bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

mistpark 2.0 infrasturcture lands

Browse source
This commit is contained in:
Mike Macgirvin 2010-09-08 20:14:17 -07:00
commit ffb1997902
360 changed files with 25001 additions and 457 deletions
Download patch file Download diff file Expand all files Collapse all files

99
mod/contacts.php
View file

@ -1,5 +1,7 @@
<?php
require_once('include/Contact.php');
function contacts_init(&$a) {
require_once('include/group.php');
$a->page['aside'] .= group_side();
@ -9,7 +11,6 @@ function contacts_init(&$a) {
}
function contacts_post(&$a) {
if(! local_user())
return;
@ -20,11 +21,11 @@ function contacts_post(&$a) {
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if(! count($orig_record)) {
notice("Could not access contact record." . EOL);
notice( t('Could not access contact record.') . EOL);
goaway($a->get_baseurl() . '/contacts');
return; // NOTREACHED
}
@ -33,7 +34,7 @@ function contacts_post(&$a) {
if($profile_id) {
$r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($profile_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if(! count($r)) {
notice( t('Could not locate selected profile.') . EOL);
@ -57,7 +58,7 @@ function contacts_post(&$a) {
intval($rating),
dbesc($reason),
intval($contact_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if($r)
notice( t('Contact updated.') . EOL);
@ -86,7 +87,7 @@ function contacts_content(&$a) {
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if(! count($orig_record)) {
@ -101,13 +102,12 @@ function contacts_content(&$a) {
$r = q("UPDATE `contact` SET `blocked` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($blocked),
intval($contact_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if($r) {
$msg = t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL ;
notice($msg);
notice( t('Contact has been ') . (($blocked) ? t('blocked') : t('unblocked')) . EOL );
}
goaway($a->get_baseurl() ."/contacts/$contact_id");
goaway($a->get_baseurl() . '/contacts/' . $contact_id);
return; // NOTREACHED
}
@ -116,32 +116,17 @@ function contacts_content(&$a) {
$r = q("UPDATE `contact` SET `readonly` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($readonly),
intval($contact_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if($r) {
$msg = t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL ;
notice($msg);
notice( t('Contact has been ') . (($readonly) ? t('ignored') : t('unignored')) . EOL );
}
goaway($a->get_baseurl() ."/contacts/$contact_id");
goaway($a->get_baseurl() . '/contacts/' . $contact_id);
return; // NOTREACHED
}
if($cmd == 'drop') {
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($_SESSION['uid'])
);
q("DELETE FROM `item` WHERE `contact-id` = %d AND `uid` = %d ",
intval($contact_id),
intval($_SESSION['uid'])
);
q("DELETE FROM `photo` WHERE `contact-id` = %d AND `uid` = %d ",
intval($contact_id),
intval($_SESSION['uid'])
);
contact_remove($contact_id);
notice( t('Contact has been removed.') . EOL );
goaway($a->get_baseurl() . '/contacts');
return; // NOTREACHED
@ -152,7 +137,7 @@ function contacts_content(&$a) {
$contact_id = intval($a->argv[1]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1",
$_SESSION['uid'],
intval(get_uid()),
intval($contact_id)
);
if(! count($r)) {
@ -164,23 +149,22 @@ function contacts_content(&$a) {
$tpl = file_get_contents("view/contact_edit.tpl");
$direction = '';
if(strlen($r[0]['issued-id'])) {
if(strlen($r[0]['dfrn-id'])) {
$direction = DIRECTION_BOTH;
switch($r[0]['rel']) {
case DIRECTION_BOTH:
$dir_icon = 'images/lrarrow.gif';
$alt_text = t('Mutual Friendship');
}
else {
$direction = DIRECTION_IN;
break;
case DIRECTION_IN;
$dir_icon = 'images/larrow.gif';
$alt_text = t('is a fan of yours');
}
}
else {
$direction = DIRECTION_OUT;
$dir_icon = 'images/rarrow.gif';
$alt_text = t('you are a fan of');
break;
case DIRECTION_OUT;
$dir_icon = 'images/rarrow.gif';
$alt_text = t('you are a fan of');
break;
default:
break;
}
$o .= replace_macros($tpl,array(
@ -201,7 +185,7 @@ function contacts_content(&$a) {
'$name' => $r[0]['name'],
'$dir_icon' => $dir_icon,
'$alt_text' => $alt_text,
'$url' => (($direction != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] )
'$url' => (($r[0]['rel'] != DIRECTION_OUT) ? "redir/{$r[0]['id']}" : $r[0]['url'] )
));
@ -269,23 +253,22 @@ function contacts_content(&$a) {
foreach($r as $rr) {
if($rr['self'])
continue;
$direction = '';
if(strlen($rr['issued-id'])) {
if(strlen($rr['dfrn-id'])) {
$direction = DIRECTION_BOTH;
switch($rr['rel']) {
case DIRECTION_BOTH:
$dir_icon = 'images/lrarrow.gif';
$alt_text = t('Mutual Friendship');
}
else {
$direction = DIRECTION_IN;
break;
case DIRECTION_IN;
$dir_icon = 'images/larrow.gif';
$alt_text = t('is a fan of yours');
}
}
else {
$direction = DIRECTION_OUT;
$dir_icon = 'images/rarrow.gif';
$alt_text = t('you are a fan of');
break;
case DIRECTION_OUT;
$dir_icon = 'images/rarrow.gif';
$alt_text = t('you are a fan of');
break;
default:
break;
}
$o .= replace_macros($tpl, array(
@ -296,7 +279,7 @@ function contacts_content(&$a) {
'$dir_icon' => $dir_icon,
'$thumb' => $rr['thumb'],
'$name' => $rr['name'],
'$url' => (($direction != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] )
'$url' => (($rr['rel'] != DIRECTION_OUT) ? "redir/{$rr['id']}" : $rr['url'] )
));
}
$o .= '<div id="contact-edit-end"></div>';

101
mod/dfrn_confirm.php
View file

@ -12,9 +12,12 @@ function dfrn_confirm_post(&$a) {
// We are processing an external confirmation to an introduction created by our user.
$public_key = $_POST['public_key'];
$dfrn_id = $_POST['dfrn_id'];
$dfrn_id = $_POST['dfrn_id'];
$source_url = $_POST['source_url'];
$aes_key = $_POST['aes_key'];
$aes_key = $_POST['aes_key'];
$duplex = $_POST['duplex'];
$version_id = $_POST['dfrn_version'];
// Find our user's account
@ -23,15 +26,15 @@ function dfrn_confirm_post(&$a) {
if(! count($r)) {
xml_status(3); // failure
return; // NOTREACHED
}
$my_prvkey = $r[0]['prvkey'];
$local_uid = $r[0]['uid'];
$decrypted_source_url = "";
// verify everything
$decrypted_source_url = "";
openssl_private_decrypt($source_url,$decrypted_source_url,$my_prvkey);
@ -41,15 +44,17 @@ function dfrn_confirm_post(&$a) {
if(! count($ret)) {
// this is either a bogus confirmation or we deleted the original introduction.
xml_status(3);
xml_status(3);
return; // NOTREACHED
}
$relation = $r[0]['rel'];
$relation = $ret[0]['rel'];
// Decrypt all this stuff we just received
$foreign_pubkey = $ret[0]['site-pubkey'];
$dfrn_record = $ret[0]['id'];
$dfrn_record = $ret[0]['id'];
$decrypted_dfrn_id = "";
openssl_public_decrypt($dfrn_id,$decrypted_dfrn_id,$foreign_pubkey);
@ -64,14 +69,18 @@ function dfrn_confirm_post(&$a) {
$r = q("SELECT * FROM `contact` WHERE `dfrn-id` = '%s' LIMIT 1",
dbesc($decrypted_dfrn_id),
intval($local_uid));
if(count($r))
intval($local_uid)
);
if(count($r)) {
xml_status(1); // Birthday paradox - duplicate dfrn-id
return; // NOTREACHED
}
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
dbesc($decrypted_dfrn_id),
dbesc($dfrn_pubkey),
intval($dfrn_record));
intval($dfrn_record)
);
if($r) {
// We're good but now we have to scrape the profile photo and send notifications.
@ -118,13 +127,29 @@ function dfrn_confirm_post(&$a) {
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
$new_relation = DIRECTION_OUT;
if(($relation == DIRECTION_IN) || ($duplex))
$new_relation = DIRECTION_BOTH;
$r = q("UPDATE `contact` SET
`photo` = '%s',
`thumb` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`network` = 'dfrn' WHERE `id` = %d LIMIT 1
",
dbesc($photo),
dbesc($thumb),
intval(($relation == DIRECTION_IN) ? DIRECTION_BOTH: DIRECTION_OUT),
intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
intval($dfrn_record)
);
if($r === false)
@ -135,7 +160,8 @@ function dfrn_confirm_post(&$a) {
$r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`id` = %d LIMIT 1",
intval($dfrn_record));
intval($dfrn_record)
);
if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {
$tpl = file_get_contents('view/intro_complete_eml.tpl');
@ -151,13 +177,12 @@ function dfrn_confirm_post(&$a) {
);
$res = mail($r[0]['email'], t("Introduction accepted at ") . $a->config['sitename'],
$email_tpl,t("From: Administrator@") . $_SERVER[SERVER_NAME] );
$email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
if(!$res) {
notice( t("Email notification failed.") . EOL );
}
}
xml_status(0); // Success
return; // NOTREACHED
}
else {
@ -171,43 +196,44 @@ function dfrn_confirm_post(&$a) {
// We are processing a local confirmation initiated on this system by our user to an external introduction.
$uid = $_SESSION['uid'];
$uid = get_uid();
if(! $uid) {
notice( t("Permission denied.") . EOL );
return;
}
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
$duplex = intval($_POST['duplex']);
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($dfrn_id),
intval($uid)
);
if((! $r) || (! count($r))) {
if(! count($r)) {
notice( t('Node does not exist.') . EOL );
return;
}
$contact_id = $r[0]['id'];
$relation = $r[0]['rel'];
$site_pubkey = $r[0]['site-pubkey'];
$contact_id = $r[0]['id'];
$relation = $r[0]['rel'];
$site_pubkey = $r[0]['site-pubkey'];
$dfrn_confirm = $r[0]['confirm'];
$aes_allow = $r[0]['aes_allow'];
$aes_allow = $r[0]['aes_allow'];
$res=openssl_pkey_new(array(
$res = openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
'encrypt_key' => false ));
'encrypt_key' => false )
);
$private_key = '';
openssl_pkey_export($res, $private_key);
$pubkey = openssl_pkey_get_details($res);
$public_key = $pubkey["key"];
@ -222,8 +248,8 @@ function dfrn_confirm_post(&$a) {
$params = array();
$src_aes_key = random_string();
$result = "";
$result = '';
openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
$params['dfrn_id'] = $result;
@ -237,6 +263,10 @@ function dfrn_confirm_post(&$a) {
$params['public_key'] = openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key);
}
$params['dfrn_version'] = '2.0';
if($duplex == 1)
$params['duplex'] = 1;
$res = post_url($dfrn_confirm,$params);
// uncomment the following two lines and comment the following xml/status lines
@ -329,10 +359,23 @@ function dfrn_confirm_post(&$a) {
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
$r = q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `rel` = %d, `name-date` = '%s', `uri-date` = '%s', `avatar-date` = '%s', `blocked` = 0, `pending` = 0, `network` = 'dfrn' WHERE `id` = %d LIMIT 1",
$new_relation = DIRECTION_IN;
if(($relation == DIRECTION_OUT) || ($duplex))
$new_relation = DIRECTION_BOTH;
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`network` = 'dfrn' WHERE `id` = %d LIMIT 1
",
dbesc($photo),
dbesc($thumb),
intval(($relation == DIRECTION_OUT) ? DIRECTION_BOTH: DIRECTION_IN),
intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
@ -343,8 +386,6 @@ function dfrn_confirm_post(&$a) {
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
return; //NOTREACHED
}
return;
}

68
mod/dfrn_notify.php
View file

@ -185,43 +185,45 @@ function dfrn_notify_post(&$a) {
$datarray['contact-id'] = $importer['id'];
$posted_id = post_remote($a,$datarray);
$r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($posted_id),
intval($importer['importer_uid'])
);
if(count($r)) {
$r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d",
dbesc(datetime_convert()),
intval($importer['importer_uid']),
intval($r[0]['parent'])
if($posted_id) {
$r = q("SELECT `parent` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($posted_id),
intval($importer['importer_uid'])
);
if(count($r)) {
$r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d",
dbesc(datetime_convert()),
intval($importer['importer_uid']),
intval($r[0]['parent'])
);
}
$r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
dbesc(datetime_convert()),
intval($importer['importer_uid']),
intval($posted_id)
);
}
$r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
dbesc(datetime_convert()),
intval($importer['importer_uid']),
intval($posted_id)
);
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &",
array(),$foo));
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"comment-import\" \"$posted_id\" &",
array(),$foo));
if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) {
require_once('bbcode.php');
$from = stripslashes($datarray['author-name']);
$tpl = file_get_contents('view/cmnt_received_eml.tpl');
$email_tpl = replace_macros($tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $importer['username'],
'$email' => $importer['email'],
'$from' => $from,
if(($importer['notify-flags'] & NOTIFY_COMMENT) && (! $importer['self'])) {
require_once('bbcode.php');
$from = stripslashes($datarray['author-name']);
$tpl = file_get_contents('view/cmnt_received_eml.tpl');
$email_tpl = replace_macros($tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$username' => $importer['username'],
'$email' => $importer['email'],
'$from' => $from,
'$body' => strip_tags(bbcode(stripslashes($datarray['body'])))
));
));
$res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'],
$email_tpl,t("From: Administrator@") . $a->get_hostname() );
$res = mail($importer['email'], $from . t(" commented on your item at ") . $a->config['sitename'],
$email_tpl,t("From: Administrator@") . $a->get_hostname() );
}
}
xml_status(0);
return;
@ -356,7 +358,7 @@ function dfrn_notify_content(&$a) {
$encrypted_id = '';
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
if($r[0]['duplex']) {
if(($r[0]['duplex']) && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
@ -368,7 +370,7 @@ function dfrn_notify_content(&$a) {
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_notify><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>' . '<challenge>' . $challenge . '</challenge></dfrn_notify>' . "\r\n" ;
session_write_close();
exit;

17
mod/dfrn_poll.php
View file

@ -14,6 +14,8 @@ function dfrn_poll_init(&$a) {
$type = $a->config['dfrn_poll_type'] = $_GET['type'];
if(x($_GET,'last_update'))
$last_update = $a->config['dfrn_poll_last_update'] = $_GET['last_update'];
$dfrn_version = ((x($_GET,'dfrn_version')) ? $_GET['dfrn_version'] : '1.0');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
if(($dfrn_id == '') && (! x($_POST,'dfrn_id')) && ($a->argc > 1)) {
$o = get_feed_for($a,'*', $a->argv[1],$last_update);
@ -25,7 +27,7 @@ function dfrn_poll_init(&$a) {
$r = q("SELECT `contact`.*, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex `= 1 )) LIMIT 1",
WHERE ( `dfrn-id` = '%s' OR ( `issued-id` = '%s' AND `duplex` = 1 )) LIMIT 1",
dbesc($dfrn_id),
dbesc($dfrn_id)
);
@ -46,10 +48,11 @@ function dfrn_poll_init(&$a) {
dbesc($session_id));
}
}
$profile = ((strlen($r[0]['nickname'])) ? $r[0]['nickname'] : $r[0]['uid']);
goaway($a->get_baseurl() . "/profile/$profile/visit");
$profile = $r[0]['nickname'];
goaway((strlen($destination_url)) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile);
}
goaway($a->get_baseurl());
}
if((x($type)) && ($type == 'profile-check')) {
@ -57,8 +60,10 @@ function dfrn_poll_init(&$a) {
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
if(count($r))
if(count($r)) {
xml_status(1);
return; // NOTREACHED
}
xml_status(0);
return; // NOTREACHED
}
@ -182,7 +187,7 @@ function dfrn_poll_content(&$a) {
$id_str = $_GET['dfrn_id'] . '.' . mt_rand(1000,9999);
if($r[0]['duplex']) {
if($r[0]['duplex'] && strlen($r[0]['pubkey'])) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
@ -198,7 +203,7 @@ function dfrn_poll_content(&$a) {
$status = 1;
}
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_id>' . $encrypted_id . '</dfrn_id>'
echo '<?xml version="1.0" encoding="UTF-8"?><dfrn_poll><status>' .$status . '</status><dfrn_version>2.0</dfrn_version><dfrn_id>' . $encrypted_id . '</dfrn_id>'
. '<challenge>' . $challenge . '</challenge></dfrn_poll>' . "\r\n" ;
session_write_close();
exit;

19
mod/dfrn_request.php
View file

@ -45,7 +45,7 @@ function dfrn_request_post(&$a) {
if(x($dfrn_url)) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' LIMIT 1",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc($dfrn_url)
);
@ -99,7 +99,7 @@ function dfrn_request_post(&$a) {
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `name`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `aes_allow`)
VALUES ( %d, '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', %d)",
intval($_SESSION['uid']),
intval(get_uid()),
datetime_convert(),
dbesc($dfrn_url),
$parms['fn'],
@ -214,14 +214,19 @@ function dfrn_request_post(&$a) {
);
}
else {
if(! validate_url($url)) {
notice( t('Invalid profile URL.') . EOL);
goaway($a->get_baseurl() . '/' . $a->cmd);
return; // NOTREACHED
}
require_once('Scrape.php');
$parms = scrape_dfrn($url);
if(! count($parms)) {
notice( t('Profile location is not valid or does not contain profile information.') . EOL );
killme();
goaway($a->get_baseurl() . '/' . $a->cmd);
}
else {
if(! x($parms,'fn'))
@ -274,7 +279,7 @@ function dfrn_request_post(&$a) {
}
if($r === false) {
notice( 'Failed to update contact record.' . EOL );
notice( t('Failed to update contact record.') . EOL );
return;
}
@ -300,7 +305,7 @@ function dfrn_request_post(&$a) {
// "Homecoming" - send the requestor back to their site to record the introduction.
$dfrn_url = bin2hex($a->get_baseurl() . "/profile/$nickname");
$dfrn_url = bin2hex($a->get_baseurl() . '/profile/' . $nickname);
$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" . '&confirm_key=' . $hash . (($aes_allow) ? "&aes_allow=1" : ""));
@ -387,7 +392,7 @@ function dfrn_request_content(&$a) {
$res = mail($r[0]['email'],
t("Introduction received at ") . $a->config['sitename'],
$email,
t('From: Administrator@') . $_SERVER[SERVER_NAME] );
'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
}

198
mod/display.php Normal file
View file

@ -0,0 +1,198 @@
<?php
function display_content(&$a) {
require_once('mod/profile.php');
profile_init($a);
$item_id = (($a->argc > 2) ? intval($a->argv[2]) : 0);
if(! $item_id) {
$a->error = 404;
notice( t('Item not found.') . EOL);
return;
}
require_once("include/bbcode.php");
require_once('include/security.php');
$groups = array();
$tab = 'posts';
$contact = null;
$remote_contact = false;
if(remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($a->profile['uid'])
);
if(count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if(! $remote_contact) {
if(local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$sql_extra = "
AND `allow_cid` = ''
AND `allow_gid` = ''
AND `deny_cid` = ''
AND `deny_gid` = ''
";
// Profile owner - everything is visible
if(local_user() && (get_uid() == $a->profile['uid'])) {
$sql_extra = '';
}
// authenticated visitor - here lie dragons
// If $remotecontact is true, we know that not only is this a remotely authenticated
// person, but that it is *our* contact, which is important in multi-user mode.
elseif($remote_contact) {
$gs = '<<>>'; // should be impossible to match
if(count($groups)) {
foreach($groups as $g)
$gs .= '|<' . intval($g) . '>';
}
$sql_extra = sprintf(
" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )
AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )
AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
intval($_SESSION['visitor_id']),
intval($_SESSION['visitor_id']),
dbesc($gs),
dbesc($gs)
);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`,
`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`
FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE `id` = %d )
$sql_extra
ORDER BY `parent` DESC, `id` ASC ",
intval($a->profile['uid']),
intval($item_id)
);
$cmnt_tpl = file_get_contents('view/comment_item.tpl');
$tpl = file_get_contents('view/wall_item.tpl');
$return_url = $_SESSION['return_url'] = $a->cmd;
if(count($r)) {
foreach($r as $item) {
$comment = '';
$template = $tpl;
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
if(can_write_wall($a,$a->profile['uid'])) {
if($item['last-child']) {
$comment = replace_macros($cmnt_tpl,array(
'$return_path' => $_SESSION['return_url'],
'$type' => 'wall-comment',
'$id' => $item['item_id'],
'$parent' => $item['parent'],
'$profile_uid' => $a->profile['uid'],
'$mylink' => $contact['url'],
'$mytitle' => t('Me'),
'$myphoto' => $contact['thumb'],
'$ww' => ''
));
}
}
$profile_url = $item['url'];
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'] ;
// Top-level wall post not written by the wall owner (wall-to-wall)
// First figure out who owns it.
if(($item['parent'] == $item['item_id']) && (! $item['self'])) {
if($item['type'] == 'wall') {
// I do. Put me on the left of the wall-to-wall notice.
$owner_url = $a->contact['url'];
$owner_photo = $a->contact['thumb'];
$owner_name = $a->contact['name'];
$template = $wallwall;
$commentww = 'ww';
}
if($item['type'] == 'remote' && ($item['owner-link'] != $item['author-link'])) {
// Could be anybody.
$owner_url = $item['owner-link'];
$owner_photo = $item['owner-avatar'];
$owner_name = $item['owner-name'];
$template = $wallwall;
$commentww = 'ww';
// If it is our contact, use a friendly redirect link
if(($item['owner-link'] == $item['url']) && ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH))
$owner_url = $redirect_url;
$owner_url = $redirect_url;
}
}
$profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
$profile_avatar = ((strlen($item['author-avatar'])) ? $item['author-avatar'] : $item['thumb']);
$profile_link = $profile_url;
$drop = '';
if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid()))
$drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
$o .= replace_macros($template,array(
'$id' => $item['item_id'],
'$profile_url' => $profile_link,
'$name' => $profile_name,
'$thumb' => $profile_avatar,
'$title' => $item['title'],
'$body' => bbcode($item['body']),
'$ago' => relative_date($item['created']),
'$location' => (($item['location']) ? '<a target="map" href="http://maps.google.com/?q=' . urlencode($item['location']) . '">' . $item['location'] . '</a>' : ''),
'$indent' => (($item['parent'] != $item['item_id']) ? ' comment' : ''),
'$drop' => $drop,
'$comment' => $comment
));
}
}
return $o;
}

43
mod/group.php
View file

@ -5,9 +5,10 @@ function validate_members(&$item) {
}
function group_init(&$a) {
require_once('include/group.php');
$a->page['aside'] = group_side();
if(local_user()) {
require_once('include/group.php');
$a->page['aside'] = group_side();
}
}
@ -21,10 +22,10 @@ function group_post(&$a) {
if(($a->argc == 2) && ($a->argv[1] == 'new')) {
$name = notags(trim($_POST['groupname']));
$r = group_add($_SESSION['uid'],$name);
$r = group_add(get_uid(),$name);
if($r) {
notice( t('Group created.') . EOL );
$r = group_byname($_SESSION['uid'],$name);
$r = group_byname(get_uid(),$name);
if($r)
goaway($a->get_baseurl() . '/group/' . $r);
}
@ -36,18 +37,19 @@ function group_post(&$a) {
if(($a->argc == 2) && (intval($a->argv[1]))) {
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($_SESSION['uid'])
intval(get_uid())
);
if(! count($r)) {
notice( t('Group not found.') . EOL );
goaway($a->get_baseurl() . '/contacts');
return; // NOTREACHED
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if((strlen($groupname)) && ($groupname != $group['name'])) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
dbesc($groupname),
intval($_SESSION['uid']),
intval(get_uid()),
intval($group['id'])
);
if($r)
@ -57,14 +59,14 @@ function group_post(&$a) {
array_walk($members,'validate_members');
$r = q("DELETE FROM `group_member` WHERE `gid` = %d AND `uid` = %d",
intval($a->argv[1]),
intval($_SESSION['uid'])
intval(get_uid())
);
$result = true;
if(count($members)) {
foreach($members as $member) {
$r = q("INSERT INTO `group_member` ( `uid`, `gid`, `contact-id`)
VALUES ( %d, %d, %d )",
intval($_SESSION['uid']),
intval(get_uid()),
intval($group['id']),
intval($member)
);
@ -74,9 +76,9 @@ function group_post(&$a) {
}
if($result)
notice( t('Membership list updated.') . EOL);
$a->page['aside'] = group_side();
$a->page['aside'] = group_side();
}
return;
}
function group_content(&$a) {
@ -88,20 +90,18 @@ function group_content(&$a) {
if(($a->argc == 2) && ($a->argv[1] == 'new')) {
$tpl = file_get_contents('view/group_new.tpl');
$o .= replace_macros($tpl,array(
));
$o .= replace_macros($tpl,array());
return $o;
}
if(($a->argc == 3) && ($a->argv[1] == 'drop')) {
if(intval($a->argv[2])) {
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
intval($_SESSION['uid'])
intval(get_uid())
);
if(count($r))
$result = group_rmv($_SESSION['uid'],$r[0]['name']);
$result = group_rmv(get_uid(),$r[0]['name']);
if($result)
notice( t('Group removed.') . EOL);
else
@ -116,10 +116,10 @@ function group_content(&$a) {
require_once('view/acl_selectors.php');
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval($_SESSION['uid'])
intval(get_uid())
);
if(! count($r)) {
notice( t("Group not found.") . EOL );
notice( t('Group not found.') . EOL );
goaway($a->get_baseurl() . '/contacts');
}
$group = $r[0];
@ -145,11 +145,6 @@ function group_content(&$a) {
));
}
return $o;
}

6
mod/invite.php
View file

@ -32,9 +32,7 @@ function invite_post(&$a) {
}
notice( $total . t(' messages sent.') . EOL);
return;
}
@ -58,6 +56,4 @@ function invite_content(&$a) {
));
return $o;
}

56
mod/item.php
View file

@ -29,7 +29,7 @@ function item_post(&$a) {
if(! can_write_wall($a,$profile_uid)) {
notice("Permission denied." . EOL) ;
notice( t('Permission denied.') . EOL) ;
return;
}
@ -42,37 +42,14 @@ function item_post(&$a) {
$user = $r[0];
$str_group_allow = '';
$group_allow = $_POST['group_allow'];
if(is_array($group_allow)) {
array_walk($group_allow,'sanitise_acl');
$str_group_allow = implode('',$group_allow);
}
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$str_contact_allow = '';
$contact_allow = $_POST['contact_allow'];
if(is_array($contact_allow)) {
array_walk($contact_allow,'sanitise_acl');
$str_contact_allow = implode('',$contact_allow);
}
$str_group_deny = '';
$group_deny = $_POST['group_deny'];
if(is_array($group_deny)) {
array_walk($group_deny,'sanitise_acl');
$str_group_deny = implode('',$group_deny);
}
$str_contact_deny = '';
$contact_deny = $_POST['contact_deny'];
if(is_array($contact_deny)) {
array_walk($contact_deny,'sanitise_acl');
$str_contact_deny = implode('',$contact_deny);
}
$title = notags(trim($_POST['title']));
$body = escape_tags(trim($_POST['body']));
$location = notags(trim($_POST['location']));
$title = notags(trim($_POST['title']));
$body = escape_tags(trim($_POST['body']));
$location = notags(trim($_POST['location']));
if(! strlen($body)) {
notice( t('Empty post discarded.') . EOL );
@ -128,18 +105,7 @@ function item_post(&$a) {
$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
do {
$dups = false;
$hash = random_string();
$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
$uri = item_new_uri($a->get_hostname(),$profile_uid);
$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
`author-name`, `author-link`, `author-avatar`, `created`,
@ -246,7 +212,7 @@ function item_post(&$a) {
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" &",
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" > notify.out &",
array(),$foo));
goaway($a->get_baseurl() . "/" . $_POST['return'] );
@ -335,7 +301,7 @@ function item_content(&$a) {
// send the notification upstream/downstream as the case may be
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" &",
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"drop\" \"$drop_id\" > drop.out &",
array(), $foo));
goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);

2
mod/message.php
View file

@ -70,7 +70,7 @@ function message_post(&$a) {
$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
if($post_id) {
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" &",
proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"mail\" \"$post_id\" > mail.out &",
array(),$foo));
notice( t('Message sent.') . EOL );
}

11
mod/notifications.php
View file

@ -17,7 +17,7 @@ function notifications_post(&$a) {
WHERE `request-id` = %d
AND `uid` = %d LIMIT 1",
intval($request_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if(count($r)) {
@ -28,10 +28,13 @@ function notifications_post(&$a) {
return;
}
if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id));
$r = q("DELETE `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
intval($intro_id)
);
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($request_id),
intval($_SESSION['uid']));
intval(get_uid())
);
return;
}
if($_POST['submit'] == t('Ignore')) {

118
mod/photos.php
View file

@ -36,8 +36,7 @@ function photos_init(&$a) {
}
$a->page['aside'] .= $o;
}
return;
}
@ -53,7 +52,7 @@ function photos_post(&$a) {
$r = q("SELECT * FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
$r = q("SELECT `contact`.* `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1",
intval($_SESSION['uid'])
);
@ -95,7 +94,7 @@ function photos_post(&$a) {
$res = array();
$r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc($album)
);
if(count($r)) {
@ -110,17 +109,17 @@ function photos_post(&$a) {
$str_res = implode(',', $res);
q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($_SESSION['uid'])
intval(get_uid())
);
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($_SESSION['uid'])
intval(get_uid())
);
if(count($r)) {
foreach($r as $rr) {
q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc($rr['parent-uri']),
intval($_SESSION['uid'])
intval(get_uid())
);
$drop_id = intval($rr['id']);
@ -141,24 +140,24 @@ function photos_post(&$a) {
if(($a->argc > 1) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
$r = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc($a->argv[1])
);
if(count($r)) {
q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
intval($_SESSION['uid'])
intval(get_uid())
);
if(count($i)) {
q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($i[0]['uri']),
intval($_SESSION['uid'])
intval(get_uid())
);
$url = $a->get_baseurl();
@ -187,13 +186,13 @@ function photos_post(&$a) {
$p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC",
dbesc($resource_id),
intval($_SESSION['uid'])
intval(get_uid())
);
if(count($r)) {
$r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d",
dbesc($desc),
dbesc($resource_id),
intval($_SESSION['uid'])
intval(get_uid())
);
}
if(! $item_id) {
@ -207,24 +206,13 @@ function photos_post(&$a) {
. '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]'
. '[/url]';
do {
$dups = false;
$item_hash = random_string();
$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
$uri = item_new_uri($a->get_hostname(),get_uid());
$r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,
`owner-name`,`owner-link`,`owner-avatar`, `created`,
`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc('photo'),
dbesc($p[0]['resource-id']),
intval($contact_record['id']),
@ -263,7 +251,7 @@ function photos_post(&$a) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($item_id),
intval($_SESSION['uid'])
intval(get_uid())
);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
@ -293,45 +281,22 @@ function photos_post(&$a) {
$r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d",
dbesc($album),
intval($_SESSION['uid'])
intval(get_uid())
);
if((! count($r)) || ($album == t('Profile Photos')))
$visible = 1;
else
$visibile = 0;
$str_group_allow = '';
$group_allow = $_POST['group_allow'];
if(is_array($group_allow)) {
array_walk($group_allow,'sanitise_acl');
$str_group_allow = implode('',$group_allow);
}
$str_contact_allow = '';
$contact_allow = $_POST['contact_allow'];
if(is_array($contact_allow)) {
array_walk($contact_allow,'sanitise_acl');
$str_contact_allow = implode('',$contact_allow);
}
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$str_group_deny = '';
$group_deny = $_POST['group_deny'];
if(is_array($group_deny)) {
array_walk($group_deny,'sanitise_acl');
$str_group_deny = implode('',$group_deny);
}
$str_contact_deny = '';
$contact_deny = $_POST['contact_deny'];
if(is_array($contact_deny)) {
array_walk($contact_deny,'sanitise_acl');
$str_contact_deny = implode('',$contact_deny);
}
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$imagedata = @file_get_contents($src);
$ph = new Photo($imagedata);
@ -351,7 +316,7 @@ function photos_post(&$a) {
$photo_hash = hash('md5',uniqid(mt_rand(),true));
$r = $ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$r = $ph->store(get_uid(), 0, $photo_hash, $filename, $album, 0 , 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
if(! $r) {
notice( t('Image upload failed.') . EOL );
@ -360,13 +325,13 @@ function photos_post(&$a) {
if($width > 640 || $height > 640) {
$ph->scaleImage(640);
$ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store(get_uid(), 0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 1;
}
if($width > 320 || $height > 320) {
$ph->scaleImage(320);
$ph->store($_SESSION['uid'], 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$ph->store(get_uid(), 0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$smallest = 2;
}
@ -378,23 +343,12 @@ function photos_post(&$a) {
. '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]'
. '[/url]';
do {
$dups = false;
$item_hash = random_string();
$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $_SESSION['uid'] . ':' . $item_hash;
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
dbesc($uri));
if(count($r))
$dups = true;
} while($dups == true);
$uri = item_new_uri($a->get_hostname(), get_uid());
$r = q("INSERT INTO `item` (`uid`, `type`, `resource-id`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,
`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `visible`)
VALUES( %d, '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc('photo'),
dbesc($photo_hash),
intval($contact_record['id']),
@ -492,7 +446,7 @@ function photos_content(&$a) {
// Profile owner - everything is visible
if(local_user() && ($_SESSION['uid'] == $owner_uid)) {
if(local_user() && (get_uid() == $owner_uid)) {
$sql_extra = '';
}
elseif(remote_user()) {
@ -521,7 +475,7 @@ function photos_content(&$a) {
if($datatype == 'upload') {
if( ! (local_user() && ($_SESSION['uid'] == $a->data['user']['uid']))) {
if( ! (local_user() && (get_uid() == $a->data['user']['uid']))) {
notice( t('Permission denied.'));
return;
}
@ -581,7 +535,7 @@ function photos_content(&$a) {
if($cmd == 'edit') {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
if(local_user() && (get_uid() == $a->data['user']['uid'])) {
$edit_tpl = file_get_contents('view/album_edit.tpl');
$o .= replace_macros($edit_tpl,array(
'$nametext' => t('New album name: '),
@ -595,7 +549,7 @@ function photos_content(&$a) {
}
else {
if(($album != t('Profile Photos')) && ($album != t('Contact Photos'))) {
if(local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
if(local_user() && (get_uid() == $a->data['user']['uid'])) {
$o .= '<div id="album-edit-link"><a href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">'
. t('Edit Album') . '</a></div>';
@ -654,7 +608,7 @@ function photos_content(&$a) {
$o .= '<h3>' . '<a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']) . '">' . $ph[0]['album'] . '</a></h3>';
if(local_user() && ($ph[0]['uid'] == $_SESSION['uid'])) {
if(local_user() && ($ph[0]['uid'] == get_uid())) {
$o .= '<div id="photo-edit-link-wrap" ><a id="photo-edit-link" href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . '/edit' . '">' . t('Edit photo') . '</a></div>';
}
@ -773,7 +727,7 @@ function photos_content(&$a) {
$profile_url = $item['url'];
if(local_user() && ($item['contact-uid'] == $_SESSION['uid'])
if(local_user() && ($item['contact-uid'] == get_uid())
&& ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH) && (! $item['self'] ))
$profile_url = $redirect_url;
@ -783,7 +737,7 @@ function photos_content(&$a) {
$drop = '';
if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == $_SESSION['uid']))
if(($item['contact-id'] == $_SESSION['visitor_id']) || ($item['uid'] == get_uid()))
$drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
@ -828,7 +782,7 @@ function photos_content(&$a) {
$o .= '<h3>' . t('Recent Photos') . '</h3>';
if( local_user() && ($_SESSION['uid'] == $a->data['user']['uid'])) {
if( local_user() && (get_uid() == $a->data['user']['uid'])) {
$o .= '<div id="photo-top-links"><a id="photo-top-upload-link" href="'. $a->get_baseurl() . '/photos/'
. $a->data['user']['nickname'] . '/upload' . '">' . t('Upload New Photos') . '</a></div>';
}

8
mod/ping.php
View file

@ -9,26 +9,26 @@ function ping_init(&$a) {
$r = q("SELECT COUNT(*) AS `total` FROM `item`
WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d",
intval($_SESSION['uid'])
intval(get_uid())
);
$network = $r[0]['total'];
$r = q("SELECT COUNT(*) AS `total` FROM `item`
WHERE `unseen` = 1 AND `visible` = 1 AND `deleted` = 0 AND `uid` = %d AND `type` != 'remote' ",
intval($_SESSION['uid'])
intval(get_uid())
);
$home = $r[0]['total'];
$r = q("SELECT COUNT(*) AS `total` FROM `intro`
WHERE `uid` = %d AND `blocked` = 0 AND `ignore` = 0 ",
intval($_SESSION['uid'])
intval(get_uid())
);
$intro = $r[0]['total'];
$myurl = $a->get_baseurl() . '/profile/' . $user['nickname'] ;
$r = q("SELECT COUNT(*) AS `total` FROM `mail`
WHERE `uid` = %d AND `seen` = 0 AND `from-url` != '%s' ",
intval($_SESSION['uid']),
intval(get_uid()),
dbesc($myurl)
);

15
mod/profile.php
View file

@ -24,7 +24,7 @@ function profile_load(&$a, $username, $profile = 0) {
);
if(($r === false) || (! count($r))) {
notice("No profile" . EOL );
notice( t('No profile') . EOL );
$a->error = 404;
return;
}
@ -44,20 +44,11 @@ function profile_init(&$a) {
if($a->argc > 1)
$which = $a->argv[1];
else {
notice("No profile" . EOL );
notice( t('No profile') . EOL );
$a->error = 404;
return;
}
if((remote_user()) && ($a->argc > 2) && ($a->argv[2] == 'visit'))
$_SESSION['is_visitor'] = 1;
// else {
// unset($_SESSION['is_visitor']);
// unset($_SESSION['visitor_id']);
// if(! $_SESSION['uid'])
// unset($_SESSION['authenticated']);
// }
$profile = 0;
if((local_user()) && ($a->argc > 2) && ($a->argv[2] == 'view')) {
$which = $a->user['nickname'];
@ -173,7 +164,7 @@ function profile_content(&$a, $update = false) {
// Profile owner - everything is visible
if(local_user() && ($_SESSION['uid'] == $a->profile['uid'])) {
if(local_user() && ($_SESSION['uid'] == $a->profile['profile_uid'])) {
$sql_extra = '';
// Oh - while we're here... reset the Unseen messages

2
mod/profiles.php
View file

@ -163,7 +163,7 @@ function profiles_content(&$a) {
}
if(($a->argc > 2) && ($a->argv[1] == "drop") && intval($a->argv[2])) {
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 LIMIT 1",
$r = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d AND `is-default` = 0 AND `self` = 0 LIMIT 1",
intval($a->argv[2]),
intval($_SESSION['uid'])
);

84
mod/settings.php
View file

@ -2,25 +2,20 @@
function settings_init(&$a) {
if(! local_user()) {
notice("Permission denied." . EOL);
$a->error = 404;
return;
if(local_user()) {
require_once("mod/profile.php");
profile_load($a,$a->user['nickname']);
}
require_once("mod/profile.php");
profile_load($a,$a->user['nickname']);
}
function settings_post(&$a) {
if(! local_user()) {
notice( t('Permission denied.') . EOL);
return;
}
if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != $_SESSION['uid']) {
if(count($a->user) && x($a->user,'uid') && $a->user['uid'] != get_uid()) {
notice( t('Permission denied.') . EOL);
return;
}
@ -44,7 +39,7 @@ function settings_post(&$a) {
$password = hash('whirlpool',$newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($password),
intval($_SESSION['uid']));
intval(get_uid());
if($r)
notice( t('Password changed.') . EOL);
else
@ -52,15 +47,15 @@ function settings_post(&$a) {
}
}
$theme = notags(trim($_POST['theme']));
$username = notags(trim($_POST['username']));
$email = notags(trim($_POST['email']));
$timezone = notags(trim($_POST['timezone']));
$defloc = notags(trim($_POST['defloc']));
$theme = notags(trim($_POST['theme']));
$username = notags(trim($_POST['username']));
$email = notags(trim($_POST['email']));
$timezone = notags(trim($_POST['timezone']));
$defloc = notags(trim($_POST['defloc']));
$publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
$net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0);
$old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0);
$publish = (($_POST['profile_in_directory'] == 1) ? 1: 0);
$net_publish = (($_POST['profile_in_netdirectory'] == 1) ? 1: 0);
$old_visibility = ((intval($_POST['visibility']) == 1) ? 1 : 0);
$notify = 0;
@ -75,13 +70,11 @@ function settings_post(&$a) {
if($_POST['notify5'])
$notify += intval($_POST['notify5']);
$username_changed = false;
$email_changed = false;
$zone_changed = false;
$err = '';
if($username != $a->user['username']) {
$username_changed = true;
if(strlen($username) > 40)
$err .= t(' Please use a shorter name.');
if(strlen($username) < 3)
@ -104,38 +97,15 @@ function settings_post(&$a) {
return;
}
if($timezone != $a->user['timezone']) {
$zone_changed = true;
if(strlen($timezone))
date_default_timezone_set($timezone);
}
$str_group_allow = '';
$group_allow = $_POST['group_allow'];
if(is_array($group_allow)) {
array_walk($group_allow,'sanitise_acl');
$str_group_allow = implode('',$group_allow);
}
$str_contact_allow = '';
$contact_allow = $_POST['contact_allow'];
if(is_array($contact_allow)) {
array_walk($contact_allow,'sanitise_acl');
$str_contact_allow = implode('',$contact_allow);
}
$str_group_deny = '';
$group_deny = $_POST['group_deny'];
if(is_array($group_deny)) {
array_walk($group_deny,'sanitise_acl');
$str_group_deny = implode('',$group_deny);
}
$str_contact_deny = '';
$contact_deny = $_POST['contact_deny'];
if(is_array($contact_deny)) {
array_walk($contact_deny,'sanitise_acl');
$str_contact_deny = implode('',$contact_deny);
}
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
$str_contact_deny = perms2str($_POST['contact_deny']);
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `default-location` = '%s', `theme` = '%s' WHERE `uid` = %d LIMIT 1",
dbesc($username),
@ -148,7 +118,7 @@ function settings_post(&$a) {
intval($notify),
dbesc($defloc),
dbesc($theme),
intval($_SESSION['uid'])
intval(get_uid())
);
if($r)
notice( t('Settings updated.') . EOL);
@ -158,7 +128,7 @@ function settings_post(&$a) {
WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
intval($publish),
intval($net_publish),
intval($_SESSION['uid'])
intval(get_uid())
);
if($old_visibility != $net_publish) {
@ -178,6 +148,7 @@ function settings_post(&$a) {
}
goaway($a->get_baseurl() . '/settings' );
return; // NOTREACHED
}
@ -210,28 +181,23 @@ function settings_content(&$a) {
$opt_tpl = file_get_contents("view/profile-in-directory.tpl");
$profile_in_dir = replace_macros($opt_tpl,array(
'$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""),
'$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
'$yes_selected' => (($profile['publish']) ? " checked=\"checked\" " : ""),
'$no_selected' => (($profile['publish'] == 0) ? " checked=\"checked\" " : "")
));
if(strlen(get_config('system','directory_submit_url'))) {
$opt_tpl = file_get_contents("view/profile-in-netdir.tpl");
$profile_in_net_dir = replace_macros($opt_tpl,array(
'$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""),
'$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
'$yes_selected' => (($profile['net-publish']) ? " checked=\"checked\" " : ""),
'$no_selected' => (($profile['net-publish'] == 0) ? " checked=\"checked\" " : "")
));
}
else
$profile_in_net_dir = '';
$nickname_block = file_get_contents("view/settings_nick_set.tpl");
$nickname_subdir = '';
if(strlen($a->get_path())) {
$subdir_tpl = file_get_contents('view/settings_nick_subdir.tpl');