Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

757 lines
25 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
10 years ago
11 years ago
11 years ago
11 years ago
10 years ago
11 years ago
11 years ago
11 years ago
11 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
11 years ago
11 years ago
10 years ago
10 years ago
10 years ago
11 years ago
11 years ago
11 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
11 years ago
11 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
10 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. <?php
  2. /**
  3. *
  4. * This is the POST destination for most all locally posted
  5. * text stuff. This function handles status, wall-to-wall status,
  6. * local comments, and remote coments - that are posted on this site
  7. * (as opposed to being delivered in a feed).
  8. * All of these become an "item" which is our basic unit of
  9. * information.
  10. * Posts that originate externally or do not fall into the above
  11. * posting categories go through item_store() instead of this function.
  12. *
  13. */
  14. function item_post(&$a) {
  15. if((! local_user()) && (! remote_user()))
  16. return;
  17. require_once('include/security.php');
  18. $uid = local_user();
  19. if(x($_POST,'dropitems')) {
  20. require_once('include/items.php');
  21. $arr_drop = explode(',',$_POST['dropitems']);
  22. drop_items($arr_drop);
  23. $json = array('success' => 1);
  24. echo json_encode($json);
  25. killme();
  26. }
  27. call_hooks('post_local_start', $_POST);
  28. $parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);
  29. $parent_item = null;
  30. $parent_contact = null;
  31. if($parent) {
  32. $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
  33. intval($parent)
  34. );
  35. if(! count($r)) {
  36. notice( t('Unable to locate original post.') . EOL);
  37. if(x($_POST,'return'))
  38. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  39. killme();
  40. }
  41. $parent_item = $r[0];
  42. if($parent_item['contact-id'] && $uid) {
  43. $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
  44. intval($parent_item['contact-id']),
  45. intval($uid)
  46. );
  47. if(count($r))
  48. $parent_contact = $r[0];
  49. }
  50. }
  51. $profile_uid = ((x($_POST,'profile_uid')) ? intval($_POST['profile_uid']) : 0);
  52. $post_id = ((x($_POST['post_id'])) ? intval($_POST['post_id']) : 0);
  53. $app = ((x($_POST['source'])) ? notags($_POST['source']) : '');
  54. if(! can_write_wall($a,$profile_uid)) {
  55. notice( t('Permission denied.') . EOL) ;
  56. if(x($_POST,'return'))
  57. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  58. killme();
  59. }
  60. // is this an edited post?
  61. $orig_post = null;
  62. if($post_id) {
  63. $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
  64. intval($profile_uid),
  65. intval($post_id)
  66. );
  67. if(! count($i))
  68. killme();
  69. $orig_post = $i[0];
  70. }
  71. $user = null;
  72. $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  73. intval($profile_uid)
  74. );
  75. if(count($r))
  76. $user = $r[0];
  77. if($orig_post) {
  78. $str_group_allow = $orig_post['allow_gid'];
  79. $str_contact_allow = $orig_post['allow_cid'];
  80. $str_group_deny = $orig_post['deny_gid'];
  81. $str_contact_deny = $orig_post['deny_cid'];
  82. $title = $orig_post['title'];
  83. $location = $orig_post['location'];
  84. $coord = $orig_post['coord'];
  85. $verb = $orig_post['verb'];
  86. $emailcc = $orig_post['emailcc'];
  87. $app = $orig_post['app'];
  88. $body = escape_tags(trim($_POST['body']));
  89. $private = $orig_post['private'];
  90. $pubmail_enable = $orig_post['pubmail'];
  91. }
  92. else {
  93. $str_group_allow = perms2str($_POST['group_allow']);
  94. $str_contact_allow = perms2str($_POST['contact_allow']);
  95. $str_group_deny = perms2str($_POST['group_deny']);
  96. $str_contact_deny = perms2str($_POST['contact_deny']);
  97. $title = notags(trim($_POST['title']));
  98. $location = notags(trim($_POST['location']));
  99. $coord = notags(trim($_POST['coord']));
  100. $verb = notags(trim($_POST['verb']));
  101. $emailcc = notags(trim($_POST['emailcc']));
  102. $body = escape_tags(trim($_POST['body']));
  103. $private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
  104. if(($parent_item) &&
  105. (($parent_item['private'])
  106. || strlen($parent_item['allow_cid'])
  107. || strlen($parent_item['allow_gid'])
  108. || strlen($parent_item['deny_cid'])
  109. || strlen($parent_item['deny_gid'])
  110. )) {
  111. $private = 1;
  112. }
  113. $pubmail_enable = ((x($_POST,'pubmail_enable') && intval($_POST['pubmail_enable']) && (! $private)) ? 1 : 0);
  114. if(! strlen($body)) {
  115. info( t('Empty post discarded.') . EOL );
  116. if(x($_POST,'return'))
  117. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  118. killme();
  119. }
  120. }
  121. // get contact info for poster
  122. $author = null;
  123. $self = false;
  124. if(($_SESSION['uid']) && ($_SESSION['uid'] == $profile_uid)) {
  125. $self = true;
  126. $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
  127. intval($_SESSION['uid'])
  128. );
  129. }
  130. else {
  131. if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) {
  132. $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
  133. intval($_SESSION['visitor_id'])
  134. );
  135. }
  136. }
  137. if(count($r)) {
  138. $author = $r[0];
  139. $contact_id = $author['id'];
  140. }
  141. // get contact info for owner
  142. if($profile_uid == $_SESSION['uid']) {
  143. $contact_record = $author;
  144. }
  145. else {
  146. $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
  147. intval($profile_uid)
  148. );
  149. if(count($r))
  150. $contact_record = $r[0];
  151. }
  152. $post_type = notags(trim($_POST['type']));
  153. if($post_type === 'net-comment') {
  154. if($parent_item !== null) {
  155. if($parent_item['type'] === 'remote') {
  156. $post_type = 'remote-comment';
  157. }
  158. else {
  159. $post_type = 'wall-comment';
  160. }
  161. }
  162. }
  163. /**
  164. *
  165. * When a photo was uploaded into the message using the (profile wall) ajax
  166. * uploader, The permissions are initially set to disallow anybody but the
  167. * owner from seeing it. This is because the permissions may not yet have been
  168. * set for the post. If it's private, the photo permissions should be set
  169. * appropriately. But we didn't know the final permissions on the post until
  170. * now. So now we'll look for links of uploaded messages that are in the
  171. * post and set them to the same permissions as the post itself.
  172. *
  173. */
  174. $match = null;
  175. if(preg_match_all("/\[img\](.*?)\[\/img\]/",$body,$match)) {
  176. $images = $match[1];
  177. if(count($images)) {
  178. foreach($images as $image) {
  179. if(! stristr($image,$a->get_baseurl() . '/photo/'))
  180. continue;
  181. $image_uri = substr($image,strrpos($image,'/') + 1);
  182. $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
  183. if(! strlen($image_uri))
  184. continue;
  185. $srch = '<' . intval($profile_uid) . '>';
  186. $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
  187. AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
  188. dbesc($srch),
  189. dbesc($image_uri),
  190. intval($profile_uid)
  191. );
  192. if(! count($r))
  193. continue;
  194. $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
  195. WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
  196. dbesc($str_contact_allow),
  197. dbesc($str_group_allow),
  198. dbesc($str_contact_deny),
  199. dbesc($str_group_deny),
  200. dbesc($image_uri),
  201. intval($profile_uid),
  202. dbesc( t('Wall Photos'))
  203. );
  204. }
  205. }
  206. }
  207. $match = false;
  208. if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
  209. $attaches = $match[1];
  210. if(count($attaches)) {
  211. foreach($attaches as $attach) {
  212. $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
  213. intval($profile_uid),
  214. intval($attach)
  215. );
  216. if(count($r)) {
  217. $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
  218. WHERE `uid` = %d AND `id` = %d LIMIT 1",
  219. intval($profile_uid),
  220. intval($attach)
  221. );
  222. }
  223. }
  224. }
  225. }
  226. /**
  227. * Fold multi-line [code] sequences
  228. */
  229. $body = preg_replace('/\[\/code\]\s*\[code\]/m',"\n",$body);
  230. /**
  231. * Look for any tags and linkify them
  232. */
  233. $str_tags = '';
  234. $inform = '';
  235. $tags = get_tags($body);
  236. if(($parent_contact) && ($parent_contact['network'] === 'stat') && ($parent_contact['nick']) && (! in_array('@' . $parent_contact['nick'],$tags))) {
  237. $body = '@' . $parent_contact['nick'] . ' ' . $body;
  238. $tags[] = '@' . $parent_contact['nick'];
  239. }
  240. if(count($tags)) {
  241. foreach($tags as $tag) {
  242. if(strpos($tag,'#') === 0) {
  243. if(strpos($tag,'[url='))
  244. continue;
  245. $basetag = str_replace('_',' ',substr($tag,1));
  246. $body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body);
  247. if(strlen($str_tags))
  248. $str_tags .= ',';
  249. $str_tags .= '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
  250. continue;
  251. }
  252. if(strpos($tag,'@') === 0) {
  253. if(strpos($tag,'[url='))
  254. continue;
  255. $stat = false;
  256. $name = substr($tag,1);
  257. if((strpos($name,'@')) || (strpos($name,'http://'))) {
  258. $newname = $name;
  259. $links = @lrdd($name);
  260. if(count($links)) {
  261. foreach($links as $link) {
  262. if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
  263. $profile = $link['@attributes']['href'];
  264. if($link['@attributes']['rel'] === 'salmon') {
  265. if(strlen($inform))
  266. $inform .= ',';
  267. $inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
  268. }
  269. }
  270. }
  271. }
  272. else {
  273. $newname = $name;
  274. $alias = '';
  275. if(strstr($name,'_')) {
  276. $newname = str_replace('_',' ',$name);
  277. $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
  278. dbesc($newname),
  279. intval($profile_uid)
  280. );
  281. }
  282. else {
  283. $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
  284. dbesc($name),
  285. intval($profile_uid)
  286. );
  287. }
  288. if(count($r)) {
  289. $profile = $r[0]['url'];
  290. if($r[0]['network'] === 'stat') {
  291. $newname = $r[0]['nick'];
  292. $stat = true;
  293. if($r[0]['alias'])
  294. $alias = $r[0]['alias'];
  295. }
  296. else
  297. $newname = $r[0]['name'];
  298. if(strlen($inform))
  299. $inform .= ',';
  300. $inform .= 'cid:' . $r[0]['id'];
  301. }
  302. }
  303. if($profile) {
  304. $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body);
  305. $profile = str_replace(',','%2c',$profile);
  306. if(strlen($str_tags))
  307. $str_tags .= ',';
  308. $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]';
  309. // Status.Net seems to require the numeric ID URL in a mention if the person isn't
  310. // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
  311. if(strlen($alias)) {
  312. if(strlen($str_tags))
  313. $str_tags .= ',';
  314. $str_tags .= '@[url=' . $alias . ']' . $newname . '[/url]';
  315. }
  316. }
  317. }
  318. }
  319. }
  320. $attachments = '';
  321. $match = false;
  322. if(preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
  323. foreach($match[2] as $mtch) {
  324. $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
  325. intval($profile_uid),
  326. intval($mtch)
  327. );
  328. if(count($r)) {
  329. if(strlen($attachments))
  330. $attachments .= ',';
  331. $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" size="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : ' ') . '"[/attach]';
  332. }
  333. $body = str_replace($match[1],'',$body);
  334. }
  335. }
  336. $wall = 0;
  337. if($post_type === 'wall' || $post_type === 'wall-comment')
  338. $wall = 1;
  339. if(! strlen($verb))
  340. $verb = ACTIVITY_POST ;
  341. $gravity = (($parent) ? 6 : 0 );
  342. $notify_type = (($parent) ? 'comment-new' : 'wall-new' );
  343. $uri = item_new_uri($a->get_hostname(),$profile_uid);
  344. $datarray = array();
  345. $datarray['uid'] = $profile_uid;
  346. $datarray['type'] = $post_type;
  347. $datarray['wall'] = $wall;
  348. $datarray['gravity'] = $gravity;
  349. $datarray['contact-id'] = $contact_id;
  350. $datarray['owner-name'] = $contact_record['name'];
  351. $datarray['owner-link'] = $contact_record['url'];
  352. $datarray['owner-avatar'] = $contact_record['thumb'];
  353. $datarray['author-name'] = $author['name'];
  354. $datarray['author-link'] = $author['url'];
  355. $datarray['author-avatar'] = $author['thumb'];
  356. $datarray['created'] = datetime_convert();
  357. $datarray['edited'] = datetime_convert();
  358. $datarray['changed'] = datetime_convert();
  359. $datarray['uri'] = $uri;
  360. $datarray['title'] = $title;
  361. $datarray['body'] = $body;
  362. $datarray['app'] = $app;
  363. $datarray['location'] = $location;
  364. $datarray['coord'] = $coord;
  365. $datarray['tag'] = $str_tags;
  366. $datarray['inform'] = $inform;
  367. $datarray['verb'] = $verb;
  368. $datarray['allow_cid'] = $str_contact_allow;
  369. $datarray['allow_gid'] = $str_group_allow;
  370. $datarray['deny_cid'] = $str_contact_deny;
  371. $datarray['deny_gid'] = $str_group_deny;
  372. $datarray['private'] = $private;
  373. $datarray['pubmail'] = $pubmail_enable;
  374. $datarray['attach'] = $attachments;
  375. /**
  376. * These fields are for the convenience of plugins...
  377. * 'self' if true indicates the owner is posting on their own wall
  378. * If parent is 0 it is a top-level post.
  379. */
  380. $datarray['parent'] = $parent;
  381. $datarray['self'] = $self;
  382. if($orig_post)
  383. $datarray['edit'] = true;
  384. call_hooks('post_local',$datarray);
  385. if($orig_post) {
  386. $r = q("UPDATE `item` SET `body` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
  387. dbesc($body),
  388. dbesc(datetime_convert()),
  389. intval($post_id),
  390. intval($profile_uid)
  391. );
  392. proc_run('php', "include/notifier.php", 'edit_post', "$post_id");
  393. if((x($_POST,'return')) && strlen($_POST['return'])) {
  394. logger('return: ' . $_POST['return']);
  395. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  396. }
  397. killme();
  398. }
  399. else
  400. $post_id = 0;
  401. $r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`,
  402. `author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `app`, `location`, `coord`,
  403. `tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach` )
  404. VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s' )",
  405. intval($datarray['uid']),
  406. dbesc($datarray['type']),
  407. intval($datarray['wall']),
  408. intval($datarray['gravity']),
  409. intval($datarray['contact-id']),
  410. dbesc($datarray['owner-name']),
  411. dbesc($datarray['owner-link']),
  412. dbesc($datarray['owner-avatar']),
  413. dbesc($datarray['author-name']),
  414. dbesc($datarray['author-link']),
  415. dbesc($datarray['author-avatar']),
  416. dbesc($datarray['created']),
  417. dbesc($datarray['edited']),
  418. dbesc($datarray['changed']),
  419. dbesc($datarray['uri']),
  420. dbesc($datarray['title']),
  421. dbesc($datarray['body']),
  422. dbesc($datarray['app']),
  423. dbesc($datarray['location']),
  424. dbesc($datarray['coord']),
  425. dbesc($datarray['tag']),
  426. dbesc($datarray['inform']),
  427. dbesc($datarray['verb']),
  428. dbesc($datarray['allow_cid']),
  429. dbesc($datarray['allow_gid']),
  430. dbesc($datarray['deny_cid']),
  431. dbesc($datarray['deny_gid']),
  432. intval($datarray['private']),
  433. intval($datarray['pubmail']),
  434. dbesc($datarray['attach'])
  435. );
  436. $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
  437. dbesc($datarray['uri']));
  438. if(count($r)) {
  439. $post_id = $r[0]['id'];
  440. logger('mod_item: saved item ' . $post_id);
  441. if($parent) {
  442. // This item is the last leaf and gets the comment box, clear any ancestors
  443. $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ",
  444. dbesc(datetime_convert()),
  445. intval($parent)
  446. );
  447. // Inherit ACL's from the parent item.
  448. $r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d
  449. WHERE `id` = %d LIMIT 1",
  450. dbesc($parent_item['allow_cid']),
  451. dbesc($parent_item['allow_gid']),
  452. dbesc($parent_item['deny_cid']),
  453. dbesc($parent_item['deny_gid']),
  454. intval($parent_item['private']),
  455. intval($post_id)
  456. );
  457. // Send a notification email to the conversation owner, unless the owner is me and I wrote this item
  458. if(($user['notify-flags'] & NOTIFY_COMMENT) && ($contact_record != $author)) {
  459. push_lang($user['language']);
  460. require_once('bbcode.php');
  461. $from = $author['name'];
  462. // name of the automated email sender
  463. $msg['notificationfromname'] = stripslashes($datarray['author-name']);;
  464. // noreply address to send from
  465. $msg['notificationfromemail'] = t('noreply') . '@' . $a->get_hostname();
  466. // text version
  467. // process the message body to display properly in text mode
  468. $msg['textversion']
  469. = html_entity_decode(strip_tags(bbcode(stripslashes($datarray['body']))), ENT_QUOTES, 'UTF-8');
  470. // html version
  471. // process the message body to display properly in text mode
  472. $msg['htmlversion']
  473. = html_entity_decode(bbcode(stripslashes(str_replace(array("\\r\\n", "\\r","\\n\\n" ,"\\n"), "<br />\n",$datarray['body']))));
  474. // load the template for private message notifications
  475. $tpl = get_intltext_template('cmnt_received_html_body_eml.tpl');
  476. $email_html_body_tpl = replace_macros($tpl,array(
  477. '$username' => $user['username'],
  478. '$sitename' => $a->config['sitename'], // name of this site
  479. '$siteurl' => $a->get_baseurl(), // descriptive url of this site
  480. '$thumb' => $author['thumb'], // thumbnail url for sender icon
  481. '$email' => $importer['email'], // email address to send to
  482. '$url' => $author['url'], // full url for the site
  483. '$from' => $from, // name of the person sending the message
  484. '$body' => $msg['htmlversion'], // html version of the message
  485. '$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
  486. ));
  487. // load the template for private message notifications
  488. $tpl = get_intltext_template('cmnt_received_text_body_eml.tpl');
  489. $email_text_body_tpl = replace_macros($tpl,array(
  490. '$username' => $user['username'],
  491. '$sitename' => $a->config['sitename'], // name of this site
  492. '$siteurl' => $a->get_baseurl(), // descriptive url of this site
  493. '$thumb' => $author['thumb'], // thumbnail url for sender icon
  494. '$email' => $importer['email'], // email address to send to
  495. '$url' => $author['url'], // profile url for the author
  496. '$from' => $from, // name of the person sending the message
  497. '$body' => $msg['textversion'], // text version of the message
  498. '$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
  499. ));
  500. // use the EmailNotification library to send the message
  501. require_once("include/EmailNotification.php");
  502. EmailNotification::sendTextHtmlEmail(
  503. $msg['notificationfromname'],
  504. t("Administrator@") . $a->get_hostname(),
  505. t("noreply") . '@' . $a->get_hostname(),
  506. $user['email'],
  507. sprintf( t('%s commented on an item at %s'), $from , $a->config['sitename']),
  508. $email_html_body_tpl,
  509. $email_text_body_tpl
  510. );
  511. pop_lang();
  512. }
  513. }
  514. else {
  515. $parent = $post_id;
  516. // let me know if somebody did a wall-to-wall post on my profile
  517. if(($user['notify-flags'] & NOTIFY_WALL) && ($contact_record != $author)) {
  518. push_lang($user['language']);
  519. require_once('bbcode.php');
  520. $from = $author['name'];
  521. // name of the automated email sender
  522. $msg['notificationfromname'] = $from;
  523. // noreply address to send from
  524. $msg['notificationfromemail'] = t('noreply') . '@' . $a->get_hostname();
  525. // text version
  526. // process the message body to display properly in text mode
  527. $msg['textversion']
  528. = html_entity_decode(strip_tags(bbcode(stripslashes($datarray['body']))), ENT_QUOTES, 'UTF-8');
  529. // html version
  530. // process the message body to display properly in text mode
  531. $msg['htmlversion']
  532. = html_entity_decode(bbcode(stripslashes(str_replace(array("\\r\\n", "\\r","\\n\\n" ,"\\n"), "<br />\n",$datarray['body']))));
  533. // load the template for private message notifications
  534. $tpl = load_view_file('view/wall_received_html_body_eml.tpl');
  535. $email_html_body_tpl = replace_macros($tpl,array(
  536. '$username' => $user['username'],
  537. '$sitename' => $a->config['sitename'], // name of this site
  538. '$siteurl' => $a->get_baseurl(), // descriptive url of this site
  539. '$thumb' => $author['thumb'], // thumbnail url for sender icon
  540. '$url' => $author['url'], // full url for the site
  541. '$from' => $from, // name of the person sending the message
  542. '$body' => $msg['htmlversion'], // html version of the message
  543. '$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
  544. ));
  545. // load the template for private message notifications
  546. $tpl = load_view_file('view/wall_received_text_body_eml.tpl');
  547. $email_text_body_tpl = replace_macros($tpl,array(
  548. '$username' => $user['username'],
  549. '$sitename' => $a->config['sitename'], // name of this site
  550. '$siteurl' => $a->get_baseurl(), // descriptive url of this site
  551. '$thumb' => $author['thumb'], // thumbnail url for sender icon
  552. '$url' => $author['url'], // full url for the site
  553. '$from' => $from, // name of the person sending the message
  554. '$body' => $msg['textversion'], // text version of the message
  555. '$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
  556. ));
  557. // use the EmailNotification library to send the message
  558. require_once("include/EmailNotification.php");
  559. EmailNotification::sendTextHtmlEmail(
  560. $msg['notificationfromname'],
  561. t("Administrator@") . $a->get_hostname(),
  562. t("noreply") . '@' . $a->get_hostname(),
  563. $user['email'],
  564. sprintf( t('%s posted to your profile wall at %s') , $from , $a->config['sitename']),
  565. $email_html_body_tpl,
  566. $email_text_body_tpl
  567. );
  568. pop_lang();
  569. }
  570. }
  571. $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1
  572. WHERE `id` = %d LIMIT 1",
  573. intval($parent),
  574. dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
  575. dbesc($a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id),
  576. dbesc(datetime_convert()),
  577. intval($post_id)
  578. );
  579. // photo comments turn the corresponding item visible to the profile wall
  580. // This way we don't see every picture in your new photo album posted to your wall at once.
  581. // They will show up as people comment on them.
  582. if(! $parent_item['visible']) {
  583. $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d LIMIT 1",
  584. intval($parent_item['id'])
  585. );
  586. }
  587. }
  588. else {
  589. logger('mod_item: unable to retrieve post that was just stored.');
  590. notify( t('System error. Post not saved.'));
  591. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  592. // NOTREACHED
  593. }
  594. proc_run('php', "include/notifier.php", $notify_type, "$post_id");
  595. $datarray['id'] = $post_id;
  596. $datarray['plink'] = $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id;
  597. call_hooks('post_local_end', $datarray);
  598. if(strlen($emailcc) && $profile_uid == local_user()) {
  599. $erecips = explode(',', $emailcc);
  600. if(count($erecips)) {
  601. foreach($erecips as $recip) {
  602. $addr = trim($recip);
  603. if(! strlen($addr))
  604. continue;
  605. $disclaimer = '<hr />' . sprintf( t('This message was sent to you by %s, a member of the Friendika social network.'),$a->user['username'])
  606. . '<br />';
  607. $disclaimer .= sprintf( t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL;
  608. $disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL;
  609. $subject = '[Friendika]' . ' ' . sprintf( t('%s posted an update.'),$a->user['username']);
  610. $headers = 'From: ' . $a->user['username'] . ' <' . $a->user['email'] . '>' . "\n";
  611. $headers .= 'MIME-Version: 1.0' . "\n";
  612. $headers .= 'Content-Type: text/html; charset=UTF-8' . "\n";
  613. $headers .= 'Content-Transfer-Encoding: 8bit' . "\n\n";
  614. $link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
  615. $html = prepare_body($datarray);
  616. $message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
  617. @mail($addr, $subject, $message, $headers);
  618. }
  619. }
  620. }
  621. logger('post_complete');
  622. if((x($_POST,'return')) && strlen($_POST['return'])) {
  623. logger('return: ' . $_POST['return']);
  624. goaway($a->get_baseurl() . "/" . $_POST['return'] );
  625. }
  626. if($_POST['api_source'])
  627. return;
  628. $json = array('success' => 1);
  629. if(x($_POST,'jsreload') && strlen($_POST['jsreload']))
  630. $json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload'];
  631. logger('post_json: ' . print_r($json,true), LOGGER_DEBUG);
  632. echo json_encode($json);
  633. killme();
  634. // NOTREACHED
  635. }
  636. function item_content(&$a) {
  637. if((! local_user()) && (! remote_user()))
  638. return;
  639. require_once('include/security.php');
  640. if(($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
  641. require_once('include/items.php');
  642. drop_item($a->argv[2]);
  643. }
  644. }