",
dbesc($plugin)
);
@include_once('addon/' . $plugin . '/' . $plugin . '.php');
if(function_exists($plugin . '_uninstall')) {
$func = $plugin . '_uninstall';
$func();
}
}}
if (! function_exists('install_plugin')){
function install_plugin($plugin){
logger("Addons: installing " . $plugin);
$t = filemtime('addon/' . $plugin . '/' . $plugin . '.php');
@include_once('addon/' . $plugin . '/' . $plugin . '.php');
if(function_exists($plugin . '_install')) {
$func = $plugin . '_install';
$func();
$plugin_admin = (function_exists($plugin."_plugin_admin")?1:0);
$r = q("INSERT INTO `addon` (`name`, `installed`, `timestamp`, `plugin_admin`) VALUES ( '%s', 1, %d , %d ) ",
dbesc($plugin),
intval($t),
$plugin_admin
);
}
}}
// reload all updated plugins
if(! function_exists('reload_plugins')) {
function reload_plugins() {
$plugins = get_config('system','addon');
if(strlen($plugins)) {
$r = q("SELECT * FROM `addon` WHERE `installed` = 1");
if(count($r))
$installed = $r;
else
$installed = array();
$parr = explode(',',$plugins);
if(count($parr)) {
foreach($parr as $pl) {
$pl = trim($pl);
$t = filemtime('addon/' . $pl . '/' . $pl . '.php');
foreach($installed as $i) {
if(($i['name'] == $pl) && ($i['timestamp'] != $t)) {
logger('Reloading plugin: ' . $i['name']);
@include_once('addon/' . $pl . '/' . $pl . '.php');
if(function_exists($pl . '_uninstall')) {
$func = $pl . '_uninstall';
$func();
}
if(function_exists($pl . '_install')) {
$func = $pl . '_install';
$func();
}
q("UPDATE `addon` SET `timestamp` = %d WHERE `id` = %d LIMIT 1",
intval($t),
intval($i['id'])
);
}
}
}
}
}
}}
if(! function_exists('register_hook')) {
function register_hook($hook,$file,$function) {
$r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1",
dbesc($hook),
dbesc($file),
dbesc($function)
);
if(count($r))
return true;
$r = q("INSERT INTO `hook` (`hook`, `file`, `function`) VALUES ( '%s', '%s', '%s' ) ",
dbesc($hook),
dbesc($file),
dbesc($function)
);
return $r;
}}
if(! function_exists('unregister_hook')) {
function unregister_hook($hook,$file,$function) {
$r = q("DELETE FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `function` = '%s' LIMIT 1",
dbesc($hook),
dbesc($file),
dbesc($function)
);
return $r;
}}
if(! function_exists('load_hooks')) {
function load_hooks() {
$a = get_app();
$a->hooks = array();
$r = q("SELECT * FROM `hook` WHERE 1");
if(count($r)) {
foreach($r as $rr) {
$a->hooks[] = array($rr['hook'], $rr['file'], $rr['function']);
}
}
}}
if(! function_exists('call_hooks')) {
function call_hooks($name, &$data = null) {
$a = get_app();
if(count($a->hooks)) {
foreach($a->hooks as $hook) {
if($hook[HOOK_HOOK] === $name) {
@include_once($hook[HOOK_FILE]);
if(function_exists($hook[HOOK_FUNCTION])) {
$func = $hook[HOOK_FUNCTION];
$func($a,$data);
}
}
}
}
}}
/*
* parse plugin comment in search of plugin infos.
* like
*
* * Name: Plugin
* * Description: A plugin which plugs in
* * Version: 1.2.3
* * Author: John <profile url>
* * Author: Jane <email>
* *
*/
if (! function_exists('get_plugin_info')){
function get_plugin_info($plugin){
if (!is_file("addon/$plugin/$plugin.php")) return false;
$f = file_get_contents("addon/$plugin/$plugin.php");
$r = preg_match("|/\*.*\*/|msU", $f, $m);
$info=Array(
'name' => $plugin,
'description' => "",
'author' => array(),
'version' => ""
);
if ($r){
$ll = explode("\n", $m[0]);
foreach( $ll as $l ) {
$l = trim($l,"\t\n\r */");
if ($l!=""){
list($k,$v) = array_map("trim", explode(":",$l,2));
$k= strtolower($k);
if ($k=="author"){
$r=preg_match("|([^<]+)<([^>]+)>|", $v, $m);
if ($r) {
$info['author'][] = array('name'=>$m[1], 'link'=>$m[2]);
} else {
$info['author'][] = array('name'=>$v);
}
} else {
if (array_key_exists($k,$info)){
$info[$k]=$v;
}
}
}
}
}
return $info;
}}

22
include/poller.php
View File

@@ -80,15 +80,14 @@ function poller_run($argv, $argc){
$d = datetime_convert();
if(! $restart)
call_hooks('cron', $d);
proc_run('php','include/cronhooks.php');
$contacts = q("SELECT `id` FROM `contact`
WHERE ( `rel` = %d OR `rel` = %d ) AND `poll` != ''
$sql_extra
AND `self` = 0 AND `blocked` = 0 AND `readonly` = 0 ORDER BY RAND()",
intval(REL_FAN),
intval(REL_BUD)
intval(CONTACT_IS_SHARING),
intval(CONTACT_IS_FRIEND)
);
if(! count($contacts)) {
@@ -101,7 +100,7 @@ function poller_run($argv, $argc){
intval($c['id'])
);
if(! count($res))
if((! $res) || (! count($res)))
continue;
foreach($res as $contact) {
@@ -312,7 +311,7 @@ function poller_run($argv, $argc){
// Will only do this once per notify-enabled OStatus contact
// or if relationship changes
$stat_writeable = ((($contact['notify']) && ($contact['rel'] == REL_VIP || $contact['rel'] == REL_BUD)) ? 1 : 0);
$stat_writeable = ((($contact['notify']) && ($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['rel'] == CONTACT_IS_FRIEND)) ? 1 : 0);
if($stat_writeable != $contact['writable']) {
q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d LIMIT 1",
@@ -323,7 +322,7 @@ function poller_run($argv, $argc){
// Are we allowed to import from this person?
if($contact['rel'] == REL_VIP || $contact['blocked'] || $contact['readonly'])
if($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['blocked'] || $contact['readonly'])
continue;
$xml = fetch_url($contact['poll']);
@@ -421,6 +420,10 @@ function poller_run($argv, $argc){
$datarray['contact-id'] = $contact['id'];
if($datarray['parent-uri'] === $datarray['uri'])
$datarray['private'] = 1;
if(! get_pconfig($importer_uid,'system','allow_public_email_replies')) {
$datarray['private'] = 1;
$datarray['allow_cid'] = '<' . $contact['id'] . '>';
}
$datarray['author-name'] = $contact['name'];
$datarray['author-link'] = 'mailbox';
$datarray['author-avatar'] = $contact['photo'];
@@ -440,7 +443,8 @@ function poller_run($argv, $argc){
}
}
elseif($contact['network'] === NETWORK_FACEBOOK) {
// TODO: work in progress
// This is picked up by the Facebook plugin on a cron hook.
// Ignored here.
}
if($xml) {
@@ -463,7 +467,7 @@ function poller_run($argv, $argc){
consume_feed($xml,$importer,$contact,$hub,1);
if((strlen($hub)) && ($hub_update) && (($contact['rel'] == REL_BUD) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) {
if((strlen($hub)) && ($hub_update) && (($contact['rel'] == CONTACT_IS_FRIEND) || (($contact['network'] === NETWORK_OSTATUS) && (! $contact['readonly'])))) {
logger('poller: subscribing to hub(s) : ' . $hub . ' contact name : ' . $contact['name'] . ' local user : ' . $importer['name']);
$hubs = explode(',', $hub);
if(count($hubs)) {

95
include/salmon.php
View File

@@ -1,53 +1,8 @@
<?php
require_once('library/asn1.php');
function salmon_key($pubkey) {
$lines = explode("\n",$pubkey);
unset($lines[0]);
unset($lines[count($lines)]);
$x = base64_decode(implode('',$lines));
$r = ASN_BASE::parseASNString($x);
$m = $r[0]->asnData[1]->asnData[0]->asnData[0]->asnData;
$e = $r[0]->asnData[1]->asnData[0]->asnData[1]->asnData;
require_once('include/crypto.php');
return 'RSA' . '.' . $m . '.' . $e ;
}
function base64url_encode($s, $strip_padding = false) {
$s = strtr(base64_encode($s),'+/','-_');
if($strip_padding)
$s = str_replace('=','',$s);
return $s;
}
function base64url_decode($s) {
/*
* // Placeholder for new rev of salmon which strips base64 padding.
* // PHP base64_decode handles the un-padded input without requiring this step
* // Uncomment if you find you need it.
*
* $l = strlen($s);
* if(! strpos($s,'=')) {
* $m = $l % 4;
* if($m == 2)
* $s .= '==';
* if($m == 3)
* $s .= '=';
* }
*
*/
return base64_decode(strtr($s,'-_','+/'));
}
function get_salmon_key($uri,$keyhash) {
$ret = array();
@@ -141,28 +96,20 @@ EOT;
$data_type = 'application/atom+xml';
$encoding = 'base64url';
$algorithm = 'RSA-SHA256';
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])));
// Setup RSA stuff to PKCS#1 sign the data
set_include_path(get_include_path() . PATH_SEPARATOR . 'library/phpsec');
require_once('library/phpsec/Crypt/RSA.php');
$rsa = new CRYPT_RSA();
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
$rsa->setHash('sha256');
$rsa->loadKey($owner['sprvkey']);
$keyhash = base64url_encode(hash('sha256',salmon_key($owner['spubkey'])),true);
// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
$precomputed = '.YXBwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
$signature = base64url_encode($rsa->sign($data . $precomputed));
$signature = base64url_encode(rsa_sign(str_replace('=','',$data . $precomputed),true),$owner['sprvkey']);
$signature2 = base64url_encode($rsa->sign($data));
$signature2 = base64url_encode(rsa_sign($data . $precomputed),$owner['sprvkey']);
$signature3 = base64url_encode(rsa_sign($data),$owner['sprvkey']);
$salmon_tpl = get_markup_template('magicsig.tpl');
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
'$encoding' => $encoding,
@@ -184,11 +131,11 @@ EOT;
if($return_code > 299) {
logger('slapper: compliant salmon failed. Falling back to status.net hack');
logger('slapper: compliant salmon failed. Falling back to status.net hack2');
// Entirely likely that their salmon implementation is
// non-compliant. Let's try once more, this time only signing
// the data, without the precomputed blob
// the data, without stripping '=' chars
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
@@ -205,6 +152,30 @@ EOT;
));
$return_code = $a->get_curl_code();
if($return_code > 299) {
logger('slapper: compliant salmon failed. Falling back to status.net hack3');
// Entirely likely that their salmon implementation is
// non-compliant. Let's try once more, this time only signing
// the data, without the precomputed blob
$salmon = replace_macros($salmon_tpl,array(
'$data' => $data,
'$encoding' => $encoding,
'$algorithm' => $algorithm,
'$keyhash' => $keyhash,
'$signature' => $signature3
));
// slap them
post_url($url,$salmon, array(
'Content-type: application/magic-envelope+xml',
'Content-length: ' . strlen($salmon)
));
$return_code = $a->get_curl_code();
}
}
logger('slapper returned ' . $return_code);
if(! $return_code)

4
include/security.php
View File

@@ -28,8 +28,8 @@ function can_write_wall(&$a,$owner) {
AND `user`.`blockwall` = 0 AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page-flags` = %d ) LIMIT 1",
intval($owner),
intval(remote_user()),
intval(REL_VIP),
intval(REL_BUD),
intval(CONTACT_IS_FOLLOWER),
intval(CONTACT_IS_FRIEND),
intval(PAGE_COMMUNITY)
);
if(count($r)) {

954
include/text.php Normal file
View File

@@ -0,0 +1,954 @@
<?php
// This is our template processor.
// $s is the string requiring macro substitution.
// $r is an array of key value pairs (search => replace)
// returns substituted string.
// WARNING: this is pretty basic, and doesn't properly handle search strings that are substrings of each other.
// For instance if 'test' => "foo" and 'testing' => "bar", testing could become either bar or fooing,
// depending on the order in which they were declared in the array.
require_once("include/template_processor.php");
if(! function_exists('replace_macros')) {
function replace_macros($s,$r) {
global $t;
return $t->replace($s,$r);
}}
// random string, there are 86 characters max in text mode, 128 for hex
// output is urlsafe
define('RANDOM_STRING_HEX', 0x00 );
define('RANDOM_STRING_TEXT', 0x01 );
if(! function_exists('random_string')) {
function random_string($size = 64,$type = RANDOM_STRING_HEX) {
// generate a bit of entropy and run it through the whirlpool
$s = hash('whirlpool', (string) rand() . uniqid(rand(),true) . (string) rand(),(($type == RANDOM_STRING_TEXT) ? true : false));
$s = (($type == RANDOM_STRING_TEXT) ? str_replace("\n","",base64url_encode($s,true)) : $s);
return(substr($s,0,$size));
}}
/**
* This is our primary input filter.
*
* The high bit hack only involved some old IE browser, forget which (IE5/Mac?)
* that had an XSS attack vector due to stripping the high-bit on an 8-bit character
* after cleansing, and angle chars with the high bit set could get through as markup.
*
* This is now disabled because it was interfering with some legitimate unicode sequences
* and hopefully there aren't a lot of those browsers left.
*
* Use this on any text input where angle chars are not valid or permitted
* They will be replaced with safer brackets. This may be filtered further
* if these are not allowed either.
*
*/
if(! function_exists('notags')) {
function notags($string) {
return(str_replace(array("<",">"), array('[',']'), $string));
// High-bit filter no longer used
// return(str_replace(array("<",">","\xBA","\xBC","\xBE"), array('[',']','','',''), $string));
}}
// use this on "body" or "content" input where angle chars shouldn't be removed,
// and allow them to be safely displayed.
if(! function_exists('escape_tags')) {
function escape_tags($string) {
return(htmlspecialchars($string));
}}
// generate a string that's random, but usually pronounceable.
// used to generate initial passwords
if(! function_exists('autoname')) {
function autoname($len) {
$vowels = array('a','a','ai','au','e','e','e','ee','ea','i','ie','o','ou','u');
if(mt_rand(0,5) == 4)
$vowels[] = 'y';
$cons = array(
'b','bl','br',
'c','ch','cl','cr',
'd','dr',
'f','fl','fr',
'g','gh','gl','gr',
'h',
'j',
'k','kh','kl','kr',
'l',
'm',
'n',
'p','ph','pl','pr',
'qu',
'r','rh',
's','sc','sh','sm','sp','st',
't','th','tr',
'v',
'w','wh',
'x',
'z','zh'
);
$midcons = array('ck','ct','gn','ld','lf','lm','lt','mb','mm', 'mn','mp',
'nd','ng','nk','nt','rn','rp','rt');
$noend = array('bl', 'br', 'cl','cr','dr','fl','fr','gl','gr',
'kh', 'kl','kr','mn','pl','pr','rh','tr','qu','wh');
$start = mt_rand(0,2);
if($start == 0)
$table = $vowels;
else
$table = $cons;
$word = '';
for ($x = 0; $x < $len; $x ++) {
$r = mt_rand(0,count($table) - 1);
$word .= $table[$r];
if($table == $vowels)
$table = array_merge($cons,$midcons);
else
$table = $vowels;
}
$word = substr($word,0,$len);
foreach($noend as $noe) {
if((strlen($word) > 2) && (substr($word,-2) == $noe)) {
$word = substr($word,0,-1);
break;
}
}
if(substr($word,-1) == 'q')
$word = substr($word,0,-1);
return $word;
}}
// escape text ($str) for XML transport
// returns escaped text.
if(! function_exists('xmlify')) {
function xmlify($str) {
$buffer = '';
for($x = 0; $x < strlen($str); $x ++) {
$char = $str[$x];
switch( $char ) {
case "\r" :
break;
case "&" :
$buffer .= '&amp;';
break;
case "'" :
$buffer .= '&apos;';
break;
case "\"" :
$buffer .= '&quot;';
break;
case '<' :
$buffer .= '&lt;';
break;
case '>' :
$buffer .= '&gt;';
break;
case "\n" :
$buffer .= "\n";
break;
default :
$buffer .= $char;
break;
}
}
$buffer = trim($buffer);
return($buffer);
}}
// undo an xmlify
// pass xml escaped text ($s), returns unescaped text
if(! function_exists('unxmlify')) {
function unxmlify($s) {
$ret = str_replace('&amp;','&', $s);
$ret = str_replace(array('&lt;','&gt;','&quot;','&apos;'),array('<','>','"',"'"),$ret);
return $ret;
}}
// convenience wrapper, reverse the operation "bin2hex"
if(! function_exists('hex2bin')) {
function hex2bin($s) {
if(! ctype_xdigit($s)) {
logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
return($s);
}
return(pack("H*",$s));
}}
// Automatic pagination.
// To use, get the count of total items.
// Then call $a->set_pager_total($number_items);
// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page
// Then call paginate($a) after the end of the display loop to insert the pager block on the page
// (assuming there are enough items to paginate).
// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage']
// will limit the results to the correct items for the current page.
// The actual page handling is then accomplished at the application layer.
if(! function_exists('paginate')) {
function paginate(&$a) {
$o = '';
$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
$stripped = str_replace('q=','',$stripped);
$stripped = trim($stripped,'/');
$pagenum = $a->pager['page'];
$url = $a->get_baseurl() . '/' . $stripped;
if($a->pager['total'] > $a->pager['itemspage']) {
$o .= '<div class="pager">';
if($a->pager['page'] != 1)
$o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.($a->pager['page'] - 1).'">' . t('prev') . '</a></span> ';
$o .= "<span class=\"pager_first\"><a href=\"$url"."&page=1\">" . t('first') . "</a></span> ";
$numpages = $a->pager['total'] / $a->pager['itemspage'];
$numstart = 1;
$numstop = $numpages;
if($numpages > 14) {
$numstart = (($pagenum > 7) ? ($pagenum - 7) : 1);
$numstop = (($pagenum > ($numpages - 7)) ? $numpages : ($numstart + 14));
}
for($i = $numstart; $i <= $numstop; $i++){
if($i == $a->pager['page'])
$o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
else
$o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
$o .= '</span> ';
}
if(($a->pager['total'] % $a->pager['itemspage']) != 0) {
if($i == $a->pager['page'])
$o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
else
$o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
$o .= '</span> ';
}
$lastpage = (($numpages > intval($numpages)) ? intval($numpages)+1 : $numpages);
$o .= "<span class=\"pager_last\"><a href=\"$url"."&page=$lastpage\">" . t('last') . "</a></span> ";
if(($a->pager['total'] - ($a->pager['itemspage'] * $a->pager['page'])) > 0)
$o .= '<span class="pager_next">'."<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('next') . '</a></span>';
$o .= '</div>'."\r\n";
}
return $o;
}}
// Turn user/group ACLs stored as angle bracketed text into arrays
if(! function_exists('expand_acl')) {
function expand_acl($s) {
// turn string array of angle-bracketed elements into numeric array
// e.g. "<1><2><3>" => array(1,2,3);
$ret = array();
if(strlen($s)) {
$t = str_replace('<','',$s);
$a = explode('>',$t);
foreach($a as $aa) {
if(intval($aa))
$ret[] = intval($aa);
}
}
return $ret;
}}
// Used to wrap ACL elements in angle brackets for storage
if(! function_exists('sanitise_acl')) {
function sanitise_acl(&$item) {
if(intval($item))
$item = '<' . intval(notags(trim($item))) . '>';
else
unset($item);
}}
// Convert an ACL array to a storable string
if(! function_exists('perms2str')) {
function perms2str($p) {
$ret = '';
$tmp = $p;
if(is_array($tmp)) {
array_walk($tmp,'sanitise_acl');
$ret = implode('',$tmp);
}
return $ret;
}}
// generate a guaranteed unique (for this domain) item ID for ATOM
// safe from birthday paradox
if(! function_exists('item_new_uri')) {
function item_new_uri($hostname,$uid) {
do {
$dups = false;
$hash = random_string();
$uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
return $uri;
}}
// Generate a guaranteed unique photo ID.
// safe from birthday paradox
if(! function_exists('photo_new_resource')) {
function photo_new_resource() {
do {
$found = false;
$resource = hash('md5',uniqid(mt_rand(),true));
$r = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1",
dbesc($resource)
);
if(count($r))
$found = true;
} while($found == true);
return $resource;
}}
// wrapper to load a view template, checking for alternate
// languages before falling back to the default
// obsolete, deprecated.
if(! function_exists('load_view_file')) {
function load_view_file($s) {
global $lang, $a;
if(! isset($lang))
$lang = 'en';
$b = basename($s);
$d = dirname($s);
if(file_exists("$d/$lang/$b"))
return file_get_contents("$d/$lang/$b");
$theme = current_theme();
if(file_exists("$d/theme/$theme/$b"))
return file_get_contents("$d/theme/$theme/$b");
return file_get_contents($s);
}}
if(! function_exists('get_intltext_template')) {
function get_intltext_template($s) {
global $lang;
if(! isset($lang))
$lang = 'en';
if(file_exists("view/$lang/$s"))
return file_get_contents("view/$lang/$s");
elseif(file_exists("view/en/$s"))
return file_get_contents("view/en/$s");
else
return file_get_contents("view/$s");
}}
if(! function_exists('get_markup_template')) {
function get_markup_template($s) {
$theme = current_theme();
if(file_exists("view/theme/$theme/$s"))
return file_get_contents("view/theme/$theme/$s");
else
return file_get_contents("view/$s");
}}
// for html,xml parsing - let's say you've got
// an attribute foobar="class1 class2 class3"
// and you want to find out if it contains 'class3'.
// you can't use a normal sub string search because you
// might match 'notclass3' and a regex to do the job is
// possible but a bit complicated.
// pass the attribute string as $attr and the attribute you
// are looking for as $s - returns true if found, otherwise false
if(! function_exists('attribute_contains')) {
function attribute_contains($attr,$s) {
$a = explode(' ', $attr);
if(count($a) && in_array($s,$a))
return true;
return false;
}}
if(! function_exists('logger')) {
function logger($msg,$level = 0) {
$debugging = get_config('system','debugging');
$loglevel = intval(get_config('system','loglevel'));
$logfile = get_config('system','logfile');
if((! $debugging) || (! $logfile) || ($level > $loglevel))
return;
@file_put_contents($logfile, datetime_convert() . ':' . session_id() . ' ' . $msg . "\n", FILE_APPEND);
return;
}}
if(! function_exists('activity_match')) {
function activity_match($haystack,$needle) {
if(($haystack === $needle) || ((basename($needle) === $haystack) && strstr($needle,NAMESPACE_ACTIVITY_SCHEMA)))
return true;
return false;
}}
// Pull out all #hashtags and @person tags from $s;
// We also get @person@domain.com - which would make
// the regex quite complicated as tags can also
// end a sentence. So we'll run through our results
// and strip the period from any tags which end with one.
// Returns array of tags found, or empty array.
if(! function_exists('get_tags')) {
function get_tags($s) {
$ret = array();
// ignore anything in a code block
$s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
// Match full names against @tags including the space between first and last
// We will look these up afterward to see if they are full names or not recognisable.
if(preg_match_all('/(@[^ \x0D\x0A,:?]+ [^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
foreach($match[1] as $mtch) {
if(strstr($mtch,"]")) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
if(substr($mtch,-1,1) === '.')
$ret[] = substr($mtch,0,-1);
else
$ret[] = $mtch;
}
}
// Otherwise pull out single word tags. These can be @nickname, @first_last
// and #hash tags.
if(preg_match_all('/([@#][^ \x0D\x0A,:?]+)([ \x0D\x0A,:?]|$)/',$s,$match)) {
foreach($match[1] as $mtch) {
if(strstr($mtch,"]")) {
// we might be inside a bbcode color tag - leave it alone
continue;
}
// ignore strictly numeric tags like #1
if((strpos($mtch,'#') === 0) && ctype_digit(substr($mtch,1)))
continue;
if(substr($mtch,-1,1) === '.')
$ret[] = substr($mtch,0,-1);
else
$ret[] = $mtch;
}
}
return $ret;
}}
// quick and dirty quoted_printable encoding
if(! function_exists('qp')) {
function qp($s) {
return str_replace ("%","=",rawurlencode($s));
}}
if(! function_exists('get_mentions')) {
function get_mentions($item) {
$o = '';
if(! strlen($item['tag']))
return $o;
$arr = explode(',',$item['tag']);
foreach($arr as $x) {
$matches = null;
if(preg_match('/@\[url=([^\]]*)\]/',$x,$matches)) {
$o .= "\t\t" . '<link rel="mentioned" href="' . $matches[1] . '" />' . "\r\n";
$o .= "\t\t" . '<link rel="ostatus:attention" href="' . $matches[1] . '" />' . "\r\n";
}
}
return $o;
}}
if(! function_exists('contact_block')) {
function contact_block() {
$o = '';
$a = get_app();
$shown = get_pconfig($a->profile['uid'],'system','display_friend_count');
if(! $shown)
$shown = 24;
if((! is_array($a->profile)) || ($a->profile['hide-friends']))
return $o;
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0",
intval($a->profile['uid'])
);
if(count($r)) {
$total = intval($r[0]['total']);
}
if(! $total) {
$o .= '<h4 class="contact-h4">' . t('No contacts') . '</h4>';
return $o;
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `blocked` = 0 and `pending` = 0 ORDER BY RAND() LIMIT %d",
intval($a->profile['uid']),
intval($shown)
);
if(count($r)) {
$o .= '<h4 class="contact-h4">' . sprintf( tt('%d Contact','%d Contacts', $total),$total) . '</h4><div id="contact-block">';
foreach($r as $rr) {
$o .= micropro($rr,true,'mpfriend');
}
$o .= '</div><div id="contact-block-end"></div>';
$o .= '<div id="viewcontacts"><a id="viewcontacts-link" href="viewcontacts/' . $a->profile['nickname'] . '">' . t('View Contacts') . '</a></div>';
}
$arr = array('contacts' => $r, 'output' => $o);
call_hooks('contact_block_end', $arr);
return $o;
}}
if(! function_exists('micropro')) {
function micropro($contact, $redirect = false, $class = '', $textmode = false) {
if($class)
$class = ' ' . $class;
$url = $contact['url'];
$sparkle = '';
if($redirect) {
$a = get_app();
$redirect_url = $a->get_baseurl() . '/redir/' . $contact['id'];
if(local_user() && ($contact['uid'] == local_user()) && ($contact['network'] === 'dfrn')) {
$url = $redirect_url;
$sparkle = ' sparkle';
}
}
$click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : '');
if($click)
$url = '';
if($textmode) {
return '<div class="contact-block-textdiv' . $class . '"><a class="contact-block-link' . $class . $sparkle
. (($click) ? ' fakelink' : '') . '" '
. (($url) ? ' href="' . $url . '"' : '') . $click
. '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name']
. '" >'. $contact['name'] . '</a></div>' . "\r\n";
}
else {
return '<div class="contact-block-div' . $class . '"><a class="contact-block-link' . $class . $sparkle
. (($click) ? ' fakelink' : '') . '" '
. (($url) ? ' href="' . $url . '"' : '') . $click . ' ><img class="contact-block-img' . $class . $sparkle . '" src="'
. $contact['micro'] . '" title="' . $contact['name'] . ' [' . $contact['url'] . ']" alt="' . $contact['name']
. '" /></a></div>' . "\r\n";
}
}}
if(! function_exists('search')) {
function search($s,$id='search-box',$url='/search') {
$a = get_app();
$o = '<div id="' . $id . '">';
$o .= '<form action="' . $a->get_baseurl() . $url . '" method="get" >';
$o .= '<input type="text" name="search" id="search-text" value="' . $s .'" />';
$o .= '<input type="submit" name="submit" id="search-submit" value="' . t('Search') . '" />';
$o .= '</form></div>';
return $o;
}}
if(! function_exists('valid_email')) {
function valid_email($x){
if(preg_match('/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$/',$x))
return true;
return false;
}}
if(! function_exists('aes_decrypt')) {
function aes_decrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode = MCRYPT_MODE_ECB;
$enc = MCRYPT_RIJNDAEL_128;
$dec = @mcrypt_decrypt($enc, $key, $val, $mode, @mcrypt_create_iv( @mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM ) );
return rtrim($dec,(( ord(substr($dec,strlen($dec)-1,1))>=0 and ord(substr($dec, strlen($dec)-1,1))<=16)? chr(ord( substr($dec,strlen($dec)-1,1))):null));
}}
if(! function_exists('aes_encrypt')) {
function aes_encrypt($val,$ky)
{
$key="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for($a=0;$a<strlen($ky);$a++)
$key[$a%16]=chr(ord($key[$a%16]) ^ ord($ky[$a]));
$mode=MCRYPT_MODE_ECB;
$enc=MCRYPT_RIJNDAEL_128;
$val=str_pad($val, (16*(floor(strlen($val) / 16)+(strlen($val) % 16==0?2:1))), chr(16-(strlen($val) % 16)));
return mcrypt_encrypt($enc, $key, $val, $mode, mcrypt_create_iv( mcrypt_get_iv_size($enc, $mode), MCRYPT_DEV_URANDOM));
}}
/**
*
* Function: linkify
*
* Replace naked text hyperlink with HTML formatted hyperlink
*
*/
if(! function_exists('linkify')) {
function linkify($s) {
$s = preg_replace("/(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\.\=\_\~\#\'\%\$\!\+]*)/", ' <a href="$1" target="external-link">$1</a>', $s);
return($s);
}}
/**
*
* Function: smilies
*
* Description:
* Replaces text emoticons with graphical images
*
* @Parameter: string $s
*
* Returns string
*/
if(! function_exists('smilies')) {
function smilies($s) {
$a = get_app();
return str_replace(
array( '&lt;3', '&lt;/3', '&lt;\\3', ':-)', ':)', ';-)', ':-(', ':(', ':-P', ':P', ':-"', ':-x', ':-X', ':-D', '8-|', '8-O',
'~friendika', 'Diaspora*' ),
array(
'<img src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="<3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="</3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="<\\3" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":)" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":(" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":P" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />',
'<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
'<a href="http://joindiaspora.com">Diaspora<img src="' . $a->get_baseurl() . '/images/diaspora.png" alt="Diaspora*" /></a>',
), $s);
}}
if(! function_exists('day_translate')) {
function day_translate($s) {
$ret = str_replace(array('Monday','Tuesday','Wednesday','Thursday','Friday','Saturday','Sunday'),
array( t('Monday'), t('Tuesday'), t('Wednesday'), t('Thursday'), t('Friday'), t('Saturday'), t('Sunday')),
$s);
$ret = str_replace(array('January','February','March','April','May','June','July','August','September','October','November','December'),
array( t('January'), t('February'), t('March'), t('April'), t('May'), t('June'), t('July'), t('August'), t('September'), t('October'), t('November'), t('December')),
$ret);
return $ret;
}}
if(! function_exists('normalise_link')) {
function normalise_link($url) {
$ret = str_replace(array('https:','//www.'), array('http:','//'), $url);
return(rtrim($ret,'/'));
}}
/**
*
* Compare two URLs to see if they are the same, but ignore
* slight but hopefully insignificant differences such as if one
* is https and the other isn't, or if one is www.something and
* the other isn't - and also ignore case differences.
*
* Return true if the URLs match, otherwise false.
*
*/
if(! function_exists('link_compare')) {
function link_compare($a,$b) {
if(strcasecmp(normalise_link($a),normalise_link($b)) === 0)
return true;
return false;
}}
// Given an item array, convert the body element from bbcode to html and add smilie icons.
// If attach is true, also add icons for item attachments
if(! function_exists('prepare_body')) {
function prepare_body($item,$attach = false) {
$s = prepare_text($item['body']);
if(! $attach)
return $s;
$arr = explode(',',$item['attach']);
if(count($arr)) {
$s .= '<div class="body-attach">';
foreach($arr as $r) {
$matches = false;
$icon = '';
$cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"\[\/attach\]|',$r,$matches);
if($cnt) {
$icontype = strtolower(substr($matches[3],0,strpos($matches[3],'/')));
switch($icontype) {
case 'video':
case 'audio':
case 'image':
case 'text':
$icon = '<div class="attachtype type-' . $icontype . '"></div>';
break;
default:
$icon = '<div class="attachtype type-unkn"></div>';
break;
}
$title = ((strlen(trim($matches[4]))) ? escape_tags(trim($matches[4])) : escape_tags($matches[1]));
$title .= ' ' . $matches[2] . ' ' . t('bytes');
$s .= '<a href="' . strip_tags($matches[1]) . '" title="' . $title . '" class="attachlink" target="external-link" >' . $icon . '</a>';
}
}
$s .= '<div class="clear"></div></div>';
}
return $s;
}}
// Given a text string, convert from bbcode to html and add smilie icons.
if(! function_exists('prepare_text')) {
function prepare_text($text) {
require_once('include/bbcode.php');
$s = smilies(bbcode($text));
return $s;
}}
/**
* return atom link elements for all of our hubs
*/
if(! function_exists('feed_hublinks')) {
function feed_hublinks() {
$hub = get_config('system','huburl');
$hubxml = '';
if(strlen($hub)) {
$hubs = explode(',', $hub);
if(count($hubs)) {
foreach($hubs as $h) {
$h = trim($h);
if(! strlen($h))
continue;
$hubxml .= '<link rel="hub" href="' . xmlify($h) . '" />' . "\n" ;
}
}
}
return $hubxml;
}}
/* return atom link elements for salmon endpoints */
if(! function_exists('feed_salmonlinks')) {
function feed_salmonlinks($nick) {
$a = get_app();
$salmon = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
// old style links that status.net still needed as of 12/2010
$salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
$salmon .= ' <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
return $salmon;
}}
if(! function_exists('get_plink')) {
function get_plink($item) {
$a = get_app();
$plink = (((x($item,'plink')) && (! $item['private'])) ? '<div class="wall-item-links-wrapper"><a href="'
. $item['plink'] . '" title="' . t('link to source') . '" target="external-link" class="icon remote-link"></a></div>' : '');
return $plink;
}}
if(! function_exists('unamp')) {
function unamp($s) {
return str_replace('&amp;', '&', $s);
}}
if(! function_exists('lang_selector')) {
function lang_selector() {
global $lang;
$o = '<div id="lang-select-icon" class="icon language" title="' . t('Select an alternate language') . '" onclick="openClose(\'language-selector\');" ></div>';
$o .= '<div id="language-selector" style="display: none;" >';
$o .= '<form action="" method="post" ><select name="system_language" onchange="this.form.submit();" >';
$langs = glob('view/*/strings.php');
if(is_array($langs) && count($langs)) {
if(! in_array('view/en/strings.php',$langs))
$langs[] = 'view/en/';
asort($langs);
foreach($langs as $l) {
$ll = substr($l,5);
$ll = substr($ll,0,strrpos($ll,'/'));
$selected = (($ll === $lang) ? ' selected="selected" ' : '');
$o .= '<option value="' . $ll . '"' . $selected . '>' . $ll . '</option>';
}
}
$o .= '</select></form></div>';
return $o;
}}
if(! function_exists('return_bytes')) {
function return_bytes ($size_str) {
switch (substr ($size_str, -1))
{
case 'M': case 'm': return (int)$size_str * 1048576;
case 'K': case 'k': return (int)$size_str * 1024;
case 'G': case 'g': return (int)$size_str * 1073741824;
default: return $size_str;
}
}}
function generate_user_guid() {
$found = true;
do {
$guid = random_string(16);
$x = q("SELECT `uid` FROM `user` WHERE `guid` = '%s' LIMIT 1",
dbesc($guid)
);
if(! count($x))
$found = false;
} while ($found == true );
return $guid;
}
function pkcs5_pad ($text, $blocksize)
{
$pad = $blocksize - (strlen($text) % $blocksize);
return $text . str_repeat(chr($pad), $pad);
}
function pkcs5_unpad($text)
{
$pad = ord($text{strlen($text)-1});
if ($pad > strlen($text)) return false;
if (strspn($text, chr($pad), strlen($text) - $pad) != $pad) return false;
return substr($text, 0, -1 * $pad);
}
function base64url_encode($s, $strip_padding = false) {
$s = strtr(base64_encode($s),'+/','-_');
if($strip_padding)
$s = str_replace('=','',$s);
return $s;
}
function base64url_decode($s) {
/*
* // Placeholder for new rev of salmon which strips base64 padding.
* // PHP base64_decode handles the un-padded input without requiring this step
* // Uncomment if you find you need it.
*
* $l = strlen($s);
* if(! strpos($s,'=')) {
* $m = $l % 4;
* if($m == 2)
* $s .= '==';
* if($m == 3)
* $s .= '=';
* }
*
*/
return base64_decode(strtr($s,'-_','+/'));
}
function cc_license() {
return '<div class="cc-license">' . t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.') . '</div>';
}