diff --git a/boot.php b/boot.php index 5c67adaa0..76cf5cbbe 100644 --- a/boot.php +++ b/boot.php @@ -9,9 +9,9 @@ require_once('include/nav.php'); require_once('include/cache.php'); define ( 'FRIENDICA_PLATFORM', 'Friendica'); -define ( 'FRIENDICA_VERSION', '3.0.1351' ); +define ( 'FRIENDICA_VERSION', '3.0.1360' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); -define ( 'DB_UPDATE_VERSION', 1144 ); +define ( 'DB_UPDATE_VERSION', 1145 ); define ( 'EOL', "
\r\n" ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); @@ -441,22 +441,19 @@ if(! class_exists('App')) { if(intval($this->config['system']['ssl_policy']) === intval(SSL_POLICY_FULL)) $scheme = 'https'; - // We need to populate the $ssl flag across the entire program before turning this on. - // Basically, we'll have $ssl = true on any links which can only be seen by a logged in user - // (and also the login link). Anything seen by an outsider will have it turned off. - // At present, setting SSL_POLICY_SELFSIGN will only force remote contacts to update their - // contact links to this site with "http:" if they are currently using "https:" + // Basically, we have $ssl = true on any links which can only be seen by a logged in user + // (and also the login link). Anything seen by an outsider will have it turned off. - // if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) { - // if($ssl) - // $scheme = 'https'; - // else - // $scheme = 'http'; - // } - } + if($this->config['system']['ssl_policy'] == SSL_POLICY_SELFSIGN) { + if($ssl) + $scheme = 'https'; + else + $scheme = 'http'; + } + } - $this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); - return $this->baseurl; + $this->baseurl = $scheme . "://" . $this->hostname . ((isset($this->path) && strlen($this->path)) ? '/' . $this->path : '' ); + return $this->baseurl; } function set_baseurl($url) { diff --git a/database.sql b/database.sql index ed97cd4aa..48900839c 100644 --- a/database.sql +++ b/database.sql @@ -173,6 +173,7 @@ CREATE TABLE IF NOT EXISTS `contact` ( `readonly` tinyint(1) NOT NULL DEFAULT '0', `writable` tinyint(1) NOT NULL DEFAULT '0', `forum` tinyint(1) NOT NULL DEFAULT '0', + `prv` tinyint(1) NOT NULL DEFAULT '0', `hidden` tinyint(1) NOT NULL DEFAULT '0', `archive` tinyint(1) NOT NULL DEFAULT '0', `pending` tinyint(1) NOT NULL DEFAULT '1', diff --git a/htconfig.php b/htconfig.php index 872572654..de7674c9a 100644 --- a/htconfig.php +++ b/htconfig.php @@ -88,3 +88,6 @@ $a->config['system']['itemcache'] = ""; // If enabled, the lockpath is used for a lockfile to check if the poller is running $a->config['system']['lockpath'] = ""; + +// If enabled, the MyBB fulltext engine is used +// $a->config['system']['use_fulltext_engine'] = true; diff --git a/include/api.php b/include/api.php index a693a32c8..5c17b35f5 100644 --- a/include/api.php +++ b/include/api.php @@ -4,26 +4,26 @@ require_once("conversation.php"); require_once("oauth.php"); require_once("html2plain.php"); - /* + /* * Twitter-Like API - * + * */ $API = Array(); - $called_api = Null; + $called_api = Null; function api_date($str){ //Wed May 23 06:01:13 +0000 2007 return datetime_convert('UTC', 'UTC', $str, "D M d H:i:s +0000 Y" ); } - - + + function api_register_func($path, $func, $auth=false){ global $API; $API[$path] = array('func'=>$func, 'auth'=>$auth); } - + /** * Simple HTTP Login */ @@ -691,24 +691,24 @@ 'geo' => '', 'coordinates' => $lastwall['coord'], 'place' => $lastwall['location'], - 'contributors' => '' + 'contributors' => '' ); } return api_apply_template("user", $type, array('$user' => $user_info)); - + } api_register_func('api/users/show','api_users_show'); - + /** - * + * * http://developer.twitter.com/doc/get/statuses/home_timeline - * + * * TODO: Optional parameters * TODO: Add reply info */ function api_statuses_home_timeline(&$a, $type){ if (local_user()===false) return false; - + $user_info = api_get_user($a); // get last newtork messages @@ -720,7 +720,7 @@ $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); //$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); - + $start = $page*$count; //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); @@ -728,7 +728,7 @@ if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` @@ -747,7 +747,7 @@ $ret = api_format_items($r,$user_info); - + $data = array('$statuses' => $ret); switch($type){ case "atom": @@ -761,7 +761,7 @@ return($as); break; } - + return api_apply_template("timeline", $type, $data); } api_register_func('api/statuses/home_timeline','api_statuses_home_timeline', true); @@ -769,7 +769,7 @@ function api_statuses_public_timeline(&$a, $type){ if (local_user()===false) return false; - + $user_info = api_get_user($a); // get last newtork messages @@ -781,7 +781,7 @@ $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); //$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); - + $start = $page*$count; //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); @@ -789,7 +789,7 @@ if ($max_id > 0) $sql_extra = 'AND `item`.`id` <= '.intval($max_id); - /*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + /*$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` @@ -806,17 +806,17 @@ intval($since_id), intval($start), intval($count) );*/ - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, - `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, + `contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`, `user`.`nickname`, `user`.`hidewall` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid` WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 - AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' - AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' - AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 + AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' + AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' + AND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 $sql_extra AND `item`.`id`>%d @@ -827,7 +827,7 @@ $ret = api_format_items($r,$user_info); - + $data = array('$statuses' => $ret); switch($type){ case "atom": @@ -841,7 +841,7 @@ return($as); break; } - + return api_apply_template("timeline", $type, $data); } api_register_func('api/statuses/public_timeline','api_statuses_public_timeline', true); @@ -857,11 +857,11 @@ // params $id = intval($a->argv[3]); - logger('API: api_statuses_show: '.$id); + logger('API: api_statuses_show: '.$id); //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` @@ -875,7 +875,7 @@ ); $ret = api_format_items($r,$user_info); - + $data = array('$status' => $ret[0]); /*switch($type){ case "atom": @@ -976,7 +976,7 @@ $since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); $max_id = (x($_REQUEST,'max_id')?$_REQUEST['max_id']:0); //$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0); - + $start = $page*$count; //$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false); @@ -985,11 +985,19 @@ $myurl = substr($myurl,strpos($myurl,'://')+3); $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` regexp '%s' or `tag` regexp '%s' or tag regexp '%s' )) ", - dbesc($myurl . '$'), - dbesc($myurl . '\\]'), - dbesc($diasp_url . '\\]') - ); + + if (get_config('system','use_fulltext_engine')) + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where (MATCH(`author-link`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(`tag`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode))) ", + dbesc(protect_sprintf($myurl)), + dbesc(protect_sprintf($myurl)), + dbesc(protect_sprintf($diasp_url)) + ); + else + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", + dbesc(protect_sprintf('%' . $myurl)), + dbesc(protect_sprintf('%' . $myurl . ']%')), + dbesc(protect_sprintf('%' . $diasp_url . ']%')) + ); if ($max_id > 0) $sql_extra .= ' AND `item`.`id` <= '.intval($max_id); @@ -1013,7 +1021,7 @@ $ret = api_format_items($r,$user_info); - + $data = array('$statuses' => $ret); switch($type){ case "atom": @@ -1027,7 +1035,7 @@ return($as); break; } - + return api_apply_template("timeline", $type, $data); } api_register_func('api/statuses/mentions','api_statuses_mentions', true); @@ -1078,14 +1086,14 @@ $ret = api_format_items($r,$user_info); - + $data = array('$statuses' => $ret); switch($type){ case "atom": case "rss": $data = api_rss_extra($a, $data, $user_info); } - + return api_apply_template("timeline", $type, $data); } @@ -1094,25 +1102,25 @@ function api_favorites(&$a, $type){ if (local_user()===false) return false; - + $user_info = api_get_user($a); // in friendica starred item are private // return favorites only for self logger('api_favorites: self:' . $user_info['self']); - + if ($user_info['self']==0) { $ret = array(); } else { - - + + // params $count = (x($_GET,'count')?$_GET['count']:20); $page = (x($_REQUEST,'page')?$_REQUEST['page']-1:0); if ($page<0) $page=0; - + $start = $page*$count; - $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, + $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, `contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid` @@ -1129,16 +1137,16 @@ ); $ret = api_format_items($r,$user_info); - + } - + $data = array('$statuses' => $ret); switch($type){ case "atom": case "rss": $data = api_rss_extra($a, $data, $user_info); } - + return api_apply_template("timeline", $type, $data); } @@ -1208,7 +1216,7 @@ $as['link']['type'] = "text/html"; return($as); } - + function api_format_items($r,$user_info) { //logger('api_format_items: ' . print_r($r,true)); @@ -1223,14 +1231,14 @@ $status_user = (($item['cid']==$user_info['id'])?$user_info: api_item_get_user($a,$item)); if ($item['parent']!=$item['id']) { - $r = q("select id from item where parent=%s and id<%s order by id desc limit 1", + $r = q("select id from item where parent=%s and id<%s order by id desc limit 1", intval($item['parent']), intval($item['id'])); if ($r) $in_reply_to_status_id = $r[0]['id']; else $in_reply_to_status_id = $item['parent']; - $r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact + $r = q("select `item`.`contact-id`, `contact`.nick, `item`.`author-name` from item, contact where `contact`.`id` = `item`.`contact-id` and `item`.id=%d", intval($in_reply_to_status_id)); $in_reply_to_screen_name = $r[0]['author-name']; @@ -1251,6 +1259,9 @@ else $statustext = trim($statustitle."\n\n".$statusbody); + if (($item["network"] == NETWORK_FEED) and (strlen($statustext)> 1000)) + $statustext = substr($statustext, 0, 1000)."... \n".$item["plink"]; + $status = array( 'text' => $statustext, 'truncated' => False, diff --git a/include/auth.php b/include/auth.php index b87662fea..cba6a67a7 100644 --- a/include/auth.php +++ b/include/auth.php @@ -53,6 +53,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p $check = get_config('system','paranoia'); // extra paranoia - if the IP changed, log them out if($check && ($_SESSION['addr'] != $_SERVER['REMOTE_ADDR'])) { + logger('Session address changed. Paranoid setting in effect, blocking session. ' + . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']); nuke_session(); goaway(z_root()); } diff --git a/include/bb2diaspora.php b/include/bb2diaspora.php index 8487f845a..d86ba4543 100644 --- a/include/bb2diaspora.php +++ b/include/bb2diaspora.php @@ -221,13 +221,18 @@ function bb2diaspora($Text,$preserve_nl = false) { $Text = preg_replace("/\<(.*?)(src|href)=(.*?)\&\;(.*?)\>/ism",'<$1$2=$3&$4>',$Text); - $Text = preg_replace('/\[(.*?)\]\((.*?)\\\\_(.*?)\)/ism','[$1]($2_$3)',$Text); + $Text = preg_replace_callback('/\[(.*?)\]\((.*?)\)/ism','unescape_underscores_in_links',$Text); call_hooks('bb2diaspora',$Text); return $Text; } +function unescape_underscores_in_links($m) { + $y = str_replace('\\_','_', $m[2]); + return('[' . $m[1] . '](' . $y . ')'); +} + function format_event_diaspora($ev) { $a = get_app(); diff --git a/include/config.php b/include/config.php index 12fc9cafc..df1070c13 100644 --- a/include/config.php +++ b/include/config.php @@ -6,7 +6,7 @@ * Note: * Please do not store booleans - convert to 0/1 integer values * The get_?config() functions return boolean false for keys that are unset, - * and this could lead to subtle bugs. + * and this could lead to subtle bugs. * * There are a few places in the code (such as the admin panel) where boolean * configurations need to be fixed as of 10/08/2011. @@ -30,6 +30,9 @@ function load_config($family) { $a->config[$family][$k] = $rr['v']; } } + } else if ($rr['cat'] != 'config') { + // Negative caching + $a->config[$family] = "!!"; } }} @@ -47,6 +50,13 @@ function get_config($family, $key, $instore = false) { global $a; if(! $instore) { + // Looking if the whole family isn't set + if(isset($a->config[$family])) { + if($a->config[$family] === '!!') { + return false; + } + } + if(isset($a->config[$family][$key])) { if($a->config[$family][$key] === '!!') { return false; @@ -87,11 +97,11 @@ function set_config($family,$key,$value) { dbesc($key), dbesc($dbvalue) ); - if($ret) + if($ret) return $value; return $ret; } - + $ret = q("UPDATE `config` SET `v` = '%s' WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1", dbesc($dbvalue), dbesc($family), @@ -118,6 +128,9 @@ function load_pconfig($uid,$family) { $k = $rr['k']; $a->config[$uid][$family][$k] = $rr['v']; } + } else if ($rr['cat'] != 'config') { + // Negative caching + $a->config[$uid][$family] = "!!"; } }} @@ -129,6 +142,13 @@ function get_pconfig($uid,$family, $key, $instore = false) { global $a; if(! $instore) { + // Looking if the whole family isn't set + if(isset($a->config[$uid][$family])) { + if($a->config[$uid][$family] === '!!') { + return false; + } + } + if(isset($a->config[$uid][$family][$key])) { if($a->config[$uid][$family][$key] === '!!') { return false; diff --git a/include/dba.php b/include/dba.php index c9f880241..881097f30 100644 --- a/include/dba.php +++ b/include/dba.php @@ -32,9 +32,9 @@ class dba { if (!(strlen($server) && strlen($user))){ $this->connected = false; $this->db = null; - return; + return; } - + if($install) { if(strlen($server) && ($server !== 'localhost') && ($server !== '127.0.0.1')) { if(! dns_get_record($server, DNS_A + DNS_CNAME + DNS_PTR)) { @@ -71,23 +71,29 @@ class dba { } public function q($sql) { - + if((! $this->db) || (! $this->connected)) return false; - + $this->error = ''; + //if (get_config("system", "db_log") != "") + // @file_put_contents(get_config("system", "db_log"), datetime_convert().':'.session_id(). ' Start '.$sql."\n", FILE_APPEND); + if($this->mysqli) $result = @$this->db->query($sql); else $result = @mysql_query($sql,$this->db); + //if (get_config("system", "db_log") != "") + // @file_put_contents(get_config("system", "db_log"), datetime_convert().':'.session_id(). ' Stop '."\n", FILE_APPEND); + if($this->mysqli) { if($this->db->errno) $this->error = $this->db->error; } elseif(mysql_errno($this->db)) - $this->error = mysql_error($this->db); + $this->error = mysql_error($this->db); if(strlen($this->error)) { logger('dba: ' . $this->error); @@ -107,8 +113,8 @@ class dba { else $mesg = mysql_num_rows($result) . ' results' . EOL; } - - $str = 'SQL = ' . printable($sql) . EOL . 'SQL returned ' . $mesg + + $str = 'SQL = ' . printable($sql) . EOL . 'SQL returned ' . $mesg . (($this->error) ? ' error: ' . $this->error : '') . EOL; @@ -146,7 +152,7 @@ class dba { } } - + if($this->debug) logger('dba: ' . printable(print_r($r, true))); return($r); diff --git a/include/delivery.php b/include/delivery.php index 61b0bd33a..32943d5da 100644 --- a/include/delivery.php +++ b/include/delivery.php @@ -288,7 +288,7 @@ function delivery_run($argv, $argc){ if($normal_mode) { if($item_id == $item['id'] || $item['id'] == $item['parent']) - $atom .= atom_entry($item,'text',null,$owner,true); + $atom .= atom_entry($item,'text',null,$owner,true,(($top_level) ? $contact['id'] : 0)); } else $atom .= atom_entry($item,'text',null,$owner,true); diff --git a/include/diaspora.php b/include/diaspora.php index 3f2cdf8e4..f7c2c5e8e 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -2055,8 +2055,12 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $theiraddr = $contact['addr']; - $p = q("select guid from item where parent = %d limit 1", - $item['parent'] + // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always + // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. + // The only item with `parent` and `id` as the parent id is the parent item. + $p = q("select guid from item where parent = %d and id = %d limit 1", + intval($item['parent']), + intval($item['parent']) ); if(count($p)) $parent_guid = $p[0]['guid']; @@ -2111,8 +2115,12 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $theiraddr = $contact['addr']; - $p = q("select guid from item where parent = %d limit 1", - $item['parent'] + // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always + // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. + // The only item with `parent` and `id` as the parent id is the parent item. + $p = q("select guid from item where parent = %d and id = %d limit 1", + intval($item['parent']), + intval($item['parent']) ); if(count($p)) $parent_guid = $p[0]['guid']; diff --git a/include/enotify.php b/include/enotify.php index ca134ac86..f7ef74fac 100644 --- a/include/enotify.php +++ b/include/enotify.php @@ -13,7 +13,7 @@ function notification($params) { $banner = t('Friendica Notification'); $product = FRIENDICA_PLATFORM; - $siteurl = z_path(); + $siteurl = $a->get_baseurl(true); $thanks = t('Thank You,'); $sitename = get_config('config','sitename'); $site_admin = sprintf( t('%s Administrator'), $sitename); diff --git a/include/event.php b/include/event.php index 29202badd..866ae8c3f 100644 --- a/include/event.php +++ b/include/event.php @@ -42,7 +42,7 @@ function format_event_html($ev) { return $o; } - +/* function parse_event($h) { require_once('include/Scrape.php'); @@ -108,7 +108,7 @@ function parse_event($h) { return $ret; } - +*/ function format_event_bbcode($ev) { @@ -162,7 +162,6 @@ function bbtoevent($s) { $match = ''; if(preg_match("/\[event\-adjust\](.*?)\[\/event\-adjust\]/is",$s,$match)) $ev['adjust'] = $match[1]; - $match = ''; $ev['nofinish'] = (((x($ev, 'start') && $ev['start']) && (!x($ev, 'finish') || !$ev['finish'])) ? 1 : 0); return $ev; @@ -294,10 +293,14 @@ function event_store($arr) { intval($arr['uid']) ); - return $r[0]['id']; + $item_id = $r[0]['id']; } else - return 0; + $item_id = 0; + + call_hooks("event_updated", $arr['id']); + + return $item_id; } else { @@ -361,7 +364,7 @@ function event_store($arr) { $item_arr['body'] = format_event_bbcode($event); - $item_arr['object'] = '' . xmlify(ACTIVITY_OBJ_EVENT) . '' . xmlify($uri) . ''; + $item_arr['object'] = '' . xmlify(ACTIVITY_OBJ_EVENT) . '' . xmlify($arr['uri']) . ''; $item_arr['object'] .= '' . xmlify(format_event_bbcode($event)) . ''; $item_arr['object'] .= '' . "\n"; @@ -383,6 +386,8 @@ function event_store($arr) { ); } + call_hooks("event_created", $event['id']); + return $item_id; } } diff --git a/include/items.php b/include/items.php index e5b640fd2..0ed16217f 100644 --- a/include/items.php +++ b/include/items.php @@ -180,6 +180,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) foreach($items as $item) { + // prevent private email from leaking. + if($item['network'] === NETWORK_MAIL) + continue; + // public feeds get html, our own nodes use bbcode if($public_feed) { @@ -1063,9 +1067,6 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $a = get_app(); -// if((! strlen($contact['issued-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY))) -// return 3; - $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); if($contact['duplex'] && $contact['dfrn-id']) @@ -1130,6 +1131,9 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); + if($owner['page-flags'] == PAGE_PRVGROUP) + $page = 2; + $final_dfrn_id = ''; if($perm) { @@ -1183,7 +1187,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) { $postvars['ssl_policy'] = $ssl_policy; if($page) - $postvars['page'] = '1'; + $postvars['page'] = $page; if($rino && $rino_allowed && (! $dissolve)) { $key = substr(random_string(),0,16); @@ -2832,7 +2836,7 @@ function atom_author($tag,$name,$uri,$h,$w,$photo) { return $o; } -function atom_entry($item,$type,$author,$owner,$comment = false) { +function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) { $a = get_app(); @@ -2844,7 +2848,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid']) - $body = fix_private_photos($item['body'],$owner['uid']); + $body = fix_private_photos($item['body'],$owner['uid'],$item,$cid); else $body = $item['body']; @@ -2927,14 +2931,17 @@ function atom_entry($item,$type,$author,$owner,$comment = false) { return $o; } -function fix_private_photos($s,$uid) { +function fix_private_photos($s,$uid, $item = null, $cid = 0) { $a = get_app(); - logger('fix_private_photos'); - if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { - $image = $matches[1]; - logger('fix_private_photos: found photo ' . $image); - if(stristr($image ,$a->get_baseurl() . '/photo/')) { + logger('fix_private_photos', LOGGER_DEBUG); + $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')); + + if(preg_match("/\[img(.*?)\](.*?)\[\/img\]/is",$s,$matches)) { + $image = $matches[2]; + logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); + if(stristr($image , $site . '/photo/')) { + $replace = false; $i = basename($image); $i = str_replace('.jpg','',$i); $x = strpos($i,'-'); @@ -2947,17 +2954,86 @@ function fix_private_photos($s,$uid) { intval($uid) ); if(count($r)) { - logger('replacing photo'); - $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + + // Check to see if we should replace this photo link with an embedded image + // 1. No need to do so if the photo is public + // 2. If there's a contact-id provided, see if they're in the access list + // for the photo. If so, embed it. + // 3. Otherwise, if we have an item, see if the item permissions match the photo + // permissions, regardless of order but first check to see if they're an exact + // match to save some processing overhead. + + // Currently we only embed one private photo per message so as not to hit import + // size limits at the receiving end. + + // To embed multiples, we would need to parse out the embedded photos on message + // receipt and limit size based only on the text component. Would also need to + // ignore all photos during bbcode translation and item localisation, as these + // will hit internal regex backtrace limits. + + if(has_permissions($r[0])) { + if($cid) { + $recips = enumerate_permissions($r[0]); + if(in_array($cid, $recips)) { + $replace = true; + } + } + elseif($item) { + if(compare_permissions($item,$r[0])) + $replace = true; + } + } + if($replace) { + logger('fix_private_photos: replacing photo', LOGGER_DEBUG); + $s = str_replace($image, 'data:image/jpg;base64,' . base64_encode($r[0]['data']), $s); + logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); + } } } - logger('fix_private_photos: replaced: ' . $s, LOGGER_DATA); } } return($s); } +function has_permissions($obj) { + if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != '')) + return true; + return false; +} + +function compare_permissions($obj1,$obj2) { + // first part is easy. Check that these are exactly the same. + if(($obj1['allow_cid'] == $obj2['allow_cid']) + && ($obj1['allow_gid'] == $obj2['allow_gid']) + && ($obj1['deny_cid'] == $obj2['deny_cid']) + && ($obj1['deny_gid'] == $obj2['deny_gid'])) + return true; + + // This is harder. Parse all the permissions and compare the resulting set. + + $recipients1 = enumerate_permissions($obj1); + $recipients2 = enumerate_permissions($obj2); + sort($recipients1); + sort($recipients2); + if($recipients1 == $recipients2) + return true; + return false; +} + +// returns an array of contact-ids that are allowed to see this object + +function enumerate_permissions($obj) { + require_once('include/group.php'); + $allow_people = expand_acl($obj['allow_cid']); + $allow_groups = expand_groups(expand_acl($obj['allow_gid'])); + $deny_people = expand_acl($obj['deny_cid']); + $deny_groups = expand_groups(expand_acl($obj['deny_gid'])); + $recipients = array_unique(array_merge($allow_people,$allow_groups)); + $deny = array_unique(array_merge($deny_people,$deny_groups)); + $recipients = array_diff($recipients,$deny); + return $recipients; +} function item_getfeedtags($item) { $ret = array(); @@ -3004,13 +3080,20 @@ function item_getfeedattach($item) { function item_expire($uid,$days) { - if((! $uid) || (! $days)) + if((! $uid) || ($days < 1)) return; + // $expire_network_only = save your own wall posts + // and just expire conversations started by others + + $expire_network_only = get_pconfig($uid,'expire','network_only'); + $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : ""); + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY AND `id` = `parent` + $sql_extra AND `deleted` = 0", intval($uid), intval($days) diff --git a/include/nav.php b/include/nav.php index 2c9c643a9..909ba9b54 100644 --- a/include/nav.php +++ b/include/nav.php @@ -117,7 +117,7 @@ function nav(&$a) { /* only show friend requests for normal pages. Other page types have automatic friendship. */ - if($_SESSION['page_flags'] == PAGE_NORMAL) { + if($_SESSION['page_flags'] == PAGE_NORMAL || $_SESSION['page_flags'] == PAGE_PRVGROUP) { $nav['introductions'] = array('notifications/intros', t('Introductions'), "", t('Friend Requests')); $nav['notifications'] = array('notifications', t('Notifications'), "", t('Notifications')); $nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", ""); diff --git a/include/notifier.php b/include/notifier.php index cb4fb2a31..070e7a436 100644 --- a/include/notifier.php +++ b/include/notifier.php @@ -345,7 +345,7 @@ function notifier_run($argv, $argc){ if($mail) { $public_message = false; // mail is not public - $body = fix_private_photos($item['body'],$owner['uid']); + $body = fix_private_photos($item['body'],$owner['uid'],null,$message[0]['contact-id']); $atom .= replace_macros($mail_template, array( '$name' => xmlify($owner['name']), diff --git a/include/profile_advanced.php b/include/profile_advanced.php index bb9850cd0..8c2acd8e7 100644 --- a/include/profile_advanced.php +++ b/include/profile_advanced.php @@ -25,8 +25,8 @@ function advanced_profile(&$a) { $val = ((intval($a->profile['dob'])) ? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format)) - : day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],6) . ' 00:00 +00:00',$short_bd_format))); - + : day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format))); + $profile['birthday'] = array( t('Birthday:'), $val); } diff --git a/include/profile_selectors.php b/include/profile_selectors.php index 4700bb96f..8d29fd099 100644 --- a/include/profile_selectors.php +++ b/include/profile_selectors.php @@ -5,6 +5,8 @@ function gender_selector($current="",$suffix="") { $o = ''; $select = array('', t('Male'), t('Female'), t('Currently Male'), t('Currently Female'), t('Mostly Male'), t('Mostly Female'), t('Transgender'), t('Intersex'), t('Transsexual'), t('Hermaphrodite'), t('Neuter'), t('Non-specific'), t('Other'), t('Undecided')); + call_hooks('gender_selector', $select); + $o .= ""; foreach($select as $selection) { if($selection !== 'NOTRANSLATION') { @@ -36,6 +41,8 @@ function marital_selector($current="",$suffix="") { $o = ''; $select = array('', t('Single'), t('Lonely'), t('Available'), t('Unavailable'), t('Has crush'), t('Infatuated'), t('Dating'), t('Unfaithful'), t('Sex Addict'), t('Friends'), t('Friends/Benefits'), t('Casual'), t('Engaged'), t('Married'), t('Imaginarily married'), t('Partners'), t('Cohabiting'), t('Common law'), t('Happy'), t('Not looking'), t('Swinger'), t('Betrayed'), t('Separated'), t('Unstable'), t('Divorced'), t('Imaginarily divorced'), t('Widowed'), t('Uncertain'), t('It\'s complicated'), t('Don\'t care'), t('Ask me') ); + call_hooks('marital_selector', $select); + $o .= "' : "" ), + '$hidethem' => t('Hide this contact'), + '$hidechecked' => '', '$confirm_key' => $confirm_key, '$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']), '$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url), @@ -680,7 +684,7 @@ function dfrn_request_content(&$a) { $auto_confirm = false; if(count($r)) { - if($r[0]['page-flags'] != PAGE_NORMAL) + if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP)) $auto_confirm = true; if(! $auto_confirm) { diff --git a/mod/item.php b/mod/item.php index 81dd553cd..497cf5daa 100644 --- a/mod/item.php +++ b/mod/item.php @@ -262,17 +262,17 @@ function item_post(&$a) { } } - if(strlen($categories)) { - // get the "fileas" tags for this post - $filedas = file_tag_file_to_list($categories, 'file'); + if(strlen($categories)) { + // get the "fileas" tags for this post + $filedas = file_tag_file_to_list($categories, 'file'); } - // save old and new categories, so we can determine what needs to be deleted from pconfig - $categories_old = $categories; - $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category'); - $categories_new = $categories; - if(strlen($filedas)) { - // append the fileas stuff to the new categories list - $categories .= file_tag_list_to_file($filedas, 'file'); + // save old and new categories, so we can determine what needs to be deleted from pconfig + $categories_old = $categories; + $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category'); + $categories_new = $categories; + if(strlen($filedas)) { + // append the fileas stuff to the new categories list + $categories .= file_tag_list_to_file($filedas, 'file'); } // Work around doubled linefeeds in Tinymce 3.5b2 @@ -355,13 +355,15 @@ function item_post(&$a) { $image_uri = substr($image_uri,0, strpos($image_uri,'-')); if(! strlen($image_uri)) continue; - $srch = '<' . intval($contact_record['id']) . '>'; + $srch = '<' . intval($contact_id) . '>'; + $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' AND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid) ); + if(! count($r)) continue; @@ -451,6 +453,7 @@ function item_post(&$a) { $tagged = array(); + $private_forum = false; if(count($tags)) { foreach($tags as $tag) { @@ -469,11 +472,22 @@ function item_post(&$a) { continue; $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); - if($success) + if($success['replaced']) $tagged[] = $tag; + if(is_array($success['contact']) && intval($success['contact']['prv'])) { + $private_forum = true; + $private_id = $success['contact']['id']; + } } } + if(($private_forum) && (! $parent) && (! $private)) { + // we tagged a private forum in a top level post and the message was public. + // Restrict it. + $private = 1; + $str_contact_allow = '<' . $private_id . '>'; + } + $attachments = ''; $match = false; @@ -891,6 +905,7 @@ function item_content(&$a) { function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { $replaced = false; + $r = null; //is it a hash tag? if(strpos($tag,'#') === 0) { @@ -1021,5 +1036,5 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { } } - return $replaced; + return array('replaced' => $replaced, 'contact' => $r[0]); } diff --git a/mod/network.php b/mod/network.php index f43eeb67e..7c4c1ac04 100644 --- a/mod/network.php +++ b/mod/network.php @@ -402,10 +402,22 @@ function network_content(&$a, $update = 0) { if(x($_GET,'search')) { $search = escape_tags($_GET['search']); - $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ", - dbesc(protect_sprintf('%' . $search . '%')), - dbesc(protect_sprintf('%]' . $search . '[%')) - ); + if (get_config('system','use_fulltext_engine')) { + if(strpos($search,'#') === 0) + $sql_extra .= sprintf(" AND (MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode)) ", + dbesc(protect_sprintf($search)) + ); + else + $sql_extra .= sprintf(" AND (MATCH(`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode)) ", + dbesc(protect_sprintf($search)), + dbesc(protect_sprintf($search)) + ); + } else { + $sql_extra .= sprintf(" AND ( `item`.`body` like '%s' OR `item`.`tag` like '%s' ) ", + dbesc(protect_sprintf('%' . $search . '%')), + dbesc(protect_sprintf('%]' . $search . '[%')) + ); + } } if(strlen($file)) { $sql_extra .= file_tag_file_query('item',unxmlify($file)); @@ -414,15 +426,22 @@ function network_content(&$a, $update = 0) { if($conv) { $myurl = $a->get_baseurl() . '/profile/'. $a->user['nickname']; $myurl = substr($myurl,strpos($myurl,'://')+3); - $myurl = str_replace(array('www.','.'),array('','\\.'),$myurl); + $myurl = str_replace('www.','',$myurl); $diasp_url = str_replace('/profile/','/u/',$myurl); - $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", - dbesc(protect_sprintf('%s' . $myurl)), - dbesc(protect_sprintf('%' . $myurl . '\\]%')), - dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) - ); - } + if (get_config('system','use_fulltext_engine')) + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where (MATCH(`author-link`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(`tag`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode))) ", + dbesc(protect_sprintf($myurl)), + dbesc(protect_sprintf($myurl)), + dbesc(protect_sprintf($diasp_url)) + ); + else + $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", + dbesc(protect_sprintf('%' . $myurl)), + dbesc(protect_sprintf('%' . $myurl . ']%')), + dbesc(protect_sprintf('%' . $diasp_url . ']%')) + ); + } if($update) { diff --git a/mod/notes.php b/mod/notes.php index 0072ce447..703c898e6 100644 --- a/mod/notes.php +++ b/mod/notes.php @@ -80,7 +80,8 @@ function notes_content(&$a,$update = false) { $r = q("SELECT COUNT(*) AS `total` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0 + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 + AND `item`.`deleted` = 0 AND `item`.`type` = 'note' AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self` = 1 AND `item`.`id` = `item`.`parent` AND `item`.`wall` = 0 $sql_extra ", @@ -95,7 +96,8 @@ function notes_content(&$a,$update = false) { $r = q("SELECT `item`.`id` AS `item_id`, `contact`.`uid` AS `contact-uid` FROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` - WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0 + WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0 + and `item`.`moderated` = 0 AND `item`.`type` = 'note' AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self` = 1 AND `item`.`id` = `item`.`parent` AND `item`.`wall` = 0 $sql_extra diff --git a/mod/profiles.php b/mod/profiles.php index 26fc88765..ca3890eb9 100644 --- a/mod/profiles.php +++ b/mod/profiles.php @@ -146,7 +146,7 @@ function profiles_post(&$a) { $value = $marital; } if($withchanged) { - $changes[] = '♥ ' . t('Romantic Partner'); + $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); $value = strip_tags($with); } if($work != $orig[0]['work']) { @@ -176,9 +176,18 @@ function profiles_post(&$a) { $changes[] = t('Interests'); $value = $interest; } - if($address != $orig[0]['address'] || $locality != $orig[0]['locality'] || $region != $orig[0]['region'] + if($address != $orig[0]['address']) { + $changes[] = t('Address'); + // New address not sent in notifications, potential privacy issues + // in case this leaks to unintended recipients. Yes, it's in the public + // profile but that doesn't mean we have to broadcast it to everybody. + } + if($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country-name']) { $changes[] = t('Location'); + $comma1 = ((($locality) && ($region || $country_name)) ? ', ' : ' '); + $comma2 = (($region && $country_name) ? ', ' : ''); + $value = $locality . $comma1 . $region . $comma2 . $country_name; } profile_activity($changes,$value); diff --git a/mod/register.php b/mod/register.php index 58bba8533..b162f62be 100644 --- a/mod/register.php +++ b/mod/register.php @@ -43,326 +43,44 @@ function register_post(&$a) { break; } - $using_invites = get_config('system','invitation_only'); - $num_invites = get_config('system','number_invites'); + require_once('include/user.php'); + $result = create_user($_POST); - $invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : ''); - $username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); - $nickname = ((x($_POST,'nickname')) ? notags(trim($_POST['nickname'])) : ''); - $email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : ''); - $openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : ''); - $photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : ''); - $publish = ((x($_POST,'profile_publish_reg') && intval($_POST['profile_publish_reg'])) ? 1 : 0); - - $netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0); - - $tmp_str = $openid_url; - - if($using_invites) { - if(! $invite_id) { - notice( t('An invitation is required.') . EOL); - return; - } - $r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id)); - if(! results($r)) { - notice( t('Invitation could not be verified.') . EOL); - return; - } - } - - if((! x($username)) || (! x($email)) || (! x($nickname))) { - if($openid_url) { - if(! validate_url($tmp_str)) { - notice( t('Invalid OpenID url') . EOL); - return; - } - $_SESSION['register'] = 1; - $_SESSION['openid'] = $openid_url; - require_once('library/openid.php'); - $openid = new LightOpenID; - $openid->identity = $openid_url; - $openid->returnUrl = $a->get_baseurl() . '/openid'; - $openid->required = array('namePerson/friendly', 'contact/email', 'namePerson'); - $openid->optional = array('namePerson/first','media/image/aspect11','media/image/default'); - goaway($openid->authUrl()); - // NOTREACHED - } - - notice( t('Please enter the required information.') . EOL ); + if(! $result['success']) { + notice($result['message']); return; } - if(! validate_url($tmp_str)) - $openid_url = ''; - - - $err = ''; - - // collapse multiple spaces in name - $username = preg_replace('/ +/',' ',$username); - - if(mb_strlen($username) > 48) - $err .= t('Please use a shorter name.') . EOL; - if(mb_strlen($username) < 3) - $err .= t('Name too short.') . EOL; - - // I don't really like having this rule, but it cuts down - // on the number of auto-registrations by Russian spammers - - // Using preg_match was completely unreliable, due to mixed UTF-8 regex support - // $no_utf = get_config('system','no_utf'); - // $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' ); - - // So now we are just looking for a space in the full name. - - $loose_reg = get_config('system','no_regfullname'); - if(! $loose_reg) { - $username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8'); - if(! strpos($username,' ')) - $err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL; - } - - - if(! allowed_email($email)) - $err .= t('Your email domain is not among those allowed on this site.') . EOL; - - if((! valid_email($email)) || (! validate_email($email))) - $err .= t('Not a valid email address.') . EOL; - - // Disallow somebody creating an account using openid that uses the admin email address, - // since openid bypasses email verification. We'll allow it if there is not yet an admin account. - - if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) { - $r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1", - dbesc($email) - ); - if(count($r)) - $err .= t('Cannot use that email.') . EOL; - } - - $nickname = $_POST['nickname'] = strtolower($nickname); - - if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname)) - $err .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL; - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $err .= t('Nickname is already registered. Please choose another.') . EOL; - - // Check deleted accounts that had this nickname. Doesn't matter to us, - // but could be a security issue for federated platforms. - - $r = q("SELECT * FROM `userd` - WHERE `username` = '%s' LIMIT 1", - dbesc($nickname) - ); - if(count($r)) - $err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL; - - if(strlen($err)) { - notice( $err ); - return; - } - - - $new_password = autoname(6) . mt_rand(100,9999); - $new_password_encoded = hash('whirlpool',$new_password); - - require_once('include/crypto.php'); - - $result = new_keypair(1024); - - if($result === false) { - notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL); - return; - } - - $prvkey = $result['prvkey']; - $pubkey = $result['pubkey']; - - /** - * - * Create another keypair for signing/verifying - * salmon protocol messages. We have to use a slightly - * less robust key because this won't be using openssl - * but the phpseclib. Since it is PHP interpreted code - * it is not nearly as efficient, and the larger keys - * will take several minutes each to process. - * - */ - - $sres = new_keypair(512); - $sprvkey = $sres['prvkey']; - $spubkey = $sres['pubkey']; - - $r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`, - `pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` ) - VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )", - dbesc(generate_user_guid()), - dbesc($username), - dbesc($new_password_encoded), - dbesc($email), - dbesc($openid_url), - dbesc($nickname), - dbesc($pubkey), - dbesc($prvkey), - dbesc($spubkey), - dbesc($sprvkey), - dbesc(datetime_convert()), - intval($verified), - intval($blocked) - ); - - if($r) { - $r = q("SELECT `uid` FROM `user` - WHERE `username` = '%s' AND `password` = '%s' LIMIT 1", - dbesc($username), - dbesc($new_password_encoded) - ); - if($r !== false && count($r)) - $newuid = intval($r[0]['uid']); - } - else { - notice( t('An error occurred during registration. Please try again.') . EOL ); - return; - } - - /** - * if somebody clicked submit twice very quickly, they could end up with two accounts - * due to race condition. Remove this one. - */ - - $r = q("SELECT `uid` FROM `user` - WHERE `nickname` = '%s' ", - dbesc($nickname) - ); - if((count($r) > 1) && $newuid) { - $err .= t('Nickname is already registered. Please choose another.') . EOL; - q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1", - intval($newuid) - ); - notice ($err); - return; - } - - if(x($newuid) !== false) { - $r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` ) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ", - intval($newuid), - 'default', - 1, - dbesc($username), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), - intval($publish), - intval($netpublish) - - ); - if($r === false) { - notice( t('An error occurred creating your default profile. Please try again.') . EOL ); - // Start fresh next time. - $r = q("DELETE FROM `user` WHERE `uid` = %d", - intval($newuid)); - return; - } - $r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`, - `request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` ) - VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ", - intval($newuid), - datetime_convert(), - dbesc($username), - dbesc($nickname), - dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"), - dbesc($a->get_baseurl() . "/profile/$nickname"), - dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")), - dbesc($a->get_baseurl() . "/dfrn_request/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"), - dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"), - dbesc($a->get_baseurl() . "/poco/$nickname"), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); - - - } - - // if we have no OpenID photo try to look up an avatar - if(! strlen($photo)) - $photo = avatar_img($email); - - // unless there is no avatar-plugin loaded - if(strlen($photo)) { - require_once('include/Photo.php'); - $photo_failure = false; - - $filename = basename($photo); - $img_str = fetch_url($photo,true); - $img = new Photo($img_str); - if($img->is_valid()) { - - $img->scaleImageSquare(175); - - $hash = photo_new_resource(); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(80); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 ); - - if($r === false) - $photo_failure = true; - - $img->scaleImage(48); - - $r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 ); - - if($r === false) - $photo_failure = true; - - if(! $photo_failure) { - q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ", - dbesc($hash) - ); - } - } - } - + $user = $result['user']; + if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) { - $url = $a->get_baseurl() . "/profile/$nickname"; + $url = $a->get_baseurl() . '/profile/' . $user['nickname']; proc_run('php',"include/directory.php","$url"); } + $using_invites = get_config('system','invitation_only'); + $num_invites = get_config('system','number_invites'); + $invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : ''); - call_hooks('register_account', $newuid); if( $a->config['register_policy'] == REGISTER_OPEN ) { if($using_invites && $invite_id) { q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); - set_pconfig($newuid,'system','invites_remaining',$num_invites); + set_pconfig($user['uid'],'system','invites_remaining',$num_invites); } $email_tpl = get_intltext_template("register_open_eml.tpl"); $email_tpl = replace_macros($email_tpl, array( '$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$password' => $new_password, - '$uid' => $newuid )); + '$username' => $user['username'], + '$email' => $user['email'], + '$password' => $result['password'], + '$uid' => $user['uid'] )); - $res = mail($email, sprintf(t('Registration details for %s'), $a->config['sitename']), + $res = mail($user['email'], sprintf(t('Registration details for %s'), $a->config['sitename']), $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" @@ -387,8 +105,8 @@ function register_post(&$a) { $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", dbesc($hash), dbesc(datetime_convert()), - intval($newuid), - dbesc($new_password), + intval($user['uid']), + dbesc($result['password']), dbesc($lang) ); @@ -402,17 +120,17 @@ function register_post(&$a) { if($using_invites && $invite_id) { q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); - set_pconfig($newuid,'system','invites_remaining',$num_invites); + set_pconfig($user['uid'],'system','invites_remaining',$num_invites); } $email_tpl = get_intltext_template("register_verify_eml.tpl"); $email_tpl = replace_macros($email_tpl, array( '$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), - '$username' => $username, - '$email' => $email, - '$password' => $new_password, - '$uid' => $newuid, + '$username' => $user['username'], + '$email' => $user['email'], + '$password' => $result['password'], + '$uid' => $user['uid'], '$hash' => $hash )); diff --git a/mod/search.php b/mod/search.php index 3e6bf68aa..466ffc4c3 100644 --- a/mod/search.php +++ b/mod/search.php @@ -71,7 +71,7 @@ function search_content(&$a) { notice( t('Public access denied.') . EOL); return; } - + nav_set_selected('search'); require_once("include/bbcode.php"); @@ -96,7 +96,6 @@ function search_content(&$a) { $o .= search($search,'search-box','/search',((local_user()) ? true : false)); - if(strpos($search,'#') === 0) { $tag = true; $search = substr($search,1); @@ -109,10 +108,17 @@ function search_content(&$a) { if(! $search) return $o; - if($tag) - $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\[')); - else - $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search))); + if (get_config('system','use_fulltext_engine')) { + if($tag) + $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search))); + else + $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search))); + } else { + if($tag) + $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\[')); + else + $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); + } diff --git a/mod/settings.php b/mod/settings.php index 40fa55eea..92593d7a8 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -15,6 +15,7 @@ function get_theme_config_file($theme){ } function settings_init(&$a) { + // These lines provide the javascript needed by the acl selector $a->page['htmlhead'] .= "