Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

666 lines
18KB

  1. <?php
  2. /**
  3. * @copyright Copyright (C) 2020, Friendica
  4. *
  5. * @license GNU AGPL version 3 or any later version
  6. *
  7. * This program is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU Affero General Public License as
  9. * published by the Free Software Foundation, either version 3 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License
  18. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  19. *
  20. * Friendica is a communications platform for integrated social communications
  21. * utilising decentralised communications and linkage to several indie social
  22. * projects - as well as popular mainstream providers.
  23. *
  24. * Our mission is to free our friends and families from the clutches of
  25. * data-harvesting corporations, and pave the way to a future where social
  26. * communications are free and open and flow between alternate providers as
  27. * easily as email does today.
  28. */
  29. use Friendica\Core\Protocol;
  30. use Friendica\Core\System;
  31. use Friendica\Database\DBA;
  32. use Friendica\DI;
  33. use Friendica\Model\Contact;
  34. use Friendica\Model\Notify;
  35. use Friendica\Model\Term;
  36. use Friendica\Util\BasePath;
  37. use Friendica\Util\DateTimeFormat;
  38. define('FRIENDICA_PLATFORM', 'Friendica');
  39. define('FRIENDICA_CODENAME', 'Dalmatian Bellflower');
  40. define('FRIENDICA_VERSION', '2020.03-dev');
  41. define('DFRN_PROTOCOL_VERSION', '2.23');
  42. define('NEW_UPDATE_ROUTINE_VERSION', 1170);
  43. /**
  44. * Constant with a HTML line break.
  45. *
  46. * Contains a HTML line break (br) element and a real carriage return with line
  47. * feed for the source.
  48. * This can be used in HTML and JavaScript where needed a line break.
  49. */
  50. define('EOL', "<br />\r\n");
  51. /**
  52. * Image storage quality.
  53. *
  54. * Lower numbers save space at cost of image detail.
  55. * For ease of upgrade, please do not change here. Set system.jpegquality = n in config/local.config.php,
  56. * where n is between 1 and 100, and with very poor results below about 50
  57. */
  58. define('JPEG_QUALITY', 100);
  59. /**
  60. * system.png_quality = n where is between 0 (uncompressed) to 9
  61. */
  62. define('PNG_QUALITY', 8);
  63. /**
  64. * An alternate way of limiting picture upload sizes. Specify the maximum pixel
  65. * length that pictures are allowed to be (for non-square pictures, it will apply
  66. * to the longest side). Pictures longer than this length will be resized to be
  67. * this length (on the longest side, the other side will be scaled appropriately).
  68. * Modify this value using
  69. *
  70. * 'system' => [
  71. * 'max_image_length' => 'n',
  72. * ...
  73. * ],
  74. *
  75. * in config/local.config.php
  76. *
  77. * If you don't want to set a maximum length, set to -1. The default value is
  78. * defined by 'MAX_IMAGE_LENGTH' below.
  79. */
  80. define('MAX_IMAGE_LENGTH', -1);
  81. /**
  82. * Not yet used
  83. */
  84. define('DEFAULT_DB_ENGINE', 'InnoDB');
  85. /** @deprecated since version 2019.03, please use \Friendica\Module\Register::CLOSED instead */
  86. define('REGISTER_CLOSED', \Friendica\Module\Register::CLOSED);
  87. /** @deprecated since version 2019.03, please use \Friendica\Module\Register::APPROVE instead */
  88. define('REGISTER_APPROVE', \Friendica\Module\Register::APPROVE);
  89. /** @deprecated since version 2019.03, please use \Friendica\Module\Register::OPEN instead */
  90. define('REGISTER_OPEN', \Friendica\Module\Register::OPEN);
  91. /**
  92. * @name CP
  93. *
  94. * Type of the community page
  95. * @{
  96. */
  97. define('CP_NO_INTERNAL_COMMUNITY', -2);
  98. define('CP_NO_COMMUNITY_PAGE', -1);
  99. define('CP_USERS_ON_SERVER', 0);
  100. define('CP_GLOBAL_COMMUNITY', 1);
  101. define('CP_USERS_AND_GLOBAL', 2);
  102. /**
  103. * @}
  104. */
  105. /**
  106. * These numbers are used in stored permissions
  107. * and existing allocations MUST NEVER BE CHANGED
  108. * OR RE-ASSIGNED! You may only add to them.
  109. */
  110. $netgroup_ids = [
  111. Protocol::DFRN => (-1),
  112. Protocol::ZOT => (-2),
  113. Protocol::OSTATUS => (-3),
  114. Protocol::FEED => (-4),
  115. Protocol::DIASPORA => (-5),
  116. Protocol::MAIL => (-6),
  117. Protocol::FACEBOOK => (-8),
  118. Protocol::LINKEDIN => (-9),
  119. Protocol::XMPP => (-10),
  120. Protocol::MYSPACE => (-11),
  121. Protocol::GPLUS => (-12),
  122. Protocol::PUMPIO => (-13),
  123. Protocol::TWITTER => (-14),
  124. Protocol::DIASPORA2 => (-15),
  125. Protocol::STATUSNET => (-16),
  126. Protocol::NEWS => (-18),
  127. Protocol::ICALENDAR => (-19),
  128. Protocol::PNUT => (-20),
  129. Protocol::PHANTOM => (-127),
  130. ];
  131. /**
  132. * Maximum number of "people who like (or don't like) this" that we will list by name
  133. */
  134. define('MAX_LIKERS', 75);
  135. /**
  136. * @name Notify
  137. *
  138. * Email notification options
  139. * @{
  140. */
  141. /** @deprecated since 2020.03, use Notify\Type::INTRO instead */
  142. define('NOTIFY_INTRO', Notify\Type::INTRO);
  143. /** @deprecated since 2020.03, use Notify\Type::CONFIRM instead */
  144. define('NOTIFY_CONFIRM', Notify\Type::CONFIRM);
  145. /** @deprecated since 2020.03, use Notify\Type::WALL instead */
  146. define('NOTIFY_WALL', Notify\Type::WALL);
  147. /** @deprecated since 2020.03, use Notify\Type::COMMENT instead */
  148. define('NOTIFY_COMMENT', Notify\Type::COMMENT);
  149. /** @deprecated since 2020.03, use Notify\Type::MAIL instead */
  150. define('NOTIFY_MAIL', Notify\Type::MAIL);
  151. /** @deprecated since 2020.03, use Notify\Type::SUGGEST instead */
  152. define('NOTIFY_SUGGEST', Notify\Type::SUGGEST);
  153. /** @deprecated since 2020.03, use Notify\Type::PROFILE instead */
  154. define('NOTIFY_PROFILE', Notify\Type::PROFILE);
  155. /** @deprecated since 2020.03, use Notify\Type::TAG_SELF instead */
  156. define('NOTIFY_TAGSELF', Notify\Type::TAG_SELF);
  157. /** @deprecated since 2020.03, use Notify\Type::TAG_SHARE instead */
  158. define('NOTIFY_TAGSHARE', Notify\Type::TAG_SHARE);
  159. /** @deprecated since 2020.03, use Notify\Type::POKE instead */
  160. define('NOTIFY_POKE', Notify\Type::POKE);
  161. /** @deprecated since 2020.03, use Notify\Type::SHARE instead */
  162. define('NOTIFY_SHARE', Notify\Type::SHARE);
  163. /** @deprecated since 2020.12, use Notify\Type::SYSTEM instead */
  164. define('NOTIFY_SYSTEM', Notify\Type::SYSTEM);
  165. /* @}*/
  166. /** @deprecated since 2019.03, use Term::UNKNOWN instead */
  167. define('TERM_UNKNOWN', Term::UNKNOWN);
  168. /** @deprecated since 2019.03, use Term::HASHTAG instead */
  169. define('TERM_HASHTAG', Term::HASHTAG);
  170. /** @deprecated since 2019.03, use Term::MENTION instead */
  171. define('TERM_MENTION', Term::MENTION);
  172. /** @deprecated since 2019.03, use Term::CATEGORY instead */
  173. define('TERM_CATEGORY', Term::CATEGORY);
  174. /** @deprecated since 2019.03, use Term::PCATEGORY instead */
  175. define('TERM_PCATEGORY', Term::PCATEGORY);
  176. /** @deprecated since 2019.03, use Term::FILE instead */
  177. define('TERM_FILE', Term::FILE);
  178. /** @deprecated since 2019.03, use Term::SAVEDSEARCH instead */
  179. define('TERM_SAVEDSEARCH', Term::SAVEDSEARCH);
  180. /** @deprecated since 2019.03, use Term::CONVERSATION instead */
  181. define('TERM_CONVERSATION', Term::CONVERSATION);
  182. /** @deprecated since 2019.03, use Term::OBJECT_TYPE_POST instead */
  183. define('TERM_OBJ_POST', Term::OBJECT_TYPE_POST);
  184. /** @deprecated since 2019.03, use Term::OBJECT_TYPE_PHOTO instead */
  185. define('TERM_OBJ_PHOTO', Term::OBJECT_TYPE_PHOTO);
  186. /**
  187. * @name Gravity
  188. *
  189. * Item weight for query ordering
  190. * @{
  191. */
  192. define('GRAVITY_PARENT', 0);
  193. define('GRAVITY_ACTIVITY', 3);
  194. define('GRAVITY_COMMENT', 6);
  195. define('GRAVITY_UNKNOWN', 9);
  196. /* @}*/
  197. /**
  198. * @name Priority
  199. *
  200. * Process priority for the worker
  201. * @{
  202. */
  203. define('PRIORITY_UNDEFINED', 0);
  204. define('PRIORITY_CRITICAL', 10);
  205. define('PRIORITY_HIGH', 20);
  206. define('PRIORITY_MEDIUM', 30);
  207. define('PRIORITY_LOW', 40);
  208. define('PRIORITY_NEGLIGIBLE', 50);
  209. /* @}*/
  210. /**
  211. * @name Social Relay settings
  212. *
  213. * See here: https://github.com/jaywink/social-relay
  214. * and here: https://wiki.diasporafoundation.org/Relay_servers_for_public_posts
  215. * @{
  216. */
  217. define('SR_SCOPE_NONE', '');
  218. define('SR_SCOPE_ALL', 'all');
  219. define('SR_SCOPE_TAGS', 'tags');
  220. /* @}*/
  221. // Normally this constant is defined - but not if "pcntl" isn't installed
  222. if (!defined("SIGTERM")) {
  223. define("SIGTERM", 15);
  224. }
  225. /**
  226. * Depending on the PHP version this constant does exist - or not.
  227. * See here: http://php.net/manual/en/curl.constants.php#117928
  228. */
  229. if (!defined('CURLE_OPERATION_TIMEDOUT')) {
  230. define('CURLE_OPERATION_TIMEDOUT', CURLE_OPERATION_TIMEOUTED);
  231. }
  232. /**
  233. * Returns the user id of locally logged in user or false.
  234. *
  235. * @return int|bool user id or false
  236. */
  237. function local_user()
  238. {
  239. if (!empty($_SESSION['authenticated']) && !empty($_SESSION['uid'])) {
  240. return intval($_SESSION['uid']);
  241. }
  242. return false;
  243. }
  244. /**
  245. * Returns the public contact id of logged in user or false.
  246. *
  247. * @return int|bool public contact id or false
  248. */
  249. function public_contact()
  250. {
  251. static $public_contact_id = false;
  252. if (!$public_contact_id && !empty($_SESSION['authenticated'])) {
  253. if (!empty($_SESSION['my_address'])) {
  254. // Local user
  255. $public_contact_id = intval(Contact::getIdForURL($_SESSION['my_address'], 0, true));
  256. } elseif (!empty($_SESSION['visitor_home'])) {
  257. // Remote user
  258. $public_contact_id = intval(Contact::getIdForURL($_SESSION['visitor_home'], 0, true));
  259. }
  260. } elseif (empty($_SESSION['authenticated'])) {
  261. $public_contact_id = false;
  262. }
  263. return $public_contact_id;
  264. }
  265. /**
  266. * Returns contact id of authenticated site visitor or false
  267. *
  268. * @return int|bool visitor_id or false
  269. */
  270. function remote_user()
  271. {
  272. if (empty($_SESSION['authenticated'])) {
  273. return false;
  274. }
  275. if (!empty($_SESSION['visitor_id'])) {
  276. return intval($_SESSION['visitor_id']);
  277. }
  278. return false;
  279. }
  280. /**
  281. * Show an error message to user.
  282. *
  283. * This function save text in session, to be shown to the user at next page load
  284. *
  285. * @param string $s - Text of notice
  286. */
  287. function notice($s)
  288. {
  289. if (empty($_SESSION)) {
  290. return;
  291. }
  292. $a = DI::app();
  293. if (empty($_SESSION['sysmsg'])) {
  294. $_SESSION['sysmsg'] = [];
  295. }
  296. if ($a->interactive) {
  297. $_SESSION['sysmsg'][] = $s;
  298. }
  299. }
  300. /**
  301. * Show an info message to user.
  302. *
  303. * This function save text in session, to be shown to the user at next page load
  304. *
  305. * @param string $s - Text of notice
  306. */
  307. function info($s)
  308. {
  309. $a = DI::app();
  310. if (empty($_SESSION['sysmsg_info'])) {
  311. $_SESSION['sysmsg_info'] = [];
  312. }
  313. if ($a->interactive) {
  314. $_SESSION['sysmsg_info'][] = $s;
  315. }
  316. }
  317. function feed_birthday($uid, $tz)
  318. {
  319. /**
  320. * Determine the next birthday, but only if the birthday is published
  321. * in the default profile. We _could_ also look for a private profile that the
  322. * recipient can see, but somebody could get mad at us if they start getting
  323. * public birthday greetings when they haven't made this info public.
  324. *
  325. * Assuming we are able to publish this info, we are then going to convert
  326. * the start time from the owner's timezone to UTC.
  327. *
  328. * This will potentially solve the problem found with some social networks
  329. * where birthdays are converted to the viewer's timezone and salutations from
  330. * elsewhere in the world show up on the wrong day. We will convert it to the
  331. * viewer's timezone also, but first we are going to convert it from the birthday
  332. * person's timezone to GMT - so the viewer may find the birthday starting at
  333. * 6:00PM the day before, but that will correspond to midnight to the birthday person.
  334. */
  335. $birthday = '';
  336. if (!strlen($tz)) {
  337. $tz = 'UTC';
  338. }
  339. $profile = DBA::selectFirst('profile', ['dob'], ['uid' => $uid]);
  340. if (DBA::isResult($profile)) {
  341. $tmp_dob = substr($profile['dob'], 5);
  342. if (intval($tmp_dob)) {
  343. $y = DateTimeFormat::timezoneNow($tz, 'Y');
  344. $bd = $y . '-' . $tmp_dob . ' 00:00';
  345. $t_dob = strtotime($bd);
  346. $now = strtotime(DateTimeFormat::timezoneNow($tz));
  347. if ($t_dob < $now) {
  348. $bd = $y + 1 . '-' . $tmp_dob . ' 00:00';
  349. }
  350. $birthday = DateTimeFormat::convert($bd, 'UTC', $tz, DateTimeFormat::ATOM);
  351. }
  352. }
  353. return $birthday;
  354. }
  355. /**
  356. * Check if current user has admin role.
  357. *
  358. * @return bool true if user is an admin
  359. */
  360. function is_site_admin()
  361. {
  362. $a = DI::app();
  363. $admin_email = DI::config()->get('config', 'admin_email');
  364. $adminlist = explode(',', str_replace(' ', '', $admin_email));
  365. return local_user() && $admin_email && in_array($a->user['email'] ?? '', $adminlist);
  366. }
  367. function explode_querystring($query)
  368. {
  369. $arg_st = strpos($query, '?');
  370. if ($arg_st !== false) {
  371. $base = substr($query, 0, $arg_st);
  372. $arg_st += 1;
  373. } else {
  374. $base = '';
  375. $arg_st = 0;
  376. }
  377. $args = explode('&', substr($query, $arg_st));
  378. foreach ($args as $k => $arg) {
  379. /// @TODO really compare type-safe here?
  380. if ($arg === '') {
  381. unset($args[$k]);
  382. }
  383. }
  384. $args = array_values($args);
  385. if (!$base) {
  386. $base = $args[0];
  387. unset($args[0]);
  388. $args = array_values($args);
  389. }
  390. return [
  391. 'base' => $base,
  392. 'args' => $args,
  393. ];
  394. }
  395. /**
  396. * Returns the complete URL of the current page, e.g.: http(s)://something.com/network
  397. *
  398. * Taken from http://webcheatsheet.com/php/get_current_page_url.php
  399. */
  400. function curPageURL()
  401. {
  402. $pageURL = 'http';
  403. if (!empty($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on")) {
  404. $pageURL .= "s";
  405. }
  406. $pageURL .= "://";
  407. if ($_SERVER["SERVER_PORT"] != "80" && $_SERVER["SERVER_PORT"] != "443") {
  408. $pageURL .= $_SERVER["SERVER_NAME"] . ":" . $_SERVER["SERVER_PORT"] . $_SERVER["REQUEST_URI"];
  409. } else {
  410. $pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
  411. }
  412. return $pageURL;
  413. }
  414. function get_temppath()
  415. {
  416. $temppath = DI::config()->get("system", "temppath");
  417. if (($temppath != "") && System::isDirectoryUsable($temppath)) {
  418. // We have a temp path and it is usable
  419. return BasePath::getRealPath($temppath);
  420. }
  421. // We don't have a working preconfigured temp path, so we take the system path.
  422. $temppath = sys_get_temp_dir();
  423. // Check if it is usable
  424. if (($temppath != "") && System::isDirectoryUsable($temppath)) {
  425. // Always store the real path, not the path through symlinks
  426. $temppath = BasePath::getRealPath($temppath);
  427. // To avoid any interferences with other systems we create our own directory
  428. $new_temppath = $temppath . "/" . DI::baseUrl()->getHostname();
  429. if (!is_dir($new_temppath)) {
  430. /// @TODO There is a mkdir()+chmod() upwards, maybe generalize this (+ configurable) into a function/method?
  431. mkdir($new_temppath);
  432. }
  433. if (System::isDirectoryUsable($new_temppath)) {
  434. // The new path is usable, we are happy
  435. DI::config()->set("system", "temppath", $new_temppath);
  436. return $new_temppath;
  437. } else {
  438. // We can't create a subdirectory, strange.
  439. // But the directory seems to work, so we use it but don't store it.
  440. return $temppath;
  441. }
  442. }
  443. // Reaching this point means that the operating system is configured badly.
  444. return '';
  445. }
  446. function get_cachefile($file, $writemode = true)
  447. {
  448. $cache = get_itemcachepath();
  449. if ((!$cache) || (!is_dir($cache))) {
  450. return "";
  451. }
  452. $subfolder = $cache . "/" . substr($file, 0, 2);
  453. $cachepath = $subfolder . "/" . $file;
  454. if ($writemode) {
  455. if (!is_dir($subfolder)) {
  456. mkdir($subfolder);
  457. chmod($subfolder, 0777);
  458. }
  459. }
  460. return $cachepath;
  461. }
  462. function clear_cache($basepath = "", $path = "")
  463. {
  464. if ($path == "") {
  465. $basepath = get_itemcachepath();
  466. $path = $basepath;
  467. }
  468. if (($path == "") || (!is_dir($path))) {
  469. return;
  470. }
  471. if (substr(realpath($path), 0, strlen($basepath)) != $basepath) {
  472. return;
  473. }
  474. $cachetime = (int) DI::config()->get('system', 'itemcache_duration');
  475. if ($cachetime == 0) {
  476. $cachetime = 86400;
  477. }
  478. if (is_writable($path)) {
  479. if ($dh = opendir($path)) {
  480. while (($file = readdir($dh)) !== false) {
  481. $fullpath = $path . "/" . $file;
  482. if ((filetype($fullpath) == "dir") && ($file != ".") && ($file != "..")) {
  483. clear_cache($basepath, $fullpath);
  484. }
  485. if ((filetype($fullpath) == "file") && (filectime($fullpath) < (time() - $cachetime))) {
  486. unlink($fullpath);
  487. }
  488. }
  489. closedir($dh);
  490. }
  491. }
  492. }
  493. function get_itemcachepath()
  494. {
  495. // Checking, if the cache is deactivated
  496. $cachetime = (int) DI::config()->get('system', 'itemcache_duration');
  497. if ($cachetime < 0) {
  498. return "";
  499. }
  500. $itemcache = DI::config()->get('system', 'itemcache');
  501. if (($itemcache != "") && System::isDirectoryUsable($itemcache)) {
  502. return BasePath::getRealPath($itemcache);
  503. }
  504. $temppath = get_temppath();
  505. if ($temppath != "") {
  506. $itemcache = $temppath . "/itemcache";
  507. if (!file_exists($itemcache) && !is_dir($itemcache)) {
  508. mkdir($itemcache);
  509. }
  510. if (System::isDirectoryUsable($itemcache)) {
  511. DI::config()->set("system", "itemcache", $itemcache);
  512. return $itemcache;
  513. }
  514. }
  515. return "";
  516. }
  517. /**
  518. * Returns the path where spool files are stored
  519. *
  520. * @return string Spool path
  521. */
  522. function get_spoolpath()
  523. {
  524. $spoolpath = DI::config()->get('system', 'spoolpath');
  525. if (($spoolpath != "") && System::isDirectoryUsable($spoolpath)) {
  526. // We have a spool path and it is usable
  527. return $spoolpath;
  528. }
  529. // We don't have a working preconfigured spool path, so we take the temp path.
  530. $temppath = get_temppath();
  531. if ($temppath != "") {
  532. // To avoid any interferences with other systems we create our own directory
  533. $spoolpath = $temppath . "/spool";
  534. if (!is_dir($spoolpath)) {
  535. mkdir($spoolpath);
  536. }
  537. if (System::isDirectoryUsable($spoolpath)) {
  538. // The new path is usable, we are happy
  539. DI::config()->set("system", "spoolpath", $spoolpath);
  540. return $spoolpath;
  541. } else {
  542. // We can't create a subdirectory, strange.
  543. // But the directory seems to work, so we use it but don't store it.
  544. return $temppath;
  545. }
  546. }
  547. // Reaching this point means that the operating system is configured badly.
  548. return "";
  549. }
  550. if (!function_exists('exif_imagetype')) {
  551. function exif_imagetype($file)
  552. {
  553. $size = getimagesize($file);
  554. return $size[2];
  555. }
  556. }
  557. function validate_include(&$file)
  558. {
  559. $orig_file = $file;
  560. $file = realpath($file);
  561. if (strpos($file, getcwd()) !== 0) {
  562. return false;
  563. }
  564. $file = str_replace(getcwd() . "/", "", $file, $count);
  565. if ($count != 1) {
  566. return false;
  567. }
  568. if ($orig_file !== $file) {
  569. return false;
  570. }
  571. $valid = false;
  572. if (strpos($file, "include/") === 0) {
  573. $valid = true;
  574. }
  575. if (strpos($file, "addon/") === 0) {
  576. $valid = true;
  577. }
  578. // Simply return flag
  579. return $valid;
  580. }