celebrity/group/community pages about 75% implemented

boot.php

@@ -22,11 +22,16 @@ define ( 'REL_BUD',        3);
 
 
 // page/profile types
+// PAGE_NORMAL is a typical personal profile account
+// PAGE_SOAPBOX automatically approves all friend requests as REL_FAN, (readonly)
+// PAGE_COMMUNITY automatically approves all friend requests as REL_FAN, but with 
+// write access to wall and comments (no email and not included in page owner's ACL lists)
+// PAGE_FREELOVE automatically approves all friend requests as full friends (REL_BUD). 
 
 define ( 'PAGE_NORMAL',            0 );
-define ( 'PAGE_AUTO_FAN',          1 );
-define ( 'PAGE_AUTO_FAN_RW',       2 );
-define ( 'PAGE_AUTO_BUD',          3 );
+define ( 'PAGE_SOAPBOX',           1 );
+define ( 'PAGE_COMMUNITY',         2 );
+define ( 'PAGE_FREELOVE',          3 );
 
 // Maximum number of "people who like (or don't like) this" 
 // that we will list by name
@@ -102,6 +107,7 @@ class App {
 	public  $pager;
 	public  $strings;   
 	public  $path;
+	public  $interactive = true;
 
 	private $scheme;
 	private $hostname;
@@ -579,9 +585,9 @@ function remote_user() {
 
 if(! function_exists('notice')) {
 function notice($s) {
-
-	$_SESSION['sysmsg'] .= $s;
-
+	$a = get_app();
+	if($a->interactive)
+		$_SESSION['sysmsg'] .= $s;
 }}
 
 // wrapper around config to limit the text length of an incoming message

include/auth.php

@@ -14,6 +14,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
 		unset($_SESSION['administrator']);
 		unset($_SESSION['cid']);
 		unset($_SESSION['theme']);
+		unset($_SESSION['page_flags']);
 		notice( t('Logged out.') . EOL);
 		goaway($a->get_baseurl());
 	}
@@ -34,6 +35,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
 
 		$a->user = $r[0];
 		$_SESSION['theme'] = $a->user['theme'];
+		$_SESSION['page_flags'] = $a->user['page-flags'];
 		if(strlen($a->user['timezone']))
 			date_default_timezone_set($a->user['timezone']);
 
@@ -58,6 +60,7 @@ else {
 	unset($_SESSION['cid']);
 	unset($_SESSION['theme']);
 	unset($_SESSION['my_url']);
+	unset($_SESSION['page_flags']);
 
 	$encrypted = hash('whirlpool',trim($_POST['password']));
 
@@ -77,6 +80,7 @@ else {
 		$_SESSION['uid'] = $r[0]['uid'];
 		$_SESSION['theme'] = $r[0]['theme'];
 		$_SESSION['authenticated'] = 1;
+		$_SESSION['page_flags'] = $r[0]['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
 
 		notice( t("Welcome back ") . $r[0]['username'] . EOL);

include/nav.php

@@ -27,8 +27,12 @@ else {
 		$a->page['nav'] .= '<a id="nav-home-link" class="nav-commlink" href="profile/' . $a->user['nickname'] . '">' 
 			. t('Home') . '</a><span id="home-update" class="nav-ajax-left"></span>' . "\r\n";
 
-		$a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications') 
-			. '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
+		// only show friend requests for normal pages. Other page types have automatic friendship.
+
+		if($_SESSION['page_flags'] == PAGE_NORMAL) {
+			$a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications') 
+				. '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
+		}
 
 		$a->page['nav'] .= '<a id="nav-messages-link" class="nav-commlink" href="message">' . t('Messages') 
 			. '</a><span id="mail-update" class="nav-ajax-left"></span>' . "\r\n";

include/security.php

@@ -3,15 +3,18 @@
 function can_write_wall(&$a,$owner) {
         if((! (local_user())) && (! (remote_user())))
                 return false;
-        if((local_user()) && ($_SESSION['uid'] == $owner))
+		$uid = get_uid();
+        if(($uid) && ($uid === $owner))
                 return true;
 
-        $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0 
-		AND `readonly` = 0  AND `rel` IN ( %d , %d ) LIMIT 1",
-                intval($owner),
-                intval($_SESSION['visitor_id']),
-		intval(REL_VIP),
-		intval(REL_BUD)
+        $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid` 
+			WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 
+			AND `readonly` = 0  AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1",
+			intval($owner),
+			intval($_SESSION['visitor_id']),
+			intval(REL_VIP),
+			intval(REL_BUD),
+			intval(PAGE_COMMUNITY)
         );
         if(count($r))
                 return true;

index.php

@@ -88,6 +88,7 @@ if(x($_SESSION,'sysmsg')) {
 	unset($_SESSION['sysmsg']);
 }
 
+
 // Feel free to comment out this line on production sites.
 $a->page['content'] .= $debug_text;
 

mod/dfrn_confirm.php

@@ -1,31 +1,59 @@
 <?php
 
-// There are two possible entry points. Both are called via POST.
+// There are two possible entry points. 
 
-function dfrn_confirm_post(&$a) {
+function dfrn_confirm_post(&$a,$handsfree = null) {
 
-	if($a->argc > 1)
-		$node = $a->argv[1];
+	if(is_array($handsfree)) {
+
+		// called directly from dfrn_request due to automatic friend acceptance
+		// any $_POST parameters we might need are supplied in the $handsfree array
+
+		$node = $handsfree['node'];
+		$a->interactive = false; // notice() becomes a no-op since nobody is there to see it
+
+	}
+	else {
+		if($a->argc > 1)
+			$node = $a->argv[1];
+	}
 
 		// Main entry point. Our user received a friend request notification (perhaps 
 		// from another site) and clicked 'Accept'. $POST['source_url'] is not set.
-		// They will perform the following:
+		// OR we have been called directly from dfrn_request ($handsfree != null) due to 
+		// this being a page type which supports automatic friend acceptance.
 
 	if(! x($_POST,'source_url')) {
-
-		$uid = get_uid();
+		
+		$uid = ((is_array($handsfree)) ? $handsfree['uid'] : get_uid());
 
 		if(! $uid) {
 			notice( t('Permission denied.') . EOL );
 			return;
 		}	
 
-		// These come from the friend request notification form.
-	
-		$dfrn_id  = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
-		$intro_id = intval($_POST['intro_id']);
-		$duplex   = intval($_POST['duplex']);
+		$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
+			intval($uid)
+		);
 
+		if(! $user) {
+			notice( t('Profile not found.') . EOL );
+			return;
+		}	
+
+
+		// These come from the friend request notification form or $handsfree reply.
+
+		if(is_array($handsfree)) {
+			$dfrn_id = $handsfree['dfrn_id'];
+			$intro_id = $handsfree['intro_id'];
+			$duplex = $handsfre['duplex'];
+		}
+		else {
+			$dfrn_id  = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
+			$intro_id = intval($_POST['intro_id']);
+			$duplex   = intval($_POST['duplex']);
+		}
 
 		// The other person will have been issued an ID when they first requested friendship.
 		// Locate their record. At this time, their record will have both pending and blocked set to 1. 
@@ -75,7 +103,6 @@ function dfrn_confirm_post(&$a) {
 			intval($uid) 
 		);
 
-
 		$params = array();
 
 		// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our 
@@ -92,13 +119,13 @@ function dfrn_confirm_post(&$a) {
 		$src_aes_key = random_string();
 
 		$result = '';
-		openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
+		openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
 
 		$params['dfrn_id'] = bin2hex($result);
 		$params['public_key'] = $public_key;
 
 
-		$my_url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
+		$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
 
 		openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
 		$params['source_url'] = bin2hex($params['source_url']);
@@ -266,7 +293,8 @@ function dfrn_confirm_post(&$a) {
 		// Let's send our user to the contact editor in case they want to
 		// do anything special with this new friend.
  
-		goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
+		if($handsfree === null)
+			goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
 		return;  //NOTREACHED
 	}
 

mod/dfrn_request.php

@@ -208,11 +208,16 @@ function dfrn_request_post(&$a) {
 					notice( t('You have already introduced yourself here.') . EOL );
 					return;
 				}
+				elseif($ret[0]['rel'] == REL_BUD) {
+					notice( t('Apparently you are already friends with .') . $a->profile['name'] . EOL);
+					return;
+				}
 				else {
 					$contact_record = $ret[0];
 					$parms = array('dfrn-request' => $ret[0]['request']);
 				}
 			}
+
 			$issued_id = random_string();
 
 			if(is_array($contact_record)) {
@@ -314,8 +319,7 @@ function dfrn_request_post(&$a) {
 				);
 			}
 	
-
-			// This notice will only be seen by the requestor if  the requestor and requestee are on the same server.
+			// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
 
 			if(! $failed) 
 				notice( t('Your introduction has been sent.') . EOL );
@@ -417,9 +421,13 @@ function dfrn_request_content(&$a) {
 				WHERE `contact`.`id` = %d LIMIT 1",
 				intval($intro[0]['contact-id'])
 			);
-			if(count($r)) {
 
-				if($r[0]['notify-flags'] & NOTIFY_INTRO) {
+			$auto_confirm = false;
+
+			if(count($r)) {
+				if($r[0]['page-flags'] != PAGE_NORMAL)
+					$auto_confirm = true;				
+				if(($r[0]['notify-flags'] & NOTIFY_INTRO) && (! $auto_confirm)) {
 					$email_tpl = load_view_file('view/request_notify_eml.tpl');
 					$email = replace_macros($email_tpl, array(
 						'$requestor' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
@@ -434,12 +442,29 @@ function dfrn_request_content(&$a) {
 						'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
 					// This is a redundant notification - no point throwing errors if it fails.
 				}
+				if($auto_confirm) {
+					require_once('mod/dfrn_confirm.php');
+					$handsfree = array(
+						'uid' => $r[0]['uid'],
+						'node' => $r[0]['nickname'],
+						'dfrn_id' => $r[0]['issued-id'],
+						'intro_id' => $intro[0]['id'],
+						'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0)
+					);
+					dfrn_confirm_post($a,$handsfree);
+				}
+
 			}
 
-			$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
-				dbesc($_GET['confirm_key'])
-			);
+			if(! $auto_confirm) {
 
+				// If we are auto_confirming, this record will have already been nuked
+				// in dfrn_confirm_post()
+
+				$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
+					dbesc($_GET['confirm_key'])
+				);
+			}
 		}
 		killme();
 		return; // NOTREACHED

mod/lostpass.php

@@ -7,7 +7,8 @@ function lostpass_post(&$a) {
 	if(! $email)
 		goaway($a->get_baseurl());
 
-	$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
+	$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
+		dbesc($email),
 		dbesc($email)
 	);
 	if(! count($r))

mod/register.php

@@ -250,7 +250,13 @@ function register_post(&$a) {
 if(! function_exists('register_content')) {
 function register_content(&$a) {
 
-	if($a->config['register_policy'] == REGISTER_CLOSED) {
+	// logged in users can register others (people/pages/groups)
+	// even with closed registrations, unless specifically prohibited by site policy.
+	// 'block_extended_register' blocks all registrations, period.
+
+	$block = get_config('system','block_extended_register');
+
+	if((($a->config['register_policy'] == REGISTER_CLOSED) && (! getuid())) || ($block)) {
 		notice("Permission denied." . EOL);
 		return;
 	}

mod/settings.php

@@ -198,7 +198,7 @@ function settings_content(&$a) {
 		? true : false);
 
 	if($invisible)
-		notice( t('Profile is not published.') . EOL );
+		notice( t('Profile is <strong>not published</strong>.') . EOL );
 
 	$nickname_block = load_view_file("view/settings_nick_set.tpl");
 	

mod/xrd.php

@@ -28,7 +28,7 @@ function xrd_content(&$a) {
 		'$accturi'     => $uri,
 		'$profile_url' => $a->get_baseurl() . '/profile/'       . $r[0]['nickname'],
 		'$atom'        => $a->get_baseurl() . '/dfrn_poll/'     . $r[0]['nickname'],
-		'$photo'       => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'],
+		'$photo'       => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid']      . '.jpg',
 		'$salmon'      => $a->get_baseurl() . '/salmon/'        . $r[0]['nickname'],
 		'$salmen'      => $a->get_baseurl() . '/salmon/'        . $r[0]['nickname'] . '/mention',
 		'$modexp'      => 'data:application/magic-public-key,'  . $salmon_key

view/intro_complete_eml.tpl

@@ -1,27 +1,19 @@
 
 Dear $username,
 
-	I've got good news and bad news... first the good news. 
-'$fn' at '$dfrn_url' has accepted your connection request at
-'$sitename'. 
+	'$fn' at '$dfrn_url' has accepted 
+your connection request at '$sitename'.
 
-The bad news is that '$fn' did not make you a "full friend", 
-but rather accepted you as a "fan". [Maybe you were expecting this, 
-maybe not.]
+	'$fn' has chosen to accept you a "fan", which restricts 
+some forms of communication - such as private messaging and some profile
+interactions. If this is a celebrity or community page, these settings were
+applied automatically.
 
-What this means is that '$fn' can communicate with you at any 
-time and comment on your activities, but your communications to 
-'$fn' may be restricted. In particular, you do NOT have the 
-ability to exchange private mail. You are only able to communicate 
-with '$fn' via your own status updates.
+	'$fn' may choose to extend this into a two-way or more permissive 
+relationship in the future. 
 
-In the future, '$fn' MAY decide to seek a full connection and make 
-a reciprocal request. If you approve such a request, you will then be 
-considered mutual friends with full communication ability.  
-
-The network at $sitename allows many types of relationships - 
-as opposed to older social networks where friendship is either 
-"yes" or "no" - with nothing in between. 
+	You will start receiving public status updates from '$fn', 
+which will appear on your 'Network' page at  
 
 $siteurl
 

view/login.tpl

@@ -2,7 +2,7 @@
 <form action="" method="post" >
 <input type="hidden" name="auth-params" value="login" />
 <div id="login-name-wrapper">
-        <label for="login-name" id="label-login-name">Username or Email: </label>
+        <label for="login-name" id="label-login-name">Nickname or Email: </label>
         <input type="text" maxlength="60" name="login-name" id="login-name" value="" />
 </div>
 <div id="login-name-end" ></div>

view/lostpass.tpl

@@ -6,7 +6,7 @@ Enter your email address and submit to have your password reset. Then check your
 
 <form action="lostpass" method="post" >
 <div id="login-name-wrapper">
-        <label for="login-name" id="label-login-name">Email address: </label>
+        <label for="login-name" id="label-login-name">Nickname or Email: </label>
         <input type="text" maxlength="60" name="login-name" id="login-name" value="" />
 </div>
 <div id="login-extra-end"></div>

view/xrd_person.tpl

@@ -17,6 +17,7 @@
           type="text/html"
           href="$profile_url" />
     <Link rel="http://webfinger.net/rel/avatar"
+          type="image/jpeg"
           href="$photo" />
     <Link rel="salmon" 
           href="$salmon" />