From 7cfa7a7671f0bf8316bc63912452e156fc48129e Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 17 May 2012 19:59:46 -0700 Subject: [PATCH 1/6] tell browser not to cache permission denied (private) photos so that after authenticating we don't have to fight the browser - plus more prvgroup work --- include/items.php | 6 +++--- mod/photo.php | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/include/items.php b/include/items.php index 51e21d289..ac7580cc1 100644 --- a/include/items.php +++ b/include/items.php @@ -2199,7 +2199,7 @@ function local_delivery($importer,$data) { if($is_reply) { $community = false; - if($importer['page-flags'] == PAGE_COMMUNITY) { + if($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP ) { $sql_extra = ''; $community = true; logger('local_delivery: possible community reply'); @@ -2226,8 +2226,8 @@ function local_delivery($importer,$data) { if($r && count($r)) $is_a_remote_comment = true; - // Does this have the characteristics of a community comment? - // If it's a reply to a wall post on a community page it's a + // Does this have the characteristics of a community or private group comment? + // If it's a reply to a wall post on a community/prvgroup page it's a // valid community comment. Also forum_mode makes it valid for sure. // If neither, it's not. diff --git a/mod/photo.php b/mod/photo.php index 1d38fe8e4..3cd8250a9 100644 --- a/mod/photo.php +++ b/mod/photo.php @@ -28,6 +28,8 @@ function photo_init(&$a) { } }*/ + $prvcachecontrol = false; + switch($a->argc) { case 4: $person = $a->argv[3]; @@ -134,6 +136,7 @@ function photo_init(&$a) { ); if(count($r)) { $data = file_get_contents('images/nosign.jpg'); + $prvcachecontrol = true; } } } @@ -179,8 +182,22 @@ function photo_init(&$a) { } header("Content-type: image/jpeg"); - header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); - header("Cache-Control: max-age=" . (3600*24)); + + if($prvcachecontrol) { + + // it is a private photo that they have no permission to view. + // tell the browser not to cache it, in case they authenticate + // and subsequently have permission to see it + + header("Cache-Control: no-store, no-cache, must-revalidate"); + + } + else { + + header("Expires: " . gmdate("D, d M Y H:i:s", time() + (3600*24)) . " GMT"); + header("Cache-Control: max-age=" . (3600*24)); + + } echo $data; killme(); // NOTREACHED From 7b0ded3f1478553e1fe93c95c272b99d78f0132b Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 17 May 2012 22:44:52 -0700 Subject: [PATCH 2/6] more private forums, default privacy group for new contacts --- boot.php | 2 +- database.sql | 1 + include/diaspora.php | 8 ++++++ include/group.php | 28 +++++++++++++++++++-- include/items.php | 53 +++++++++++++++++++++++----------------- include/notifier.php | 8 +++--- mod/dfrn_request.php | 8 ++++++ mod/follow.php | 10 ++++++++ mod/settings.php | 22 +++++++++++++++-- update.php | 9 ++++++- view/group_selection.tpl | 5 ++++ view/pagetypes.tpl | 3 +++ view/settings.tpl | 6 +++++ 13 files changed, 130 insertions(+), 33 deletions(-) create mode 100644 view/group_selection.tpl diff --git a/boot.php b/boot.php index 4032f2662..95f296d41 100644 --- a/boot.php +++ b/boot.php @@ -11,7 +11,7 @@ require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_VERSION', '3.0.1345' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); -define ( 'DB_UPDATE_VERSION', 1143 ); +define ( 'DB_UPDATE_VERSION', 1144 ); define ( 'EOL', "
\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); diff --git a/database.sql b/database.sql index cf086796a..ed97cd4aa 100644 --- a/database.sql +++ b/database.sql @@ -1028,6 +1028,7 @@ CREATE TABLE IF NOT EXISTS `user` ( `account_expires_on` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `expire_notification_sent` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', `service_class` char(32) NOT NULL, + `def_gid` int(11) NOT NULL DEFAULT '0', `allow_cid` mediumtext NOT NULL, `allow_gid` mediumtext NOT NULL, `deny_cid` mediumtext NOT NULL, diff --git a/include/diaspora.php b/include/diaspora.php index 2051de5fc..3f2cdf8e4 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -569,6 +569,14 @@ function diaspora_request($importer,$xml) { return; } + $g = q("select def_gid from user where uid = %d limit 1", + intval($importer['uid']) + ); + if($g && intval($g[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($importer['uid'],'',$contact_record['id'],$g[0]['def_gid']); + } + if($importer['page-flags'] == PAGE_NORMAL) { $hash = random_string() . (string) time(); // Generate a confirm_key diff --git a/include/group.php b/include/group.php index edb547de6..cc6540b31 100644 --- a/include/group.php +++ b/include/group.php @@ -97,8 +97,9 @@ function group_rmv_member($uid,$name,$member) { } -function group_add_member($uid,$name,$member) { - $gid = group_byname($uid,$name); +function group_add_member($uid,$name,$member,$gid = 0) { + if(! $gid) + $gid = group_byname($uid,$name); if((! $gid) || (! $uid) || (! $member)) return false; @@ -154,6 +155,29 @@ function group_public_members($gid) { } +function mini_group_select($uid,$gid = 0) { + + $grps = array(); + $o = ''; + + $r = q("SELECT * FROM `group` WHERE `deleted` = 0 AND `uid` = %d ORDER BY `name` ASC", + intval($uid) + ); + $grps[] = array('name' => '', 'id' => '0', 'selected' => ''); + if(count($r)) { + foreach($r as $rr) { + $grps[] = array('name' => $rr['name'], 'id' => $rr['id'], 'selected' => (($gid == $rr['id']) ? 'true' : '')); + } + + } + logger('groups: ' . print_r($grps,true)); + + $o = replace_macros(get_markup_template('group_selection.tpl'), array('$groups' => $grps )); + return $o; +} + + + function group_side($every="contacts",$each="group",$edit = false, $group_id = 0, $cid = 0) { diff --git a/include/items.php b/include/items.php index ac7580cc1..91c9056fe 100644 --- a/include/items.php +++ b/include/items.php @@ -988,33 +988,31 @@ function tag_deliver($uid,$item_id) { } } - if((! $mention) && (! $prvgroup)) + if(! $mention) return; - if($mention) { + // send a notification - // send a notification + require_once('include/enotify.php'); + notification(array( + 'type' => NOTIFY_TAGSELF, + 'notify_flags' => $u[0]['notify-flags'], + 'language' => $u[0]['language'], + 'to_name' => $u[0]['username'], + 'to_email' => $u[0]['email'], + 'uid' => $u[0]['uid'], + 'item' => $item, + 'link' => $a->get_baseurl() . '/display/' . $u[0]['nickname'] . '/' . $item['id'], + 'source_name' => $item['author-name'], + 'source_link' => $item['author-link'], + 'source_photo' => $item['author-avatar'], + 'verb' => ACTIVITY_TAG, + 'otype' => 'item' + )); - require_once('include/enotify.php'); - notification(array( - 'type' => NOTIFY_TAGSELF, - 'notify_flags' => $u[0]['notify-flags'], - 'language' => $u[0]['language'], - 'to_name' => $u[0]['username'], - 'to_email' => $u[0]['email'], - 'uid' => $u[0]['uid'], - 'item' => $item, - 'link' => $a->get_baseurl() . '/display/' . $u[0]['nickname'] . '/' . $item['id'], - 'source_name' => $item['author-name'], - 'source_link' => $item['author-link'], - 'source_photo' => $item['author-avatar'], - 'verb' => ACTIVITY_TAG, - 'otype' => 'item' - )); + if((! $community_page) && (! prvgroup)) + return; - if(! $community_page) - return; - } // tgroup delivery - setup a second delivery chain // prevent delivery looping - only proceed @@ -1036,8 +1034,11 @@ function tag_deliver($uid,$item_id) { $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0; - q("update item set wall = 1, origin = 1, forum_mode = 1, `owner-name` = '%s', `owner-link` = '%s', `owner-avatar` = '%s', + $forum_mode = (($prvgroup) ? 2 : 1); + + q("update item set wall = 1, origin = 1, forum_mode = %d, `owner-name` = '%s', `owner-link` = '%s', `owner-avatar` = '%s', `private` = %d, `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' where id = %d limit 1", + intval($forum_mode), dbesc($c[0]['name']), dbesc($c[0]['url']), dbesc($c[0]['thumb']), @@ -2716,6 +2717,12 @@ function new_follower($importer,$contact,$datarray,$item,$sharing = false) { ); $a = get_app(); if(count($r)) { + + if(intval($r[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($r[0]['uid'],'',$contact_record['id'],$r[0]['def_gid']); + } + if(($r[0]['notify-flags'] & NOTIFY_INTRO) && ($r[0]['page-flags'] == PAGE_NORMAL)) { $email_tpl = get_intltext_template('follow_notify_eml.tpl'); $email = replace_macros($email_tpl, array( diff --git a/include/notifier.php b/include/notifier.php index 6ce281372..ea4a1bea8 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -220,7 +220,7 @@ function notifier_run($argv, $argc){ } - if(($cmd === 'uplink') && (intval($parent['forum_mode'])) && (! $top_level)) { + if(($cmd === 'uplink') && (intval($parent['forum_mode']) == 1) && (! $top_level)) { $relay_to_owner = true; } @@ -265,10 +265,10 @@ function notifier_run($argv, $argc){ $deny_people = expand_acl($parent['deny_cid']); $deny_groups = expand_groups(expand_acl($parent['deny_gid'])); - // if our parent is a forum, uplink to the origional author causing - // a delivery fork + // if our parent is a public forum (forum_mode == 1), uplink to the origional author causing + // a delivery fork. private groups (forum_mode == 2) do not uplink - if(intval($parent['forum_mode']) && (! $top_level) && ($cmd !== 'uplink')) { + if((intval($parent['forum_mode']) == 1) && (! $top_level) && ($cmd !== 'uplink')) { proc_run('php','include/notifier','uplink',$item_id); } diff --git a/mod/dfrn_request.php b/mod/dfrn_request.php index 2169c494c..b809929d7 100644 --- a/mod/dfrn_request.php +++ b/mod/dfrn_request.php @@ -370,6 +370,14 @@ function dfrn_request_post(&$a) { if(count($r)) { $contact_id = $r[0]['id']; + $g = q("select def_gid from user where uid = %d limit 1", + intval($uid) + ); + if($g && intval($g[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($uid,'',$contact_id,$g[0]['def_gid']); + } + $photo = avatar_img($addr); $r = q("UPDATE `contact` SET diff --git a/mod/follow.php b/mod/follow.php index 4a7f99bf0..cdecd5f2a 100644 --- a/mod/follow.php +++ b/mod/follow.php @@ -109,6 +109,7 @@ function follow_init(&$a) { dbesc($ret['poll']) ); + if(count($r)) { // update contact if($r[0]['rel'] == CONTACT_IS_FOLLOWER || ($network === NETWORK_DIASPORA && $r[0]['rel'] == CONTACT_IS_SHARING)) { @@ -165,6 +166,15 @@ function follow_init(&$a) { $contact = $r[0]; $contact_id = $r[0]['id']; + + $g = q("select def_gid from user where uid = %d limit 1", + intval($uid) + ); + if($g && intval($g[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($uid,'',$contact_id,$g[0]['def_gid']); + } + require_once("Photo.php"); $photos = import_profile_photo($ret['photo'],$uid,$contact_id); diff --git a/mod/settings.php b/mod/settings.php index 5f5b2ab2e..23dde3f2a 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -330,6 +330,7 @@ function settings_post(&$a) { $openid = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); $maxreq = ((x($_POST,'maxreq')) ? intval($_POST['maxreq']) : 0); $expire = ((x($_POST,'expire')) ? intval($_POST['expire']) : 0); + $def_gid = ((x($_POST,'group-selection')) ? intval($_POST['group-selection']) : 0); $expire_items = ((x($_POST,'expire_items')) ? intval($_POST['expire_items']) : 0); @@ -355,6 +356,9 @@ function settings_post(&$a) { $post_joingroup = (($_POST['post_joingroup'] == 1) ? 1: 0); $post_profilechange = (($_POST['post_profilechange'] == 1) ? 1: 0); + if($page_flags == PAGE_PRVGROUP) { + $hidewall = 1; + } $notify = 0; @@ -441,7 +445,7 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','post_profilechange', $post_profilechange); - $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), @@ -457,6 +461,7 @@ function settings_post(&$a) { intval($maxreq), intval($expire), dbesc($openidserver), + intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), @@ -833,6 +838,13 @@ function settings_content(&$a) { '$page_freelove' => array('page-flags', t('Automatic Friend Account'), PAGE_FREELOVE, t('Automatically approve all connection/friend requests as friends'), ($a->user['page-flags'] == PAGE_FREELOVE)), + + '$page_prvgroup' => array('page-flags', t('Private Forum'), PAGE_PRVGROUP, + t('Private forum - approved members only [Experimental]'), + ($a->user['page-flags'] == PAGE_PRVGROUP)), + + '$experimental' => ( (intval(get_config('system','prvgroup_testing'))) ? 'true' : ''), + )); $noid = get_config('system','no_openid'); @@ -934,6 +946,9 @@ function settings_content(&$a) { 'photos' => array('expire_photos', t("Expire photos:"), $expire_photos, '', array(t('No'),t('Yes'))), ); + require_once('include/group.php'); + $group_select = mini_group_select(local_user(),$a->user['def_gid']); + $o .= replace_macros($stpl,array( '$ptitle' => t('Account Settings'), @@ -941,7 +956,6 @@ function settings_content(&$a) { '$baseurl' => $a->get_baseurl(true), '$uid' => local_user(), '$form_security_token' => get_form_security_token("settings"), - '$nickname_block' => $prof_addr, '$h_pass' => t('Password Settings'), @@ -968,6 +982,10 @@ function settings_content(&$a) { '$suggestme' => $suggestme, '$blockwall'=> $blockwall, // array('blockwall', t('Allow friends to post to your profile page:'), !$blockwall, ''), '$blocktags'=> $blocktags, // array('blocktags', t('Allow friends to tag your posts:'), !$blocktags, ''), + '$group_lbl_select' => t('Default privacy group for new contacts'), + '$group_select' => $group_select, + + '$expire' => $expire_arr, '$profile_in_dir' => $profile_in_dir, diff --git a/update.php b/update.php index e363aa942..f25d16f9d 100644 --- a/update.php +++ b/update.php @@ -1,6 +1,6 @@ +{{ for $groups as $group }} + +{{ endfor }} + diff --git a/view/pagetypes.tpl b/view/pagetypes.tpl index d9f873ea0..924fc47ac 100644 --- a/view/pagetypes.tpl +++ b/view/pagetypes.tpl @@ -2,3 +2,6 @@ {{inc field_radio.tpl with $field=$page_soapbox }}{{endinc}} {{inc field_radio.tpl with $field=$page_community }}{{endinc}} {{inc field_radio.tpl with $field=$page_freelove }}{{endinc}} + {{ if $experimental }} + {{inc field_radio.tpl with $field=$page_prvgroup }}{{endinc}} + {{ endif }} \ No newline at end of file diff --git a/view/settings.tpl b/view/settings.tpl index cec3c6f64..e25d67463 100644 --- a/view/settings.tpl +++ b/view/settings.tpl @@ -56,9 +56,12 @@ $suggestme $unkmail + {{inc field_input.tpl with $field=$cntunkmail }}{{endinc}} {{inc field_input.tpl with $field=$expire.days }}{{endinc}} + +
$expire.label
@@ -90,6 +93,9 @@ $unkmail
+ +$group_select +
From 1d157fc747232a158209367e2ebaeadc3f3a56ec Mon Sep 17 00:00:00 2001 From: friendica Date: Thu, 17 May 2012 23:05:41 -0700 Subject: [PATCH 3/6] make it difficult to setup a private forum with no privacy --- mod/settings.php | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/mod/settings.php b/mod/settings.php index 23dde3f2a..8c7b1c49c 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -356,10 +356,6 @@ function settings_post(&$a) { $post_joingroup = (($_POST['post_joingroup'] == 1) ? 1: 0); $post_profilechange = (($_POST['post_profilechange'] == 1) ? 1: 0); - if($page_flags == PAGE_PRVGROUP) { - $hidewall = 1; - } - $notify = 0; if(x($_POST,'notify1')) @@ -445,6 +441,19 @@ function settings_post(&$a) { set_pconfig(local_user(),'system','post_profilechange', $post_profilechange); + if($page_flags == PAGE_PRVGROUP) { + $hidewall = 1; + if((! str_contact_allow) && (! str_group_allow) && (! str_contact_deny) && (! $str_group_deny)) { + if($def_gid) { + info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL); + $str_group_allow = '<' . $def_gid . '>'; + } + else { + notice( t('Private forum has no privacy permissions and no default privacy group.') . EOL); + } + } + } + $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), From 5ecaeb8e5c9fb01ee768df2a650d2187d971b105 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 18 May 2012 01:03:46 -0700 Subject: [PATCH 4/6] catch more places to apply default group --- mod/dfrn_confirm.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 2b25095fd..227d72cbf 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -500,6 +500,16 @@ function dfrn_confirm_post(&$a,$handsfree = null) { } } } + + + $g = q("select def_gid from user where uid = %d limit 1", + intval($uid) + ); + if($contact && $g && intval($g[0]['def_gid'])) { + require_once('include/group.php'); + group_add_member($uid,'',$contact[0]['id'],$g[0]['def_gid']); + } + // Let's send our user to the contact editor in case they want to // do anything special with this new friend. From 34b79b4f2b8b9a563717ca60bc55ff868c29df1a Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 18 May 2012 01:38:11 -0700 Subject: [PATCH 5/6] theming for default group selector --- include/group.php | 5 ++++- mod/settings.php | 2 +- view/group_selection.tpl | 5 ++++- view/settings.tpl | 1 - 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/include/group.php b/include/group.php index cc6540b31..854ac06a9 100644 --- a/include/group.php +++ b/include/group.php @@ -172,7 +172,10 @@ function mini_group_select($uid,$gid = 0) { } logger('groups: ' . print_r($grps,true)); - $o = replace_macros(get_markup_template('group_selection.tpl'), array('$groups' => $grps )); + $o = replace_macros(get_markup_template('group_selection.tpl'), array( + '$label' => t('Default privacy group for new contacts'), + '$groups' => $grps + )); return $o; } diff --git a/mod/settings.php b/mod/settings.php index 8c7b1c49c..40fa55eea 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -991,7 +991,7 @@ function settings_content(&$a) { '$suggestme' => $suggestme, '$blockwall'=> $blockwall, // array('blockwall', t('Allow friends to post to your profile page:'), !$blockwall, ''), '$blocktags'=> $blocktags, // array('blocktags', t('Allow friends to tag your posts:'), !$blocktags, ''), - '$group_lbl_select' => t('Default privacy group for new contacts'), + '$group_select' => $group_select, diff --git a/view/group_selection.tpl b/view/group_selection.tpl index d09ba676d..3809cb994 100644 --- a/view/group_selection.tpl +++ b/view/group_selection.tpl @@ -1,5 +1,8 @@ - {{ for $groups as $group }} {{ endfor }} +
diff --git a/view/settings.tpl b/view/settings.tpl index e25d67463..556cd3ba3 100644 --- a/view/settings.tpl +++ b/view/settings.tpl @@ -93,7 +93,6 @@ $unkmail
- $group_select From 38217444502aee41d71d90c0c8927999bb1b12e6 Mon Sep 17 00:00:00 2001 From: friendica Date: Fri, 18 May 2012 01:46:02 -0700 Subject: [PATCH 6/6] apply max-width to images in posts, duepuntozero --- view/theme/duepuntozero/style.css | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/view/theme/duepuntozero/style.css b/view/theme/duepuntozero/style.css index b978c13e5..826acc7ef 100644 --- a/view/theme/duepuntozero/style.css +++ b/view/theme/duepuntozero/style.css @@ -1091,6 +1091,11 @@ input#dfrn-url { overflow: auto; } +.wall-item-content img { + max-width: 700px; +} + + .wall-item-title { float: left; font-weight: bold;