1
1
Fork 0

Fixed some stuff as requested by @Hypolite

Signed-off-by: Roland Häder <roland@mxchange.org>
This commit is contained in:
Roland Häder 2017-06-18 22:10:03 +02:00
parent 4e49939421
commit 470556764b
No known key found for this signature in database
GPG key ID: B72F8185C6C7BD78
2 changed files with 126 additions and 96 deletions

View file

@ -245,7 +245,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
* *
* default permissions - anonymous user * default permissions - anonymous user
*/ */
$sql = " AND allow_cid = '' $sql = " AND allow_cid = ''
AND allow_gid = '' AND allow_gid = ''
AND deny_cid = '' AND deny_cid = ''
@ -258,9 +257,8 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
if (($local_user) && ($local_user == $owner_id)) { if (($local_user) && ($local_user == $owner_id)) {
$sql = ''; $sql = '';
} } elseif ($remote_user) {
/*
/**
* Authenticated visitor. Unless pre-verified, * Authenticated visitor. Unless pre-verified,
* check that the contact belongs to this $owner_id * check that the contact belongs to this $owner_id
* and load the groups the visitor belongs to. * and load the groups the visitor belongs to.
@ -268,8 +266,6 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
* done this and passed the groups into this function. * done this and passed the groups into this function.
*/ */
elseif ($remote_user) {
if (! $remote_verified) { if (! $remote_verified) {
$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1",
intval($remote_user), intval($remote_user),
@ -289,7 +285,9 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
$gs .= '|<' . intval($g) . '>'; $gs .= '|<' . intval($g) . '>';
} }
/*$sql = sprintf( /*
* @TODO old-lost code found?
$sql = sprintf(
" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) " AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' )
AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' )
AND ( allow_gid = '' OR allow_gid REGEXP '%s' ) AND ( allow_gid = '' OR allow_gid REGEXP '%s' )
@ -299,7 +297,8 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
intval($remote_user), intval($remote_user),
dbesc($gs), dbesc($gs),
dbesc($gs) dbesc($gs)
);*/ );
*/
$sql = sprintf( $sql = sprintf(
" AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s') " AND ( NOT (deny_cid REGEXP '<%d>' OR deny_gid REGEXP '%s')
AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') ) AND ( allow_cid REGEXP '<%d>' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )
@ -326,7 +325,6 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
* *
* default permissions - anonymous user * default permissions - anonymous user
*/ */
$sql = " AND `item`.allow_cid = '' $sql = " AND `item`.allow_cid = ''
AND `item`.allow_gid = '' AND `item`.allow_gid = ''
AND `item`.deny_cid = '' AND `item`.deny_cid = ''
@ -337,21 +335,16 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
/** /**
* Profile owner - everything is visible * Profile owner - everything is visible
*/ */
if ($local_user && ($local_user == $owner_id)) { if ($local_user && ($local_user == $owner_id)) {
$sql = ''; $sql = '';
} } elseif ($remote_user) {
/*
/**
* Authenticated visitor. Unless pre-verified, * Authenticated visitor. Unless pre-verified,
* check that the contact belongs to this $owner_id * check that the contact belongs to this $owner_id
* and load the groups the visitor belongs to. * and load the groups the visitor belongs to.
* If pre-verified, the caller is expected to have already * If pre-verified, the caller is expected to have already
* done this and passed the groups into this function. * done this and passed the groups into this function.
*/ */
elseif ($remote_user) {
if (! $remote_verified) { if (! $remote_verified) {
$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1",
intval($remote_user), intval($remote_user),
@ -367,9 +360,10 @@ function item_permissions_sql($owner_id,$remote_verified = false,$groups = null)
$gs = '<<>>'; // should be impossible to match $gs = '<<>>'; // should be impossible to match
if (is_array($groups) && count($groups)) { if (is_array($groups) && count($groups)) {
foreach ($groups as $g) foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>'; $gs .= '|<' . intval($g) . '>';
} }
}
$sql = sprintf( $sql = sprintf(
/*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) /*" AND ( private = 0 OR ( private in (1,2) AND wall = 1 AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' )
@ -419,7 +413,11 @@ function get_form_security_token($typename = '') {
} }
function check_form_security_token($typename = '', $formname = 'form_security_token') { function check_form_security_token($typename = '', $formname = 'form_security_token') {
if (!x($_REQUEST, $formname)) return false; if (!x($_REQUEST, $formname)) {
return false;
}
/// @TODO Careful, not secured!
$hash = $_REQUEST[$formname]; $hash = $_REQUEST[$formname];
$max_livetime = 10800; // 3 hours $max_livetime = 10800; // 3 hours
@ -427,7 +425,9 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
$a = get_app(); $a = get_app();
$x = explode('.', $hash); $x = explode('.', $hash);
if (time() > (IntVal($x[0]) + $max_livetime)) return false; if (time() > (IntVal($x[0]) + $max_livetime)) {
return false;
}
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename); $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);

View file

@ -63,12 +63,14 @@ function poco_load_worker($cid, $uid, $zcid, $url) {
$uid = $r[0]['uid']; $uid = $r[0]['uid'];
} }
} }
if (! $uid) if (! $uid) {
return; return;
} }
}
if (! $url) if (! $url) {
return; return;
}
$url = $url . (($uid) ? '/@me/@all?fields=displayName,urls,photos,updated,network,aboutMe,currentLocation,tags,gender,contactType,generation' : '?fields=displayName,urls,photos,updated,network,aboutMe,currentLocation,tags,gender,contactType,generation') ; $url = $url . (($uid) ? '/@me/@all?fields=displayName,urls,photos,updated,network,aboutMe,currentLocation,tags,gender,contactType,generation' : '?fields=displayName,urls,photos,updated,network,aboutMe,currentLocation,tags,gender,contactType,generation') ;
@ -80,15 +82,17 @@ function poco_load_worker($cid, $uid, $zcid, $url) {
logger('poco_load: return code: ' . $a->get_curl_code(), LOGGER_DEBUG); logger('poco_load: return code: ' . $a->get_curl_code(), LOGGER_DEBUG);
if (($a->get_curl_code() > 299) || (! $s)) if (($a->get_curl_code() > 299) || (! $s)) {
return; return;
}
$j = json_decode($s); $j = json_decode($s);
logger('poco_load: json: ' . print_r($j,true),LOGGER_DATA); logger('poco_load: json: ' . print_r($j,true),LOGGER_DATA);
if (! isset($j->entry)) if (! isset($j->entry)) {
return; return;
}
$total = 0; $total = 0;
foreach ($j->entry as $entry) { foreach ($j->entry as $entry) {
@ -160,8 +164,9 @@ function poco_load_worker($cid, $uid, $zcid, $url) {
} }
} }
if (isset($entry->contactType) && ($entry->contactType >= 0)) if (isset($entry->contactType) && ($entry->contactType >= 0)) {
$contact_type = $entry->contactType; $contact_type = $entry->contactType;
}
$gcontact = array("url" => $profile_url, $gcontact = array("url" => $profile_url,
"name" => $name, "name" => $name,
@ -267,7 +272,7 @@ function sanitize_gcontact($gcontact) {
dbesc(normalise_link($gcontact['url'])) dbesc(normalise_link($gcontact['url']))
); );
if (count($x)) { if (dbm::is_result($x)) {
if (!isset($gcontact['network']) && ($x[0]["network"] != NETWORK_STATUSNET)) { if (!isset($gcontact['network']) && ($x[0]["network"] != NETWORK_STATUSNET)) {
$gcontact['network'] = $x[0]["network"]; $gcontact['network'] = $x[0]["network"];
} }
@ -299,7 +304,7 @@ function sanitize_gcontact($gcontact) {
if ($alternate && ($gcontact['network'] == NETWORK_OSTATUS)) { if ($alternate && ($gcontact['network'] == NETWORK_OSTATUS)) {
// Delete the old entry - if it exists // Delete the old entry - if it exists
$r = q("SELECT `id` FROM `gcontact` WHERE `nurl` = '%s'", dbesc(normalise_link($orig_profile))); $r = q("SELECT `id` FROM `gcontact` WHERE `nurl` = '%s'", dbesc(normalise_link($orig_profile)));
if ($r) { if (dbm::is_result($r)) {
q("DELETE FROM `gcontact` WHERE `nurl` = '%s'", dbesc(normalise_link($orig_profile))); q("DELETE FROM `gcontact` WHERE `nurl` = '%s'", dbesc(normalise_link($orig_profile)));
q("DELETE FROM `glink` WHERE `gcid` = %d", intval($r[0]["id"])); q("DELETE FROM `glink` WHERE `gcid` = %d", intval($r[0]["id"]));
} }
@ -353,6 +358,7 @@ function link_gcontact($gcid, $uid = 0, $cid = 0, $zcid = 0) {
intval($gcid), intval($gcid),
intval($zcid) intval($zcid)
); );
if (!dbm::is_result($r)) { if (!dbm::is_result($r)) {
q("INSERT INTO `glink` (`cid`, `uid`, `gcid`, `zcid`, `updated`) VALUES (%d, %d, %d, %d, '%s') ", q("INSERT INTO `glink` (`cid`, `uid`, `gcid`, `zcid`, `updated`) VALUES (%d, %d, %d, %d, '%s') ",
intval($cid), intval($cid),
@ -696,48 +702,55 @@ function poco_last_updated($profile, $force = false) {
function poco_do_update($created, $updated, $last_failure, $last_contact) { function poco_do_update($created, $updated, $last_failure, $last_contact) {
$now = strtotime(datetime_convert()); $now = strtotime(datetime_convert());
if ($updated > $last_contact) if ($updated > $last_contact) {
$contact_time = strtotime($updated); $contact_time = strtotime($updated);
else } else {
$contact_time = strtotime($last_contact); $contact_time = strtotime($last_contact);
}
$failure_time = strtotime($last_failure); $failure_time = strtotime($last_failure);
$created_time = strtotime($created); $created_time = strtotime($created);
// If there is no "created" time then use the current time // If there is no "created" time then use the current time
if ($created_time <= 0) if ($created_time <= 0) {
$created_time = $now; $created_time = $now;
}
// If the last contact was less than 24 hours then don't update // If the last contact was less than 24 hours then don't update
if (($now - $contact_time) < (60 * 60 * 24)) if (($now - $contact_time) < (60 * 60 * 24)) {
return false; return false;
}
// If the last failure was less than 24 hours then don't update // If the last failure was less than 24 hours then don't update
if (($now - $failure_time) < (60 * 60 * 24)) if (($now - $failure_time) < (60 * 60 * 24)) {
return false; return false;
}
// If the last contact was less than a week ago and the last failure is older than a week then don't update // If the last contact was less than a week ago and the last failure is older than a week then don't update
//if ((($now - $contact_time) < (60 * 60 * 24 * 7)) && ($contact_time > $failure_time)) //if ((($now - $contact_time) < (60 * 60 * 24 * 7)) && ($contact_time > $failure_time))
// return false; // return false;
// If the last contact time was more than a week ago and the contact was created more than a week ago, then only try once a week // If the last contact time was more than a week ago and the contact was created more than a week ago, then only try once a week
if ((($now - $contact_time) > (60 * 60 * 24 * 7)) && (($now - $created_time) > (60 * 60 * 24 * 7)) && (($now - $failure_time) < (60 * 60 * 24 * 7))) if ((($now - $contact_time) > (60 * 60 * 24 * 7)) && (($now - $created_time) > (60 * 60 * 24 * 7)) && (($now - $failure_time) < (60 * 60 * 24 * 7))) {
return false; return false;
}
// If the last contact time was more than a month ago and the contact was created more than a month ago, then only try once a month // If the last contact time was more than a month ago and the contact was created more than a month ago, then only try once a month
if ((($now - $contact_time) > (60 * 60 * 24 * 30)) && (($now - $created_time) > (60 * 60 * 24 * 30)) && (($now - $failure_time) < (60 * 60 * 24 * 30))) if ((($now - $contact_time) > (60 * 60 * 24 * 30)) && (($now - $created_time) > (60 * 60 * 24 * 30)) && (($now - $failure_time) < (60 * 60 * 24 * 30))) {
return false; return false;
}
return true; return true;
} }
function poco_to_boolean($val) { function poco_to_boolean($val) {
if (($val == "true") || ($val == 1)) if (($val == "true") || ($val == 1)) {
return(true); return true;
if (($val == "false") || ($val == 0)) } elseif (($val == "false") || ($val == 0)) {
return(false); return false;
}
return ($val); return $val;
} }
/** /**
@ -928,8 +941,7 @@ function poco_detect_server_type($body) {
$attr[$attribute->name] = $attribute->value; $attr[$attribute->name] = $attribute->value;
} }
} }
if ($attr['property'] == 'generator') { if ($attr['property'] == 'generator' && in_array($attr['content'], array("hubzilla", "BlaBlaNet"))) {
if (in_array($attr['content'], array("hubzilla", "BlaBlaNet"))) {
$server = array(); $server = array();
$server["platform"] = $attr['content']; $server["platform"] = $attr['content'];
$server["version"] = ""; $server["version"] = "";
@ -937,7 +949,6 @@ function poco_detect_server_type($body) {
} }
} }
} }
}
if (!$server) { if (!$server) {
return false; return false;
@ -953,8 +964,9 @@ function poco_check_server($server_url, $network = "", $force = false) {
$server_url = trim($server_url, "/"); $server_url = trim($server_url, "/");
$server_url = str_replace("/index.php", "", $server_url); $server_url = str_replace("/index.php", "", $server_url);
if ($server_url == "") if ($server_url == "") {
return false; return false;
}
$servers = q("SELECT * FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url))); $servers = q("SELECT * FROM `gserver` WHERE `nurl` = '%s'", dbesc(normalise_link($server_url)));
if (dbm::is_result($servers)) { if (dbm::is_result($servers)) {
@ -966,8 +978,9 @@ function poco_check_server($server_url, $network = "", $force = false) {
$poco = $servers[0]["poco"]; $poco = $servers[0]["poco"];
$noscrape = $servers[0]["noscrape"]; $noscrape = $servers[0]["noscrape"];
if ($network == "") if ($network == "") {
$network = $servers[0]["network"]; $network = $servers[0]["network"];
}
$last_contact = $servers[0]["last_contact"]; $last_contact = $servers[0]["last_contact"];
$last_failure = $servers[0]["last_failure"]; $last_failure = $servers[0]["last_failure"];
@ -1370,8 +1383,9 @@ function count_common_friends($uid,$cid) {
); );
// logger("count_common_friends: $uid $cid {$r[0]['total']}"); // logger("count_common_friends: $uid $cid {$r[0]['total']}");
if (dbm::is_result($r)) if (dbm::is_result($r)) {
return $r[0]['total']; return $r[0]['total'];
}
return 0; return 0;
} }
@ -1418,18 +1432,20 @@ function count_common_friends_zcid($uid,$zcid) {
intval($uid) intval($uid)
); );
if (dbm::is_result($r)) if (dbm::is_result($r)) {
return $r[0]['total']; return $r[0]['total'];
}
return 0; return 0;
} }
function common_friends_zcid($uid, $zcid, $start = 0, $limit = 9999, $shuffle = false) { function common_friends_zcid($uid, $zcid, $start = 0, $limit = 9999, $shuffle = false) {
if ($shuffle) if ($shuffle) {
$sql_extra = " order by rand() "; $sql_extra = " order by rand() ";
else } else {
$sql_extra = " order by `gcontact`.`name` asc "; $sql_extra = " order by `gcontact`.`name` asc ";
}
$r = q("SELECT `gcontact`.* $r = q("SELECT `gcontact`.*
FROM `glink` INNER JOIN `gcontact` on `glink`.`gcid` = `gcontact`.`id` FROM `glink` INNER JOIN `gcontact` on `glink`.`gcid` = `gcontact`.`id`
@ -1494,8 +1510,10 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
return array(); return array();
} }
// Uncommented because the result of the queries are to big to store it in the cache. /*
// We need to decide if we want to change the db column type or if we want to delete it. * Uncommented because the result of the queries are to big to store it in the cache.
* We need to decide if we want to change the db column type or if we want to delete it.
*/
//$list = Cache::get("suggestion_query:".$uid.":".$start.":".$limit); //$list = Cache::get("suggestion_query:".$uid.":".$start.":".$limit);
//if (!is_null($list)) { //if (!is_null($list)) {
// return $list; // return $list;
@ -1536,8 +1554,10 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
); );
if (dbm::is_result($r) && count($r) >= ($limit -1)) { if (dbm::is_result($r) && count($r) >= ($limit -1)) {
// Uncommented because the result of the queries are to big to store it in the cache. /*
// We need to decide if we want to change the db column type or if we want to delete it. * Uncommented because the result of the queries are to big to store it in the cache.
* We need to decide if we want to change the db column type or if we want to delete it.
*/
//Cache::set("suggestion_query:".$uid.":".$start.":".$limit, $r, CACHE_FIVE_MINUTES); //Cache::set("suggestion_query:".$uid.":".$start.":".$limit, $r, CACHE_FIVE_MINUTES);
return $r; return $r;
@ -1574,8 +1594,10 @@ function suggestion_query($uid, $start = 0, $limit = 80) {
array_pop($list); array_pop($list);
} }
// Uncommented because the result of the queries are to big to store it in the cache. /*
// We need to decide if we want to change the db column type or if we want to delete it. * Uncommented because the result of the queries are to big to store it in the cache.
* We need to decide if we want to change the db column type or if we want to delete it.
*/
//Cache::set("suggestion_query:".$uid.":".$start.":".$limit, $list, CACHE_FIVE_MINUTES); //Cache::set("suggestion_query:".$uid.":".$start.":".$limit, $list, CACHE_FIVE_MINUTES);
return $list; return $list;
} }
@ -2273,10 +2295,11 @@ function update_gcontact_for_user($uid) {
"country-name" => $r[0]["country-name"])); "country-name" => $r[0]["country-name"]));
// The "addr" field was added in 3.4.3 so it can be empty for older users // The "addr" field was added in 3.4.3 so it can be empty for older users
if ($r[0]["addr"] != "") if ($r[0]["addr"] != "") {
$addr = $r[0]["nickname"].'@'.str_replace(array("http://", "https://"), "", App::get_baseurl()); $addr = $r[0]["nickname"].'@'.str_replace(array("http://", "https://"), "", App::get_baseurl());
else } else {
$addr = $r[0]["addr"]; $addr = $r[0]["addr"];
}
$gcontact = array("name" => $r[0]["name"], "location" => $location, "about" => $r[0]["about"], $gcontact = array("name" => $r[0]["name"], "location" => $location, "about" => $r[0]["about"],
"gender" => $r[0]["gender"], "keywords" => $r[0]["pub_keywords"], "gender" => $r[0]["gender"], "keywords" => $r[0]["pub_keywords"],
@ -2304,25 +2327,29 @@ function gs_fetch_users($server) {
$url = $server."/main/statistics"; $url = $server."/main/statistics";
$result = z_fetch_url($url); $result = z_fetch_url($url);
if (!$result["success"]) if (!$result["success"]) {
return false; return false;
}
$statistics = json_decode($result["body"]); $statistics = json_decode($result["body"]);
if (is_object($statistics->config)) { if (is_object($statistics->config)) {
if ($statistics->config->instance_with_ssl) if ($statistics->config->instance_with_ssl) {
$server = "https://"; $server = "https://";
else } else {
$server = "http://"; $server = "http://";
}
$server .= $statistics->config->instance_address; $server .= $statistics->config->instance_address;
$hostname = $statistics->config->instance_address; $hostname = $statistics->config->instance_address;
} else { } else {
if ($statistics->instance_with_ssl) /// @TODO is_object() above means here no object, still $statistics is being used as object
if ($statistics->instance_with_ssl) {
$server = "https://"; $server = "https://";
else } else {
$server = "http://"; $server = "http://";
}
$server .= $statistics->instance_address; $server .= $statistics->instance_address;
@ -2343,6 +2370,7 @@ function gs_fetch_users($server) {
get_gcontact_id($contact); get_gcontact_id($contact);
} }
} }
}
/** /**
* @brief Asking GNU Social server on a regular base for their user data * @brief Asking GNU Social server on a regular base for their user data
@ -2357,8 +2385,9 @@ function gs_discover() {
$r = q("SELECT `nurl`, `url` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `network` = '%s' AND `last_poco_query` < '%s' ORDER BY RAND() LIMIT 5", $r = q("SELECT `nurl`, `url` FROM `gserver` WHERE `last_contact` >= `last_failure` AND `network` = '%s' AND `last_poco_query` < '%s' ORDER BY RAND() LIMIT 5",
dbesc(NETWORK_OSTATUS), dbesc($last_update)); dbesc(NETWORK_OSTATUS), dbesc($last_update));
if (!$r) if (!dbm::is_result($r)) {
return; return;
}
foreach ($r AS $server) { foreach ($r AS $server) {
gs_fetch_users($server["url"]); gs_fetch_users($server["url"]);
@ -2379,5 +2408,6 @@ function poco_serverlist() {
if (!dbm::is_result($r)) { if (!dbm::is_result($r)) {
return false; return false;
} }
return $r; return $r;
} }