tobias/friendica
1
0
Fork 0
Code Pull requests Activity

Merge branch 'develop' into task/3954-move-auth-to-src

Browse source
This commit is contained in:
Hypolite Petovan 2018-01-02 19:30:41 -05:00
commit 9a3e773a9a
54 changed files with 2172 additions and 2028 deletions
Download patch file Download diff file Expand all files Collapse all files

81
mod/contacts.php
View file

@ -35,8 +35,9 @@ function contacts_init(App $a) {
require_once 'include/contact_widgets.php';
if ($_GET['nets'] == "all") {
$_GET['nets'] = "";
$nets = defaults($_GET, 'nets', '');
if ($nets == "all") {
$nets = "";
}
if (! x($a->page,'aside')) {
@ -63,22 +64,22 @@ function contacts_init(App $a) {
'$account_type' => Contact::getAccountType($a->data['contact'])
));
$finpeople_widget = '';
$findpeople_widget = '';
$follow_widget = '';
$networks_widget = '';
} else {
$vcard_widget = '';
$networks_widget .= networks_widget('contacts',$_GET['nets']);
$networks_widget = networks_widget('contacts', $nets);
if (isset($_GET['add'])) {
$follow_widget = follow_widget($_GET['add']);
} else {
$follow_widget = follow_widget();
}
$findpeople_widget .= findpeople_widget();
$findpeople_widget = findpeople_widget();
}
$groups_widget .= Group::sidebarWidget('contacts','group','full',0,$contact_id);
$groups_widget = Group::sidebarWidget('contacts','group','full',0,$contact_id);
$a->page['aside'] .= replace_macros(get_markup_template("contacts-widget-sidebar.tpl"),array(
'$vcard_widget' => $vcard_widget,
@ -515,8 +516,6 @@ function contacts_content(App $a) {
require_once 'include/contact_selectors.php';
$tpl = get_markup_template("contact_edit.tpl");
switch($contact['rel']) {
case CONTACT_IS_FRIEND:
$dir_icon = 'images/lrarrow.gif';
@ -577,6 +576,7 @@ function contacts_content(App $a) {
$lost_contact = (($contact['archive'] && $contact['term-date'] > NULL_DATE && $contact['term-date'] < datetime_convert('','','now')) ? t('Communications lost with this contact!') : '');
$fetch_further_information = null;
if ($contact['network'] == NETWORK_FEED) {
$fetch_further_information = array('fetch_further_information',
t('Fetch further information for feeds'),
@ -587,12 +587,19 @@ function contacts_content(App $a) {
'3' => t('Fetch keywords'),
'2' => t('Fetch information and keywords')));
}
if (in_array($contact['network'], array(NETWORK_FEED, NETWORK_MAIL)))
$poll_interval = null;
if (in_array($contact['network'], array(NETWORK_FEED, NETWORK_MAIL))) {
$poll_interval = contact_poll_interval($contact['priority'],(! $poll_enabled));
}
if ($contact['network'] == NETWORK_DFRN)
$profile_select = null;
if ($contact['network'] == NETWORK_DFRN) {
$profile_select = contact_profile_assign($contact['profile-id'],(($contact['network'] !== NETWORK_DFRN) ? true : false));
}
$follow = '';
$follow_text = '';
if (in_array($contact['network'], array(NETWORK_DIASPORA, NETWORK_OSTATUS))) {
if ($contact['rel'] == CONTACT_IS_FOLLOWER) {
$follow = System::baseUrl(true)."/follow?url=".urlencode($contact["url"]);
@ -606,7 +613,7 @@ function contacts_content(App $a) {
// Load contactact related actions like hide, suggest, delete and others
$contact_actions = contact_actions($contact);
$tpl = get_markup_template("contact_edit.tpl");
$o .= replace_macros($tpl, array(
//'$header' => t('Contact Editor'),
'$header' => t("Contact"),
@ -618,9 +625,7 @@ function contacts_content(App $a) {
'$lbl_info2' => t('Their personal note'),
'$reason' => trim(notags($contact['reason'])),
'$infedit' => t('Edit contact notes'),
'$common_text' => $common_text,
'$common_link' => 'common/loc/' . local_user() . '/' . $contact['id'],
'$all_friends' => $all_friends,
'$relation_text' => $relation_text,
'$visit' => sprintf( t('Visit %s\'s profile [%s]'),$contact['name'],$contact['url']),
'$blockunblock' => t('Block/Unblock contact'),
@ -658,7 +663,6 @@ function contacts_content(App $a) {
'$photo' => $contact['photo'],
'$name' => htmlentities($contact['name']),
'$dir_icon' => $dir_icon,
'$alt_text' => $alt_text,
'$sparkle' => $sparkle,
'$url' => $url,
'$profileurllabel' => t('Profile URL'),
@ -688,36 +692,33 @@ function contacts_content(App $a) {
}
$blocked = false;
$hidden = false;
$ignored = false;
$all = false;
$blocked = false;
$hidden = false;
$ignored = false;
$archived = false;
$all = false;
if(($a->argc == 2) && ($a->argv[1] === 'all')) {
$sql_extra = '';
$all = true;
}
elseif(($a->argc == 2) && ($a->argv[1] === 'blocked')) {
} elseif(($a->argc == 2) && ($a->argv[1] === 'blocked')) {
$sql_extra = " AND `blocked` = 1 ";
$blocked = true;
}
elseif(($a->argc == 2) && ($a->argv[1] === 'hidden')) {
} elseif(($a->argc == 2) && ($a->argv[1] === 'hidden')) {
$sql_extra = " AND `hidden` = 1 ";
$hidden = true;
}
elseif(($a->argc == 2) && ($a->argv[1] === 'ignored')) {
} elseif(($a->argc == 2) && ($a->argv[1] === 'ignored')) {
$sql_extra = " AND `readonly` = 1 ";
$ignored = true;
}
elseif(($a->argc == 2) && ($a->argv[1] === 'archived')) {
} elseif(($a->argc == 2) && ($a->argv[1] === 'archived')) {
$sql_extra = " AND `archive` = 1 ";
$archived = true;
}
else
} else {
$sql_extra = " AND `blocked` = 0 ";
}
$search = ((x($_GET,'search')) ? notags(trim($_GET['search'])) : '');
$nets = ((x($_GET,'nets')) ? notags(trim($_GET['nets'])) : '');
$search = x($_GET, 'search') ? notags(trim($_GET['search'])) : '';
$nets = x($_GET, 'nets') ? notags(trim($_GET['nets'])) : '';
$tabs = array(
array(
@ -786,25 +787,25 @@ function contacts_content(App $a) {
$tab_tpl = get_markup_template('common_tabs.tpl');
$t = replace_macros($tab_tpl, array('$tabs'=>$tabs));
$searching = false;
if($search) {
$search_hdr = null;
if ($search) {
$search_hdr = $search;
$search_txt = dbesc(protect_sprintf(preg_quote($search)));
$searching = true;
}
$sql_extra .= (($searching) ? " AND (name REGEXP '$search_txt' OR url REGEXP '$search_txt' OR nick REGEXP '$search_txt') " : "");
if($nets)
if ($nets) {
$sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
}
$sql_extra2 = ((($sort_type > 0) && ($sort_type <= CONTACT_IS_FRIEND)) ? sprintf(" AND `rel` = %d ",intval($sort_type)) : '');
$r = q("SELECT COUNT(*) AS `total` FROM `contact`
WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 $sql_extra $sql_extra2 ",
intval($_SESSION['uid']));
intval($_SESSION['uid'])
);
if (DBM::is_result($r)) {
$a->set_pager_total($r[0]['total']);
$total = $r[0]['total'];
@ -834,7 +835,7 @@ function contacts_content(App $a) {
'$total' => $total,
'$search' => $search_hdr,
'$desc' => t('Search your contacts'),
'$finding' => (($searching) ? sprintf(t('Results for: %s'),$search) : ""),
'$finding' => $searching ? t('Results for: %s', $search) : "",
'$submit' => t('Find'),
'$cmd' => $a->cmd,
'$contacts' => $contacts,
@ -849,7 +850,6 @@ function contacts_content(App $a) {
),
'$h_batch_actions' => t('Batch Actions'),
'$paginate' => paginate($a),
));
return $o;
@ -927,12 +927,11 @@ function contact_posts($a, $contact_id) {
$contact = $r[0];
$a->page['aside'] = "";
profile_load($a, "", 0, Contact::getDetailsByURL($contact["url"]));
} else
$profile = "";
}
$tab_str = contacts_tab($a, $contact_id, 1);
$o .= $tab_str;
$o = $tab_str;
$o .= Contact::getPostsFromUrl($contact["url"]);

112
mod/crepair.php
View file

@ -1,4 +1,5 @@
<?php
/**
* @file mod/crepair.php
*/
@ -10,65 +11,68 @@ use Friendica\Model\Contact;
require_once 'include/contact_selectors.php';
require_once 'mod/contacts.php';
function crepair_init(App $a) {
if (! local_user()) {
function crepair_init(App $a)
{
if (!local_user()) {
return;
}
$contact_id = 0;
if(($a->argc == 2) && intval($a->argv[1])) {
if (($a->argc == 2) && intval($a->argv[1])) {
$contact_id = intval($a->argv[1]);
$r = q("SELECT * FROM `contact` WHERE `uid` = %d and `id` = %d LIMIT 1",
intval(local_user()),
intval($contact_id)
);
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
$contact_id = 0;
}
}
if(! x($a->page,'aside'))
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
if($contact_id) {
if ($contact_id) {
$a->data['contact'] = $r[0];
$contact = $r[0];
profile_load($a, "", 0, Contact::getDetailsByURL($contact["url"]));
}
}
function crepair_post(App $a) {
if (! local_user()) {
function crepair_post(App $a)
{
if (!local_user()) {
return;
}
$cid = (($a->argc > 1) ? intval($a->argv[1]) : 0);
if($cid) {
if ($cid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval(local_user())
);
}
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
return;
}
$contact = $r[0];
$name = ((x($_POST,'name')) ? $_POST['name'] : $contact['name']);
$nick = ((x($_POST,'nick')) ? $_POST['nick'] : '');
$url = ((x($_POST,'url')) ? $_POST['url'] : '');
$request = ((x($_POST,'request')) ? $_POST['request'] : '');
$confirm = ((x($_POST,'confirm')) ? $_POST['confirm'] : '');
$notify = ((x($_POST,'notify')) ? $_POST['notify'] : '');
$poll = ((x($_POST,'poll')) ? $_POST['poll'] : '');
$attag = ((x($_POST,'attag')) ? $_POST['attag'] : '');
$photo = ((x($_POST,'photo')) ? $_POST['photo'] : '');
$remote_self = ((x($_POST,'remote_self')) ? $_POST['remote_self'] : false);
$nurl = normalise_link($url);
$name = defaults($_POST, 'name' , $contact['name']);
$nick = defaults($_POST, 'nick' , '');
$url = defaults($_POST, 'url' , '');
$request = defaults($_POST, 'request' , '');
$confirm = defaults($_POST, 'confirm' , '');
$notify = defaults($_POST, 'notify' , '');
$poll = defaults($_POST, 'poll' , '');
$attag = defaults($_POST, 'attag' , '');
$photo = defaults($_POST, 'photo' , '');
$remote_self = defaults($_POST, 'remote_self', false);
$nurl = normalise_link($url);
$r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `url` = '%s', `nurl` = '%s', `request` = '%s', `confirm` = '%s', `notify` = '%s', `poll` = '%s', `attag` = '%s' , `remote_self` = %d
WHERE `id` = %d AND `uid` = %d",
@ -101,26 +105,24 @@ function crepair_post(App $a) {
return;
}
function crepair_content(App $a) {
if (! local_user()) {
notice( t('Permission denied.') . EOL);
function crepair_content(App $a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$cid = (($a->argc > 1) ? intval($a->argv[1]) : 0);
if($cid) {
if ($cid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($cid),
intval(local_user())
);
}
if (! DBM::is_result($r)) {
notice( t('Contact not found.') . EOL);
if (!DBM::is_result($r)) {
notice(t('Contact not found.') . EOL);
return;
}
@ -131,45 +133,44 @@ function crepair_content(App $a) {
$returnaddr = "contacts/$cid";
$allow_remote_self = Config::get('system','allow_users_remote_self');
$allow_remote_self = Config::get('system', 'allow_users_remote_self');
// Disable remote self for everything except feeds.
// There is an issue when you repeat an item from maybe twitter and you got comments from friendica and twitter
// Problem is, you couldn't reply to both networks.
if (!in_array($contact['network'], array(NETWORK_FEED, NETWORK_DFRN, NETWORK_DIASPORA)))
if (!in_array($contact['network'], array(NETWORK_FEED, NETWORK_DFRN, NETWORK_DIASPORA))) {
$allow_remote_self = false;
}
if ($contact['network'] == NETWORK_FEED)
$remote_self_options = array('0'=>t('No mirroring'), '1'=>t('Mirror as forwarded posting'), '2'=>t('Mirror as my own posting'));
else
$remote_self_options = array('0'=>t('No mirroring'), '2'=>t('Mirror as my own posting'));
if ($contact['network'] == NETWORK_FEED) {
$remote_self_options = array('0' => t('No mirroring'), '1' => t('Mirror as forwarded posting'), '2' => t('Mirror as my own posting'));
} else {
$remote_self_options = array('0' => t('No mirroring'), '2' => t('Mirror as my own posting'));
}
$update_profile = in_array($contact['network'], array(NETWORK_DFRN, NETWORK_DSPR, NETWORK_OSTATUS));
$update_profile = in_array($contact['network'], array(NETWORK_DFRN, NETWORK_DIASPORA, NETWORK_OSTATUS));
$tab_str = contacts_tab($a, $contact['id'], 5);
$tpl = get_markup_template('crepair.tpl');
$o .= replace_macros($tpl, array(
//'$title' => t('Repair Contact Settings'),
'$tab_str' => $tab_str,
'$warning' => $warning,
'$info' => $info,
'$returnaddr' => $returnaddr,
'$return' => t('Return to contact editor'),
'$update_profile' => update_profile,
'$udprofilenow' => t('Refetch contact data'),
'$contact_id' => $contact['id'],
'$lbl_submit' => t('Submit'),
$o = replace_macros($tpl, array(
'$tab_str' => $tab_str,
'$warning' => $warning,
'$info' => $info,
'$returnaddr' => $returnaddr,
'$return' => t('Return to contact editor'),
'$update_profile' => $update_profile,
'$udprofilenow' => t('Refetch contact data'),
'$contact_id' => $contact['id'],
'$lbl_submit' => t('Submit'),
'$label_remote_self' => t('Remote Self'),
'$allow_remote_self' => $allow_remote_self,
'$remote_self' => array('remote_self',
t('Mirror postings from this contact'),
$contact['remote_self'],
t('Mark this contact as remote_self, this will cause friendica to repost new entries from this contact.'),
$remote_self_options
),
t('Mirror postings from this contact'),
$contact['remote_self'],
t('Mark this contact as remote_self, this will cause friendica to repost new entries from this contact.'),
$remote_self_options
),
'$name' => array('name', t('Name') , htmlentities($contact['name'])),
'$nick' => array('nick', t('Account Nickname'), htmlentities($contact['nick'])),
@ -183,5 +184,4 @@ function crepair_content(App $a) {
));
return $o;
}

5
mod/dfrn_confirm.php
View file

@ -29,6 +29,7 @@ use Friendica\Model\Group;
use Friendica\Model\User;
use Friendica\Network\Probe;
use Friendica\Protocol\Diaspora;
use Friendica\Util\Crypto;
require_once 'include/enotify.php';
@ -162,9 +163,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) {
* worried about key leakage than anybody cracking it.
*
*/
require_once 'include/crypto.php';
$res = new_keypair(4096);
$res = Crypto::newKeypair(4096);
$private_key = $res['prvkey'];

324
mod/dfrn_poll.php
View file

@ -1,4 +1,5 @@
<?php
/**
* @file mod/dfrn_poll.php
*/
@ -12,49 +13,50 @@ use Friendica\Protocol\OStatus;
require_once 'include/items.php';
function dfrn_poll_init(App $a) {
function dfrn_poll_init(App $a)
{
Login::sessionAuth();
$dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
$last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
$challenge = ((x($_GET,'challenge')) ? $_GET['challenge'] : '');
$sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
$perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
$quiet = ((x($_GET,'quiet')) ? true : false);
$dfrn_id = defaults($_GET, 'dfrn_id' , '');
$type = defaults($_GET, 'type' , 'data');
$last_update = defaults($_GET, 'last_update' , '');
$destination_url = defaults($_GET, 'destination_url', '');
$challenge = defaults($_GET, 'challenge' , '');
$sec = defaults($_GET, 'sec' , '');
$dfrn_version = defaults($_GET, 'dfrn_version' , 2.0);
$perm = defaults($_GET, 'perm' , 'r');
$quiet = x($_GET, 'quiet');
// Possibly it is an OStatus compatible server that requests a user feed
if (($a->argc > 1) && ($dfrn_id == '') && !strstr($_SERVER["HTTP_USER_AGENT"], 'Friendica')) {
$nickname = $a->argv[1];
header("Content-type: application/atom+xml");
echo OStatus::feed($a, $nickname, $last_update, 10);
echo OStatus::feed($nickname, $last_update, 10);
killme();
}
$direction = (-1);
$direction = -1;
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
$hidewall = false;
if(($dfrn_id === '') && (! x($_POST,'dfrn_id'))) {
if((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) {
if (($dfrn_id === '') && (!x($_POST, 'dfrn_id'))) {
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
http_status_exit(403);
}
$user = '';
if($a->argc > 1) {
if ($a->argc > 1) {
$r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
dbesc($a->argv[1])
);
if (!$r)
if (!$r) {
http_status_exit(404);
}
$hidewall = ($r[0]['hidewall'] && !local_user());
@ -63,16 +65,15 @@ function dfrn_poll_init(App $a) {
logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
header("Content-type: application/atom+xml");
echo DFRN::feed('', $user,$last_update, 0, $hidewall);
echo DFRN::feed('', $user, $last_update, 0, $hidewall);
killme();
}
if(($type === 'profile') && (! strlen($sec))) {
if (($type === 'profile') && (!strlen($sec))) {
$sql_extra = '';
switch($direction) {
case (-1):
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
@ -96,28 +97,29 @@ function dfrn_poll_init(App $a) {
);
if (DBM::is_result($r)) {
$s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA);
if(strlen($s)) {
if (strlen($s)) {
$xml = parse_xml_string($s);
if((int) $xml->status == 1) {
if ((int) $xml->status === 1) {
$_SESSION['authenticated'] = 1;
if(! x($_SESSION,'remote'))
if (!x($_SESSION, 'remote')) {
$_SESSION['remote'] = array();
}
$_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
$_SESSION['remote'][] = array('cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']);
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_handle'] = $r[0]['addr'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
if(!$quiet)
info( sprintf(t('%1$s welcomes %2$s'), $r[0]['username'] , $r[0]['name']) . EOL);
if (!$quiet) {
info(sprintf(t('%1$s welcomes %2$s'), $r[0]['username'], $r[0]['name']) . EOL);
}
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
@ -131,53 +133,53 @@ function dfrn_poll_init(App $a) {
goaway((strlen($destination_url)) ? $destination_url : System::baseUrl() . '/profile/' . $profile);
}
goaway(System::baseUrl());
}
if($type === 'profile-check' && $dfrn_version < 2.2 ) {
if((strlen($challenge)) && (strlen($sec))) {
if ($type === 'profile-check' && $dfrn_version < 2.2) {
if ((strlen($challenge)) && (strlen($sec))) {
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
dbesc($sec)
);
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
xml_status(3, 'No ticket');
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
if(strpos($orig_id, ':'))
$orig_id = substr($orig_id,2);
if (strpos($orig_id, ':')) {
$orig_id = substr($orig_id, 2);
}
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if (! DBM::is_result($c)) {
if (!DBM::is_result($c)) {
xml_status(3, 'No profile');
}
$contact = $c[0];
$sent_dfrn_id = hex2bin($dfrn_id);
$challenge = hex2bin($challenge);
$challenge = hex2bin($challenge);
$final_dfrn_id = '';
if(($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
}
else {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
if (($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
} else {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if(strpos($final_dfrn_id,':') == 1)
$final_dfrn_id = substr($final_dfrn_id,2);
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if($final_dfrn_id != $orig_id) {
if ($final_dfrn_id != $orig_id) {
logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
// did not decode properly - cannot trust this site
xml_status(3, 'Bad decryption');
@ -187,11 +189,9 @@ function dfrn_poll_init(App $a) {
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
killme();
// NOTREACHED
}
else {
// old protocol
switch($direction) {
} else {
// old protocol
switch ($direction) {
case 1:
$dfrn_id = '0:' . $dfrn_id;
break;
@ -202,7 +202,6 @@ function dfrn_poll_init(App $a) {
break;
}
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
dbesc($dfrn_id));
@ -214,67 +213,65 @@ function dfrn_poll_init(App $a) {
return; // NOTREACHED
}
}
}
function dfrn_poll_post(App $a)
{
$dfrn_id = x($_POST,'dfrn_id') ? $_POST['dfrn_id'] : '';
$challenge = x($_POST,'challenge') ? $_POST['challenge'] : '';
$url = x($_POST,'url') ? $_POST['url'] : '';
$sec = x($_POST,'sec') ? $_POST['sec'] : '';
$ptype = x($_POST,'type') ? $_POST['type'] : '';
$dfrn_version = x($_POST,'dfrn_version') ? (float) $_POST['dfrn_version'] : 2.0;
$perm = x($_POST,'perm') ? $_POST['perm'] : 'r';
function dfrn_poll_post(App $a) {
$dfrn_id = ((x($_POST,'dfrn_id')) ? $_POST['dfrn_id'] : '');
$challenge = ((x($_POST,'challenge')) ? $_POST['challenge'] : '');
$url = ((x($_POST,'url')) ? $_POST['url'] : '');
$sec = ((x($_POST,'sec')) ? $_POST['sec'] : '');
$ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
if($ptype === 'profile-check') {
if((strlen($challenge)) && (strlen($sec))) {
if ($ptype === 'profile-check') {
if (strlen($challenge) && strlen($sec)) {
logger('dfrn_poll: POST: profile-check');
q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time()));
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
dbesc($sec)
);
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
xml_status(3, 'No ticket');
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
if(strpos($orig_id, ':'))
$orig_id = substr($orig_id,2);
if (strpos($orig_id, ':')) {
$orig_id = substr($orig_id, 2);
}
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if (! DBM::is_result($c)) {
if (!DBM::is_result($c)) {
xml_status(3, 'No profile');
}
$contact = $c[0];
$sent_dfrn_id = hex2bin($dfrn_id);
$challenge = hex2bin($challenge);
$challenge = hex2bin($challenge);
$final_dfrn_id = '';
if(($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
openssl_private_decrypt($challenge,$decoded_challenge,$contact['prvkey']);
}
else {
openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
openssl_public_decrypt($challenge,$decoded_challenge,$contact['pubkey']);
if ($contact['duplex'] && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
} else {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if(strpos($final_dfrn_id,':') == 1)
$final_dfrn_id = substr($final_dfrn_id,2);
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if($final_dfrn_id != $orig_id) {
if ($final_dfrn_id != $orig_id) {
logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG);
// did not decode properly - cannot trust this site
xml_status(3, 'Bad decryption');
@ -285,22 +282,20 @@ function dfrn_poll_post(App $a) {
killme();
// NOTREACHED
}
}
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
$direction = -1;
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
dbesc($dfrn_id),
dbesc($challenge)
);
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
killme();
}
@ -314,8 +309,8 @@ function dfrn_poll_post(App $a) {
$sql_extra = '';
switch($direction) {
case (-1):
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
@ -332,11 +327,8 @@ function dfrn_poll_post(App $a) {
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
if (! DBM::is_result($r)) {
if (!DBM::is_result($r)) {
killme();
}
@ -344,8 +336,7 @@ function dfrn_poll_post(App $a) {
$owner_uid = $r[0]['uid'];
$contact_id = $r[0]['id'];
if($type === 'reputation' && strlen($url)) {
if ($type === 'reputation' && strlen($url)) {
$r = q("SELECT * FROM `contact` WHERE `url` = '%s' AND `uid` = %d LIMIT 1",
dbesc($url),
intval($owner_uid)
@ -357,7 +348,7 @@ function dfrn_poll_post(App $a) {
$reputation = $r[0]['rating'];
$text = $r[0]['reason'];
if($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
if ($r[0]['id'] == $contact_id) { // inquiring about own reputation not allowed
$reputation = 0;
$text = '';
}
@ -372,18 +363,17 @@ function dfrn_poll_post(App $a) {
";
killme();
// NOTREACHED
}
else {
} else {
// Update the writable flag if it changed
logger('dfrn_poll: post request feed: ' . print_r($_POST,true),LOGGER_DATA);
if($dfrn_version >= 2.21) {
if($perm === 'rw')
logger('dfrn_poll: post request feed: ' . print_r($_POST, true), LOGGER_DATA);
if ($dfrn_version >= 2.21) {
if ($perm === 'rw') {
$writable = 1;
else
} else {
$writable = 0;
}
if($writable != $contact['writable']) {
if ($writable != $contact['writable']) {
q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d",
intval($writable),
intval($contact_id)
@ -395,29 +385,27 @@ function dfrn_poll_post(App $a) {
$o = DFRN::feed($dfrn_id, $a->argv[1], $last_update, $direction);
echo $o;
killme();
}
}
function dfrn_poll_content(App $a) {
function dfrn_poll_content(App $a)
{
$dfrn_id = x($_GET,'dfrn_id') ? $_GET['dfrn_id'] : '';
$type = x($_GET,'type') ? $_GET['type'] : 'data';
$last_update = x($_GET,'last_update') ? $_GET['last_update'] : '';
$destination_url = x($_GET,'destination_url') ? $_GET['destination_url'] : '';
$sec = x($_GET,'sec') ? $_GET['sec'] : '';
$dfrn_version = x($_GET,'dfrn_version') ? (float) $_GET['dfrn_version'] : 2.0;
$perm = x($_GET,'perm') ? $_GET['perm'] : 'r';
$quiet = x($_GET,'quiet') ? true : false;
$dfrn_id = ((x($_GET,'dfrn_id')) ? $_GET['dfrn_id'] : '');
$type = ((x($_GET,'type')) ? $_GET['type'] : 'data');
$last_update = ((x($_GET,'last_update')) ? $_GET['last_update'] : '');
$destination_url = ((x($_GET,'destination_url')) ? $_GET['destination_url'] : '');
$sec = ((x($_GET,'sec')) ? $_GET['sec'] : '');
$dfrn_version = ((x($_GET,'dfrn_version')) ? (float) $_GET['dfrn_version'] : 2.0);
$perm = ((x($_GET,'perm')) ? $_GET['perm'] : 'r');
$quiet = ((x($_GET,'quiet')) ? true : false);
$direction = (-1);
if(strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
$direction = -1;
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
if($dfrn_id != '') {
if ($dfrn_id != '') {
// initial communication from external contact
$hash = random_string();
@ -425,7 +413,7 @@ function dfrn_poll_content(App $a) {
$r = q("DELETE FROM `challenge` WHERE `expire` < " . intval(time()));
if($type !== 'profile') {
if ($type !== 'profile') {
$r = q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
dbesc($hash),
@ -435,13 +423,16 @@ function dfrn_poll_content(App $a) {
dbesc($last_update)
);
}
$sql_extra = '';
switch($direction) {
case (-1):
if($type === 'profile')
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id),dbesc($dfrn_id));
else
switch ($direction) {
case -1:
if ($type === 'profile') {
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id));
} else {
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
}
$my_id = $dfrn_id;
break;
case 0:
@ -465,36 +456,30 @@ function dfrn_poll_content(App $a) {
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
dbesc($nickname)
);
if (DBM::is_result($r)) {
$challenge = '';
$encrypted_id = '';
$id_str = $my_id . '.' . mt_rand(1000,9999);
$id_str = $my_id . '.' . mt_rand(1000, 9999);
if(($r[0]['duplex'] && strlen($r[0]['pubkey'])) || (! strlen($r[0]['prvkey']))) {
openssl_public_encrypt($hash,$challenge,$r[0]['pubkey']);
openssl_public_encrypt($id_str,$encrypted_id,$r[0]['pubkey']);
}
else {
openssl_private_encrypt($hash,$challenge,$r[0]['prvkey']);
openssl_private_encrypt($id_str,$encrypted_id,$r[0]['prvkey']);
if (($r[0]['duplex'] && strlen($r[0]['pubkey'])) || !strlen($r[0]['prvkey'])) {
openssl_public_encrypt($hash, $challenge, $r[0]['pubkey']);
openssl_public_encrypt($id_str, $encrypted_id, $r[0]['pubkey']);
} else {
openssl_private_encrypt($hash, $challenge, $r[0]['prvkey']);
openssl_private_encrypt($id_str, $encrypted_id, $r[0]['prvkey']);
}
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
}
else {
} else {
$status = 1;
$challenge = '';
$encrypted_id = '';
}
if(($type === 'profile') && (strlen($sec))) {
if (($type === 'profile') && (strlen($sec))) {
// URL reply
if($dfrn_version < 2.2) {
if ($dfrn_version < 2.2) {
$s = fetch_url($r[0]['poll']
. '?dfrn_id=' . $encrypted_id
. '&type=profile-check'
@ -502,8 +487,7 @@ function dfrn_poll_content(App $a) {
. '&challenge=' . $challenge
. '&sec=' . $sec
);
}
else {
} else {
$s = post_url($r[0]['poll'], array(
'dfrn_id' => $encrypted_id,
'type' => 'profile-check',
@ -515,7 +499,7 @@ function dfrn_poll_content(App $a) {
$profile = ((DBM::is_result($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
switch($destination_url) {
switch ($destination_url) {
case 'profile':
$dest = System::baseUrl() . '/profile/' . $profile . '?f=&tab=profile';
break;
@ -534,26 +518,28 @@ function dfrn_poll_content(App $a) {
logger("dfrn_poll: sec profile: " . $s, LOGGER_DATA);
if(strlen($s) && strstr($s,'<?xml')) {
if (strlen($s) && strstr($s, '<?xml')) {
$xml = parse_xml_string($s);
logger('dfrn_poll: profile: parsed xml: ' . print_r($xml,true), LOGGER_DATA);
logger('dfrn_poll: profile: parsed xml: ' . print_r($xml, true), LOGGER_DATA);
logger('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
logger('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
if(((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
$_SESSION['authenticated'] = 1;
if(! x($_SESSION,'remote'))
if (!x($_SESSION, 'remote')) {
$_SESSION['remote'] = array();
$_SESSION['remote'][] = array('cid' => $r[0]['id'],'uid' => $r[0]['uid'],'url' => $r[0]['url']);
}
$_SESSION['remote'][] = array('cid' => $r[0]['id'], 'uid' => $r[0]['uid'], 'url' => $r[0]['url']);
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
if(!$quiet)
info( sprintf(t('%1$s welcomes %2$s'), $r[0]['username'] , $r[0]['name']) . EOL);
if (!$quiet) {
info(sprintf(t('%1$s welcomes %2$s'), $r[0]['username'], $r[0]['name']) . EOL);
}
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
@ -567,9 +553,7 @@ function dfrn_poll_content(App $a) {
}
goaway($dest);
// NOTREACHED
}
else {
} else {
// XML reply
header("Content-type: text/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
@ -578,7 +562,7 @@ function dfrn_poll_content(App $a) {
. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
. '</dfrn_poll>' . "\r\n" ;
. '</dfrn_poll>' . "\r\n";
killme();
// NOTREACHED
}

7
mod/display.php
View file

@ -202,8 +202,9 @@ function display_content(App $a, $update = false, $update_uid = 0) {
if ($update) {
$item_id = $_REQUEST['item_id'];
$item = dba::select('item', ['uid'], ['id' => $item_id], ['limit' => 1]);
$item = dba::select('item', ['uid', 'parent'], ['id' => $item_id], ['limit' => 1]);
$a->profile = array('uid' => intval($item['uid']), 'profile_uid' => intval($item['uid']));
$item_parent = $item['parent'];
} else {
$item_id = (($a->argc > 2) ? $a->argv[2] : 0);
@ -261,7 +262,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
if (x($_SESSION, 'remote') && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['uid']) {
$contact_id = $v['cid'];
@ -295,7 +296,7 @@ function display_content(App $a, $update = false, $update_uid = 0) {
}
$is_owner = (local_user() && (in_array($a->profile['profile_uid'], [local_user(), 0])) ? true : false);
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
if (x($a->profile, 'hidewall') && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}

16
mod/events.php
View file

@ -20,7 +20,7 @@ function events_init(App $a) {
return;
}
if ($a->argc == 1) {
if ($a->argc > 1) {
// If it's a json request abort here because we don't
// need the widget data
if ($a->argv[1] === 'json') {
@ -234,6 +234,7 @@ function events_content(App $a) {
));
$o = '';
$tabs = '';
// tabs
if ($a->theme_events_in_profile) {
$tabs = profile_tabs($a, true);
@ -309,10 +310,13 @@ function events_content(App $a) {
$start = sprintf('%d-%d-%d %d:%d:%d', $y, $m, 1, 0, 0, 0);
$finish = sprintf('%d-%d-%d %d:%d:%d', $y, $m, $dim, 23, 59, 59);
if ($a->argv[1] === 'json') {
if (x($_GET, 'start')) {$start = $_GET['start'];}
if (x($_GET, 'end')) {$finish = $_GET['end'];}
if ($a->argc > 1 && $a->argv[1] === 'json') {
if (x($_GET, 'start')) {
$start = $_GET['start'];
}
if (x($_GET, 'end')) {
$finish = $_GET['end'];
}
}
$start = datetime_convert('UTC', 'UTC', $start);
@ -358,7 +362,7 @@ function events_content(App $a) {
$events = process_events($r);
}
if ($a->argv[1] === 'json'){
if ($a->argc > 1 && $a->argv[1] === 'json'){
echo json_encode($events);
killme();
}

2
mod/fetch.php
View file

@ -8,8 +8,6 @@ use Friendica\Core\System;
use Friendica\Protocol\Diaspora;
use Friendica\Util\XML;
require_once "include/crypto.php";
function fetch_init(App $a)
{

23
mod/hostxrd.php
View file

@ -1,18 +1,21 @@
<?php
/**
* @file mod/hostxrd.php
*/
use Friendica\App;
use Friendica\Core\Config;
use Friendica\Core\System;
use Friendica\Protocol\Salmon;
use Friendica\Util\Crypto;
require_once('include/crypto.php');
function hostxrd_init(App $a) {
function hostxrd_init(App $a)
{
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$pubkey = Config::get('system','site_pubkey');
$pubkey = Config::get('system', 'site_pubkey');
if(! $pubkey) {
$res = new_keypair(1024);
if (! $pubkey) {
$res = Crypto::newKeypair(1024);
Config::set('system','site_prvkey', $res['prvkey']);
Config::set('system','site_pubkey', $res['pubkey']);
@ -23,8 +26,8 @@ function hostxrd_init(App $a) {
'$zhost' => $a->get_hostname(),
'$zroot' => System::baseUrl(),
'$domain' => System::baseUrl(),
'$bigkey' => salmon_key(Config::get('system','site_pubkey')),
));
exit();
'$bigkey' => Salmon::salmonKey(Config::get('system', 'site_pubkey')))
);
exit();
}

89
mod/hovercard.php
View file

@ -7,90 +7,87 @@
* Author: Rabuzarus <https://github.com/rabuzarus>
* License: GNU AFFERO GENERAL PUBLIC LICENSE (Version 3)
*/
use Friendica\App;
use Friendica\Core\Config;
use Friendica\Model\Contact;
use Friendica\Model\GContact;
function hovercard_init(App $a) {
function hovercard_init(App $a)
{
// Just for testing purposes
$_GET["mode"] = "minimal";
$_GET['mode'] = 'minimal';
}
function hovercard_content() {
$profileurl = (x($_REQUEST,'profileurl') ? $_REQUEST['profileurl'] : "");
$datatype = (x($_REQUEST,'datatype') ?$_REQUEST['datatype'] : "json");
function hovercard_content()
{
$profileurl = defaults($_REQUEST, 'profileurl', '');
$datatype = defaults($_REQUEST, 'datatype' , 'json');
// Get out if the system doesn't have public access allowed
if(intval(Config::get('system','block_public')))
if (intval(Config::get('system', 'block_public'))) {
http_status_exit(401);
}
// Return the raw content of the template. We use this to make templates usable for js functions.
// Look at hovercard.js (function getHoverCardTemplate()).
// This part should be moved in it's own module. Maybe we could make more templates accessabel.
// (We need to discuss possible security lacks before doing this)
if ($datatype == "tpl") {
$templatecontent = get_template_content("hovercard.tpl");
// This part should be moved in its own module. Maybe we could make more templates accessible.
// (We need to discuss possible security leaks before doing this)
if ($datatype == 'tpl') {
$templatecontent = get_template_content('hovercard.tpl');
echo $templatecontent;
killme();
}
// If a contact is connected the url is internally changed to "redir/CID". We need the pure url to search for
// If a contact is connected the url is internally changed to 'redir/CID'. We need the pure url to search for
// the contact. So we strip out the contact id from the internal url and look in the contact table for
// the real url (nurl)
if (local_user() && strpos($profileurl, "redir/") === 0) {
$cid = 0;
if (local_user() && strpos($profileurl, 'redir/') === 0) {
$cid = intval(substr($profileurl, 6));
$r = dba::select('contact', array('nurl', 'self'), array('id' => $cid), array('limit' => 1));
$profileurl = ($r["nurl"] ? $r["nurl"] : "");
$self = ($r["self"] ? $r["self"] : "");
$r = dba::select('contact', array('nurl'), array('id' => $cid), array('limit' => 1));
$profileurl = defaults($r, 'nurl', '');
}
$contact = [];
// if it's the url containing https it should be converted to http
$nurl = normalise_link(GContact::cleanContactUrl($profileurl));
if($nurl) {
if ($nurl) {
// Search for contact data
$contact = Contact::getDetailsByURL($nurl);
}
if(!is_array($contact))
if (!count($contact)) {
return;
}
// Get the photo_menu - the menu if possible contact actions
if(local_user())
if (local_user()) {
$actions = Contact::photoMenu($contact);
}
// Move the contact data to the profile array so we can deliver it to
//
$profile = array(
'name' => $contact["name"],
'nick' => $contact["nick"],
'addr' => (($contact["addr"] != "") ? $contact["addr"] : $contact["url"]),
'thumb' => proxy_url($contact["thumb"], false, PROXY_SIZE_THUMB),
'url' => ($cid ? ("redir/".$cid) : zrl($contact["url"])),
'nurl' => $contact["nurl"], // We additionally store the nurl as identifier
// 'alias' => $contact["alias"],
'location' => $contact["location"],
'gender' => $contact["gender"],
'about' => $contact["about"],
'network' => format_network_name($contact["network"], $contact["url"]),
'tags' => $contact["keywords"],
// 'nsfw' => intval($contact["nsfw"]),
// 'server_url' => $contact["server_url"],
'bd' => (($contact["birthday"] <= '0001-01-01') ? "" : $contact["birthday"]),
// 'generation' => $contact["generation"],
'name' => $contact['name'],
'nick' => $contact['nick'],
'addr' => defaults($contact, 'addr', $contact['url']),
'thumb' => proxy_url($contact['thumb'], false, PROXY_SIZE_THUMB),
'url' => $cid ? ('redir/' . $cid) : zrl($contact['url']),
'nurl' => $contact['nurl'], // We additionally store the nurl as identifier
'location' => $contact['location'],
'gender' => $contact['gender'],
'about' => $contact['about'],
'network' => format_network_name($contact['network'], $contact['url']),
'tags' => $contact['keywords'],
'bd' => $contact['birthday'] <= '0001-01-01' ? '' : $contact['birthday'],
'account_type' => Contact::getAccountType($contact),
'actions' => $actions,
'actions' => $actions,
);
if($datatype == "html") {
$t = get_markup_template("hovercard.tpl");
$o = replace_macros($t, array(
if ($datatype == 'html') {
$tpl = get_markup_template('hovercard.tpl');
$o = replace_macros($tpl, array(
'$profile' => $profile,
));
return $o;
} else {
json_return_and_die($profile);
}
@ -104,15 +101,15 @@ function hovercard_content() {
*
* @return string|bool Output the raw content if existent, otherwise false
*/
function get_template_content($template, $root = "") {
function get_template_content($template, $root = '')
{
// We load the whole template system to get the filename.
// Maybe we can do it a little bit smarter if I get time.
$t = get_markup_template($template, $root);
$filename = $t->filename;
// Get the content of the template file
if(file_exists($filename)) {
if (file_exists($filename)) {
$content = file_get_contents($filename);
return $content;

1
mod/item.php
View file

@ -29,7 +29,6 @@ use Friendica\Protocol\Diaspora;
use Friendica\Protocol\Email;
use Friendica\Util\Emailer;
require_once 'include/crypto.php';
require_once 'include/enotify.php';
require_once 'include/tags.php';
require_once 'include/files.php';

168
mod/message.php
View file

@ -10,107 +10,104 @@ require_once 'include/acl_selectors.php';
require_once 'include/message.php';
require_once 'include/conversation.php';
function message_init(App $a) {
function message_init(App $a)
{
$tabs = '';
if ($a->argc >1 && is_numeric($a->argv[1])) {
$tabs = render_messages(get_messages(local_user(),0,5), 'mail_list.tpl');
if ($a->argc > 1 && is_numeric($a->argv[1])) {
$tabs = render_messages(get_messages(local_user(), 0, 5), 'mail_list.tpl');
}
$new = array(
'label' => t('New Message'),
'url' => 'message/new',
'sel'=> ($a->argv[1] == 'new'),
'sel' => $a->argc > 1 && $a->argv[1] == 'new',
'accesskey' => 'm',
);
$tpl = get_markup_template('message_side.tpl');
$a->page['aside'] = replace_macros($tpl, array(
'$tabs'=>$tabs,
'$new'=>$new,
'$tabs' => $tabs,
'$new' => $new,
));
$base = System::baseUrl();
$head_tpl = get_markup_template('message-head.tpl');
$a->page['htmlhead'] .= replace_macros($head_tpl,array(
$a->page['htmlhead'] .= replace_macros($head_tpl, array(
'$baseurl' => System::baseUrl(true),
'$base' => $base
));
$end_tpl = get_markup_template('message-end.tpl');
$a->page['end'] .= replace_macros($end_tpl,array(
$a->page['end'] .= replace_macros($end_tpl, array(
'$baseurl' => System::baseUrl(true),
'$base' => $base
));
}
function message_post(App $a) {
if (! local_user()) {
notice( t('Permission denied.') . EOL);
function message_post(App $a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$replyto = ((x($_REQUEST,'replyto')) ? notags(trim($_REQUEST['replyto'])) : '');
$subject = ((x($_REQUEST,'subject')) ? notags(trim($_REQUEST['subject'])) : '');
$body = ((x($_REQUEST,'body')) ? escape_tags(trim($_REQUEST['body'])) : '');
$recipient = ((x($_REQUEST,'messageto')) ? intval($_REQUEST['messageto']) : 0 );
$replyto = x($_REQUEST, 'replyto') ? notags(trim($_REQUEST['replyto'])) : '';
$subject = x($_REQUEST, 'subject') ? notags(trim($_REQUEST['subject'])) : '';
$body = x($_REQUEST, 'body') ? escape_tags(trim($_REQUEST['body'])) : '';
$recipient = x($_REQUEST, 'messageto') ? intval($_REQUEST['messageto']) : 0;
$ret = send_message($recipient, $body, $subject, $replyto);
$norecip = false;
switch($ret){
switch ($ret) {
case -1:
notice( t('No recipient selected.') . EOL );
notice(t('No recipient selected.') . EOL);
$norecip = true;
break;
case -2:
notice( t('Unable to locate contact information.') . EOL );
notice(t('Unable to locate contact information.') . EOL);
break;
case -3:
notice( t('Message could not be sent.') . EOL );
notice(t('Message could not be sent.') . EOL);
break;
case -4:
notice( t('Message collection failure.') . EOL );
notice(t('Message collection failure.') . EOL);
break;
default:
info( t('Message sent.') . EOL );
info(t('Message sent.') . EOL);
}
// fake it to go back to the input form if no recipient listed
if ($norecip) {
$a->argc = 2;
$a->argv[1] = 'new';
} else
} else {
goaway($_SESSION['return_url']);
}
}
function message_content(App $a) {
function message_content(App $a)
{
$o = '';
nav_set_selected('messages');
if (! local_user()) {
notice( t('Permission denied.') . EOL);
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$myprofile = System::baseUrl().'/profile/' . $a->user['nickname'];
$myprofile = System::baseUrl() . '/profile/' . $a->user['nickname'];
$tpl = get_markup_template('mail_head.tpl');
$header = replace_macros($tpl, array(
'$messages' => t('Messages'),
'$tab_content' => $tab_content
));
if (($a->argc == 3) && ($a->argv[1] === 'drop' || $a->argv[1] === 'dropconv')) {
if (! intval($a->argv[2]))
if (!intval($a->argv[2])) {
return;
}
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
@ -118,7 +115,7 @@ function message_content(App $a) {
// so add any arguments as hidden inputs
$query = explode_querystring($a->query_string);
$inputs = array();
foreach($query['args'] as $arg) {
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
@ -148,7 +145,7 @@ function message_content(App $a) {
intval(local_user())
);
if ($r) {
info( t('Message deleted.') . EOL );
info(t('Message deleted.') . EOL);
}
//goaway(System::baseUrl(true) . '/message' );
goaway($_SESSION['return_url']);
@ -170,24 +167,22 @@ function message_content(App $a) {
// Actually if we do this, we can never receive another reply to that conversation,
// as we will never again have the info we need to re-create it.
// We'll just have to orphan it.
//if ($convid) {
// q("delete from conv where id = %d limit 1",
// intval($convid)
// );
//}
if ($r)
info( t('Conversation removed.') . EOL );
if ($r) {
info(t('Conversation removed.') . EOL);
}
}
//goaway(System::baseUrl(true) . '/message' );
goaway($_SESSION['return_url']);
}
}
if (($a->argc > 1) && ($a->argv[1] === 'new')) {
$o .= $header;
$tpl = get_markup_template('msg-header.tpl');
@ -204,8 +199,7 @@ function message_content(App $a) {
'$linkurl' => t('Please enter a link URL:')
));
$preselect = (isset($a->argv[2])?array($a->argv[2]):false);
$preselect = isset($a->argv[2]) ? array($a->argv[2]) : false;
$prename = $preurl = $preid = '';
@ -233,18 +227,18 @@ function message_content(App $a) {
$preurl = $r[0]['url'];
$preid = $r[0]['id'];
$preselect = array($preid);
} else
} else {
$preselect = false;
}
}
$prefill = (($preselect) ? $prename : '');
$prefill = $preselect ? $prename : '';
// the ugly select box
$select = contact_select('messageto','message-to-select', $preselect, 4, true, false, false, 10);
$select = contact_select('messageto', 'message-to-select', $preselect, 4, true, false, false, 10);
$tpl = get_markup_template('prv_message.tpl');
$o .= replace_macros($tpl,array(
$o .= replace_macros($tpl, array(
'$header' => t('Send Private Message'),
'$to' => t('To:'),
'$showinputs' => 'true',
@ -252,8 +246,8 @@ function message_content(App $a) {
'$autocomp' => $autocomp,
'$preid' => $preid,
'$subject' => t('Subject:'),
'$subjtxt' => ((x($_REQUEST,'subject')) ? strip_tags($_REQUEST['subject']) : ''),
'$text' => ((x($_REQUEST,'body')) ? escape_tags(htmlspecialchars($_REQUEST['body'])) : ''),
'$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '',
'$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '',
'$readonly' => '',
'$yourmessage' => t('Your message:'),
'$select' => $select,
@ -286,8 +280,8 @@ function message_content(App $a) {
$r = get_messages(local_user(), $a->pager['start'], $a->pager['itemspage']);
if (! DBM::is_result($r)) {
info( t('No messages.') . EOL);
if (!DBM::is_result($r)) {
info(t('No messages.') . EOL);
return $o;
}
@ -325,8 +319,8 @@ function message_content(App $a) {
intval(local_user())
);
}
if (! count($messages)) {
notice( t('Message not available.') . EOL );
if (!count($messages)) {
notice(t('Message not available.') . EOL);
return $o;
}
@ -355,24 +349,24 @@ function message_content(App $a) {
$seen = 0;
$unknown = false;
foreach($messages as $message) {
foreach ($messages as $message) {
if ($message['unknown'])
$unknown = true;
if ($message['from-url'] == $myprofile) {
$from_url = $myprofile;
$sparkle = '';
} elseif ($message['contact-id'] != 0) {
$from_url = 'redir/'.$message['contact-id'];
$from_url = 'redir/' . $message['contact-id'];
$sparkle = ' sparkle';
} else {
$from_url = $message['from-url']."?zrl=".urlencode($myprofile);
$from_url = $message['from-url'] . "?zrl=" . urlencode($myprofile);
$sparkle = ' sparkle';
}
$extracted = item_extract_images($message['body']);
if ($extracted['images'])
if ($extracted['images']) {
$message['body'] = item_redir_and_replace_images($extracted['body'], $extracted['images'], $message['contact-id']);
}
$from_name_e = $message['from-name'];
$subject_e = $message['title'];
@ -380,10 +374,11 @@ function message_content(App $a) {
$to_name_e = $message['name'];
$contact = Contact::getDetailsByURL($message['from-url']);
if (isset($contact["thumb"]))
if (isset($contact["thumb"])) {
$from_photo = $contact["thumb"];
else
} else {
$from_photo = $message['from-photo'];
}
$mails[] = array(
'id' => $message['id'],
@ -396,26 +391,22 @@ function message_content(App $a) {
'body' => $body_e,
'delete' => t('Delete message'),
'to_name' => $to_name_e,
'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'],'D, d M Y - g:i A'),
'ago' => relative_date($message['created']),
'date' => datetime_convert('UTC', date_default_timezone_get(), $message['created'], 'D, d M Y - g:i A'),
'ago' => relative_date($message['created']),
);
$seen = $message['seen'];
}
$select = $message['name'] . '<input type="hidden" name="messageto" value="' . $contact_id . '" />';
$parent = '<input type="hidden" name="replyto" value="' . $message['parent-uri'] . '" />';
$tpl = get_markup_template('mail_display.tpl');
$subjtxt_e = $message['title'];
$o = replace_macros($tpl, array(
'$thread_id' => $a->argv[1],
'$thread_subject' => $message['title'],
'$thread_seen' => $seen,
'$delete' => t('Delete conversation'),
'$delete' => t('Delete conversation'),
'$canreply' => (($unknown) ? false : '1'),
'$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."),
'$mails' => $mails,
@ -425,7 +416,7 @@ function message_content(App $a) {
'$to' => t('To:'),
'$showinputs' => '',
'$subject' => t('Subject:'),
'$subjtxt' => $subjtxt_e,
'$subjtxt' => $message['title'],
'$readonly' => ' readonly="readonly" style="background: #BBBBBB;" ',
'$yourmessage' => t('Your message:'),
'$text' => '',
@ -435,14 +426,14 @@ function message_content(App $a) {
'$insert' => t('Insert web link'),
'$submit' => t('Submit'),
'$wait' => t('Please wait')
));
return $o;
}
}
function get_messages($user, $lstart, $lend) {
function get_messages($user, $lstart, $lend)
{
//TODO: rewritte with a sub-query to get the first message of each private thread with certainty
return q("SELECT max(`mail`.`created`) AS `mailcreated`, min(`mail`.`seen`) AS `mailseen`,
ANY_VALUE(`mail`.`id`) AS `id`, ANY_VALUE(`mail`.`uid`) AS `uid`, ANY_VALUE(`mail`.`guid`) AS `guid`,
@ -461,33 +452,34 @@ function get_messages($user, $lstart, $lend) {
);
}
function render_messages(array $msg, $t) {
function render_messages(array $msg, $t)
{
$a = get_app();
$tpl = get_markup_template($t);
$rslt = '';
$myprofile = System::baseUrl().'/profile/' . $a->user['nickname'];
$myprofile = System::baseUrl() . '/profile/' . $a->user['nickname'];
foreach($msg as $rr) {
if ($rr['unknown'])
$participants = sprintf( t("Unknown sender - %s"),$rr['from-name']);
elseif (link_compare($rr['from-url'], $myprofile))
$participants = sprintf( t("You and %s"), $rr['name']);
else
$participants = sprintf(t("%s and You"), $rr['from-name']);
foreach ($msg as $rr) {
if ($rr['unknown']) {
$participants = t("Unknown sender - %s", $rr['from-name']);
} elseif (link_compare($rr['from-url'], $myprofile)) {
$participants = t("You and %s", $rr['name']);
} else {
$participants = t("%s and You", $rr['from-name']);
}
$subject_e = (($rr['mailseen']) ? $rr['title'] : '<strong>' . $rr['title'] . '</strong>');
$body_e = $rr['body'];
$to_name_e = $rr['name'];
$contact = Contact::getDetailsByURL($rr['url']);
if (isset($contact["thumb"]))
if (isset($contact["thumb"])) {
$from_photo = $contact["thumb"];
else
} else {
$from_photo = (($rr['thumb']) ? $rr['thumb'] : $rr['from-photo']);
}
$rslt .= replace_macros($tpl, array(
'$id' => $rr['id'],
@ -500,10 +492,10 @@ function render_messages(array $msg, $t) {
'$delete' => t('Delete conversation'),
'$body' => $body_e,
'$to_name' => $to_name_e,
'$date' => datetime_convert('UTC',date_default_timezone_get(),$rr['mailcreated'], t('D, d M Y - g:i A')),
'$ago' => relative_date($rr['mailcreated']),
'$date' => datetime_convert('UTC', date_default_timezone_get(), $rr['mailcreated'], t('D, d M Y - g:i A')),
'$ago' => relative_date($rr['mailcreated']),
'$seen' => $rr['mailseen'],
'$count' => sprintf( tt('%d message', '%d messages', $rr['count']), $rr['count']),
'$count' => tt('%d message', '%d messages', $rr['count']),
));
}

36
mod/network.php
View file

@ -366,7 +366,7 @@ function networkConversation($a, $items, $mode, $update) {
// Set this so that the conversation function can find out contact info for our wall-wall items
$a->page_contact = $a->contact;
$o .= conversation($a, $items, $mode, $update);
$o = conversation($a, $items, $mode, $update);
if (!$update) {
if (PConfig::get(local_user(), 'system', 'infinite_scroll')) {
@ -568,9 +568,9 @@ function networkThreadedView(App $a, $update = 0) {
if ($group) {
if (($t = Contact::getOStatusCountByGroupId($group)) && !PConfig::get(local_user(), 'system', 'nowarn_insecure')) {
notice(sprintf(tt("Warning: This group contains %s member from a network that doesn't allow non public messages.",
notice(tt("Warning: This group contains %s member from a network that doesn't allow non public messages.",
"Warning: This group contains %s members from a network that doesn't allow non public messages.",
$t), $t).EOL);
$t) . EOL);
notice(t("Messages in this group won't be send to these receivers.").EOL);
}
}
@ -664,7 +664,7 @@ function networkThreadedView(App $a, $update = 0) {
}
$o = replace_macros(get_markup_template("section_title.tpl"),array(
'$title' => sprintf(t('Group: %s'), $r['name'])
'$title' => t('Group: %s', $r['name'])
)) . $o;
} elseif ($cid) {
@ -716,13 +716,6 @@ function networkThreadedView(App $a, $update = 0) {
$sql_order = "";
$order_mode = "received";
if (strlen($file)) {
$sql_post_table .= sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
dbesc(protect_sprintf($file)), intval(TERM_OBJ_POST), intval(TERM_FILE), intval(local_user()));
$sql_order = "`item`.`id`";
$order_mode = "id";
}
if ($conv) {
$sql_extra3 .= " AND $sql_table.`mention`";
}
@ -744,7 +737,7 @@ function networkThreadedView(App $a, $update = 0) {
$sql_order = "$sql_table.$ordering";
}
if (($_GET["offset"] != "")) {
if (x($_GET, 'offset')) {
$sql_extra3 .= sprintf(" AND $sql_order <= '%s'", dbesc($_GET["offset"]));
}
@ -816,9 +809,10 @@ function networkThreadedView(App $a, $update = 0) {
$parents_str = '';
$date_offset = "";
$items = array();
if (DBM::is_result($r)) {
foreach ($r as $rr) {
if (!in_array($rr['item_id'],$parents_arr)) {
if (!in_array($rr['item_id'], $parents_arr)) {
$parents_arr[] = $rr['item_id'];
}
}
@ -833,12 +827,10 @@ function networkThreadedView(App $a, $update = 0) {
$max_comments = 100;
}
$items = array();
foreach ($parents_arr AS $parents) {
$thread_items = dba::p(item_query()." AND `item`.`uid` = ?
$thread_items = dba::p(item_query() . " AND `item`.`uid` = ?
AND `item`.`parent` = ?
ORDER BY `item`.`commented` DESC LIMIT ".intval($max_comments + 1),
ORDER BY `item`.`commented` DESC LIMIT " . intval($max_comments + 1),
local_user(),
$parents
);
@ -847,15 +839,15 @@ function networkThreadedView(App $a, $update = 0) {
$items = array_merge($items, dba::inArray($thread_items));
}
}
$items = conv_sort($items,$ordering);
} else {
$items = array();
$items = conv_sort($items, $ordering);
}
if ($_GET["offset"] == "") {
if (x($_GET, 'offset')) {
$date_offset = $_GET["offset"];
} elseif(count($items)) {
$date_offset = $items[0][$order_mode];
} else {
$date_offset = $_GET["offset"];
$date_offset = '';
}
$a->page_offset = $date_offset;

9
mod/nogroup.php
View file

@ -41,28 +41,25 @@ function nogroup_content(App $a)
$contact_details = Contact::getDetailsByURL($rr['url'], local_user(), $rr);
$contacts[] = array(
'img_hover' => sprintf(t('Visit %s\'s profile [%s]'), $contact_details['name'], $rr['url']),
'img_hover' => t('Visit %s\'s profile [%s]', $contact_details['name'], $rr['url']),
'edit_hover' => t('Edit contact'),
'photo_menu' => Contact::photoMenu($rr),
'id' => $rr['id'],
'alt_text' => $alt_text,
'dir_icon' => $dir_icon,
'thumb' => proxy_url($contact_details['thumb'], false, PROXY_SIZE_THUMB),
'name' => $contact_details['name'],
'username' => $contact_details['name'],
'details' => $contact_details['location'],
'tags' => $contact_details['keywords'],
'about' => $contact_details['about'],
'sparkle' => $sparkle,
'itemurl' => (($contact_details['addr'] != "") ? $contact_details['addr'] : $rr['url']),
'url' => $rr['url'],
'network' => network_to_name($rr['network'], $url),
'network' => network_to_name($rr['network'], $rr['url']),
);
}
}
$tpl = get_markup_template("nogroup-template.tpl");
$o .= replace_macros(
$o = replace_macros(
$tpl,
array(
'$header' => t('Contacts who are not members of a group'),

38
mod/oembed.php
View file

@ -1,38 +0,0 @@
<?php
use Friendica\App;
require_once("include/oembed.php");
function oembed_content(App $a) {
// logger('mod_oembed ' . $a->query_string, LOGGER_ALL);
if ($a->argv[1]=='b2h'){
$url = array( "", trim(hex2bin($_REQUEST['url'])));
echo oembed_replacecb($url);
killme();
}
if ($a->argv[1]=='h2b'){
$text = trim(hex2bin($_REQUEST['text']));
echo oembed_html2bbcode($text);
killme();
}
if ($a->argc == 2){
echo "<html><body>";
$url = base64url_decode($a->argv[1]);
$j = oembed_fetch_url($url);
// workaround for media.ccc.de (and any other endpoint that return size 0)
if (substr($j->html, 0, 7) == "<iframe" && strstr($j->html, 'width="0"')) {
$j->html = '<style>html,body{margin:0;padding:0;} iframe{width:100%;height:100%;}</style>'. $j->html;
$j->html = str_replace('width="0"', '', $j->html);
$j->html = str_replace('height="0"', '', $j->html);
}
echo $j->html;
// logger('mod-oembed ' . $j->html, LOGGER_ALL);
echo "</body></html>";
}
killme();
}

54
mod/photo.php
View file

@ -1,4 +1,5 @@
<?php
/**
* @file mod/photo.php
*/
@ -8,7 +9,8 @@ use Friendica\Object\Image;
require_once 'include/security.php';
function photo_init(App $a) {
function photo_init(App $a)
{
global $_SERVER;
$prvcachecontrol = false;
@ -37,8 +39,8 @@ function photo_init(App $a) {
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
header('HTTP/1.1 304 Not Modified');
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: '.$_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
header('Etag: ' . $_SERVER['HTTP_IF_NONE_MATCH']);
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
header("Cache-Control: max-age=31536000");
if (function_exists('header_remove')) {
header_remove('Last-Modified');
@ -49,15 +51,11 @@ function photo_init(App $a) {
}
$default = 'images/person-175.jpg';
$public = true;
if (isset($type)) {
/**
* Profile photos
*/
// Profile photos
switch ($type) {
case 'profile':
case 'custom':
$resolution = 4;
@ -76,7 +74,7 @@ function photo_init(App $a) {
$uid = str_replace(array('.jpg', '.png', '.gif'), array('', '', ''), $person);
foreach (Image::supportedTypes() AS $m => $e) {
$uid = str_replace('.'.$e, '', $uid);
$uid = str_replace('.' . $e, '', $uid);
}
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
@ -92,16 +90,12 @@ function photo_init(App $a) {
$mimetype = 'image/jpeg';
}
} else {
/**
* Other photos
*/
// Other photos
$resolution = 0;
$photo = str_replace(array('.jpg', '.png', '.gif'), array('', '', ''), $photo);
foreach (Image::supportedTypes() AS $m => $e) {
$photo = str_replace('.'.$e, '', $photo);
$photo = str_replace('.' . $e, '', $photo);
}
if (substr($photo, -2, 1) == '-') {
@ -115,22 +109,18 @@ function photo_init(App $a) {
intval($resolution)
);
if (DBM::is_result($r)) {
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` <= %d $sql_extra ORDER BY scale DESC LIMIT 1",
dbesc($photo),
intval($resolution)
);
$public = (DBM::is_result($r)) && ($r[0]['allow_cid'] == '') && ($r[0]['allow_gid'] == '') && ($r[0]['deny_cid'] == '') && ($r[0]['deny_gid'] == '');
if (DBM::is_result($r)) {
$resolution = $r[0]['scale'];
$data = $r[0]['data'];
$mimetype = $r[0]['type'];
$public = $r[0]['allow_cid'] == '' && $r[0]['allow_gid'] == '' && $r[0]['deny_cid'] == '' && $r[0]['deny_gid'] == '';
} else {
// The picure exists. We already checked with the first query.
// obviously, this is not an authorized viev!
@ -145,7 +135,6 @@ function photo_init(App $a) {
if (empty($data)) {
if (isset($resolution)) {
switch ($resolution) {
case 4:
$data = file_get_contents('images/person-175.jpg');
$mimetype = 'image/jpeg';
@ -167,7 +156,7 @@ function photo_init(App $a) {
}
// Resize only if its not a GIF and it is supported by the library
if (($mimetype != "image/gif") && in_array($mimetype, Image::supportedTypes())) {
if ($mimetype != "image/gif" && in_array($mimetype, Image::supportedTypes())) {
$Image = new Image($data, $mimetype);
if ($Image->isValid()) {
if (isset($customres) && $customres > 0 && $customres < 500) {
@ -183,36 +172,33 @@ function photo_init(App $a) {
header_remove('pragma');
}
header("Content-type: ".$mimetype);
header("Content-type: " . $mimetype);
if ($prvcachecontrol) {
// it is a private photo that they have no permission to view.
// tell the browser not to cache it, in case they authenticate
// and subsequently have permission to see it
header("Cache-Control: no-store, no-cache, must-revalidate");
} else {
header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
header('Etag: "'.md5($data).'"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
header('Etag: "' . md5($data) . '"');
header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
header("Cache-Control: max-age=31536000");
}
echo $data;
// If the photo is public and there is an existing photo directory store the photo there
if ($public and ($file != "")) {
if ($public and $file != '') {
// If the photo path isn't there, try to create it
$basepath = $a->get_basepath();
if (!is_dir($basepath."/photo")) {
if (!is_dir($basepath . "/photo")) {
if (is_writable($basepath)) {
mkdir($basepath."/photo");
mkdir($basepath . "/photo");
}
}
if (is_dir($basepath."/photo")) {
file_put_contents($basepath."/photo/".$file, $data);
if (is_dir($basepath . "/photo")) {
file_put_contents($basepath . "/photo/" . $file, $data);
}
}

385
mod/photos.php
View file

@ -55,12 +55,12 @@ function photos_init(App $a) {
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget .= replace_macros($tpl, array(
$vcard_widget = replace_macros($tpl, array(
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$addr' => defaults($profile, 'addr', ''),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
'$pdesc' => defaults($profile, 'pdesc', ''),
));
$albums = photo_albums($a->data['user']['uid']);
@ -92,18 +92,16 @@ function photos_init(App $a) {
}
}
$albums = $ret;
if (local_user() && $a->data['user']['uid'] == local_user()) {
$can_post = true;
}
if ($albums['success']) {
if ($ret['success']) {
$photo_albums_widget = replace_macros(get_markup_template('photo_albums.tpl'), array(
'$nick' => $a->data['user']['nickname'],
'$title' => t('Photo Albums'),
'$recent' => t('Recent Photos'),
'$albums' => $albums['albums'],
'$albums' => $ret['albums'],
'$baseurl' => System::baseUrl(),
'$upload' => array(t('Upload New Photos'), 'photos/' . $a->data['user']['nickname'] . '/upload'),
'$can_post' => $can_post
@ -117,26 +115,20 @@ function photos_init(App $a) {
$a->page['aside'] .= $vcard_widget;
$a->page['aside'] .= $photo_albums_widget;
$tpl = get_markup_template("photos_head.tpl");
$a->page['htmlhead'] .= replace_macros($tpl,array(
'$ispublic' => t('everybody')
));
}
return;
}
function photos_post(App $a) {
function photos_post(App $a)
{
logger('mod-photos: photos_post: begin' , LOGGER_DEBUG);
logger('mod_photos: REQUEST ' . print_r($_REQUEST,true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES,true), LOGGER_DATA);
logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
$phototypes = Image::supportedTypes();
@ -144,14 +136,14 @@ function photos_post(App $a) {
$visitor = 0;
$page_owner_uid = $a->data['user']['uid'];
$community_page = (($a->data['user']['page-flags'] == PAGE_COMMUNITY) ? true : false);
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY;
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
if (x($_SESSION, 'remote') && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
@ -160,7 +152,6 @@ function photos_post(App $a) {
}
}
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
@ -191,8 +182,7 @@ function photos_post(App $a) {
$owner_record = $r[0];
if (($a->argc > 3) && ($a->argv[2] === 'album')) {
if ($a->argc > 3 && $a->argv[2] === 'album') {
$album = hex2bin($a->argv[3]);
if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) {
@ -215,10 +205,7 @@ function photos_post(App $a) {
goaway($_SESSION['photo_return']);
}
/*
* RENAME photo album
*/
// RENAME photo album
$newalbum = notags(trim($_POST['albumname']));
if ($newalbum != $album) {
q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d",
@ -229,7 +216,7 @@ function photos_post(App $a) {
// Update the photo albums cache
photo_albums($page_owner_uid, true);
$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
$newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']);
goaway($newurl);
return; // NOTREACHED
}
@ -239,9 +226,8 @@ function photos_post(App $a) {
*/
if ($_POST['dropalbum'] == t('Delete Album')) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
if (x($_REQUEST, 'confirm')) {
$drop_url = $a->query_string;
$extra_inputs = array(
array('name' => 'albumname', 'value' => $_POST['albumname']),
@ -287,14 +273,12 @@ function photos_post(App $a) {
$str_res = implode(',', $res);
// remove the associated photos
q("DELETE FROM `photo` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($page_owner_uid)
);
// find and delete the corresponding item with all the comments and likes/dislikes
$r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
$r = q("SELECT `id`, `parent-uri`, `visible` FROM `item` WHERE `resource-id` IN ( $str_res ) AND `uid` = %d",
intval($page_owner_uid)
);
if (DBM::is_result($r)) {
@ -310,7 +294,6 @@ function photos_post(App $a) {
$drop_id = intval($rr['id']);
// send the notification upstream/downstream as the case may be
if ($rr['visible']) {
Worker::add(PRIORITY_HIGH, "Notifier", "drop", $drop_id);
}
@ -327,16 +310,16 @@ function photos_post(App $a) {
// Check if the user has responded to a delete confirmation query for a single photo
if (($a->argc > 2) && $_REQUEST['canceled']) {
if ($a->argc > 2 && x($_REQUEST, 'canceled')) {
goaway($_SESSION['photo_return']);
}
if (($a->argc > 2) && (x($_POST,'delete')) && ($_POST['delete'] == t('Delete Photo'))) {
if ($a->argc > 2 && defaults($_POST, 'delete', '') === t('Delete Photo')) {
// same as above but remove single photo
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
if (x($_REQUEST, 'confirm')) {
$drop_url = $a->query_string;
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array(
'$method' => 'post',
@ -368,7 +351,7 @@ function photos_post(App $a) {
intval($page_owner_uid),
dbesc($r[0]['resource-id'])
);
$i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
$i = q("SELECT `id`, `uri`, `visible` FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1",
dbesc($r[0]['resource-id']),
intval($page_owner_uid)
);
@ -398,13 +381,12 @@ function photos_post(App $a) {
return; // NOTREACHED
}
if (($a->argc > 2) && ((x($_POST,'desc') !== false) || (x($_POST,'newtag') !== false)) || (x($_POST,'albname') !== false)) {
$desc = (x($_POST,'desc') ? notags(trim($_POST['desc'])) : '');
$rawtags = (x($_POST,'newtag') ? notags(trim($_POST['newtag'])) : '');
$item_id = (x($_POST,'item_id') ? intval($_POST['item_id']) : 0);
$albname = (x($_POST,'albname') ? notags(trim($_POST['albname'])) : '');
$origaname = (x($_POST,'origaname') ? notags(trim($_POST['origaname'])) : '');
if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false || x($_POST, 'albname') !== false)) {
$desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
$rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
$item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
$albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
$origaname = x($_POST, 'origaname') ? notags(trim($_POST['origaname'])) : '';
$str_group_allow = perms2str($_POST['group_allow']);
$str_contact_allow = perms2str($_POST['contact_allow']);
$str_group_deny = perms2str($_POST['group_deny']);
@ -416,9 +398,8 @@ function photos_post(App $a) {
$albname = datetime_convert('UTC',date_default_timezone_get(),'now', 'Y');
}
if ((x($_POST,'rotate') !== false) &&
( (intval($_POST['rotate']) == 1) || (intval($_POST['rotate']) == 2) )) {
if (x($_POST,'rotate') !== false &&
(intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
logger('rotate');
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d AND `scale` = 0 LIMIT 1",
@ -504,9 +485,7 @@ function photos_post(App $a) {
}
if (!$item_id) {
// Create item container
$title = '';
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
@ -539,7 +518,6 @@ function photos_post(App $a) {
. '[/url]';
$item_id = item_store($arr);
}
if ($item_id) {
@ -554,13 +532,11 @@ function photos_post(App $a) {
}
if (strlen($rawtags)) {
$str_tags = '';
$inform = '';
// if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag
$x = substr($rawtags,0,1);
$x = substr($rawtags, 0, 1);
if ($x !== '@' && $x !== '#') {
$rawtags = '#' . $rawtags;
}
@ -570,10 +546,8 @@ function photos_post(App $a) {
if (count($tags)) {
foreach ($tags as $tag) {
if (isset($profile)) {
unset($profile);
}
if (strpos($tag, '@') === 0) {
$profile = '';
$name = substr($tag,1);
if ((strpos($name, '@')) || (strpos($name, 'http://'))) {
$newname = $name;
@ -691,8 +665,7 @@ function photos_post(App $a) {
if (count($taginfo)) {
foreach ($taginfo as $tagged) {
$uri = item_new_uri($a->get_hostname(),$page_owner_uid);
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
$arr = array();
$arr['guid'] = get_guid(32);
@ -747,18 +720,12 @@ function photos_post(App $a) {
}
/**
* default post action - upload a photo
*/
// default post action - upload a photo
call_hooks('photo_post_init', $_POST);
/**
* Determine the album to use
*/
$album = notags(trim($_REQUEST['album']));
$newalbum = notags(trim($_REQUEST['newalbum']));
// Determine the album to use
$album = x($_REQUEST, 'album') ? notags(trim($_REQUEST['album'])) : '';
$newalbum = x($_REQUEST, 'newalbum') ? notags(trim($_REQUEST['newalbum'])) : '';
logger('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum , LOGGER_DEBUG);
@ -788,51 +755,85 @@ function photos_post(App $a) {
$visible = 0;
}
if (intval($_REQUEST['not_visible']) || $_REQUEST['not_visible'] === 'true') {
if (x($_REQUEST, 'not_visible') && $_REQUEST['not_visible'] !== 'false') {
$visible = 0;
}
$str_group_allow = perms2str((is_array($_REQUEST['group_allow']) ? $_REQUEST['group_allow'] : explode(',', $_REQUEST['group_allow'])));
$str_contact_allow = perms2str((is_array($_REQUEST['contact_allow']) ? $_REQUEST['contact_allow'] : explode(',', $_REQUEST['contact_allow'])));
$str_group_deny = perms2str((is_array($_REQUEST['group_deny']) ? $_REQUEST['group_deny'] : explode(',', $_REQUEST['group_deny'])));
$str_contact_deny = perms2str((is_array($_REQUEST['contact_deny']) ? $_REQUEST['contact_deny'] : explode(',', $_REQUEST['contact_deny'])));
$group_allow = defaults($_REQUEST, 'group_allow' , []);
$contact_allow = defaults($_REQUEST, 'contact_allow', []);
$group_deny = defaults($_REQUEST, 'group_deny' , []);
$contact_deny = defaults($_REQUEST, 'contact_deny' , []);
$str_group_allow = perms2str(is_array($group_allow) ? $group_allow : explode(',', $group_allow));
$str_contact_allow = perms2str(is_array($contact_allow) ? $contact_allow : explode(',', $contact_allow));
$str_group_deny = perms2str(is_array($group_deny) ? $group_deny : explode(',', $group_deny));
$str_contact_deny = perms2str(is_array($contact_deny) ? $contact_deny : explode(',', $contact_deny));
$ret = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
call_hooks('photo_post_file',$ret);
call_hooks('photo_post_file', $ret);
if (x($ret,'src') && x($ret,'filesize')) {
if (x($ret, 'src') && x($ret, 'filesize')) {
$src = $ret['src'];
$filename = $ret['filename'];
$filesize = $ret['filesize'];
$type = $ret['type'];
$error = UPLOAD_ERR_OK;
} else {
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
$src = $_FILES['userfile']['tmp_name'];
$filename = basename($_FILES['userfile']['name']);
$filesize = intval($_FILES['userfile']['size']);
$type = $_FILES['userfile']['type'];
$error = $_FILES['userfile']['error'];
}
if ($error !== UPLOAD_ERR_OK) {
switch ($error) {
case UPLOAD_ERR_INI_SIZE:
notice(t('Image exceeds size limit of %s', ini_get('upload_max_filesize')) . EOL);
break;
case UPLOAD_ERR_FORM_SIZE:
notice(t('Image exceeds size limit of %s', formatBytes(defaults($_REQUEST, 'MAX_FILE_SIZE', 0))) . EOL);
break;
case UPLOAD_ERR_PARTIAL:
notice(t('Image upload didn\'t complete, please try again') . EOL);
break;
case UPLOAD_ERR_NO_FILE:
notice(t('Image file is missing') . EOL);
break;
case UPLOAD_ERR_NO_TMP_DIR:
case UPLOAD_ERR_CANT_WRITE:
case UPLOAD_ERR_EXTENSION:
notice(t('Server can\'t accept new file upload at this time, please contact your administrator') . EOL);
break;
}
@unlink($src);
$foo = 0;
call_hooks('photo_post_end', $foo);
return;
}
if ($type == "") {
$type = Image::guessType($filename);
}
logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ('. $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
$maximagesize = Config::get('system','maximagesize');
$maximagesize = Config::get('system', 'maximagesize');
if ($maximagesize && ($filesize > $maximagesize)) {
notice( sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize)) . EOL);
notice(t('Image exceeds size limit of %s', formatBytes($maximagesize)) . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end',$foo);
call_hooks('photo_post_end', $foo);
return;
}
if (!$filesize) {
notice( t('Image file is empty.') . EOL);
notice(t('Image file is empty.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end',$foo);
call_hooks('photo_post_end', $foo);
return;
}
@ -844,7 +845,7 @@ function photos_post(App $a) {
if (!$Image->isValid()) {
logger('mod/photos.php: photos_post(): unable to process image' , LOGGER_DEBUG);
notice( t('Unable to process image.') . EOL );
notice(t('Unable to process image.') . EOL);
@unlink($src);
$foo = 0;
call_hooks('photo_post_end',$foo);
@ -873,7 +874,7 @@ function photos_post(App $a) {
if (!$r) {
logger('mod/photos.php: photos_post(): image store failed' , LOGGER_DEBUG);
notice( t('Image upload failed.') . EOL );
notice(t('Image upload failed.') . EOL);
killme();
}
@ -889,23 +890,16 @@ function photos_post(App $a) {
$smallest = 2;
}
$basename = basename($filename);
$uri = item_new_uri($a->get_hostname(), $page_owner_uid);
// Create item container
$lat = $lon = null;
/// @TODO merge these 2 if() into one?
if ($exif && $exif['GPS']) {
if (Feature::isEnabled($channel_id,'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
if ($exif && $exif['GPS'] && Feature::isEnabled($channel_id, 'photo_location')) {
$lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
$lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
}
$arr = array();
if ($lat && $lon) {
$arr['coord'] = $lat . ' ' . $lon;
}
@ -947,17 +941,15 @@ function photos_post(App $a) {
call_hooks('photo_post_end',intval($item_id));
/*
* addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
* if they do not wish to be redirected
*/
// addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook
// if they do not wish to be redirected
goaway($_SESSION['photo_return']);
// NOTREACHED
}
function photos_content(App $a) {
function photos_content(App $a)
{
// URLs:
// photos/name
// photos/name/upload
@ -967,7 +959,6 @@ function photos_content(App $a) {
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
notice( t('Public access denied.') . EOL);
return;
@ -986,10 +977,8 @@ function photos_content(App $a) {
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
$datum = null;
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
@ -1005,10 +994,7 @@ function photos_content(App $a) {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
@ -1047,8 +1033,9 @@ function photos_content(App $a) {
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
@ -1072,12 +1059,9 @@ function photos_content(App $a) {
}
}
/// @TODO merge these 2 if() into one?
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
if (!$remote_contact && local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
if ($a->data['user']['hidewall'] && (local_user() != $owner_uid) && !$remote_contact) {
@ -1085,7 +1069,7 @@ function photos_content(App $a) {
return;
}
$sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
@ -1093,23 +1077,17 @@ function photos_content(App $a) {
$is_owner = (local_user() && (local_user() == $owner_uid));
$o .= profile_tabs($a, $is_owner, $a->data['user']['nickname']);
/**
* Display upload form
*/
// Display upload form
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = ($datum ? hex2bin($datum) : '');
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
@ -1136,31 +1114,8 @@ function photos_content(App $a) {
$usage_message = '';
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
/*
* I think $a->query_string may never have ? in it, but I could be wrong
* It looks like it's from the index.php?q=[etc] rewrite that the web
* server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
*/
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
$tpl = get_markup_template('photos_upload.tpl');
$albumselect_e = $albumselect;
$aclselect_e = ($visitor ? '' : populate_acl($a->user));
$o .= replace_macros($tpl,array(
@ -1171,7 +1126,7 @@ function photos_content(App $a) {
'$newalbum' => t('New album name: '),
'$existalbumtext' => t('or existing album name: '),
'$nosharetext' => t('Do not show a status post for this upload'),
'$albumselect' => $albumselect_e,
'$albumselect' => $albumselect,
'$permissions' => t('Permissions'),
'$aclselect' => $aclselect_e,
'$alt_uploader' => $ret['addon_text'],
@ -1183,23 +1138,14 @@ function photos_content(App $a) {
'$acl_data' => construct_acl_data($a, $a->user), // For non-Javascript ACL selector
'$group_perms' => t('Show to Groups'),
'$contact_perms' => t('Show to Contacts'),
'$private' => t('Private Photo'),
'$public' => t('Public Photo'),
'$is_private' => $private_post,
'$return_path' => $query_str,
'$public_link' => $public_post_link,
'$return_path' => $a->query_string,
));
return $o;
}
/*
* Display a single photo album
*/
// Display a single photo album
if ($datatype === 'album') {
$album = hex2bin($datum);
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s'
@ -1213,7 +1159,8 @@ function photos_content(App $a) {
}
/// @TODO I have seen this many times, maybe generalize it script-wide and encapsulate it?
if ($_GET['order'] === 'posted') {
$order_field = defaults($_GET, 'order', '');
if ($order_field === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
@ -1254,7 +1201,7 @@ function photos_content(App $a) {
}
}
if ($_GET['order'] === 'posted') {
if ($order_field === 'posted') {
$order = array(t('Show Newest First'), 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album));
} else {
$order = array(t('Show Oldest First'), 'photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '?f=&order=posted');
@ -1262,7 +1209,7 @@ function photos_content(App $a) {
$photos = array();
if (DBM::is_result($r))
if (DBM::is_result($r)) {
// "Twist" is only used for the duepunto theme with style "slackr"
$twist = false;
foreach ($r as $rr) {
@ -1277,14 +1224,15 @@ function photos_content(App $a) {
'id' => $rr['id'],
'twist' => ' ' . ($twist ? 'rotleft' : 'rotright') . rand(2,4),
'link' => 'photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id']
. (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''),
. ($order_field === 'posted' ? '?f=&order=posted' : ''),
'title' => t('View Photo'),
'src' => 'photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.' .$ext,
'alt' => $imgalt_e,
'desc'=> $desc_e,
'ext' => $ext,
'hash'=> $rr['resource_id'],
'hash'=> $rr['resource-id'],
);
}
}
$tpl = get_markup_template('photo_album.tpl');
@ -1302,14 +1250,9 @@ function photos_content(App $a) {
}
/*
* Display one photo
*/
// Display one photo
if ($datatype === 'image') {
//$o = '';
// fetch image, item containing image, then comments
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'
$sql_extra ORDER BY `scale` ASC ",
intval($owner_uid),
@ -1337,7 +1280,8 @@ function photos_content(App $a) {
// The query leads to a really intense used index.
// By now we hide it if someone wants to.
if (!Config::get('system', 'no_count', false)) {
if ($_GET['order'] === 'posted') {
$order_field = defaults($_GET, 'order', '');
if ($order_field === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
@ -1364,8 +1308,8 @@ function photos_content(App $a) {
}
}
$edit_suffix = ((($cmd === 'edit') && $can_post) ? '/edit' : '');
$prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
$nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . (($_GET['order'] === 'posted') ? '?f=&order=posted' : '');
$prevlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
$nextlink = 'photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($order_field === 'posted' ? '?f=&order=posted' : '');
}
}
@ -1439,6 +1383,7 @@ function photos_content(App $a) {
);
$map = null;
$link_item = [];
if (DBM::is_result($linked_items)) {
$link_item = $linked_items[0];
@ -1512,31 +1457,9 @@ function photos_content(App $a) {
$edit = Null;
if (($cmd === 'edit') && $can_post) {
if ($cmd === 'edit' && $can_post) {
$edit_tpl = get_markup_template('photo_edit.tpl');
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
/*
* I think $a->query_string may never have ? in it, but I could be wrong
* It looks like it's from the index.php?q=[etc] rewrite that the web
* server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
*/
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['desc'];
$aclselect_e = populate_acl($ph[0]);
@ -1555,7 +1478,7 @@ function photos_content(App $a) {
'$permissions' => t('Permissions'),
'$aclselect' => $aclselect_e,
'$item_id' => (count($linked_items) ? $link_item['id'] : 0),
'$item_id' => defaults($link_item, 'id', 0),
'$submit' => t('Submit'),
'$delete' => t('Delete Photo'),
@ -1563,25 +1486,24 @@ function photos_content(App $a) {
'$acl_data' => construct_acl_data($a, $ph[0]), // For non-Javascript ACL selector
'$group_perms' => t('Show to Groups'),
'$contact_perms' => t('Show to Contacts'),
'$private' => t('Private photo'),
'$public' => t('Public photo'),
'$is_private' => $private_post,
'$return_path' => $query_str,
'$public_link' => $public_post_link,
'$return_path' => $a->query_string,
));
}
if (count($linked_items)) {
$like = '';
$dislike = '';
$likebuttons = '';
$comments = '';
$paginate = '';
$responses = '';
if (count($linked_items)) {
$cmnt_tpl = get_markup_template('comment_item.tpl');
$tpl = get_markup_template('photo_item.tpl');
$return_url = $a->cmd;
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = '';
if ($can_post || can_write_wall($a, $owner_uid)) {
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = replace_macros($like_tpl, array(
'$id' => $link_item['id'],
'$likethis' => t("I like this \x28toggle\x29"),
@ -1591,7 +1513,6 @@ function photos_content(App $a) {
));
}
$comments = '';
if (!DBM::is_result($r)) {
if (($can_post || can_write_wall($a, $owner_uid)) && $link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array(
@ -1614,12 +1535,6 @@ function photos_content(App $a) {
}
}
$alike = array();
$dlike = array();
$like = '';
$dislike = '';
$conv_responses = array(
'like' => array('title' => t('Likes','title')),'dislike' => array('title' => t('Dislikes','title')),
'attendyes' => array('title' => t('Attending','title')), 'attendno' => array('title' => t('Not attending','title')), 'attendmaybe' => array('title' => t('Might attend','title'))
@ -1627,13 +1542,16 @@ function photos_content(App $a) {
// display comments
if (DBM::is_result($r)) {
foreach ($r as $item) {
builtin_activity_puller($item, $conv_responses);
}
$like = (x($conv_responses['like'], $link_item['uri']) ? format_like($conv_responses['like'][$link_item['uri']], $conv_responses['like'][$link_item['uri'] . '-l'], 'like',$link_item['id']) : '');
$dislike = (x($conv_responses['dislike'], $link_item['uri']) ? format_like($conv_responses['dislike'][$link_item['uri']], $conv_responses['dislike'][$link_item['uri'] . '-l'], 'dislike',$link_item['id']) : '');
if (x($conv_responses['like'], $link_item['uri'])) {
$like = format_like($conv_responses['like'][$link_item['uri']], $conv_responses['like'][$link_item['uri'] . '-l'], 'like', $link_item['id']);
}
if (x($conv_responses['dislike'], $link_item['uri'])) {
$dislike = format_like($conv_responses['dislike'][$link_item['uri']], $conv_responses['dislike'][$link_item['uri'] . '-l'], 'dislike', $link_item['id']);
}
if (($can_post || can_write_wall($a, $owner_uid)) && $link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl,array(
@ -1655,18 +1573,17 @@ function photos_content(App $a) {
));
}
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$sparkle = '';
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && ($item['id'] != $item['parent']))
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && ($item['id'] != $item['parent'])) {
continue;
}
$redirect_url = 'redir/' . $item['cid'];
if (local_user() && ($item['contact-uid'] == local_user())
&& ($item['network'] == NETWORK_DFRN) && !$item['self']) {
$profile_url = $redirect_url;
@ -1730,40 +1647,32 @@ function photos_content(App $a) {
}
}
}
$response_verbs = array('like');
if (Feature::isEnabled($owner_uid, 'dislike')) {
$response_verbs[] = 'dislike';
}
$responses = get_responses($conv_responses, $response_verbs, '', $link_item);
$paginate = paginate($a);
}
$response_verbs = array('like');
if (Feature::isEnabled($owner_uid, 'dislike')) {
$response_verbs[] = 'dislike';
}
$responses = get_responses($conv_responses,$response_verbs, '', $link_item);
$photo_tpl = get_markup_template('photo_view.tpl');
$album_e = array($album_link, $ph[0]['album']);
$tags_e = $tags;
$like_e = $like;
$dislike_e = $dislike;
$o .= replace_macros($photo_tpl, array(
'$id' => $ph[0]['id'],
'$album' => $album_e,
'$album' => [$album_link, $ph[0]['album']],
'$tools' => $tools,
'$lock' => $lock,
'$photo' => $photo,
'$prevlink' => $prevlink,
'$nextlink' => $nextlink,
'$desc' => $ph[0]['desc'],
'$tags' => $tags_e,
'$tags' => $tags,
'$edit' => $edit,
'$map' => $map,
'$map_text' => t('Map'),
'$likebuttons' => $likebuttons,
'$like' => $like_e,
'$dislike' => $dikslike_e,
'$like' => $like,
'$dislike' => $dislike,
'responses' => $responses,
'$comments' => $comments,
'$paginate' => $paginate,

10
mod/ping.php
View file

@ -164,8 +164,8 @@ function ping_init(App $a)
if (intval(Feature::isEnabled(local_user(), 'forumlist_widget'))) {
$forum_counts = ForumManager::countUnseenItems();
if (DBM::is_result($forums_counts)) {
foreach ($forums_counts as $forum_count) {
if (DBM::is_result($forum_counts)) {
foreach ($forum_counts as $forum_count) {
if ($forum_count['count'] > 0) {
$forums_unseen[] = $forum_count;
}
@ -490,8 +490,10 @@ function ping_get_notifications($uid)
$notification["href"] = System::baseUrl() . "/notify/view/" . $notification["id"];
if ($notification["visible"] && !$notification["spam"]
&& !$notification["deleted"] && !is_array($result[$notification["parent"]])
if ($notification["visible"]
&& !$notification["spam"]
&& !$notification["deleted"]
&& !(x($result, $notification["parent"]) && is_array($result[$notification["parent"]]))
) {
// Should we condense the notifications or show them all?
if (PConfig::get(local_user(), 'system', 'detailed_notif')) {

185
mod/profile.php
View file

@ -8,78 +8,80 @@ use Friendica\Database\DBM;
use Friendica\Model\Group;
use Friendica\Module\Login;
require_once('include/contact_widgets.php');
require_once('include/redir.php');
require_once 'include/contact_widgets.php';
require_once 'include/redir.php';
function profile_init(App $a) {
if(! x($a->page,'aside'))
function profile_init(App $a)
{
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
if($a->argc > 1)
if ($a->argc > 1) {
$which = htmlspecialchars($a->argv[1]);
else {
$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
} else {
$r = q("SELECT `nickname` FROM `user` WHERE `blocked` = 0 AND `account_expired` = 0 AND `account_removed` = 0 AND `verified` = 1 ORDER BY RAND() LIMIT 1");
if (DBM::is_result($r)) {
goaway(System::baseUrl() . '/profile/' . $r[0]['nickname']);
}
else {
} else {
logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG);
notice( t('Requested profile is not available.') . EOL );
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
}
$profile = 0;
if((local_user()) && ($a->argc > 2) && ($a->argv[2] === 'view')) {
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
$which = $a->user['nickname'];
$profile = htmlspecialchars($a->argv[1]);
}
else {
} else {
auto_redir($a, $which);
}
profile_load($a,$which,$profile);
profile_load($a, $which, $profile);
$blocked = (((Config::get('system','block_public')) && (! local_user()) && (! remote_user())) ? true : false);
$userblock = (($a->profile['hidewall'] && (! local_user()) && (! remote_user())) ? true : false);
$blocked = !local_user() && !remote_user() && Config::get('system', 'block_public');
$userblock = !local_user() && !remote_user() && $a->profile['hidewall'];
if((x($a->profile,'page-flags')) && ($a->profile['page-flags'] == PAGE_COMMUNITY)) {
if (x($a->profile, 'page-flags') && $a->profile['page-flags'] == PAGE_COMMUNITY) {
$a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />';
}
if (x($a->profile,'openidserver')) {
if (x($a->profile, 'openidserver')) {
$a->page['htmlhead'] .= '<link rel="openid.server" href="' . $a->profile['openidserver'] . '" />' . "\r\n";
}
if (x($a->profile,'openid')) {
$delegate = ((strstr($a->profile['openid'],'://')) ? $a->profile['openid'] : 'https://' . $a->profile['openid']);
if (x($a->profile, 'openid')) {
$delegate = strstr($a->profile['openid'], '://') ? $a->profile['openid'] : 'https://' . $a->profile['openid'];
$a->page['htmlhead'] .= '<link rel="openid.delegate" href="' . $delegate . '" />' . "\r\n";
}
// site block
if ((! $blocked) && (! $userblock)) {
$keywords = ((x($a->profile,'pub_keywords')) ? $a->profile['pub_keywords'] : '');
$keywords = str_replace(array('#',',',' ',',,'),array('',' ',',',','),$keywords);
if(strlen($keywords))
$a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n" ;
if (!$blocked && !$userblock) {
$keywords = str_replace(array('#', ',', ' ', ',,'), array('', ' ', ',', ','), defaults($a->profile, 'pub_keywords', ''));
if (strlen($keywords)) {
$a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n";
}
}
$a->page['htmlhead'] .= '<meta name="dfrn-global-visibility" content="' . (($a->profile['net-publish']) ? 'true' : 'false') . '" />' . "\r\n" ;
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . System::baseUrl() . '/dfrn_poll/' . $which .'" />' . "\r\n" ;
$uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . (($a->path) ? '/' . $a->path : ''));
$a->page['htmlhead'] .= '<meta name="dfrn-global-visibility" content="' . ($a->profile['net-publish'] ? 'true' : 'false') . '" />' . "\r\n";
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . System::baseUrl() . '/feed/' . $which . '/" title="' . t('%s\'s posts', $a->profile['username']) . '"/>' . "\r\n";
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . System::baseUrl() . '/feed/' . $which . '/comments" title="' . t('%s\'s comments', $a->profile['username']) . '"/>' . "\r\n";
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . System::baseUrl() . '/feed/' . $which . '/activity" title="' . t('%s\'s timeline', $a->profile['username']) . '"/>' . "\r\n";
$uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . ($a->path ? '/' . $a->path : ''));
$a->page['htmlhead'] .= '<link rel="lrdd" type="application/xrd+xml" href="' . System::baseUrl() . '/xrd/?uri=' . $uri . '" />' . "\r\n";
header('Link: <' . System::baseUrl() . '/xrd/?uri=' . $uri . '>; rel="lrdd"; type="application/xrd+xml"', false);
$dfrn_pages = array('request', 'confirm', 'notify', 'poll');
foreach ($dfrn_pages as $dfrn) {
$a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"".System::baseUrl()."/dfrn_{$dfrn}/{$which}\" />\r\n";
$a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"" . System::baseUrl() . "/dfrn_{$dfrn}/{$which}\" />\r\n";
}
$a->page['htmlhead'] .= "<link rel=\"dfrn-poco\" href=\"".System::baseUrl()."/poco/{$which}\" />\r\n";
$a->page['htmlhead'] .= '<link rel="dfrn-poco" href="' . System::baseUrl() . "/poco/{$which}\" />\r\n";
}
function profile_content(App $a, $update = 0) {
function profile_content(App $a, $update = 0)
{
$category = $datequery = $datequery2 = '';
if ($a->argc > 2) {
@ -96,21 +98,21 @@ function profile_content(App $a, $update = 0) {
}
}
if (! x($category)) {
$category = ((x($_GET,'category')) ? $_GET['category'] : '');
if (!x($category)) {
$category = defaults($_GET, 'category', '');
}
$hashtags = (x($_GET, 'tag') ? $_GET['tag'] : '');
$hashtags = defaults($_GET, 'tag', '');
if (Config::get('system','block_public') && (! local_user()) && (! remote_user())) {
if (Config::get('system', 'block_public') && !local_user() && !remote_user()) {
return Login::form();
}
require_once("include/bbcode.php");
require_once('include/security.php');
require_once('include/conversation.php');
require_once('include/acl_selectors.php');
require_once('include/items.php');
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
require_once 'include/items.php';
$groups = array();
@ -129,7 +131,7 @@ function profile_content(App $a, $update = 0) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
if (x($_SESSION, 'remote') && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
@ -150,74 +152,75 @@ function profile_content(App $a, $update = 0) {
}
}
if (! $remote_contact) {
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$is_owner = ((local_user()) && (local_user() == $a->profile['profile_uid']) ? true : false);
$is_owner = local_user() == $a->profile['profile_uid'];
$last_updated_key = "profile:" . $a->profile['profile_uid'] . ":" . local_user() . ":" . remote_user();
if ($a->profile['hidewall'] && (! $is_owner) && (! $remote_contact)) {
notice( t('Access to this profile has been restricted.') . EOL);
if (x($a->profile, 'hidewall') && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
if (! $update) {
if (x($_GET,'tab')) {
if (!$update) {
$tab = false;
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$o.=profile_tabs($a, $is_owner, $a->profile['nickname']);
$o .= profile_tabs($a, $is_owner, $a->profile['nickname']);
if ($tab === 'profile') {
$o .= advanced_profile($a);
call_hooks('profile_advanced',$o);
call_hooks('profile_advanced', $o);
return $o;
}
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
if (x($_SESSION,'new_member') && $_SESSION['new_member'] && $is_owner) {
if (x($_SESSION, 'new_member') && $is_owner) {
$o .= '<a href="newmember" id="newmember-tips" style="font-size: 1.2em;"><b>' . t('Tips for New Members') . '</b></a>' . EOL;
}
$commpage = (($a->profile['page-flags'] == PAGE_COMMUNITY) ? true : false);
$commvisitor = (($commpage && $remote_contact == true) ? true : false);
$commpage = $a->profile['page-flags'] == PAGE_COMMUNITY;
$commvisitor = $commpage && $remote_contact;
$a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'],$a->profile['profile_uid'],true);
$a->page['aside'] .= categories_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'],(x($category) ? xmlify($category) : ''));
$a->page['aside'] .= posted_date_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true);
$a->page['aside'] .= categories_widget(System::baseUrl(true) . '/profile/' . $a->profile['nickname'], (x($category) ? xmlify($category) : ''));
$a->page['aside'] .= tagcloud_wall_widget();
if (can_write_wall($a,$a->profile['profile_uid'])) {
if (can_write_wall($a, $a->profile['profile_uid'])) {
$x = array(
'is_owner' => $is_owner,
'allow_location' => ((($is_owner || $commvisitor) && $a->profile['allow_location']) ? true : false),
'default_location' => (($is_owner) ? $a->user['default-location'] : ''),
'allow_location' => ($is_owner || $commvisitor) && $a->profile['allow_location'],
'default_location' => $is_owner ? $a->user['default-location'] : '',
'nickname' => $a->profile['nickname'],
'lockstate' => (((is_array($a->user) && ((strlen($a->user['allow_cid'])) ||
(strlen($a->user['allow_gid'])) || (strlen($a->user['deny_cid'])) ||
(strlen($a->user['deny_gid']))))) ? 'lock' : 'unlock'),
'acl' => (($is_owner) ? populate_acl($a->user, true) : ''),
'lockstate' => is_array($a->user)
&& (strlen($a->user['allow_cid'])
|| strlen($a->user['allow_gid'])
|| strlen($a->user['deny_cid'])
|| strlen($a->user['deny_gid'])
) ? 'lock' : 'unlock',
'acl' => $is_owner ? populate_acl($a->user, true) : '',
'bang' => '',
'visitor' => (($is_owner || $commvisitor) ? 'block' : 'none'),
'visitor' => $is_owner || $commvisitor ? 'block' : 'none',
'profile_uid' => $a->profile['profile_uid'],
'acl_data' => ( $is_owner ? construct_acl_data($a, $a->user) : '' ), // For non-Javascript ACL selector
'acl_data' => $is_owner ? construct_acl_data($a, $a->user) : '', // For non-Javascript ACL selector
);
$o .= status_editor($a,$x);
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$sql_extra = item_permissions_sql($a->profile['profile_uid'],$remote_contact,$groups);
// Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
$sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups);
$sql_extra2 = '';
if ($update) {
$last_updated = (x($_SESSION['last_updated'], $last_updated_key) ? $_SESSION['last_updated'][$last_updated_key] : 0);
@ -235,7 +238,7 @@ function profile_content(App $a, $update = 0) {
FROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
WHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND
(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE ."'
(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE . "'
OR item.verb = '" . ACTIVITY_DISLIKE . "' OR item.verb = '" . ACTIVITY_ATTEND . "'
OR item.verb = '" . ACTIVITY_ATTENDNO . "' OR item.verb = '" . ACTIVITY_ATTENDMAYBE . "')
AND `item`.`moderated` = 0
@ -249,14 +252,12 @@ function profile_content(App $a, $update = 0) {
if (!DBM::is_result($r)) {
return '';
}
} else {
$sql_post_table = "";
if (x($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
//$sql_extra .= protect_sprintf(file_tag_file_query('item',$category,'category'));
}
if (x($hashtags)) {
@ -265,10 +266,10 @@ function profile_content(App $a, $update = 0) {
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery))));
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2))));
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
// Belongs the profile page to a forum?
@ -276,7 +277,8 @@ function profile_content(App $a, $update = 0) {
$r = q("SELECT `uid` FROM `user` WHERE `uid` = %d AND `page-flags` IN (%d, %d)",
intval($a->profile['profile_uid']),
intval(PAGE_COMMUNITY),
intval(PAGE_PRVGROUP));
intval(PAGE_PRVGROUP)
);
if (!DBM::is_result($r)) {
$sql_extra3 = sprintf(" AND `thread`.`contact-id` = %d ", intval(intval($a->profile['contact_id'])));
@ -285,20 +287,20 @@ function profile_content(App $a, $update = 0) {
// check if we serve a mobile device and get the user settings
// accordingly
if ($a->is_mobile) {
$itemspage_network = PConfig::get(local_user(),'system','itemspage_mobile_network');
$itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 10);
$itemspage_network = PConfig::get(local_user(), 'system', 'itemspage_mobile_network', 10);
} else {
$itemspage_network = PConfig::get(local_user(),'system','itemspage_network');
$itemspage_network = ((intval($itemspage_network)) ? $itemspage_network : 20);
$itemspage_network = PConfig::get(local_user(), 'system', 'itemspage_network', 20);
}
// now that we have the user settings, see if the theme forces
// a maximum item number which is lower then the user choice
if(($a->force_max_items > 0) && ($a->force_max_items < $itemspage_network))
if (($a->force_max_items > 0) && ($a->force_max_items < $itemspage_network)) {
$itemspage_network = $a->force_max_items;
}
$a->set_pager_itemspage($itemspage_network);
$pager_sql = sprintf(" LIMIT %d, %d ",intval($a->pager['start']), intval($a->pager['itemspage']));
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
$r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`
FROM `thread`
@ -314,7 +316,6 @@ function profile_content(App $a, $update = 0) {
ORDER BY `thread`.`created` DESC $pager_sql",
intval($a->profile['profile_uid'])
);
}
$parents_arr = array();
@ -325,23 +326,25 @@ function profile_content(App $a, $update = 0) {
$_SESSION['last_updated'][$last_updated_key] = time();
if (DBM::is_result($r)) {
foreach($r as $rr)
foreach ($r as $rr) {
$parents_arr[] = $rr['item_id'];
}
$parents_str = implode(', ', $parents_arr);
$items = q(item_query()." AND `item`.`uid` = %d
$items = q(item_query() . " AND `item`.`uid` = %d
AND `item`.`parent` IN (%s)
$sql_extra ",
intval($a->profile['profile_uid']),
dbesc($parents_str)
);
$items = conv_sort($items,'created');
$items = conv_sort($items, 'created');
} else {
$items = array();
}
if($is_owner && (! $update) && (! Config::get('theme','hide_eventlist'))) {
if ($is_owner && !$update && !Config::get('theme', 'hide_eventlist')) {
$o .= get_birthdays();
$o .= get_events();
}

2
mod/receive.php
View file

@ -9,8 +9,6 @@ use Friendica\Core\Config;
use Friendica\Database\DBM;
use Friendica\Protocol\Diaspora;
require_once 'include/crypto.php';
/**
* @param object $a App
* @return void

10
mod/salmon.php
View file

@ -7,8 +7,8 @@ use Friendica\Core\PConfig;
use Friendica\Database\DBM;
use Friendica\Protocol\OStatus;
use Friendica\Protocol\Salmon;
use Friendica\Util\Crypto;
require_once 'include/crypto.php';
require_once 'include/items.php';
require_once 'include/follow.php';
@ -117,23 +117,23 @@ function salmon_post(App $a) {
logger('mod-salmon: key details: ' . print_r($key_info,true), LOGGER_DEBUG);
$pubkey = metopem($m,$e);
$pubkey = Crypto::meToPem($m, $e);
// We should have everything we need now. Let's see if it verifies.
// Try GNU Social format
$verify = rsa_verify($signed_data, $signature, $pubkey);
$verify = Crypto::rsaVerify($signed_data, $signature, $pubkey);
$mode = 1;
if (! $verify) {
logger('mod-salmon: message did not verify using protocol. Trying compliant format.');
$verify = rsa_verify($compliant_format, $signature, $pubkey);
$verify = Crypto::rsaVerify($compliant_format, $signature, $pubkey);
$mode = 2;
}
if (! $verify) {
logger('mod-salmon: message did not verify using padding. Trying old statusnet format.');
$verify = rsa_verify($stnet_signed_data, $signature, $pubkey);
$verify = Crypto::rsaVerify($stnet_signed_data, $signature, $pubkey);
$mode = 3;
}

21
mod/videos.php
View file

@ -8,11 +8,11 @@ use Friendica\Database\DBM;
use Friendica\Model\Contact;
use Friendica\Model\Group;
require_once('include/items.php');
require_once('include/acl_selectors.php');
require_once('include/bbcode.php');
require_once('include/security.php');
require_once('include/redir.php');
require_once 'include/items.php';
require_once 'include/acl_selectors.php';
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/redir.php';
function videos_init(App $a) {
@ -45,12 +45,12 @@ function videos_init(App $a) {
$tpl = get_markup_template("vcard-widget.tpl");
$vcard_widget .= replace_macros($tpl, array(
$vcard_widget = replace_macros($tpl, array(
'$name' => $profile['name'],
'$photo' => $profile['photo'],
'$addr' => (($profile['addr'] != "") ? $profile['addr'] : ""),
'$addr' => defaults($profile, 'addr', ''),
'$account_type' => $account_type,
'$pdesc' => (($profile['pdesc'] != "") ? $profile['pdesc'] : ""),
'$pdesc' => defaults($profile, 'pdesc', ''),
));
@ -281,8 +281,9 @@ function videos_content(App $a) {
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if(remote_user() && (! $visitor)) {
$contact_id = 0;
if(is_array($_SESSION['remote'])) {
@ -318,7 +319,7 @@ function videos_content(App $a) {
return;
}
$sql_extra = permissions_sql($owner_uid,$remote_contact,$groups);
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";

24
mod/xrd.php
View file

@ -1,12 +1,14 @@
<?php
/**
* @file mod/xrd.php
*/
use Friendica\App;
use Friendica\Core\System;
use Friendica\Database\DBM;
use Friendica\Protocol\Salmon;
require_once('include/crypto.php');
function xrd_init(App $a) {
function xrd_init(App $a)
{
if ($a->argv[0] == 'xrd') {
$uri = urldecode(notags(trim($_GET['uri'])));
if ($_SERVER['HTTP_ACCEPT'] == 'application/jrd+json') {
@ -54,8 +56,9 @@ function xrd_init(App $a) {
}
}
function xrd_json($a, $uri, $alias, $profile_url, $r) {
$salmon_key = salmon_key($r['spubkey']);
function xrd_json($a, $uri, $alias, $profile_url, $r)
{
$salmon_key = Salmon::salmonKey($r['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: application/json; charset=utf-8");
@ -79,8 +82,9 @@ function xrd_json($a, $uri, $alias, $profile_url, $r) {
killme();
}
function xrd_xml($a, $uri, $alias, $profile_url, $r) {
$salmon_key = salmon_key($r['spubkey']);
function xrd_xml($a, $uri, $alias, $profile_url, $r)
{
$salmon_key = Salmon::salmonKey($r['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
@ -100,8 +104,8 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r) {
'$salmon' => System::baseUrl() . '/salmon/' . $r['nickname'],
'$salmen' => System::baseUrl() . '/salmon/' . $r['nickname'] . '/mention',
'$subscribe' => System::baseUrl() . '/follow?url={uri}',
'$modexp' => 'data:application/magic-public-key,' . $salmon_key,
));
'$modexp' => 'data:application/magic-public-key,' . $salmon_key)
);
$arr = array('user' => $r, 'xml' => $o);
call_hooks('personal_xrd', $arr);