function change_channel($change_channel)
{
$ret = false;
if ($change_channel) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", intval($change_channel), intval(get_account_id()), intval(PAGE_REMOVED));
if ($r) {
$hash = $r[0]['channel_hash'];
$_SESSION['uid'] = intval($r[0]['channel_id']);
get_app()->set_channel($r[0]);
$_SESSION['theme'] = $r[0]['channel_theme'];
$_SESSION['mobile_theme'] = get_pconfig(local_user(), 'system', 'mobile_theme');
date_default_timezone_set($r[0]['channel_timezone']);
$ret = $r[0];
}
$x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash));
if ($x) {
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3);
get_app()->set_observer($x[0]);
get_app()->set_perms(get_all_perms(local_user(), $hash));
}
if (!is_dir('store/' . $r[0]['channel_address'])) {
@os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true);
}
}
return $ret;
}
function achievements_content(&$a)
{
// This doesn't work, so
if (!is_developer()) {
return;
}
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
return;
}
$profile = 0;
$profile = argv(1);
profile_load($a, $which, $profile);
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['view_profile']) {
notice(t('Permission denied.') . EOL);
return;
}
$newmembertext = t('Some blurb about what to do when you\'re new here');
// By default, all badges are false
$contactbadge = false;
$profilebadge = false;
$keywordsbadge = false;
// Check number of contacts. Award a badge if over 10
// We'll figure these out on each page load instead of
// writing them to the DB because that will mean one needs
// to retain their achievements - eg, you can't add
// a bunch of channels just to get your badge, and then
// delete them all again. If these become popular or
// used in profiles or something, we may need to reconsider
// and add a table for this - because this won't scale.
$r = q("select * from abook where abook_channel = %d", intval($owner));
if (count($r)) {
$contacts = count($r);
}
// We're checking for 11 to adjust for the abook record for self
if ($contacts >= 11) {
$contactbadge = true;
}
// Check if an about field in the profile has been created.
$r = q("select * from profile where uid = %d and about <> ''", intval($owner));
if ($r) {
$profilebadge = 1;
}
// Check if keywords have been set
$r = q("select * from profile where uid = %d and keywords <> ''", intval($owner));
if ($r) {
$keywordsbadge = 1;
}
return replace_macros(get_markup_template("achievements.tpl"), array('$newmembertext' => $newmembertext, '$profilebadge' => $profilebadge, '$contactbadge' => $contactbadge, '$keywordsbadge' => $keywordsbadge, '$channelsbadge' => $channelsbadge));
}
function get()
{
if (!\App::$profile) {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = \App::get_observer();
$channel = \App::get_channel();
if (\App::$is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) {
notice(t('Permission denied.') . EOL);
return;
}
$is_owner = $uid && $uid == $owner ? true : false;
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
// Now we've got a post and an owner, let's find out if we're allowed to edit it
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner));
$item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", intval($itm[0]['id']));
if ($item_id) {
$layout_title = $item_id[0]['sid'];
}
$rp = 'layouts/' . $which;
$x = array('webpage' => ITEM_TYPE_PDL, 'nickname' => $channel['channel_address'], 'editor_autocomplete' => true, 'bbco_autocomplete' => 'comanche', 'return_path' => $rp, 'button' => t('Edit'), 'hide_voting' => true, 'hide_future' => true, 'hide_expire' => true, 'hide_location' => true, 'hide_weblink' => true, 'hide_attach' => true, 'hide_preview' => true, 'ptyp' => $itm[0]['obj_type'], 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, 'title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), 'pagetitle' => $layout_title, 'ptlabel' => t('Layout Name'), 'placeholdertitle' => t('Layout Description (Optional)'), 'showacl' => false, 'profile_uid' => intval($owner));
$editor = status_editor($a, $x);
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$id' => $itm[0]['id'], '$editor' => $editor));
return $o;
}
function page_content(&$a)
{
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($a->profile['profile_uid'], $ob_hash);
if (!$perms['view_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() < 3) {
notice(t('Invalid item.') . EOL);
return;
}
$channel_address = argv(1);
$page_id = argv(2);
$u = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_address));
if (!$u) {
notice(t('Channel not found.') . EOL);
return;
}
if ($_REQUEST['rev']) {
$revision = " and revision = " . intval($_REQUEST['rev']) . " ";
} else {
$revision = " order by revision desc ";
}
require_once 'include/security.php';
$sql_options = item_permissions_sql($u[0]['channel_id']);
$r = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$sql_options} {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE));
if (!$r) {
// Check again with no permissions clause to see if it is a permissions issue
$x = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE));
if ($x) {
// Yes, it's there. You just aren't allowed to see it.
notice(t('Permission denied.') . EOL);
} else {
notice(t('Page not found.') . EOL);
}
return;
}
if ($r[0]['layout_mid']) {
$l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), intval($u[0]['channel_id']));
if ($l) {
require_once 'include/comanche.php';
comanche_parser(get_app(), $l[0]['body']);
}
}
// logger('layout: ' . print_r($a->layout,true));
// Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so...
if ($perms['write_pages']) {
$chan = $a->channel['channel_id'];
$who = $channel_address;
$which = $r[0]['id'];
$o .= writepages_widget($who, $which);
}
xchan_query($r);
$r = fetch_post_tags($r, true);
$o .= prepare_page($r[0]);
return $o;
}
function blocks_content(&$a)
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
profile_load($a, $which, 0);
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
// Block design features from visitors
if (!local_user() || local_user() != $owner) {
notice(t('Permission denied.') . EOL);
return;
}
// Get the observer, check their permissions
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
// Nickname is set to the observers xchan, and profile_uid to the owners.
// This lets you post pages at other people's channels.
require_once 'include/conversation.php';
$x = array('webpage' => ITEM_BUILDBLOCK, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => $group || $cid ? '!' : '', 'showacl' => false, 'visitor' => true, 'mimetype' => 'choose', 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner));
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$o .= status_editor($a, $x);
//Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link.
//TODO - this should be replaced with pagelist_widget
$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", intval($owner));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid']);
}
}
//Build the base URL for edit links
$url = z_root() . "/editblock/" . $which;
// This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM).
return $o . replace_macros(get_markup_template("blocklist.tpl"), array('$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1'));
}
function page_init(&$a)
{
// We need this to make sure the channel theme is always loaded.
$which = argv(1);
$profile = 0;
profile_load($a, $which, $profile);
if ($a->profile['profile_uid']) {
head_set_icon($a->profile['thumb']);
}
// load the item here in the init function because we need to extract
// the page layout and initialise the correct theme.
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($a->profile['profile_uid'], $ob_hash);
if (!$perms['view_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() < 3) {
notice(t('Invalid item.') . EOL);
return;
}
$channel_address = argv(1);
$page_id = argv(2);
$u = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_address));
if (!$u) {
notice(t('Channel not found.') . EOL);
return;
}
if ($_REQUEST['rev']) {
$revision = " and revision = " . intval($_REQUEST['rev']) . " ";
} else {
$revision = " order by revision desc ";
}
require_once 'include/security.php';
$sql_options = item_permissions_sql($u[0]['channel_id']);
$r = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$sql_options} {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE));
if (!$r) {
// Check again with no permissions clause to see if it is a permissions issue
$x = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE));
if ($x) {
// Yes, it's there. You just aren't allowed to see it.
notice(t('Permission denied.') . EOL);
} else {
notice(t('Page not found.') . EOL);
}
return;
}
if ($r[0]['layout_mid']) {
$l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), intval($u[0]['channel_id']));
if ($l) {
require_once 'include/comanche.php';
comanche_parser(get_app(), $l[0]['body']);
get_app()->pdl = $l[0]['body'];
}
}
$a->data['webpage'] = $r;
}
function editlayout_content(&$a)
{
// We first need to figure out who owns the webpage, grab it from an argument
$which = argv(1);
// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
//logger('owner: ' . print_r($owner,true));
}
if (local_user() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
}
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
// Now we've got a post and an owner, let's find out if we're allowed to edit it
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner));
$item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", $itm[0]['id']);
if ($item_id) {
$layout_title = $item_id[0]['sid'];
}
$plaintext = true;
// You may or may not be a local user. This won't work,
// if(feature_enabled(local_user(),'richtext'))
// $plaintext = false;
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout')));
$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $a->user['nickname'], '$confirmdelete' => t('Delete layout?')));
$tpl = get_markup_template("jot.tpl");
$jotplugins = '';
$jotnets = '';
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
$channel = $a->get_channel();
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list.
$rp = '/layouts/' . $which;
$o .= replace_macros($tpl, array('$return_path' => $rp, '$action' => 'item', '$webpage' => ITEM_PDL, '$share' => t('Edit'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $channel['channel_location'], '$visitor' => false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Set title'), '$pagetitle' => $layout_title, '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', '$profile_uid' => intval($owner), '$preview' => feature_enabled(local_user(), 'preview') ? t('Preview') : '', '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date')));
$ob = get_observer_hash();
if ($itm[0]['author_xchan'] === $ob || $itm[0]['owner_xchan'] === $ob) {
$o .= '<br /><br /><a class="layout-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Layout') . '</a><br />';
}
return $o;
}
function get()
{
$channel = \App::get_channel();
$atoken = null;
$atoken_xchan = '';
if (argc() > 2) {
$id = argv(2);
$atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d", intval($id), intval(local_channel()));
if ($atoken) {
$atoken = $atoken[0];
$atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'];
}
if ($atoken && argc() > 3 && argv(3) === 'drop') {
atoken_delete($id);
$atoken = null;
$atoken_xchan = '';
}
}
$t = q("select * from atoken where atoken_uid = %d", intval(local_channel()));
$desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.');
$desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:');
$global_perms = \Zotlabs\Access\Permissions::Perms();
$existing = get_all_perms(local_channel(), $atoken_xchan ? $atoken_xchan : '');
if ($atoken_xchan) {
$theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", intval(local_channel()), dbesc($atoken_xchan));
$their_perms = array();
if ($theirs) {
foreach ($theirs as $t) {
$their_perms[$t['k']] = $t['v'];
}
}
}
foreach ($global_perms as $k => $v) {
$thisperm = get_abconfig(local_channel(), $contact['abook_xchan'], 'my_perms', $k);
//fixme
$checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(), $k);
if ($existing[$k]) {
$thisperm = "1";
}
$perms[] = array('perms_' . $k, $v, array_key_exists($k, $their_perms) ? intval($their_perms[$k]) : '', $thisperm, 1, $checkinherited & PERMS_SPECIFIC ? '' : '1', '', $checkinherited);
}
$tpl = get_markup_template("settings_tokens.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_tokens"), '$title' => t('Guest Access Tokens'), '$desc' => $desc, '$desc2' => $desc2, '$tokens' => $t, '$atoken' => $atoken, '$url1' => z_root() . '/channel/' . $channel['channel_address'], '$url2' => z_root() . '/photos/' . $channel['channel_address'], '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', $atoken ? $atoken['atoken_name'] : '', ''), '$token' => array('token', t('Login Password') . ' <span class="required">*</span>', $atoken ? $atoken['atoken_token'] : autoname(8), ''), '$expires' => array('expires', t('Expires (yyyy-mm-dd)'), $atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE ? datetime_convert('UTC', date_default_timezone_get(), $atoken['atoken_expires']) : '', ''), '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$inherited' => t('inherited'), '$notself' => '1', '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'), '$submit' => t('Submit')));
return $o;
}
function channel_content(&$a, $update = 0, $load = false)
{
$category = $datequery = $datequery2 = '';
$mid = $_GET['mid'];
$datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : '';
$datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : '';
if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) {
return login();
}
$category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : '';
$groups = array();
$o = '';
if ($update) {
// Ensure we've got a profile owner if updating.
$a->profile['profile_uid'] = $update;
} else {
if ($a->profile['profile_uid'] == local_user()) {
nav_set_selected('home');
}
}
$is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false;
$channel = $a->get_channel();
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($a->profile['profile_uid'], $ob_hash);
if (!$perms['view_stream']) {
// We may want to make the target of this redirect configurable
if ($perms['view_profile']) {
notice(t('Insufficient permissions. Request redirected to profile page.') . EOL);
goaway(z_root() . "/profile/" . $a->profile['channel_address']);
}
notice(t('Permission denied.') . EOL);
return;
}
if (!$update) {
$o .= profile_tabs($a, $is_owner, $a->profile['channel_address']);
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
if ($channel && $is_owner) {
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
} else {
$channel_acl = array();
}
if ($perms['post_wall']) {
$x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig($a->profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? $a->profile['channel_location'] : '', 'nickname' => $a->profile['channel_address'], 'lockstate' => strlen($a->profile['channel_allow_cid']) || strlen($a->profile['channel_allow_gid']) || strlen($a->profile['channel_deny_cid']) || strlen($a->profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl) : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => $a->profile['profile_uid']);
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups);
if ($update && !$load) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN));
} else {
$r = q("SELECT distinct parent AS `item_id` from item\n\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND ( item_flags & %d ) \n\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY created DESC", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN), intval(ABOOK_FLAG_BLOCKED));
}
} else {
if (x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
$itemspage = get_pconfig(local_user(), 'system', 'itemspage');
$a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
if ($load || $_COOKIE['jsAvailable'] != 1) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL));
if (!$r) {
notice(t('Permission denied.') . EOL);
}
} else {
$r = q("SELECT distinct id AS item_id FROM item \n\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) and (item_flags & %d)\n\t\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_THREAD_TOP), intval(ABOOK_FLAG_BLOCKED));
}
} else {
$r = array();
}
}
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\tFROM `item`\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0\n\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t{$sql_extra} ", intval($a->profile['profile_uid']), dbesc($parents_str));
xchan_query($items);
$items = fetch_post_tags($items, true);
$items = conv_sort($items, 'created');
if ($load && $mid && !count($items)) {
// This will happen if we don't have sufficient permissions
// to view the parent item (or the item itself if it is toplevel)
notice(t('Permission denied.') . EOL);
}
} else {
$items = array();
}
if (!$update && !$load) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
$o .= '<div id="live-channel"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => $a->profile['profile_uid'] ? $a->profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => $a->pager['page'] != 1 ? $a->pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$mid' => $mid, '$dend' => $datequery, '$dbegin' => $datequery2));
}
if ($is_owner) {
$r = q("UPDATE item SET item_flags = (item_flags ^ %d)\n\t\t\tWHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), intval(local_user()));
}
if ($_COOKIE['jsAvailable'] == 1) {
$o .= conversation($a, $items, 'channel', $update, 'client');
} else {
$o .= conversation($a, $items, 'channel', $update, 'traditional');
}
if (!$update || $_COOKIE['jsAvailable'] != 1) {
$o .= alt_pager($a, count($items));
}
if ($mid) {
$o .= '<div id="content-complete"></div>';
}
return $o;
}
function like_content(&$a)
{
$o = '';
$observer = $a->get_observer();
$interactive = $_REQUEST['interactive'];
if ($interactive) {
$o .= '<h1>' . t('Like/Dislike') . '</h1>';
$o .= EOL . EOL;
if (!$observer) {
$_SESSION['return_url'] = $a->query_string;
$o .= t('This action is restricted to members.') . EOL;
$o .= t('Please <a href="rmagic">login with your RedMatrix ID</a> or <a href="register">register as a new RedMatrix member</a> to continue.') . EOL;
return $o;
}
}
$verb = notags(trim($_GET['verb']));
if (!$verb) {
$verb = 'like';
}
switch ($verb) {
case 'like':
case 'unlike':
$activity = ACTIVITY_LIKE;
break;
case 'dislike':
case 'undislike':
$activity = ACTIVITY_DISLIKE;
break;
case 'agree':
case 'unagree':
$activity = ACTIVITY_AGREE;
break;
case 'disagree':
case 'undisagree':
$activity = ACTIVITY_DISAGREE;
break;
case 'abstain':
case 'unabstain':
$activity = ACTIVITY_ABSTAIN;
break;
case 'attendyes':
case 'unattendyes':
$activity = ACTIVITY_ATTEND;
break;
case 'attendno':
case 'unattendno':
$activity = ACTIVITY_ATTENDNO;
break;
case 'attendmaybe':
case 'unattendmaybe':
$activity = ACTIVITY_ATTENDMAYBE;
break;
default:
return;
break;
}
$extended_like = false;
$object = $target = null;
$post_type = '';
$objtype = '';
if (argc() == 3) {
if (!$observer) {
killme();
}
$extended_like = true;
$obj_type = argv(1);
$obj_id = argv(2);
$public = true;
if ($obj_type == 'profile') {
$r = q("select * from profile where profile_guid = '%s' limit 1", dbesc(argv(2)));
if (!$r) {
killme();
}
$owner_uid = $r[0]['uid'];
if ($r[0]['is_default']) {
$public = true;
}
if (!$public) {
$d = q("select abook_xchan from abook where abook_profile = '%s' and abook_channel = %d", dbesc($r[0]['profile_guid']), intval($owner_uid));
if (!$d) {
// forgery - illegal
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
// $d now contains a list of those who can see this profile - only send the status notification
// to them.
$allow_cid = $allow_gid = $deny_cid = $deny_gid = '';
foreach ($d as $dd) {
$allow_gid .= '<' . $dd['abook_xchan'] . '>';
}
}
$post_type = t('channel');
$objtype = ACTIVITY_OBJ_PROFILE;
} elseif ($obj_type == 'thing') {
$r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' \n\t\t\t\tand obj_type = %d and term_hash = '%s' limit 1", intval(TERM_OBJ_THING), dbesc(argv(2)));
if (!$r) {
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
$owner_uid = $r[0]['obj_channel'];
$allow_cid = $r[0]['allow_cid'];
$allow_gid = $r[0]['allow_gid'];
$deny_cid = $r[0]['deny_cid'];
$deny_gid = $r[0]['deny_gid'];
if ($allow_cid || $allow_gid || $deny_cid || $deny_gid) {
$public = false;
}
$post_type = t('thing');
$objtype = ACTIVITY_OBJ_PROFILE;
$tgttype = ACTIVITY_OBJ_THING;
$links = array();
$links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/thing/' . $r[0]['term_hash']);
if ($r[0]['imgurl']) {
$links[] = array('rel' => 'photo', 'href' => $r[0]['imgurl']);
}
$target = json_encode(array('type' => $tgttype, 'title' => $r[0]['term'], 'id' => z_root() . '/thing/' . $r[0]['term_hash'], 'link' => $links));
$plink = '[zrl=' . z_root() . '/thing/' . $r[0]['term_hash'] . ']' . $r[0]['term'] . '[/zrl]';
}
if (!($owner_uid && $r)) {
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
// The resultant activity is going to be a wall-to-wall post, so make sure this is allowed
$perms = get_all_perms($owner_uid, $observer['xchan_hash']);
if (!($perms['post_like'] && $perms['view_profile'])) {
if ($interactive) {
notice(t('Permission denied.') . EOL);
return $o;
}
killme();
}
$ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", intval($owner_uid));
if (!$ch) {
if ($interactive) {
notice(t('Channel unavailable.') . EOL);
return $o;
}
killme();
}
if (!$plink) {
$plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]';
}
$links = array();
$links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/profile/' . $ch[0]['channel_address']);
$links[] = array('rel' => 'photo', 'type' => $ch[0]['xchan_photo_mimetype'], 'href' => $ch[0]['xchan_photo_l']);
$object = json_encode(array('type' => ACTIVITY_OBJ_PROFILE, 'title' => $ch[0]['channel_name'], 'id' => $ch[0]['xchan_url'] . '/' . $ch[0]['xchan_hash'], 'link' => $links));
// second like of the same thing is "undo" for the first like
$z = q("select * from likes where channel_id = %d and liker = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' limit 1", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id));
if ($z) {
q("delete from likes where id = %d limit 1", intval($z[0]['id']));
drop_item($z[0]['iid'], false);
if ($interactive) {
notice(t('Previous action reversed.') . EOL);
return $o;
}
killme();
}
} else {
// this is used to like an item or comment
$item_id = argc() == 2 ? notags(trim(argv(1))) : 0;
logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG);
// get the item. Allow linked photos (which are normally hidden) to be liked
$r = q("SELECT * FROM item WHERE id = %d and (item_restrict = 0 or item_restrict = %d) LIMIT 1", intval($item_id), intval(ITEM_HIDDEN));
if (!$item_id || !$r) {
logger('like: no item ' . $item_id);
killme();
}
$item = $r[0];
$owner_uid = $item['uid'];
$owner_aid = $item['aid'];
$sys = get_sys_channel();
// if this is a "discover" item, (item['uid'] is the sys channel),
// fallback to the item comment policy, which should've been
// respected when generating the conversation thread.
// Even if the activity is rejected by the item owner, it should still get attached
// to the local discover conversation on this site.
if ($owner_uid != $sys['channel_id'] && !perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_comments')) {
notice(t('Permission denied') . EOL);
killme();
}
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']));
if ($r) {
$thread_owner = $r[0];
} else {
killme();
}
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']));
if ($r) {
$item_author = $r[0];
} else {
killme();
}
$verbs = " '" . dbesc($activity) . "' ";
$multi_undo = 0;
// event participation and consensus items are essentially radio toggles. If you make a subsequent choice,
// we need to eradicate your first choice.
if ($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) {
$verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' ";
$multi_undo = 1;
}
if ($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) {
$verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' ";
$multi_undo = 1;
}
$r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( {$verbs} ) AND item_restrict = 0 \n\t\t\tAND author_xchan = '%s' AND ( parent = %d OR thr_parent = '%s') and uid = %d ", dbesc($observer['xchan_hash']), intval($item_id), dbesc($item['mid']), intval($owner_uid));
if ($r) {
// already liked it. Drop that item.
require_once 'include/items.php';
foreach ($r as $rr) {
drop_item($rr['id'], false, DROPITEM_PHASE1);
// set the changed timestamp on the parent so we'll see the update without a page reload
$z = q("update item set changed = '%s' where id = %d and uid = %d", dbesc(datetime_convert()), intval($rr['parent']), intval($rr['uid']));
// Prior activity was a duplicate of the one we're submitting, just undo it;
// don't fall through and create another
if (activity_match($rr['verb'], $activity)) {
$multi_undo = false;
}
}
if ($interactive) {
return;
}
if (!$multi_undo) {
killme();
}
}
}
$mid = item_message_id();
if ($extended_like) {
$item_flags = ITEM_THREAD_TOP | ITEM_ORIGIN | ITEM_WALL;
} else {
$post_type = $item['resource_type'] === 'photo' ? t('photo') : t('status');
if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) {
$post_type = t('event');
}
$links = array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item['plink']));
$objtype = $item['resource_type'] === 'photo' ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE;
$body = $item['body'];
$object = json_encode(array('type' => $objtype, 'id' => $item['mid'], 'parent' => $item['thr_parent'] ? $item['thr_parent'] : $item['parent_mid'], 'link' => $links, 'title' => $item['title'], 'content' => $item['body'], 'created' => $item['created'], 'edited' => $item['edited'], 'author' => array('name' => $item_author['xchan_name'], 'address' => $item_author['xchan_addr'], 'guid' => $item_author['xchan_guid'], 'guid_sig' => $item_author['xchan_guid_sig'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])))));
if (!($item['item_flags'] & ITEM_THREAD_TOP)) {
$post_type = 'comment';
}
$item_flags = ITEM_ORIGIN | ITEM_NOTSHOWN;
if ($item['item_flags'] & ITEM_WALL) {
$item_flags |= ITEM_WALL;
}
// if this was a linked photo and was hidden, unhide it.
if ($item['item_restrict'] & ITEM_HIDDEN) {
$r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d", intval(ITEM_HIDDEN), intval($item['id']));
}
}
if ($verb === 'like') {
$bodyverb = t('%1$s likes %2$s\'s %3$s');
}
if ($verb === 'dislike') {
$bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s');
}
if ($verb === 'agree') {
$bodyverb = t('%1$s agrees with %2$s\'s %3$s');
}
if ($verb === 'disagree') {
$bodyverb = t('%1$s doesn\'t agree with %2$s\'s %3$s');
}
if ($verb === 'abstain') {
$bodyverb = t('%1$s abstains from a decision on %2$s\'s %3$s');
}
if ($verb === 'attendyes') {
$bodyverb = t('%1$s is attending %2$s\'s %3$s');
}
if ($verb === 'attendno') {
$bodyverb = t('%1$s is not attending %2$s\'s %3$s');
}
if ($verb === 'attendmaybe') {
$bodyverb = t('%1$s may attend %2$s\'s %3$s');
}
if (!isset($bodyverb)) {
killme();
}
$arr = array();
if ($extended_like) {
$ulink = '[zrl=' . $ch[0]['xchan_url'] . ']' . $ch[0]['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$private = $public ? 0 : 1;
} else {
$arr['parent'] = $item['id'];
$arr['thr_parent'] = $item['mid'];
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$plink = '[zrl=' . $a->get_baseurl() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]';
$allow_cid = $item['allow_cid'];
$allow_gid = $item['allow_gid'];
$deny_cid = $item['deny_cid'];
$deny_gid = $item['deny_gid'];
$private = $item['private'];
}
$arr['mid'] = $mid;
$arr['aid'] = $extended_like ? $ch[0]['channel_account_id'] : $owner_aid;
$arr['uid'] = $owner_uid;
$arr['item_flags'] = $item_flags;
$arr['parent_mid'] = $extended_like ? $mid : $item['mid'];
$arr['owner_xchan'] = $extended_like ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['body'] = sprintf($bodyverb, $alink, $ulink, $plink);
if ($obj_type === 'thing' && $r[0]['imgurl']) {
$arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]';
}
$arr['verb'] = $activity;
$arr['obj_type'] = $objtype;
$arr['object'] = $object;
if ($target) {
$arr['tgt_type'] = $tgttype;
$arr['target'] = $target;
}
$arr['allow_cid'] = $allow_cid;
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
$arr['item_private'] = $private;
$post = item_store($arr);
$post_id = $post['item_id'];
$arr['id'] = $post_id;
call_hooks('post_local_end', $arr);
if ($extended_like) {
$r = q("insert into likes (channel_id,liker,likee,iid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s')", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), intval($post_id), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id), dbesc(json_encode($target ? $target : $object)));
}
proc_run('php', "include/notifier.php", "like", "{$post_id}");
if ($interactive) {
notice(t('Action completed.') . EOL);
$o .= t('Thank you.');
return $o;
}
killme();
}
function filestorage_content(&$a)
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$r = q("select * from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$channel = $r[0];
$owner = intval($r[0]['channel_id']);
}
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['view_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
// Since we have ACL'd files in the wild, but don't have ACL here yet, we
// need to return for anyone other than the owner, despite the perms check for now.
$is_owner = local_channel() && $owner == local_channel() ? true : false;
if (!$is_owner) {
info(t('Permission Denied.') . EOL);
return;
}
if (argc() > 3 && argv(3) === 'delete') {
if (!$perms['write_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
$file = intval(argv(2));
$r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner));
if (!$r) {
notice(t('File not found.') . EOL);
goaway(z_root() . '/cloud/' . $which);
}
$f = $r[0];
$channel = $a->get_channel();
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
attach_delete($owner, $f['hash']);
goaway($parentpath);
}
if (argc() > 3 && argv(3) === 'edit') {
require_once 'include/acl_selectors.php';
if (!$perms['write_storage']) {
notice(t('Permission denied.') . EOL);
return;
}
$file = intval(argv(2));
$r = q("select id, uid, folder, filename, revision, flags, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1", intval($file), intval($owner));
$f = $r[0];
$channel = $a->get_channel();
$cloudpath = get_cloudpath($f) . ($f['flags'] & ATTACH_FLAG_DIR ? '?f=&davguest=1' : '');
$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
$aclselect_e = populate_acl($f, false);
$is_a_dir = $f['flags'] & ATTACH_FLAG_DIR ? true : false;
$lockstate = $f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid'] ? 'lock' : 'unlock';
// Encode path that is used for link so it's a valid URL
// Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly
$encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath));
$o = replace_macros(get_markup_template('attach_edit.tpl'), array('$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$lockstate' => $lockstate, '$permset' => t('Set/edit permissions'), '$recurse' => array('recurse', t('Include all files and sub folders'), 0, '', array(t('No'), t('Yes'))), '$backlink' => t('Return to file list'), '$isadir' => $is_a_dir, '$cpdesc' => t('Copy/paste this code to attach file to a post'), '$cpldesc' => t('Copy/paste this URL to link file from a web page'), '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes')))));
echo $o;
killme();
}
goaway(z_root() . '/cloud/' . $which);
}
function layouts_content(&$a)
{
if (!$a->profile) {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$which = argv(1);
$_SESSION['return_url'] = $a->query_string;
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = $a->get_observer();
$channel = $a->get_channel();
if ($a->is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// Block design features from visitors
if (!$uid || $uid != $owner) {
notice(t('Permission denied.') . EOL);
return;
}
// Get the observer, check their permissions
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
//This feature is not exposed in redbasic ui since it is not clear why one would want to
//download a json encoded pdl file - we dont have a possibility to import it.
//Use the buildin share/install feature instead.
if (argc() > 3 && argv(2) === 'share' && argv(3)) {
$r = q("select sid, service, mimetype, title, body from item_id \n\t\t\tleft join item on item.id = item_id.iid \n\t\t\twhere item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3)));
if ($r) {
header('Content-type: application/x-redmatrix-layout');
header('Content-disposition: attachment; filename="' . $r[0]['sid'] . '.pdl"');
echo json_encode($r);
killme();
}
}
// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
// Nickname is set to the observers xchan, and profile_uid to the owners.
// This lets you post pages at other people's channels.
$x = array('webpage' => ITEM_PDL, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'bang' => '', 'showacl' => false, 'visitor' => false, 'nopreview' => 1, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), 'expanded' => true, 'placeholdertitle' => t('Layout Description (Optional)'), 'novoting' => true);
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$editor = status_editor($a, $x);
$r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id\n\t\twhere item_id.uid = %d and service = 'PDL' and item_restrict = %d order by item.created desc", intval($owner), intval(ITEM_PDL));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
$element_arr = array('type' => 'layout', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid']);
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid'], 'descr' => $rr['title'], 'mid' => $rr['mid'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]');
}
}
//Build the base URL for edit links
$url = z_root() . '/editlayout/' . $which;
$o .= replace_macros(get_markup_template('layoutlist.tpl'), array('$title' => t('Layouts'), '$create' => t('Create'), '$help' => array('text' => t('Help'), 'url' => 'help/comanche', 'title' => t('Comanche page description language help')), '$editor' => $editor, '$baseurl' => $url, '$name' => t('Layout Name'), '$descr' => t('Layout Description'), '$created' => t('Created'), '$edited' => t('Edited'), '$edit' => t('Edit'), '$share' => t('Share'), '$download' => t('Download PDL file'), '$pages' => $pages, '$channel' => $which, '$view' => t('View')));
return $o;
}
function get()
{
if (!\App::$profile) {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$which = argv(1);
$_SESSION['return_url'] = \App::$query_string;
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = \App::get_observer();
$channel = \App::get_channel();
if (\App::$is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// Block design features from visitors
if (!$uid || $uid != $owner) {
notice(t('Permission denied.') . EOL);
return;
}
$mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype');
$x = array('webpage' => ITEM_TYPE_BLOCK, 'is_owner' => true, 'nickname' => \App::$profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => true, 'mimetype' => $mimetype, 'mimeselect' => true, 'hide_location' => true, 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner), 'expanded' => true, 'novoting' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true);
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$editor = status_editor($a, $x);
$r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id\n\t\t\twhere item_id.uid = %d and service = 'BUILDBLOCK' and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_BLOCK));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
$element_arr = array('type' => 'block', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid']);
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'name' => $rr['sid'], 'title' => $rr['title'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]');
}
}
//Build the base URL for edit links
$url = z_root() . '/editblock/' . $which;
$o .= replace_macros(get_markup_template('blocklist.tpl'), array('$baseurl' => $url, '$title' => t('Blocks'), '$name' => t('Block Name'), '$blocktitle' => t('Block Title'), '$created' => t('Created'), '$edited' => t('Edited'), '$create' => t('Create'), '$edit' => t('Edit'), '$share' => t('Share'), '$delete' => t('Delete'), '$editor' => $editor, '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1'));
return $o;
}
function editwebpage_content(&$a)
{
if (!App::$profile) {
notice(t('Requested profile is not available.') . EOL);
App::$error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = App::get_observer();
$channel = App::get_channel();
if (App::$is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) {
notice(t('Permission denied.') . EOL);
return;
}
$is_owner = $uid && $uid == $owner ? true : false;
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// We've already figured out which item we want and whose copy we need,
// so we don't need anything fancy here
$sql_extra = item_permissions_sql($owner);
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s {$sql_extra} LIMIT 1", intval($post_id), intval($owner));
if (!$itm) {
notice(t('Permission denied.') . EOL);
return;
}
if (intval($itm[0]['item_obscured'])) {
$key = get_config('system', 'prvkey');
if ($itm[0]['title']) {
$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']), $key);
}
if ($itm[0]['body']) {
$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']), $key);
}
}
$item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']));
if ($item_id) {
$page_title = $item_id[0]['sid'];
}
$plaintext = true;
$mimetype = $itm[0]['mimetype'];
if ($mimetype === 'application/x-php') {
if (!$uid || $uid != $itm[0]['uid']) {
notice(t('Permission denied.') . EOL);
return;
}
}
$mimeselect = '';
if ($mimetype != 'text/bbcode') {
$plaintext = true;
}
if (get_config('system', 'page_mimetype')) {
$mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />';
} else {
$mimeselect = mimetype_select($itm[0]['uid'], $mimetype);
}
$layout = get_config('system', 'page_layout');
if ($layout) {
$layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />';
} else {
$layoutselect = layout_select($itm[0]['uid'], $itm[0]['layout_mid']);
}
App::$page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => z_root(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$pretext' => '', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete webpage?'), '$bbco_autocomplete' => $mimetype == 'text/bbcode' ? 'bbcode' : ''));
$tpl = get_markup_template("jot.tpl");
$jotplugins = '';
$jotnets = '';
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
// FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD
// instead of loading a sensible page. So, send folk to the webpage list.
$rp = 'webpages/' . $which;
$editor = replace_macros($tpl, array('$return_path' => $rp, '$webpage' => ITEM_TYPE_WEBPAGE, '$placeholdpagetitle' => t('Page link title'), '$pagetitle' => $page_title, '$writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_storage'), '$action' => 'item', '$share' => t('Edit'), '$bold' => t('Bold'), '$italic' => t('Italic'), '$underline' => t('Underline'), '$quote' => t('Quote'), '$code' => t('Code'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => get_pconfig($uid, 'system', 'use_browser_location') ? t('Clear browser location') : '', '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => z_root(), '$defloc' => $itm[0]['location'], '$visitor' => $is_owner ? true : false, '$acl' => populate_acl($itm[0], false), '$showacl' => $is_owner ? true : false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$mimeselect' => $mimeselect, '$layoutselect' => $layoutselect, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Title (optional)'), '$category' => '', '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), 'lockstate' => strlen($itm[0]['allow_cid']) || strlen($itm[0]['allow_gid']) || strlen($itm[0]['deny_cid']) || strlen($itm[0]['deny_gid']) ? 'lock' : 'unlock', '$bang' => '', '$profile_uid' => intval($owner), '$preview' => t('Preview'), '$jotplugins' => $jotplugins, '$sourceapp' => App::$sourcename, '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), '$bbcode' => $mimetype == 'text/bbcode' ? true : false));
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Webpage'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$editor' => $editor, '$id' => $itm[0]['id']));
return $o;
}
/**
* @brief
*
* @param App $a
* @param boolean $is_owner default false
* @param string $nickname default null
* @return void|string
*/
function profile_tabs($a, $is_owner = false, $nickname = null)
{
// Don't provide any profile tabs if we're running as the sys channel
if (App::$is_sys) {
return;
}
$channel = App::get_channel();
if (is_null($nickname)) {
$nickname = $channel['channel_address'];
}
$uid = App::$profile['profile_uid'] ? App::$profile['profile_uid'] : local_channel();
if ($uid == local_channel()) {
$cal_link = '';
} else {
$cal_link = '/cal/' . $nickname;
}
if (get_pconfig($uid, 'system', 'noprofiletabs')) {
return;
}
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$url = z_root() . '/channel/' . $nickname;
$pr = z_root() . '/profile/' . $nickname;
$tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab'));
$p = get_all_perms($uid, get_observer_hash());
if ($p['view_profile']) {
$tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab');
}
if ($p['view_storage']) {
$tabs[] = array('label' => t('Photos'), 'url' => z_root() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab');
$tabs[] = array('label' => t('Files'), 'url' => z_root() . '/cloud/' . $nickname, 'sel' => argv(0) == 'cloud' || argv(0) == 'sharedwithme' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab');
}
if ($p['view_stream'] && $cal_link) {
$tabs[] = array('label' => t('Events'), 'url' => z_root() . $cal_link, 'sel' => argv(0) == 'cal' || argv(0) == 'events' ? 'active' : '', 'title' => t('Events'), 'id' => 'event-tab');
}
if ($p['chat'] && feature_enabled($uid, 'ajaxchat')) {
$has_chats = Zotlabs\Lib\Chatroom::list_count($uid);
if ($has_chats) {
$tabs[] = array('label' => t('Chatrooms'), 'url' => z_root() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab');
}
}
require_once 'include/menu.php';
$has_bookmarks = menu_list_count(local_channel(), '', MENU_BOOKMARK) + menu_list_count(local_channel(), '', MENU_SYSTEM | MENU_BOOKMARK);
if ($is_owner && $has_bookmarks) {
$tabs[] = array('label' => t('Bookmarks'), 'url' => z_root() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab');
}
if ($p['write_pages'] && feature_enabled($uid, 'webpages')) {
$tabs[] = array('label' => t('Webpages'), 'url' => z_root() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab');
}
if (feature_enabled($uid, 'wiki') && !UNO) {
$tabs[] = array('label' => t('Wiki'), 'url' => z_root() . '/wiki/' . $nickname, 'sel' => argv(0) == 'wiki' ? 'active' : '', 'title' => t('Wiki'), 'id' => 'wiki-tab');
}
$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs);
call_hooks('profile_tabs', $arr);
$tpl = get_markup_template('common_tabs.tpl');
return replace_macros($tpl, array('$tabs' => $arr['tabs']));
}
function profile_tabs($a, $is_owner = False, $nickname = Null)
{
//echo "<pre>"; var_dump($a->user); killme();
$channel = $a->get_channel();
if (is_null($nickname)) {
$nickname = $channel['channel_address'];
}
$uid = $a->profile['profile_uid'] ? $a->profile['profile_uid'] : local_user();
if (get_pconfig($uid, 'system', 'noprofiletabs')) {
return;
}
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$url = $a->get_baseurl() . '/channel/' . $nickname;
$pr = $a->get_baseurl() . '/profile/' . $nickname;
$tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab'));
$p = get_all_perms($uid, get_observer_hash());
if ($p['view_profile']) {
$tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab');
}
if ($p['view_photos']) {
$tabs[] = array('label' => t('Photos'), 'url' => $a->get_baseurl() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab');
}
if ($p['view_storage']) {
$tabs[] = array('label' => t('Files'), 'url' => $a->get_baseurl() . '/cloud/' . $nickname . (get_observer_hash() ? '' : '?f=&davguest=1'), 'sel' => argv(0) == 'cloud' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab');
}
require_once 'include/chat.php';
$chats = chatroom_list($uid);
if (count($chats)) {
$tabs[] = array('label' => t('Chatrooms'), 'url' => $a->get_baseurl() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab');
}
if ($is_owner) {
$tabs[] = array('label' => t('Bookmarks'), 'url' => $a->get_baseurl() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab');
}
if ($is_owner && feature_enabled($uid, 'webpages')) {
$tabs[] = array('label' => t('Webpages'), 'url' => $a->get_baseurl() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab');
} else {
// FIXME
// we probably need a listing of events that were created by
// this channel and are visible to the observer
}
$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs);
call_hooks('profile_tabs', $arr);
$tpl = get_markup_template('common_tabs.tpl');
return replace_macros($tpl, array('$tabs' => $arr['tabs']));
}
function zfinger_init(&$a)
{
require_once 'include/zot.php';
require_once 'include/crypto.php';
$ret = array('success' => false);
$zhash = x($_REQUEST, 'guid_hash') ? $_REQUEST['guid_hash'] : '';
$zguid = x($_REQUEST, 'guid') ? $_REQUEST['guid'] : '';
$zguid_sig = x($_REQUEST, 'guid_sig') ? $_REQUEST['guid_sig'] : '';
$zaddr = x($_REQUEST, 'address') ? $_REQUEST['address'] : '';
$ztarget = x($_REQUEST, 'target') ? $_REQUEST['target'] : '';
$zsig = x($_REQUEST, 'target_sig') ? $_REQUEST['target_sig'] : '';
$zkey = x($_REQUEST, 'key') ? $_REQUEST['key'] : '';
$mindate = x($_REQUEST, 'mindate') ? $_REQUEST['mindate'] : '';
$feed = x($_REQUEST, 'feed') ? intval($_REQUEST['feed']) : 0;
if ($ztarget) {
if (!$zkey || !$zsig || !rsa_verify($ztarget, base64url_decode($zsig), $zkey)) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
json_return_and_die($ret);
}
}
// allow re-written domains so bob@foo.example.com can provide an address of bob@example.com
// The top-level domain also needs to redirect .well-known/zot-info to the sub-domain with a 301 or 308
// TODO: Make 308 work in include/network.php for zot_fetch_url and zot_post_url
if ($zaddr && ($s = get_config('system', 'zotinfo_domainrewrite'))) {
$arr = explode('^', $s);
if (count($arr) == 2) {
$zaddr = str_replace($arr[0], $arr[1], $zaddr);
}
}
$r = null;
if (strlen($zhash)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_hash = '%s' limit 1", dbesc($zhash));
} elseif (strlen($zguid) && strlen($zguid_sig)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_guid = '%s' and channel_guid_sig = '%s' limit 1", dbesc($zguid), dbesc($zguid_sig));
} elseif (strlen($zaddr)) {
if (strpos($zaddr, '[system]') === false) {
/* normal address lookup */
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", dbesc($zaddr), dbesc($zaddr));
} else {
/**
* The special address '[system]' will return a system channel if one has been defined,
* Or the first valid channel we find if there are no system channels.
*
* This is used by magic-auth if we have no prior communications with this site - and
* returns an identity on this site which we can use to create a valid hub record so that
* we can exchange signed messages. The precise identity is irrelevant. It's the hub
* information that we really need at the other end - and this will return it.
*
*/
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_pageflags & %d ) order by channel_id limit 1", intval(PAGE_SYSTEM));
if (!$r) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\t\twhere not ( channel_pageflags & %d ) order by channel_id limit 1", intval(PAGE_REMOVED));
}
}
} else {
$ret['message'] = 'Invalid request';
json_return_and_die($ret);
}
if (!$r) {
$ret['message'] = 'Item not found.';
json_return_and_die($ret);
}
$e = $r[0];
$id = $e['channel_id'];
$special_channel = $e['channel_pageflags'] & PAGE_PREMIUM ? true : false;
$adult_channel = $e['channel_pageflags'] & PAGE_ADULT ? true : false;
$censored = $e['channel_pageflags'] & PAGE_CENSORED ? true : false;
$searchable = $e['channel_pageflags'] & PAGE_HIDDEN ? false : true;
$deleted = $e['xchan_flags'] & XCHAN_FLAGS_DELETED ? true : false;
if ($deleted || $censored) {
$searchable = false;
}
// This is for birthdays and keywords, but must check access permissions
$p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id']));
$profile = array();
if ($p) {
if (!intval($p[0]['publish'])) {
$searchable = false;
}
$profile['description'] = $p[0]['pdesc'];
$profile['birthday'] = $p[0]['dob'];
if ($profile['birthday'] != '0000-00-00' && ($bd = z_birthday($p[0]['dob'], $e['channel_timezone'])) !== '') {
$profile['next_birthday'] = $bd;
}
if ($age = age($p[0]['dob'], $e['channel_timezone'], '')) {
$profile['age'] = $age;
}
$profile['gender'] = $p[0]['gender'];
$profile['marital'] = $p[0]['marital'];
$profile['sexual'] = $p[0]['sexual'];
$profile['locale'] = $p[0]['locality'];
$profile['region'] = $p[0]['region'];
$profile['postcode'] = $p[0]['postal_code'];
$profile['country'] = $p[0]['country_name'];
$profile['about'] = $p[0]['about'];
$profile['homepage'] = $p[0]['homepage'];
$profile['hometown'] = $p[0]['hometown'];
if ($p[0]['keywords']) {
$tags = array();
$k = explode(' ', $p[0]['keywords']);
if ($k) {
foreach ($k as $kk) {
if (trim($kk, " \t\n\r\v,")) {
$tags[] = trim($kk, " \t\n\r\v,");
}
}
}
if ($tags) {
$profile['keywords'] = $tags;
}
}
}
$ret['success'] = true;
// Communication details
$ret['guid'] = $e['xchan_guid'];
$ret['guid_sig'] = $e['xchan_guid_sig'];
$ret['key'] = $e['xchan_pubkey'];
$ret['name'] = $e['xchan_name'];
$ret['name_updated'] = $e['xchan_name_date'];
$ret['address'] = $e['xchan_addr'];
$ret['photo_mimetype'] = $e['xchan_photo_mimetype'];
$ret['photo'] = $e['xchan_photo_l'];
$ret['photo_updated'] = $e['xchan_photo_date'];
$ret['url'] = $e['xchan_url'];
$ret['connections_url'] = $e['xchan_connurl'] ? $e['xchan_connurl'] : z_root() . '/poco/' . $e['channel_address'];
$ret['target'] = $ztarget;
$ret['target_sig'] = $zsig;
$ret['searchable'] = $searchable;
$ret['adult_content'] = $adult_channel;
if ($deleted) {
$ret['deleted'] = $deleted;
}
// premium or other channel desiring some contact with potential followers before connecting.
// This is a template - %s will be replaced with the follow_url we discover for the return channel.
if ($special_channel) {
$ret['connect_url'] = z_root() . '/connect/' . $e['channel_address'];
}
// This is a template for our follow url, %s will be replaced with a webbie
$ret['follow_url'] = z_root() . '/follow?f=&url=%s';
$ztarget_hash = $ztarget && $zsig ? make_xchan_hash($ztarget, $zsig) : '';
$permissions = get_all_perms($e['channel_id'], $ztarget_hash, false);
if ($ztarget_hash) {
$permissions['connected'] = false;
$b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($ztarget_hash), intval($e['channel_id']));
if ($b) {
$permissions['connected'] = true;
}
}
$ret['permissions'] = $ztarget && $zkey ? crypto_encapsulate(json_encode($permissions), $zkey) : $permissions;
if ($permissions['view_profile']) {
$ret['profile'] = $profile;
}
// array of (verified) hubs this channel uses
$ret['locations'] = array();
$x = zot_get_hublocs($e['channel_hash']);
if ($x && count($x)) {
foreach ($x as $hub) {
if (!($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) {
$ret['locations'][] = array('host' => $hub['hubloc_host'], 'address' => $hub['hubloc_addr'], 'primary' => $hub['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY ? true : false, 'url' => $hub['hubloc_url'], 'url_sig' => $hub['hubloc_url_sig'], 'callback' => $hub['hubloc_callback'], 'sitekey' => $hub['hubloc_sitekey'], 'deleted' => $hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED ? true : false);
}
}
}
$ret['site'] = array();
$ret['site']['url'] = z_root();
$ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(), $e['channel_prvkey']));
$dirmode = get_config('system', 'directory_mode');
if ($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) {
$ret['site']['directory_mode'] = 'normal';
}
if ($dirmode == DIRECTORY_MODE_PRIMARY) {
$ret['site']['directory_mode'] = 'primary';
} elseif ($dirmode == DIRECTORY_MODE_SECONDARY) {
$ret['site']['directory_mode'] = 'secondary';
} elseif ($dirmode == DIRECTORY_MODE_STANDALONE) {
$ret['site']['directory_mode'] = 'standalone';
}
if ($dirmode != DIRECTORY_MODE_NORMAL) {
$ret['site']['directory_url'] = z_root() . '/dirsearch';
}
// hide detailed site information if you're off the grid
if ($dirmode != DIRECTORY_MODE_STANDALONE) {
$register_policy = intval(get_config('system', 'register_policy'));
if ($register_policy == REGISTER_CLOSED) {
$ret['site']['register_policy'] = 'closed';
}
if ($register_policy == REGISTER_APPROVE) {
$ret['site']['register_policy'] = 'approve';
}
if ($register_policy == REGISTER_OPEN) {
$ret['site']['register_policy'] = 'open';
}
$access_policy = intval(get_config('system', 'access_policy'));
if ($access_policy == ACCESS_PRIVATE) {
$ret['site']['access_policy'] = 'private';
}
if ($access_policy == ACCESS_PAID) {
$ret['site']['access_policy'] = 'paid';
}
if ($access_policy == ACCESS_FREE) {
$ret['site']['access_policy'] = 'free';
}
if ($access_policy == ACCESS_TIERED) {
$ret['site']['access_policy'] = 'tiered';
}
$ret['site']['accounts'] = account_total();
require_once 'include/identity.php';
$ret['site']['channels'] = channel_total();
$ret['site']['version'] = RED_PLATFORM . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']';
$ret['site']['admin'] = get_config('system', 'admin_email');
$visible_plugins = array();
if (is_array($a->plugins) && count($a->plugins)) {
$r = q("select * from addon where hidden = 0");
if ($r) {
foreach ($r as $rr) {
$visible_plugins[] = $rr['name'];
}
}
}
$ret['site']['plugins'] = $visible_plugins;
$ret['site']['sitehash'] = get_config('system', 'location_hash');
$ret['site']['sitename'] = get_config('system', 'sitename');
$ret['site']['sellpage'] = get_config('system', 'sellpage');
$ret['site']['location'] = get_config('system', 'site_location');
$ret['site']['realm'] = get_directory_realm();
}
call_hooks('zot_finger', $ret);
json_return_and_die($ret);
}
function connedit_content(&$a)
{
$sort_type = 0;
$o = '';
// this triggers some javascript to set Full Sharing by default after
// completing a "follow" - which can be changed to something else before
// form submission, but this gives us something useable
if ($_GET['follow'] == 1) {
$o .= '<script>var after_following = 1;</script>';
}
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return login();
}
if (argc() == 3) {
$contact_id = intval(argv(1));
if (!$contact_id) {
return;
}
$cmd = argv(2);
$orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1", intval($contact_id), intval(local_user()), intval(ABOOK_FLAG_SELF));
if (!count($orig_record)) {
notice(t('Could not access address book record.') . EOL);
goaway($a->get_baseurl(true) . '/connections');
}
if ($cmd === 'update') {
// pull feed and consume it, which should subscribe to the hub.
proc_run('php', "include/poller.php", "{$contact_id}");
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'refresh') {
if (!zot_refresh($orig_record[0], get_app()->get_channel())) {
notice(t('Refresh failed - channel is currently unavailable.'));
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'block') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_BLOCKED)) {
info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED ? t('Channel has been unblocked') : t('Channel has been blocked')) . EOL);
connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'ignore') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_IGNORED)) {
info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED ? t('Channel has been unignored') : t('Channel has been ignored')) . EOL);
connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'archive') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_ARCHIVED)) {
info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED ? t('Channel has been unarchived') : t('Channel has been archived')) . EOL);
connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'hide') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_HIDDEN)) {
info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN ? t('Channel has been unhidden') : t('Channel has been hidden')) . EOL);
connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
// We'll prevent somebody from unapproving an already approved contact.
// Though maybe somebody will want this eventually (??)
if ($cmd === 'approve') {
if ($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_PENDING)) {
info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING ? t('Channel has been approved') : t('Channel has been unapproved')) . EOL);
connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
}
goaway($a->get_baseurl(true) . '/connedit/' . $contact_id);
}
if ($cmd === 'drop') {
require_once 'include/Contact.php';
// FIXME
// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
// in the background there could be a race condition preventing this packet from being sent in all cases.
// PLACEHOLDER
contact_remove(local_user(), $orig_record[0]['abook_id']);
build_sync_packet(0, array('abook' => array('abook_xchan' => $orig_record[0]['abook_xchan'], 'entry_deleted' => true)));
info(t('Connection has been removed.') . EOL);
if (x($_SESSION, 'return_url')) {
goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
}
goaway($a->get_baseurl(true) . '/contacts');
}
}
if ($a->poi) {
$contact_id = $a->poi['abook_id'];
$contact = $a->poi;
$tabs = array(array('label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf(t('View %s\'s profile'), $contact['xchan_name'])), array('label' => t('Refresh Permissions'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions')), array('label' => t('Recent Activity'), 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_BLOCKED ? t('Unblock') : t('Block'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_BLOCKED ? 'active' : '', 'title' => t('Block or Unblock this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_IGNORED ? t('Unignore') : t('Ignore'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_IGNORED ? 'active' : '', 'title' => t('Ignore or Unignore this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_ARCHIVED ? t('Unarchive') : t('Archive'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_ARCHIVED ? 'active' : '', 'title' => t('Archive or Unarchive this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_HIDDEN ? t('Unhide') : t('Hide'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_HIDDEN ? 'active' : '', 'title' => t('Hide or Unhide this connection')), array('label' => t('Delete'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection')));
$self = false;
if (!($contact['abook_flags'] & ABOOK_FLAG_SELF)) {
$tab_tpl = get_markup_template('common_tabs.tpl');
$t = replace_macros($tab_tpl, array('$tabs' => $tabs));
} else {
$self = true;
}
$a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array('$baseurl' => $a->get_baseurl(true), '$editselect' => $editselect));
require_once 'include/contact_selectors.php';
$tpl = get_markup_template("abook_edit.tpl");
if (feature_enabled(local_user(), 'affinity')) {
$slider_tpl = get_markup_template('contact_slider.tpl');
$slide = replace_macros($slider_tpl, array('$me' => t('Me'), '$val' => $contact['abook_closeness'] ? $contact['abook_closeness'] : 99, '$intimate' => t('Best Friends'), '$friends' => t('Friends'), '$oldfriends' => t('Former Friends'), '$acquaintances' => t('Acquaintances'), '$world' => t('Unknown')));
}
$perms = array();
$channel = $a->get_channel();
$global_perms = get_perms();
$existing = get_all_perms(local_user(), $contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'));
foreach ($global_perms as $k => $v) {
$thisperm = $contact['abook_my_perms'] & $v[1] ? "1" : '';
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if (!$self && $existing[$k]) {
$thisperm = "1";
}
$perms[] = array('perms_' . $k, $v[3], $contact['abook_their_perms'] & $v[1] ? "1" : "", $thisperm, $v[1], $channel[$v[0]] == PERMS_SPECIFIC ? '' : '1', $v[4]);
}
$o .= replace_macros($tpl, array('$header' => $self ? t('Automatic Permissions Settings') : sprintf(t('Connections: settings for %s'), $contact['xchan_name']), '$addr' => $contact['xchan_addr'], '$notself' => $self ? '' : '1', '$self' => $self ? '1' : '', '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), '$viewprof' => t('View Profile'), '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$slide' => $slide, '$tabs' => $t, '$tab_str' => $tab_str, '$is_pending' => $contact['abook_flags'] & ABOOK_FLAG_PENDING ? 1 : '', '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$approve' => t('Approve this connection'), '$noperms' => !$self && !$contact['abook_my_perms'] ? t('Connection has no individual permissions!') : '', '$noperm_desc' => !$self && !$contact['abook_my_perms'] ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : '', '$submit' => t('Submit'), '$lbl_vis1' => t('Profile Visibility'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), '$lbl_info1' => t('Contact Information / Notes'), '$infedit' => t('Edit contact notes'), '$close' => $contact['abook_closeness'], '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$clear' => t('Clear/Disable Automatic Permissions'), '$forum' => t('Forum Members'), '$soapbox' => t('Soapbox'), '$full' => t('Full Sharing (typical social network permissions)'), '$cautious' => t('Cautious Sharing '), '$follow' => t('Follow Only'), '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel <a href="settings">privacy settings</a>, which have higher priority than individual settings. Changing those inherited settings on this page will have no effect.'), '$advanced' => t('Advanced Permissions'), '$quick' => t('Simple Permissions (select one and submit)'), '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], '$all_friends' => $all_friends, '$relation_text' => $relation_text, '$visit' => sprintf(t('Visit %s\'s profile - %s'), $contact['xchan_name'], $contact['xchan_url']), '$blockunblock' => t('Block/Unblock contact'), '$ignorecont' => t('Ignore contact'), '$lblcrepair' => t("Repair URL settings"), '$lblrecent' => t('View conversations'), '$lblsuggest' => $lblsuggest, '$delete' => t('Delete contact'), '$poll_interval' => contact_poll_interval($contact['priority'], !$poll_enabled), '$poll_enabled' => $poll_enabled, '$lastupdtext' => t('Last update:'), '$lost_contact' => $lost_contact, '$updpub' => t('Update public posts'), '$last_update' => relative_date($contact['abook_connected']), '$udnow' => t('Update now'), '$profile_select' => contact_profile_assign($contact['abook_profile']), '$multiprofs' => feature_enabled(local_user(), 'multi_profiles'), '$contact_id' => $contact['abook_id'], '$block_text' => $contact['blocked'] ? t('Unblock') : t('Block'), '$ignore_text' => $contact['readonly'] ? t('Unignore') : t('Ignore'), '$blocked' => $contact['blocked'] ? t('Currently blocked') : '', '$ignored' => $contact['readonly'] ? t('Currently ignored') : '', '$archived' => $contact['archive'] ? t('Currently archived') : '', '$pending' => $contact['archive'] ? t('Currently pending') : '', '$hidden' => array('hidden', t('Hide this contact from others'), $contact['hidden'] == 1, t('Replies/likes to your public posts <strong>may</strong> still be visible')), '$photo' => $contact['photo'], '$name' => $contact['name'], '$dir_icon' => $dir_icon, '$alt_text' => $alt_text, '$sparkle' => $sparkle, '$url' => $url));
$arr = array('contact' => $contact, 'output' => $o);
call_hooks('contact_edit', $arr);
return $arr['output'];
}
}
function get()
{
if (!\App::$profile) {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = \App::get_observer();
$channel = \App::get_channel();
if (\App::$is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) {
notice(t('Permission denied.') . EOL);
return;
}
$is_owner = $uid && $uid == $owner ? true : false;
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// We've already figured out which item we want and whose copy we need,
// so we don't need anything fancy here
$sql_extra = item_permissions_sql($owner);
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s {$sql_extra} LIMIT 1", intval($post_id), intval($owner));
if (!$itm) {
notice(t('Permission denied.') . EOL);
return;
}
if (intval($itm[0]['item_obscured'])) {
$key = get_config('system', 'prvkey');
if ($itm[0]['title']) {
$itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']), $key);
}
if ($itm[0]['body']) {
$itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']), $key);
}
}
$item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id']));
if ($item_id) {
$page_title = $item_id[0]['sid'];
}
$mimetype = $itm[0]['mimetype'];
if ($mimetype === 'application/x-php') {
if (!$uid || $uid != $itm[0]['uid']) {
notice(t('Permission denied.') . EOL);
return;
}
}
$layout = $itm[0]['layout_mid'];
$tpl = get_markup_template("jot.tpl");
$rp = 'webpages/' . $which;
$x = array('nickname' => $channel['channel_address'], 'bbco_autocomplete' => $mimetype == 'text/bbcode' ? 'bbcode' : '', 'return_path' => $rp, 'webpage' => ITEM_TYPE_WEBPAGE, 'ptlabel' => t('Page link'), 'pagetitle' => $page_title, 'writefiles' => $mimetype == 'text/bbcode' ? perm_is_allowed($owner, get_observer_hash(), 'write_storage') : false, 'button' => t('Edit'), 'weblink' => $mimetype == 'text/bbcode' ? t('Insert web link') : false, 'hide_location' => true, 'hide_voting' => true, 'ptyp' => $itm[0]['type'], 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, 'visitor' => $is_owner ? true : false, 'acl' => populate_acl($itm[0], false, \PermissionDescription::fromGlobalPermission('view_pages')), 'showacl' => $is_owner ? true : false, 'mimetype' => $mimetype, 'mimeselect' => true, 'layout' => $layout, 'layoutselect' => true, 'title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), 'lockstate' => strlen($itm[0]['allow_cid']) || strlen($itm[0]['allow_gid']) || strlen($itm[0]['deny_cid']) || strlen($itm[0]['deny_gid']) ? 'lock' : 'unlock', 'profile_uid' => intval($owner), 'bbcode' => $mimetype == 'text/bbcode' ? true : false);
$editor = status_editor($a, $x);
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Webpage'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$editor' => $editor, '$id' => $itm[0]['id']));
return $o;
}
function blocks_content(&$a)
{
if (!$a->profile) {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = $a->get_observer();
$channel = $a->get_channel();
if ($a->is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// Block design features from visitors
if (!$uid || $uid != $owner) {
notice(t('Permission denied.') . EOL);
return;
}
if (feature_enabled($owner, 'expert')) {
$mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype');
if (!$mimetype) {
$mimetype = 'choose';
}
} else {
$mimetype = 'text/bbcode';
}
$x = array('webpage' => ITEM_BUILDBLOCK, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => true, 'mimetype' => $mimetype, 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner));
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$o .= status_editor($a, $x);
$r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", intval($owner));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid']);
}
}
//Build the base URL for edit links
$url = z_root() . '/editblock/' . $which;
$o .= replace_macros(get_markup_template('blocklist.tpl'), array('$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1'));
return $o;
}
/**
* @brief Refreshes after permission changed or friending, etc.
*
* zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified
* to fetch new permissions via a finger/discovery operation. This may result in a new connection
* (abook entry) being added to a local channel and it may result in auto-permissions being granted.
*
* Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a
* permission change has been made by the sender which affects the target channel. The hub controlling
* the target channel does targetted discovery (a zot-finger request requesting permissions for the local
* channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store
* the permissions assigned to this channel.
*
* Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are
* implied until this is approved by the owner channel. A channel can also auto-populate permissions in
* return and send back a refresh packet of its own. This is used by forum and group communication channels
* so that friending and membership in the channel's "club" is automatic.
*
* @param array $them => xchan structure of sender
* @param array $channel => local channel structure of target recipient, required for "friending" operations
* @param array $force default false
*
* @returns boolean true if successful, else false
*/
function zot_refresh($them, $channel = null, $force = false)
{
if (array_key_exists('xchan_network', $them) && $them['xchan_network'] !== 'zot') {
logger('zot_refresh: not got zot. ' . $them['xchan_name']);
return true;
}
logger('zot_refresh: them: ' . print_r($them, true), LOGGER_DATA);
if ($channel) {
logger('zot_refresh: channel: ' . print_r($channel, true), LOGGER_DATA);
}
$url = null;
if ($them['hubloc_url']) {
$url = $them['hubloc_url'];
} else {
$r = null;
if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
$r = q("select hubloc_url, hubloc_flags from hubloc where hubloc_addr = '%s'", dbesc($them['xchan_addr']));
}
if (!$r) {
$r = q("select hubloc_url, hubloc_flags from hubloc where hubloc_hash = '%s'", dbesc($them['xchan_hash']));
}
if ($r) {
foreach ($r as $rr) {
if ($rr['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) {
$url = $rr['hubloc_url'];
break;
}
}
if (!$url) {
$url = $r[0]['hubloc_url'];
}
}
}
if (!$url) {
logger('zot_refresh: no url');
return false;
}
$postvars = array();
if ($channel) {
$postvars['target'] = $channel['channel_guid'];
$postvars['target_sig'] = $channel['channel_guid_sig'];
$postvars['key'] = $channel['channel_pubkey'];
}
if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
$postvars['address'] = $them['xchan_addr'];
}
if (array_key_exists('xchan_hash', $them) && $them['xchan_hash']) {
$postvars['guid_hash'] = $them['xchan_hash'];
}
if (array_key_exists('xchan_guid', $them) && $them['xchan_guid'] && array_key_exists('xchan_guid_sig', $them) && $them['xchan_guid_sig']) {
$postvars['guid'] = $them['xchan_guid'];
$postvars['guid_sig'] = $them['xchan_guid_sig'];
}
$rhs = '/.well-known/zot-info';
$result = z_post_url($url . $rhs, $postvars);
logger('zot_refresh: zot-info: ' . print_r($result, true), LOGGER_DATA);
if ($result['success']) {
$j = json_decode($result['body'], true);
if (!($j && $j['success'])) {
logger('zot_refresh: result not decodable');
return false;
}
$x = import_xchan($j, $force ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED);
if (!$x['success']) {
return false;
}
$their_perms = 0;
if ($channel) {
$global_perms = get_perms();
if ($j['permissions']['data']) {
$permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']);
if ($permissions) {
$permissions = json_decode($permissions, true);
}
logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA);
} else {
$permissions = $j['permissions'];
}
$connected_set = false;
if ($permissions && is_array($permissions)) {
foreach ($permissions as $k => $v) {
// The connected permission means you are in their address book
if ($k === 'connected') {
$connected_set = intval($v);
continue;
}
if ($v && array_key_exists($k, $global_perms)) {
$their_perms = $their_perms | intval($global_perms[$k][1]);
}
}
}
if (array_key_exists('profile', $j) && array_key_exists('next_birthday', $j['profile'])) {
$next_birthday = datetime_convert('UTC', 'UTC', $j['profile']['next_birthday']);
} else {
$next_birthday = NULL_DATE;
}
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF));
if ($r) {
// connection exists
// if the dob is the same as what we have stored (disregarding the year), keep the one
// we have as we may have updated the year after sending a notification; and resetting
// to the one we just received would cause us to create duplicated events.
if (substr($r[0]['abook_dob'], 5) == substr($next_birthday, 5)) {
$next_birthday = $r[0]['abook_dob'];
}
$current_abook_connected = $r[0]['abook_flags'] & ABOOK_FLAG_UNCONNECTED ? 0 : 1;
$y = q("update abook set abook_their_perms = %d, abook_dob = '%s'\n\t\t\t\t\twhere abook_xchan = '%s' and abook_channel = %d\n\t\t\t\t\tand not (abook_flags & %d) > 0 ", intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF));
// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) {
// if they are in your address book but you aren't in theirs, and/or this does not
// match your current connected state setting, toggle it.
/** @FIXME uncoverted to postgres */
/** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */
// $y1 = q("update abook set abook_flags = (abook_flags ^ %d)
// where abook_xchan = '%s' and abook_channel = %d
// and not (abook_flags & %d) limit 1",
// intval(ABOOK_FLAG_UNCONNECTED),
// dbesc($x['hash']),
// intval($channel['channel_id']),
// intval(ABOOK_FLAG_SELF)
// );
// }
if (!$y) {
logger('abook update failed');
} else {
// if we were just granted read stream permission and didn't have it before, try to pull in some posts
if (!($r[0]['abook_their_perms'] & PERMS_R_STREAM) && $their_perms & PERMS_R_STREAM) {
proc_run('php', 'include/onepoll.php', $r[0]['abook_id']);
}
}
} else {
// new connection
$role = get_pconfig($channel['channel_id'], 'system', 'permissions_role');
if ($role) {
$xx = get_role_perms($role);
if ($xx['perms_auto']) {
$default_perms = $xx['perms_accept'];
}
}
if (!$default_perms) {
$default_perms = intval(get_pconfig($channel['channel_id'], 'system', 'autoperms'));
}
// Keep original perms to check if we need to notify them
$previous_perms = get_all_perms($channel['channel_id'], $x['hash']);
$closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness');
if ($closeness === false) {
$closeness = 80;
}
$y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), intval($their_perms), intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), intval($default_perms ? 0 : ABOOK_FLAG_PENDING));
if ($y) {
logger("New introduction received for {$channel['channel_name']}");
$new_perms = get_all_perms($channel['channel_id'], $x['hash']);
// Send a clone sync packet and a permissions update if permissions have changed
$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 order by abook_created desc limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF));
if ($new_connection) {
if ($new_perms != $previous_perms) {
proc_run('php', 'include/notifier.php', 'permission_update', $new_connection[0]['abook_id']);
}
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id']));
if ($their_perms & PERMS_R_STREAM) {
if ($channel['channel_w_stream'] & PERMS_PENDING || !($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) {
proc_run('php', 'include/onepoll.php', $new_connection[0]['abook_id']);
}
}
unset($new_connection[0]['abook_id']);
unset($new_connection[0]['abook_account']);
unset($new_connection[0]['abook_channel']);
build_sync_packet($channel['channel_id'], array('abook' => $new_connection));
}
}
}
}
return true;
}
return false;
}
/**
* @brief Change to another channel with current logged-in account.
*
* @param int $change_channel The channel_id of the channel you want to change to
*
* @return bool|array false or channel record of the new channel
*/
function change_channel($change_channel)
{
$ret = false;
if ($change_channel) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1", intval($change_channel), intval(get_account_id()));
// It's not there. Is this an administrator, and is this the sys channel?
if (is_developer()) {
if (!$r) {
if (is_site_admin()) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_system = 1 and channel_removed = 0 limit 1", intval($change_channel));
}
}
}
if ($r) {
$hash = $r[0]['channel_hash'];
$_SESSION['uid'] = intval($r[0]['channel_id']);
App::set_channel($r[0]);
$_SESSION['theme'] = $r[0]['channel_theme'];
$_SESSION['mobile_theme'] = get_pconfig(local_channel(), 'system', 'mobile_theme');
date_default_timezone_set($r[0]['channel_timezone']);
$ret = $r[0];
}
$x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash));
if ($x) {
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['channel_address'] . '@' . App::get_hostname();
App::set_observer($x[0]);
App::set_perms(get_all_perms(local_channel(), $hash));
}
if (!is_dir('store/' . $r[0]['channel_address'])) {
@os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true);
}
$arr = ['channel_id' => $change_channel, 'chanx' => $ret];
call_hooks('change_channel', $arr);
}
return $ret;
}
function webpages_content(&$a)
{
if (!App::$profile) {
notice(t('Requested profile is not available.') . EOL);
App::$error = 404;
return;
}
$which = argv(1);
$_SESSION['return_url'] = App::$query_string;
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = App::get_observer();
$channel = App::get_channel();
if (App::$is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
$mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype');
if (!$mimetype) {
$mimetype = 'choose';
}
$layout = $_REQUEST['layout'] ? $_REQUEST['layout'] : get_pconfig($owner, 'system', 'page_layout');
if (!$layout) {
$layout = 'choose';
}
// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
// Nickname is set to the observers xchan, and profile_uid to the owner's.
// This lets you post pages at other people's channels.
if (!$channel && $uid && $uid == App::$profile_uid) {
$channel = App::get_channel();
}
if ($channel) {
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
} else {
$channel_acl = array();
}
$is_owner = $uid && $uid == $owner;
$o = profile_tabs($a, $is_owner, App::$profile['channel_address']);
$x = array('webpage' => ITEM_TYPE_WEBPAGE, 'is_owner' => true, 'nickname' => App::$profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'acl' => $is_owner ? populate_acl($channel_acl, false) : '', 'showacl' => $is_owner ? true : false, 'visitor' => true, 'profile_uid' => intval($owner), 'mimetype' => $mimetype, 'layout' => $layout, 'expanded' => true, 'novoting' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true);
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$editor = status_editor($a, $x);
// Get a list of webpages. We can't display all them because endless scroll makes that unusable,
// so just list titles and an edit link.
/** @TODO - this should be replaced with pagelist_widget */
$sql_extra = item_permissions_sql($owner);
$r = q("select * from item_id left join item on item_id.iid = item.id \n\t\twhere item_id.uid = %d and service = 'WEBPAGE' and item_type = %d {$sql_extra} order by item.created desc", intval($owner), intval(ITEM_TYPE_WEBPAGE));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
unobscure($rr);
$lockstate = $rr['allow_cid'] || $rr['allow_gid'] || $rr['deny_cid'] || $rr['deny_gid'] ? 'lock' : 'unlock';
$element_arr = array('type' => 'webpage', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid'], 'layout_mid' => $rr['layout_mid']);
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'pagetitle' => $rr['sid'], 'title' => $rr['title'], 'created' => datetime_convert('UTC', date_default_timezone_get(), $rr['created']), 'edited' => datetime_convert('UTC', date_default_timezone_get(), $rr['edited']), 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]', 'lockstate' => $lockstate);
}
}
//Build the base URL for edit links
$url = z_root() . '/editwebpage/' . $which;
$o .= replace_macros(get_markup_template('webpagelist.tpl'), array('$listtitle' => t('Webpages'), '$baseurl' => $url, '$create' => t('Create'), '$edit' => t('Edit'), '$share' => t('Share'), '$delete' => t('Delete'), '$pages' => $pages, '$channel' => $which, '$editor' => $editor, '$view' => t('View'), '$preview' => t('Preview'), '$actions_txt' => t('Actions'), '$pagelink_txt' => t('Page Link'), '$title_txt' => t('Page Title'), '$created_txt' => t('Created'), '$edited_txt' => t('Edited')));
return $o;
}
function layouts_content(&$a)
{
if (!$a->profile) {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = $a->get_observer();
$channel = $a->get_channel();
if ($a->is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// Block design features from visitors
if (!$uid || $uid != $owner) {
notice(t('Permission denied.') . EOL);
return;
}
// Get the observer, check their permissions
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() > 3 && argv(2) === 'share' && argv(3)) {
$r = q("select sid, service, mimetype, title, body from item_id \n\t\t\tleft join item on item.id = item_id.iid \n\t\t\twhere item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3)));
if ($r) {
header('Content-type: application/x-redmatrix-layout');
header('Content-disposition: attachment; filename="' . $r[0]['sid'] . '.pdl"');
echo json_encode($r);
killme();
}
}
$tabs = array(array('label' => t('Layout Help'), 'url' => 'help/Comanche', 'sel' => '', 'title' => t('Help with this feature'), 'id' => 'layout-help-tab'));
$o .= replace_macros(get_markup_template('common_tabs.tpl'), array('$tabs' => $tabs));
// Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages
// Nickname is set to the observers xchan, and profile_uid to the owners.
// This lets you post pages at other people's channels.
$x = array('webpage' => ITEM_PDL, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => false, 'nopreview' => 1, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner));
if ($_REQUEST['title']) {
$x['title'] = $_REQUEST['title'];
}
if ($_REQUEST['body']) {
$x['body'] = $_REQUEST['body'];
}
if ($_REQUEST['pagetitle']) {
$x['pagetitle'] = $_REQUEST['pagetitle'];
}
$o .= status_editor($a, $x);
$r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid \n\t\twhere item_id.uid = %d and service = 'PDL' order by sid asc", intval($owner));
$pages = null;
if ($r) {
$pages = array();
foreach ($r as $rr) {
$pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid'], 'mid' => $rr['mid']);
}
}
//Build the base URL for edit links
$url = z_root() . '/editlayout/' . $which;
$o .= replace_macros(get_markup_template('layoutlist.tpl'), array('$baseurl' => $url, '$edit' => t('Edit'), '$share' => t('Share'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1'));
return $o;
}
function get($update = 0, $load = false)
{
if ($load) {
$_SESSION['loadtime'] = datetime_convert();
}
$checkjs = new \Zotlabs\Web\CheckJS(1);
$category = $datequery = $datequery2 = '';
$mid = x($_REQUEST, 'mid') ? $_REQUEST['mid'] : '';
$datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : '';
$datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : '';
if (observer_prohibited(true)) {
return login();
}
$category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : '';
$hashtags = x($_REQUEST, 'tag') ? $_REQUEST['tag'] : '';
$groups = array();
$o = '';
if ($update) {
// Ensure we've got a profile owner if updating.
\App::$profile['profile_uid'] = \App::$profile_uid = $update;
} else {
if (\App::$profile['profile_uid'] == local_channel()) {
nav_set_selected('home');
}
}
$is_owner = local_channel() && \App::$profile['profile_uid'] == local_channel() ? true : false;
$channel = \App::get_channel();
$observer = \App::get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms(\App::$profile['profile_uid'], $ob_hash);
if (!$perms['view_stream']) {
// We may want to make the target of this redirect configurable
if ($perms['view_profile']) {
notice(t('Insufficient permissions. Request redirected to profile page.') . EOL);
goaway(z_root() . "/profile/" . \App::$profile['channel_address']);
}
notice(t('Permission denied.') . EOL);
return;
}
if (!$update) {
$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
if ($channel && $is_owner) {
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
} else {
$channel_acl = array();
}
if ($perms['post_wall']) {
$x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig(\App::$profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? \App::$profile['channel_location'] : '', 'nickname' => \App::$profile['channel_address'], 'lockstate' => strlen(\App::$profile['channel_allow_cid']) || strlen(\App::$profile['channel_allow_gid']) || strlen(\App::$profile['channel_deny_cid']) || strlen(\App::$profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => \App::$profile['profile_uid'], 'editor_autocomplete' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true);
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$item_normal = item_normal();
$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
if (get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_list_mode') && !$mid) {
$page_mode = 'list';
} else {
$page_mode = 'client';
}
$abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " ";
$simple_update = $update ? " AND item_unseen = 1 " : '';
\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
if ($update && $_SESSION['loadtime']) {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) ";
}
if ($load) {
$simple_update = '';
}
if ($update && !$load) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 AND item_unseen = 1 {$sql_extra} limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid']));
} else {
$r = q("SELECT distinct parent AS `item_id`, created from item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 {$simple_update}\n\t\t\t\t\tAND (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tORDER BY created DESC", intval(\App::$profile['profile_uid']));
$_SESSION['loadtime'] = datetime_convert();
}
} else {
if (x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if (x($hashtags)) {
$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
\App::set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
if ($load || $checkjs->disabled()) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 {$sql_extra} limit 1", dbesc($mid), intval(\App::$profile['profile_uid']));
if (!$r) {
notice(t('Permission denied.') . EOL);
}
} else {
$r = q("SELECT distinct id AS item_id, created FROM item \n\t\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 and item_thread_top = 1\n\t\t\t\t\t\tAND (abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval(\App::$profile['profile_uid']));
}
} else {
$r = array();
}
}
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\t\tFROM `item`\n\t\t\t\tWHERE `item`.`uid` = %d {$item_normal}\n\t\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t\t{$sql_extra} ", intval(\App::$profile['profile_uid']), dbesc($parents_str));
xchan_query($items);
$items = fetch_post_tags($items, true);
$items = conv_sort($items, 'created');
if ($load && $mid && !count($items)) {
// This will happen if we don't have sufficient permissions
// to view the parent item (or the item itself if it is toplevel)
notice(t('Permission denied.') . EOL);
}
} else {
$items = array();
}
if (!$update && !$load) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
$maxheight = get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_divmore_height');
if (!$maxheight) {
$maxheight = 400;
}
$o .= '<div id="live-channel"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => \App::$profile['profile_uid'] ? \App::$profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => \App::$pager['page'] != 1 ? \App::$pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$tags' => $hashtags ? $hashtags : '', '$mid' => $mid, '$verb' => '', '$dend' => $datequery, '$dbegin' => $datequery2));
}
$update_unseen = '';
if ($page_mode === 'list') {
/**
* in "list mode", only mark the parent item and any like activities as "seen".
* We won't distinguish between comment likes and post likes. The important thing
* is that the number of unseen comments will be accurate. The SQL to separate the
* comment likes could also get somewhat hairy.
*/
if ($parents_str) {
$update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )";
$update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) ";
}
} else {
if ($parents_str) {
$update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )";
}
}
if ($is_owner && $update_unseen) {
$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d {$update_unseen}", intval(local_channel()));
}
if ($checkjs->disabled()) {
$o .= conversation($a, $items, 'channel', $update, 'traditional');
} else {
$o .= conversation($a, $items, 'channel', $update, $page_mode);
}
if (!$update || $checkjs->disabled()) {
$o .= alt_pager($a, count($items));
if ($mid && $items[0]['title']) {
\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
}
}
if ($mid) {
$o .= '<div id="content-complete"></div>';
}
return $o;
}
function wiki_get_permissions($resource_id, $owner_id, $observer_hash)
{
// TODO: For now, only the owner can edit
$sql_extra = item_permissions_sql($owner_id, $observer_hash);
$r = q("SELECT * FROM item WHERE resource_type = '%s' AND resource_id = '%s' {$sql_extra} LIMIT 1", dbesc(WIKI_ITEM_RESOURCE_TYPE), dbesc($resource_id));
if (!$r) {
return array('read' => false, 'write' => false, 'success' => true);
} else {
$perms = get_all_perms($owner_id, $observer_hash);
// TODO: Create a new permission setting for wiki analogous to webpages. Until
// then, use webpage permissions
if (!$perms['write_pages']) {
$write = false;
} else {
$write = true;
}
return array('read' => true, 'write' => $write, 'success' => true);
}
}
/**
* @brief
*
* @param App $a
* @param boolean $is_owner default false
* @param string $nickname default null
* @return void|string
*/
function profile_tabs($a, $is_owner = false, $nickname = null)
{
// Don't provide any profile tabs if we're running as the sys channel
if ($a->is_sys) {
return;
}
$channel = $a->get_channel();
if (is_null($nickname)) {
$nickname = $channel['channel_address'];
}
$uid = $a->profile['profile_uid'] ? $a->profile['profile_uid'] : local_channel();
if (get_pconfig($uid, 'system', 'noprofiletabs')) {
return;
}
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$url = $a->get_baseurl() . '/channel/' . $nickname;
$pr = $a->get_baseurl() . '/profile/' . $nickname;
$tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab'));
$p = get_all_perms($uid, get_observer_hash());
if ($p['view_profile']) {
$tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab');
}
if ($p['view_photos']) {
$tabs[] = array('label' => t('Photos'), 'url' => $a->get_baseurl() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab');
}
if ($p['view_storage']) {
$tabs[] = array('label' => t('Files'), 'url' => $a->get_baseurl() . '/cloud/' . $nickname . (get_observer_hash() ? '' : '?f=&davguest=1'), 'sel' => argv(0) == 'cloud' || argv(0) == 'sharedwithme' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab');
}
if ($p['chat']) {
require_once 'include/chat.php';
$has_chats = chatroom_list_count($uid);
if ($has_chats) {
$tabs[] = array('label' => t('Chatrooms'), 'url' => $a->get_baseurl() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab');
}
}
require_once 'include/menu.php';
$has_bookmarks = menu_list_count(local_channel(), '', MENU_BOOKMARK) + menu_list_count(local_channel(), '', MENU_SYSTEM | MENU_BOOKMARK);
if ($is_owner && $has_bookmarks) {
$tabs[] = array('label' => t('Bookmarks'), 'url' => $a->get_baseurl() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab');
}
if ($is_owner && feature_enabled($uid, 'webpages')) {
$tabs[] = array('label' => t('Webpages'), 'url' => $a->get_baseurl() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab');
} else {
/**
* @FIXME we probably need a listing of events that were created by
* this channel and are visible to the observer
*/
}
$arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs);
call_hooks('profile_tabs', $arr);
$tpl = get_markup_template('common_tabs.tpl');
return replace_macros($tpl, array('$tabs' => $arr['tabs']));
}
function editlayout_content(&$a)
{
if (!$a->profile) {
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
$which = argv(1);
$uid = local_channel();
$owner = 0;
$channel = null;
$observer = $a->get_observer();
$channel = $a->get_channel();
if ($a->is_sys && is_site_admin()) {
$sys = get_sys_channel();
if ($sys && intval($sys['channel_id'])) {
$uid = $owner = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
}
if (!$owner) {
// Figure out who the page owner is.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
}
}
$ob_hash = $observer ? $observer['xchan_hash'] : '';
if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) {
notice(t('Permission denied.') . EOL);
return;
}
$is_owner = $uid && $uid == $owner ? true : false;
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
// Now we've got a post and an owner, let's find out if we're allowed to edit it
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner));
$item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", intval($itm[0]['id']));
if ($item_id) {
$layout_title = $item_id[0]['sid'];
}
$plaintext = true;
$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$pretext' => '', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete layout?')));
$tpl = get_markup_template("jot.tpl");
$jotplugins = '';
$jotnets = '';
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
// FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD
// instead of loading a sensible page. So, send folk to the webpage list.
$rp = 'layouts/' . $which;
$editor = replace_macros($tpl, array('$return_path' => $rp, '$action' => 'item', '$webpage' => ITEM_TYPE_PDL, '$share' => t('Edit'), '$bold' => t('Bold'), '$italic' => t('Italic'), '$underline' => t('Underline'), '$quote' => t('Quote'), '$code' => t('Code'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $channel['channel_location'], '$visitor' => false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Layout Description (Optional)'), '$pagetitle' => $layout_title, '$placeholdpagetitle' => t('Layout Name'), '$category' => '', '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', '$profile_uid' => intval($owner), '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date')));
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$id' => $itm[0]['id'], '$editor' => $editor));
return $o;
}
function zotinfo($arr)
{
$ret = array('success' => false);
$zhash = x($arr, 'guid_hash') ? $arr['guid_hash'] : '';
$zguid = x($arr, 'guid') ? $arr['guid'] : '';
$zguid_sig = x($arr, 'guid_sig') ? $arr['guid_sig'] : '';
$zaddr = x($arr, 'address') ? $arr['address'] : '';
$ztarget = x($arr, 'target') ? $arr['target'] : '';
$zsig = x($arr, 'target_sig') ? $arr['target_sig'] : '';
$zkey = x($arr, 'key') ? $arr['key'] : '';
$mindate = x($arr, 'mindate') ? $arr['mindate'] : '';
$feed = x($arr, 'feed') ? intval($arr['feed']) : 0;
if ($ztarget) {
if (!$zkey || !$zsig || !rsa_verify($ztarget, base64url_decode($zsig), $zkey)) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
return $ret;
}
}
$r = null;
if (strlen($zhash)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_hash = '%s' limit 1", dbesc($zhash));
} elseif (strlen($zguid) && strlen($zguid_sig)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_guid = '%s' and channel_guid_sig = '%s' limit 1", dbesc($zguid), dbesc($zguid_sig));
} elseif (strlen($zaddr)) {
if (strpos($zaddr, '[system]') === false) {
/* normal address lookup */
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", dbesc($zaddr), dbesc($zaddr));
} else {
/**
* The special address '[system]' will return a system channel if one has been defined,
* Or the first valid channel we find if there are no system channels.
*
* This is used by magic-auth if we have no prior communications with this site - and
* returns an identity on this site which we can use to create a valid hub record so that
* we can exchange signed messages. The precise identity is irrelevant. It's the hub
* information that we really need at the other end - and this will return it.
*
*/
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere channel_system = 1 order by channel_id limit 1");
if (!$r) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\t\twhere channel_removed = 0 order by channel_id limit 1");
}
}
} else {
$ret['message'] = 'Invalid request';
return $ret;
}
if (!$r) {
$ret['message'] = 'Item not found.';
return $ret;
}
$e = $r[0];
$id = $e['channel_id'];
$sys_channel = intval($e['channel_system']) ? true : false;
$special_channel = $e['channel_pageflags'] & PAGE_PREMIUM ? true : false;
$adult_channel = $e['channel_pageflags'] & PAGE_ADULT ? true : false;
$censored = $e['channel_pageflags'] & PAGE_CENSORED ? true : false;
$searchable = $e['channel_pageflags'] & PAGE_HIDDEN ? false : true;
$deleted = intval($e['xchan_deleted']) ? true : false;
if ($deleted || $censored || $sys_channel) {
$searchable = false;
}
$public_forum = false;
$role = get_pconfig($e['channel_id'], 'system', 'permissions_role');
if ($role === 'forum' || $role === 'repository') {
$public_forum = true;
} else {
// check if it has characteristics of a public forum based on custom permissions.
$t = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", intval($e['channel_id']));
if ($t && ($t[0]['abook_my_perms'] & PERMS_W_TAGWALL && !($t[0]['abook_my_perms'] & PERMS_W_STREAM))) {
$public_forum = true;
}
}
// This is for birthdays and keywords, but must check access permissions
$p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id']));
$profile = array();
if ($p) {
if (!intval($p[0]['publish'])) {
$searchable = false;
}
$profile['description'] = $p[0]['pdesc'];
$profile['birthday'] = $p[0]['dob'];
if ($profile['birthday'] != '0000-00-00' && ($bd = z_birthday($p[0]['dob'], $e['channel_timezone'])) !== '') {
$profile['next_birthday'] = $bd;
}
if ($age = age($p[0]['dob'], $e['channel_timezone'], '')) {
$profile['age'] = $age;
}
$profile['gender'] = $p[0]['gender'];
$profile['marital'] = $p[0]['marital'];
$profile['sexual'] = $p[0]['sexual'];
$profile['locale'] = $p[0]['locality'];
$profile['region'] = $p[0]['region'];
$profile['postcode'] = $p[0]['postal_code'];
$profile['country'] = $p[0]['country_name'];
$profile['about'] = $p[0]['about'];
$profile['homepage'] = $p[0]['homepage'];
$profile['hometown'] = $p[0]['hometown'];
if ($p[0]['keywords']) {
$tags = array();
$k = explode(' ', $p[0]['keywords']);
if ($k) {
foreach ($k as $kk) {
if (trim($kk, " \t\n\r\v,")) {
$tags[] = trim($kk, " \t\n\r\v,");
}
}
}
if ($tags) {
$profile['keywords'] = $tags;
}
}
}
$ret['success'] = true;
// Communication details
$ret['guid'] = $e['xchan_guid'];
$ret['guid_sig'] = $e['xchan_guid_sig'];
$ret['key'] = $e['xchan_pubkey'];
$ret['name'] = $e['xchan_name'];
$ret['name_updated'] = $e['xchan_name_date'];
$ret['address'] = $e['xchan_addr'];
$ret['photo_mimetype'] = $e['xchan_photo_mimetype'];
$ret['photo'] = $e['xchan_photo_l'];
$ret['photo_updated'] = $e['xchan_photo_date'];
$ret['url'] = $e['xchan_url'];
$ret['connections_url'] = $e['xchan_connurl'] ? $e['xchan_connurl'] : z_root() . '/poco/' . $e['channel_address'];
$ret['target'] = $ztarget;
$ret['target_sig'] = $zsig;
$ret['searchable'] = $searchable;
$ret['adult_content'] = $adult_channel;
$ret['public_forum'] = $public_forum;
if ($deleted) {
$ret['deleted'] = $deleted;
}
if (intval($e['channel_removed'])) {
$ret['deleted_locally'] = true;
}
// premium or other channel desiring some contact with potential followers before connecting.
// This is a template - %s will be replaced with the follow_url we discover for the return channel.
if ($special_channel) {
$ret['connect_url'] = z_root() . '/connect/' . $e['channel_address'];
}
// This is a template for our follow url, %s will be replaced with a webbie
$ret['follow_url'] = z_root() . '/follow?f=&url=%s';
$ztarget_hash = $ztarget && $zsig ? make_xchan_hash($ztarget, $zsig) : '';
$permissions = get_all_perms($e['channel_id'], $ztarget_hash, false);
if ($ztarget_hash) {
$permissions['connected'] = false;
$b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($ztarget_hash), intval($e['channel_id']));
if ($b) {
$permissions['connected'] = true;
}
}
$ret['permissions'] = $ztarget && $zkey ? crypto_encapsulate(json_encode($permissions), $zkey) : $permissions;
if ($permissions['view_profile']) {
$ret['profile'] = $profile;
}
// array of (verified) hubs this channel uses
$x = zot_encode_locations($e);
if ($x) {
$ret['locations'] = $x;
}
$ret['site'] = array();
$ret['site']['url'] = z_root();
$ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(), $e['channel_prvkey']));
$dirmode = get_config('system', 'directory_mode');
if ($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) {
$ret['site']['directory_mode'] = 'normal';
}
if ($dirmode == DIRECTORY_MODE_PRIMARY) {
$ret['site']['directory_mode'] = 'primary';
} elseif ($dirmode == DIRECTORY_MODE_SECONDARY) {
$ret['site']['directory_mode'] = 'secondary';
} elseif ($dirmode == DIRECTORY_MODE_STANDALONE) {
$ret['site']['directory_mode'] = 'standalone';
}
if ($dirmode != DIRECTORY_MODE_NORMAL) {
$ret['site']['directory_url'] = z_root() . '/dirsearch';
}
// hide detailed site information if you're off the grid
if ($dirmode != DIRECTORY_MODE_STANDALONE) {
$register_policy = intval(get_config('system', 'register_policy'));
if ($register_policy == REGISTER_CLOSED) {
$ret['site']['register_policy'] = 'closed';
}
if ($register_policy == REGISTER_APPROVE) {
$ret['site']['register_policy'] = 'approve';
}
if ($register_policy == REGISTER_OPEN) {
$ret['site']['register_policy'] = 'open';
}
$access_policy = intval(get_config('system', 'access_policy'));
if ($access_policy == ACCESS_PRIVATE) {
$ret['site']['access_policy'] = 'private';
}
if ($access_policy == ACCESS_PAID) {
$ret['site']['access_policy'] = 'paid';
}
if ($access_policy == ACCESS_FREE) {
$ret['site']['access_policy'] = 'free';
}
if ($access_policy == ACCESS_TIERED) {
$ret['site']['access_policy'] = 'tiered';
}
$ret['site']['accounts'] = account_total();
require_once 'include/identity.php';
$ret['site']['channels'] = channel_total();
$ret['site']['version'] = PLATFORM_NAME . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']';
$ret['site']['admin'] = get_config('system', 'admin_email');
$a = get_app();
$visible_plugins = array();
if (is_array($a->plugins) && count($a->plugins)) {
$r = q("select * from addon where hidden = 0");
if ($r) {
foreach ($r as $rr) {
$visible_plugins[] = $rr['name'];
}
}
}
$ret['site']['plugins'] = $visible_plugins;
$ret['site']['sitehash'] = get_config('system', 'location_hash');
$ret['site']['sitename'] = get_config('system', 'sitename');
$ret['site']['sellpage'] = get_config('system', 'sellpage');
$ret['site']['location'] = get_config('system', 'site_location');
$ret['site']['realm'] = get_directory_realm();
$ret['site']['project'] = PLATFORM_NAME;
}
check_zotinfo($e, $x, $ret);
call_hooks('zot_finger', $ret);
return $ret;
}
function get()
{
$sort_type = 0;
$o = '';
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return login();
}
$channel = \App::get_channel();
$my_perms = get_channel_default_perms(local_channel());
$role = get_pconfig(local_channel(), 'system', 'permissions_role');
if ($role) {
$x = get_role_perms($role);
if ($x['perms_accept']) {
$my_perms = $x['perms_accept'];
}
}
$yes_no = array(t('No'), t('Yes'));
if ($my_perms) {
$o .= "<script>function connectDefaultShare() {\n\t\t\t\$('.abook-edit-me').each(function() {\n\t\t\t\tif(! \$(this).is(':disabled'))\n\t\t\t\t\t\$(this).prop('checked', false);\n\t\t\t});\n\n";
$perms = get_perms();
foreach ($perms as $p => $v) {
if ($my_perms & $v[1]) {
$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
}
}
$o .= " }\n</script>\n";
}
if (argc() == 3) {
$contact_id = intval(argv(1));
if (!$contact_id) {
return;
}
$cmd = argv(2);
$orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\tWHERE abook_id = %d AND abook_channel = %d AND abook_self = 0 LIMIT 1", intval($contact_id), intval(local_channel()));
if (!count($orig_record)) {
notice(t('Could not access address book record.') . EOL);
goaway(z_root() . '/connections');
}
if ($cmd === 'update') {
// pull feed and consume it, which should subscribe to the hub.
proc_run('php', "include/poller.php", "{$contact_id}");
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'refresh') {
if ($orig_record[0]['xchan_network'] === 'zot') {
if (!zot_refresh($orig_record[0], \App::get_channel())) {
notice(t('Refresh failed - channel is currently unavailable.'));
}
} else {
// if you are on a different network we'll force a refresh of the connection basic info
proc_run('php', 'include/notifier.php', 'permission_update', $contact_id);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'block') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_BLOCKED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'ignore') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_IGNORED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'archive') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_ARCHIVED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'hide') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_HIDDEN)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
// We'll prevent somebody from unapproving an already approved contact.
// Though maybe somebody will want this eventually (??)
if ($cmd === 'approve') {
if (intval($orig_record[0]['abook_pending'])) {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_PENDING)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'drop') {
require_once 'include/Contact.php';
// FIXME
// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
// in the background there could be a race condition preventing this packet from being sent in all cases.
// PLACEHOLDER
contact_remove(local_channel(), $orig_record[0]['abook_id']);
build_sync_packet(0, array('abook' => array(array('abook_xchan' => $orig_record[0]['abook_xchan'], 'entry_deleted' => true))));
info(t('Connection has been removed.') . EOL);
if (x($_SESSION, 'return_url')) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/contacts');
}
}
if (\App::$poi) {
$contact_id = \App::$poi['abook_id'];
$contact = \App::$poi;
$tools = array('view' => array('label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf(t('View %s\'s profile'), $contact['xchan_name'])), 'refresh' => array('label' => t('Refresh Permissions'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions')), 'recent' => array('label' => t('Recent Activity'), 'url' => z_root() . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments')), 'block' => array('label' => intval($contact['abook_blocked']) ? t('Unblock') : t('Block'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => intval($contact['abook_blocked']) ? 'active' : '', 'title' => t('Block (or Unblock) all communications with this connection'), 'info' => intval($contact['abook_blocked']) ? t('This connection is blocked!') : ''), 'ignore' => array('label' => intval($contact['abook_ignored']) ? t('Unignore') : t('Ignore'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => intval($contact['abook_ignored']) ? 'active' : '', 'title' => t('Ignore (or Unignore) all inbound communications from this connection'), 'info' => intval($contact['abook_ignored']) ? t('This connection is ignored!') : ''), 'archive' => array('label' => intval($contact['abook_archived']) ? t('Unarchive') : t('Archive'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => intval($contact['abook_archived']) ? 'active' : '', 'title' => t('Archive (or Unarchive) this connection - mark channel dead but keep content'), 'info' => intval($contact['abook_archived']) ? t('This connection is archived!') : ''), 'hide' => array('label' => intval($contact['abook_hidden']) ? t('Unhide') : t('Hide'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => intval($contact['abook_hidden']) ? 'active' : '', 'title' => t('Hide or Unhide this connection from your other connections'), 'info' => intval($contact['abook_hidden']) ? t('This connection is hidden!') : ''), 'delete' => array('label' => t('Delete'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection')));
$self = false;
if (intval($contact['abook_self'])) {
$self = true;
}
require_once 'include/contact_selectors.php';
$tpl = get_markup_template("abook_edit.tpl");
if (feature_enabled(local_channel(), 'affinity')) {
$labels = array(t('Me'), t('Family'), t('Friends'), t('Acquaintances'), t('All'));
call_hooks('affinity_labels', $labels);
$label_str = '';
if ($labels) {
foreach ($labels as $l) {
if ($label_str) {
$label_str .= ", '|'";
$label_str .= ", '" . $l . "'";
} else {
$label_str .= "'" . $l . "'";
}
}
}
$slider_tpl = get_markup_template('contact_slider.tpl');
$slide = replace_macros($slider_tpl, array('$min' => 1, '$val' => $contact['abook_closeness'] ? $contact['abook_closeness'] : 99, '$labels' => $label_str));
}
$rating_val = 0;
$rating_text = '';
$xl = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($contact['xchan_hash']));
if ($xl) {
$rating_val = intval($xl[0]['xlink_rating']);
$rating_text = $xl[0]['xlink_rating_text'];
}
$poco_rating = get_config('system', 'poco_rating_enable');
// if unset default to enabled
if ($poco_rating === false) {
$poco_rating = true;
}
if ($poco_rating) {
$rating = replace_macros(get_markup_template('rating_slider.tpl'), array('$min' => -10, '$val' => $rating_val));
} else {
$rating = false;
}
$perms = array();
$channel = \App::get_channel();
$global_perms = get_perms();
$existing = get_all_perms(local_channel(), $contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'), 'Yes'));
$multiprofs = feature_enabled(local_channel(), 'multi_profiles') ? true : false;
if ($slide && !$multiprofs) {
$affinity = t('Set Affinity');
}
if (!$slide && $multiprofs) {
$affinity = t('Set Profile');
}
if ($slide && $multiprofs) {
$affinity = t('Set Affinity & Profile');
}
foreach ($global_perms as $k => $v) {
$thisperm = $contact['abook_my_perms'] & $v[1] ? "1" : '';
$checkinherited = $channel[$v[0]] && $channel[$v[0]] != PERMS_SPECIFIC ? "1" : '';
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if (!$self && $existing[$k]) {
$thisperm = "1";
}
$perms[] = array('perms_' . $k, $v[3], $contact['abook_their_perms'] & $v[1] ? "1" : "", $thisperm, $v[1], $channel[$v[0]] == PERMS_SPECIFIC ? '' : '1', $v[4], $checkinherited);
}
$locstr = '';
$locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'\n\t\t\t\tand hubloc_deleted = 0 and site_dead = 0", dbesc($contact['xchan_hash']));
if ($locs) {
foreach ($locs as $l) {
if (!$l['location']) {
continue;
}
if (strpos($locstr, $l['location']) !== false) {
continue;
}
if (strlen($locstr)) {
$locstr .= ', ';
}
$locstr .= $l['location'];
}
} else {
$locstr = t('none');
}
$o .= replace_macros($tpl, array('$header' => $self ? t('Connection Default Permissions') : sprintf(t('Connection: %s'), $contact['xchan_name']), '$autoperms' => array('autoperms', t('Apply these permissions automatically'), get_pconfig(local_channel(), 'system', 'autoperms') ? 1 : 0, t('Connection requests will be approved without your interaction'), $yes_no), '$addr' => $contact['xchan_addr'], '$addr_text' => t('This connection\'s primary address is'), '$loc_text' => t('Available locations:'), '$locstr' => $locstr, '$notself' => $self ? '' : '1', '$self' => $self ? '1' : '', '$autolbl' => t('The permissions indicated on this page will be applied to all new connections.'), '$tools_label' => t('Connection Tools'), '$tools' => $self ? '' : $tools, '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$lbl_rating' => t('Rating'), '$lbl_rating_label' => t('Slide to adjust your rating'), '$lbl_rating_txt' => t('Optionally explain your rating'), '$connfilter' => feature_enabled(local_channel(), 'connfilter'), '$connfilter_label' => t('Custom Filter'), '$incl' => array('abook_incl', t('Only import posts with this text'), $contact['abook_incl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$excl' => array('abook_excl', t('Do not import posts with this text'), $contact['abook_excl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$rating_text' => array('rating_text', t('Optionally explain your rating'), $rating_text, ''), '$rating_info' => t('This information is public!'), '$rating' => $rating, '$rating_val' => $rating_val, '$slide' => $slide, '$affinity' => $affinity, '$pending_label' => t('Connection Pending Approval'), '$is_pending' => intval($contact['abook_pending']) ? 1 : '', '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$submit' => t('Submit'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), '$close' => $contact['abook_closeness'], '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'), '$permnote_self' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'), '$lastupdtext' => t('Last update:'), '$last_update' => relative_date($contact['abook_connected']), '$profile_select' => contact_profile_assign($contact['abook_profile']), '$multiprofs' => $multiprofs, '$contact_id' => $contact['abook_id'], '$name' => $contact['xchan_name']));
$arr = array('contact' => $contact, 'output' => $o);
call_hooks('contact_edit', $arr);
return $arr['output'];
}
}
