Merge commit 'upstream/master'

boot.php

@@ -9,9 +9,9 @@ require_once('include/nav.php');
 require_once('include/cache.php');
 
 define ( 'FRIENDICA_PLATFORM',     'Friendica');
-define ( 'FRIENDICA_VERSION',      '2.3.1294' );
+define ( 'FRIENDICA_VERSION',      '2.3.1298' );
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
-define ( 'DB_UPDATE_VERSION',      1133      );
+define ( 'DB_UPDATE_VERSION',      1134      );
 
 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
@@ -95,8 +95,8 @@ define ( 'PAGE_BLOG',              4 );
  * Network and protocol family types 
  */
 
-define ( 'NETWORK_ZOT',              'zot!');    // Zot!
 define ( 'NETWORK_DFRN',             'dfrn');    // Friendica, Mistpark, other DFRN implementations
+define ( 'NETWORK_ZOT',              'zot!');    // Zot!
 define ( 'NETWORK_OSTATUS',          'stat');    // status.net, identi.ca, GNU-social, other OStatus implementations
 define ( 'NETWORK_FEED',             'feed');    // RSS/Atom feeds with no known "post/notify" protocol
 define ( 'NETWORK_DIASPORA',         'dspr');    // Diaspora
@@ -108,6 +108,28 @@ define ( 'NETWORK_XMPP',             'xmpp');    // XMPP
 define ( 'NETWORK_MYSPACE',          'mysp');    // MySpace
 define ( 'NETWORK_GPLUS',            'goog');    // Google+
 
+/*
+ * These numbers are used in stored permissions
+ * and existing allocations MUST NEVER BE CHANGED
+ * OR RE-ASSIGNED! You may only add to them.
+ */
+
+$netgroup_ids = array(
+	NETWORK_DFRN     => (-1),
+	NETWORK_ZOT      => (-2),
+	NETWORK_OSTATUS  => (-3),
+	NETWORK_FEED     => (-4),
+	NETWORK_DIASPORA => (-5),
+	NETWORK_MAIL     => (-6),
+	NETWORK_MAIL2    => (-7),
+	NETWORK_FACEBOOK => (-8),
+	NETWORK_LINKEDIN => (-9),
+	NETWORK_XMPP     => (-10),
+	NETWORK_MYSPACE  => (-11),
+	NETWORK_GPLUS    => (-12),
+);
+
+
 /**
  * Maximum number of "people who like (or don't like) this"  that we will list by name
  */
@@ -962,6 +984,12 @@ function profile_sidebar($profile, $block = 0) {
 	if((remote_user()) && ($_SESSION['visitor_visiting'] == $profile['uid']))
 		$connect = False; 
 
+	if(get_my_url() && $profile['unkmail'])
+		$wallmessage = t('Message');
+	else
+		$wallmessage = false;
+
+
 
 	// show edit profile to yourself
 	if ($profile['uid'] == local_user()) {
@@ -1044,6 +1072,7 @@ function profile_sidebar($profile, $block = 0) {
 	$o .= replace_macros($tpl, array(
 		'$profile' => $profile,
 		'$connect'  => $connect,		
+		'$wallmessage' => $wallmessage,
 		'$location' => template_escape($location),
 		'$gender'   => $gender,
 		'$pdesc'	=> $pdesc,
@@ -1239,17 +1268,20 @@ function current_theme(){
 	$system_theme = ((isset($a->config['system']['theme'])) ? $a->config['system']['theme'] : '');
 	$theme_name = ((isset($_SESSION) && x($_SESSION,'theme')) ? $_SESSION['theme'] : $system_theme);
 	
-	if($theme_name && file_exists('view/theme/' . $theme_name . '/style.css'))
+	if($theme_name && 
+		(file_exists('view/theme/' . $theme_name . '/style.css') ||
+		file_exists('view/theme/' . $theme_name . '/style.php')))
 		return($theme_name);
 	
 	foreach($app_base_themes as $t) {
-		if(file_exists('view/theme/' . $t . '/style.css'))
+		if(file_exists('view/theme/' . $t . '/style.css')||
+		   file_exists('view/theme/' . $t . '/style.php'))
 			return($t);
 	}
 	
-	$fallback = glob('view/theme/*/style.css');
+	$fallback = glob('view/theme/*/style.[css|php]');
 	if(count($fallback))
-		return (str_replace('view/theme/','', str_replace("/style.css","",$fallback[0])));
+		return (str_replace('view/theme/','', substr($fallback[0],0,-10)));
 
 }}
 
@@ -1261,6 +1293,8 @@ if(! function_exists('current_theme_url')) {
 function current_theme_url() {
 	global $a;
 	$t = current_theme();
+	if (file_exists('view/theme/' . $t . '/style.php'))
+		return($a->get_baseurl() . '/view/theme/' . $t . '/style.pcss');
 	return($a->get_baseurl() . '/view/theme/' . $t . '/style.css');
 }}
 
@@ -1286,8 +1320,12 @@ function feed_birthday($uid,$tz) {
 	 *
 	 */
 
+	
 	$birthday = '';
 
+	if(! strlen($tz))
+		$tz = 'UTC';
+
 	$p = q("SELECT `dob` FROM `profile` WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
 		intval($uid)
 	);
@@ -1393,3 +1431,21 @@ function profile_tabs($a, $is_owner=False, $nickname=Null){
 
 	return replace_macros($tpl,array('$tabs' => $arr['tabs']));
 }}	
+
+function get_my_url() {
+	if(x($_SESSION,'my_url'))
+		return $_SESSION['my_url'];
+	return false;
+}
+
+function zrl($s) {
+	if(! strlen($s))
+		return $s;
+	if(! strpos($s,'/profile/'))
+		return $s;	
+	$achar = strpos($s,'?') ? '&' : '?';
+	$mine = get_my_url();
+	if($mine and ! link_compare($mine,$s))
+		return $s . $achar . 'zrl=' . urlencode($mine);
+	return $s;
+}

database.sql

@@ -289,9 +289,10 @@ CREATE TABLE IF NOT EXISTS `mail` (
   `convid` int(10) unsigned NOT NULL,
   `title` char(255) NOT NULL,
   `body` mediumtext NOT NULL,
-  `seen` tinyint(1) NOT NULL,
+  `seen` tinyint(1) NOT NULL DEFAULT '0',
   `reply` tinyint(1) NOT NULL DEFAULT '0',
-  `replied` tinyint(1) NOT NULL,
+  `replied` tinyint(1) NOT NULL DEFAULT '0',
+  `unknown` tinyint(1) NOT NULL DEFAULT '0',
   `uri` char(255) NOT NULL,
   `parent-uri` char(255) NOT NULL,
   `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
@@ -300,6 +301,7 @@ CREATE TABLE IF NOT EXISTS `mail` (
   KEY `guid` (`guid`),
   KEY `convid` (`convid`),
   KEY `reply` (`reply`),
+  KEY `unknown` (`unknown`),
   KEY `uri` (`uri`),
   KEY `parent-uri` (`parent-uri`),
   KEY `created` (`created`)
@@ -453,6 +455,8 @@ CREATE TABLE IF NOT EXISTS `user` (
   `blockwall` tinyint(1) unsigned NOT NULL DEFAULT '0',
   `hidewall` tinyint(1) unsigned NOT NULL DEFAULT '0',
   `blocktags` tinyint(1) unsigned NOT NULL DEFAULT '0',
+  `unkmail` tinyint(1) unsigned NOT NULL DEFAULT '0',
+  `cntunkmail` int(11) unsigned NOT NULL DEFAULT '10',
   `notify-flags` int(11) unsigned NOT NULL DEFAULT '65535', 
   `page-flags` int(11) unsigned NOT NULL DEFAULT '0',
   `prvnets` tinyint(1) NOT NULL DEFAULT '0',
@@ -472,6 +476,8 @@ CREATE TABLE IF NOT EXISTS `user` (
   KEY `account_expired` (`account_expired`),
   KEY `hidewall` (`hidewall`),
   KEY `blockwall` (`blockwall`),
+  KEY `unkmail` (`unkmail`),
+  KEY `cntunkmail` (`cntunkmail`),
   KEY `blocked` (`blocked`),
   KEY `verified` (`verified`),
   KEY `login_date` (`login_date`)

include/api.php

@@ -83,7 +83,7 @@
 			$record = $r[0];
 		} else {
 		   logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Friendika"');
+		    header('WWW-Authenticate: Basic realm="Friendica"');
 		    header('HTTP/1.0 401 Unauthorized');
 		    die('This api requires login');
 		}

include/auth.php

@@ -94,13 +94,17 @@ else {
 
 			// Otherwise it's probably an openid.
 
+                        try {
 			require_once('library/openid.php');
 			$openid = new LightOpenID;
 			$openid->identity = $openid_url;
 			$_SESSION['openid'] = $openid_url;
 			$a = get_app();
 			$openid->returnUrl = $a->get_baseurl(true) . '/openid'; 
-			goaway($openid->authUrl());
+                        goaway($openid->authUrl());
+                        } catch (Exception $e) {
+                            notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
+                        }
 			// NOTREACHED
 		}
 	}

include/contact_widgets.php

@@ -87,13 +87,13 @@ function fileas_widget($baseurl,$selected = '') {
     $cnt = preg_match_all('/\[(.*?)\]/',$saved,$matches,PREG_SET_ORDER);
     if($cnt) {
 		foreach($matches as $mtch) {
-			$unescaped = file_tag_decode($mtch[1]);
+			$unescaped = xmlify(file_tag_decode($mtch[1]));
 			$terms[] = array('name' => $unescaped,'selected' => (($selected == $unescaped) ? 'selected' : ''));
 		}
 	}
 
 	return replace_macros(get_markup_template('fileas_widget.tpl'),array(
-		'$title' => t('File Selections'),
+		'$title' => t('Saved Folders'),
 		'$desc' => '',
 		'$sel_all' => (($selected == '') ? 'selected' : ''),
 		'$all' => t('Everything'),

include/conversation.php

@@ -94,9 +94,9 @@ function localize_item(&$item){
 			
 		}
 		
-		$A = '[url=' . $Alink . ']' . $Aname . '[/url]';
-		$B = '[url=' . $Blink . ']' . $Bname . '[/url]';
-		if ($Bphoto!="") $Bphoto = '[url=' . $Blink . '][img]' . $Bphoto . '[/img][/url]';
+		$A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
+		$B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
+		if ($Bphoto!="") $Bphoto = '[url=' . zrl($Blink) . '][img]' . $Bphoto . '[/img][/url]';
 
 		$item['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$Bphoto;
 
@@ -108,8 +108,8 @@ function localize_item(&$item){
 		if(count($r)==0) return;
 		$obj=$r[0];
 		
-		$author	 = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]';
-		$objauthor =  '[url=' . $obj['author-link'] . ']' . $obj['author-name'] . '[/url]';
+		$author	 = '[url=' . zrl($item['author-link']) . ']' . $item['author-name'] . '[/url]';
+		$objauthor =  '[url=' . zrl($obj['author-link']) . ']' . $obj['author-name'] . '[/url]';
 		
 		switch($obj['verb']){
 			case ACTIVITY_POST:
@@ -158,14 +158,21 @@ function localize_item(&$item){
 				$target = $r[0];
 				$Bname = $target['author-name'];
 				$Blink = $target['author-link'];
-				$A = '[url=' . $Alink . ']' . $Aname . '[/url]';
-				$B = '[url=' . $Blink . ']' . $Bname . '[/url]';
+				$A = '[url=' . zrl($Alink) . ']' . $Aname . '[/url]';
+				$B = '[url=' . zrl($Blink) . ']' . $Bname . '[/url]';
 				$P = '[url=' . $target['plink'] . ']' . t('post/item') . '[/url]';
 				$item['body'] = sprintf( t('%1$s marked %2$s\'s %3$s as favorite'), $A, $B, $P)."\n";
 
 			}
 		}
 	}
+	$matches = null;
+	if(preg_match_all('/@\[url=(.*?)\]/is',$item['body'],$matches,PREG_SET_ORDER)) {
+		foreach($matches as $mtch) {
+			if(! strpos($mtch[1],'zrl='))
+				$item['body'] = str_replace($mtch[0],'@[url=' . zrl($mtch[1]). ']',$item['body']);
+		}
+	}
 
 }
 
@@ -243,7 +250,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 	$threads = array();
 	$threadsid = -1;
 	
-	if(count($items)) {
+	if($items && count($items)) {
 
 		if($mode === 'network-new' || $mode === 'search' || $mode === 'community') {
 
@@ -276,13 +283,16 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 				if($item['author-link'] && (! $item['author-name']))
 					$profile_name = $item['author-link'];
 
+
+
 				$sp = false;
 				$profile_link = best_link_url($item,$sp);
-				if($sp)
-					$sparkle = ' sparkle';
 				if($profile_link === 'mailbox')
 					$profile_link = '';
-
+				if($sp)
+					$sparkle = ' sparkle';
+				else
+					$profile_link = zrl($profile_link);					
 
 				$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
 				if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
@@ -484,7 +494,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 						// This will have been stored in $a->page_contact by our calling page.
 						// Put this person on the left of the wall-to-wall notice.
 
-						$owner_url = $a->page_contact['url'];
+						$owner_url = zrl($a->page_contact['url']);
 						$owner_photo = $a->page_contact['thumb'];
 						$owner_name = $a->page_contact['name'];
 						$template = $wallwall;
@@ -501,10 +511,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 						$commentww = 'ww';
 						// If it is our contact, use a friendly redirect link
 						if((link_compare($item['owner-link'],$item['url'])) 
-							&& ($item['network'] === 'dfrn')) {
+							&& ($item['network'] === NETWORK_DFRN)) {
 							$owner_url = $redirect_url;
 							$osparkle = ' sparkle';
 						}
+						else
+							$owner_url = zrl($owner_url);
 					}
 				}
 
@@ -520,9 +532,12 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 						if ($shareable) $likebuttons['share'] = array( t('Share this'), t('share'));
 					}
 
+					$qc = $qcomment =  null;
 
-					$qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null);
-					$qcomment = (($qc) ? explode("\n",$qc) : null);
+					if(in_array('qcomment',$a->plugins)) {
+						$qc = ((local_user()) ? get_pconfig(local_user(),'qcomment','words') : null);
+						$qcomment = (($qc) ? explode("\n",$qc) : null);
+					}
 
 					if(($show_comment_box) || (($show_comment_box == false) && ($override_comment_box == false) && ($item['last-child']))) {
 						$comment = replace_macros($cmnt_tpl,array(
@@ -580,7 +595,7 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 							'classtagger' => "",
 						);
 					}
-					$filer = t("file as");
+					$filer = t("save to folder");
 				}
 
 
@@ -596,14 +611,14 @@ function conversation(&$a, $items, $mode, $update, $preview = false) {
 				if($item['author-link'] && (! $item['author-name']))
 					$profile_name = $item['author-link'];
 
-
 				$sp = false;
 				$profile_link = best_link_url($item,$sp);
-				if($sp)
-					$sparkle = ' sparkle';
-
 				if($profile_link === 'mailbox')
 					$profile_link = '';
+				if($sp)
+					$sparkle = ' sparkle';
+				else
+					$profile_link = zrl($profile_link);					
 
 				$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
 				if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
@@ -767,8 +782,10 @@ function item_photo_menu($item){
 		$photos_link = $profile_link . "?url=photos";
 		$profile_link = $profile_link . "?url=profile";
 		$pm_url = $a->get_baseurl($ssl_state) . '/message/new/' . $cid;
+		$zurl = '';
 	}
 	else {
+		$profile_link = zrl($profile_link);
 		if(local_user() && local_user() == $item['uid'] && link_compare($item['url'],$item['author-link'])) {
 			$cid = $item['contact-id'];
 		}		
@@ -795,7 +812,7 @@ function item_photo_menu($item){
 	$menu = Array(
 		t("View status") => $status_link,
 		t("View profile") => $profile_link,
-		t("View photos") => $photos_link,		
+		t("View photos") => $photos_link,
 		t("View recent") => $posts_link, 
 		t("Edit contact") => $contact_url,
 		t("Send PM") => $pm_url,
@@ -828,6 +845,8 @@ function like_puller($a,$item,&$arr,$mode) {
 			$url = $a->get_baseurl(true) . '/redir/' . $item['contact-id'];
 			$sparkle = ' class="sparkle" ';
 		}
+		else
+			$url = zrl($url);
 		if(! ((isset($arr[$item['parent'] . '-l'])) && (is_array($arr[$item['parent'] . '-l']))))
 			$arr[$item['parent'] . '-l'] = array();
 		if(! isset($arr[$item['parent']]))
@@ -896,7 +915,7 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
 		'$vidurl' => t("Please enter a video link/URL:"),
 		'$audurl' => t("Please enter an audio link/URL:"),
 		'$term' => t('Tag term:'),
-		'$fileas' => t('File as:'),
+		'$fileas' => t('Save to Folder:'),
 		'$whereareu' => t('Where are you right now?')
 	));
 

include/dba.php

@@ -207,8 +207,10 @@ function q($sql) {
 	unset($args[0]);
 
 	if($db && $db->connected) {
-		$ret = $db->q(vsprintf($sql,$args));
-		return $ret;
+		$stmt = vsprintf($sql,$args);
+		if($stmt === false)
+			logger('dba: vsprintf error: ' . print_r(debug_backtrace(),true));
+		return $db->q($stmt);
 	}
 
 	/**

include/diaspora.php

@@ -688,9 +688,9 @@ function diaspora_post($importer,$xml) {
 
 				// don't link tags that are already embedded in links
 
-				if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+				if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
 					continue;
-				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
 					continue;
 
 				$basetag = str_replace('_',' ',substr($tag,1));
@@ -853,9 +853,9 @@ function diaspora_reshare($importer,$xml) {
 
 				// don't link tags that are already embedded in links
 
-				if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+				if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
 					continue;
-				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
 					continue;
 
 
@@ -1094,9 +1094,9 @@ function diaspora_comment($importer,$xml,$msg) {
 
 				// don't link tags that are already embedded in links
 
-				if(preg_match('/\[(.*?)' . preg_quote($tag) . '(.*?)\]/',$body))
+				if(preg_match('/\[(.*?)' . preg_quote($tag,'/') . '(.*?)\]/',$body))
 					continue;
-				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag) . '(.*?)\)/',$body))
+				if(preg_match('/\[(.*?)\]\((.*?)' . preg_quote($tag,'/') . '(.*?)\)/',$body))
 					continue;
 
 

include/email.php

@@ -250,7 +250,7 @@ function email_header_encode($in_str, $charset) {
 
         // remove trailing spacer and
         // add start and end delimiters
-        $spacer = preg_quote($spacer);
+        $spacer = preg_quote($spacer,'/');
         $out_str = preg_replace("/" . $spacer . "$/", "", $out_str);
         $out_str = $start . $out_str . $end;
     }

include/items.php

@@ -416,7 +416,7 @@ function get_atom_elements($feed,$item) {
 	// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining 
 	// html.
 
-	if((strpos($res['body'],'<') !== false) || (strpos($res['body'],'>') !== false)) {
+	if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
 
 		$res['body'] = reltoabs($res['body'],$base_url);
 
@@ -429,13 +429,14 @@ function get_atom_elements($feed,$item) {
 
 		// we shouldn't need a whitelist, because the bbcode converter
 		// will strip out any unsupported tags.
-		// $config->set('HTML.Allowed', 'p,b,a[href],i'); 
 
 		$purifier = new HTMLPurifier($config);
 		$res['body'] = $purifier->purify($res['body']);
 
-		$res['body'] = html2bbcode($res['body']);
+		$res['body'] = @html2bbcode($res['body']);
 	}
+	else
+		$res['body'] = escape_tags($res['body']);
 
 	$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
 	if($allow && $allow[0]['data'] == 1)
@@ -1090,12 +1091,23 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
 	$postvars     = array();
 	$sent_dfrn_id = hex2bin((string) $res->dfrn_id);
 	$challenge    = hex2bin((string) $res->challenge);
+	$perm         = (($res->perm) ? $res->perm : null);
 	$dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
 	$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
 	$page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
 
 	$final_dfrn_id = '';
 
+	if($perm) {
+		if((($perm == 'rw') && (! intval($contact['writable']))) 
+		|| (($perm == 'r') && (intval($contact['writable'])))) {
+			q("update contact set writable = %d where id = %d limit 1",
+				intval(($perm == 'rw') ? 1 : 0),
+				intval($contact['id'])
+			);
+			$contact['writable'] = (string) 1 - intval($contact['writable']);			
+		}
+	}
 
 	if(($contact['duplex'] && strlen($contact['pubkey'])) 
 		|| ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))

include/message.php

@@ -1,4 +1,5 @@
 <?php
+
 	// send a private message
 	
 
@@ -155,3 +156,87 @@ function send_message($recipient=0, $body='', $subject='', $replyto=''){
 	}
 
 }
+
+
+
+
+
+function send_wallmessage($recipient='', $body='', $subject='', $replyto=''){ 
+
+	$a = get_app();
+
+	if(! $recipient) return -1;
+	
+	if(! strlen($subject))
+		$subject = t('[no subject]');
+
+	$hash = random_string();
+ 	$uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':' . local_user() . ':' . $hash ;
+
+	$convid = 0;
+	$reply = false;
+
+	require_once('include/Scrape.php');
+
+	$me = probe_url($replyto);
+
+	if(! $me['name'])
+		return -2;
+
+	$conv_guid = get_guid();
+
+	$recip_handle = $recipient['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
+
+	$sender_nick = basename($replyto);
+	$sender_host = substr($replyto,strpos($replyto,'://')+3);
+	$sender_host = substr($sender_host,0,strpos($sender_host,'/'));
+	$sender_handle = $sender_nick . '@' . $sender_host;
+
+	$handles = $recip_handle . ';' . $sender_handle;
+
+	$r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ",
+		intval(local_user()),
+		dbesc($conv_guid),
+		dbesc($sender_handle),
+		dbesc(datetime_convert()),
+		dbesc(datetime_convert()),
+		dbesc($subject),
+		dbesc($handles)
+	);
+
+	$r = q("select * from conv where guid = '%s' and uid = %d limit 1",
+		dbesc($conv_guid),
+		intval($recipient['uid'])
+	);
+	if(count($r))
+		$convid = $r[0]['id'];
+
+	if(! $convid) {
+		logger('send message: conversation not found.');
+		return -4;
+	}
+
+	$r = q("INSERT INTO `mail` ( `uid`, `guid`, `convid`, `from-name`, `from-photo`, `from-url`, 
+		`contact-id`, `title`, `body`, `seen`, `reply`, `replied`, `uri`, `parent-uri`, `created`, `unknown`)
+		VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s', %d )",
+		intval($recipient['uid']),
+		dbesc(get_guid()),
+		intval($convid),
+		dbesc($me['name']),
+		dbesc($me['photo']),
+		dbesc($me['url']),
+		0,
+		dbesc($subject),
+		dbesc($body),
+		0,
+		0,
+		0,
+		dbesc($uri),
+		dbesc($replyto),
+		datetime_convert(),
+		1
+	);
+
+	return 0;
+
+}

include/nav.php

@@ -69,7 +69,9 @@ function nav(&$a) {
 	 * "Home" should also take you home from an authenticated remote profile connection
 	 */
 
-	$homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : '');
+	$homelink = get_my_url();
+	if(! $homelink)
+		$homelink = ((x($_SESSION,'visitor_home')) ? $_SESSION['visitor_home'] : '');
 
 	if(($a->module != 'home') && (! (local_user()))) 
 		$nav['home'] = array($homelink, t('Home'), "", t('Home Page'));

include/network.php

@@ -364,6 +364,9 @@ function lrdd($uri, $debug = false) {
 
 	logger('lrdd: host_meta: ' . $xml, LOGGER_DATA);
 
+	if(! stristr($xml,'<xrd'))
+		return array();
+
 	$h = parse_xml_string($xml);
 	if(! $h)
 		return array();

include/security.php

@@ -9,6 +9,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 	$_SESSION['authenticated'] = 1;
 	$_SESSION['page_flags'] = $user_record['page-flags'];
 	$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $user_record['nickname'];
+	$_SESSION['my_address'] = $user_record['nickname'] . '@' . substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3);
 	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
 	$a->user = $user_record;

include/text.php

@@ -205,7 +205,6 @@ function hex2bin($s) {
 		return '';
 
 	if(! ctype_xdigit($s)) {
-		logger('hex2bin: illegal input: ' . print_r(debug_backtrace(), true));
 		return($s);
 	}
 
@@ -610,6 +609,8 @@ function micropro($contact, $redirect = false, $class = '', $textmode = false) {
 			$url = $redirect_url;
 			$sparkle = ' sparkle';
 		}
+		else
+			$url = zrl($url);
 	}
 	$click = ((x($contact,'click')) ? ' onclick="' . $contact['click'] . '" ' : '');
 	if($click)
@@ -919,7 +920,7 @@ function prepare_body($item,$attach = false) {
 		foreach($matches as $mtch) {
 			if(strlen($x))
 				$x .= ',';
-			$x .= file_tag_decode($mtch[1]);
+			$x .= xmlify(file_tag_decode($mtch[1]));
 		}
 		if(strlen($x))
 			$s .= '<div class="categorytags"><span>' . t('Categories:') . ' </span>' . $x . '</div>'; 
@@ -934,7 +935,7 @@ function prepare_body($item,$attach = false) {
 		foreach($matches as $mtch) {
 			if(strlen($x))
 				$x .= '&nbsp;&nbsp;&nbsp;';
-			$x .= file_tag_decode($mtch[1]). ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . file_tag_decode($mtch[1]) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
+			$x .= xmlify(file_tag_decode($mtch[1])) . ' <a href="' . $a->get_baseurl() . '/filerm/' . $item['id'] . '?f=&term=' . xmlify(file_tag_decode($mtch[1])) . '" title="' . t('remove') . '" >' . t('[remove]') . '</a>';
 		}
 		if(strlen($x) && (local_user() == $item['uid']))
 			$s .= '<div class="filesavetags"><span>' . t('Filed under:') . ' </span>' . $x . '</div>'; 
@@ -1305,10 +1306,11 @@ function file_tag_decode($s) {
 }
 
 function file_tag_file_query($table,$s,$type = 'file') {
+
 	if($type == 'file')
-		$str = preg_quote( '[' . file_tag_encode($s) . ']' );
+		$str = preg_quote( '[' . str_replace('%','%%',file_tag_encode($s)) . ']' );
 	else
-		$str = preg_quote( '<' . file_tag_encode($s) . '>' );
+		$str = preg_quote( '<' . str_replace('%','%%',file_tag_encode($s)) . '>' );
 	return " AND " . (($table) ? dbesc($table) . '.' : '') . "file regexp '" . dbesc($str) . "' ";
 }
 

index.php

@@ -93,6 +93,9 @@ if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
 	load_translation_table($lang);
 }
 
+if(x($_GET,'zrl')) {
+	$_SESSION['my_url'] = $_GET['zrl'];
+}
 
 /**
  *

js/main.js

@@ -16,6 +16,7 @@
       document.getElementById(theID).style.display = "none" 
   }
 
+
 	var src = null;
 	var prev = null;
 	var livetime = null;
@@ -88,10 +89,12 @@
 			return false;
 		});
 		$('html').click(function() {
-			last_popup_menu.hide();
-			last_popup_button.removeClass("selected");
-			last_popup_menu = null;
-			last_popup_button = null;
+			if(last_popup_menu) {
+				last_popup_menu.hide();
+				last_popup_button.removeClass("selected");
+				last_popup_menu = null;
+				last_popup_button = null;
+			}
 		});
 		
 		// fancyboxes
@@ -166,6 +169,12 @@
  		NavUpdate(); 
 		// Allow folks to stop the ajax page updates with the pause/break key
 		$(document).keydown(function(event) {
+			if(event.keyCode == '8') {
+				var target = event.target || event.srcElement;
+				if (!/input|textarea/i.test(target.nodeName)) {
+					return false;
+				}
+			}
 			if(event.keyCode == '19' || (event.ctrlKey && event.which == '32')) {
 				event.preventDefault();
 				if(stopped == false) {

library/mcefixes/README

@@ -1,4 +1,8 @@
 In order to make TinyMCE work smoothly with Friendica, the files in this directory are those few files we've changed in TinyMCE. We will attempt to keep them current, but if you decide to upgrade tinymce, it is best to save current copies of the files in question from the active tinymce tree and replace them or merge them after upgrade. 
 
 Except for some simple theming, the primary changes are the advanced theme icon set, which we changed the "html" icon to "[]" to represent BBcode, and major changes have been made to the bbcode plugin. 
- 
+ 
+
+in TinyMCE 3.5b2 it appears that we are getting double linefeeds. Code has been put in place in mod/item.php and mod/message.php to reduce the duplicates. 
+
+

mod/dfrn_notify.php

@@ -158,6 +158,7 @@ function dfrn_notify_post(&$a) {
 		);
 	}
 			
+
 	logger('dfrn_notify: received notify from ' . $importer['name'] . ' for ' . $importer['username']);
 	logger('dfrn_notify: data: ' . $data, LOGGER_DATA);
 
@@ -174,6 +175,13 @@ function dfrn_notify_post(&$a) {
 
 	}
 
+
+	// If we are setup as a soapbox we aren't accepting input from this person
+
+	if($importer['page-flags'] == PAGE_SOAPBOX)
+		xml_status(0);
+
+
 	if(strlen($key)) {
 		$rawkey = hex2bin(trim($key));
 		logger('rino: md5 raw key: ' . md5($rawkey));
@@ -261,7 +269,7 @@ function dfrn_notify_content(&$a) {
 				break; // NOTREACHED
 		}
 
-		$r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` 
+		$r = q("SELECT `contact`.*, `user`.`nickname`, `user`.`page-flags` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` 
 				WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `user`.`nickname` = '%s' 
 				AND `user`.`account_expired` = 0 $sql_extra LIMIT 1",
 				dbesc($a->argv[1])
@@ -299,6 +307,12 @@ function dfrn_notify_content(&$a) {
 		if(! $rino_enable)
 			$rino = 0;
 
+		if((($r[0]['rel']) && ($r[0]['rel'] != CONTACT_IS_SHARING)) || ($r[0]['page-flags'] == PAGE_COMMUNITY)) {
+			$perm = 'rw';
+		}
+		else {
+			$perm = 'r';
+		}
 
 		header("Content-type: text/xml");
 
@@ -306,7 +320,8 @@ function dfrn_notify_content(&$a) {
 			. '<dfrn_notify>' . "\r\n"
 			. "\t" . '<status>' . $status . '</status>' . "\r\n"
 			. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
-			. "\t" . '<rino>' . $rino . '</rino>' . "\r\n" 
+			. "\t" . '<rino>' . $rino . '</rino>' . "\r\n"
+			. "\t" . '<perm>' . $perm . '</perm>' . "\r\n" 
 			. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n" 
 			. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
 			. '</dfrn_notify>' . "\r\n" ;

mod/dirfind.php

@@ -46,7 +46,7 @@ function dirfind_content(&$a) {
 			foreach($j->results as $jj) {
 				
 				$o .= replace_macros($tpl,array(
-					'$url' => $jj->url,
+					'$url' => zrl($jj->url),
 					'$name' => $jj->name,
 					'$photo' => $jj->photo,
 					'$tags' => $jj->tags

mod/filer.php

@@ -11,8 +11,8 @@ function filer_content(&$a) {
 		killme();
 	}
 
-	$term = notags(trim($_GET['term']));
-	$item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+	$term = unxmlify(trim($_GET['term']));
+	$item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
 
 	logger('filer: tag ' . $term . ' item ' . $item_id);
 
@@ -25,7 +25,7 @@ function filer_content(&$a) {
 		$filetags = explode("][", trim($filetags,"[]"));
 		$tpl = get_markup_template("filer_dialog.tpl");
 		$o = replace_macros($tpl, array(
-			'$field' => array('term', t("File as:"), '', '', $filetags, t('- select -')),
+			'$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')),
 			'$submit' => t('Save'),
 		));
 		

mod/filerm.php

@@ -6,8 +6,8 @@ function filerm_content(&$a) {
 		killme();
 	}
 
-	$term = notags(trim($_GET['term']));
-	$item_id = (($a->argc > 1) ? notags(trim($a->argv[1])) : 0);
+	$term = unxmlify(trim($_GET['term']));
+	$item_id = (($a->argc > 1) ? intval($a->argv[1]) : 0);
 
 	logger('filerm: tag ' . $term . ' item ' . $item_id);
 

mod/friendica.php

@@ -4,8 +4,12 @@ function friendica_init(&$a) {
 	if ($a->argv[1]=="json"){
 		$register_policy = Array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN');
 
+		$sql_extra = '';
+		if(x($a->config,'admin_nickname')) {
+			$sql_extra = sprintf(" AND nickname = '%s' ",dbesc($a->config['admin_nickname']));
+		}
 		if (isset($a->config['admin_email']) && $a->config['admin_email']!=''){
-			$r = q("SELECT username, nickname FROM user WHERE email='%s'", $a->config['admin_email']);
+			$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
 			$admin = array(
 				'name' => $r[0]['username'],
 				'profile'=> $a->get_baseurl().'/profile/'.$r[0]['nickname'],

mod/match.php

@@ -51,7 +51,7 @@ function match_content(&$a) {
 				
 				$connlnk = $a->get_baseurl() . '/follow/?url=' . $jj->url;
 				$o .= replace_macros($tpl,array(
-					'$url' => $jj->url,
+					'$url' => zrl($jj->url),
 					'$name' => $jj->name,
 					'$photo' => $jj->photo,
 					'$inttxt' => ' ' . t('is interested in:'),

mod/message.php

@@ -3,6 +3,35 @@
 require_once('include/acl_selectors.php');
 require_once('include/message.php');
 
+function message_init(&$a) {
+	$tabs = array(
+	/*
+		array(
+			'label' => t('All'),
+			'url'=> $a->get_baseurl(true) . '/message',
+			'sel'=> ($a->argc == 1),
+		),
+		array(
+			'label' => t('Sent'),
+			'url' => $a->get_baseurl(true) . '/message/sent',
+			'sel'=> ($a->argv[1] == 'sent'),
+		),
+	*/
+	);
+	$new = array(
+		'label' => t('New Message'),
+		'url' => $a->get_baseurl(true) . '/message/new',
+		'sel'=> ($a->argv[1] == 'new'),
+	);
+	
+	$tpl = get_markup_template('message_side.tpl');
+	$a->page['aside'] = replace_macros($tpl, array(
+		'$tabs'=>$tabs,
+		'$new'=>$new,
+	));
+	
+}
+
 function message_post(&$a) {
 
 	if(! local_user()) {
@@ -66,25 +95,7 @@ function message_content(&$a) {
 	$myprofile = $a->get_baseurl(true) . '/profile/' . $a->user['nickname'];
 
 
-	$tabs = array(
-		array(
-			'label' => t('Inbox'),
-			'url'=> $a->get_baseurl(true) . '/message',
-			'sel'=> (($a->argc == 1) ? 'active' : ''),
-		),
-		array(
-			'label' => t('Outbox'),
-			'url' => $a->get_baseurl(true) . '/message/sent',
-			'sel'=> (($a->argv[1] == 'sent') ? 'active' : ''),
-		),
-		array(
-			'label' => t('New Message'),
-			'url' => $a->get_baseurl(true) . '/message/new',
-			'sel'=> (($a->argv[1] == 'new') ? 'active' : ''),
-		),
-	);
-	$tpl = get_markup_template('common_tabs.tpl');
-	$tab_content = replace_macros($tpl, array('$tabs'=>$tabs));
+
 
 
 	$tpl = get_markup_template('mail_head.tpl');
@@ -181,15 +192,12 @@ function message_content(&$a) {
 		return $o;
 	}
 
-	if(($a->argc == 1) || ($a->argc == 2 && $a->argv[1] === 'sent')) {
+	if($a->argc == 1) {
+
+		// list messages
 
 		$o .= $header;
 		
-		if($a->argc == 2)
-			$eq = '='; // I'm not going to bother escaping this.
-		else
-			$eq = '!='; // or this.
-
 		$r = q("SELECT count(*) AS `total` FROM `mail` 
 			WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `created` DESC",
 			intval(local_user()),
@@ -199,11 +207,12 @@ function message_content(&$a) {
 			$a->set_pager_total($r[0]['total']);
 	
 		$r = q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`, 
-			`mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network`  
+			`mail`.* , `contact`.`name`, `contact`.`url`, `contact`.`thumb` , `contact`.`network`,
+			count( * ) as count
 			FROM `mail` LEFT JOIN `contact` ON `mail`.`contact-id` = `contact`.`id` 
-			WHERE `mail`.`uid` = %d AND `from-url` $eq '%s' GROUP BY `parent-uri` ORDER BY `mailcreated` DESC  LIMIT %d , %d ",
+			WHERE `mail`.`uid` = %d GROUP BY `parent-uri` ORDER BY `mailcreated` DESC  LIMIT %d , %d ",
 			intval(local_user()),
-			dbesc($myprofile),
+			//
 			intval($a->pager['start']),
 			intval($a->pager['itemspage'])
 		);
@@ -214,17 +223,29 @@ function message_content(&$a) {
 
 		$tpl = get_markup_template('mail_list.tpl');
 		foreach($r as $rr) {
+			if($rr['unknown']) {
+				$partecipants = sprintf( t("Unknown sender - %s"),$rr['from-name']);
+			}
+			elseif (link_compare($rr['from-url'],$myprofile)){
+				$partecipants = sprintf( t("You and %s"), $rr['name']);
+			}
+			else {
+				$partecipants = sprintf( t("%s and You"), $rr['from-name']);
+			}
+			
 			$o .= replace_macros($tpl, array(
 				'$id' => $rr['id'],
-				'$from_name' =>$rr['from-name'],
+				'$from_name' => $partecipants,
 				'$from_url' => (($rr['network'] === NETWORK_DFRN) ? $a->get_baseurl(true) . '/redir/' . $rr['contact-id'] : $rr['url']),
 				'$sparkle' => ' sparkle',
-				'$from_photo' => $rr['thumb'],
+				'$from_photo' => (($rr['thumb']) ? $rr['thumb'] : $rr['from-photo']),
 				'$subject' => template_escape((($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>')),
 				'$delete' => t('Delete conversation'),
 				'$body' => template_escape($rr['body']),
 				'$to_name' => template_escape($rr['name']),
-				'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A'))
+				'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A')),
+				'$seen' => $rr['mailseen'],
+				'$count' => sprintf( tt('%d message', '%d messages', $rr['count']), $rr['count']),
 			));
 		}
 		$o .= paginate($a);	
@@ -278,8 +299,13 @@ function message_content(&$a) {
 		));
 
 
-		$tpl = get_markup_template('mail_conv.tpl');
+		$mails = array();
+		$seen = 0;
+		$unknown = false;
+
 		foreach($messages as $message) {
+			if($message['unknown'])
+				$unknown = true;
 			if($message['from-url'] == $myprofile) {
 				$from_url = $myprofile;
 				$sparkle = '';
@@ -288,24 +314,36 @@ function message_content(&$a) {
 				$from_url = $a->get_baseurl(true) . '/redir/' . $message['contact-id'];
 				$sparkle = ' sparkle';
 			}
-			$o .= replace_macros($tpl, array(
-				'$id' => $message['id'],
-				'$from_name' => template_escape($message['from-name']),
-				'$from_url' => $from_url,
-				'$sparkle' => $sparkle,
-				'$from_photo' => $message['from-photo'],
-				'$subject' => template_escape($message['title']),
-				'$body' => template_escape(smilies(bbcode($message['body']))),
-				'$delete' => t('Delete message'),
-				'$to_name' => template_escape($message['name']),
-				'$date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A')
-			));
+			$mails[] = array(
+				'id' => $message['id'],
+				'from_name' => template_escape($message['from-name']),
+				'from_url' => $from_url,
+				'sparkle' => $sparkle,
+				'from_photo' => $message['from-photo'],
+				'subject' => template_escape($message['title']),
+				'body' => template_escape(smilies(bbcode($message['body']))),
+				'delete' => t('Delete message'),
+				'to_name' => template_escape($message['name']),
+				'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'),
+			);
 				
+			$seen = $message['seen'];
 		}
 		$select = $message['name'] . '<input type="hidden" name="messageto" value="' . $contact_id . '" />';
 		$parent = '<input type="hidden" name="replyto" value="' . $message['parent-uri'] . '" />';
-		$tpl = get_markup_template('prv_message.tpl');
-		$o .= replace_macros($tpl,array(
+			
+
+		$tpl = get_markup_template('mail_display.tpl');
+		$o = replace_macros($tpl, array(
+			'$thread_id' => $a->argv[1],
+			'$thread_subject' => $message['title'],
+			'$thread_seen' => $seen,
+			'$delete' =>  t('Delete conversation'),
+			'$canreply' => (($unknown) ? false : '1'),
+			'$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."),			
+			'$mails' => $mails,
+			
+			// reply
 			'$header' => t('Send Reply'),
 			'$to' => t('To:'),
 			'$subject' => t('Subject:'),
@@ -318,6 +356,7 @@ function message_content(&$a) {
 			'$upload' => t('Upload photo'),
 			'$insert' => t('Insert web link'),
 			'$wait' => t('Please wait')
+
 		));
 
 		return $o;

mod/network.php

@@ -393,7 +393,7 @@ function network_content(&$a, $update = 0) {
 		);
 	}
 	if(strlen($file)) {
-		$sql_extra .= file_tag_file_query('item',$file);
+		$sql_extra .= file_tag_file_query('item',unxmlify($file));
 	}
 
 	if($conv) {

mod/notifications.php

@@ -37,7 +37,11 @@ function notifications_post(&$a) {
 				intval($intro_id)
 			);	
 			if(! $fid) {
-				$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", 
+
+				// The check for blocked and pending is in case the friendship was already approved
+				// and we just want to get rid of the now pointless notification
+
+				$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1", 
 					intval($contact_id),
 					intval(local_user())
 				);
@@ -145,7 +149,7 @@ function notifications_content(&$a) {
 						'$contact_id' => $rr['contact-id'],
 						'$photo' => ((x($rr,'fphoto')) ? $rr['fphoto'] : "images/person-175.jpg"),
 						'$fullname' => $rr['fname'],
-						'$url' => $rr['furl'],
+						'$url' => zrl($rr['furl']),
 						'$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''),
 						'$activity' => array('activity', t('Post a new friend activity'), 1, t('if applicable')),
 
@@ -195,7 +199,7 @@ function notifications_content(&$a) {
 					'$fullname' => $rr['name'],
 					'$hidden' => array('hidden', t('Hide this contact from others'), ($rr['hidden'] == 1), ''),
 					'$activity' => array('activity', t('Post a new friend activity'), 1, t('if applicable')),
-					'$url' => $rr['url'],
+					'$url' => zrl($rr['url']),
 					'$knowyou' => $knowyou,
 					'$approve' => t('Approve'),
 					'$note' => $rr['note'],

mod/ping.php

@@ -22,6 +22,7 @@ function ping_init(&$a) {
 				and seen = 0 order by date desc limit 0, 50",
 				intval(local_user())
 			);
+			$sysnotify = $t[0]['total'];
 		}
 		else {
 			$z1 = q("select * from notify where uid = %d
@@ -35,6 +36,7 @@ function ping_init(&$a) {
 				intval(50 - intval($t[0]['total']))
 			);
 			$z = array_merge($z1,$z2);
+			$sysnotify = 0; // we will update this in a moment
 		}
 
 
@@ -147,13 +149,12 @@ function ping_init(&$a) {
 		$tot = $mail+$intro+$register+count($comments)+count($likes)+count($dislikes)+count($friends)+count($posts)+count($tags);
 
 		require_once('include/bbcode.php');
-		$sysnotify = 0;
 
 		if($firehose) {
 			echo '	<notif count="'.$tot.'">';
 		}
 		else {
-			if(count($z)) {
+			if(count($z) && (! $sysnotify)) {
 				foreach($z as $zz) {
 					if($zz['seen'] == 0)
 						$sysnotify ++;

mod/register.php

@@ -8,6 +8,8 @@ function register_post(&$a) {
 	$verified = 0;
 	$blocked  = 1;
 
+	$arr = array('post' => $_POST);
+	call_hooks('register_post', $arr);
 
 	$max_dailies = intval(get_config('system','max_daily_registrations'));
 	if($max_dailes) {
@@ -218,8 +220,8 @@ function register_post(&$a) {
 	$spubkey = $spkey["key"];
 
 	$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
-		`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked` )
-		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+		`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
+		VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
 		dbesc(generate_user_guid()),
 		dbesc($username),
 		dbesc($new_password_encoded),
@@ -540,6 +542,11 @@ function register_content(&$a) {
 	$license = '';
 
 	$o = get_markup_template("register.tpl");
+
+	$arr = array('template' => $o);
+
+	call_hooks('register_form',$arr);
+
 	$o = replace_macros($o, array(
 		'$oidhtml' => $oidhtml,
 		'$invitations' => get_config('system','invitation_only'),

mod/search.php

@@ -97,19 +97,16 @@ function search_content(&$a) {
 	// OR your own posts if you are a logged in member
 	// No items will be shown if the member has a blocked profile wall. 
 
-	$s_regx  = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", 
-		dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\['));
-
-	$search_alg = $s_regx;
-
 	$r = q("SELECT COUNT(*) AS `total`
 		FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`
 		WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
 		AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0) 
 			OR `item`.`uid` = %d )
 		AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-		$search_alg ",
-		intval(local_user())
+		AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", 
+		intval(local_user()),
+		dbesc(preg_quote($search)), 
+		dbesc('\\]' . preg_quote($search) . '\\[')
 	);
 
 	if(count($r))
@@ -131,9 +128,11 @@ function search_content(&$a) {
 		AND (( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' AND `item`.`private` = 0 AND `user`.`hidewall` = 0 ) 
 			OR `item`.`uid` = %d )
 		AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
-		$search_alg
+		AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' ) 
 		ORDER BY `received` DESC LIMIT %d , %d ",
 		intval(local_user()),
+		dbesc(preg_quote($search)), 
+		dbesc('\\]' . preg_quote($search) . '\\['),
 		intval($a->pager['start']),
 		intval($a->pager['itemspage'])
 

mod/settings.php

@@ -1,6 +1,19 @@
 <?php
 
 
+function get_theme_config_file($theme){
+	$a = get_app();
+	$base_theme = $a->theme_info['extends'];
+	
+	if (file_exists("view/theme/$theme/config.php")){
+		return "view/theme/$theme/config.php";
+	} 
+	if (file_exists("view/theme/$base_theme/config.php")){
+		return "view/theme/$base_theme/config.php";
+	}
+	return null;
+}
+
 function settings_init(&$a) {
 	if(local_user()) {
 		profile_load($a,$a->user['nickname']);
@@ -193,6 +206,45 @@ function settings_post(&$a) {
 		call_hooks('connector_settings_post', $_POST);
 		return;
 	}
+	
+	if(($a->argc > 1) && ($a->argv[1] == 'display')) {
+		
+		check_form_security_token_redirectOnErr('/settings/display', 'settings_display');
+
+		$theme = ((x($_POST,'theme')) ? notags(trim($_POST['theme']))  : $a->user['theme']);
+		$nosmile = ((x($_POST,'nosmile')) ? intval($_POST['nosmile'])  : 0);  
+		$browser_update   = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0);
+		$browser_update   = $browser_update * 1000;
+		if($browser_update < 10000)
+			$browser_update = 40000;
+
+		$itemspage_network   = ((x($_POST,'itemspage_network')) ? intval($_POST['itemspage_network']) : 40);
+		if($itemspage_network > 100)
+					$itemspage_network = 40;
+
+
+		set_pconfig(local_user(),'system','update_interval', $browser_update);
+		set_pconfig(local_user(),'system','itemspage_network', $itemspage_network);
+		set_pconfig(local_user(),'system','no_smilies',$nosmile);
+
+
+		if ($theme == $a->user['theme']){
+			// call theme_post only if theme has not benn changed
+			if( ($themeconfigfile = get_theme_config_file($theme)) != null){
+				require_once($themeconfigfile);
+				theme_post($a);
+			}
+		}
+
+
+		$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d LIMIT 1",
+				dbesc($theme),
+				intval(local_user())
+		);
+	
+		goaway($a->get_baseurl(true) . '/settings/display' );
+		return; // NOTREACHED
+	}
 
 	check_form_security_token_redirectOnErr('/settings', 'settings');
 	
@@ -227,7 +279,7 @@ function settings_post(&$a) {
 		}
 	}
 
-	$theme            = ((x($_POST,'theme'))      ? notags(trim($_POST['theme']))        : $a->user['theme']);
+	
 	$username         = ((x($_POST,'username'))   ? notags(trim($_POST['username']))     : '');
 	$email            = ((x($_POST,'email'))      ? notags(trim($_POST['email']))        : '');
 	$timezone         = ((x($_POST,'timezone'))   ? notags(trim($_POST['timezone']))     : '');
@@ -242,14 +294,6 @@ function settings_post(&$a) {
 	$expire_starred   = ((x($_POST,'expire_starred')) ? intval($_POST['expire_starred']) : 0);
 	$expire_photos    = ((x($_POST,'expire_photos'))? intval($_POST['expire_photos'])	 : 0);
 
-	$browser_update   = ((x($_POST,'browser_update')) ? intval($_POST['browser_update']) : 0);
-	$browser_update   = $browser_update * 1000;
-	if($browser_update < 10000)
-		$browser_update = 40000;
-
-	$itemspage_network   = ((x($_POST,'itemspage_network')) ? intval($_POST['itemspage_network']) : 40);
-	if($itemspage_network > 100)
-                $itemspage_network = 40;
 
 
 	$allow_location   = (((x($_POST,'allow_location')) && (intval($_POST['allow_location']) == 1)) ? 1: 0);
@@ -259,11 +303,12 @@ function settings_post(&$a) {
 	$page_flags       = (((x($_POST,'page-flags')) && (intval($_POST['page-flags']))) ? intval($_POST['page-flags']) : 0);
 	$blockwall        = (((x($_POST,'blockwall')) && (intval($_POST['blockwall']) == 1)) ? 0: 1); // this setting is inverted!
 	$blocktags        = (((x($_POST,'blocktags')) && (intval($_POST['blocktags']) == 1)) ? 0: 1); // this setting is inverted!
-
+	$unkmail          = (((x($_POST,'unkmail')) && (intval($_POST['unkmail']) == 1)) ? 1: 0);
+	$cntunkmail       = ((x($_POST,'cntunkmail')) ? intval($_POST['cntunkmail']) : 0);
 	$suggestme        = ((x($_POST,'suggestme')) ? intval($_POST['suggestme'])  : 0);  
 	$hide_friends     = (($_POST['hide-friends'] == 1) ? 1: 0);
 	$hidewall         = (($_POST['hidewall'] == 1) ? 1: 0);
-	$nosmile          = ((x($_POST,'nosmile')) ? intval($_POST['nosmile'])  : 0);  
+
 
 	$notify = 0;
 
@@ -345,11 +390,9 @@ function settings_post(&$a) {
 	set_pconfig(local_user(),'expire','photos', $expire_photos);
 
 	set_pconfig(local_user(),'system','suggestme', $suggestme);
-	set_pconfig(local_user(),'system','update_interval', $browser_update);
-	set_pconfig(local_user(),'system','itemspage_network', $itemspage_network);
-	set_pconfig(local_user(),'system','no_smilies',$nosmile);
 
-	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d  WHERE `uid` = %d LIMIT 1",
+
+	$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s',  `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d  WHERE `uid` = %d LIMIT 1",
 			dbesc($username),
 			dbesc($email),
 			dbesc($openid),
@@ -362,13 +405,14 @@ function settings_post(&$a) {
 			intval($page_flags),
 			dbesc($defloc),
 			intval($allow_location),
-			dbesc($theme),
 			intval($maxreq),
 			intval($expire),
 			dbesc($openidserver),
 			intval($blockwall),
 			intval($hidewall),
 			intval($blocktags),
+			intval($unkmail),
+			intval($cntunkmail),
 			intval(local_user())
 	);
 	if($r)
@@ -440,6 +484,12 @@ function settings_content(&$a) {
 			'url' 	=> $a->get_baseurl(true).'/settings',
 			'sel'	=> (($a->argc == 1)?'active':''),
 		),	
+		array(
+			'label'	=> t('Display settings'),
+			'url' 	=> $a->get_baseurl(true).'/settings/display',
+			'sel'	=> (($a->argc > 1) && ($a->argv[1] === 'display')?'active':''),
+		),	
+		
 		array(
 			'label'	=> t('Connector settings'),
 			'url' 	=> $a->get_baseurl(true).'/settings/connectors',
@@ -578,31 +628,31 @@ function settings_content(&$a) {
 		$diasp_enabled = sprintf( t('Built-in support for %s connectivity is %s'), t('Diaspora'), ((get_config('system','diaspora_enabled')) ? t('enabled') : t('disabled')));
 		$ostat_enabled = sprintf( t('Built-in support for %s connectivity is %s'), t('StatusNet'), ((get_config('system','ostatus_disabled')) ? t('disabled') : t('enabled')));
 
-	$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
-	if(get_config('system','dfrn_only'))
-		$mail_disabled = 1;
+		$mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
+		if(get_config('system','dfrn_only'))
+			$mail_disabled = 1;
 
-	if(! $mail_disabled) {
-		$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
-			local_user()
-		);
-	}
-	else {
-		$r = null;
-	}
+		if(! $mail_disabled) {
+			$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
+				local_user()
+			);
+		}
+		else {
+			$r = null;
+		}
 
-	$mail_server       = ((count($r)) ? $r[0]['server'] : '');
-	$mail_port         = ((count($r) && intval($r[0]['port'])) ? intval($r[0]['port']) : '');
-	$mail_ssl          = ((count($r)) ? $r[0]['ssltype'] : '');
-	$mail_user         = ((count($r)) ? $r[0]['user'] : '');
-	$mail_replyto      = ((count($r)) ? $r[0]['reply_to'] : '');
-	$mail_pubmail      = ((count($r)) ? $r[0]['pubmail'] : 0);
-	$mail_action       = ((count($r)) ? $r[0]['action'] : 0);
-	$mail_movetofolder = ((count($r)) ? $r[0]['movetofolder'] : '');
-	$mail_chk          = ((count($r)) ? $r[0]['last_check'] : '0000-00-00 00:00:00');
+		$mail_server       = ((count($r)) ? $r[0]['server'] : '');
+		$mail_port         = ((count($r) && intval($r[0]['port'])) ? intval($r[0]['port']) : '');
+		$mail_ssl          = ((count($r)) ? $r[0]['ssltype'] : '');
+		$mail_user         = ((count($r)) ? $r[0]['user'] : '');
+		$mail_replyto      = ((count($r)) ? $r[0]['reply_to'] : '');
+		$mail_pubmail      = ((count($r)) ? $r[0]['pubmail'] : 0);
+		$mail_action       = ((count($r)) ? $r[0]['action'] : 0);
+		$mail_movetofolder = ((count($r)) ? $r[0]['movetofolder'] : '');
+		$mail_chk          = ((count($r)) ? $r[0]['last_check'] : '0000-00-00 00:00:00');
 
 
-	$tpl = get_markup_template("settings_connectors.tpl");
+		$tpl = get_markup_template("settings_connectors.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_connectors"),
 			
@@ -618,7 +668,7 @@ function settings_content(&$a) {
 			'$mail_disabled' => (($mail_disabled) ? t('Email access is disabled on this site.') : ''),
 			'$mail_server'	=> array('mail_server',  t('IMAP server name:'), $mail_server, ''),
 			'$mail_port'	=> array('mail_port', 	 t('IMAP port:'), $mail_port, ''),
-			'$mail_ssl'		=> array('mail_ssl', 	 t('Security:'), strtoupper($mail_ssl), '', array( ''=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
+			'$mail_ssl'		=> array('mail_ssl', 	 t('Security:'), strtoupper($mail_ssl), '', array( 'notls'=>t('None'), 'TLS'=>'TLS', 'SSL'=>'SSL')),
 			'$mail_user'	=> array('mail_user',    t('Email login name:'), $mail_user, ''),
 			'$mail_pass'	=> array('mail_pass', 	 t('Email password:'), '', ''),
 			'$mail_replyto'	=> array('mail_replyto', t('Reply-to address:'), '', 'Optional'),
@@ -632,6 +682,78 @@ function settings_content(&$a) {
 		return $o;
 	}
 
+	/*
+	 * DISPLAY SETTINGS
+	 */
+	if(($a->argc > 1) && ($a->argv[1] === 'display')) {
+		$default_theme = get_config('system','theme');
+		if(! $default_theme)
+			$default_theme = 'default';
+
+		$allowed_themes_str = get_config('system','allowed_themes');
+		$allowed_themes_raw = explode(',',$allowed_themes_str);
+		$allowed_themes = array();
+		if(count($allowed_themes_raw))
+			foreach($allowed_themes_raw as $x)
+				if(strlen(trim($x)))
+					$allowed_themes[] = trim($x);
+
+		
+		$themes = array();
+		$files = glob('view/theme/*');
+		if($allowed_themes) {
+			foreach($allowed_themes as $th) {
+				$f = $th;
+				$is_experimental = file_exists('view/theme/' . $th . '/experimental');
+				$unsupported = file_exists('view/theme/' . $th . '/unsupported');
+				if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ 
+					$theme_name = (($is_experimental) ?  sprintf("%s - \x28Experimental\x29", $f) : $f);
+					$themes[$f]=$theme_name;
+				}
+			}
+		}
+		$theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']);
+		
+		$browser_update = intval(get_pconfig(local_user(), 'system','update_interval'));
+		$browser_update = (($browser_update == 0) ? 40 : $browser_update / 1000); // default if not set: 40 seconds
+
+		$itemspage_network = intval(get_pconfig(local_user(), 'system','itemspage_network'));
+		$itemspage_network = (($itemspage_network > 0 && $itemspage_network < 101) ? $itemspage_network : 40); // default if not set: 40 items
+		
+		$nosmile = get_pconfig(local_user(),'system','no_smilies');
+		$nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0
+
+
+		$theme_config = "";
+		if( ($themeconfigfile = get_theme_config_file($theme_selected)) != null){
+			require_once($themeconfigfile);
+			$theme_config = theme_content($a);
+		}
+		
+		$tpl = get_markup_template("settings_display.tpl");
+		$o = replace_macros($tpl, array(
+			'$tabs' 	=> $tabs,
+			'$ptitle' 	=> t('Display Settings'),
+			'$form_security_token' => get_form_security_token("settings_display"),
+			'$submit' 	=> t('Submit'),
+			'$baseurl' => $a->get_baseurl(true),
+			'$uid' => local_user(),
+		
+			'$theme'	=> array('theme', t('Display Theme:'), $theme_selected, '', $themes),
+			'$ajaxint'   => array('browser_update',  t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')),
+			'$itemspage_network'   => array('itemspage_network',  t("Number of items to display on the network page:"), $itemspage_network, t('Maximum of 100 items')),
+			'$nosmile'	=> array('nosmile', t("Don't show emoticons"), $nosmile, ''),
+			
+			'$theme_config' => $theme_config,
+		));
+		
+		return $o;
+	}
+	
+	
+	/*
+	 * ACCOUNT SETTINGS
+	 */
 
 	require_once('include/acl_selectors.php');
 
@@ -641,17 +763,19 @@ function settings_content(&$a) {
 	if(count($p))
 		$profile = $p[0];
 
-	$username = $a->user['username'];
-	$email    = $a->user['email'];
-	$nickname = $a->user['nickname'];
-	$timezone = $a->user['timezone'];
-	$notify   = $a->user['notify-flags'];
-	$defloc   = $a->user['default-location'];
-	$openid   = $a->user['openid'];
-	$maxreq   = $a->user['maxreq'];
-	$expire   = ((intval($a->user['expire'])) ? $a->user['expire'] : '');
-	$blockwall = $a->user['blockwall'];
-	$blocktags = $a->user['blocktags'];
+	$username   = $a->user['username'];
+	$email      = $a->user['email'];
+	$nickname   = $a->user['nickname'];
+	$timezone   = $a->user['timezone'];
+	$notify     = $a->user['notify-flags'];
+	$defloc     = $a->user['default-location'];
+	$openid     = $a->user['openid'];
+	$maxreq     = $a->user['maxreq'];
+	$expire     = ((intval($a->user['expire'])) ? $a->user['expire'] : '');
+	$blockwall  = $a->user['blockwall'];
+	$blocktags  = $a->user['blocktags'];
+	$unkmail    = $a->user['unkmail'];
+	$cntunkmail = $a->user['cntunkmail'];
 
 	$expire_items = get_pconfig(local_user(), 'expire','items');
 	$expire_items = (($expire_items===false)? '1' : $expire_items); // default if not set: 1
@@ -669,14 +793,7 @@ function settings_content(&$a) {
 	$suggestme = get_pconfig(local_user(), 'system','suggestme');
 	$suggestme = (($suggestme===false)? '0': $suggestme); // default if not set: 0
 
-	$browser_update = intval(get_pconfig(local_user(), 'system','update_interval'));
-	$browser_update = (($browser_update == 0) ? 40 : $browser_update / 1000); // default if not set: 40 seconds
 
-	$itemspage_network = intval(get_pconfig(local_user(), 'system','itemspage_network'));
-	$itemspage_network = (($itemspage_network > 0 && $itemspage_network < 101) ? $itemspage_network : 40); // default if not set: 40 items
-	
-	$nosmile = get_pconfig(local_user(),'system','no_smilies');
-	$nosmile = (($nosmile===false)? '0': $nosmile); // default if not set: 0
 	
 	if(! strlen($a->user['timezone']))
 		$timezone = date_default_timezone_get();
@@ -758,6 +875,12 @@ function settings_content(&$a) {
 	));
 
 
+	$unkmail = replace_macros($opt_tpl,array(
+			'$field' 	=> array('unkmail',  t('Permit unknown people to send you private mail?'), $unkmail, '', array(t('No'),t('Yes'))),
+
+	));
+
+
 	$invisible = (((! $profile['publish']) && (! $profile['net-publish']))
 		? true : false);
 
@@ -765,33 +888,7 @@ function settings_content(&$a) {
 		info( t('Profile is <strong>not published</strong>.') . EOL );
 
 	
-	$default_theme = get_config('system','theme');
-	if(! $default_theme)
-		$default_theme = 'default';
 
-	$allowed_themes_str = get_config('system','allowed_themes');
-	$allowed_themes_raw = explode(',',$allowed_themes_str);
-	$allowed_themes = array();
-	if(count($allowed_themes_raw))
-		foreach($allowed_themes_raw as $x)
-			if(strlen(trim($x)))
-				$allowed_themes[] = trim($x);
-
-	
-	$themes = array();
-	$files = glob('view/theme/*');
-	if($allowed_themes) {
-		foreach($allowed_themes as $th) {
-			$f = $th;
-			$is_experimental = file_exists('view/theme/' . $th . '/experimental');
-			$unsupported = file_exists('view/theme/' . $th . '/unsupported');
-			if (!$is_experimental or ($is_experimental && (get_config('experimentals','exp_themes')==1 or get_config('experimentals','exp_themes')===false))){ 
-				$theme_name = (($is_experimental) ?  sprintf("%s - \x28Experimental\x29", $f) : $f);
-				$themes[$f]=$theme_name;
-			}
-		}
-	}
-	$theme_selected = (!x($_SESSION,'theme')? $default_theme : $_SESSION['theme']);
 
 
 	$subdir = ((strlen($a->get_path())) ? '<br />' . t('or') . ' ' . $a->get_baseurl(true) . '/profile/' . $nickname : '');
@@ -842,10 +939,7 @@ function settings_content(&$a) {
 		'$timezone' => array('timezone_select' , t('Your Timezone:'), select_timezone($timezone), ''),
 		'$defloc'	=> array('defloc', t('Default Post Location:'), $defloc, ''),
 		'$allowloc' => array('allow_location', t('Use Browser Location:'), ($a->user['allow_location'] == 1), ''),
-		'$theme'	=> array('theme', t('Display Theme:'), $theme_selected, '', $themes),
-		'$ajaxint'   => array('browser_update',  t("Update browser every xx seconds"), $browser_update, t('Minimum of 10 seconds, no maximum')),
-		'$itemspage_network'   => array('itemspage_network',  t("Number of items to display on the network page:"), $itemspage_network, t('Maximum of 100 items')),
-		'$nosmile'	=> array('nosmile', t("Don't show emoticons"), $nosmile, ''),
+		
 
 		'$h_prv' 	=> t('Security and Privacy Settings'),
 
@@ -863,7 +957,8 @@ function settings_content(&$a) {
 		'$profile_in_net_dir' => $profile_in_net_dir,
 		'$hide_friends' => $hide_friends,
 		'$hide_wall' => $hide_wall,
-		
+		'$unkmail' => $unkmail,		
+		'$cntunkmail' 	=> array('cntunkmail', t('Maximum private messages per day from unknown people:'), $cntunkmail ,t("\x28to prevent spam abuse\x29")),
 		
 		
 		'$h_not' 	=> t('Notification Settings'),

mod/suggest.php

@@ -52,7 +52,7 @@ function suggest_content(&$a) {
 		$connlnk = $a->get_baseurl() . '/follow/?url=' . (($rr['connect']) ? $rr['connect'] : $rr['url']);			
 
 		$o .= replace_macros($tpl,array(
-			'$url' => $rr['url'],
+			'$url' => zrl($rr['url']),
 			'$name' => $rr['name'],
 			'$photo' => $rr['photo'],
 			'$ignlnk' => $a->get_baseurl() . '/suggest?ignore=' . $rr['id'],

mod/view.php

@@ -0,0 +1,16 @@
+<?php
+/**
+ * load view/theme/$current_theme/style.php with friendica contex
+ */
+ 
+function view_init($a){
+	header("Content-Type: text/css");
+		
+	if ($a->argc == 4){
+		$theme = $a->argv[2];
+		$THEMEPATH = "view/theme/$theme";
+		require_once("view/theme/$theme/style.php");
+	}
+	
+	killme();
+}

mod/viewcontacts.php

@@ -54,6 +54,8 @@ function viewcontacts_content(&$a) {
 
 		if($is_owner && ($rr['network'] === NETWORK_DFRN) && ($rr['rel']))
 			$url = 'redir/' . $rr['id'];
+		else
+			$url = zrl($url);
 
 		$contacts[] = array(
 			'id' => $rr['id'],

mod/wallmessage.php

@@ -0,0 +1,149 @@
+<?php
+
+require_once('include/message.php');
+
+function wallmessage_post(&$a) {
+
+	$replyto = get_my_url();
+	if(! $replyto) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	$subject   = ((x($_REQUEST,'subject'))   ? notags(trim($_REQUEST['subject']))   : '');
+	$body      = ((x($_REQUEST,'body'))      ? escape_tags(trim($_REQUEST['body'])) : '');
+
+	$recipient = (($a->argc > 1) ? notags($a->argv[1]) : '');
+	if((! $recipient) || (! $body)) {
+		return;
+	}
+
+	$r = q("select * from user where nickname = '%s' limit 1",
+		dbesc($recipient)
+	);
+
+	if(! count($r)) {
+		logger('wallmessage: no recipient');
+		return;
+	}
+
+	$user = $r[0];
+
+	if(! intval($user['unkmail'])) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	$r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1",
+			intval($user['uid'])
+	);
+
+	if($r[0]['total'] > $user['cntunkmail']) {
+		notice( sprintf( t('Number of daily wall messages for %s exceeded. Message failed.', $user['username'])));
+		return;
+	}
+
+	// Work around doubled linefeeds in Tinymce 3.5b2
+dbg(1);
+	$body = str_replace("\r\n","\n",$body);
+	$body = str_replace("\n\n","\n",$body);
+
+	
+	$ret = send_wallmessage($user, $body, $subject, $replyto);
+
+	switch($ret){
+		case -1:
+			notice( t('No recipient selected.') . EOL );
+			break;
+		case -2:
+			notice( t('Unable to check your home location.') . EOL );
+			break;
+		case -3:
+			notice( t('Message could not be sent.') . EOL );
+			break;
+		case -4:
+			notice( t('Message collection failure.') . EOL );
+			break;
+		default:
+			info( t('Message sent.') . EOL );
+	}
+dbg(0);
+//	goaway($a->get_baseurl() . '/profile/' . $user['nickname']);
+	
+}
+
+
+function wallmessage_content(&$a) {
+
+	if(! get_my_url()) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	$recipient = (($a->argc > 1) ? $a->argv[1] : '');
+
+	if(! $recipient) {
+		notice( t('No recipient.') . EOL);
+		return;
+	}
+
+	$r = q("select * from user where nickname = '%s' limit 1",
+		dbesc($recipient)
+	);
+
+	if(! count($r)) {
+		notice( t('No recipient.') . EOL);
+		logger('wallmessage: no recipient');
+		return;
+	}
+
+	$user = $r[0];
+
+	if(! intval($user['unkmail'])) {
+		notice( t('Permission denied.') . EOL);
+		return;
+	}
+
+	$r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1",
+			intval($user['uid'])
+	);
+
+	if($r[0]['total'] > $user['cntunkmail']) {
+		notice( sprintf( t('Number of daily wall messages for %s exceeded. Message failed.', $user['username'])));
+		return;
+	}
+
+
+
+	$tpl = get_markup_template('wallmsg-header.tpl');
+
+		$a->page['htmlhead'] .= replace_macros($tpl, array(
+			'$baseurl' => $a->get_baseurl(true),
+			'$editselect' => '/(profile-jot-text|prvmail-text)/',
+			'$nickname' => $user['nickname'],
+			'$linkurl' => t('Please enter a link URL:')
+		));
+	
+
+	
+		$tpl = get_markup_template('wallmessage.tpl');
+		$o .= replace_macros($tpl,array(
+			'$header' => t('Send Private Message'),
+			'$subheader' => sprintf( t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.'), $user['username']),
+			'$to' => t('To:'),
+			'$subject' => t('Subject:'),
+			'$recipname' => $user['username'],
+			'$nickname' => $user['nickname'],
+			'$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''),
+			'$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
+			'$readonly' => '',
+			'$yourmessage' => t('Your message:'),
+			'$select' => $select,
+			'$parent' => '',
+			'$upload' => t('Upload photo'),
+			'$insert' => t('Insert web link'),
+			'$wait' => t('Please wait')
+		));
+
+		return $o;
+	}

update.php

@@ -1,6 +1,6 @@
 <?php
 
-define( 'UPDATE_VERSION' , 1133 );
+define( 'UPDATE_VERSION' , 1134 );
 
 /**
  *
@@ -1136,3 +1136,8 @@ INDEX ( `username` )
 
 }
 
+function update_1133() {
+	q("ALTER TABLE `user` ADD `unkmail` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `blocktags` , ADD INDEX ( `unkmail` ) ");
+	q("ALTER TABLE `user` ADD `cntunkmail` INT NOT NULL DEFAULT '10' AFTER `unkmail` , ADD INDEX ( `cntunkmail` ) ");
+	q("ALTER TABLE `mail` ADD `unknown` TINYINT( 1 ) NOT NULL DEFAULT '0' AFTER `replied` , ADD INDEX ( `unknown` ) ");
+}

view/field_combobox.tpl

@@ -1,6 +1,6 @@
 	
 	<div class='field combobox'>
-		<label for='id_$field.0'>$field.1</label>
+		<label for='id_$field.0' id='id_$field.0_label'>$field.1</label>
 		{# html5 don't work on Chrome, Safari and IE9
 		<input id="id_$field.0" type="text" list="data_$field.0" >
 		<datalist id="data_$field.0" >

view/mail_conv.tpl

@@ -1,13 +1,13 @@
 <div class="mail-conv-outside-wrapper">
 	<div class="mail-conv-sender" >
-		<a href="$from_url" class="mail-conv-sender-url" ><img class="mframe mail-conv-sender-photo$sparkle" src="$from_photo" heigth="80" width="80" alt="$from_name" /></a>
+		<a href="$mail.from_url" class="mail-conv-sender-url" ><img class="mframe mail-conv-sender-photo$mail.sparkle" src="$mail.from_photo" heigth="80" width="80" alt="$mail.from_name" /></a>
 	</div>
 	<div class="mail-conv-detail" >
-		<div class="mail-conv-sender-name" >$from_name</div>
-		<div class="mail-conv-date">$date</div>
-		<div class="mail-conv-subject">$subject</div>
-		<div class="mail-conv-body">$body</div>
-	<div class="mail-conv-delete-wrapper" id="mail-conv-delete-wrapper-$id" ><a href="message/drop/$id" class="icon drophide delete-icon mail-list-delete-icon" onclick="return confirmDelete();" title="$delete" id="mail-conv-delete-icon-$id" class="mail-conv-delete-icon" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a></div><div class="mail-conv-delete-end"></div>
+		<div class="mail-conv-sender-name" >$mail.from_name</div>
+		<div class="mail-conv-date">$mail.date</div>
+		<div class="mail-conv-subject">$mail.subject</div>
+		<div class="mail-conv-body">$mail.body</div>
+	<div class="mail-conv-delete-wrapper" id="mail-conv-delete-wrapper-$mail.id" ><a href="message/drop/$mail.id" class="icon drophide delete-icon mail-list-delete-icon" onclick="return confirmDelete();" title="$mail.delete" id="mail-conv-delete-icon-$mail.id" class="mail-conv-delete-icon" onmouseover="imgbright(this);" onmouseout="imgdull(this);" ></a></div><div class="mail-conv-delete-end"></div>
 	<div class="mail-conv-outside-wrapper-end"></div>
 </div>
 </div>

view/mail_display.tpl

@@ -0,0 +1,10 @@
+
+{{ for $mails as $mail }}
+	{{ inc mail_conv.tpl }}{{endinc}}
+{{ endfor }}
+
+{{ if $canreply }}
+{{ inc prv_message.tpl }}{{ endinc }}
+{{ else }}
+$unknown_text
+{{endif }}

view/message_side.tpl

@@ -0,0 +1,10 @@
+<div id="message-sidebar" class="widget">
+	<div id="message-new"><a href="$new.url" class="{{ if $new.sel }}newmessage-selected{{ endif }}">$new.label</a> </div>
+	
+	<ul class="message-ul">
+		{{ for $tabs as $t }}
+			<li class="tool"><a href="$t.url" class="message-link{{ if $t.sel }}message-selected{{ endif }}">$t.label</a></li>
+		{{ endfor }}
+	</ul>
+	
+</div>

view/profile_vcard.tpl

@@ -38,6 +38,9 @@
 			{{ if $connect }}
 				<li><a id="dfrn-request-link" href="dfrn_request/$profile.nickname">$connect</a></li>
 			{{ endif }}
+			{{ if $wallmessage }}
+				<li><a id="wallmessage-link" href="wallmessage/$profile.nickname">$wallmessage</a></li>
+			{{ endif }}
 		</ul>
 	</div>
 </div>

view/settings.tpl

@@ -28,10 +28,7 @@ $nickname_block
 {{inc field_custom.tpl with $field=$timezone }}{{endinc}}
 {{inc field_input.tpl with $field=$defloc }}{{endinc}}
 {{inc field_checkbox.tpl with $field=$allowloc }}{{endinc}}
-{{inc field_themeselect.tpl with $field=$theme }}{{endinc}}
-{{inc field_input.tpl with $field=$ajaxint }}{{endinc}}
-{{inc field_input.tpl with $field=$itemspage_network }}{{endinc}}
-{{inc field_checkbox.tpl with $field=$nosmile}}{{endinc}}
+
 
 <div class="settings-submit-wrapper" >
 <input type="submit" name="submit" class="settings-submit" value="$submit" />
@@ -59,6 +56,10 @@ $blocktags
 
 $suggestme
 
+$unkmail
+
+{{inc field_input.tpl with $field=$cntunkmail }}{{endinc}}
+
 {{inc field_input.tpl with $field=$expire.days }}{{endinc}}
 <div class="field input">
 	<span class="field_help"><a href="#advanced-expire-popup" id="advanced-expire" class='popupbox' title="$expire.advanced">$expire.label</a></span>

view/settings_display.tpl

@@ -0,0 +1,23 @@
+$tabs
+
+<h1>$ptitle</h1>
+
+<form action="settings/display" id="settings-form" method="post" autocomplete="off" >
+<input type='hidden' name='form_security_token' value='$form_security_token'>
+
+{{inc field_themeselect.tpl with $field=$theme }}{{endinc}}
+{{inc field_input.tpl with $field=$ajaxint }}{{endinc}}
+{{inc field_input.tpl with $field=$itemspage_network }}{{endinc}}
+{{inc field_checkbox.tpl with $field=$nosmile}}{{endinc}}
+
+
+<div class="settings-submit-wrapper" >
+<input type="submit" name="submit" class="settings-submit" value="$submit" />
+</div>
+
+{{ if $theme_config }}
+<h2>Theme settings</h2>
+$theme_config
+{{ endif }}
+
+</form>

view/theme/diabook-aerith/communityhome.tpl

@@ -0,0 +1,92 @@
+<div id="close_pages">
+{{ if $page }}
+<div>$page</div>
+{{ endif }}
+</div>
+
+<div id="close_helpers">
+{{ if $lastusers_title }}
+<h3 style="margin-top:0px;">Help or @NewHere ?<a id="close_helpers_icon"  onClick="close_helpers()" class="icon close_box" title="close"></a></h3>
+<a href="http://kakste.com/profile/newhere" title="#NewHere" style="margin-left: 10px; " target="blank">NewHere</a><br>
+<a href="https://helpers.pyxis.uberspace.de/profile/helpers" style="margin-left: 10px; " title="Friendica Support" target="blank">Friendica Support</a><br>
+<a href="https://letstalk.pyxis.uberspace.de/profile/letstalk" style="margin-left: 10px; " title="Let's talk" target="blank">Let's talk</a><br>
+<a href="http://newzot.hydra.uberspace.de/profile/newzot" title="Local Friendica" style="margin-left: 10px; " target="blank">Local Friendica</a>
+{{ endif }}
+</div>
+
+<div id="close_services">
+{{ if $lastusers_title }}
+<h3>Connectable Services<a id="close_services_icon" onClick="close_services()" class="icon close_box" title="close"></a></h3>
+<div id="right_service_icons" style="margin-left: 16px; margin-top: 5px;">
+<a href="$url/facebook"><img alt="Facebook" src="view/theme/diabook-aerith/icons/facebook.png" title="Facebook"></a>
+<a href="$url/settings/connectors"><img alt="StatusNet" src="view/theme/diabook-aerith/icons/StatusNet.png?" title="StatusNet"></a>
+<a href="$url/settings/connectors"><img alt="LiveJournal" src="view/theme/diabook-aerith/icons/livejournal.png?" title="LiveJournal"></a>
+<a href="$url/settings/connectors"><img alt="Posterous" src="view/theme/diabook-aerith/icons/posterous.png?" title="Posterous"></a>
+<a href="$url/settings/connectors"><img alt="Tumblr" src="view/theme/diabook-aerith/icons/tumblr.png?" title="Tumblr"></a>
+<a href="$url/settings/connectors"><img alt="Twitter" src="view/theme/diabook-aerith/icons/twitter.png?" title="Twitter"></a>
+<a href="$url/settings/connectors"><img alt="WordPress" src="view/theme/diabook-aerith/icons/wordpress.png?" title="WordPress"></a>
+<a href="$url/settings/connectors"><img alt="E-Mail" src="view/theme/diabook-aerith/icons/email.png?" title="E-Mail"></a>
+</div>
+{{ endif }}
+</div>
+
+<div id="close_friends" style="margin-bottom:53px;">
+{{ if $nv }}
+<h3>Find Friends<a id="close_friends_icon" onClick="close_friends()"  class="icon close_box" title="close"></a></h3>
+<a class="$nv.directory.2" href="$nv.directory.0" style="margin-left: 10px; " title="$nv.directory.3" >$nv.directory.1</a><br>
+<a class="$nv.match.2" href="$nv.match.0" style="margin-left: 10px; " title="$nv.match.3" >$nv.match.1</a><br>
+<a class="$nv.suggest.2" href="$nv.suggest.0" style="margin-left: 10px; " title="$nv.suggest.3" >$nv.suggest.1</a><br>
+<a class="$nv.invite.2" href="$nv.invite.0" style="margin-left: 10px; " title="$nv.invite.3" >$nv.invite.1</a>			
+$nv.search
+{{ endif }}
+</div>
+
+<div id="close_postit">
+{{ if $lastusers_title }}
+<h3>PostIt to Friendica<a id="close_postit_icon" onClick="close_postit()" class="icon close_box" title="close"></a></h3>
+<div style="padding-left: 8px;"><span ><a href="$fostitJS" title="PostIt">Post to Friendica</a> from anywhere by bookmarking the Link.</span></div>
+{{ endif }}
+</div>
+
+<div id="close_lastusers">
+{{ if $lastusers_title }}
+<h3>$lastusers_title<a id="close_lastusers_icon" onClick="close_lastusers()" class="icon close_box" title="close"></a></h3>
+<div id='lastusers-wrapper' class='items-wrapper'>
+{{ for $lastusers_items as $i }}
+	$i
+{{ endfor }}
+</div>
+{{ endif }}
+</div>
+
+
+{{ if $activeusers_title }}
+<h3>$activeusers_title</h3>
+<div class='items-wrapper'>
+{{ for $activeusers_items as $i }}
+	$i
+{{ endfor }}
+</div>
+{{ endif }}
+
+<div id="close_lastphotos">
+{{ if $photos_title }}
+<h3>$photos_title<a id="close_photos_icon" onClick="close_lastphotos()"  class="icon close_box" title="close"></a></h3>
+<div id='ra-photos-wrapper' class='items-wrapper'>
+{{ for $photos_items as $i }}
+	$i
+{{ endfor }}
+</div>
+{{ endif }}
+</div>
+
+<div id="close_lastlikes">
+{{ if $like_title }}
+<h3>$like_title<a id="close_lastlikes_icon" onClick="close_lastlikes()" class="icon close_box" title="close"></a></h3>
+<ul id='likes'>
+{{ for $like_items as $i }}
+	<li id='ra-photos-wrapper'>$i</li>
+{{ endfor }}
+</ul>
+{{ endif }}
+</div>

view/theme/diabook-aerith/contact_template.tpl

@@ -0,0 +1,25 @@
+
+<div class="contact-entry-wrapper" id="contact-entry-wrapper-$contact.id" >
+	<div class="contact-entry-photo-wrapper" >
+		<div class="contact-entry-photo mframe" id="contact-entry-photo-$contact.id"
+		onmouseover="if (typeof t$contact.id != 'undefined') clearTimeout(t$contact.id); openMenu('contact-photo-menu-button-$contact.id')" 
+		onmouseout="t$contact.id=setTimeout('closeMenu(\'contact-photo-menu-button-$contact.id\'); closeMenu(\'contact-photo-menu-$contact.id\');',200)" >
+
+			<a href="$contact.url" title="$contact.img_hover" /><img src="$contact.thumb" $contact.sparkle alt="$contact.name" /></a>
+
+			{{ if $contact.photo_menu }}
+			<span onclick="openClose('contact-photo-menu-$contact.id');" class="fakelink contact-photo-menu-button" id="contact-photo-menu-button-$contact.id">menu</span>
+                <div class="contact-photo-menu" id="contact-photo-menu-$contact.id">
+                    <ul>
+                        $contact.photo_menu
+                    </ul>
+                </div>
+			{{ endif }}
+		</div>
+			
+	</div>
+	<div class="contact-entry-photo-end" ></div>
+		<div class="contact-entry-name" id="contact-entry-name-$contact.id" >$contact.name</div>
+
+	<div class="contact-entry-end" ></div>
+</div>

view/theme/diabook-aerith/directory_item.tpl

@@ -0,0 +1,10 @@
+
+<div class="directory-item" id="directory-item-$id" >
+	<div class="directory-photo-wrapper" id="directory-photo-wrapper-$id" > 
+		<div class="directory-photo" id="directory-photo-$id" >
+			<a href="$profile-link" class="directory-profile-link" id="directory-profile-link-$id" >
+				<img class="directory-photo-img" src="$photo" alt="$alt-text" title="$alt-text" />
+			</a>
+		</div>
+	</div>
+</div>

view/theme/diabook-aerith/fpostit/README

@@ -0,0 +1,8 @@
+fpostit
+
+original author: Devlon Duthied
+
+see his blog posting:
+http://blog.duthied.com/2011/09/13/node-agnostic-friendika-bookmarklet/
+
+original published at github https://github.com/duthied/Friendika-Bookmarklet

view/theme/diabook-aerith/fpostit/fpostit.js

@@ -0,0 +1,6 @@
+javascript: (function() {
+    					the_url = 'localhost/view/theme/diabook/fpostit/fpostit.php?url=' + encodeURIComponent(window.location.href) + '&title=' + encodeURIComponent(document.title) + '&text=' + encodeURIComponent(''+(window.getSelection ? window.getSelection() : document.getSelection ? document.getSelection() : document.selection.createRange().text));
+    						a_funct = function() {
+        						if (!window.open(the_url, 'fpostit', 'location=yes,links=no,scrollbars=no,toolbar=no,width=600,height=300')) location.href = the_url};
+    							if (/Firefox/.test(navigator.userAgent)) {setTimeout(a_funct, 0)} 
+    							else {a_funct()}})()"

view/theme/diabook-aerith/fpostit/fpostit.php

@@ -0,0 +1,135 @@
+<?php
+if (!isset($_POST["friendika_acct_name"])) $_POST["friendika_acct_name"] = '';
+if (!isset($_COOKIE['username'])) $_COOKIE['username'] = '';
+if (!isset($_COOKIE['password'])) $_COOKIE['password'] = '';
+if (!isset($hostname)) $hostname = '';
+if (!isset($username)) $username = '';
+
+
+if (($_POST["friendika_acct_name"] != '') && ($_POST["friendika_password"] != '')) {
+	setcookie("username", $_POST["friendika_acct_name"], time()+60*60*24*300);
+	setcookie("password", $_POST["friendika_password"], time()+60*60*24*300);
+}
+
+?>
+<html>
+<head>
+	<style>
+		body {
+			font-family: arial, Helvetica,sans-serif;
+			margin: 0px;
+		}
+		.wrap1 {
+			padding: 2px 5px;
+			background-color: #000;
+			margin-bottom: 10px;
+		}
+		.wrap2 {
+			margin-left: 10px;
+			font-size: 12px;
+		}
+		.logo {
+			margin-left: 3px;
+			margin-right: 5px;
+			float: left;
+		}
+		h2 {
+			color: #ffffff;
+		}
+		.error {
+			background-color: #FFFF66;
+			font-size: 12px;
+			margin-left: 10px;
+		}
+	</style>
+</head>
+
+<body>
+<?php
+
+if (isset($_GET['title'])) {
+	$title = $_GET['title'];
+}
+if (isset($_GET['text'])) {
+	$text = $_GET['text'];
+}
+if (isset($_GET['url'])) {
+	$url = $_GET['url'];
+}
+
+if ((isset($title)) && (isset($text)) && (isset($url))) {
+	$content = "$title\nsource:$url\n\n$text";
+} else {
+	$content = $_POST['content'];
+}
+
+if (isset($_POST['submit'])) {
+	
+	if (($_POST["friendika_acct_name"] != '') && ($_POST["friendika_password"] != '')) {
+		$acctname = $_POST["friendika_acct_name"];
+		$tmp_account_array = explode("@", $acctname);
+		if (isset($tmp_account_array[1])) {
+			$username = $tmp_account_array[0];
+			$hostname = $tmp_account_array[1];
+		}
+		$password = $_POST["friendika_password"];
+		$content = $_POST["content"];
+
+		$url = "http://" . $hostname . '/api/statuses/update';
+		$data = array('status' => $content);
+		
+		// echo "posting to: $url<br/>";
+
+		$c = curl_init();
+		curl_setopt($c, CURLOPT_URL, $url); 
+		curl_setopt($c, CURLOPT_USERPWD, "$username:$password");
+		curl_setopt($c, CURLOPT_POSTFIELDS, $data); 
+		curl_setopt($c, CURLOPT_RETURNTRANSFER, true); 
+		curl_setopt($c, CURLOPT_FOLLOWLOCATION, true);
+		$c_result = curl_exec($c); 
+		if(curl_errno($c)){ 
+			$error = curl_error($c);
+			showForm($error, $content);
+		}
+		
+		curl_close($c);
+		if (!isset($error)) {
+			echo '<script language="javascript" type="text/javascript">window.close();</script>';
+		}
+		
+	} else {
+		$error = "Missing account name and/or password...try again please";
+		showForm($error, $content);
+	}
+	
+} else {
+	showForm(null, $content);
+}
+
+function showForm($error, $content) {
+	$username_cookie = $_COOKIE['username'];
+	$password_cookie = $_COOKIE['password'];
+	
+	echo <<<EOF
+	<div class='wrap1'>
+		<h2><img class='logo' src='friendika-32.png' align='middle';/>
+		Friendika Bookmarklet</h2>
+	</div>
+
+	<div class="wrap2">
+		<form method="post" action="{$_SERVER['PHP_SELF']}">
+			Enter the email address of the Friendika Account that you want to cross-post to:(example: user@friendika.org)<br /><br />
+			Account ID: <input type="text" name="friendika_acct_name" value="{$username_cookie}" size="50"/><br />
+			Password: <input type="password" name="friendika_password" value="{$password_cookie}" size="50"/><br />
+			<textarea name="content" id="content" rows="6" cols="70">{$content}</textarea><br />
+			<input type="submit" value="PostIt!" name="submit" />&nbsp;&nbsp;<span class='error'>$error</span>
+		</form>
+		<p></p>
+	</div>
+EOF;
+	
+}
+?>
+
+</body>
+</html>

view/theme/diabook-aerith/group_side.tpl

@@ -0,0 +1,29 @@
+<div id="group-sidebar" class="widget">
+	<div class="title tool">
+		<h3 class="label">$title</h3>
+		<a href="group/new" title="$createtext" class="action"><span class="icon text s16 add"></span></a>
+	</div>
+
+	<div id="sidebar-group-list">
+		<ul>
+			{{ for $groups as $group }}
+			<li class="tool  {{ if $group.selected }}selected{{ endif }}">
+				<a href="$group.href" class="label">
+					$group.text
+				</a>
+				{{ if $group.edit }}
+					<a href="$group.edit.href" class="action"><span class="icon text s10 edit"></span></a>
+				{{ endif }}
+				{{ if $group.cid }}
+					<input type="checkbox" 
+						class="{{ if $group.selected }}ticked{{ else }}unticked {{ endif }} action" 
+						onclick="contactgroupChangeMember('$group.id','$group.cid');return true;"
+						{{ if $group.ismember }}checked="checked"{{ endif }}
+					/>
+				{{ endif }}
+			</li>
+			{{ endfor }}
+		</ul>
+	</div>
+</div>	
+