Merge branch 'master', remote-tracking branch 'remotes/upstream/master'

* remotes/upstream/master:
  turn registration code into a standalone function for re-use
  query using both `id` and `parent`
  prevent email from leaking in feeds
  y didn't i think of this b4?
  some zero theming on settings page
  missing delimiter
  transition to beta for private forums
  rev update
  Friendicaland - you can't 'live' on a demo server.
  Create a "potential default group" called "Friends" on registration.
  fix private photos that also have a size specification
  private group tests, cont.
  hide private group if desired
  prvgroup should see intros
  private group fix
  possible sql injection in search
  bugfixes: private photo embeds and search for strings with %

* master:
This commit is contained in:
Simon L'nu 2012-05-31 23:22:19 -04:00
commit b1dacd6d83
24 changed files with 859 additions and 720 deletions

View file

@ -9,9 +9,9 @@ require_once('include/nav.php');
require_once('include/cache.php'); require_once('include/cache.php');
define ( 'FRIENDICA_PLATFORM', 'Friendica'); define ( 'FRIENDICA_PLATFORM', 'Friendica');
define ( 'FRIENDICA_VERSION', '3.0.1357' ); define ( 'FRIENDICA_VERSION', '3.0.1360' );
define ( 'DFRN_PROTOCOL_VERSION', '2.23' ); define ( 'DFRN_PROTOCOL_VERSION', '2.23' );
define ( 'DB_UPDATE_VERSION', 1144 ); define ( 'DB_UPDATE_VERSION', 1145 );
define ( 'EOL', "<br />\r\n" ); define ( 'EOL', "<br />\r\n" );
define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' ); define ( 'ATOM_TIME', 'Y-m-d\TH:i:s\Z' );

View file

@ -173,6 +173,7 @@ CREATE TABLE IF NOT EXISTS `contact` (
`readonly` tinyint(1) NOT NULL DEFAULT '0', `readonly` tinyint(1) NOT NULL DEFAULT '0',
`writable` tinyint(1) NOT NULL DEFAULT '0', `writable` tinyint(1) NOT NULL DEFAULT '0',
`forum` tinyint(1) NOT NULL DEFAULT '0', `forum` tinyint(1) NOT NULL DEFAULT '0',
`prv` tinyint(1) NOT NULL DEFAULT '0',
`hidden` tinyint(1) NOT NULL DEFAULT '0', `hidden` tinyint(1) NOT NULL DEFAULT '0',
`archive` tinyint(1) NOT NULL DEFAULT '0', `archive` tinyint(1) NOT NULL DEFAULT '0',
`pending` tinyint(1) NOT NULL DEFAULT '1', `pending` tinyint(1) NOT NULL DEFAULT '1',

View file

@ -995,8 +995,8 @@
else else
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
dbesc(protect_sprintf('%' . $myurl)), dbesc(protect_sprintf('%' . $myurl)),
dbesc(protect_sprintf('%' . $myurl . '\\]%')), dbesc(protect_sprintf('%' . $myurl . ']%')),
dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) dbesc(protect_sprintf('%' . $diasp_url . ']%'))
); );
if ($max_id > 0) if ($max_id > 0)

View file

@ -2055,8 +2055,12 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) {
$myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3);
$theiraddr = $contact['addr']; $theiraddr = $contact['addr'];
$p = q("select guid from item where parent = %d limit 1", // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
$item['parent'] // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
// The only item with `parent` and `id` as the parent id is the parent item.
$p = q("select guid from item where parent = %d and id = %d limit 1",
intval($item['parent']),
intval($item['parent'])
); );
if(count($p)) if(count($p))
$parent_guid = $p[0]['guid']; $parent_guid = $p[0]['guid'];
@ -2111,8 +2115,12 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) {
$theiraddr = $contact['addr']; $theiraddr = $contact['addr'];
$p = q("select guid from item where parent = %d limit 1", // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always
$item['parent'] // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent.
// The only item with `parent` and `id` as the parent id is the parent item.
$p = q("select guid from item where parent = %d and id = %d limit 1",
intval($item['parent']),
intval($item['parent'])
); );
if(count($p)) if(count($p))
$parent_guid = $p[0]['guid']; $parent_guid = $p[0]['guid'];

View file

@ -180,6 +180,10 @@ function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
foreach($items as $item) { foreach($items as $item) {
// prevent private email from leaking.
if($item['network'] === NETWORK_MAIL)
continue;
// public feeds get html, our own nodes use bbcode // public feeds get html, our own nodes use bbcode
if($public_feed) { if($public_feed) {
@ -1063,9 +1067,6 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$a = get_app(); $a = get_app();
// if((! strlen($contact['issued-id'])) && (! $contact['duplex']) && (! ($owner['page-flags'] == PAGE_COMMUNITY)))
// return 3;
$idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']); $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
if($contact['duplex'] && $contact['dfrn-id']) if($contact['duplex'] && $contact['dfrn-id'])
@ -1130,6 +1131,9 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$rino_allowed = ((intval($res->rino) === 1) ? 1 : 0); $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
$page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0); $page = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
if($owner['page-flags'] == PAGE_PRVGROUP)
$page = 2;
$final_dfrn_id = ''; $final_dfrn_id = '';
if($perm) { if($perm) {
@ -1183,7 +1187,7 @@ function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
$postvars['ssl_policy'] = $ssl_policy; $postvars['ssl_policy'] = $ssl_policy;
if($page) if($page)
$postvars['page'] = '1'; $postvars['page'] = $page;
if($rino && $rino_allowed && (! $dissolve)) { if($rino && $rino_allowed && (! $dissolve)) {
$key = substr(random_string(),0,16); $key = substr(random_string(),0,16);
@ -2931,10 +2935,10 @@ function fix_private_photos($s,$uid, $item = null, $cid = 0) {
$a = get_app(); $a = get_app();
logger('fix_private_photos', LOGGER_DEBUG); logger('fix_private_photos', LOGGER_DEBUG);
$site = substr($a->get_baseurl(),strpos($a->get_baseurl,'://')); $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://'));
if(preg_match("/\[img\](.*?)\[\/img\]/is",$s,$matches)) { if(preg_match("/\[img(.*?)\](.*?)\[\/img\]/is",$s,$matches)) {
$image = $matches[1]; $image = $matches[2];
logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG); logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
if(stristr($image , $site . '/photo/')) { if(stristr($image , $site . '/photo/')) {
$replace = false; $replace = false;

View file

@ -117,7 +117,7 @@ function nav(&$a) {
/* only show friend requests for normal pages. Other page types have automatic friendship. */ /* only show friend requests for normal pages. Other page types have automatic friendship. */
if($_SESSION['page_flags'] == PAGE_NORMAL) { if($_SESSION['page_flags'] == PAGE_NORMAL || $_SESSION['page_flags'] == PAGE_PRVGROUP) {
$nav['introductions'] = array('notifications/intros', t('Introductions'), "", t('Friend Requests')); $nav['introductions'] = array('notifications/intros', t('Introductions'), "", t('Friend Requests'));
$nav['notifications'] = array('notifications', t('Notifications'), "", t('Notifications')); $nav['notifications'] = array('notifications', t('Notifications'), "", t('Notifications'));
$nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", ""); $nav['notifications']['all']=array('notifications/system', t('See all notifications'), "", "");

View file

@ -742,6 +742,8 @@ function smilies($s, $sample = false) {
':homebrew', ':homebrew',
':coffee', ':coffee',
':facepalm', ':facepalm',
':like',
':dislike',
'~friendika', '~friendika',
'~friendica' '~friendica'
@ -778,6 +780,8 @@ function smilies($s, $sample = false) {
'<img src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />', '<img src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />',
'<img src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />', '<img src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />',
'<img src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />', '<img src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />',
'<img src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />',
'<img src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />',
'<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>', '<a href="http://project.friendika.com">~friendika <img src="' . $a->get_baseurl() . '/images/friendika-16.png" alt="~friendika" /></a>',
'<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>' '<a href="http://friendica.com">~friendica <img src="' . $a->get_baseurl() . '/images/friendica-16.png" alt="~friendica" /></a>'
); );

325
include/user.php Normal file
View file

@ -0,0 +1,325 @@
<?php
require_once('include/config.php');
require_once('include/network.php');
require_once('include/plugin.php');
require_once('include/text.php');
require_once('include/pgettext.php');
require_once('include/datetime.php');
function create_user($arr) {
// Required: { username, nickname, email } or { openid_url }
$a = get_app();
$result = array('success' => false, 'user' => null, 'password' => '', 'message' => '');
$using_invites = get_config('system','invitation_only');
$num_invites = get_config('system','number_invites');
$invite_id = ((x($arr,'invite_id')) ? notags(trim($arr['invite_id'])) : '');
$username = ((x($arr,'username')) ? notags(trim($arr['username'])) : '');
$nickname = ((x($arr,'nickname')) ? notags(trim($arr['nickname'])) : '');
$email = ((x($arr,'email')) ? notags(trim($arr['email'])) : '');
$openid_url = ((x($arr,'openid_url')) ? notags(trim($arr['openid_url'])) : '');
$photo = ((x($arr,'photo')) ? notags(trim($arr['photo'])) : '');
$publish = ((x($arr,'profile_publish_reg') && intval($arr['profile_publish_reg'])) ? 1 : 0);
$password = ((x($arr,'password')) ? trim($arr['password']) : '');
$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
$tmp_str = $openid_url;
if($using_invites) {
if(! $invite_id) {
$result['message'] .= t('An invitation is required.') . EOL;
return $result;
}
$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
if(! results($r)) {
$result['message'] .= t('Invitation could not be verified.') . EOL;
return $result;
}
}
if((! x($username)) || (! x($email)) || (! x($nickname))) {
if($openid_url) {
if(! validate_url($tmp_str)) {
$result['message'] .= t('Invalid OpenID url') . EOL;
return $result;
}
$_SESSION['register'] = 1;
$_SESSION['openid'] = $openid_url;
require_once('library/openid.php');
$openid = new LightOpenID;
$openid->identity = $openid_url;
$openid->returnUrl = $a->get_baseurl() . '/openid';
$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
goaway($openid->authUrl());
// NOTREACHED
}
notice( t('Please enter the required information.') . EOL );
return;
}
if(! validate_url($tmp_str))
$openid_url = '';
$err = '';
// collapse multiple spaces in name
$username = preg_replace('/ +/',' ',$username);
if(mb_strlen($username) > 48)
$result['message'] .= t('Please use a shorter name.') . EOL;
if(mb_strlen($username) < 3)
$result['message'] .= t('Name too short.') . EOL;
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// So now we are just looking for a space in the full name.
$loose_reg = get_config('system','no_regfullname');
if(! $loose_reg) {
$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
if(! strpos($username,' '))
$result['message'] .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
}
if(! allowed_email($email))
$result['message'] .= t('Your email domain is not among those allowed on this site.') . EOL;
if((! valid_email($email)) || (! validate_email($email)))
$result['message'] .= t('Not a valid email address.') . EOL;
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if(count($r))
$result['message'] .= t('Cannot use that email.') . EOL;
}
$nickname = $arr['nickname'] = strtolower($nickname);
if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
$result['message'] .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
// Check deleted accounts that had this nickname. Doesn't matter to us,
// but could be a security issue for federated platforms.
$r = q("SELECT * FROM `userd`
WHERE `username` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$result['message'] .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
if(strlen($result['message'])) {
return $result;
}
$new_password = ((strlen($password)) ? $password : autoname(6) . mt_rand(100,9999));
$new_password_encoded = hash('whirlpool',$new_password);
$result['password'] = $new_password;
require_once('include/crypto.php');
$keys = new_keypair(1024);
if($keys === false) {
$result['message'] .= t('SERIOUS ERROR: Generation of security keys failed.') . EOL;
return $result;
}
$prvkey = $keys['prvkey'];
$pubkey = $keys['pubkey'];
/**
*
* Create another keypair for signing/verifying
* salmon protocol messages. We have to use a slightly
* less robust key because this won't be using openssl
* but the phpseclib. Since it is PHP interpreted code
* it is not nearly as efficient, and the larger keys
* will take several minutes each to process.
*
*/
$sres = new_keypair(512);
$sprvkey = $sres['prvkey'];
$spubkey = $sres['pubkey'];
$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
dbesc(generate_user_guid()),
dbesc($username),
dbesc($new_password_encoded),
dbesc($email),
dbesc($openid_url),
dbesc($nickname),
dbesc($pubkey),
dbesc($prvkey),
dbesc($spubkey),
dbesc($sprvkey),
dbesc(datetime_convert()),
intval($verified),
intval($blocked)
);
if($r) {
$r = q("SELECT * FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
dbesc($username),
dbesc($new_password_encoded)
);
if($r !== false && count($r)) {
$u = $r[0];
$newuid = intval($r[0]['uid']);
}
}
else {
$result['message'] .= t('An error occurred during registration. Please try again.') . EOL ;
return $result;
}
/**
* if somebody clicked submit twice very quickly, they could end up with two accounts
* due to race condition. Remove this one.
*/
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' ",
dbesc($nickname)
);
if((count($r) > 1) && $newuid) {
$result['message'] .= t('Nickname is already registered. Please choose another.') . EOL;
q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
intval($newuid)
);
return $result;
}
if(x($newuid) !== false) {
$r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
intval($newuid),
t('default'),
1,
dbesc($username),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
intval($publish),
intval($netpublish)
);
if($r === false) {
$result['message'] .= t('An error occurred creating your default profile. Please try again.') . EOL;
// Start fresh next time.
$r = q("DELETE FROM `user` WHERE `uid` = %d",
intval($newuid));
return $result;
}
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
`request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )
VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
intval($newuid),
datetime_convert(),
dbesc($username),
dbesc($nickname),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/profile/$nickname"),
dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
dbesc($a->get_baseurl() . "/poco/$nickname"),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert())
);
// Create a group with no members. This allows somebody to use it
// right away as a default group for new contacts.
require_once('include/group.php');
group_add($newuid, t('Friends'));
}
// if we have no OpenID photo try to look up an avatar
if(! strlen($photo))
$photo = avatar_img($email);
// unless there is no avatar-plugin loaded
if(strlen($photo)) {
require_once('include/Photo.php');
$photo_failure = false;
$filename = basename($photo);
$img_str = fetch_url($photo,true);
$img = new Photo($img_str);
if($img->is_valid()) {
$img->scaleImageSquare(175);
$hash = photo_new_resource();
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
if($r === false)
$photo_failure = true;
$img->scaleImage(48);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
if($r === false)
$photo_failure = true;
if(! $photo_failure) {
q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ",
dbesc($hash)
);
}
}
}
call_hooks('register_account', $newuid);
$result['success'] = true;
$result['user'] = $u;
return $result;
}

View file

@ -275,7 +275,7 @@ aStates[249]="|'Adan|'Ataq|Abyan|Al Bayda'|Al Hudaydah|Al Jawf|Al Mahrah|Al Mahw
aStates[250]="|Kosovo|Montenegro|Serbia|Vojvodina"; aStates[250]="|Kosovo|Montenegro|Serbia|Vojvodina";
aStates[251]="|Central|Copperbelt|Eastern|Luapula|Lusaka|North-Western|Northern|Southern|Western"; aStates[251]="|Central|Copperbelt|Eastern|Luapula|Lusaka|North-Western|Northern|Southern|Western";
aStates[252]="|Bulawayo|Harare|ManicalandMashonaland Central|Mashonaland East|Mashonaland West|Masvingo|Matabeleland North|Matabeleland South|Midlands"; aStates[252]="|Bulawayo|Harare|ManicalandMashonaland Central|Mashonaland East|Mashonaland West|Masvingo|Matabeleland North|Matabeleland South|Midlands";
aStates[253]="Self Hosted|Private Server|Architects Of Sleep|DFRN|Distributed Friend Network|Free-Beer.ch|Foojbook|Free-Haven|Friendica.eu|Friendika.me.4.it|Friendika - I Ask Questions|Frndc.com|Hipatia|Hungerfreunde|Kaluguran Community|Kak Ste?|Karl.Markx.pm|Loozah Social Club|MyFriendica.net|MyFriendNetwork|Oi!|OpenMindSpace|Oradons Friendica|Recolutionari.es|Sysfu Social Club|theshi.re|Tumpambae|Uzmiac|Other"; aStates[253]="|Self Hosted|Private Server|Architects Of Sleep|DFRN|Distributed Friend Network|Free-Beer.ch|Foojbook|Free-Haven|Friendica.eu|Friendika.me.4.it|Friendika - I Ask Questions|Frndc.com|Hipatia|Hungerfreunde|Kaluguran Community|Kak Ste?|Karl.Markx.pm|Loozah Social Club|MyFriendica.net|MyFriendNetwork|Oi!|OpenMindSpace|Recolutionari.es|Sysfu Social Club|theshi.re|Tumpambae|Uzmiac|Other";
/* /*
* gArCountryInfo * gArCountryInfo
* (0) Country name * (0) Country name

View file

@ -135,7 +135,7 @@ function acl_init(&$a){
foreach($r as $g) { foreach($r as $g) {
$x['photos'][] = $g['micro']; $x['photos'][] = $g['micro'];
$x['links'][] = $g['url']; $x['links'][] = $g['url'];
$x['suggestions'][] = $g['name']; // sprintf( t('%s [%s]'),$g['name'],$g['url']); $x['suggestions'][] = $g['name'];
$x['data'][] = intval($g['id']); $x['data'][] = intval($g['id']);
} }
} }

View file

@ -202,6 +202,8 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if($user[0]['page-flags'] == PAGE_COMMUNITY) if($user[0]['page-flags'] == PAGE_COMMUNITY)
$params['page'] = 1; $params['page'] = 1;
if($user[0]['page-flags'] == PAGE_PRVGROUP)
$params['page'] = 2;
logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA); logger('dfrn_confirm: Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA);
@ -537,6 +539,9 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 ); $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0 );
$version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0); $version_id = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);
logger('dfrn_confirm: requestee contacted: ' . $node); logger('dfrn_confirm: requestee contacted: ' . $node);
logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA); logger('dfrn_confirm: request: POST=' . print_r($_POST,true), LOGGER_DATA);
@ -691,6 +696,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
`pending` = 0, `pending` = 0,
`duplex` = %d, `duplex` = %d,
`forum` = %d, `forum` = %d,
`prv` = %d,
`network` = '%s' WHERE `id` = %d LIMIT 1 `network` = '%s' WHERE `id` = %d LIMIT 1
", ",
dbesc($photos[0]), dbesc($photos[0]),
@ -701,7 +707,8 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
dbesc(datetime_convert()), dbesc(datetime_convert()),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($duplex), intval($duplex),
intval($page), intval($forum),
intval($prv),
dbesc(NETWORK_DFRN), dbesc(NETWORK_DFRN),
intval($dfrn_record) intval($dfrn_record)
); );

View file

@ -17,6 +17,9 @@ function dfrn_notify_post(&$a) {
$ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none'); $ssl_policy = ((x($_POST,'ssl_policy')) ? notags(trim($_POST['ssl_policy'])): 'none');
$page = ((x($_POST,'page')) ? intval($_POST['page']) : 0); $page = ((x($_POST,'page')) ? intval($_POST['page']) : 0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);
$writable = (-1); $writable = (-1);
if($dfrn_version >= 2.21) { if($dfrn_version >= 2.21) {
$writable = (($perm === 'rw') ? 1 : 0); $writable = (($perm === 'rw') ? 1 : 0);
@ -88,10 +91,11 @@ function dfrn_notify_post(&$a) {
$importer = $r[0]; $importer = $r[0];
if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $page)) { if((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) {
q("UPDATE `contact` SET `writable` = %d, forum = %d WHERE `id` = %d LIMIT 1", q("UPDATE `contact` SET `writable` = %d, forum = %d, prv = %d WHERE `id` = %d LIMIT 1",
intval(($writable == (-1)) ? $importer['writable'] : $writable), intval(($writable == (-1)) ? $importer['writable'] : $writable),
intval($page), intval($forum),
intval($prv),
intval($importer['id']) intval($importer['id'])
); );
if($writable != (-1)) if($writable != (-1))

View file

@ -68,7 +68,7 @@ function dfrn_request_post(&$a) {
$dfrn_url = notags(trim($_POST['dfrn_url'])); $dfrn_url = notags(trim($_POST['dfrn_url']));
$aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0); $aes_allow = (((x($_POST,'aes_allow')) && ($_POST['aes_allow'] == 1)) ? 1 : 0);
$confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : ""); $confirm_key = ((x($_POST,'confirm_key')) ? $_POST['confirm_key'] : "");
$hidden = ((x($_POST,'hidden-contact')) ? intval($_POST['hidden-contact']) : 0);
$contact_record = null; $contact_record = null;
if(x($dfrn_url)) { if(x($dfrn_url)) {
@ -98,8 +98,9 @@ function dfrn_request_post(&$a) {
} }
if(is_array($contact_record)) { if(is_array($contact_record)) {
$r = q("UPDATE `contact` SET `ret-aes` = %d WHERE `id` = %d LIMIT 1", $r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d LIMIT 1",
intval($aes_allow), intval($aes_allow),
intval($hidden),
intval($contact_record['id']) intval($contact_record['id'])
); );
} }
@ -144,8 +145,8 @@ function dfrn_request_post(&$a) {
*/ */
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `name`, `nick`, `photo`, `site-pubkey`, $r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `name`, `nick`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`) `request`, `confirm`, `notify`, `poll`, `poco`, `network`, `aes_allow`, `hidden`)
VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d)", VALUES ( %d, '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d)",
intval(local_user()), intval(local_user()),
datetime_convert(), datetime_convert(),
dbesc($dfrn_url), dbesc($dfrn_url),
@ -160,7 +161,8 @@ function dfrn_request_post(&$a) {
$parms['dfrn-poll'], $parms['dfrn-poll'],
$parms['dfrn-poco'], $parms['dfrn-poco'],
dbesc(NETWORK_DFRN), dbesc(NETWORK_DFRN),
intval($aes_allow) intval($aes_allow),
intval($hidden)
); );
} }
@ -649,6 +651,8 @@ function dfrn_request_content(&$a) {
$o = replace_macros($tpl,array( $o = replace_macros($tpl,array(
'$dfrn_url' => $dfrn_url, '$dfrn_url' => $dfrn_url,
'$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ), '$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
'$hidethem' => t('Hide this contact'),
'$hidechecked' => '',
'$confirm_key' => $confirm_key, '$confirm_key' => $confirm_key,
'$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']), '$welcome' => sprintf( t('Welcome home %s.'), $a->user['username']),
'$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url), '$please' => sprintf( t('Please confirm your introduction/connection request to %s.'), $dfrn_url),
@ -680,7 +684,7 @@ function dfrn_request_content(&$a) {
$auto_confirm = false; $auto_confirm = false;
if(count($r)) { if(count($r)) {
if($r[0]['page-flags'] != PAGE_NORMAL) if(($r[0]['page-flags'] != PAGE_NORMAL) && ($r[0]['page-flags'] != PAGE_PRVGROUP))
$auto_confirm = true; $auto_confirm = true;
if(! $auto_confirm) { if(! $auto_confirm) {

View file

@ -453,6 +453,7 @@ function item_post(&$a) {
$tagged = array(); $tagged = array();
$private_forum = false;
if(count($tags)) { if(count($tags)) {
foreach($tags as $tag) { foreach($tags as $tag) {
@ -471,10 +472,21 @@ function item_post(&$a) {
continue; continue;
$success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag); $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag);
if($success) if($success['replaced'])
$tagged[] = $tag; $tagged[] = $tag;
if(is_array($success['contact']) && intval($success['contact']['prv'])) {
$private_forum = true;
$private_id = $success['contact']['id'];
} }
} }
}
if(($private_forum) && (! $parent) && (! $private)) {
// we tagged a private forum in a top level post and the message was public.
// Restrict it.
$private = 1;
$str_contact_allow = '<' . $private_id . '>';
}
$attachments = ''; $attachments = '';
$match = false; $match = false;
@ -893,6 +905,7 @@ function item_content(&$a) {
function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) { function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
$replaced = false; $replaced = false;
$r = null;
//is it a hash tag? //is it a hash tag?
if(strpos($tag,'#') === 0) { if(strpos($tag,'#') === 0) {
@ -1023,5 +1036,5 @@ function handle_tag($a, &$body, &$inform, &$str_tags, $profile_uid, $tag) {
} }
} }
return $replaced; return array('replaced' => $replaced, 'contact' => $r[0]);
} }

View file

@ -437,8 +437,8 @@ function network_content(&$a, $update = 0) {
else else
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ", $sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
dbesc(protect_sprintf('%' . $myurl)), dbesc(protect_sprintf('%' . $myurl)),
dbesc(protect_sprintf('%' . $myurl . '\\]%')), dbesc(protect_sprintf('%' . $myurl . ']%')),
dbesc(protect_sprintf('%' . $diasp_url . '\\]%')) dbesc(protect_sprintf('%' . $diasp_url . ']%'))
); );
} }

View file

@ -43,326 +43,44 @@ function register_post(&$a) {
break; break;
} }
$using_invites = get_config('system','invitation_only'); require_once('include/user.php');
$num_invites = get_config('system','number_invites');
$result = create_user($_POST);
$invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : ''); if(! $result['success']) {
$username = ((x($_POST,'username')) ? notags(trim($_POST['username'])) : ''); notice($result['message']);
$nickname = ((x($_POST,'nickname')) ? notags(trim($_POST['nickname'])) : '');
$email = ((x($_POST,'email')) ? notags(trim($_POST['email'])) : '');
$openid_url = ((x($_POST,'openid_url')) ? notags(trim($_POST['openid_url'])) : '');
$photo = ((x($_POST,'photo')) ? notags(trim($_POST['photo'])) : '');
$publish = ((x($_POST,'profile_publish_reg') && intval($_POST['profile_publish_reg'])) ? 1 : 0);
$netpublish = ((strlen(get_config('system','directory_submit_url'))) ? $publish : 0);
$tmp_str = $openid_url;
if($using_invites) {
if(! $invite_id) {
notice( t('An invitation is required.') . EOL);
return;
}
$r = q("select * from register where `hash` = '%s' limit 1", dbesc($invite_id));
if(! results($r)) {
notice( t('Invitation could not be verified.') . EOL);
return;
}
}
if((! x($username)) || (! x($email)) || (! x($nickname))) {
if($openid_url) {
if(! validate_url($tmp_str)) {
notice( t('Invalid OpenID url') . EOL);
return;
}
$_SESSION['register'] = 1;
$_SESSION['openid'] = $openid_url;
require_once('library/openid.php');
$openid = new LightOpenID;
$openid->identity = $openid_url;
$openid->returnUrl = $a->get_baseurl() . '/openid';
$openid->required = array('namePerson/friendly', 'contact/email', 'namePerson');
$openid->optional = array('namePerson/first','media/image/aspect11','media/image/default');
goaway($openid->authUrl());
// NOTREACHED
}
notice( t('Please enter the required information.') . EOL );
return; return;
} }
if(! validate_url($tmp_str)) $user = $result['user'];
$openid_url = '';
$err = '';
// collapse multiple spaces in name
$username = preg_replace('/ +/',' ',$username);
if(mb_strlen($username) > 48)
$err .= t('Please use a shorter name.') . EOL;
if(mb_strlen($username) < 3)
$err .= t('Name too short.') . EOL;
// I don't really like having this rule, but it cuts down
// on the number of auto-registrations by Russian spammers
// Using preg_match was completely unreliable, due to mixed UTF-8 regex support
// $no_utf = get_config('system','no_utf');
// $pat = (($no_utf) ? '/^[a-zA-Z]* [a-zA-Z]*$/' : '/^\p{L}* \p{L}*$/u' );
// So now we are just looking for a space in the full name.
$loose_reg = get_config('system','no_regfullname');
if(! $loose_reg) {
$username = mb_convert_case($username,MB_CASE_TITLE,'UTF-8');
if(! strpos($username,' '))
$err .= t("That doesn't appear to be your full \x28First Last\x29 name.") . EOL;
}
if(! allowed_email($email))
$err .= t('Your email domain is not among those allowed on this site.') . EOL;
if((! valid_email($email)) || (! validate_email($email)))
$err .= t('Not a valid email address.') . EOL;
// Disallow somebody creating an account using openid that uses the admin email address,
// since openid bypasses email verification. We'll allow it if there is not yet an admin account.
if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0) && strlen($openid_url)) {
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
dbesc($email)
);
if(count($r))
$err .= t('Cannot use that email.') . EOL;
}
$nickname = $_POST['nickname'] = strtolower($nickname);
if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))
$err .= t('Your "nickname" can only contain "a-z", "0-9", "-", and "_", and must also begin with a letter.') . EOL;
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$err .= t('Nickname is already registered. Please choose another.') . EOL;
// Check deleted accounts that had this nickname. Doesn't matter to us,
// but could be a security issue for federated platforms.
$r = q("SELECT * FROM `userd`
WHERE `username` = '%s' LIMIT 1",
dbesc($nickname)
);
if(count($r))
$err .= t('Nickname was once registered here and may not be re-used. Please choose another.') . EOL;
if(strlen($err)) {
notice( $err );
return;
}
$new_password = autoname(6) . mt_rand(100,9999);
$new_password_encoded = hash('whirlpool',$new_password);
require_once('include/crypto.php');
$result = new_keypair(1024);
if($result === false) {
notice( t('SERIOUS ERROR: Generation of security keys failed.') . EOL);
return;
}
$prvkey = $result['prvkey'];
$pubkey = $result['pubkey'];
/**
*
* Create another keypair for signing/verifying
* salmon protocol messages. We have to use a slightly
* less robust key because this won't be using openssl
* but the phpseclib. Since it is PHP interpreted code
* it is not nearly as efficient, and the larger keys
* will take several minutes each to process.
*
*/
$sres = new_keypair(512);
$sprvkey = $sres['prvkey'];
$spubkey = $sres['pubkey'];
$r = q("INSERT INTO `user` ( `guid`, `username`, `password`, `email`, `openid`, `nickname`,
`pubkey`, `prvkey`, `spubkey`, `sprvkey`, `register_date`, `verified`, `blocked`, `timezone` )
VALUES ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, 'UTC' )",
dbesc(generate_user_guid()),
dbesc($username),
dbesc($new_password_encoded),
dbesc($email),
dbesc($openid_url),
dbesc($nickname),
dbesc($pubkey),
dbesc($prvkey),
dbesc($spubkey),
dbesc($sprvkey),
dbesc(datetime_convert()),
intval($verified),
intval($blocked)
);
if($r) {
$r = q("SELECT `uid` FROM `user`
WHERE `username` = '%s' AND `password` = '%s' LIMIT 1",
dbesc($username),
dbesc($new_password_encoded)
);
if($r !== false && count($r))
$newuid = intval($r[0]['uid']);
}
else {
notice( t('An error occurred during registration. Please try again.') . EOL );
return;
}
/**
* if somebody clicked submit twice very quickly, they could end up with two accounts
* due to race condition. Remove this one.
*/
$r = q("SELECT `uid` FROM `user`
WHERE `nickname` = '%s' ",
dbesc($nickname)
);
if((count($r) > 1) && $newuid) {
$err .= t('Nickname is already registered. Please choose another.') . EOL;
q("DELETE FROM `user` WHERE `uid` = %d LIMIT 1",
intval($newuid)
);
notice ($err);
return;
}
if(x($newuid) !== false) {
$r = q("INSERT INTO `profile` ( `uid`, `profile-name`, `is-default`, `name`, `photo`, `thumb`, `publish`, `net-publish` )
VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, %d ) ",
intval($newuid),
'default',
1,
dbesc($username),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
intval($publish),
intval($netpublish)
);
if($r === false) {
notice( t('An error occurred creating your default profile. Please try again.') . EOL );
// Start fresh next time.
$r = q("DELETE FROM `user` WHERE `uid` = %d",
intval($newuid));
return;
}
$r = q("INSERT INTO `contact` ( `uid`, `created`, `self`, `name`, `nick`, `photo`, `thumb`, `micro`, `blocked`, `pending`, `url`, `nurl`,
`request`, `notify`, `poll`, `confirm`, `poco`, `name-date`, `uri-date`, `avatar-date`, `closeness` )
VALUES ( %d, '%s', 1, '%s', '%s', '%s', '%s', '%s', 0, 0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0 ) ",
intval($newuid),
datetime_convert(),
dbesc($username),
dbesc($nickname),
dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
dbesc($a->get_baseurl() . "/profile/$nickname"),
dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_notify/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_poll/$nickname"),
dbesc($a->get_baseurl() . "/dfrn_confirm/$nickname"),
dbesc($a->get_baseurl() . "/poco/$nickname"),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert())
);
}
// if we have no OpenID photo try to look up an avatar
if(! strlen($photo))
$photo = avatar_img($email);
// unless there is no avatar-plugin loaded
if(strlen($photo)) {
require_once('include/Photo.php');
$photo_failure = false;
$filename = basename($photo);
$img_str = fetch_url($photo,true);
$img = new Photo($img_str);
if($img->is_valid()) {
$img->scaleImageSquare(175);
$hash = photo_new_resource();
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 5 );
if($r === false)
$photo_failure = true;
$img->scaleImage(48);
$r = $img->store($newuid, 0, $hash, $filename, t('Profile Photos'), 6 );
if($r === false)
$photo_failure = true;
if(! $photo_failure) {
q("UPDATE `photo` SET `profile` = 1 WHERE `resource-id` = '%s' ",
dbesc($hash)
);
}
}
}
if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) { if($netpublish && $a->config['register_policy'] != REGISTER_APPROVE) {
$url = $a->get_baseurl() . "/profile/$nickname"; $url = $a->get_baseurl() . '/profile/' . $user['nickname'];
proc_run('php',"include/directory.php","$url"); proc_run('php',"include/directory.php","$url");
} }
$using_invites = get_config('system','invitation_only');
$num_invites = get_config('system','number_invites');
$invite_id = ((x($_POST,'invite_id')) ? notags(trim($_POST['invite_id'])) : '');
call_hooks('register_account', $newuid);
if( $a->config['register_policy'] == REGISTER_OPEN ) { if( $a->config['register_policy'] == REGISTER_OPEN ) {
if($using_invites && $invite_id) { if($using_invites && $invite_id) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
set_pconfig($newuid,'system','invites_remaining',$num_invites); set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
} }
$email_tpl = get_intltext_template("register_open_eml.tpl"); $email_tpl = get_intltext_template("register_open_eml.tpl");
$email_tpl = replace_macros($email_tpl, array( $email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'], '$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(), '$siteurl' => $a->get_baseurl(),
'$username' => $username, '$username' => $user['username'],
'$email' => $email, '$email' => $user['email'],
'$password' => $new_password, '$password' => $result['password'],
'$uid' => $newuid )); '$uid' => $user['uid'] ));
$res = mail($email, sprintf(t('Registration details for %s'), $a->config['sitename']), $res = mail($user['email'], sprintf(t('Registration details for %s'), $a->config['sitename']),
$email_tpl, $email_tpl,
'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n"
. 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n"
@ -387,8 +105,8 @@ function register_post(&$a) {
$r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ", $r = q("INSERT INTO `register` ( `hash`, `created`, `uid`, `password`, `language` ) VALUES ( '%s', '%s', %d, '%s', '%s' ) ",
dbesc($hash), dbesc($hash),
dbesc(datetime_convert()), dbesc(datetime_convert()),
intval($newuid), intval($user['uid']),
dbesc($new_password), dbesc($result['password']),
dbesc($lang) dbesc($lang)
); );
@ -402,17 +120,17 @@ function register_post(&$a) {
if($using_invites && $invite_id) { if($using_invites && $invite_id) {
q("delete * from register where hash = '%s' limit 1", dbesc($invite_id)); q("delete * from register where hash = '%s' limit 1", dbesc($invite_id));
set_pconfig($newuid,'system','invites_remaining',$num_invites); set_pconfig($user['uid'],'system','invites_remaining',$num_invites);
} }
$email_tpl = get_intltext_template("register_verify_eml.tpl"); $email_tpl = get_intltext_template("register_verify_eml.tpl");
$email_tpl = replace_macros($email_tpl, array( $email_tpl = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'], '$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(), '$siteurl' => $a->get_baseurl(),
'$username' => $username, '$username' => $user['username'],
'$email' => $email, '$email' => $user['email'],
'$password' => $new_password, '$password' => $result['password'],
'$uid' => $newuid, '$uid' => $user['uid'],
'$hash' => $hash '$hash' => $hash
)); ));

View file

@ -110,18 +110,19 @@ function search_content(&$a) {
if (get_config('system','use_fulltext_engine')) { if (get_config('system','use_fulltext_engine')) {
if($tag) if($tag)
$sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.preg_quote($search)); $sql_extra = sprintf(" AND MATCH (`item`.`tag`) AGAINST ('".'"%s"'."' in boolean mode) ", '#'.dbesc(protect_sprintf($search)));
else else
$sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(preg_quote($search))); $sql_extra = sprintf(" AND MATCH (`item`.`body`) AGAINST ('".'"%s"'."' in boolean mode) ", dbesc(protect_sprintf($search)));
} else { } else {
if($tag) if($tag)
$sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . preg_quote($search) . '\\[')); $sql_extra = sprintf(" AND `item`.`tag` REGEXP '%s' ", dbesc('\\]' . protect_sprintf(preg_quote($search)) . '\\['));
else else
$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(preg_quote($search))); $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
} }
// Here is the way permissions work in the search module... // Here is the way permissions work in the search module...
// Only public posts can be shown // Only public posts can be shown
// OR your own posts if you are a logged in member // OR your own posts if you are a logged in member

View file

@ -445,7 +445,7 @@ function settings_post(&$a) {
if($page_flags == PAGE_PRVGROUP) { if($page_flags == PAGE_PRVGROUP) {
$hidewall = 1; $hidewall = 1;
if((! str_contact_allow) && (! str_group_allow) && (! str_contact_deny) && (! $str_group_deny)) { if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) {
if($def_gid) { if($def_gid) {
info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL); info( t('Private forum has no privacy permissions. Using default privacy group.'). EOL);
$str_group_allow = '<' . $def_gid . '>'; $str_group_allow = '<' . $def_gid . '>';
@ -837,27 +837,26 @@ function settings_content(&$a) {
$pageset_tpl = get_markup_template('pagetypes.tpl'); $pageset_tpl = get_markup_template('pagetypes.tpl');
$pagetype = replace_macros($pageset_tpl,array( $pagetype = replace_macros($pageset_tpl,array(
'$page_normal' => array('page-flags', t('Normal Account'), PAGE_NORMAL, '$page_normal' => array('page-flags', t('Normal Account Page'), PAGE_NORMAL,
t('This account is a normal personal profile'), t('This account is a normal personal profile'),
($a->user['page-flags'] == PAGE_NORMAL)), ($a->user['page-flags'] == PAGE_NORMAL)),
'$page_soapbox' => array('page-flags', t('Soapbox Account'), PAGE_SOAPBOX, '$page_soapbox' => array('page-flags', t('Soapbox Page'), PAGE_SOAPBOX,
t('Automatically approve all connection/friend requests as read-only fans'), t('Automatically approve all connection/friend requests as read-only fans'),
($a->user['page-flags'] == PAGE_SOAPBOX)), ($a->user['page-flags'] == PAGE_SOAPBOX)),
'$page_community' => array('page-flags', t('Community/Celebrity Account'), PAGE_COMMUNITY, '$page_community' => array('page-flags', t('Community Forum/Celebrity Account'), PAGE_COMMUNITY,
t('Automatically approve all connection/friend requests as read-write fans'), t('Automatically approve all connection/friend requests as read-write fans'),
($a->user['page-flags'] == PAGE_COMMUNITY)), ($a->user['page-flags'] == PAGE_COMMUNITY)),
'$page_freelove' => array('page-flags', t('Automatic Friend Account'), PAGE_FREELOVE, '$page_freelove' => array('page-flags', t('Automatic Friend Page'), PAGE_FREELOVE,
t('Automatically approve all connection/friend requests as friends'), t('Automatically approve all connection/friend requests as friends'),
($a->user['page-flags'] == PAGE_FREELOVE)), ($a->user['page-flags'] == PAGE_FREELOVE)),
'$page_prvgroup' => array('page-flags', t('Private Forum'), PAGE_PRVGROUP, '$page_prvgroup' => array('page-flags', t('Private Forum [Experimental]'), PAGE_PRVGROUP,
t('Private forum - approved members only [Experimental]'), t('Private forum - approved members only'),
($a->user['page-flags'] == PAGE_PRVGROUP)), ($a->user['page-flags'] == PAGE_PRVGROUP)),
'$experimental' => ( (intval(get_config('system','prvgroup_testing'))) ? 'true' : ''),
)); ));
@ -1026,7 +1025,8 @@ function settings_content(&$a) {
'$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, ''), '$notify7' => array('notify7', t('You are tagged in a post'), ($notify & NOTIFY_TAGSELF), NOTIFY_TAGSELF, ''),
'$h_advn' => t('Advanced Page Settings'), '$h_advn' => t('Advanced Account/Page Type Settings'),
'$h_descadvn' => t('Change the behaviour of this account for special situations'),
'$pagetype' => $pagetype, '$pagetype' => $pagetype,

View file

@ -1,6 +1,6 @@
<?php <?php
define( 'UPDATE_VERSION' , 1144 ); define( 'UPDATE_VERSION' , 1145 );
/** /**
* *
@ -1253,5 +1253,9 @@ function update_1143() {
return UPDATE_SUCCESS ; return UPDATE_SUCCESS ;
} }
function update_1144() {
$r = q("alter table contact add prv tinyint(1) not null default '0' after forum");
if(! $r)
return UPDATE_FAILED ;
return UPDATE_SUCCESS ;
}

File diff suppressed because it is too large Load diff

View file

@ -11,6 +11,10 @@ $please
<input type="hidden" name="localconfirm" value="1" /> <input type="hidden" name="localconfirm" value="1" />
$aes_allow $aes_allow
<label id="dfrn-request-homecoming-hide-label" for="dfrn-request-homecoming-hide">$hidethem</label>
<input type="checkbox" name="hidden-contact" value="1" {{ if $hidechecked }}checked="checked" {{ endif }} />
<div id="dfrn-request-homecoming-submit-wrapper" > <div id="dfrn-request-homecoming-submit-wrapper" >
<input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="$submit" /> <input id="dfrn-request-homecoming-submit" type="submit" name="submit" value="$submit" />
</div> </div>

View file

@ -1,7 +1,5 @@
{{inc field_radio.tpl with $field=$page_normal }}{{endinc}} {{inc field_radio.tpl with $field=$page_normal }}{{endinc}}
{{inc field_radio.tpl with $field=$page_soapbox }}{{endinc}}
{{inc field_radio.tpl with $field=$page_community }}{{endinc}} {{inc field_radio.tpl with $field=$page_community }}{{endinc}}
{{inc field_radio.tpl with $field=$page_freelove }}{{endinc}}
{{ if $experimental }}
{{inc field_radio.tpl with $field=$page_prvgroup }}{{endinc}} {{inc field_radio.tpl with $field=$page_prvgroup }}{{endinc}}
{{ endif }} {{inc field_radio.tpl with $field=$page_soapbox }}{{endinc}}
{{inc field_radio.tpl with $field=$page_freelove }}{{endinc}}

View file

@ -104,15 +104,16 @@ $group_select
<h3 class="settings-heading">$h_not</h3> <h3 class="settings-heading">$h_not</h3>
<div id="settings-notifications">
<strong>$activity_options</strong> <div id="settings-activity-desc">$activity_options</div>
{{inc field_checkbox.tpl with $field=$post_newfriend }}{{endinc}} {{inc field_checkbox.tpl with $field=$post_newfriend }}{{endinc}}
{{inc field_checkbox.tpl with $field=$post_joingroup }}{{endinc}} {{inc field_checkbox.tpl with $field=$post_joingroup }}{{endinc}}
{{inc field_checkbox.tpl with $field=$post_profilechange }}{{endinc}} {{inc field_checkbox.tpl with $field=$post_profilechange }}{{endinc}}
<div id="settings-notify-desc"><strong>$lbl_not </strong></div> <div id="settings-notify-desc">$lbl_not</div>
<div class="group"> <div class="group">
{{inc field_intcheckbox.tpl with $field=$notify1 }}{{endinc}} {{inc field_intcheckbox.tpl with $field=$notify1 }}{{endinc}}
@ -124,6 +125,7 @@ $group_select
{{inc field_intcheckbox.tpl with $field=$notify7 }}{{endinc}} {{inc field_intcheckbox.tpl with $field=$notify7 }}{{endinc}}
</div> </div>
</div>
<div class="settings-submit-wrapper" > <div class="settings-submit-wrapper" >
<input type="submit" name="submit" class="settings-submit" value="$submit" /> <input type="submit" name="submit" class="settings-submit" value="$submit" />
@ -131,6 +133,7 @@ $group_select
<h3 class="settings-heading">$h_advn</h3> <h3 class="settings-heading">$h_advn</h3>
<div id="settings-pagetype-desc">$h_descadvn</div>
$pagetype $pagetype

View file

@ -80,6 +80,7 @@ blockquote {
.heart { .heart {
color: #FF0000; color: #FF0000;
font-size: 100%; font-size: 100%;
margin-right: 5px;
} }
@ -716,7 +717,17 @@ input#dfrn-url {
#settings-community { #settings-community {
float: left; float: left;
} }
#settings-notifications label {
margin-left: 20px;
}
#settings-notify-desc, #settings-activity-desc {
font-weight: bold;
margin-bottom: 15px;
}
#settings-pagetype-desc {
color: #666666;
margin-bottom: 15px;
}
#profile-in-dir-yes-label, #profile-in-dir-yes-label,
#profile-in-dir-no-label, #profile-in-dir-no-label,