Merge https://github.com/redmatrix/redmatrix into pending_merge

2015-05-24 15:59:03 -07:00 · 2015-05-24 15:59:03 -07:00 · d9061fd09e
commit d9061fd09e
parent 52e38d7c24 1354616787
6 changed files with 324 additions and 276 deletions
--- a/include/comanche.php
+++ b/include/comanche.php
@ -170,17 +170,12 @@ function comanche_block($s, $class = '') {
 		if($r) {
 			$o .= (($var['wrap'] == 'none') ? '' : '<div class="' . $class . '">');
-			if($r[0]['title'] && trim($r[0]['title']) != '$content') {
+			if($r[0]['title'] && trim($r[0]['body']) != '$content') {
 				$o .= '<h3>' . $r[0]['title'] . '</h3>';
 			}
 			if($r[0]['title'] && trim($r[0]['title']) === '$content' && get_app()->data['webpage'][0]['title']) {
 				$o .= '<h3>' . get_app()->page['title'] . '</h3>';
 			}
 			if(trim($r[0]['body']) === '$content') {
-				$o .= prepare_text(get_app()->page['content'], get_app()->data['webpage'][0]['mimetype']);
+				$o .= get_app()->page['content'];
 			}
 			else {
 				$o .= prepare_text($r[0]['body'], $r[0]['mimetype']);
--- a/include/items.php
+++ b/include/items.php
@ -4389,8 +4389,6 @@ function zot_feed($uid,$observer_hash,$arr) {
 	$mindate = null;
 	$message_id = null;
 	require_once('include/security.php');
 	if(array_key_exists('mindate',$arr)) {
 		$mindate = datetime_convert('UTC','UTC',$arr['mindate']);
 	}
@ -4404,7 +4402,7 @@ function zot_feed($uid,$observer_hash,$arr) {
 	$mindate = dbesc($mindate);
-	logger('zot_feed: requested for uid ' . $uid . ' from observer ' . $observer_xchan, LOGGER_DEBUG);
+	logger('zot_feed: requested for uid ' . $uid . ' from observer ' . $observer_hash, LOGGER_DEBUG);
 	if($message_id)
 		logger('message_id: ' . $message_id,LOGGER_DEBUG);
--- a/include/oauth.php
+++ b/include/oauth.php
@ -75,12 +75,12 @@ class FKOAuthDataStore extends OAuthDataStore {
 			$k = $consumer;
 		}
-		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', %d)",
 				dbesc($key),
 				dbesc($sec),
 				dbesc($k),
 				'request',
-				intval(REQUEST_TOKEN_DURATION));
+				time()+intval(REQUEST_TOKEN_DURATION));
 		if (!$r) return null;
 		return new OAuthToken($key,$sec);
@ -104,12 +104,12 @@ class FKOAuthDataStore extends OAuthDataStore {
 		$key = $this->gen_token();
 		$sec = $this->gen_token();
-		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d, %d)",
+		$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)",
 				dbesc($key),
 				dbesc($sec),
 				dbesc($consumer->key),
 				'access',
-				intval(ACCESS_TOKEN_DURATION),
+				time()+intval(ACCESS_TOKEN_DURATION),
 				intval($uverifier));
 		if ($r)
--- a/index.php
+++ b/index.php
@ -1,47 +1,42 @@
-<?php /** @file */
+<?php
 /**
 * @file index.php
 *
- * Red Matrix
+ * @brief The main entry point to the application.
 *
 * Bootstrap the application, load configuration, load modules, load theme, etc.
 */
-/**
+/*
 *
 * bootstrap the application
 *
 */
 require_once('boot.php');
-
+// our global App object
 $a = new App;
-/**
+/*
 *
 * Load the configuration file which contains our DB credentials.
- * Ignore errors. If the file doesn't exist or is empty, we are running in installation mode.'
+ * Ignore errors. If the file doesn't exist or is empty, we are running in
- *
+ * installation mode.
 */
 $a->install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true);
-@include(".htconfig.php");
+@include('.htconfig.php');
 $a->timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
 date_default_timezone_set($a->timezone);
-/**
+/*
 *
 * Try to open the database;
 *
 */
-require_once("include/dba/dba_driver.php");
+require_once('include/dba/dba_driver.php');
 if(! $a->install) {
 	$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
-    	    unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
+	unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
 	/**
 	 * Load configs from db. Overwrite configs from .htconfig.php
@ -51,10 +46,10 @@ if(! $a->install) {
 	load_config('system');
 	load_config('feature');
-	require_once("include/session.php");
+	require_once('include/session.php');
 	load_hooks();
 	call_hooks('init_1');
-	
+
 	$a->language = get_best_language();
 	load_translation_table($a->language);
 	// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
@ -82,7 +77,7 @@ else {
 *
 * The order of these may be important so use caution if you think they're all
 * intertwingled with no logical order and decide to sort it out. Some of the
- * dependencies have changed, but at least at one time in the recent past - the 
+ * dependencies have changed, but at least at one time in the recent past - the
 * order was critical to everything working properly
 *
 */
@ -100,7 +95,7 @@ if(array_key_exists('system_language',$_POST)) {
 	else
 		unset($_SESSION['language']);
 }
-if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
+if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
 	$a->language = $_SESSION['language'];
 	load_translation_table($a->language);
 }
@ -113,20 +108,19 @@ if((x($_GET,'zid')) && (! $a->install)) {
 	}
 }
-if((x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login'))
+if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || ($a->module === 'login'))
-	require("include/auth.php");
+	require('include/auth.php');
-
+if(! x($_SESSION, 'sysmsg'))
 if(! x($_SESSION,'sysmsg'))
 	$_SESSION['sysmsg'] = array();
-if(! x($_SESSION,'sysmsg_info'))
+if(! x($_SESSION, 'sysmsg_info'))
 	$_SESSION['sysmsg_info'] = array();
 /*
- * check_config() is responsible for running update scripts. These automatically 
+ * check_config() is responsible for running update scripts. These automatically
 * update the DB schema whenever we push a new one out. It also checks to see if
- * any plugins have been added or removed and reacts accordingly. 
+ * any plugins have been added or removed and reacts accordingly.
 */
@ -154,23 +148,22 @@ $a->set_apps($arr['app_menu']);
 * and use it for handling our URL request.
 * The module file contains a few functions that we call in various circumstances
 * and in the following order:
- * 
+ *
 * "module"_init
 * "module"_post (only called if there are $_POST variables)
 * "module"_aside
 *       $theme_$module_aside (and $extends_$module_aside) are run first if either exist
 *       if either of these return false, module_aside is not called
- *           This allows a theme to over-ride the sidebar layout completely. 
+ *           This allows a theme to over-ride the sidebar layout completely.
 * "module"_content - the string return of this function contains our page body
 *
- * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do 
+ * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
 * so within the module init and/or post functions and then invoke killme() to terminate
 * further processing.
 */
 if(strlen($a->module)) {
 	/**
 	 *
 	 * We will always have a module name.
@ -184,7 +177,6 @@ if(strlen($a->module)) {
 			$a->module_loaded = true;
 	}
 	if((strpos($a->module,'admin') === 0) && (! is_site_admin())) {
 		$a->module_loaded = false;
 		notice( t('Permission denied.') . EOL);
@ -197,7 +189,6 @@ if(strlen($a->module)) {
 	 */
 	if(! $a->module_loaded) {
 		if(file_exists("mod/site/{$a->module}.php")) {
 			include_once("mod/site/{$a->module}.php");
 			$a->module_loaded = true;
@ -210,37 +201,36 @@ if(strlen($a->module)) {
 	/**
 	 *
 	 * The URL provided does not resolve to a valid module.
 	 *
-	 * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'. 
+	 * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
-	 * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic - 
+	 * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
 	 * we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
 	 * this will often succeed and eventually do the right thing.
 	 *
 	 * Otherwise we are going to emit a 404 not found.
 	 *
 	 */
 	if(! $a->module_loaded) {
 		// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
-		if((x($_SERVER,'QUERY_STRING')) && preg_match('/{[0-9]}/',$_SERVER['QUERY_STRING']) !== 0) {
+		if((x($_SERVER, 'QUERY_STRING')) && preg_match('/{[0-9]}/', $_SERVER['QUERY_STRING']) !== 0) {
 			killme();
 		}
-		if((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
+		if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
 			logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
 			goaway($a->get_baseurl() . $_SERVER['REQUEST_URI']);
 		}
 		logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
-		header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
+		header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
-		$tpl = get_markup_template("404.tpl");
+		$tpl = get_markup_template('404.tpl');
 		$a->page['content'] = replace_macros($tpl, array(
-			'$message' =>  t('Page not found.' )
+				'$message' => t('Page not found.')
 		));
-		// pretend this is a module so it will initialise the theme. 
+
 		// pretend this is a module so it will initialise the theme
 		$a->module = '404';
 		$a->module_loaded = true;
 	}
@ -249,11 +239,10 @@ if(strlen($a->module)) {
 /* initialise content region */
-if(! x($a->page,'content'))
+if(! x($a->page, 'content'))
 	$a->page['content'] = '';
 if(! ($a->module === 'setup')) {
 	/* set JS cookie */
 	if($_COOKIE['jsAvailable'] != 1) {
@ -263,9 +252,9 @@ if(! ($a->module === 'setup')) {
 			$_COOKIE['jsAvailable'] = 1;
 		}
 	}
 	call_hooks('page_content_top',$a->page['content']);
 }
 	call_hooks('page_content_top', $a->page['content']);
 }
@ -282,7 +271,7 @@ if($a->module_loaded) {
 	 * For this reason, please restrict the use of templates to those which
 	 * do not provide any presentation details - as themes will not be able
 	 * to over-ride them.
-	 */  
+	 */
 	if(function_exists($a->module . '_init')) {
 		call_hooks($a->module . '_mod_init', $placeholder);
@ -310,32 +299,31 @@ if($a->module_loaded) {
 	 * load current theme info
 	 */
-	$theme_info_file = "view/theme/".current_theme()."/php/theme.php";
+	$theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
 	if (file_exists($theme_info_file)){
 		require_once($theme_info_file);
 	}
-	if(function_exists(str_replace('-','_',current_theme()) . '_init')) {
+	if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
-		$func = str_replace('-','_',current_theme()) . '_init';
+		$func = str_replace('-', '_', current_theme()) . '_init';
 		$func($a);
 	}
-	elseif (x($a->theme_info,"extends") && file_exists("view/theme/".$a->theme_info["extends"]."/php/theme.php")) {
+	elseif (x($a->theme_info, 'extends') && file_exists('view/theme/' . $a->theme_info['extends'] . '/php/theme.php')) {
-		require_once("view/theme/".$a->theme_info["extends"]."/php/theme.php");
+		require_once('view/theme/' . $a->theme_info['extends'] . '/php/theme.php');
-		if(function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_init')) {
+		if(function_exists(str_replace('-', '_', $a->theme_info['extends']) . '_init')) {
-			$func = str_replace('-','_',$a->theme_info["extends"]) . '_init';
+			$func = str_replace('-', '_', $a->theme_info['extends']) . '_init';
 			$func($a);
 		}
 	}
 	if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
 		&& (function_exists($a->module . '_post'))
-		&& (! x($_POST,'auth-params'))) {
+		&& (! x($_POST, 'auth-params'))) {
 		call_hooks($a->module . '_mod_post', $_POST);
 		$func = $a->module . '_post';
 		$func($a);
 	}
 	if(! $a->error) {
 		// If a theme has defined an _aside() function, run that first
 		//
@ -353,9 +341,9 @@ if($a->module_loaded) {
 			$func = str_replace('-','_',current_theme()) . '_' . $a->module . '_aside';
 			$aside_default = $func($a);
 		}
-		elseif($aside_default && x($a->theme_info,"extends") 
+		elseif($aside_default && x($a->theme_info, "extends")
-			&& (function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside'))) {
+			&& (function_exists(str_replace('-', '_',$a->theme_info["extends"]) . '_' . $a->module . '_aside'))) {
-			$func = str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside';
+			$func = str_replace('-', '_', $a->theme_info["extends"]) . '_' . $a->module . '_aside';
 			$aside_default = $func($a);
 		}
 		if($aside_default && function_exists($a->module . '_aside')) {
@ -373,24 +361,25 @@ if($a->module_loaded) {
 		call_hooks($a->module . '_mod_aftercontent', $arr);
 		$a->page['content'] .= $arr['content'];
 	}
 }
 // If you're just visiting, let javascript take you home
-if(x($_SESSION,'visitor_home'))
+if(x($_SESSION, 'visitor_home')) {
 	$homebase = $_SESSION['visitor_home'];
-elseif(local_channel())
+} elseif(local_channel()) {
 	$homebase = $a->get_baseurl() . '/channel/' . $a->channel['channel_address'];
 }
-if(isset($homebase))
+if(isset($homebase)) {
-	$a->page['content'] .= '<script>var homebase="' . $homebase . '" ; </script>';
+	$a->page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
 }
 // now that we've been through the module content, see if the page reported
 // a permission problem and if so, a 403 response would seem to be in order.
-if(stristr( implode("",$_SESSION['sysmsg']), t('Permission denied'))) {
+if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
-	header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
+	header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
 }
--- a/mod/connedit.php
+++ b/mod/connedit.php
@ -345,12 +345,12 @@ function connedit_content(&$a) {
 		$o .= "<script>function connectDefaultShare() {
 		\$('.abook-edit-me').each(function() {
 			if(! $(this).is(':disabled'))
-				$(this).removeAttr('checked');
+				$(this).prop('checked', false);
 		});\n\n";
 		$perms = get_perms();
 		foreach($perms as $p => $v) {
 			if($my_perms & $v[1]) {
-				$o .= "\$('#me_id_perms_" . $p . "').attr('checked','checked'); \n";
+				$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
 			}
 		}
 		$o .= " }\n</script>\n";
--- a/mod/setup.php
+++ b/mod/setup.php
@ -1,40 +1,53 @@
 <?php
 /**
 * @file mod/setup.php
 *
 * Controller for the initial setup/installation.
 *
 * @todo This setup module could need some love and improvements.
 */
-$install_wizard_pass=1;
+$install_wizard_pass = 1;
 /**
 * @brief Initialisation for the setup module.
 *
 * @param[in,out] App &$a
 */
 function setup_init(&$a){
-	// Ensure that if somebody hasn't read the install documentation and doesn't have all 
+	// Ensure that if somebody hasn't read the install documentation and doesn't have all
-	// the required modules or has a totally borked shared hosting provider and they can't 
+	// the required modules or has a totally borked shared hosting provider and they can't
 	// figure out what the hell is going on - that we at least spit out an error message which
 	// we can inquire about when they write to tell us that our software doesn't work.
-	// The worst thing we can do at this point is throw a white screen of death and rely on 
+	// The worst thing we can do at this point is throw a white screen of death and rely on
-	// them knowing about servers and php modules and logfiles enough so that we can guess 
+	// them knowing about servers and php modules and logfiles enough so that we can guess
 	// at the source of the problem. As ugly as it may be, we need to throw a technically worded
-	// PHP error message in their face. Once installation is complete application errors will 
+	// PHP error message in their face. Once installation is complete application errors will
-	// throw a white screen because these error messages divulge information which can 
+	// throw a white screen because these error messages divulge information which can
-	// potentially be useful to hackers.       
+	// potentially be useful to hackers.
-	
+
-	
+	error_reporting(E_ERROR | E_WARNING | E_PARSE );
-	error_reporting(E_ERROR | E_WARNING | E_PARSE ); 
+	ini_set('log_errors', '0');
 	ini_set('log_errors','0'); 
 	ini_set('display_errors', '1');
 	// $baseurl/setup/testrwrite to test if rewite in .htaccess is working
-	if (argc() ==2  && argv(1)=="testrewrite") {
+	if (argc() == 2 && argv(1) == "testrewrite") {
-		echo "ok";
+		echo 'ok';
 		killme();
 	}
 	global $install_wizard_pass;
-	if (x($_POST,'pass'))
+	if (x($_POST, 'pass'))
 		$install_wizard_pass = intval($_POST['pass']);
 }
 /**
 * @brief Handle the actions of the different setup steps.
 *
 * @param[in,out] App &$a
 */
 function setup_post(&$a) {
 	global $install_wizard_pass, $db;
@ -58,8 +71,9 @@ function setup_post(&$a) {
 			require_once('include/dba/dba_driver.php');
 			unset($db);
 			$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
 			if(! $db->connected) {
-				echo "Database Connect failed: " . $db->error;
+				echo 'Database Connect failed: ' . $db->error;
 				killme();
 				$a->data['db_conn_failed']=true;
 			}
@ -83,10 +97,10 @@ function setup_post(&$a) {
 				}
 			}*/
 			//if(get_db_errno()) {
-				
+
 			//}
-			return; 
+			return;
 			break;
 		case 4:
 			$urlpath = $a->get_path();
@ -100,10 +114,9 @@ function setup_post(&$a) {
 			$timezone = notags(trim($_POST['timezone']));
 			$adminmail = notags(trim($_POST['adminmail']));
 			$siteurl = notags(trim($_POST['siteurl']));
 			if($siteurl != z_root()) {
-		        $test = z_fetch_url($siteurl."/setup/testrewrite");
+				$test = z_fetch_url($siteurl."/setup/testrewrite");
 				if((! $test['success']) || ($test['body'] != 'ok'))  {
 					$a->data['url_fail'] = true;
 					$a->data['url_error'] = $test['error'];
@ -147,7 +160,7 @@ function setup_post(&$a) {
 				$a->data['db_installed'] = true;
 			return;
-		break;
+			break;
 	}
 }
@ -156,47 +169,50 @@ function get_db_errno() {
 		return mysqli_connect_errno();
 	else
 		return mysql_errno();
-}		
+}
 /**
 * @brief Get output for the setup page.
 *
 * Depending on the state we are currently in it returns different content.
 *
 * @param App &$a
 * @return string parsed HTML output
 */
 function setup_content(&$a) {
 	global $install_wizard_pass, $db;
 	$o = '';
 	$wizard_status = "";
 	$install_title = t('$Projectname Server - Setup');
-	
+	$o = '';
-	if(x($a->data,'db_conn_failed')) {
+	$wizard_status = '';
 	$install_title = t('$Projectname Server - Setup');
 	if(x($a->data, 'db_conn_failed')) {
 		$install_wizard_pass = 2;
 		$wizard_status =  t('Could not connect to database.');
 	}
-	if(x($a->data,'url_fail')) {
+	if(x($a->data, 'url_fail')) {
 		$install_wizard_pass = 3;
 		$wizard_status =  t('Could not connect to specified site URL. Possible SSL certificate or DNS issue.');
 		if($a->data['url_error'])
 			$wizard_status .= ' ' . $a->data['url_error'];
 	}
-	if(x($a->data,'db_create_failed')) {
+	if(x($a->data, 'db_create_failed')) {
 		$install_wizard_pass = 2;
 		$wizard_status =  t('Could not create table.');
 	}
-	
+	$db_return_text = '';
-	$db_return_text="";
+	if(x($a->data, 'db_installed')) {
 	if(x($a->data,'db_installed')) {
 		$txt = '<p style="font-size: 130%;">';
 		$txt .= t('Your site database has been installed.') . EOL;
 		$db_return_text .= $txt;
 	}
-
+	if(x($a->data, 'db_failed')) {
 	if(x($a->data,'db_failed')) {
 		$txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL;
 		$txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ;
 		$txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ;
 		$db_return_text .= $txt;
 	}
 	if($db && $db->connected) {
 		$r = q("SELECT COUNT(*) as `total` FROM `account`");
 		if($r && count($r) && $r[0]['total']) {
@ -210,23 +226,22 @@ function setup_content(&$a) {
 		}
 	}
-	if(x($a->data,'txt') && strlen($a->data['txt'])) {
+	if(x($a->data, 'txt') && strlen($a->data['txt'])) {
 		$db_return_text .= manual_config($a);
 	}
-	
+
-	if ($db_return_text!="") {
+	if ($db_return_text != "") {
 		$tpl = get_markup_template('install.tpl');
 		return replace_macros($tpl, array(
 			'$title' => $install_title,
-			'$pass' => "",
+			'$pass' => '',
 			'$text' => $db_return_text . what_next(),
 		));
 	}
-	
+
 	switch ($install_wizard_pass){
 		case 1: { // System check
 			$checks = array();
 			check_funcs($checks);
@ -238,22 +253,23 @@ function setup_content(&$a) {
 			check_smarty3($checks);
 			check_keys($checks);
-			
+
-			if(x($_POST,'phpath'))
+			if (x($_POST, 'phpath'))
 				$phpath = notags(trim($_POST['phpath']));
 			check_php($phpath, $checks);
-            check_htaccess($checks);
+			check_phpconfig($checks);
-            
+
-			function check_passed($v, $c){
+			check_htaccess($checks);
 			function check_passed($v, $c) {
 				if ($c['required'])
 					$v = $v && $c['status'];
 				return $v;
 			}
 			$checkspassed = array_reduce($checks, "check_passed", true);
 			$tpl = get_markup_template('install_checks.tpl');
 			$o .= replace_macros($tpl, array(
@ -269,7 +285,7 @@ function setup_content(&$a) {
 			));
 			return $o;
 		}; break;
-		
+
 		case 2: { // Database config
 			$dbhost = ((x($_POST,'dbhost')) ? notags(trim($_POST['dbhost'])) : 'localhost');
@ -281,7 +297,6 @@ function setup_content(&$a) {
 			$phpath = notags(trim($_POST['phpath']));
 			$adminmail = notags(trim($_POST['adminmail']));
 			$siteurl = notags(trim($_POST['siteurl']));
 			$tpl = get_markup_template('install_db.tpl');
 			$o .= replace_macros($tpl, array(
@ -292,7 +307,7 @@ function setup_content(&$a) {
 				'$info_03' => t('The database you specify below should already exist. If it does not, please create it before continuing.'),
 				'$status' => $wizard_status,
-				
+
 				'$dbhost' => array('dbhost', t('Database Server Name'), $dbhost, t('Default is localhost')),
 				'$dbport' => array('dbport', t('Database Port'), $dbport, t('Communication port number - use 0 for default')),
 				'$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''),
@ -302,16 +317,14 @@ function setup_content(&$a) {
 				'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
 				'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
 				'$lbl_10' => t('Please select a default timezone for your website'),
-				
+
 				'$baseurl' => $a->get_baseurl(),
-				
+
 				'$phpath' => $phpath,
-				
+
 				'$submit' => t('Submit'),
 			));
 			return $o;
 		}; break;
@ -324,241 +337,296 @@ function setup_content(&$a) {
 			$dbdata = notags(trim($_POST['dbdata']));
 			$dbtype = intval(notags(trim($_POST['dbtype'])));
 			$phpath = notags(trim($_POST['phpath']));
-			
+
 			$adminmail = notags(trim($_POST['adminmail']));
 			$siteurl = notags(trim($_POST['siteurl']));
 			$timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles');
-			
+
 			$tpl = get_markup_template('install_settings.tpl');
 			$o .= replace_macros($tpl, array(
 				'$title' => $install_title,
 				'$pass' => t('Site settings'),
 				'$status' => $wizard_status,
-				
+
-				'$dbhost' => $dbhost, 
+				'$dbhost' => $dbhost,
-				'$dbport' => $dbport, 
+				'$dbport' => $dbport,
 				'$dbuser' => $dbuser,
 				'$dbpass' => $dbpass,
 				'$dbdata' => $dbdata,
 				'$phpath' => $phpath,
 				'$dbtype' => $dbtype,
-				
+
 				'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
 				'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
 				'$timezone' => array('timezone', t('Please select a default timezone for your website'), $timezone, '', get_timezones()),
-				
+
 				'$baseurl' => $a->get_baseurl(),
-				
+
 				'$submit' => t('Submit'),
 			));
 			return $o;
 		}; break;
 	}
 }
 /**
- * checks   : array passed to template
+ * @brief Add a check result to the array for output.
- * title    : string
+ *
- * status   : boolean
+ * @param[in,out] array &$checks array passed to template
- * required : boolean
+ * @param string $title a title for the check
- * help		: string optional
+ * @param boolean $status
 * @param boolean $required
 * @param[optional] string $help optional help string
 */
-function check_add(&$checks, $title, $status, $required, $help){
+function check_add(&$checks, $title, $status, $required, $help = '') {
 	$checks[] = array(
-		'title' => $title,
+		'title'    => $title,
-		'status' => $status,
+		'status'   => $status,
 		'required' => $required,
-		'help'	=> $help,
+		'help'     => $help
 	);
 }
 /**
 * @brief Checks the PHP environment.
 *
 * @param[in,out] string &$phpath
 * @param[out] array &$checks
 */
 function check_php(&$phpath, &$checks) {
-	if (strlen($phpath)){
+	$help = '';
 	if (strlen($phpath)) {
 		$passed = file_exists($phpath);
 	} else {
 		if(is_windows())
 			$phpath = trim(shell_exec('where php'));
 		else
 			$phpath = trim(shell_exec('which php'));
 		$passed = strlen($phpath);
 	}
-	$help = "";
+
 	if(!$passed) {
 		$help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL;
-		$help .= t("If you don't have a command line version of PHP installed on server, you will not be able to run background polling via cron.") . EOL;
+		$help .= t('If you don\'t have a command line version of PHP installed on server, you will not be able to run background polling via cron.') . EOL;
 		$help .= EOL . EOL ;
 		$tpl = get_markup_template('field_input.tpl');
 		$help .= replace_macros($tpl, array(
 			'$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable. You can leave this blank to continue the installation.')),
 		));
-		$phpath="";
+		$phpath = '';
 	}
-	
+
 	check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help);
-	
+
 	if($passed) {
 		$str = autoname(8);
 		$cmd = "$phpath install/testargs.php $str";
 		$result = trim(shell_exec($cmd));
 		$passed2 = $result == $str;
-		$help = "";
+		$help = '';
 		if(!$passed2) {
 			$help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL;
 			$help .= t('This is required for message delivery to work.');
 		}
 		check_add($checks, t('PHP register_argc_argv'), $passed, true, $help);
 	}
 }
-function check_keys(&$checks) {
+/**
 * @brief Some PHP configuration checks.
 *
 * @todo Change how we display such informational text. Add more description
 *       how to change them.
 *
 * @param[out] array &$checks
 */
 function check_phpconfig(&$checks) {
 	require_once 'include/environment.php';
 	$help = '';
 	$result = getPhpiniUploadLimits();
 	$help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'),
 			userReadableSize($result['post_max_size']),
 			userReadableSize($result['max_upload_filesize']),
 			$result['max_file_uploads']
 			);
 	$help .= '<br>' . t('You can adjust these settings in the servers php.ini.');
 	check_add($checks, t('PHP upload limits'), true, false, $help);
 }
 /**
 * @brief Check if the openssl implementation can generate keys.
 *
 * @param[out] array $checks
 */
 function check_keys(&$checks) {
 	$help = '';
 	$res = false;
-	if(function_exists('openssl_pkey_new')) 
+	if (function_exists('openssl_pkey_new')) {
-		$res=openssl_pkey_new(array(
+		$res = openssl_pkey_new(array(
-		'digest_alg' => 'sha1',
+				'digest_alg' => 'sha1',
-		'private_key_bits' => 4096,
+				'private_key_bits' => 4096,
-		'encrypt_key' => false ));
+				'encrypt_key' => false)
 		);
 	}
 	// Get private key
-	if(! $res) {
+	if (! $res) {
 		$help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL;
 		$help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".');
 	}
 	check_add($checks, t('Generate encryption keys'), $res, true, $help);
 	check_add($checks, t('Generate encryption keys'), $res, true, $help);
 }
-
+/**
 * @brief Check for some PHP functions and modules.
 *
 * @param[in,out] array &$checks
 */
 function check_funcs(&$checks) {
 	$ck_funcs = array();
-	check_add($ck_funcs, t('libCurl PHP module'), true, true, "");
+
-	check_add($ck_funcs, t('GD graphics PHP module'), true, true, "");
+	// add check metadata, the real check is done bit later and return values set
-	check_add($ck_funcs, t('OpenSSL PHP module'), true, true, "");
+	check_add($ck_funcs, t('libCurl PHP module'), true, true);
-	check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, "");
+	check_add($ck_funcs, t('GD graphics PHP module'), true, true);
-	check_add($ck_funcs, t('mb_string PHP module'), true, true, "");
+	check_add($ck_funcs, t('OpenSSL PHP module'), true, true);
-	check_add($ck_funcs, t('mcrypt PHP module'), true, true, "");
+	check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true);
-		
+	check_add($ck_funcs, t('mb_string PHP module'), true, true);
-	
+	check_add($ck_funcs, t('mcrypt PHP module'), true, true);
 	check_add($ck_funcs, t('xml PHP module'), true, true);
 	if(function_exists('apache_get_modules')){
-		if (! in_array('mod_rewrite',apache_get_modules())) {
+		if (! in_array('mod_rewrite', apache_get_modules())) {
 			check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.'));
 		} else {
-			check_add($ck_funcs, t('Apache mod_rewrite module'), true, true, "");
+			check_add($ck_funcs, t('Apache mod_rewrite module'), true, true);
 		}
 	}
 	if((! function_exists('proc_open')) || strstr(ini_get('disable_functions'),'proc_open')) {
 		check_add($ck_funcs, t('proc_open'), false, true, t('Error: proc_open is required but is either not installed or has been disabled in php.ini'));
 	}
 	else {
-		check_add($ck_funcs, t('proc_open'), true, true, "");
+		check_add($ck_funcs, t('proc_open'), true, true);
 	}
-	if(! function_exists('curl_init')){
+	if(! function_exists('curl_init')) {
-		$ck_funcs[0]['status']= false;
+		$ck_funcs[0]['status'] = false;
-		$ck_funcs[0]['help']= t('Error: libCURL PHP module required but not installed.');
+		$ck_funcs[0]['help'] = t('Error: libCURL PHP module required but not installed.');
 	}
-	if(! function_exists('imagecreatefromjpeg')){
+	if(! function_exists('imagecreatefromjpeg')) {
-		$ck_funcs[1]['status']= false;
+		$ck_funcs[1]['status'] = false;
-		$ck_funcs[1]['help']= t('Error: GD graphics PHP module with JPEG support required but not installed.');
+		$ck_funcs[1]['help'] = t('Error: GD graphics PHP module with JPEG support required but not installed.');
 	}
 	if(! function_exists('openssl_public_encrypt')) {
-		$ck_funcs[2]['status']= false;
+		$ck_funcs[2]['status'] = false;
-		$ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.');
+		$ck_funcs[2]['help'] = t('Error: openssl PHP module required but not installed.');
 	}
-	if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){ 
+	if(! function_exists('mysqli_connect') && !function_exists('pg_connect')) {
-		$ck_funcs[3]['status']= false;
+		$ck_funcs[3]['status'] = false;
-		$ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.');
+		$ck_funcs[3]['help'] = t('Error: mysqli or postgres PHP module required but neither are installed.');
 	}
-	if(! function_exists('mb_strlen')){
+	if(! function_exists('mb_strlen')) {
-		$ck_funcs[4]['status']= false;
+		$ck_funcs[4]['status'] = false;
-		$ck_funcs[4]['help']= t('Error: mb_string PHP module required but not installed.');
+		$ck_funcs[4]['help'] = t('Error: mb_string PHP module required but not installed.');
 	}
-	if(! function_exists('mcrypt_encrypt')){
+	if(! function_exists('mcrypt_encrypt')) {
-		$ck_funcs[5]['status']= false;
+		$ck_funcs[5]['status'] = false;
-		$ck_funcs[5]['help']= t('Error: mcrypt PHP module required but not installed.');
+		$ck_funcs[5]['help'] = t('Error: mcrypt PHP module required but not installed.');
 	}
 	if(! extension_loaded('xml')) {
 		$ck_funcs[6]['status'] = false;
 		$ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.');
 	}
 	$checks = array_merge($checks, $ck_funcs);
 	$checks = array_merge($checks, $ck_funcs);
 }
-
+/**
 * @brief Check for .htconfig requirements.
 *
 * @param[out] array &$checks
 */
 function check_htconfig(&$checks) {
 	$status = true;
-	$help = "";
+	$help = '';
 	if(	(file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
 		(!file_exists('.htconfig.php') && !is_writable('.')) ) {
 		$status=false;
 		$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
 		$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
 		$help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
 		$help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL; 
 	}
 	check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
 	if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
 		(!file_exists('.htconfig.php') && !is_writable('.')) ) {
 			$status = false;
 			$help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
 			$help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
 			$help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
 			$help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
 	}
 	check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
 }
 /**
 * @brief Checks for our templating engine Smarty3 requirements.
 *
 * @param[out] array &$checks
 */
 function check_smarty3(&$checks) {
 	$status = true;
-	$help = "";
+	$help = '';
-	if(	!is_writable(TEMPLATE_BUILD_PATH) ) {
+
-	
+	if(! is_writable(TEMPLATE_BUILD_PATH) ) {
-		$status=false;
+		$status = false;
 		$help = t('Red uses the Smarty3 template engine to render its web views. Smarty3 compiles templates to PHP to speed up rendering.') .EOL;
 		$help .= sprintf( t('In order to store these compiled templates, the web server needs to have write access to the directory %s under the Red top level folder.'), TEMPLATE_BUILD_PATH) . EOL;
 		$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
-		$help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL; 
+		$help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL;
 	}
 	check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help);
 	check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help);
 }
 /**
 * @brief Check for store directory.
 *
 * @param[out] array &$checks
 */
 function check_store(&$checks) {
 	$status = true;
-	$help = "";
+	$help = '';
-	@os_mkdir(TEMPLATE_BUILD_PATH,STORAGE_DEFAULT_PERMISSIONS,true);
+	@os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true);
-	if(	!is_writable('store') ) {
+	if(! is_writable('store')) {
-	
+		$status = false;
 		$status=false;
 		$help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
 		$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
 	}
 	check_add($checks, t('store is writable'), $status, true, $help);
 	check_add($checks, t('store is writable'), $status, true, $help);
 }
-
+/**
 * @brief Check URL rewrite und SSL certificate.
 *
 * @param[out] array &$checks
 */
 function check_htaccess(&$checks) {
 	$a = get_app();
 	$status = true;
-	$help = "";
+	$help = '';
 	$ssl_error = false;
 	$url = $a->get_baseurl() . '/setup/testrewrite';
 	if (function_exists('curl_init')){
-        $test = z_fetch_url($url);
+		$test = z_fetch_url($url);
 		if(! $test['success']) {
 			if(strstr($url,'https://')) {
 				$test = z_fetch_url($url,false,0,array('novalidate' => true));
@ -581,26 +649,27 @@ function check_htaccess(&$checks) {
 				$help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL;
 				$help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL;
-				check_add($checks, t('SSL certificate validation'),false,true, $help);
+				check_add($checks, t('SSL certificate validation'), false, true, $help);
 			}
-		}		
+		}
-        if ((! $test['success']) || ($test['body'] != "ok")) {
+		if ((! $test['success']) || ($test['body'] != "ok")) {
-            $status = false;
+			$status = false;
-            $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
+			$help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
-        }
+		}
-        check_add($checks, t('Url rewrite is working'), $status, true, $help); 
+
-    } else {
+		check_add($checks, t('Url rewrite is working'), $status, true, $help);
-        // cannot check modrewrite if libcurl is not installed
+	} else {
-    }
+		// cannot check modrewrite if libcurl is not installed
-	
+	}
 }
-	
+
 function manual_config(&$a) {
-	$data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8');
+	$data = htmlspecialchars($a->data['txt'], ENT_COMPAT, 'UTF-8');
 	$o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
 	$o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
 	return $o;
 }
@ -619,50 +688,47 @@ function load_database($db) {
 	$arr = explode(';',$str);
 	$errors = false;
 	foreach($arr as $a) {
-		if(strlen(trim($a))) {	
+		if(strlen(trim($a))) {
 			$r = @$db->q(trim($a));
 			if(! $r) {
 				$errors .=  t('Errors encountered creating database tables.') . $a . EOL;
 			}
 		}
 	}
 	return $errors;
 }
 function what_next() {
 	$a = get_app();
 	// install the standard theme
-	set_config('system','allowed_themes','redbasic');
+	set_config('system', 'allowed_themes', 'redbasic');
 	// Set a lenient list of ciphers if using openssl. Other ssl engines
-	// (e.g. NSS used in RedHat) require different syntax, so hopefully 
+	// (e.g. NSS used in RedHat) require different syntax, so hopefully
-	// the default curl cipher list will work for most sites. If not, 
+	// the default curl cipher list will work for most sites. If not,
 	// this can set via config. Many distros are now disabling RC4,
 	// but many Red sites still use it and are unable to change it.
 	// We do not use SSL for encryption, only to protect session cookies.
-	// z_fetch_url() is also used to import shared links and other content 
+	// z_fetch_url() is also used to import shared links and other content
 	// so in theory most any cipher could show up and we should do our best
-	// to make the content available rather than tell folks that there's a 
+	// to make the content available rather than tell folks that there's a
-	// weird SSL error which they can't do anything about. 
+	// weird SSL error which they can't do anything about.
 	$x = curl_version();
 	if(stristr($x['ssl_version'],'openssl'))
 		set_config('system','curl_ssl_ciphers','ALL:!eNULL');
 	// Create a system channel
 	require_once ('include/identity.php');
-	create_sys_channel();	
+	create_sys_channel();
 	$baseurl = $a->get_baseurl();
-	return 
+	return
 		t('<h1>What next</h1>')
 		."<p>".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.')
-		.t('Please see the file "install/INSTALL.txt".')			
+		.t('Please see the file "install/INSTALL.txt".')
 		."</p><p>"
 		.t("Go to your new Red node <a href='$baseurl/register'>registration page</a> and register as new user. Remember to use the same email you have entered as administrator email. This will allow you to enter the site admin panel.")
 		."</p>";
 }