bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Initial checkin

Browse source
This commit is contained in:
Mike Macgirvin 2010-07-01 16:48:07 -07:00
commit 6348e70daa
393 changed files with 59765 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

116
mod/contacts.php Normal file
View file

@ -0,0 +1,116 @@
<?php
function edit_contact(&$a,$contact_id) {
}
function contacts_post(&$a) {
if(($a->argc != 3) || (! local_user()))
return;
$contact_id = intval($a->argv[1]);
if(! $contact_id)
return;
$cmd = $a->argv[2];
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid'])
);
if(! count($r))
return;
$photo = str_replace('-4.jpg', '' , $r[0]['photo']);
$photos = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d",
dbesc($photo),
intval($_SESSION['uid'])
);
switch($cmd) {
case 'edit':
edit_contact($a,$contact_id);
break;
case 'block':
$r = q("UPDATE `contact` SET `blocked` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid'])
);
if($r)
$_SESSION['sysmsg'] .= "Contact has been blocked." . EOL;
break;
case 'drop':
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid']));
if(count($photos)) {
foreach($photos as $p) {
q("DELETE FROM `photos` WHERE `id` = %d LIMIT 1",
$p['id']);
}
}
if($intval($contact_id))
q("DELETE * FROM `item` WHERE `contact-id` = %d ",
intval($contact_id)
);
break;
default:
return;
break;
}
}
function contacts_content(&$a) {
if(! local_user()) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if(($a->argc2 == 2) && ($a->argv[1] == 'all'))
$sql_extra = '';
else
$sql_extra = " AND `blocked` = 0 ";
$tpl = file_get_contents("view/contacts-top.tpl");
$o .= replace_macros($tpl,array(
'$hide_url' => ((strlen($sql_extra)) ? 'contacts/all' : 'contacts' ),
'$hide_text' => ((strlen($sql_extra)) ? 'Show Blocked Connections' : 'Hide Blocked Connections')
));
$r = q("SELECT * FROM `contact` WHERE `uid` = %d",
intval($_SESSION['uid']));
if(count($r)) {
$tpl = file_get_contents("view/contact_template.tpl");
foreach($r as $rr) {
if($rr['self'])
continue;
$o .= replace_macros($tpl, array(
'$id' => $rr['id'],
'$thumb' => $rr['thumb'],
'$name' => $rr['name'],
'$url' => $rr['url']
));
}
}
return $o;
}

374
mod/dfrn_confirm.php Normal file
View file

@ -0,0 +1,374 @@
<?php
function dfrn_confirm_post(&$a) {
if($a->argc > 1)
$node = $a->argv[1];
if(x($_POST,'source_url')) {
// We are processing an external confirmation to an introduction created by our user.
$public_key = $_POST['public_key'];
$dfrn_id = $_POST['dfrn_id'];
$source_url = $_POST['source_url'];
$aes_key = $_POST['aes_key'];
if(intval($node))
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($node));
else
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1",
dbesc($node));
if(! count($r)) {
xml_status(3); // failure
}
$my_prvkey = $r[0]['prvkey'];
$local_uid = $r[0]['uid'];
$decrypted_source_url = "";
openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
$ret = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
dbesc($decrypted_source_url),
intval($local_uid));
if(! count($ret)) {
// this is either a bogus confirmation or we deleted the original introduction.
xml_status(3);
}
// Decrypt all this stuff we just received
$foreign_pubkey = $ret[0]['site-pubkey'];
$dfrn_record = $ret[0]['id'];
$decrypted_dfrn_id = "";
openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
if(strlen($aes_key)) {
$decrypted_aes_key = "";
openssl_private_decrypt($aes_key,$decrypted_aes_key,$my_prvkey);
$dfrn_pubkey = openssl_decrypt($public_key,'AES-256-CBC',$decrypted_aes_key);
}
else {
$dfrn_pubkey = $public_key;
}
$r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
dbesc($decrypted_dfrn_id),
intval($local_uid));
if(count($r))
xml_status(1); // Birthday paradox - duplicate dfrn-id
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
dbesc($decrypted_dfrn_id),
dbesc($dfrn_pubkey),
intval($dfrn_record));
if($r) {
// We're good but now we have to scrape the profile photo and send notifications.
require_once("Photo.php");
$photo_failure = false;
$r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
intval($dfrn_record));
if(count($r)) {
$filename = basename($r[0]['photo']);
$img_str = fetch_url($r[0]['photo'],true);
$img = new Photo($img_str);
if($img) {
$img->scaleImageSquare(175);
$hash = hash('md5',uniqid(mt_rand(),true));
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
intval($local_uid),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($r[0]['photo'])),
intval($img->getHeight()),
intval($img->getWidth()),
dbesc($img->imageString())
);
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
intval($local_uid),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($r[0]['photo'])),
intval($img->getHeight()),
intval($img->getWidth()),
dbesc($img->imageString())
);
if($r === false)
$photo_failure = true;
$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
}
else
$photo_failure = true;
}
else
$photo_failure = true;
if($photo_failure) {
$photo = $a->get_baseurl() . '/images/default-profile.jpg';
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0 WHERE `id` = %d LIMIT 1",
dbesc($photo),
dbesc($thumb),
intval($dfrn_record)
);
if($r === false)
$_SESSION['sysmsg'] .= "Unable to set contact photo info." . EOL;
// Otherwise everything seems to have worked and we are almost done. Yay!
// Send an email notification
$r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`id` = %d LIMIT 1",
intval($dfrn_record));
$tpl = file_get_contents('view/intro_complete_eml.tpl');
$email_tpl = replace_macros($tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $r[0]['username'],
'$email' => $r[0]['email'],
'$fn' => $r[0]['name'],
'$dfrn_url' => $r[0]['url'],
'$uid' => $newuid ));
$res = mail($r[0]['email'],"Introduction accepted at {$a->config['sitename']}",
$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
if(!$res) {
$_SESSION['sysmsg'] .= "Email notification failed." . EOL;
}
xml_status(0); // Success
return; // NOTREACHED
}
else
xml_status(2); // Hopefully temporary problem that can be retried.
return; // NOTREACHED
////////////////////// End of this scenario ///////////////////////////////////////////////
}
else {
// We are processing a local confirmation initiated on this system by our user to an external introduction.
$uid = $_SESSION['uid'];
if(! $uid) {
$_SESSION['sysmsg'] = 'Unauthorised.';
return;
}
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($dfrn_id),
intval($uid)
);
if((! $r) || (! count($r))) {
$_SESSION['sysmsg'] = 'Node does not exist.' . EOL ;
return;
}
$contact_id = $r[0]['id'];
$site_pubkey = $r[0]['site-pubkey'];
$dfrn_confirm = $r[0]['confirm'];
$aes_allow = $r[0]['aes_allow'];
$res=openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
'encrypt_key' => false ));
$private_key = '';
openssl_pkey_export($res, $private_key);
$pubkey = openssl_pkey_get_details($res);
$public_key = $pubkey["key"];
$r = q("UPDATE `contact` SET `pubkey` = '%s', `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($public_key),
dbesc($private_key),
intval($contact_id),
intval($uid)
);
$params = array();
$src_aes_key = random_string();
$result = "";
openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
$params['dfrn_id'] = $result;
$params['public_key'] = $public_key;
openssl_public_encrypt($_SESSION['my_url'], $params['source_url'], $site_pubkey);
if($aes_allow && function_exists('openssl_encrypt')) {
openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
$params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key);
}
$res = post_url($dfrn_confirm,$params);
// uncomment the following two lines and comment the following xml/status lines
// to debug the remote confirmation section (when both confirmations
// and responses originate on this system)
// echo $res;
// $status = 0;
$xml = simplexml_load_string($res);
$status = (int) $xml->status;
switch($status) {
case 0:
$_SESSION['sysmsg'] .= "Confirmation completed successfully" . EOL;
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($new_dfrn_id),
intval($contact_id),
intval($uid)
);
case 2:
$_SESSION['sysmsg'] .= "Temporary failure. Please wait and try again." . EOL;
break;
case 3:
$_SESSION['sysmsg'] .= "Introduction failed or was revoked. Cannot complete." . EOL;
break;
}
if(($status == 0 || $status == 3) && ($intro_id)) {
//delete the notification
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($intro_id),
intval($uid)
);
}
if($status != 0)
return;
require_once("Photo.php");
$photo_failure = false;
$r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
intval($contact_id));
if(count($r)) {
$filename = basename($r[0]['photo']);
$img_str = fetch_url($r[0]['photo'],true);
$img = new Photo($img_str);
if($img) {
$img->scaleImageSquare(175);
$hash = hash('md5',uniqid(mt_rand(),true));
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
intval($local_uid),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($r[0]['photo'])),
intval($img->getHeight()),
intval($img->getWidth()),
dbesc($img->imageString())
);
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
intval($local_uid),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($r[0]['photo'])),
intval($img->getHeight()),
intval($img->getWidth()),
dbesc($img->imageString())
);
if($r === false)
$photo_failure = true;
$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
}
else
$photo_failure = true;
}
else
$photo_failure = true;
if($photo_failure) {
$photo = $a->get_baseurl() . '/images/default-profile.jpg';
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `blocked` = 0 WHERE `id` = %d LIMIT 1",
dbesc($photo),
dbesc($thumb),
intval($contact_id)
);
if($r === false)
$_SESSION['sysmsg'] .= "Unable to set contact photo info." . EOL;
}
return;
}

58
mod/dfrn_poll.php Normal file
View file

@ -0,0 +1,58 @@
<?php
function dfrn_poll_init(&$a) {
if(x($_GET,'dfrn_id'))
$dfrn_id = $a->config['dfrn_poll_dfrn_id'] = $_GET['dfrn_id'];
if(x($_GET,'type'))
$type = $a->config['dfrn_poll_type'] = $_GET['type'];
if(x($_GET,'last_update'))
$last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
if(! x($dfrn_id))
return;
if((x($type)) && ($type == 'profile')) {
$r = q("SELECT `contact`.*, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `issued-id` = '%s' LIMIT 1",
dbesc($dfrn_id));
if(count($r)) {
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&type=profile-check');
if(strlen($s)) {
$xml = simplexml_load_string($s);
if((int) $xml->status == 1) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['sysmsg'] .= "Hi {$r[0]['name']}" . EOL;
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1",
dbesc($expire),
dbesc($session_id));
}
}
$profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
goaway($a->get_baseurl() . "/profile/$profile");
}
goaway($a->get_baseurl());
}
if((x($type)) && ($type == 'profile-check')) {
q("DELETE FROM `expire` WHERE `expire` < " . time());
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
if(count($r))
xml_status(1);
xml_status(0);
return; // NOTREACHED
}
}

290
mod/dfrn_request.php Normal file
View file

@ -0,0 +1,290 @@
<?php
if(! function_exists('dfrn_request_init')) {
function dfrn_request_init(&$a) {
if($_SESSION['authenticated']) {
// choose which page to show (could be remote auth)
}
if($a->argc > 1)
$which = $a->argv[1];
require_once('mod/profile.php');
profile_init($a,$which);
return;
}}
if(! function_exists('dfrn_request_post')) {
function dfrn_request_post(&$a) {
if(($a->argc != 2) || (! count($a->profile)))
return;
if($_POST['cancel']) {
goaway($a->get_baseurl());
}
// callback to local site after remote request and local confirm
if((x($_POST,'localconfirm')) && ($_POST['localconfirm'] == 1)
&& (x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))
&& ($_SESSION['uid'] == $a->argv[1]) && (x($_POST,'dfrn_url'))) {
$dfrn_url = notags(trim($_POST['dfrn_url']));
$aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
$confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
$failed = false;
require_once('Scrape.php');
if(x($dfrn_url)) {
$parms = scrape_dfrn($dfrn_url);
if(! count($parms)) {
$_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ;
$failed = true;
}
else {
if(! x($parms,'fn'))
$_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ;
if(! x($parms,'photo'))
$_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ;
$invalid = validate_dfrn($parms);
if($invalid) {
echo $invalid . ' required DFRN parameter'
. (($invalid == 1) ? " was " : "s were " )
. "not found at the given URL" . '<br />';
$failed = true;
}
}
}
if(! $failed) {
$dfrn_request = $parms['dfrn-request'];
/////////////////////////
dbesc_array($parms);
////////////////////////
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `aes_allow`)
VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)",
intval($_SESSION['uid']),
datetime_convert(),
dbesc($dfrn_url),
$parms['fn'],
$parms['photo'],
$parms['key'],
$parms['dfrn-request'],
$parms['dfrn-confirm'],
$parms['dfrn-notify'],
$parms['dfrn-poll'],
intval($aes_allow)
);
if($r === false)
$_SESSION['sysmsg'] .= "Failed to create contact." . EOL;
else
$_SESSION['sysmsg'] .= "Introduction complete.";
// Allow the blocked remote notification to complete
if(strlen($dfrn_request) && strlen($confirm_key))
$s = fetch_url($dfrn_request . '?confirm_key=' . $confirm_key);
goaway($dfrn_url);
}
}
// we are operating as a remote site and an introduction was requested of us.
// Scrape the originating DFRN-URL for everything we need. Create a contact record
// and an introduction to show our user next time he/she logs in.
// Finally redirect back to the originator so that their site can record the request.
// If our user confirms the request, a record of it will need to exist on the
// originator's site in order for the confirmation process to complete..
if($a->profile['nickname'])
$tailname = $a->profile['nickname'];
else
$tailname = $a->profile['uid'];
$uid = $a->profile['uid'];
$failed = false;
require_once('Scrape.php');
if( x($_POST,'dfrn_url')) {
$url = trim($_POST['dfrn_url']);
if(x($url)) {
$parms = scrape_dfrn($url);
if(! count($parms)) {
$_SESSION['sysmsg'] .= 'URL is not valid or does not contain profile information.' . EOL ;
$failed = true;
}
else {
if(! x($parms,'fn'))
$_SESSION['sysmsg'] .= 'Warning: DFRN profile has no identifiable owner name.' . EOL ;
if(! x($parms,'photo'))
$_SESSION['sysmsg'] .= 'Warning: DFRN profile has no profile photo.' . EOL ;
$invalid = validate_dfrn($parms);
if($invalid) {
echo $invalid . ' required DFRN parameter'
. (($invalid == 1) ? " was " : "s were " )
. "not found at the given URL" . '<br />';
$failed = true;
}
}
}
$ret = q("SELECT `url` FROM `contact` WHERE `url` = '%s'", dbesc($url));
if($ret !== false && count($ret)) {
$_SESSION['sysmsg'] .= 'You have already introduced yourself here.' . EOL;
$failed = true;
}
if(! $failed) {
$parms['url'] = $url;
$parms['issued-id'] = random_string();
/////////////////////////
dbesc_array($parms);
////////////////////////
$ret = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `name`, `issued-id`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `visible` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
intval($uid),
datetime_convert(),
$parms['url'],
$parms['fn'],
$parms['issued-id'],
$parms['photo'],
$parms['key'],
$parms['dfrn-request'],
$parms['dfrn-confirm'],
$parms['dfrn-notify'],
$parms['dfrn-poll'],
((x($_POST,'visible')) ? 1 : 0 )
);
}
if($ret === false) {
$_SESSION['sysmsg'] .= 'Failed to create contact record.' . EOL;
return;
}
$ret = q("SELECT `id` FROM `contact`
WHERE `uid` = '%s' AND `url` = '%s' AND `issued-id` = '%s'
LIMIT 1",
intval($uid),
$parms['url'],
$parms['issued-id']
);
if(($ret !== NULL) && (count($ret)))
$contact_id = $ret[0]['id'];
$hash = random_string() . (string) time(); // Generate a confirm_key
if($contact_id) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )",
intval($uid),
intval($contact_id),
((x($_POST,'knowyou') && ($_POST['knowyou'] == 1)) ? 1 : 0),
dbesc(trim($_POST['dfrn-request-message'])),
dbesc($hash),
dbesc(datetime_convert())
);
}
// TODO: send an email notification if our user wants one
if(! $failed)
$_SESSION['sysmsg'] .= "Your introduction has been sent." . EOL;
// "Homecoming" - send the requestor back to their site to record the introduction.
$dfrn_url = bin2hex($a->get_baseurl() . "/profile/$tailname");
$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : ""));
}
}}
if(! function_exists('dfrn_request_content')) {
function dfrn_request_content(&$a) {
if(($a->argc != 2) || (! count($a->profile)))
return "";
$a->page['template'] = 'profile';
// "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
// to send us to the post section to record the introduction.
if(x($_GET,'dfrn_url')) {
if(! x($_SESSION,'authenticated')) {
$_SESSION['sysmsg'] .= "Please login to confirm introduction." . EOL;
return login();
}
// Edge case, but can easily happen in the wild. This person is authenticated,
// but not as the person who needs to deal with this request.
if (($_SESSION['uid'] != $a->argv[1]) && ($a->user['nickname'] != $a->argv[1])) {
$_SESSION['sysmsg'] .= "Incorrect identity currently logged in. Please login to <strong>this</strong> profile." . EOL;
return login();
}
$dfrn_url = notags(trim(pack("H*" , $_GET['dfrn_url'])));
$aes_allow = (((x($_GET,'aes_allow')) && ($_GET['aes_allow'] == 1)) ? 1 : 0);
$confirm_key = (x($_GET,'confirm_key') ? $_GET['confirm_key'] : "");
$o .= file_get_contents("view/dfrn_req_confirm.tpl");
$o = replace_macros($o,array(
'$dfrn_url' => $dfrn_url,
'$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
'$confirm_key' => $confirm_key,
'$username' => $a->user['username'],
'$uid' => $_SESSION['uid'],
'dfrn_rawurl' => $_GET['dfrn_url']
));
return $o;
}
else {
// safe to send our user their introduction
if((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) {
$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
dbesc($_GET['confirm_key'])
);
return;
}
// Outside request. Display our user's introduction form.
$o = file_get_contents("view/dfrn_request.tpl");
$o = replace_macros($o,array('$uid' => $a->profile['uid']));
return $o;
}
}}

24
mod/home.php Normal file
View file

@ -0,0 +1,24 @@
<?php
if(! function_exists('home_init')) {
function home_init(&$a) {
if(x($_SESSION,'authenticated') && (x($_SESSION,'uid'))) {
if($a->user['nickname'])
goaway( $a->get_baseurl() . "/profile/" . $a->user['nickname'] );
else
goaway( $a->get_baseurl() . "/profile/" . $_SESSION['uid'] );
}
}}
if(! function_exists('home_content')) {
function home_content(&$a) {
$a->page['footer'] .= "<div class=\"powered\" >Powered by <a href=\"http://dfrn.org\" name=\"DFRN.org\" >DFRN</a></div>";
$o .= '<h1>Welcome' . ((x($a->config,'sitename')) ? " to {$a->config['sitename']}" : "" ) . '</h1>';
$o .= login(1);
return $o;
}}

68
mod/item.php Normal file
View file

@ -0,0 +1,68 @@
<?php
function item_post(&$a) {
if((! local_user()) && (! remote_user()))
return;
require_once('include/security.php');
$uid = $_SESSION['uid'];
$parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);
$profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);
if(! can_write_wall($a,$profile_uid)) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id'])))
$contact_id = $_SESSION['visitor_id'];
else {
$r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid']));
if(count($r))
$contact_id = $r[0]['id'];
if($_POST['type'] == 'jot') {
do {
$dups = false;
$hash = random_string();
$r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' LIMIT 1",
dbesc($hash));
if(count($r))
$dups = true;
} while($dups == true);
$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`created`,`edited`,`hash`,`body`)
VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s' )",
intval($profile_uid),
"jot",
intval($contact_id),
datetime_convert(),
datetime_convert(),
dbesc($hash),
dbesc(escape_tags(trim($_POST['body'])))
);
$r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' LIMIT 1",
dbesc($hash));
if(count($r)) {
$post_id = $r[0]['id'];
if(! $parent)
$parent = $post_id;
$r = q("UPDATE `item` SET `parent` = %d, `visible` = 1
WHERE `id` = %d LIMIT 1",
intval($parent),
intval($post_id));
}
}
goaway($a->get_baseurl() . "/profile/$uid");
}

8
mod/login.php Normal file
View file

@ -0,0 +1,8 @@
<?php
function login_content(&$a) {
// return login($a->config['register_enabled']);
return login(1);
}

98
mod/notifications.php Normal file
View file

@ -0,0 +1,98 @@
<?php
function notifications_post(&$a) {
if((! x($_SESSION,'authenticated')) || (! (x($_SESSION,'uid')))) {
goaway($a->get_baseurl());
}
$request_id = (($a->argc > 1) ? $a->argv[0] : 0);
if($request_id == "all")
return;
if($request_id) {
$r = q("SELECT `id` FROM `intro`
WHERE `request-id` = %d
AND `uid` = %d LIMIT 1",
intval($request_id),
intval($_SESSION['uid'])
);
if(count($r)) {
$intro_id = $r[0]['id'];
}
else {
$_SESSION['sysmsg'] .= "Invalid request identifier." . EOL;
return;
}
if($_POST['submit'] == 'Discard') {
$r = q("DELETE `intro` WHERE `id` = %d LIMIT 1", intval($intro_id));
$r = q("DELETE `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($request_id),
intval($_SESSION['uid']));
return;
}
if($_POST['submit'] == 'Ignore') {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1",
intval($intro_id));
return;
}
}
}
function notifications_content(&$a) {
$o = '';
if((! x($_SESSION,'authenticated')) || (! (x($_SESSION,'uid')))) {
goaway($a->get_baseurl());
}
if(($a->argc > 1) && ($a->argv[1] == 'all'))
$sql_extra = '';
else
$sql_extra = " AND `ignore` = 0 ";
$tpl = file_get_contents('view/intros-top.tpl');
$o .= replace_macros($tpl,array(
'$hide_url' => ((strlen($sql_extra)) ? 'notifications/all' : 'notifications' ),
'$hide_text' => ((strlen($sql_extra)) ? 'Show Ignored Requests' : 'Hide Ignored Requests')
));
dbg(2);
$r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.*
FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`
WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ",
intval($_SESSION['uid']));
dbg(0);
if(($r !== false) && (count($r))) {
$tpl = file_get_contents("view/intros.tpl");
foreach($r as $rr) {
$o .= replace_macros($tpl,array(
'$intro_id' => $rr['intro-id'],
'$dfrn-id' => $rr['issued-id'],
'$uid' => $_SESSION['uid'],
'$contact-id' => $rr['contact-id'],
'$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"),
'$fullname' => $rr['name'],
'$knowyou' => (($rr['knowyou']) ? 'yes' : 'no'),
'$url' => $rr['url'],
'$note' => $rr['note']
));
}
}
else
$_SESSION['sysmsg'] .= "No notifications." . EOL;
return $o;
}

25
mod/photo.php Normal file
View file

@ -0,0 +1,25 @@
<?php
function photo_init(&$a) {
if($a->argc != 2) {
killme();
}
$resolution = 0;
$photo = $a->argv[1];
$photo = str_replace('.jpg','',$photo);
if(substr($photo,-2,1) == '-') {
$resolution = intval(substr($photo,-1,1));
$photo = substr($photo,0,-2);
}
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s'
AND `scale` = %d LIMIT 1",
dbesc($photo),
intval($resolution));
if($r === NULL || (! count($r))) {
killme();
}
header("Content-type: image/jpeg");
echo $r[0]['data'];
}

136
mod/profile.php Normal file
View file

@ -0,0 +1,136 @@
<?php
if(! function_exists('profile_load')) {
function profile_load(&$a,$uid,$profile = 0) {
$sql_extra = (($uid) && (intval($uid))
? " WHERE `user`.`uid` = " . intval($uid)
: " WHERE `user`.`nickname` = '" . dbesc($uid) . "' " );
if(remote_user()) {
$r = q("SELECT `profile-id` FROM `contact` WHERE `id` = %d LIMIT 1",
intval($_SESSION['visitor_id']));
if(count($r))
$profile = $r[0]['profile-id'];
}
if($profile) {
$profile_int = intval($profile);
$sql_which = " AND `profile`.`id` = $profile_int ";
}
else
$sql_which = " AND `profile`.`is-default` = 1 ";
$r = q("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `user`.* FROM `profile`
LEFT JOIN `user` ON `profile`.`uid` = `user`.`uid`
$sql_extra $sql_which LIMIT 1"
);
if(($r === false) || (! count($r))) {
$_SESSION['sysmsg'] .= "No profile" . EOL ;
$a->error = 404;
return;
}
$a->profile = $r[0];
$a->page['template'] = 'profile';
$a->page['title'] = $a->profile['name'];
return;
}}
function profile_init(&$a) {
if($_SESSION['authenticated']) {
// choose which page to show (could be remote auth)
}
if($a->argc > 1)
$which = $a->argv[1];
else {
$_SESSION['sysmsg'] .= "No profile" . EOL ;
$a->error = 404;
return;
}
profile_load($a,$which);
$dfrn_pages = array('request', 'confirm', 'notify', 'poll');
foreach($dfrn_pages as $dfrn)
$a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"".$a->get_baseurl()."/dfrn_{$dfrn}/{$which}\" />\r\n";
}
function item_display($item,$template) {
$o .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $item['url'],
'$name' => $item['name'],
'$thumb' => $item['thumb'],
'$body' => bbcode($item['body']),
'$ago' => relative_date($item['created'])
));
return $o;
}
function profile_content(&$a) {
require_once("include/bbcode.php");
require_once('include/security.php');
// $tpl = file_get_contents('view/profile_tabs.tpl');
if(can_write_wall($a,$a->profile['profile_uid'])) {
$tpl = file_get_contents('view/jot-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
$tpl = file_get_contents("view/jot.tpl");
$o .= replace_macros($tpl,array(
'$baseurl' => $a->get_baseurl(),
'$profile_uid' => $a->profile['profile_uid']
));
}
if($a->profile['is-default']) {
// TODO left join with contact which will carry names and photos. (done)Store local users in contact as well as user.(done)
// Alter registration and settings
// and profile to update contact table when names and photos change.
// work on item_display and can_write_wall
// Add comments.
$r = q("SELECT `item`.*, `contact`.`name`, `contact`.`photo`, `contact`.`thumb`, `contact`.`id` AS `cid`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
WHERE `item`.`uid` = %d AND `item`.`visible` = 1
AND `contact`.`blocked` = 0
AND `allow_uid` = '' AND `allow_gid` = '' AND `deny_uid` = '' AND `deny_gid` = ''
GROUP BY `item`.`parent`, `item`.`id`
ORDER BY `created` DESC LIMIT 0,30 ",
intval($a->profile['uid'])
);
$tpl = file_get_contents('view/wall_item.tpl');
if(count($r)) {
foreach($r as $rr) {
$o .= item_display($rr,$tpl);
}
}
}
return $o;
}

227
mod/profile_photo.php Normal file
View file

@ -0,0 +1,227 @@
<?php
require_once("Photo.php");
function profile_photo_init(&$a) {
if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
$a->error = 404;
return;
}
require_once("mod/profile.php");
profile_load($a,$_SESSION['uid']);
}
function profile_photo_post(&$a) {
if((! x($_SESSION,'authenticated')) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if($a->argc > 1)
$profile_id = intval($a->argv[1]);
if(x($_POST,'xstart') !== false) {
// phase 2 - we have finished cropping
if($a->argc != 3) {
$_SESSION['sysmsg'] .= "Image uploaded but image cropping failed." . EOL;
return;
}
$image_id = $a->argv[2];
if(substr($image_id,-2,1) == '-') {
$scale = substr($image_id,-1,1);
$image_id = substr($image_id,0,-2);
}
$srcX = $_POST['xstart'];
$srcY = $_POST['ystart'];
$srcW = $_POST['xfinal'] - $srcX;
$srcH = $_POST['yfinal'] - $srcY;
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
dbesc($image_id),
intval($scale));
if($r !== NULL && (count($r))) {
$im = new Photo($r[0]['data']);
$im->cropImage(175,$srcX,$srcY,$srcW,$srcH);
$s = $im->imageString();
$x = $im->getWidth();
$y = $im->getHeight();
$ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 4 )",
intval($_SESSION['uid']),
dbesc($r[0]['resource-id']),
datetime_convert(),
datetime_convert(),
dbesc($r[0]['filename']),
intval($y),
intval($x),
dbesc($s));
if($r === NULL)
$_SESSION['sysmsg'] .= "Image size reduction (175) failed." . EOL;
$im->scaleImage(80);
$s = $im->imageString();
$x = $im->getWidth();
$y = $im->getHeight();
$ret = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 5 )",
intval($_SESSION['uid']),
dbesc($r[0]['resource-id']),
datetime_convert(),
datetime_convert(),
dbesc($r[0]['filename']),
intval($y),
intval($x),
dbesc($s));
if($r === NULL)
$_SESSION['sysmsg'] .= "Image size reduction (80) failed." . EOL;
$r = q("UPDATE `profile` SET `photo` = '%s', `thumb` = '%s' WHERE `id` = %d LIMIT 1",
dbesc($a->get_baseurl() . '/photo/' . $image_id . '-4.jpg'),
dbesc($a->get_baseurl() . '/photo/' . $image_id . '-5.jpg'),
intval($profile_id));
if($r === NULL)
$_SESSION['sysmsg'] .= "Failed to add image to profile." . EOL;
}
goaway($a->get_baseurl() . '/profiles');
}
$extra_sql = (($profile_id) ? " AND `id` = " . intval($profile_id) : " AND `is-default` = 1 " );
$r = q("SELECT `id` FROM `profile` WHERE `uid` = %d $extra_sql LIMIT 1", intval($_SESSION['uid']));
if($r === NULL || (! count($r))) {
$_SESSION['sysmsg'] .= "Profile unavailable." . EOL;
return;
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata);
if(! ($image = $ph->getImage())) {
$_SESSION['sysmsg'] .= "Unable to process image." . EOL;
@unlink($src);
return;
}
@unlink($src);
$width = $ph->getWidth();
$height = $ph->getHeight();
if($width < 175 || $width < 175) {
$ph->scaleImageUp(200);
$width = $ph->getWidth();
$height = $ph->getHeight();
}
$hash = hash('md5',uniqid(mt_rand(),true));
$str_image = $ph->imageString();
$smallest = 0;
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 0 )",
intval($_SESSION['uid']),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($filename)),
intval($height),
intval($width),
dbesc($str_image));
if($r)
$_SESSION['sysmsg'] .= "Image uploaded successfully." . EOL;
else
$_SESSION['sysmsg'] .= "Image upload failed." . EOL;
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$str_image = $ph->imageString();
$width = $ph->getWidth();
$height = $ph->getHeight();
$r = q("INSERT INTO `photo` ( `uid`, `resource-id`, `created`, `edited`, `filename`,
`height`, `width`, `data`, `scale` )
VALUES ( %d, '%s', '%s', '%s', '%s', %d, %d, '%s', 1 )",
intval($_SESSION['uid']),
dbesc($hash),
datetime_convert(),
datetime_convert(),
dbesc(basename($filename)),
intval($height),
intval($width),
dbesc($str_image));
if($r === NULL)
$_SESSION['sysmsg'] .= "Image size reduction (640) failed." . EOL;
else
$smallest = 1;
}
$a->config['imagecrop'] = $hash;
$a->config['imagecrop_resolution'] = $smallest;
$a->page['htmlhead'] .= file_get_contents("view/crophead.tpl");
}
if(! function_exists('profile_photo_content')) {
function profile_photo_content(&$a) {
if(! x($a->config,'imagecrop')) {
if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if($a->argc > 1)
$profile_id = intval($a->argv[1]);
$extra_sql = (($profile_id) ? " AND `id` = $profile_id " : " AND `is-default` = 1 " );
$r = q("SELECT `id` FROM `profile` WHERE `uid` = %d $extra_sql LIMIT 1", intval($_SESSION['uid']));
if($r === NULL || (! count($r))) {
$_SESSION['sysmsg'] .= "Profile unavailable." . EOL;
return;
}
$o = file_get_contents('view/profile_photo.tpl');
$o = replace_macros($o,array(
'$profile_id' => $r[0]['id'],
'$uid' => $_SESSION['uid'],
));
return $o;
}
else {
$filename = $a->config['imagecrop'] . '-' . $a->config['imagecrop_resolution'] . '.jpg';
$resolution = $a->config['imagecrop_resolution'];
$o = file_get_contents("view/cropbody.tpl");
$o = replace_macros($o,array(
'$filename' => $filename,
'$profile_id' => $a->argv[1],
'$resource' => $a->config['imagecrop'] . '-' . $a->config['imagecrop_resolution'],
'$image_url' => $a->get_baseurl() . '/photo/' . $filename
));
return $o;
}
}}

190
mod/profiles.php Normal file
View file

@ -0,0 +1,190 @@
<?php
function profiles_post(&$a) {
if(! local_user()) {
$_SESSION['sysmsg'] .= "Unauthorised." . EOL;
return;
}
// todo - delete... ensure that all contacts using the to-be-deleted profile are moved to the default.
if(($a->argc > 1) && ($a->argv[1] != "new") && intval($a->argv[1])) {
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($_SESSION['uid'])
);
if(! count($r)) {
$_SESSION['sysmsg'] .= "Profile not found." . EOL;
return;
}
$profile_name = notags(trim($_POST['profile_name']));
if(! strlen($profile_name)) {
$a->$_SESSION['sysmsg'] .= "Profile Name is required." . EOL;
return;
}
$name = notags(trim($_POST['name']));
$gender = notags(trim($_POST['gender']));
$address = notags(trim($_POST['address']));
$locality = notags(trim($_POST['locality']));
$region = notags(trim($_POST['region']));
$postal_code = notags(trim($_POST['postal_code']));
$country_name = notags(trim($_POST['country_name']));
$marital = notags(trim(implode(', ',$_POST['marital'])));
$homepage = notags(trim($_POST['homepage']));
$about = str_replace(array('<','>','&'),array('&lt;','&gt;','&amp;'),trim($_POST['about']));
if(! in_array($gender,array('','Male','Female','Other')))
$gender = '';
$r = q("UPDATE `profile`
SET `profile-name` = '%s',
`name` = '%s',
`gender` = '%s',
`address` = '%s',
`locality` = '%s',
`region` = '%s',
`postal-code` = '%s',
`country-name` = '%s',
`marital` = '%s',
`homepage` = '%s',
`about` = '%s'
WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($profile_name),
dbesc($name),
dbesc($gender),
dbesc($address),
dbesc($locality),
dbesc($region),
dbesc($postal_code),
dbesc($country_name),
dbesc($marital),
dbesc($homepage),
dbesc($about),
intval($a->argv[1]),
intval($_SESSION['uid'])
);
if($r)
$_SESSION['sysmsg'] .= "Profile updated." . EOL;
}
}
function profiles_content(&$a) {
if(! local_user()) {
$_SESSION['sysmsg'] .= "Unauthorised." . EOL;
return;
}
if(($a->argc > 1) && ($a->argv[1] == 'new')) {
$r0 = q("SELECT `id` FROM `profile` WHERE `uid` = %d",
intval($_SESSION['uid']));
$num_profiles = count($r0);
$name = "Profile-" . ($num_profiles + 1);
$r1 = q("SELECT `name`, `photo`, `thumb` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1",
intval($_SESSION['uid']));
$r2 = q("INSERT INTO `profile` (`uid` , `profile-name` , `name`, `photo`, `thumb`)
VALUES ( %d, '%s', '%s', '%s', '%s' )",
intval($_SESSION['uid']),
dbesc($name),
dbesc($r1[0]['name']),
dbesc($r1[0]['photo']),
dbesc($ra[0]['thumb'])
);
$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
intval($_SESSION['uid']),
dbesc($name)
);
$_SESSION['sysmsg'] .= "New profile created." . EOL;
if(count($r3) == 1)
goaway($a->get_baseurl() . '/profiles/' . $r3[0]['id']);
goaway($a->get_baseurl() . '/profiles');
}
if(intval($a->argv[1])) {
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($_SESSION['uid'])
);
if(! count($r)) {
$_SESSION['sysmsg'] .= "Profile not found." . EOL;
return;
}
require_once('mod/profile.php');
profile_load($a,$_SESSION['uid'],$r[0]['id']);
require_once('view/profile_selectors.php');
$tpl = file_get_contents('view/jot-header.tpl');
$profile_in_dir = file_get_contents("view/profile-in-directory.tpl");
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
$a->page['aside'] = file_get_contents('view/sidenote.tpl');
$is_default = (($r[0]['is-default']) ? 1 : 0);
$tpl = file_get_contents("view/profile_edit.tpl");
$o .= replace_macros($tpl,array(
'$baseurl' => $a->get_baseurl(),
'$profile_id' => $r[0]['id'],
'$profile_name' => $r[0]['profile-name'],
'$default' => (($is_default) ? "<p id=\"profile-edit-default-desc\">This is your <strong>public</strong> profile.</p>" : ""),
'$name' => $r[0]['name'],
'$dob' => $r[0]['dob'],
'$address' => $r[0]['address'],
'$locality' => $r[0]['locality'],
'$region' => $r[0]['region'],
'$postal_code' => $r[0]['postal-code'],
'$country_name' => $r[0]['country-name'],
'$age' => $r[0]['age'],
'$gender' => gender_selector($r[0]['gender']),
'$marital' => marital_selector($r[0]['marital']),
'$about' => $r[0]['about'],
'$homepage' => $r[0]['homepage'],
'$profile_in_dir' => (($is_default) ? $profile_in_dir : '')
));
return $o;
}
else {
$r = q("SELECT * FROM `profile` WHERE `uid` = %d",
$_SESSION['uid']);
if(count($r)) {
$o .= file_get_contents('view/profile_listing_header.tpl');
$tpl_default = file_get_contents('view/profile_entry_default.tpl');
$tpl = file_get_contents('view/profile_entry.tpl');
foreach($r as $rr) {
$template = (($rr['is-default']) ? $tpl_default : $tpl);
$o .= replace_macros($template, array(
'$photo' => $rr['thumb'],
'$id' => $rr['id'],
'$profile_name' => $rr['profile-name']
));
}
}
return $o;
}
}

21
mod/redir.php Normal file
View file

@ -0,0 +1,21 @@
<?php
function redir_init(&$a) {
if((! local_user()) || (! ($a->argc == 2)) || (! intval($a->argv[1])))
goaway($a->get_baseurl());
$r = q("SELECT `dfrn-id`, `poll` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($_SESSION['uid']));
if(! count($r))
goaway($a->get_baseurl());
q("INSERT INTO `profile_check` ( `uid`, `dfrn_id`, `expire`)
VALUES( %d, '%s', %d )",
intval($_SESSION['uid']),
dbesc($r[0]['dfrn-id']),
intval(time() + 30));
goaway ($r[0]['poll'] . '?dfrn_id=' . $r[0]['dfrn-id'] . '&type=profile');
}

175
mod/register.php Normal file
View file

@ -0,0 +1,175 @@
<?php
if(! function_exists('register_post')) {
function register_post(&$a) {
$verified = 0;
$blocked = 1;
switch($a->config['register_policy']) {
case REGISTER_OPEN:
$blocked = 0;
$verified = 1;
break;
case REGISTER_VERIFY:
$blocked = 1;
$verify = 0;
break;
default:
case REGISTER_CLOSED:
if((! x($_SESSION,'authenticated') && (! x($_SESSION,'administrator')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
$blocked = 0;
$verified = 0;
break;
}
if(x($_POST,'username'))
$username = notags(trim($_POST['username']));
if(x($_POST,'email'))
$email =notags(trim($_POST['email']));
if((! x($username)) || (! x($email))) {
$_SESSION['sysmsg'] .= "Please enter the required information.". EOL;
return;
}
$err = '';
if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
$err .= " Not valid email.";
if(strlen($username) > 40)
$err .= " Please use a shorter name.";
if(strlen($username) < 3)
$err .= " Name too short.";
$r = q("SELECT `uid` FROM `user`
WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if($r !== false && count($r))
$err .= " This email address is already registered." . EOL;
if(strlen($err)) {
$_SESSION['sysmsg'] .= $err;
return;
}
$new_password = autoname(6) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
$res=openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
'encrypt_key' => false ));
// Get private key
$prvkey = '';
openssl_pkey_export($res, $prvkey);
// Get public key
$pkey = openssl_pkey_get_details($res);
$pubkey = $pkey["key"];
$r = q("INSERT INTO `user` ( `username`, `password`, `email`,
`pubkey`, `prvkey`, `verified`, `blocked` )
VALUES ( '%s', '%s', '%s', '%s', '%s', %d, %d )",
dbesc($username),
dbesc($new_password_encoded),
dbesc($email),
dbesc($pubkey),
dbesc($prvkey),
intval($verified),
intval($blocked)
);
if($r) {
$r = q("SELECT `uid` FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
dbesc($username),
dbesc($new_password_encoded)
);
if($r !== false && count($r))
$newuid = intval($r[0]['uid']);
}
else {
$_SESSION['sysmsg'] .= "An error occurred during registration. Please try again." . EOL;
return;
}
if(x($newuid) !== NULL) {
$r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb` )
VALUES ( %d, '%s', %d, '%s', '%s', '%s' ) ",
intval($newuid),
'default',
1,
dbesc($username),
dbesc($a->get_baseurl() . '/images/default-profile.jpg'),
dbesc($a->get_baseurl() . '/images/default-profile-sm.jpg')
);
if($r === false) {
$_SESSION['sysmsg'] .= "An error occurred creating your default profile. Please try again." . EOL ;
// Start fresh next time.
$r = q("DELETE FROM `user` WHERE `uid` = %d",
intval($newuid));
return;
}
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `photo`, `thumb`, `blocked` )
VALUES ( %d, '%s', 1, '%s', '%s', '%s', 0 ) ",
intval($newuid),
datetime_convert(),
dbesc($username),
dbesc($a->get_baseurl() . '/images/default-profile.jpg'),
dbesc($a->get_baseurl() . '/images/default-profile-sm.jpg')
);
}
if( $a->config['register_policy'] == REGISTER_OPEN ) {
$email_tpl = file_get_contents("view/register_open_eml.tpl");
$email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $username,
'$email' => $email,
'$password' => $new_password,
'$uid' => $newuid ));
$res = mail($email,"Registration details for {$a->config['sitename']}",$email_tpl,"From: Administrator@{$_SERVER[SERVER_NAME]}");
}
if($res) {
$_SESSION['sysmsg'] .= "Registration successful. Please check your email for further instructions." . EOL ;
goaway($a->get_baseurl());
}
else {
$_SESSION['sysmsg'] .= "Failed to send email message. Here is the message that failed. $email_tpl " . EOL;
}
return;
}}
if(! function_exists('register_content')) {
function register_content(&$a) {
$o = file_get_contents("view/register.tpl");
$o = replace_macros($o, array('$registertext' =>((x($a->config,'register_text'))? $a->config['register_text'] : "" )));
return $o;
}}

170
mod/settings.php Normal file
View file

@ -0,0 +1,170 @@
<?php
function settings_init(&$a) {
if((! x($_SESSION,'authenticated')) && (x($_SESSION,'uid'))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
$a->error = 404;
return;
}
require_once("mod/profile.php");
profile_load($a,$_SESSION['uid']);
}
function settings_post(&$a) {
if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
if((x($_POST,'password')) || (x($_POST,'confirm'))) {
$newpass = trim($_POST['password']);
$confirm = trim($_POST['confirm']);
$err = false;
if($newpass != $confirm ) {
$_SESSION['sysmsg'] .= "Passwords do not match. Password unchanged." . EOL;
$err = true;
}
if((! x($newpass)) || (! x($confirm))) {
$_SESSION['sysmsg'] .= "Empty passwords are not allowed. Password unchanged." . EOL;
$err = true;
}
if(! $err) {
$password = hash('whirlpool',$newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($password),
intval($_SESSION['uid']));
if($r)
$_SESSION['sysmsg'] .= "Password changed." . EOL;
else
$_SESSION['sysmsg'] .= "Password update failed. Please try again." . EOL;
}
}
$username = notags(trim($_POST['username']));
$email = notags(trim($_POST['email']));
if(x($_POST,'nick'))
$nick = notags(trim($_POST['nick']));
$timezone = notags(trim($_POST['timezone']));
$username_changed = false;
$email_changed = false;
$nick_changed = false;
$zone_changed = false;
$err = '';
if($username != $a->user['username']) {
$username_changed = true;
if(strlen($username) > 40)
$err .= " Please use a shorter name.";
if(strlen($username) < 3)
$err .= " Name too short.";
}
if($email != $a->user['email']) {
$email_changed = true;
if(!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\.[A-Za-z]{2,6}',$email))
$err .= " Not valid email.";
$r = q("SELECT `uid` FROM `user`
WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if($r !== NULL && count($r))
$err .= " This email address is already registered." . EOL;
}
if((x($nick)) && ($nick != $a->user['nickname'])) {
$nick_changed = true;
if(! preg_match("/^[a-zA-Z][a-zA-Z0-9\-\_]*$/",$nick))
$err .= " Nickname must start with a letter and contain only contain letters, numbers, dashes, and underscore.";
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1",
dbesc($nick)
);
if($r !== NULL && count($r))
$err .= " Nickname is already registered. Try another." . EOL;
}
else
$nick = $a->user['nickname'];
if(strlen($err)) {
$_SESSION['sysmsg'] .= $err . EOL;
return;
}
if($timezone != $a->user['timezone']) {
$zone_changed = true;
if(strlen($timezone))
date_default_timezone_set($timezone);
}
if($email_changed || $username_changed || $nick_changed || $zone_changed ) {
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `nickname` = '%s', `timezone` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($username),
dbesc($email),
dbesc($nick),
dbesc($timezone),
intval($_SESSION['uid']));
if($r)
$_SESSION['sysmsg'] .= "Settings updated." . EOL;
}
if($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
}
// Refresh the content display with new data
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($_SESSION['uid']));
if(count($r))
$a->user = $r[0];
}
if(! function_exists('settings_content')) {
function settings_content(&$a) {
if((! x($_SESSION['authenticated'])) && (! (x($_SESSION,'uid')))) {
$_SESSION['sysmsg'] .= "Permission denied." . EOL;
return;
}
$username = $a->user['username'];
$email = $a->user['email'];
$nickname = $a->user['nickname'];
$timezone = $a->user['timezone'];
if(x($nickname))
$nickname_block = file_get_contents("view/settings_nick_set.tpl");
else
$nickname_block = file_get_contents("view/settings_nick_unset.tpl");
$nickname_block = replace_macros($nickname_block,array(
'$nickname' => $nickname,
'$baseurl' => $a->get_baseurl()));
$o = file_get_contents('view/settings.tpl');
$o = replace_macros($o,array(
'$baseurl' => $a->get_baseurl(),
'$uid' => $_SESSION['uid'],
'$username' => $username,
'$email' => $email,
'$nickname_block' => $nickname_block,
'$timezone' => $timezone,
'$zoneselect' => select_timezone($timezone)
));
return $o;
}}

4
mod/test.php Normal file
View file

@ -0,0 +1,4 @@
<?php
function test_content(&$a) {
print_r($a->user);
}