Browse Source

More "LIMIT 1" removed - and some other SQL improvements.

tags/3.3-RC
Michael Vogel 6 years ago
parent
commit
6e7bd68ebb
34 changed files with 271 additions and 258 deletions
  1. +5
    -5
      include/Contact.php
  2. +6
    -6
      include/acl_selectors.php
  3. +29
    -15
      include/api.php
  4. +1
    -1
      include/cache.php
  5. +3
    -3
      include/datetime.php
  6. +8
    -8
      include/enotify.php
  7. +4
    -4
      include/event.php
  8. +10
    -10
      include/follow.php
  9. +9
    -9
      include/group.php
  10. +12
    -12
      include/notifier.php
  11. +6
    -6
      include/oauth.php
  12. +3
    -3
      include/security.php
  13. +5
    -5
      include/text.php
  14. +1
    -2
      mod/community.php
  15. +2
    -2
      mod/crepair.php
  16. +46
    -46
      mod/dfrn_confirm.php
  17. +14
    -14
      mod/dfrn_request.php
  18. +9
    -9
      mod/events.php
  19. +2
    -2
      mod/fsuggest.php
  20. +8
    -8
      mod/group.php
  21. +5
    -5
      mod/like.php
  22. +2
    -2
      mod/lostpass.php
  23. +5
    -5
      mod/mood.php
  24. +2
    -2
      mod/notifications.php
  25. +10
    -10
      mod/poke.php
  26. +13
    -13
      mod/profile_photo.php
  27. +9
    -9
      mod/profiles.php
  28. +4
    -4
      mod/profperm.php
  29. +9
    -9
      mod/settings.php
  30. +1
    -1
      mod/starred.php
  31. +4
    -4
      mod/subthread.php
  32. +11
    -11
      mod/tagger.php
  33. +1
    -1
      mod/tagrm.php
  34. +12
    -12
      update.php

+ 5
- 5
include/Contact.php View File

@@ -64,13 +64,13 @@ function contact_remove($id) {

$archive = get_pconfig($r[0]['uid'], 'system','archive_removed_contacts');
if($archive) {
q("update contact set `archive` = 1, `network` = 'none', `writable` = 0 where id = %d limit 1",
q("update contact set `archive` = 1, `network` = 'none', `writable` = 0 where id = %d",
intval($id)
);
return;
}

q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
q("DELETE FROM `contact` WHERE `id` = %d",
intval($id)
);
q("DELETE FROM `item` WHERE `contact-id` = %d ",
@@ -148,7 +148,7 @@ function mark_for_death($contact) {
return;

if($contact['term-date'] == '0000-00-00 00:00:00') {
q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d",
dbesc(datetime_convert()),
intval($contact['id'])
);
@@ -166,7 +166,7 @@ function mark_for_death($contact) {
// archive them rather than delete
// though if the owner tries to unarchive them we'll start the whole process over again

q("update contact set `archive` = 1 where id = %d limit 1",
q("update contact set `archive` = 1 where id = %d",
intval($contact['id'])
);
q("UPDATE `item` SET `private` = 2 WHERE `contact-id` = %d AND `uid` = %d", intval($contact['id']), intval($contact['uid']));
@@ -181,7 +181,7 @@ function mark_for_death($contact) {
if(! function_exists('unmark_for_death')) {
function unmark_for_death($contact) {
// It's a miracle. Our dead contact has inexplicably come back to life.
q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d",
dbesc('0000-00-00 00:00:00'),
intval($contact['id'])
);


+ 6
- 6
include/acl_selectors.php View File

@@ -399,19 +399,19 @@ function acl_lookup(&$a, $out_type = 'json') {
} else {
$sql_extra = $sql_extra2 = "";
}
// count groups and contacts
if ($type=='' || $type=='g'){
$r = q("SELECT COUNT(`id`) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra",
$r = q("SELECT COUNT(*) AS g FROM `group` WHERE `deleted` = 0 AND `uid` = %d $sql_extra",
intval(local_user())
);
$group_count = (int)$r[0]['g'];
} else {
$group_count = 0;
}
if ($type=='' || $type=='c'){
$r = q("SELECT COUNT(`id`) AS c FROM `contact`
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND `self` = 0
AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0
AND `notify` != '' $sql_extra2" ,
@@ -423,7 +423,7 @@ function acl_lookup(&$a, $out_type = 'json') {

// autocomplete for Private Messages

$r = q("SELECT COUNT(`id`) AS c FROM `contact`
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND `self` = 0
AND `blocked` = 0 AND `pending` = 0 AND `archive` = 0
AND `network` IN ('%s','%s','%s') $sql_extra2" ,
@@ -439,7 +439,7 @@ function acl_lookup(&$a, $out_type = 'json') {

// autocomplete for Contacts

$r = q("SELECT COUNT(`id`) AS c FROM `contact`
$r = q("SELECT COUNT(*) AS c FROM `contact`
WHERE `uid` = %d AND `self` = 0
AND `pending` = 0 $sql_extra2" ,
intval(local_user())


+ 29
- 15
include/api.php View File

@@ -384,26 +384,26 @@
intval(api_user())
);

//AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
// count public wall messages
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
$r = q("SELECT count(*) as `count` FROM `item` force index (uid_type)
WHERE `uid` = %d
AND `type`='wall'
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
AND `type`='wall'",
intval($uinfo[0]['uid'])
);
$countitms = $r[0]['count'];
}
else {
$r = q("SELECT COUNT(`id`) as `count` FROM `item`
WHERE `contact-id` = %d
AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
//AND `allow_cid`='' AND `allow_gid`='' AND `deny_cid`='' AND `deny_gid`=''",
$r = q("SELECT count(*) as `count` FROM `item`
WHERE `contact-id` = %d",
intval($uinfo[0]['id'])
);
$countitms = $r[0]['count'];
}

// count friends
$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
$r = q("SELECT count(*) as `count` FROM `contact`
WHERE `uid` = %d AND `rel` IN ( %d, %d )
AND `self`=0 AND `blocked`=0 AND `pending`=0 AND `hidden`=0",
intval($uinfo[0]['uid']),
@@ -412,7 +412,7 @@
);
$countfriends = $r[0]['count'];

$r = q("SELECT COUNT(`id`) as `count` FROM `contact`
$r = q("SELECT count(*) as `count` FROM `contact`
WHERE `uid` = %d AND `rel` IN ( %d, %d )
AND `self`=0 AND `blocked`=0 AND `pending`=0 AND `hidden`=0",
intval($uinfo[0]['uid']),
@@ -421,7 +421,7 @@
);
$countfollowers = $r[0]['count'];

$r = q("SELECT count(`id`) as `count` FROM item where starred = 1 and uid = %d and deleted = 0",
$r = q("SELECT count(*) as `count` FROM item where starred = 1 and uid = %d and deleted = 0",
intval($uinfo[0]['uid'])
);
$starred = $r[0]['count'];
@@ -528,7 +528,8 @@
$status_user["protected"] = (($item["allow_cid"] != "") OR
($item["allow_gid"] != "") OR
($item["deny_cid"] != "") OR
($item["deny_gid"] != ""));
($item["deny_gid"] != "") OR
$item["private"]);

return ($status_user);
}
@@ -745,12 +746,27 @@
logger('api_status_show: user_info: '.print_r($user_info, true), LOGGER_DEBUG);

// get last public wall message
$lastwall = q("SELECT `item`.*, `i`.`contact-id` as `reply_uid`, `c`.`nick` as `reply_author`, `i`.`author-link` AS `item-author`
FROM `item`, `contact`, `item` as `i`, `contact` as `c`
//$lastwall = q("SELECT `item`.*, `i`.`contact-id` as `reply_uid`, `c`.`nick` as `reply_author`, `i`.`author-link` AS `item-author`
// FROM `item`, `contact`, `item` as `i`, `contact` as `c`
// WHERE `item`.`contact-id` = %d
// AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
// AND `i`.`id` = `item`.`parent`
// AND `contact`.`id`=`item`.`contact-id` AND `c`.`id`=`i`.`contact-id` AND `contact`.`self`=1
// AND `item`.`type`!='activity'
// AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''
// ORDER BY `item`.`created` DESC
// LIMIT 1",
// intval($user_info['cid']),
// dbesc($user_info['url']),
// dbesc(normalise_link($user_info['url'])),
// dbesc($user_info['url']),
// dbesc(normalise_link($user_info['url']))
//);
$lastwall = q("SELECT `item`.*, `i`.`contact-id` as `reply_uid`, `i`.`author-link` AS `item-author`
FROM `item`, `item` as `i`
WHERE `item`.`contact-id` = %d
AND ((`item`.`author-link` IN ('%s', '%s')) OR (`item`.`owner-link` IN ('%s', '%s')))
AND `i`.`id` = `item`.`parent`
AND `contact`.`id`=`item`.`contact-id` AND `c`.`id`=`i`.`contact-id` AND `contact`.`self`=1
AND `item`.`type`!='activity'
AND `item`.`allow_cid`='' AND `item`.`allow_gid`='' AND `item`.`deny_cid`='' AND `item`.`deny_gid`=''
ORDER BY `item`.`created` DESC
@@ -773,8 +789,6 @@
if ($lastwall['parent']!=$lastwall['id']) {
$in_reply_to_status_id= intval($lastwall['parent']);
$in_reply_to_status_id_str = (string) intval($lastwall['parent']);
//$in_reply_to_user_id = $lastwall['reply_uid'];
//$in_reply_to_screen_name = $lastwall['reply_author'];

$r = q("SELECT * FROM unique_contacts WHERE `url` = '%s'", dbesc(normalise_link($lastwall['item-author'])));
if ($r) {


+ 1
- 1
include/cache.php View File

@@ -47,7 +47,7 @@
* dbesc($key)
* );
* if(count($r)) {
* q("UPDATE `cache` SET `v` = '%s', `updated = '%s' WHERE `k` = '%s' limit 1",
* q("UPDATE `cache` SET `v` = '%s', `updated = '%s' WHERE `k` = '%s'",
* dbesc($value),
* dbesc(datetime_convert()),
* dbesc($key));


+ 3
- 3
include/datetime.php View File

@@ -19,7 +19,7 @@ if(! function_exists('select_timezone')) {
function select_timezone($current = 'America/Los_Angeles') {

$timezone_identifiers = DateTimeZone::listIdentifiers();
$o ='<select id="timezone_select" name="timezone">';

usort($timezone_identifiers, 'timezone_cmp');
@@ -487,11 +487,11 @@ function update_contact_birthdays() {
dbesc('birthday'),
intval(0)
);

// update bdyear

q("UPDATE `contact` SET `bdyear` = '%s', `bd` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
q("UPDATE `contact` SET `bdyear` = '%s', `bd` = '%s' WHERE `uid` = %d AND `id` = %d",
dbesc(substr($nextbd,0,4)),
dbesc($nextbd),
intval($rr['uid']),


+ 8
- 8
include/enotify.php View File

@@ -255,10 +255,10 @@ function notification($params) {
$sitelink = $h['sitelink'];
$tsitelink = $h['tsitelink'];
$hsitelink = $h['hsitelink'];
$itemlink = $h['itemlink'];
$itemlink = $h['itemlink'];


require_once('include/html2bbcode.php');
require_once('include/html2bbcode.php');

do {
$dups = false;
@@ -331,7 +331,7 @@ function notification($params) {
);
if($p && (count($p) > 1)) {
for ($d = 1; $d < count($p); $d ++) {
q("delete from notify where id = %d limit 1",
q("delete from notify where id = %d",
intval($p[$d]['id'])
);
}
@@ -353,12 +353,12 @@ function notification($params) {

$itemlink = $a->get_baseurl() . '/notify/view/' . $notify_id;
$msg = replace_macros($epreamble,array('$itemlink' => $itemlink));
$r = q("update notify set msg = '%s' where id = %d and uid = %d limit 1",
$r = q("update notify set msg = '%s' where id = %d and uid = %d",
dbesc($msg),
intval($notify_id),
intval($params['uid'])
);

// send email notification if notification preferences permit

@@ -370,15 +370,15 @@ function notification($params) {
$id_for_parent = "${params['parent']}@${hostname}";

// Is this the first email notification for this parent item and user?
$r = q("select `id` from `notify-threads` where `master-parent-item` = %d and `receiver-uid` = %d limit 1",
$r = q("select `id` from `notify-threads` where `master-parent-item` = %d and `receiver-uid` = %d limit 1",
intval($params['parent']),
intval($params['uid']) );

// If so, create the record of it and use a message-id smtp header.

if(!$r) {
logger("notify_id:" . intval($notify_id). ", parent: " . intval($params['parent']) . "uid: " .
logger("notify_id:" . intval($notify_id). ", parent: " . intval($params['parent']) . "uid: " .
intval($params['uid']), LOGGER_DEBUG);
$r = q("insert into `notify-threads` (`notify-id`, `master-parent-item`, `receiver-uid`, `parent-item`)
values(%d,%d,%d,%d)",


+ 4
- 4
include/event.php View File

@@ -207,7 +207,7 @@ function event_store($arr) {

$arr['created'] = (($arr['created']) ? $arr['created'] : datetime_convert());
$arr['edited'] = (($arr['edited']) ? $arr['edited'] : datetime_convert());
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['type'] = (($arr['type']) ? $arr['type'] : 'event' );
$arr['cid'] = ((intval($arr['cid'])) ? intval($arr['cid']) : 0);
$arr['uri'] = (x($arr,'uri') ? $arr['uri'] : item_new_uri($a->get_hostname(),$arr['uid']));
$arr['private'] = ((x($arr,'private')) ? intval($arr['private']) : 0);
@@ -263,7 +263,7 @@ function event_store($arr) {
`allow_gid` = '%s',
`deny_cid` = '%s',
`deny_gid` = '%s'
WHERE `id` = %d AND `uid` = %d LIMIT 1",
WHERE `id` = %d AND `uid` = %d",

dbesc($arr['edited']),
dbesc($arr['start']),
@@ -291,7 +291,7 @@ function event_store($arr) {
$object .= '</object>' . "\n";


q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s', `private` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `item` SET `body` = '%s', `object` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `edited` = '%s', `private` = %d WHERE `id` = %d AND `uid` = %d",
dbesc(format_event_bbcode($arr)),
dbesc($object),
dbesc($arr['allow_cid']),
@@ -390,7 +390,7 @@ function event_store($arr) {


if($item_id) {
q("UPDATE `item` SET `plink` = '%s', `event-id` = %d WHERE `uid` = %d AND `id` = %d LIMIT 1",
q("UPDATE `item` SET `plink` = '%s', `event-id` = %d WHERE `uid` = %d AND `id` = %d",
dbesc($plink),
intval($event['id']),
intval($arr['uid']),


+ 10
- 10
include/follow.php View File

@@ -111,7 +111,7 @@ function new_contact($uid,$url,$interactive = false) {

if($ret['network'] === NETWORK_MAIL) {
$writeable = 1;
}
if($ret['network'] === NETWORK_DIASPORA)
$writeable = 1;
@@ -123,13 +123,13 @@ function new_contact($uid,$url,$interactive = false) {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `poll` = '%s' LIMIT 1",
intval($uid),
dbesc($ret['poll'])
);
);


if(count($r)) {
// update contact
if($r[0]['rel'] == CONTACT_IS_FOLLOWER || ($network === NETWORK_DIASPORA && $r[0]['rel'] == CONTACT_IS_SHARING)) {
q("UPDATE `contact` SET `rel` = %d , `subhub` = %d, `readonly` = 0 WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `contact` SET `rel` = %d , `subhub` = %d, `readonly` = 0 WHERE `id` = %d AND `uid` = %d",
intval(CONTACT_IS_FRIEND),
intval($subhub),
intval($r[0]['id']),
@@ -222,13 +222,13 @@ function new_contact($uid,$url,$interactive = false) {

$photos = import_profile_photo($ret['photo'],$uid,$contact_id);

$r = q("UPDATE `contact` SET `photo` = '%s',
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`micro` = '%s',
`name-date` = '%s',
`uri-date` = '%s',
`micro` = '%s',
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s'
WHERE `id` = %d LIMIT 1
WHERE `id` = %d
",
dbesc($photos[0]),
dbesc($photos[1]),
@@ -237,7 +237,7 @@ function new_contact($uid,$url,$interactive = false) {
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($contact_id)
);
);


// pull feed and consume it, which should subscribe to the hub.
@@ -262,7 +262,7 @@ function new_contact($uid,$url,$interactive = false) {
'$ostat_follow' => ''
));

$r = q("SELECT `contact`.*, `user`.* FROM `contact` INNER JOIN `user` ON `contact`.`uid` = `user`.`uid`
$r = q("SELECT `contact`.*, `user`.* FROM `contact` INNER JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
intval($uid)
);


+ 9
- 9
include/group.php View File

@@ -8,17 +8,17 @@ function group_add($uid,$name) {
$r = group_byname($uid,$name); // check for dups
if($r !== false) {

// This could be a problem.
// This could be a problem.
// Let's assume we've just created a group which we once deleted
// all the old members are gone, but the group remains so we don't break any security
// access lists. What we're doing here is reviving the dead group, but old content which
// was restricted to this group may now be seen by the new group members.
// was restricted to this group may now be seen by the new group members.

$z = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1",
intval($r)
);
if(count($z) && $z[0]['deleted']) {
$r = q("UPDATE `group` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
$r = q("UPDATE `group` SET `deleted` = 0 WHERE `uid` = %d AND `name` = '%s'",
intval($uid),
dbesc($name)
);
@@ -32,7 +32,7 @@ function group_add($uid,$name) {
dbesc($name)
);
$ret = $r;
}
}
return $ret;
}

@@ -87,7 +87,7 @@ function group_rmv($uid,$name) {
);

// remove group
$r = q("UPDATE `group` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s' LIMIT 1",
$r = q("UPDATE `group` SET `deleted` = 1 WHERE `uid` = %d AND `name` = '%s'",
intval($uid),
dbesc($name)
);
@@ -117,13 +117,13 @@ function group_rmv_member($uid,$name,$member) {
return false;
if(! ( $uid && $gid && $member))
return false;
$r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `contact-id` = %d LIMIT 1 ",
$r = q("DELETE FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `contact-id` = %d",
intval($uid),
intval($gid),
intval($member)
);
return $r;

}

@@ -134,13 +134,13 @@ function group_add_member($uid,$name,$member,$gid = 0) {
if((! $gid) || (! $uid) || (! $member))
return false;

$r = q("SELECT * FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `contact-id` = %d LIMIT 1",
$r = q("SELECT * FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `contact-id` = %d LIMIT 1",
intval($uid),
intval($gid),
intval($member)
);
if(count($r))
return true; // You might question this, but
return true; // You might question this, but
// we indicate success because the group member was in fact created
// -- It was just created at another time
if(! count($r))


+ 12
- 12
include/notifier.php View File

@@ -443,7 +443,7 @@ function notifier_run(&$argv, &$argc){
set_config('system','site_prvkey', $res['prvkey']);
set_config('system','site_pubkey', $res['pubkey']);
}
$rp = q("SELECT `resource-id` , `scale`, type FROM `photo`
WHERE `profile` = 1 AND `uid` = %d ORDER BY scale;", $uid);
$photos = array();
@@ -635,15 +635,15 @@ function notifier_run(&$argv, &$argc){
else
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($contact['dfrn-id']));

$x = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
`contact`.`pubkey` AS `cpubkey`,
`contact`.`prvkey` AS `cprvkey`,
`contact`.`thumb` AS `thumb`,
$x = q("SELECT `contact`.*, `contact`.`uid` AS `importer_uid`,
`contact`.`pubkey` AS `cpubkey`,
`contact`.`prvkey` AS `cprvkey`,
`contact`.`thumb` AS `thumb`,
`contact`.`url` as `url`,
`contact`.`name` as `senderName`,
`user`.*
FROM `contact`
INNER JOIN `user` ON `contact`.`uid` = `user`.`uid`
`user`.*
FROM `contact`
INNER JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`archive` = 0
AND `contact`.`pending` = 0
AND `contact`.`network` = '%s' AND `user`.`nickname` = '%s'
@@ -656,7 +656,7 @@ function notifier_run(&$argv, &$argc){
if($x && count($x)) {
$write_flag = ((($x[0]['rel']) && ($x[0]['rel'] != CONTACT_IS_SHARING)) ? true : false);
if((($owner['page-flags'] == PAGE_COMMUNITY) || ($write_flag)) && (! $x[0]['writable'])) {
q("update contact set writable = 1 where id = %d limit 1",
q("update contact set writable = 1 where id = %d",
intval($x[0]['id'])
);
$x[0]['writable'] = 1;
@@ -730,7 +730,7 @@ function notifier_run(&$argv, &$argc){

case NETWORK_MAIL:
case NETWORK_MAIL2:
if(get_config('system','dfrn_only'))
break;

@@ -755,7 +755,7 @@ function notifier_run(&$argv, &$argc){
}
if(! $it)
break;


$local_user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
@@ -763,7 +763,7 @@ function notifier_run(&$argv, &$argc){
);
if(! count($local_user))
break;
$reply_to = '';
$r1 = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1",
intval($uid)


+ 6
- 6
include/oauth.php View File

@@ -1,8 +1,8 @@
<?php
/**
/**
* OAuth server
* Based on oauth2-php <http://code.google.com/p/oauth2-php/>
*
*
*/

define('REQUEST_TOKEN_DURATION', 300);
@@ -15,11 +15,11 @@ class FKOAuthDataStore extends OAuthDataStore {
function gen_token(){
return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
}
function lookup_consumer($consumer_key) {
logger(__function__.":".$consumer_key);
//echo "<pre>"; var_dump($consumer_key); killme();
$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
dbesc($consumer_key)
);
@@ -129,7 +129,7 @@ class FKOAuth1 extends OAuthServer {
$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
$this->add_signature_method(new OAuthSignatureMethod_HMAC_SHA1());
}
function loginUser($uid){
logger("FKOAuth1::loginUser $uid");
$a = get_app();
@@ -167,7 +167,7 @@ class FKOAuth1 extends OAuthServer {
$a->cid = $r[0]['id'];
$_SESSION['cid'] = $a->cid;
}
q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d LIMIT 1",
q("UPDATE `user` SET `login_date` = '%s' WHERE `uid` = %d",
dbesc(datetime_convert()),
intval($_SESSION['uid'])
);


+ 3
- 3
include/security.php View File

@@ -36,7 +36,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
$a->timezone = $a->user['timezone'];
}

$master_record = $a->user;
$master_record = $a->user;

if((x($_SESSION,'submanage')) && intval($_SESSION['submanage'])) {
$r = q("select * from user where uid = %d limit 1",
@@ -81,7 +81,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
if($login_initial || $login_refresh) {
$l = get_browser_language();

q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d LIMIT 1",
q("UPDATE `user` SET `login_date` = '%s', `language` = '%s' WHERE `uid` = %d",
dbesc(datetime_convert()),
dbesc($l),
intval($_SESSION['uid'])
@@ -209,7 +209,7 @@ function permissions_sql($owner_id,$remote_verified = false,$groups = null) {
}
}
if($remote_verified) {
$gs = '<<>>'; // should be impossible to match

if(is_array($groups) && count($groups)) {


+ 5
- 5
include/text.php View File

@@ -482,9 +482,9 @@ if(! function_exists('photo_new_resource')) {
/**
* Generate a guaranteed unique photo ID.
* safe from birthday paradox
*
*
* @return string
*/
*/
function photo_new_resource() {

do {
@@ -505,7 +505,7 @@ if(! function_exists('load_view_file')) {
* @deprecated
* wrapper to load a view template, checking for alternate
* languages before falling back to the default
*
*
* @global string $lang
* @global App $a
* @param string $s view name
@@ -2076,7 +2076,7 @@ function file_tag_save_file($uid,$item,$file) {
);
if(count($r)) {
if(! stristr($r[0]['file'],'[' . file_tag_encode($file) . ']'))
q("update item set file = '%s' where id = %d and uid = %d limit 1",
q("update item set file = '%s' where id = %d and uid = %d",
dbesc($r[0]['file'] . '[' . file_tag_encode($file) . ']'),
intval($item),
intval($uid)
@@ -2107,7 +2107,7 @@ function file_tag_unsave_file($uid,$item,$file,$cat = false) {
if(! count($r))
return false;

q("update item set file = '%s' where id = %d and uid = %d limit 1",
q("update item set file = '%s' where id = %d and uid = %d",
dbesc(str_replace($pattern,'',$r[0]['file'])),
intval($item),
intval($uid)


+ 1
- 2
mod/community.php View File

@@ -65,13 +65,12 @@ function community_content(&$a, $update = 0) {

}

//$r = q("SELECT distinct(`item`.`uri`)
$r = q("SELECT `item`.`uri`, `item`.*, `item`.`id` AS `item_id`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,
`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,
`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,
`user`.`nickname`, `user`.`hidewall`
FROM `thread` FORCE INDEX (`visible_deleted_moderated_private_wall_received`)
FROM `thread` FORCE INDEX (`wall_private_received`)
INNER JOIN `user` ON `user`.`uid` = `thread`.`uid` AND `user`.`hidewall` = 0
INNER JOIN `item` ON `item`.`id` = `thread`.`iid`
AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''


+ 2
- 2
mod/crepair.php View File

@@ -62,7 +62,7 @@ function crepair_post(&$a) {
$remote_self = ((x($_POST,'remote_self')) ? $_POST['remote_self'] : false);

$r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d
WHERE `id` = %d AND `uid` = %d LIMIT 1",
WHERE `id` = %d AND `uid` = %d",
dbesc($name),
dbesc($nick),
dbesc($url),
@@ -88,7 +88,7 @@ function crepair_post(&$a) {
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s'
WHERE `id` = %d LIMIT 1
WHERE `id` = %d
",
dbesc($photos[0]),
dbesc($photos[1]),


+ 46
- 46
mod/dfrn_confirm.php View File

@@ -52,7 +52,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(! $uid) {
notice( t('Permission denied.') . EOL );
return;
}
}

$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($uid)
@@ -61,7 +61,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(! $user) {
notice( t('Profile not found.') . EOL );
return;
}
}


// These data elements may come from either the friend request notification form or $handsfree array.
@@ -153,7 +153,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {

// Save the private key. Send them the public key.

$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($private_key),
intval($contact_id),
intval($uid)
@@ -258,7 +258,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($new_dfrn_id),
intval($contact_id),
intval($uid)
@@ -279,17 +279,17 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
}

if(($status == 0) && ($intro_id)) {
// Success. Delete the notification.
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d",
intval($intro_id),
intval($uid)
);
}

if($status != 0)
if($status != 0)
return;
}

@@ -319,19 +319,19 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(($relation == CONTACT_IS_SHARING) && ($duplex))
$duplex = 0;

$r = q("UPDATE `contact` SET
`photo` = '%s',
$r = q("UPDATE `contact` SET
`photo` = '%s',
`thumb` = '%s',
`micro` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`micro` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`hidden` = %d,
`network` = 'dfrn' WHERE `id` = %d LIMIT 1
`network` = 'dfrn' WHERE `id` = %d
",
dbesc($photos[0]),
dbesc($photos[1]),
@@ -345,7 +345,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
intval($contact_id)
);
}
else {
else {

// $network !== NETWORK_DFRN

@@ -378,27 +378,27 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$writable = 1;
}

$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d",
intval($intro_id),
intval($uid)
);


$r = q("UPDATE `contact` SET `photo` = '%s',
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`micro` = '%s',
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`micro` = '%s',
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`notify` = '%s',
`poll` = '%s',
`blocked` = 0,
`blocked` = 0,
`pending` = 0,
`network` = '%s',
`writable` = %d,
`hidden` = %d,
`rel` = %d
WHERE `id` = %d LIMIT 1
WHERE `id` = %d
",
dbesc($photos[0]),
dbesc($photos[1]),
@@ -413,7 +413,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
intval($hidden),
intval($new_relation),
intval($contact_id)
);
);
}

if($r === false)
@@ -511,7 +511,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if($handsfree === null)
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
else
return;
return;
//NOTREACHED
}

@@ -538,7 +538,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$duplex = ((x($_POST,'duplex')) ? intval($_POST['duplex']) : 0 );
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
$version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);

@@ -640,7 +640,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
// NOTREACHED
}

$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d LIMIT 1",
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
dbesc($decrypted_dfrn_id),
dbesc($dfrn_pubkey),
intval($dfrn_record)
@@ -651,10 +651,10 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
}

// It's possible that the other person also requested friendship.
// If it is a duplex relationship, ditch the issued-id if one exists.
// If it is a duplex relationship, ditch the issued-id if one exists.

if($duplex) {
$r = q("UPDATE `contact` SET `issued-id` = '' WHERE `id` = %d LIMIT 1",
$r = q("UPDATE `contact` SET `issued-id` = '' WHERE `id` = %d",
intval($dfrn_record)
);
}
@@ -670,7 +670,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$photo = $r[0]['photo'];
else
$photo = $a->get_baseurl() . '/images/person-175.jpg';
require_once("include/Photo.php");

$photos = import_profile_photo($photo,$local_uid,$dfrn_record);
@@ -684,20 +684,20 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(($relation == CONTACT_IS_FOLLOWER) && ($duplex))
$duplex = 0;

$r = q("UPDATE `contact` SET
`photo` = '%s',
`thumb` = '%s',
$r = q("UPDATE `contact` SET
`photo` = '%s',
`thumb` = '%s',
`micro` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`duplex` = %d,
`forum` = %d,
`prv` = %d,
`network` = '%s' WHERE `id` = %d LIMIT 1
`network` = '%s' WHERE `id` = %d
",
dbesc($photos[0]),
dbesc($photos[1]),
@@ -733,10 +733,10 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if((count($r)) && ($r[0]['notify-flags'] & NOTIFY_CONFIRM)) {

push_lang($r[0]['language']);
$tpl = (($new_relation == CONTACT_IS_FRIEND)
$tpl = (($new_relation == CONTACT_IS_FRIEND)
? get_intltext_template('friend_complete_eml.tpl')
: get_intltext_template('intro_complete_eml.tpl'));
$email_tpl = replace_macros($tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),


+ 14
- 14
mod/dfrn_request.php View File

@@ -70,19 +70,19 @@ function dfrn_request_post(&$a) {
$confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
$hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
$contact_record = null;
if(x($dfrn_url)) {

/**
* Lookup the contact based on their URL (which is the only unique thing we have at the moment)
*/
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND (`url` = '%s' OR `nurl` = '%s') AND `self` = 0 LIMIT 1",
intval(local_user()),
dbesc($dfrn_url),
dbesc(normalise_link($dfrn_url))
);
if(count($r)) {
if(strlen($r[0]['dfrn-id'])) {

@@ -283,11 +283,11 @@ function dfrn_request_post(&$a) {
if(count($r)) {
foreach($r as $rr) {
if(! $rr['rel']) {
q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
q("DELETE FROM `contact` WHERE `id` = %d",
intval($rr['cid'])
);
}
q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
q("DELETE FROM `intro` WHERE `id` = %d",
intval($rr['iid'])
);
}
@@ -298,9 +298,9 @@ function dfrn_request_post(&$a) {
* Cleanup any old email intros - which will have a greater lifetime
*/

$r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
$r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
AND `contact`.`network` = '%s'
AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 3 DAY ",
dbesc(NETWORK_MAIL2)
@@ -308,11 +308,11 @@ function dfrn_request_post(&$a) {
if(count($r)) {
foreach($r as $rr) {
if(! $rr['rel']) {
q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
q("DELETE FROM `contact` WHERE `id` = %d",
intval($rr['cid'])
);
}
q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
q("DELETE FROM `intro` WHERE `id` = %d",
intval($rr['iid'])
);
}
@@ -455,7 +455,7 @@ function dfrn_request_post(&$a) {
logger('dfrn_request: url: ' . $url);

if(! strlen($url)) {
notice( t("Unable to resolve your name at the provided location.") . EOL);
notice( t("Unable to resolve your name at the provided location.") . EOL);
return;
}

@@ -555,14 +555,14 @@ function dfrn_request_post(&$a) {
);

// find the contact record we just created
if($r) {
$r = q("SELECT `id` FROM `contact`
if($r) {
$r = q("SELECT `id` FROM `contact`
WHERE `uid` = %d AND `url` = '%s' AND `issued-id` = '%s' LIMIT 1",
intval($uid),
$parms['url'],
$parms['issued-id']
);
if(count($r))
if(count($r))
$contact_record = $r[0];
}

@@ -701,7 +701,7 @@ function dfrn_request_content(&$a) {

if(count($r)) {
if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
$auto_confirm = true;
$auto_confirm = true;

if(! $auto_confirm) {
require_once('include/enotify.php');


+ 9
- 9
mod/events.php View File

@@ -28,7 +28,7 @@ function events_post(&$a) {
$adjust = intval($_POST['adjust']);
$nofinish = intval($_POST['nofinish']);

// The default setting for the `private` field in event_store() is false, so mirror that
// The default setting for the `private` field in event_store() is false, so mirror that
$private_event = false;


@@ -142,14 +142,14 @@ function events_content(&$a) {
}

if(($a->argc > 2) && ($a->argv[1] === 'ignore') && intval($a->argv[2])) {
$r = q("update event set ignore = 1 where id = %d and uid = %d limit 1",
$r = q("update event set ignore = 1 where id = %d and uid = %d",
intval($a->argv[2]),
intval(local_user())
);
}

if(($a->argc > 2) && ($a->argv[1] === 'unignore') && intval($a->argv[2])) {
$r = q("update event set ignore = 0 where id = %d and uid = %d limit 1",
$r = q("update event set ignore = 0 where id = %d and uid = %d",
intval($a->argv[2]),
intval(local_user())
);
@@ -372,16 +372,16 @@ function events_content(&$a) {
'$previus' => array($a->get_baseurl()."/events/$prevyear/$prevmonth",t('Previous'),'',''),
'$next' => array($a->get_baseurl()."/events/$nextyear/$nextmonth",t('Next'),'',''),
'$calendar' => cal($y,$m,$links, ' eventcal'),
'$events' => $events,
));
if (x($_GET,'id')){ echo $o; killme(); }
return $o;
}

if($mode === 'edit' && $event_id) {


+ 2
- 2
mod/fsuggest.php View File

@@ -52,7 +52,7 @@ function fsuggest_post(&$a) {
);
if(count($r)) {
$fsuggest_id = $r[0]['id'];
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($note),
intval($fsuggest_id),
intval(local_user())
@@ -108,4 +108,4 @@ function fsuggest_content(&$a) {
$o .= '</form>';

return $o;
}
}

+ 8
- 8
mod/group.php View File

@@ -22,7 +22,7 @@ function group_post(&$a) {

if(($a->argc == 2) && ($a->argv[1] === 'new')) {
check_form_security_token_redirectOnErr('/group/new', 'group_edit');
$name = notags(trim($_POST['groupname']));
$r = group_add(local_user(),$name);
if($r) {
@@ -32,13 +32,13 @@ function group_post(&$a) {
goaway($a->get_baseurl() . '/group/' . $r);
}
else
notice( t('Could not create group.') . EOL );
notice( t('Could not create group.') . EOL );
goaway($a->get_baseurl() . '/group');
return; // NOTREACHED
}
if(($a->argc == 2) && (intval($a->argv[1]))) {
check_form_security_token_redirectOnErr('/group', 'group_edit');
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[1]),
intval(local_user())
@@ -51,7 +51,7 @@ function group_post(&$a) {
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if((strlen($groupname)) && ($groupname != $group['name'])) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d",
dbesc($groupname),
intval(local_user()),
intval($group['id'])
@@ -88,7 +88,7 @@ function group_content(&$a) {
);

if(($a->argc == 2) && ($a->argv[1] === 'new')) {
return replace_macros($tpl, $context + array(
'$title' => t('Create a group of contacts/friends.'),
'$gname' => array('groupname',t('Group Name: '), '', ''),
@@ -101,13 +101,13 @@ function group_content(&$a) {

if(($a->argc == 3) && ($a->argv[1] === 'drop')) {
check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
if(intval($a->argv[2])) {
$r = q("SELECT `name` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
intval(local_user())
);
if(count($r))
if(count($r))
$result = group_rmv(local_user(),$r[0]['name']);
if($result)
info( t('Group removed.') . EOL);
@@ -120,7 +120,7 @@ function group_content(&$a) {

if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
check_form_security_token_ForbiddenOnErr('group_member_change', 't');
$r = q("SELECT `id` FROM `contact` WHERE `id` = %d AND `uid` = %d and `self` = 0 and `blocked` = 0 AND `pending` = 0 LIMIT 1",
intval($a->argv[2]),
intval(local_user())


+ 5
- 5
mod/like.php View File

@@ -109,7 +109,7 @@ function like_content(&$a) {
$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');


$r = q("SELECT * FROM `item` WHERE `verb` = '%s' AND `deleted` = 0
$r = q("SELECT * FROM `item` WHERE `verb` = '%s' AND `deleted` = 0
AND `contact-id` = %d AND ( `parent` = '%s' OR `parent-uri` = '%s' OR `thr-parent` = '%s') LIMIT 1",
dbesc($activity),
intval($contact['id']),
@@ -121,7 +121,7 @@ function like_content(&$a) {
$like_item = $r[0];

// Already voted, undo it
$r = q("UPDATE `item` SET `deleted` = 1, `unseen` = 1, `changed` = '%s' WHERE `id` = %d LIMIT 1",
$r = q("UPDATE `item` SET `deleted` = 1, `unseen` = 1, `changed` = '%s' WHERE `id` = %d",
dbesc(datetime_convert()),
intval($like_item['id'])
);
@@ -207,14 +207,14 @@ EOT;
$arr['unseen'] = 1;
$arr['last-child'] = 0;

$post_id = item_store($arr);
$post_id = item_store($arr);

if(! $item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d",
intval($item['id']),
intval($owner_uid)
);
}
}


// Save the author information for the like in case we need to relay to Diaspora


+ 2
- 2
mod/lostpass.php View File

@@ -25,7 +25,7 @@ function lostpass_post(&$a) {
$new_password = autoname(12) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);

$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1",
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d",
dbesc($new_password_encoded),
intval($uid)
);
@@ -74,7 +74,7 @@ function lostpass_content(&$a) {
$new_password = autoname(6) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);

$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1",
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d",
dbesc($new_password_encoded),
intval($uid)
);


+ 5
- 5
mod/mood.php View File

@@ -12,8 +12,8 @@ function mood_init(&$a) {

$uid = local_user();
$verb = notags(trim($_GET['verb']));
if(! $verb)
if(! $verb)
return;

$verbs = get_mood_verbs();
@@ -30,7 +30,7 @@ function mood_init(&$a) {


if($parent) {
$r = q("select uri, private, allow_cid, allow_gid, deny_cid, deny_gid
$r = q("select uri, private, allow_cid, allow_gid, deny_cid, deny_gid
from item where id = %d and parent = %d and uid = %d limit 1",
intval($parent),
intval($parent),
@@ -90,7 +90,7 @@ function mood_init(&$a) {

$item_id = item_store($arr);
if($item_id) {
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d",
dbesc($a->get_baseurl() . '/display/' . $poster['nickname'] . '/' . $item_id),
intval($uid),
intval($item_id)
@@ -139,4 +139,4 @@ function mood_content(&$a) {

return $o;

}
}

+ 2
- 2
mod/notifications.php View File

@@ -33,7 +33,7 @@ function notifications_post(&$a) {
$fid = $r[0]['fid'];

if($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1",
$r = q("DELETE FROM `intro` WHERE `id` = %d",
intval($intro_id)
);
if(! $fid) {
@@ -41,7 +41,7 @@ function notifications_post(&$a) {
// The check for blocked and pending is in case the friendship was already approved
// and we just want to get rid of the now pointless notification

$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1 LIMIT 1",
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 AND `blocked` = 1 AND `pending` = 1",
intval($contact_id),
intval(local_user())
);


+ 10
- 10
mod/poke.php View File

@@ -12,8 +12,8 @@ function poke_init(&$a) {

$uid = local_user();
$verb = notags(trim($_GET['verb']));
if(! $verb)
if(! $verb)
return;

$verbs = get_poke_verbs();
@@ -46,7 +46,7 @@ function poke_init(&$a) {
$target = $r[0];

if($parent) {
$r = q("select uri, private, allow_cid, allow_gid, deny_cid, deny_gid
$r = q("select uri, private, allow_cid, allow_gid, deny_cid, deny_gid
from item where id = %d and parent = %d and uid = %d limit 1",
intval($parent),
intval($parent),
@@ -111,7 +111,7 @@ function poke_init(&$a) {

$item_id = item_store($arr);
if($item_id) {
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1",
q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d",
dbesc($a->get_baseurl() . '/display/' . $poster['nickname'] . '/' . $item_id),
intval($uid),
intval($item_id)
@@ -156,20 +156,20 @@ function poke_content(&$a) {
$a->page['htmlhead'] .= '<script src="' . $a->get_baseurl(true) . '/library/jquery_ac/friendica.complete.js" ></script>';
$a->page['htmlhead'] .= <<< EOT

<script>$(document).ready(function() {
var a;
a = $("#poke-recip").autocomplete({
<script>$(document).ready(function() {
var a;
a = $("#poke-recip").autocomplete({
serviceUrl: '$base/acl',
minChars: 2,
width: 350,
onSelect: function(value,data) {
$("#poke-recip-complete").val(data);
}
}
});
a.setOptions({ params: { type: 'a' }});


});
});

</script>
EOT;
@@ -203,4 +203,4 @@ EOT;

return $o;

}
}

+ 13
- 13
mod/profile_photo.php View File

@@ -19,9 +19,9 @@ function profile_photo_post(&$a) {
notice ( t('Permission denied.') . EOL );
return;
}
check_form_security_token_redirectOnErr('/profile_photo', 'profile_photo');
if((x($_POST,'cropfinal')) && ($_POST['cropfinal'] == 1)) {

// unless proven otherwise
@@ -34,9 +34,9 @@ function profile_photo_post(&$a) {
);
if(count($r) && (! intval($r[0]['is-default'])))
$is_default_profile = 0;
}
}



// phase 2 - we have finished cropping

@@ -51,7 +51,7 @@ function profile_photo_post(&$a) {
$scale = substr($image_id,-1,1);
$image_id = substr($image_id,0,-2);
}

$srcX = $_POST['xstart'];
$srcY = $_POST['ystart'];
@@ -86,7 +86,7 @@ function profile_photo_post(&$a) {
$im->scaleImage(48);

$r = $im->store(local_user(), 0, $base_image['resource-id'],$base_image['filename'], t('Profile Photos'), 6, $is_default_profile);
if($r === false)
notice( sprintf(t('Image size reduction [%s] failed.'),"48") . EOL );

@@ -99,7 +99,7 @@ function profile_photo_post(&$a) {
);
}
else {
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d limit 1",
$r = q("update profile set photo = '%s', thumb = '%s' where id = %d and uid = %d",
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-4'),
dbesc($a->get_baseurl() . '/photo/' . $base_image['resource-id'] . '-5'),
intval($_REQUEST['profile']),
@@ -110,7 +110,7 @@ function profile_photo_post(&$a) {
// we'll set the updated profile-photo timestamp even if it isn't the default profile,
// so that browsers will do a cache update unconditionally

$r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1",
$r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d",
dbesc(datetime_convert()),
intval(local_user())
);
@@ -204,22 +204,22 @@ function profile_photo_content(&$a) {
if (($r[0]['album']== t('Profile Photos')) && ($havescale)){
$r=q("UPDATE `photo` SET `profile`=0 WHERE `profile`=1 AND `uid`=%d",
intval(local_user()));
$r=q("UPDATE `photo` SET `profile`=1 WHERE `uid` = %d AND `resource-id` = '%s'",
intval(local_user()),
dbesc($resource_id)
);
$r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d LIMIT 1",
$r = q("UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d",
dbesc(datetime_convert()),
intval(local_user())
);
// Update global directory in background
$url = $_SESSION['my_url'];
if($url && strlen(get_config('system','directory_submit_url')))
proc_run('php',"include/directory.php","$url");
goaway($a->get_baseurl() . '/profiles');
return; // NOTREACHED
}


+ 9
- 9
mod/profiles.php View File

@@ -76,7 +76,7 @@ function profiles_init(&$a) {
goaway($a->get_baseurl(true) . '/profiles/' . $r3[0]['id']);

goaway($a->get_baseurl(true) . '/profiles');
}
}

if(($a->argc > 2) && ($a->argv[1] === 'clone')) {

@@ -98,16 +98,16 @@ function profiles_init(&$a) {
}
unset($r1[0]['id']);
$r1[0]['is-default'] = 0;
$r1[0]['publish'] = 0;
$r1[0]['net-publish'] = 0;
$r1[0]['publish'] = 0;
$r1[0]['net-publish'] = 0;
$r1[0]['profile-name'] = dbesc($name);

dbesc_array($r1[0]);

$r2 = dbq("INSERT INTO `profile` (`"
. implode("`, `", array_keys($r1[0]))
. "`) VALUES ('"
. implode("', '", array_values($r1[0]))
$r2 = dbq("INSERT INTO `profile` (`"
. implode("`, `", array_keys($r1[0]))
. "`) VALUES ('"
. implode("', '", array_values($r1[0]))
. "')" );

$r3 = q("SELECT `id` FROM `profile` WHERE `uid` = %d AND `profile-name` = '%s' LIMIT 1",
@@ -162,7 +162,7 @@ function profiles_post(&$a) {
}

check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
$is_default = (($orig[0]['is-default']) ? 1 : 0);

$profile_name = notags(trim($_POST['profile_name']));
@@ -170,7 +170,7 @@ function profiles_post(&$a) {
notify( t('Profile Name is required.') . EOL);
return;
}
$year = intval($_POST['year']);
if($year < 1900 || $year > 2100 || $year < 0)
$year = 0;


+ 4
- 4
mod/profperm.php View File

@@ -6,7 +6,7 @@ function profperm_init(&$a) {
return;

$which = $a->user['nickname'];
$profile = $a->argv[1];
$profile = $a->argv[1];

profile_load($a,$which,$profile);

@@ -36,7 +36,7 @@ function profperm_content(&$a) {


if(($a->argc > 2) && intval($a->argv[1]) && intval($a->argv[2])) {
$r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0
$r = q("SELECT `id` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `self` = 0
AND `network` = 'dfrn' AND `id` = %d AND `uid` = %d LIMIT 1",
intval($a->argv[2]),
intval(local_user())
@@ -71,13 +71,13 @@ function profperm_content(&$a) {

if($change) {
if(in_array($change,$ingroup)) {
q("UPDATE `contact` SET `profile-id` = 0 WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `contact` SET `profile-id` = 0 WHERE `id` = %d AND `uid` = %d",
intval($change),
intval(local_user())
);
}
else {
q("UPDATE `contact` SET `profile-id` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `contact` SET `profile-id` = %d WHERE `id` = %d AND `uid` = %d",
intval($a->argv[1]),
intval($change),
intval(local_user())


+ 9
- 9
mod/settings.php View File

@@ -196,14 +196,14 @@ function settings_post(&$a) {
if(strlen($mail_pass)) {
$pass = '';
openssl_public_encrypt($mail_pass,$pass,$a->user['pubkey']);
q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d LIMIT 1",
q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d",
dbesc(bin2hex($pass)),
intval(local_user())
);
}
$r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',
`action` = %d, `movetofolder` = '%s',
`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d LIMIT 1",
`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d",
dbesc($mail_server),
intval($mail_port),
dbesc($mail_ssl),
@@ -294,7 +294,7 @@ function settings_post(&$a) {
}


$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d LIMIT 1",
$r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d",
dbesc($theme),
intval(local_user())
);
@@ -341,7 +341,7 @@ function settings_post(&$a) {

if(! $err) {
$password = hash('whirlpool',$newpass);
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1",
$r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d",
dbesc($password),
intval(local_user())
);
@@ -499,7 +499,7 @@ function settings_post(&$a) {
}
}

$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d LIMIT 1",
$r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d",
dbesc($username),
dbesc($email),
dbesc($openid),
@@ -526,12 +526,12 @@ function settings_post(&$a) {
if($r)
info( t('Settings updated.') . EOL);

$r = q("UPDATE `profile`
SET `publish` = %d,
$r = q("UPDATE `profile`
SET `publish` = %d,
`name` = '%s',
`net-publish` = %d,
`hide-friends` = %d
WHERE `is-default` = 1 AND `uid` = %d LIMIT 1",
WHERE `is-default` = 1 AND `uid` = %d",
intval($publish),
dbesc($username),
intval($net_publish),
@@ -541,7 +541,7 @@ function settings_post(&$a) {


if($name_change) {
q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1 LIMIT 1",
q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1",
dbesc($username),
dbesc(datetime_convert()),
intval(local_user())


+ 1
- 1
mod/starred.php View File

@@ -22,7 +22,7 @@ function starred_init(&$a) {
if(! intval($r[0]['starred']))
$starred = 1;

$r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1",
$r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d",
intval($starred),
intval(local_user()),
intval($message_id)


+ 4
- 4
mod/subthread.php View File

@@ -85,7 +85,7 @@ function subthread_content(&$a) {
$uri = item_new_uri($a->get_hostname(),$owner_uid);

$post_type = (($item['resource-id']) ? t('photo') : t('status'));
$objtype = (($item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
$objtype = (($item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
$link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;
$body = $item['body'];

@@ -140,14 +140,14 @@ EOT;
$arr['unseen'] = 1;
$arr['last-child'] = 0;

$post_id = item_store($arr);
$post_id = item_store($arr);

if(! $item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d",
intval($item['id']),
intval($owner_uid)
);
}
}

$arr['id'] = $post_id;



+ 11
- 11
mod/tagger.php View File

@@ -60,9 +60,9 @@ function tagger_content(&$a) {
$uri = item_new_uri($a->get_hostname(),$owner_uid);
$xterm = xmlify($term);
$post_type = (($item['resource-id']) ? t('photo') : t('status'));
$targettype = (($item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );
$targettype = (($item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE );

$link = xmlify('<link rel="alternate" type="text/html" href="'
$link = xmlify('<link rel="alternate" type="text/html" href="'
. $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ;

$body = xmlify($item['body']);
@@ -136,20 +136,20 @@ EOT;
$arr['last-child'] = 1;
$arr['origin'] = 1;

$post_id = item_store($arr);
$post_id = item_store($arr);

q("UPDATE `item` set plink = '%s' where id = %d limit 1",
q("UPDATE `item` set plink = '%s' where id = %d",
dbesc($a->get_baseurl() . '/display/' . $owner_nick . '/' . $post_id),
intval($post_id)
);

if(! $item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1",
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d",
intval($item['id']),
intval($owner_uid)
);
}
}

$term_objtype = (($item['resource-id']) ? TERM_OBJ_PHOTO : TERM_OBJ_POST );
$t = q("SELECT count(tid) as tcount FROM term WHERE oid=%d AND term='%s'",
@@ -157,7 +157,7 @@ EOT;
dbesc($term)
);
if((! $blocktags) && $t[0]['tcount']==0 ) {
/*q("update item set tag = '%s' where id = %d limit 1",
/*q("update item set tag = '%s' where id = %d",
dbesc($item['tag'] . (strlen($item['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?tag=' . $term . ']'. $term . '[/url]'),
intval($item['id'])
);*/
@@ -171,7 +171,7 @@ EOT;
intval($owner_uid)
);
}
// if the original post is on this site, update it.

$r = q("select `tag`,`id`,`uid` from item where `origin` = 1 AND `uri` = '%s' LIMIT 1",
@@ -197,14 +197,14 @@ EOT;
}

/*if(count($x) && !$x[0]['blocktags'] && (! stristr($r[0]['tag'], ']' . $term . '['))) {
q("update item set tag = '%s' where id = %d limit 1",
q("update item set tag = '%s' where id = %d",
dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?tag=' . $term . ']'. $term . '[/url]'),
intval($r[0]['id'])
);
}*/

}

$arr['id'] = $post_id;



+ 1
- 1
mod/tagrm.php View File

@@ -32,7 +32,7 @@ function tagrm_post(&$a) {

$tag_str = implode(',',$arr);

q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d",
dbesc($tag_str),
intval($item),
intval(local_user())


+ 12
- 12
update.php View File

@@ -92,7 +92,7 @@ function update_1006() {
$spkey = openssl_pkey_get_details($sres);
$spubkey = $spkey["key"];
$r = q("UPDATE `user` SET `spubkey` = '%s', `sprvkey` = '%s'
WHERE `uid` = %d LIMIT 1",
WHERE `uid` = %d",
dbesc($spubkey),
dbesc($sprvkey),
intval($rr['uid'])
@@ -123,7 +123,7 @@ function update_1011() {
$r = q("SELECT * FROM `contact` WHERE 1");
if(count($r)) {
foreach($r as $rr) {
q("UPDATE `contact` SET `nick` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `nick` = '%s' WHERE `id` = %d",
dbesc(basename($rr['url'])),
intval($rr['id'])
);
@@ -157,11 +157,11 @@ function update_1014() {
if(count($r)) {
foreach($r as $rr) {
if(stristr($rr['thumb'],'avatar'))
q("UPDATE `contact` SET `micro` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `micro` = '%s' WHERE `id` = %d",
dbesc(str_replace('avatar','micro',$rr['thumb'])),
intval($rr['id']));
else
q("UPDATE `contact` SET `micro` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `micro` = '%s' WHERE `id` = %d",
dbesc(str_replace('5.jpg','6.jpg',$rr['thumb'])),
intval($rr['id']));
}
@@ -310,7 +310,7 @@ function update_1031() {
if($r && count($r)) {
foreach($r as $rr) {
if(strstr($rr['object'],'type=&quot;http')) {
q("UPDATE `item` SET `object` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `item` SET `object` = '%s' WHERE `id` = %d",
dbesc(str_replace('type=&quot;http','href=&quot;http',$rr['object'])),
intval($rr['id'])
);
@@ -357,7 +357,7 @@ function update_1036() {
$r = dbq("SELECT * FROM `contact` WHERE `network` = 'dfrn' && `photo` LIKE '%include/photo%' ");
if(count($r)) {
foreach($r as $rr) {
q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `id` = %d",
dbesc(str_replace('include/photo','photo',$rr['photo'])),
dbesc(str_replace('include/photo','photo',$rr['thumb'])),
dbesc(str_replace('include/photo','photo',$rr['micro'])),
@@ -595,7 +595,7 @@ function update_1074() {
$r = q("SELECT `uid` FROM `profile` WHERE `is-default` = 1 AND `hidewall` = 1");
if(count($r)) {
foreach($r as $rr)
q("UPDATE `user` SET `hidewall` = 1 WHERE `uid` = %d LIMIT 1",
q("UPDATE `user` SET `hidewall` = 1 WHERE `uid` = %d",
intval($rr['uid'])
);
}
@@ -617,7 +617,7 @@ function update_1075() {
$found = false;
} while ($found == true );

q("UPDATE `user` SET `guid` = '%s' WHERE `uid` = %d LIMIT 1",
q("UPDATE `user` SET `guid` = '%s' WHERE `uid` = %d",
dbesc($guid),
intval($rr['uid'])
);
@@ -736,7 +736,7 @@ function update_1087() {
intval($rr['id'])
);
if(count($x))
q("UPDATE `item` SET `commented` = '%s' WHERE `id` = %d LIMIT 1",
q("UPDATE `item` SET `commented` = '%s' WHERE `id` = %d",
dbesc($x[0]['cdate']),
intval($rr['id'])
);
@@ -855,7 +855,7 @@ function update_1100() {
$r = q("select id, url from contact where url != '' and nurl = '' ");
if(count($r)) {
foreach($r as $rr) {
q("update contact set nurl = '%s' where id = %d limit 1",
q("update contact set nurl = '%s' where id = %d",
dbesc(normalise_link($rr['url'])),
intval($rr['id'])
);
@@ -1173,7 +1173,7 @@ function update_1136() {
foreach($arr as $x) {
if($x['cat'] == $rr['cat'] && $x['k'] == $rr['k']) {
$found = true;
q("delete from config where id = %d limit 1",
q("delete from config where id = %d",
intval($rr['id'])
);
}
@@ -1192,7 +1192,7 @@ function update_1136() {
foreach($arr as $x) {
if($x['uid'] == $rr['uid'] && $x['cat'] == $rr['cat'] && $x['k'] == $rr['k']) {
$found = true;
q("delete from pconfig where id = %d limit 1",
q("delete from pconfig where id = %d",
intval($rr['id'])
);
}