friendica_2021-01/include/acl_selectors.php

<?php

/**
 * @file include/acl_selectors.php
 */

require_once("include/contact_selectors.php");
require_once("include/contact_widgets.php");
require_once("include/DirSearch.php");
require_once("include/features.php");
require_once("mod/proxy.php");


/**
 * @package acl_selectors
 */
function group_select($selname,$selclass,$preselected = false,$size = 4) {

	$a = get_app();

	$o = '';

	$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" >\r\n";

	$r = q("SELECT `id`, `name` FROM `group` WHERE NOT `deleted` AND `uid` = %d ORDER BY `name` ASC",
		intval(local_user())
	);


	$arr = array('group' => $r, 'entry' => $o);

	// e.g. 'network_pre_group_deny', 'profile_pre_group_allow'

	call_hooks($a->module . '_pre_' . $selname, $arr);

	if (dbm::is_result($r)) {
		foreach ($r as $rr) {
			if((is_array($preselected)) && in_array($rr['id'], $preselected))
				$selected = " selected=\"selected\" ";
			else
				$selected = '';

			$trimmed = mb_substr($rr['name'],0,12);

			$o .= "<option value=\"{$rr['id']}\" $selected title=\"{$rr['name']}\" >$trimmed</option>\r\n";
		}

	}
	$o .= "</select>\r\n";

	call_hooks($a->module . '_post_' . $selname, $o);


	return $o;
}


function contact_selector($selname, $selclass, $preselected = false, $options) {

	$a = get_app();

	$mutual = false;
	$networks = null;
	$single = false;
	$exclude = false;
	$size = 4;

	if (is_array($options)) {
		if (x($options,'size'))
			$size = $options['size'];

		if (x($options,'mutual_friends')) {
			$mutual = true;
		}
		if (x($options,'single')) {
			$single = true;
		}
		if (x($options,'multiple')) {
			$single = false;
		}
		if (x($options,'exclude')) {
			$exclude = $options['exclude'];
		}

		if (x($options,'networks')) {
			switch($options['networks']) {
				case 'DFRN_ONLY':
					$networks = array(NETWORK_DFRN);
					break;
				case 'PRIVATE':
					if(is_array($a->user) && $a->user['prvnets'])
						$networks = array(NETWORK_DFRN,NETWORK_MAIL,NETWORK_DIASPORA);
					else
						$networks = array(NETWORK_DFRN,NETWORK_FACEBOOK,NETWORK_MAIL, NETWORK_DIASPORA);
					break;
				case 'TWO_WAY':
					if(is_array($a->user) && $a->user['prvnets'])
						$networks = array(NETWORK_DFRN,NETWORK_MAIL,NETWORK_DIASPORA);
					else
						$networks = array(NETWORK_DFRN,NETWORK_FACEBOOK,NETWORK_MAIL,NETWORK_DIASPORA,NETWORK_OSTATUS);
					break;
				default:
					break;
			}
		}
	}

	$x = array('options' => $options, 'size' => $size, 'single' => $single, 'mutual' => $mutual, 'exclude' => $exclude, 'networks' => $networks);

	call_hooks('contact_select_options', $x);

	$o = '';

	$sql_extra = '';

	if($x['mutual']) {
		$sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
	}

	if(intval($x['exclude']))
		$sql_extra .= sprintf(" AND `id` != %d ", intval($x['exclude']));

	if(is_array($x['networks']) && count($x['networks'])) {
		for($y = 0; $y < count($x['networks']) ; $y ++)
			$x['networks'][$y] = "'" . dbesc($x['networks'][$y]) . "'";
		$str_nets = implode(',',$x['networks']);
		$sql_extra .= " AND `network` IN ( $str_nets ) ";
	}

	$tabindex = (x($options, 'tabindex') ? "tabindex=\"" . $options["tabindex"] . "\"" : "");

	if($x['single'])
		$o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"" . $x['size'] . "\" $tabindex >\r\n";
	else
		$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"" . $x['size'] . "$\" $tabindex >\r\n";

	$r = q("SELECT `id`, `name`, `url`, `network` FROM `contact`
		WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
		$sql_extra
		ORDER BY `name` ASC ",
		intval(local_user())
	);


	$arr = array('contact' => $r, 'entry' => $o);

	// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'

	call_hooks($a->module . '_pre_' . $selname, $arr);

	if (dbm::is_result($r)) {
		foreach ($r as $rr) {
			if ((is_array($preselected)) && in_array($rr['id'], $preselected)) {
				$selected = " selected=\"selected\" ";
			} else {
				$selected = '';
			}

			$trimmed = mb_substr($rr['name'],0,20);

			$o .= "<option value=\"{$rr['id']}\" $selected title=\"{$rr['name']}|{$rr['url']}\" >$trimmed</option>\r\n";
		}

	}

	$o .= "</select>\r\n";

	call_hooks($a->module . '_post_' . $selname, $o);

	return $o;
}



function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false, $tabindex = null) {

	require_once("include/bbcode.php");

	$a = get_app();

	$o = '';

	// When used for private messages, we limit correspondence to mutual DFRN/Friendica friends and the selector
	// to one recipient. By default our selector allows multiple selects amongst all contacts.

	$sql_extra = '';

	if($privmail || $celeb) {
		$sql_extra .= sprintf(" AND `rel` = %d ", intval(CONTACT_IS_FRIEND));
	}

	if($privmail)
		$sql_extra .= sprintf(" AND `network` IN ('%s' , '%s') ",
					NETWORK_DFRN, NETWORK_DIASPORA);
	elseif($privatenet)
		$sql_extra .= sprintf(" AND `network` IN ('%s' , '%s', '%s', '%s') ",
					NETWORK_DFRN, NETWORK_MAIL, NETWORK_FACEBOOK, NETWORK_DIASPORA);

	$tabindex = ($tabindex > 0 ? "tabindex=\"$tabindex\"" : "");

	if ($privmail AND $preselected) {
		$sql_extra .= " AND `id` IN (".implode(",", $preselected).")";
		$hidepreselected = ' style="display: none;"';
	} else
		$hidepreselected = "";

	if($privmail)
		$o .= "<select name=\"$selname\" id=\"$selclass\" class=\"$selclass\" size=\"$size\" $tabindex $hidepreselected>\r\n";
	else
		$o .= "<select name=\"{$selname}[]\" id=\"$selclass\" class=\"$selclass\" multiple=\"multiple\" size=\"$size\" $tabindex >\r\n";

	$r = q("SELECT `id`, `name`, `url`, `network` FROM `contact`
		WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
		$sql_extra
		ORDER BY `name` ASC ",
		intval(local_user())
	);


	$arr = array('contact' => $r, 'entry' => $o);

	// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'

	call_hooks($a->module . '_pre_' . $selname, $arr);

	$receiverlist = array();

	if (dbm::is_result($r)) {
		foreach ($r as $rr) {
			if ((is_array($preselected)) && in_array($rr['id'], $preselected)) {
				$selected = " selected=\"selected\" ";
			}
			else {
				$selected = '';
			}

			if ($privmail) {
				$trimmed = GetProfileUsername($rr['url'], $rr['name'], false);
			} else {
				$trimmed = mb_substr($rr['name'],0,20);
			}

			$receiverlist[] = $trimmed;

			$o .= "<option value=\"{$rr['id']}\" $selected title=\"{$rr['name']}|{$rr['url']}\" >$trimmed</option>\r\n";
		}

	}

	$o .= "</select>\r\n";

	if ($privmail AND $preselected)
		$o .= implode(", ", $receiverlist);

	call_hooks($a->module . '_post_' . $selname, $o);

	return $o;
}


function fixacl(&$item) {
	$item = intval(str_replace(array('<','>'),array('',''),$item));
}

function prune_deadguys($arr) {

	if (! $arr) {
		return $arr;
	}

	$str = dbesc(implode(',',$arr));

	$r = q("SELECT `id` FROM `contact` WHERE `id` IN ( " . $str . ") AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0 ");

	if (dbm::is_result($r)) {
		$ret = array();
		foreach ($r as $rr) {
			$ret[] = intval($rr['id']);
		}
		return $ret;
	}

	return array();
}


function get_acl_permissions($user = null) {
	$allow_cid = $allow_gid = $deny_cid = $deny_gid = false;

	if(is_array($user)) {
		$allow_cid = ((strlen($user['allow_cid']))
			? explode('><', $user['allow_cid']) : array() );
		$allow_gid = ((strlen($user['allow_gid']))
			? explode('><', $user['allow_gid']) : array() );
		$deny_cid  = ((strlen($user['deny_cid']))
			? explode('><', $user['deny_cid']) : array() );
		$deny_gid  = ((strlen($user['deny_gid']))
			? explode('><', $user['deny_gid']) : array() );
		array_walk($allow_cid,'fixacl');
		array_walk($allow_gid,'fixacl');
		array_walk($deny_cid,'fixacl');
		array_walk($deny_gid,'fixacl');
	}

	$allow_cid = prune_deadguys($allow_cid);

	return array(
		'allow_cid' => $allow_cid,
		'allow_gid' => $allow_gid,
		'deny_cid' => $deny_cid,
		'deny_gid' => $deny_gid,
	);
}


function populate_acl($user = null, $show_jotnets = false) {

	$perms = get_acl_permissions($user);

	$jotnets = '';
	if($show_jotnets) {
		$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);

		$mail_enabled = false;
		$pubmail_enabled = false;

		if(! $mail_disabled) {
			$r = q("SELECT `pubmail` FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
				intval(local_user())
			);
			if (dbm::is_result($r)) {
				$mail_enabled = true;
				if(intval($r[0]['pubmail']))
					$pubmail_enabled = true;
			}
		}

		if (!$user['hidewall']) {
			if($mail_enabled) {
				$selected = (($pubmail_enabled) ? ' checked="checked" ' : '');
				$jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . t("Post to Email") . '</div>';
			}

			call_hooks('jot_networks', $jotnets);
		} else
			$jotnets .= sprintf(t('Connectors disabled, since "%s" is enabled.'),
					    t('Hide your profile details from unknown viewers?'));
		}

	$tpl = get_markup_template("acl_selector.tpl");
	$o = replace_macros($tpl, array(
		'$showall'=> t("Visible to everybody"),
		'$show'	=> t("show"),
		'$hide'	 => t("don't show"),
		'$allowcid' => json_encode($perms['allow_cid']),
		'$allowgid' => json_encode($perms['allow_gid']),
		'$denycid' => json_encode($perms['deny_cid']),
		'$denygid' => json_encode($perms['deny_gid']),
		'$networks' => $show_jotnets,
		'$emailcc' => t('CC: email addresses'),
		'$emtitle' => t('Example: bob@example.com, mary@example.com'),
		'$jotnets' => $jotnets,
		'$aclModalTitle' => t('Permissions'),
		'$aclModalDismiss' => t('Close'),
		'$features' => array(
		"aclautomention"=>(feature_enabled($user['uid'],"aclautomention")?"true":"false")
		),
	));


	return $o;

}

function construct_acl_data(App $a, $user) {

	// Get group and contact information for html ACL selector
	$acl_data = acl_lookup($a, 'html');

	$user_defaults = get_acl_permissions($user);

	if($acl_data['groups']) {
		foreach($acl_data['groups'] as $key=>$group) {
			// Add a "selected" flag to groups that are posted to by default
			if($user_defaults['allow_gid'] &&
			   in_array($group['id'], $user_defaults['allow_gid']) && !in_array($group['id'], $user_defaults['deny_gid']) )
				$acl_data['groups'][$key]['selected'] = 1;
			else
				$acl_data['groups'][$key]['selected'] = 0;
		}
	}
	if($acl_data['contacts']) {
		foreach($acl_data['contacts'] as $key=>$contact) {
			// Add a "selected" flag to groups that are posted to by default
			if($user_defaults['allow_cid'] &&
			   in_array($contact['id'], $user_defaults['allow_cid']) && !in_array($contact['id'], $user_defaults['deny_cid']) )
				$acl_data['contacts'][$key]['selected'] = 1;
			else
				$acl_data['contacts'][$key]['selected'] = 0;
		}
	}

	return $acl_data;

}

function acl_lookup(App $a, $out_type = 'json') {

	if (!local_user()) {
		return '';
	}

	$start	=	(x($_REQUEST,'start')		? $_REQUEST['start']		: 0);
	$count	=	(x($_REQUEST,'count')		? $_REQUEST['count']		: 100);
	$search	 =	(x($_REQUEST,'search')		? $_REQUEST['search']		: "");
	$type	=	(x($_REQUEST,'type')		? $_REQUEST['type']		: "");
	$mode	=	(x($_REQUEST,'smode')		? $_REQUEST['smode']		: "");
	$conv_id =	(x($_REQUEST,'conversation')	? $_REQUEST['conversation']	: null);

	// For use with jquery.textcomplete for private mail completion

	if(x($_REQUEST,'query') && strlen($_REQUEST['query'])) {
		if(! $type)
			$type = 'm';
		$search = $_REQUEST['query'];
	}

	logger("Searching for ".$search." - type ".$type, LOGGER_DEBUG);

	if ($search!=""){
		$sql_extra = "AND `name` LIKE '%%".dbesc($search)."%%'";
		$sql_extra2 = "AND (`attag` LIKE '%%".dbesc($search)."%%' OR `name` LIKE '%%".dbesc($search)."%%' OR `nick` LIKE '%%".dbesc($search)."%%')";
	} else {
		$sql_extra = $sql_extra2 = "";
	}

	// count groups and contacts
	if ($type=='' || $type=='g'){
		$r = q("SELECT COUNT(*) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra",
			intval(local_user())
		);
		$group_count = (int)$r[0]['g'];
	} else {
		$group_count = 0;
	}

	$sql_extra2 .= " ".unavailable_networks();

	// autocomplete for editor mentions
	if ($type=='' || $type=='c'){
		$r = q("SELECT COUNT(*) AS c FROM `contact`
				WHERE `uid` = %d AND NOT `self`
				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
				AND `notify` != '' $sql_extra2" ,
			intval(local_user())
		);
		$contact_count = (int)$r[0]['c'];
	}
	elseif ($type == 'm') {

		// autocomplete for Private Messages

		$r = q("SELECT COUNT(*) AS c FROM `contact`
				WHERE `uid` = %d AND NOT `self`
				AND NOT `blocked` AND NOT `pending` AND NOT `archive`
				AND `network` IN ('%s','%s','%s') $sql_extra2" ,
			intval(local_user()),
			dbesc(NETWORK_DFRN),
			dbesc(NETWORK_ZOT),
			dbesc(NETWORK_DIASPORA)
		);
		$contact_count = (int)$r[0]['c'];

	}
	elseif ($type == 'a') {

		// autocomplete for Contacts

		$r = q("SELECT COUNT(*) AS c FROM `contact`
				WHERE `uid` = %d AND NOT `self`
				AND NOT `pending` $sql_extra2" ,
			intval(local_user())
		);
		$contact_count = (int)$r[0]['c'];

	} else {
		$contact_count = 0;
	}


	$tot = $group_count+$contact_count;

	$groups = array();
	$contacts = array();

	if ($type=='' || $type=='g'){

		/// @todo We should cache this query.
		// This can be done when we can delete cache entries via wildcard
		$r = q("SELECT `group`.`id`, `group`.`name`, GROUP_CONCAT(DISTINCT `group_member`.`contact-id` SEPARATOR ',') AS uids
				FROM `group`
				INNER JOIN `group_member` ON `group_member`.`gid`=`group`.`id` AND `group_member`.`uid` = `group`.`uid`
				WHERE NOT `group`.`deleted` AND `group`.`uid` = %d
					$sql_extra
				GROUP BY `group`.`name`
				ORDER BY `group`.`name`
				LIMIT %d,%d",
			intval(local_user()),
			intval($start),
			intval($count)
		);

		foreach($r as $g){
//		logger('acl: group: ' . $g['name'] . ' members: ' . $g['uids']);
			$groups[] = array(
				"type"  => "g",
				"photo" => "images/twopeople.png",
				"name"  => htmlentities($g['name']),
				"id"	=> intval($g['id']),
				"uids"  => array_map("intval", explode(",",$g['uids'])),
				"link"  => '',
				"forum" => '0'
			);
		}
	}

	if ($type==''){

		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `forum`, `prv` FROM `contact`
			WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
			AND NOT (`network` IN ('%s', '%s'))
			$sql_extra2
			ORDER BY `name` ASC ",
			intval(local_user()),
			dbesc(NETWORK_OSTATUS), dbesc(NETWORK_STATUSNET)
		);
	}
	elseif ($type=='c'){

		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `forum`, `prv` FROM `contact`
			WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive` AND `notify` != ''
			AND NOT (`network` IN ('%s'))
			$sql_extra2
			ORDER BY `name` ASC ",
			intval(local_user()),
			dbesc(NETWORK_STATUSNET)
		);
	}
	elseif($type == 'm') {
		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag` FROM `contact`
			WHERE `uid` = %d AND NOT `self` AND NOT `blocked` AND NOT `pending` AND NOT `archive`
			AND `network` IN ('%s','%s','%s')
			$sql_extra2
			ORDER BY `name` ASC ",
			intval(local_user()),
			dbesc(NETWORK_DFRN),
			dbesc(NETWORK_ZOT),
			dbesc(NETWORK_DIASPORA)
		);
	} elseif ($type == 'a') {
		$r = q("SELECT `id`, `name`, `nick`, `micro`, `network`, `url`, `attag`, `forum`, `prv` FROM `contact`
			WHERE `uid` = %d AND `pending` = 0
			$sql_extra2
			ORDER BY `name` ASC ",
			intval(local_user())
		);
	} elseif ($type == 'x') {
		// autocomplete for global contact search (e.g. navbar search)
		$r = navbar_complete($a);
		$contacts = array();
		if ($r) {
			foreach ($r as $g) {
				$contacts[] = array(
					'photo'   => proxy_url($g['photo'], false, PROXY_SIZE_MICRO),
					'name'    => $g['name'],
					'nick'    => (x($g['addr']) ? $g['addr'] : $g['url']),
					'network' => $g['network'],
					'link'    => $g['url'],
					'forum'   => (x($g['community']) ? 1 : 0),
				);
			}
		}
		$o = array(
			'start' => $start,
			'count' => $count,
			'items' => $contacts,
		);
		echo json_encode($o);
		killme();
	} else {
		$r = array();
	}


	if (dbm::is_result($r)) {
		foreach ($r as $g){
			$contacts[] = array(
				'type'    => 'c',
				'photo'   => proxy_url($g['micro'], false, PROXY_SIZE_MICRO),
				'name'    => htmlentities($g['name']),
				'id'      => intval($g['id']),
				'network' => $g['network'],
				'link'    => $g['url'],
				'nick'    => htmlentities(($g['attag']) ? $g['attag'] : $g['nick']),
				'forum'   => ((x($g['forum']) || x($g['prv'])) ? 1 : 0),
			);
		}
	}

	$items = array_merge($groups, $contacts);

	if ($conv_id) {
		/* if $conv_id is set, get unknow contacts in thread */
		/* but first get know contacts url to filter them out */
		function _contact_link($i){ return dbesc($i['link']); }
		$known_contacts = array_map(_contact_link, $contacts);
		$unknow_contacts=array();
		$r = q("SELECT `author-avatar`,`author-name`,`author-link`
				FROM `item` WHERE `parent` = %d
					AND (`author-name` LIKE '%%%s%%' OR `author-link` LIKE '%%%s%%')
					AND `author-link` NOT IN ('%s')
				GROUP BY `author-link`
				ORDER BY `author-name` ASC
				",
				intval($conv_id),
				dbesc($search),
				dbesc($search),
				implode("','", $known_contacts)
		);
		if (dbm::is_result($r)){
			foreach ($r as $row) {
				// nickname..
				$up = parse_url($row['author-link']);
				$nick = explode("/",$up['path']);
				$nick = $nick[count($nick)-1];
				$nick .= "@".$up['host'];
				// /nickname
				$unknow_contacts[] = array(
					'type'    => 'c',
					'photo'   => proxy_url($row['author-avatar'], false, PROXY_SIZE_MICRO),
					'name'    => htmlentities($row['author-name']),
					'id'      => '',
					'network' => 'unknown',
					'link'    => $row['author-link'],
					'nick'    => htmlentities($nick),
					'forum'   => false
				);
			}
		}

		$items = array_merge($items, $unknow_contacts);
		$tot += count($unknow_contacts);
	}

	$results = array(
		'tot'      => $tot,
		'start'    => $start,
		'count'    => $count,
		'groups'   => $groups,
		'contacts' => $contacts,
		'items'    => $items,
		'type'     => $type,
		'search'   => $search,
	);

	call_hooks('acl_lookup_end', $results);

	if($out_type === 'html') {
		$o = array(
			'tot'      => $results['tot'],
			'start'    => $results['start'],
			'count'    => $results['count'],
			'groups'   => $results['groups'],
			'contacts' => $results['contacts'],
		);
		return $o;
	}

	$o = array(
		'tot'   => $results['tot'],
		'start' => $results['start'],
		'count' => $results['count'],
		'items' => $results['items'],
	);

	echo json_encode($o);

	killme();
}
/**
 * @brief Searching for global contacts for autocompletion
 *
 * @param App $a
 * @return array with the search results
 */
function navbar_complete(App $a) {

//	logger('navbar_complete');

	if ((get_config('system','block_public')) && (! local_user()) && (! remote_user())) {
		return;
	}

	// check if searching in the local global contact table is enabled
	$localsearch = get_config('system','poco_local_search');

	$search = $prefix.notags(trim($_REQUEST['search']));
	$mode = $_REQUEST['smode'];

	// don't search if search term has less than 2 characters
	if (! $search || mb_strlen($search) < 2) {
		return array();
	}

	if (substr($search,0,1) === '@') {
		$search = substr($search,1);
	}

	if ($localsearch) {
		$x = DirSearch::global_search_by_name($search, $mode);
		return $x;
	}

	if (! $localsearch) {
		$p = (($a->pager['page'] != 1) ? '&p=' . $a->pager['page'] : '');

		$x = z_fetch_url(get_server().'/lsearch?f=' . $p .  '&search=' . urlencode($search));
		if ($x['success']) {
			$t = 0;
			$j = json_decode($x['body'],true);
			if ($j && $j['results']) {
				return $j['results'];
			}
		}
	}

	/// @TODO Not needed here?
	return;
}