function change_channel($change_channel) { $ret = false; if ($change_channel) { $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", intval($change_channel), intval(get_account_id()), intval(PAGE_REMOVED)); if ($r) { $hash = $r[0]['channel_hash']; $_SESSION['uid'] = intval($r[0]['channel_id']); get_app()->set_channel($r[0]); $_SESSION['theme'] = $r[0]['channel_theme']; $_SESSION['mobile_theme'] = get_pconfig(local_user(), 'system', 'mobile_theme'); date_default_timezone_set($r[0]['channel_timezone']); $ret = $r[0]; } $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash)); if ($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3); get_app()->set_observer($x[0]); get_app()->set_perms(get_all_perms(local_user(), $hash)); } if (!is_dir('store/' . $r[0]['channel_address'])) { @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true); } } return $ret; }
function achievements_content(&$a) { // This doesn't work, so if (!is_developer()) { return; } if (argc() > 1) { $which = argv(1); } else { notice(t('Requested profile is not available.') . EOL); return; } $profile = 0; $profile = argv(1); profile_load($a, $which, $profile); $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['view_profile']) { notice(t('Permission denied.') . EOL); return; } $newmembertext = t('Some blurb about what to do when you\'re new here'); // By default, all badges are false $contactbadge = false; $profilebadge = false; $keywordsbadge = false; // Check number of contacts. Award a badge if over 10 // We'll figure these out on each page load instead of // writing them to the DB because that will mean one needs // to retain their achievements - eg, you can't add // a bunch of channels just to get your badge, and then // delete them all again. If these become popular or // used in profiles or something, we may need to reconsider // and add a table for this - because this won't scale. $r = q("select * from abook where abook_channel = %d", intval($owner)); if (count($r)) { $contacts = count($r); } // We're checking for 11 to adjust for the abook record for self if ($contacts >= 11) { $contactbadge = true; } // Check if an about field in the profile has been created. $r = q("select * from profile where uid = %d and about <> ''", intval($owner)); if ($r) { $profilebadge = 1; } // Check if keywords have been set $r = q("select * from profile where uid = %d and keywords <> ''", intval($owner)); if ($r) { $keywordsbadge = 1; } return replace_macros(get_markup_template("achievements.tpl"), array('$newmembertext' => $newmembertext, '$profilebadge' => $profilebadge, '$contactbadge' => $contactbadge, '$keywordsbadge' => $keywordsbadge, '$channelsbadge' => $channelsbadge)); }
function get() { if (!\App::$profile) { notice(t('Requested profile is not available.') . EOL); \App::$error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); $channel = \App::get_channel(); if (\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) { notice(t('Permission denied.') . EOL); return; } $is_owner = $uid && $uid == $owner ? true : false; $o = ''; // Figure out which post we're editing $post_id = argc() > 2 ? intval(argv(2)) : 0; if (!$post_id) { notice(t('Item not found') . EOL); return; } // Now we've got a post and an owner, let's find out if we're allowed to edit it $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner)); $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", intval($itm[0]['id'])); if ($item_id) { $layout_title = $item_id[0]['sid']; } $rp = 'layouts/' . $which; $x = array('webpage' => ITEM_TYPE_PDL, 'nickname' => $channel['channel_address'], 'editor_autocomplete' => true, 'bbco_autocomplete' => 'comanche', 'return_path' => $rp, 'button' => t('Edit'), 'hide_voting' => true, 'hide_future' => true, 'hide_expire' => true, 'hide_location' => true, 'hide_weblink' => true, 'hide_attach' => true, 'hide_preview' => true, 'ptyp' => $itm[0]['obj_type'], 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, 'title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), 'pagetitle' => $layout_title, 'ptlabel' => t('Layout Name'), 'placeholdertitle' => t('Layout Description (Optional)'), 'showacl' => false, 'profile_uid' => intval($owner)); $editor = status_editor($a, $x); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$id' => $itm[0]['id'], '$editor' => $editor)); return $o; }
function page_content(&$a) { $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($a->profile['profile_uid'], $ob_hash); if (!$perms['view_pages']) { notice(t('Permission denied.') . EOL); return; } if (argc() < 3) { notice(t('Invalid item.') . EOL); return; } $channel_address = argv(1); $page_id = argv(2); $u = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_address)); if (!$u) { notice(t('Channel not found.') . EOL); return; } if ($_REQUEST['rev']) { $revision = " and revision = " . intval($_REQUEST['rev']) . " "; } else { $revision = " order by revision desc "; } require_once 'include/security.php'; $sql_options = item_permissions_sql($u[0]['channel_id']); $r = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$sql_options} {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE)); if (!$r) { // Check again with no permissions clause to see if it is a permissions issue $x = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE)); if ($x) { // Yes, it's there. You just aren't allowed to see it. notice(t('Permission denied.') . EOL); } else { notice(t('Page not found.') . EOL); } return; } if ($r[0]['layout_mid']) { $l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), intval($u[0]['channel_id'])); if ($l) { require_once 'include/comanche.php'; comanche_parser(get_app(), $l[0]['body']); } } // logger('layout: ' . print_r($a->layout,true)); // Use of widgets should be determined by Comanche, but we don't have it on system pages yet, so... if ($perms['write_pages']) { $chan = $a->channel['channel_id']; $who = $channel_address; $which = $r[0]['id']; $o .= writepages_widget($who, $which); } xchan_query($r); $r = fetch_post_tags($r, true); $o .= prepare_page($r[0]); return $o; }
function blocks_content(&$a) { if (argc() > 1) { $which = argv(1); } else { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } profile_load($a, $which, 0); // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } // Block design features from visitors if (!local_user() || local_user() != $owner) { notice(t('Permission denied.') . EOL); return; } // Get the observer, check their permissions $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. require_once 'include/conversation.php'; $x = array('webpage' => ITEM_BUILDBLOCK, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => $group || $cid ? '!' : '', 'showacl' => false, 'visitor' => true, 'mimetype' => 'choose', 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner)); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $o .= status_editor($a, $x); //Get a list of blocks. We can't display all them because endless scroll makes that unusable, so just list titles and an edit link. //TODO - this should be replaced with pagelist_widget $r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", intval($owner)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { $pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid']); } } //Build the base URL for edit links $url = z_root() . "/editblock/" . $which; // This isn't pretty, but it works. Until I figure out what to do with the UI, it's Good Enough(TM). return $o . replace_macros(get_markup_template("blocklist.tpl"), array('$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1')); }
function page_init(&$a) { // We need this to make sure the channel theme is always loaded. $which = argv(1); $profile = 0; profile_load($a, $which, $profile); if ($a->profile['profile_uid']) { head_set_icon($a->profile['thumb']); } // load the item here in the init function because we need to extract // the page layout and initialise the correct theme. $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($a->profile['profile_uid'], $ob_hash); if (!$perms['view_pages']) { notice(t('Permission denied.') . EOL); return; } if (argc() < 3) { notice(t('Invalid item.') . EOL); return; } $channel_address = argv(1); $page_id = argv(2); $u = q("select channel_id from channel where channel_address = '%s' limit 1", dbesc($channel_address)); if (!$u) { notice(t('Channel not found.') . EOL); return; } if ($_REQUEST['rev']) { $revision = " and revision = " . intval($_REQUEST['rev']) . " "; } else { $revision = " order by revision desc "; } require_once 'include/security.php'; $sql_options = item_permissions_sql($u[0]['channel_id']); $r = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$sql_options} {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE)); if (!$r) { // Check again with no permissions clause to see if it is a permissions issue $x = q("select item.* from item left join item_id on item.id = item_id.iid\n\t\twhere item.uid = %d and sid = '%s' and service = 'WEBPAGE' and \n\t\titem_restrict = %d {$revision} limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_WEBPAGE)); if ($x) { // Yes, it's there. You just aren't allowed to see it. notice(t('Permission denied.') . EOL); } else { notice(t('Page not found.') . EOL); } return; } if ($r[0]['layout_mid']) { $l = q("select body from item where mid = '%s' and uid = %d limit 1", dbesc($r[0]['layout_mid']), intval($u[0]['channel_id'])); if ($l) { require_once 'include/comanche.php'; comanche_parser(get_app(), $l[0]['body']); get_app()->pdl = $l[0]['body']; } } $a->data['webpage'] = $r; }
function editlayout_content(&$a) { // We first need to figure out who owns the webpage, grab it from an argument $which = argv(1); // $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); //logger('owner: ' . print_r($owner,true)); } if (local_user() && argc() > 2 && argv(2) === 'view') { $which = $channel['channel_address']; } $o = ''; // Figure out which post we're editing $post_id = argc() > 2 ? intval(argv(2)) : 0; if (!$post_id) { notice(t('Item not found') . EOL); return; } // Now we've got a post and an owner, let's find out if we're allowed to edit it $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // We've already figured out which item we want and whose copy we need, so we don't need anything fancy here $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner)); $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", $itm[0]['id']); if ($item_id) { $layout_title = $item_id[0]['sid']; } $plaintext = true; // You may or may not be a local user. This won't work, // if(feature_enabled(local_user(),'richtext')) // $plaintext = false; $o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout'))); $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $a->user['nickname'], '$confirmdelete' => t('Delete layout?'))); $tpl = get_markup_template("jot.tpl"); $jotplugins = ''; $jotnets = ''; call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); $channel = $a->get_channel(); //$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins)); //FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list. $rp = '/layouts/' . $which; $o .= replace_macros($tpl, array('$return_path' => $rp, '$action' => 'item', '$webpage' => ITEM_PDL, '$share' => t('Edit'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $channel['channel_location'], '$visitor' => false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Set title'), '$pagetitle' => $layout_title, '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', '$profile_uid' => intval($owner), '$preview' => feature_enabled(local_user(), 'preview') ? t('Preview') : '', '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'))); $ob = get_observer_hash(); if ($itm[0]['author_xchan'] === $ob || $itm[0]['owner_xchan'] === $ob) { $o .= '<br /><br /><a class="layout-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Layout') . '</a><br />'; } return $o; }
function get() { $channel = \App::get_channel(); $atoken = null; $atoken_xchan = ''; if (argc() > 2) { $id = argv(2); $atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d", intval($id), intval(local_channel())); if ($atoken) { $atoken = $atoken[0]; $atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $atoken['atoken_name']; } if ($atoken && argc() > 3 && argv(3) === 'drop') { atoken_delete($id); $atoken = null; $atoken_xchan = ''; } } $t = q("select * from atoken where atoken_uid = %d", intval(local_channel())); $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access private content.'); $desc2 = t('You may also provide <em>dropbox</em> style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:'); $global_perms = \Zotlabs\Access\Permissions::Perms(); $existing = get_all_perms(local_channel(), $atoken_xchan ? $atoken_xchan : ''); if ($atoken_xchan) { $theirs = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'their_perms'", intval(local_channel()), dbesc($atoken_xchan)); $their_perms = array(); if ($theirs) { foreach ($theirs as $t) { $their_perms[$t['k']] = $t['v']; } } } foreach ($global_perms as $k => $v) { $thisperm = get_abconfig(local_channel(), $contact['abook_xchan'], 'my_perms', $k); //fixme $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(), $k); if ($existing[$k]) { $thisperm = "1"; } $perms[] = array('perms_' . $k, $v, array_key_exists($k, $their_perms) ? intval($their_perms[$k]) : '', $thisperm, 1, $checkinherited & PERMS_SPECIFIC ? '' : '1', '', $checkinherited); } $tpl = get_markup_template("settings_tokens.tpl"); $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_tokens"), '$title' => t('Guest Access Tokens'), '$desc' => $desc, '$desc2' => $desc2, '$tokens' => $t, '$atoken' => $atoken, '$url1' => z_root() . '/channel/' . $channel['channel_address'], '$url2' => z_root() . '/photos/' . $channel['channel_address'], '$name' => array('name', t('Login Name') . ' <span class="required">*</span>', $atoken ? $atoken['atoken_name'] : '', ''), '$token' => array('token', t('Login Password') . ' <span class="required">*</span>', $atoken ? $atoken['atoken_token'] : autoname(8), ''), '$expires' => array('expires', t('Expires (yyyy-mm-dd)'), $atoken['atoken_expires'] && $atoken['atoken_expires'] > NULL_DATE ? datetime_convert('UTC', date_default_timezone_get(), $atoken['atoken_expires']) : '', ''), '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$inherited' => t('inherited'), '$notself' => '1', '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'), '$submit' => t('Submit'))); return $o; }
function channel_content(&$a, $update = 0, $load = false) { $category = $datequery = $datequery2 = ''; $mid = $_GET['mid']; $datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : ''; $datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : ''; if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) { return login(); } $category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : ''; $groups = array(); $o = ''; if ($update) { // Ensure we've got a profile owner if updating. $a->profile['profile_uid'] = $update; } else { if ($a->profile['profile_uid'] == local_user()) { nav_set_selected('home'); } } $is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false; $channel = $a->get_channel(); $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($a->profile['profile_uid'], $ob_hash); if (!$perms['view_stream']) { // We may want to make the target of this redirect configurable if ($perms['view_profile']) { notice(t('Insufficient permissions. Request redirected to profile page.') . EOL); goaway(z_root() . "/profile/" . $a->profile['channel_address']); } notice(t('Permission denied.') . EOL); return; } if (!$update) { $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); $o .= common_friends_visitor_widget($a->profile['profile_uid']); if ($channel && $is_owner) { $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); } else { $channel_acl = array(); } if ($perms['post_wall']) { $x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig($a->profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? $a->profile['channel_location'] : '', 'nickname' => $a->profile['channel_address'], 'lockstate' => strlen($a->profile['channel_allow_cid']) || strlen($a->profile['channel_allow_gid']) || strlen($a->profile['channel_deny_cid']) || strlen($a->profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl) : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => $a->profile['profile_uid']); $o .= status_editor($a, $x); } } /** * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ $sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups); if ($update && !$load) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN)); } else { $r = q("SELECT distinct parent AS `item_id` from item\n\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND ( item_flags & %d ) \n\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY created DESC", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN), intval(ABOOK_FLAG_BLOCKED)); } } else { if (x($category)) { $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); } if ($datequery) { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); } if ($datequery2) { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } $itemspage = get_pconfig(local_user(), 'system', 'itemspage'); $a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20); $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage'])); if ($load || $_COOKIE['jsAvailable'] != 1) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL)); if (!$r) { notice(t('Permission denied.') . EOL); } } else { $r = q("SELECT distinct id AS item_id FROM item \n\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) and (item_flags & %d)\n\t\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_THREAD_TOP), intval(ABOOK_FLAG_BLOCKED)); } } else { $r = array(); } } if ($r) { $parents_str = ids_to_querystr($r, 'item_id'); $items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\tFROM `item`\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0\n\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t{$sql_extra} ", intval($a->profile['profile_uid']), dbesc($parents_str)); xchan_query($items); $items = fetch_post_tags($items, true); $items = conv_sort($items, 'created'); if ($load && $mid && !count($items)) { // This will happen if we don't have sufficient permissions // to view the parent item (or the item itself if it is toplevel) notice(t('Permission denied.') . EOL); } } else { $items = array(); } if (!$update && !$load) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. $o .= '<div id="live-channel"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => $a->profile['profile_uid'] ? $a->profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => $a->pager['page'] != 1 ? $a->pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$mid' => $mid, '$dend' => $datequery, '$dbegin' => $datequery2)); } if ($is_owner) { $r = q("UPDATE item SET item_flags = (item_flags ^ %d)\n\t\t\tWHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), intval(local_user())); } if ($_COOKIE['jsAvailable'] == 1) { $o .= conversation($a, $items, 'channel', $update, 'client'); } else { $o .= conversation($a, $items, 'channel', $update, 'traditional'); } if (!$update || $_COOKIE['jsAvailable'] != 1) { $o .= alt_pager($a, count($items)); } if ($mid) { $o .= '<div id="content-complete"></div>'; } return $o; }
function like_content(&$a) { $o = ''; $observer = $a->get_observer(); $interactive = $_REQUEST['interactive']; if ($interactive) { $o .= '<h1>' . t('Like/Dislike') . '</h1>'; $o .= EOL . EOL; if (!$observer) { $_SESSION['return_url'] = $a->query_string; $o .= t('This action is restricted to members.') . EOL; $o .= t('Please <a href="rmagic">login with your RedMatrix ID</a> or <a href="register">register as a new RedMatrix member</a> to continue.') . EOL; return $o; } } $verb = notags(trim($_GET['verb'])); if (!$verb) { $verb = 'like'; } switch ($verb) { case 'like': case 'unlike': $activity = ACTIVITY_LIKE; break; case 'dislike': case 'undislike': $activity = ACTIVITY_DISLIKE; break; case 'agree': case 'unagree': $activity = ACTIVITY_AGREE; break; case 'disagree': case 'undisagree': $activity = ACTIVITY_DISAGREE; break; case 'abstain': case 'unabstain': $activity = ACTIVITY_ABSTAIN; break; case 'attendyes': case 'unattendyes': $activity = ACTIVITY_ATTEND; break; case 'attendno': case 'unattendno': $activity = ACTIVITY_ATTENDNO; break; case 'attendmaybe': case 'unattendmaybe': $activity = ACTIVITY_ATTENDMAYBE; break; default: return; break; } $extended_like = false; $object = $target = null; $post_type = ''; $objtype = ''; if (argc() == 3) { if (!$observer) { killme(); } $extended_like = true; $obj_type = argv(1); $obj_id = argv(2); $public = true; if ($obj_type == 'profile') { $r = q("select * from profile where profile_guid = '%s' limit 1", dbesc(argv(2))); if (!$r) { killme(); } $owner_uid = $r[0]['uid']; if ($r[0]['is_default']) { $public = true; } if (!$public) { $d = q("select abook_xchan from abook where abook_profile = '%s' and abook_channel = %d", dbesc($r[0]['profile_guid']), intval($owner_uid)); if (!$d) { // forgery - illegal if ($interactive) { notice(t('Invalid request.') . EOL); return $o; } killme(); } // $d now contains a list of those who can see this profile - only send the status notification // to them. $allow_cid = $allow_gid = $deny_cid = $deny_gid = ''; foreach ($d as $dd) { $allow_gid .= '<' . $dd['abook_xchan'] . '>'; } } $post_type = t('channel'); $objtype = ACTIVITY_OBJ_PROFILE; } elseif ($obj_type == 'thing') { $r = q("select * from obj left join term on obj_obj = term_hash where term_hash != '' \n\t\t\t\tand obj_type = %d and term_hash = '%s' limit 1", intval(TERM_OBJ_THING), dbesc(argv(2))); if (!$r) { if ($interactive) { notice(t('Invalid request.') . EOL); return $o; } killme(); } $owner_uid = $r[0]['obj_channel']; $allow_cid = $r[0]['allow_cid']; $allow_gid = $r[0]['allow_gid']; $deny_cid = $r[0]['deny_cid']; $deny_gid = $r[0]['deny_gid']; if ($allow_cid || $allow_gid || $deny_cid || $deny_gid) { $public = false; } $post_type = t('thing'); $objtype = ACTIVITY_OBJ_PROFILE; $tgttype = ACTIVITY_OBJ_THING; $links = array(); $links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/thing/' . $r[0]['term_hash']); if ($r[0]['imgurl']) { $links[] = array('rel' => 'photo', 'href' => $r[0]['imgurl']); } $target = json_encode(array('type' => $tgttype, 'title' => $r[0]['term'], 'id' => z_root() . '/thing/' . $r[0]['term_hash'], 'link' => $links)); $plink = '[zrl=' . z_root() . '/thing/' . $r[0]['term_hash'] . ']' . $r[0]['term'] . '[/zrl]'; } if (!($owner_uid && $r)) { if ($interactive) { notice(t('Invalid request.') . EOL); return $o; } killme(); } // The resultant activity is going to be a wall-to-wall post, so make sure this is allowed $perms = get_all_perms($owner_uid, $observer['xchan_hash']); if (!($perms['post_like'] && $perms['view_profile'])) { if ($interactive) { notice(t('Permission denied.') . EOL); return $o; } killme(); } $ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", intval($owner_uid)); if (!$ch) { if ($interactive) { notice(t('Channel unavailable.') . EOL); return $o; } killme(); } if (!$plink) { $plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]'; } $links = array(); $links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/profile/' . $ch[0]['channel_address']); $links[] = array('rel' => 'photo', 'type' => $ch[0]['xchan_photo_mimetype'], 'href' => $ch[0]['xchan_photo_l']); $object = json_encode(array('type' => ACTIVITY_OBJ_PROFILE, 'title' => $ch[0]['channel_name'], 'id' => $ch[0]['xchan_url'] . '/' . $ch[0]['xchan_hash'], 'link' => $links)); // second like of the same thing is "undo" for the first like $z = q("select * from likes where channel_id = %d and liker = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' limit 1", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id)); if ($z) { q("delete from likes where id = %d limit 1", intval($z[0]['id'])); drop_item($z[0]['iid'], false); if ($interactive) { notice(t('Previous action reversed.') . EOL); return $o; } killme(); } } else { // this is used to like an item or comment $item_id = argc() == 2 ? notags(trim(argv(1))) : 0; logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG); // get the item. Allow linked photos (which are normally hidden) to be liked $r = q("SELECT * FROM item WHERE id = %d and (item_restrict = 0 or item_restrict = %d) LIMIT 1", intval($item_id), intval(ITEM_HIDDEN)); if (!$item_id || !$r) { logger('like: no item ' . $item_id); killme(); } $item = $r[0]; $owner_uid = $item['uid']; $owner_aid = $item['aid']; $sys = get_sys_channel(); // if this is a "discover" item, (item['uid'] is the sys channel), // fallback to the item comment policy, which should've been // respected when generating the conversation thread. // Even if the activity is rejected by the item owner, it should still get attached // to the local discover conversation on this site. if ($owner_uid != $sys['channel_id'] && !perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_comments')) { notice(t('Permission denied') . EOL); killme(); } $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan'])); if ($r) { $thread_owner = $r[0]; } else { killme(); } $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan'])); if ($r) { $item_author = $r[0]; } else { killme(); } $verbs = " '" . dbesc($activity) . "' "; $multi_undo = 0; // event participation and consensus items are essentially radio toggles. If you make a subsequent choice, // we need to eradicate your first choice. if ($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; $multi_undo = 1; } if ($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) { $verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' "; $multi_undo = 1; } $r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( {$verbs} ) AND item_restrict = 0 \n\t\t\tAND author_xchan = '%s' AND ( parent = %d OR thr_parent = '%s') and uid = %d ", dbesc($observer['xchan_hash']), intval($item_id), dbesc($item['mid']), intval($owner_uid)); if ($r) { // already liked it. Drop that item. require_once 'include/items.php'; foreach ($r as $rr) { drop_item($rr['id'], false, DROPITEM_PHASE1); // set the changed timestamp on the parent so we'll see the update without a page reload $z = q("update item set changed = '%s' where id = %d and uid = %d", dbesc(datetime_convert()), intval($rr['parent']), intval($rr['uid'])); // Prior activity was a duplicate of the one we're submitting, just undo it; // don't fall through and create another if (activity_match($rr['verb'], $activity)) { $multi_undo = false; } } if ($interactive) { return; } if (!$multi_undo) { killme(); } } } $mid = item_message_id(); if ($extended_like) { $item_flags = ITEM_THREAD_TOP | ITEM_ORIGIN | ITEM_WALL; } else { $post_type = $item['resource_type'] === 'photo' ? t('photo') : t('status'); if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) { $post_type = t('event'); } $links = array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item['plink'])); $objtype = $item['resource_type'] === 'photo' ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE; $body = $item['body']; $object = json_encode(array('type' => $objtype, 'id' => $item['mid'], 'parent' => $item['thr_parent'] ? $item['thr_parent'] : $item['parent_mid'], 'link' => $links, 'title' => $item['title'], 'content' => $item['body'], 'created' => $item['created'], 'edited' => $item['edited'], 'author' => array('name' => $item_author['xchan_name'], 'address' => $item_author['xchan_addr'], 'guid' => $item_author['xchan_guid'], 'guid_sig' => $item_author['xchan_guid_sig'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m']))))); if (!($item['item_flags'] & ITEM_THREAD_TOP)) { $post_type = 'comment'; } $item_flags = ITEM_ORIGIN | ITEM_NOTSHOWN; if ($item['item_flags'] & ITEM_WALL) { $item_flags |= ITEM_WALL; } // if this was a linked photo and was hidden, unhide it. if ($item['item_restrict'] & ITEM_HIDDEN) { $r = q("update item set item_restrict = (item_restrict ^ %d) where id = %d", intval(ITEM_HIDDEN), intval($item['id'])); } } if ($verb === 'like') { $bodyverb = t('%1$s likes %2$s\'s %3$s'); } if ($verb === 'dislike') { $bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s'); } if ($verb === 'agree') { $bodyverb = t('%1$s agrees with %2$s\'s %3$s'); } if ($verb === 'disagree') { $bodyverb = t('%1$s doesn\'t agree with %2$s\'s %3$s'); } if ($verb === 'abstain') { $bodyverb = t('%1$s abstains from a decision on %2$s\'s %3$s'); } if ($verb === 'attendyes') { $bodyverb = t('%1$s is attending %2$s\'s %3$s'); } if ($verb === 'attendno') { $bodyverb = t('%1$s is not attending %2$s\'s %3$s'); } if ($verb === 'attendmaybe') { $bodyverb = t('%1$s may attend %2$s\'s %3$s'); } if (!isset($bodyverb)) { killme(); } $arr = array(); if ($extended_like) { $ulink = '[zrl=' . $ch[0]['xchan_url'] . ']' . $ch[0]['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $private = $public ? 0 : 1; } else { $arr['parent'] = $item['id']; $arr['thr_parent'] = $item['mid']; $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; $plink = '[zrl=' . $a->get_baseurl() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]'; $allow_cid = $item['allow_cid']; $allow_gid = $item['allow_gid']; $deny_cid = $item['deny_cid']; $deny_gid = $item['deny_gid']; $private = $item['private']; } $arr['mid'] = $mid; $arr['aid'] = $extended_like ? $ch[0]['channel_account_id'] : $owner_aid; $arr['uid'] = $owner_uid; $arr['item_flags'] = $item_flags; $arr['parent_mid'] = $extended_like ? $mid : $item['mid']; $arr['owner_xchan'] = $extended_like ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['body'] = sprintf($bodyverb, $alink, $ulink, $plink); if ($obj_type === 'thing' && $r[0]['imgurl']) { $arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]'; } $arr['verb'] = $activity; $arr['obj_type'] = $objtype; $arr['object'] = $object; if ($target) { $arr['tgt_type'] = $tgttype; $arr['target'] = $target; } $arr['allow_cid'] = $allow_cid; $arr['allow_gid'] = $allow_gid; $arr['deny_cid'] = $deny_cid; $arr['deny_gid'] = $deny_gid; $arr['item_private'] = $private; $post = item_store($arr); $post_id = $post['item_id']; $arr['id'] = $post_id; call_hooks('post_local_end', $arr); if ($extended_like) { $r = q("insert into likes (channel_id,liker,likee,iid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s')", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), intval($post_id), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id), dbesc(json_encode($target ? $target : $object))); } proc_run('php', "include/notifier.php", "like", "{$post_id}"); if ($interactive) { notice(t('Action completed.') . EOL); $o .= t('Thank you.'); return $o; } killme(); }
function filestorage_content(&$a) { if (argc() > 1) { $which = argv(1); } else { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $r = q("select * from channel where channel_address = '%s'", dbesc($which)); if ($r) { $channel = $r[0]; $owner = intval($r[0]['channel_id']); } $observer = $a->get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['view_storage']) { notice(t('Permission denied.') . EOL); return; } // Since we have ACL'd files in the wild, but don't have ACL here yet, we // need to return for anyone other than the owner, despite the perms check for now. $is_owner = local_channel() && $owner == local_channel() ? true : false; if (!$is_owner) { info(t('Permission Denied.') . EOL); return; } if (argc() > 3 && argv(3) === 'delete') { if (!$perms['write_storage']) { notice(t('Permission denied.') . EOL); return; } $file = intval(argv(2)); $r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1", dbesc($file), intval($owner)); if (!$r) { notice(t('File not found.') . EOL); goaway(z_root() . '/cloud/' . $which); } $f = $r[0]; $channel = $a->get_channel(); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); attach_delete($owner, $f['hash']); goaway($parentpath); } if (argc() > 3 && argv(3) === 'edit') { require_once 'include/acl_selectors.php'; if (!$perms['write_storage']) { notice(t('Permission denied.') . EOL); return; } $file = intval(argv(2)); $r = q("select id, uid, folder, filename, revision, flags, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1", intval($file), intval($owner)); $f = $r[0]; $channel = $a->get_channel(); $cloudpath = get_cloudpath($f) . ($f['flags'] & ATTACH_FLAG_DIR ? '?f=&davguest=1' : ''); $parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']); $aclselect_e = populate_acl($f, false); $is_a_dir = $f['flags'] & ATTACH_FLAG_DIR ? true : false; $lockstate = $f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid'] ? 'lock' : 'unlock'; // Encode path that is used for link so it's a valid URL // Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly $encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath)); $o = replace_macros(get_markup_template('attach_edit.tpl'), array('$header' => t('Edit file permissions'), '$file' => $f, '$cloudpath' => z_root() . '/' . $encoded_path, '$parentpath' => $parentpath, '$uid' => $channel['channel_id'], '$channelnick' => $channel['channel_address'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$lockstate' => $lockstate, '$permset' => t('Set/edit permissions'), '$recurse' => array('recurse', t('Include all files and sub folders'), 0, '', array(t('No'), t('Yes'))), '$backlink' => t('Return to file list'), '$isadir' => $is_a_dir, '$cpdesc' => t('Copy/paste this code to attach file to a post'), '$cpldesc' => t('Copy/paste this URL to link file from a web page'), '$submit' => t('Submit'), '$attach_btn_title' => t('Share this file'), '$link_btn_title' => t('Show URL to this file'), '$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))))); echo $o; killme(); } goaway(z_root() . '/cloud/' . $which); }
function layouts_content(&$a) { if (!$a->profile) { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $which = argv(1); $_SESSION['return_url'] = $a->query_string; $uid = local_channel(); $owner = 0; $channel = null; $observer = $a->get_observer(); $channel = $a->get_channel(); if ($a->is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // Block design features from visitors if (!$uid || $uid != $owner) { notice(t('Permission denied.') . EOL); return; } // Get the observer, check their permissions $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } //This feature is not exposed in redbasic ui since it is not clear why one would want to //download a json encoded pdl file - we dont have a possibility to import it. //Use the buildin share/install feature instead. if (argc() > 3 && argv(2) === 'share' && argv(3)) { $r = q("select sid, service, mimetype, title, body from item_id \n\t\t\tleft join item on item.id = item_id.iid \n\t\t\twhere item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3))); if ($r) { header('Content-type: application/x-redmatrix-layout'); header('Content-disposition: attachment; filename="' . $r[0]['sid'] . '.pdl"'); echo json_encode($r); killme(); } } // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. $x = array('webpage' => ITEM_PDL, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'bang' => '', 'showacl' => false, 'visitor' => false, 'nopreview' => 1, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner), 'expanded' => true, 'placeholdertitle' => t('Layout Description (Optional)'), 'novoting' => true); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $editor = status_editor($a, $x); $r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id\n\t\twhere item_id.uid = %d and service = 'PDL' and item_restrict = %d order by item.created desc", intval($owner), intval(ITEM_PDL)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { $element_arr = array('type' => 'layout', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid']); $pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid'], 'descr' => $rr['title'], 'mid' => $rr['mid'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]'); } } //Build the base URL for edit links $url = z_root() . '/editlayout/' . $which; $o .= replace_macros(get_markup_template('layoutlist.tpl'), array('$title' => t('Layouts'), '$create' => t('Create'), '$help' => array('text' => t('Help'), 'url' => 'help/comanche', 'title' => t('Comanche page description language help')), '$editor' => $editor, '$baseurl' => $url, '$name' => t('Layout Name'), '$descr' => t('Layout Description'), '$created' => t('Created'), '$edited' => t('Edited'), '$edit' => t('Edit'), '$share' => t('Share'), '$download' => t('Download PDL file'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'))); return $o; }
function get() { if (!\App::$profile) { notice(t('Requested profile is not available.') . EOL); \App::$error = 404; return; } $which = argv(1); $_SESSION['return_url'] = \App::$query_string; $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); $channel = \App::get_channel(); if (\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // Block design features from visitors if (!$uid || $uid != $owner) { notice(t('Permission denied.') . EOL); return; } $mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype'); $x = array('webpage' => ITEM_TYPE_BLOCK, 'is_owner' => true, 'nickname' => \App::$profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => true, 'mimetype' => $mimetype, 'mimeselect' => true, 'hide_location' => true, 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner), 'expanded' => true, 'novoting' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $editor = status_editor($a, $x); $r = q("select iid, sid, mid, title, body, mimetype, created, edited from item_id left join item on item_id.iid = item.id\n\t\t\twhere item_id.uid = %d and service = 'BUILDBLOCK' and item_type = %d order by item.created desc", intval($owner), intval(ITEM_TYPE_BLOCK)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { $element_arr = array('type' => 'block', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid']); $pages[$rr['iid']][] = array('url' => $rr['iid'], 'name' => $rr['sid'], 'title' => $rr['title'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]'); } } //Build the base URL for edit links $url = z_root() . '/editblock/' . $which; $o .= replace_macros(get_markup_template('blocklist.tpl'), array('$baseurl' => $url, '$title' => t('Blocks'), '$name' => t('Block Name'), '$blocktitle' => t('Block Title'), '$created' => t('Created'), '$edited' => t('Edited'), '$create' => t('Create'), '$edit' => t('Edit'), '$share' => t('Share'), '$delete' => t('Delete'), '$editor' => $editor, '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1')); return $o; }
function editwebpage_content(&$a) { if (!App::$profile) { notice(t('Requested profile is not available.') . EOL); App::$error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = App::get_observer(); $channel = App::get_channel(); if (App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) { notice(t('Permission denied.') . EOL); return; } $is_owner = $uid && $uid == $owner ? true : false; $o = ''; // Figure out which post we're editing $post_id = argc() > 2 ? intval(argv(2)) : 0; if (!$post_id) { notice(t('Item not found') . EOL); return; } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // We've already figured out which item we want and whose copy we need, // so we don't need anything fancy here $sql_extra = item_permissions_sql($owner); $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s {$sql_extra} LIMIT 1", intval($post_id), intval($owner)); if (!$itm) { notice(t('Permission denied.') . EOL); return; } if (intval($itm[0]['item_obscured'])) { $key = get_config('system', 'prvkey'); if ($itm[0]['title']) { $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']), $key); } if ($itm[0]['body']) { $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']), $key); } } $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id'])); if ($item_id) { $page_title = $item_id[0]['sid']; } $plaintext = true; $mimetype = $itm[0]['mimetype']; if ($mimetype === 'application/x-php') { if (!$uid || $uid != $itm[0]['uid']) { notice(t('Permission denied.') . EOL); return; } } $mimeselect = ''; if ($mimetype != 'text/bbcode') { $plaintext = true; } if (get_config('system', 'page_mimetype')) { $mimeselect = '<input type="hidden" name="mimetype" value="' . $mimetype . '" />'; } else { $mimeselect = mimetype_select($itm[0]['uid'], $mimetype); } $layout = get_config('system', 'page_layout'); if ($layout) { $layoutselect = '<input type="hidden" name="layout_mid" value="' . $layout . '" />'; } else { $layoutselect = layout_select($itm[0]['uid'], $itm[0]['layout_mid']); } App::$page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => z_root(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$pretext' => '', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete webpage?'), '$bbco_autocomplete' => $mimetype == 'text/bbcode' ? 'bbcode' : '')); $tpl = get_markup_template("jot.tpl"); $jotplugins = ''; $jotnets = ''; call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD // instead of loading a sensible page. So, send folk to the webpage list. $rp = 'webpages/' . $which; $editor = replace_macros($tpl, array('$return_path' => $rp, '$webpage' => ITEM_TYPE_WEBPAGE, '$placeholdpagetitle' => t('Page link title'), '$pagetitle' => $page_title, '$writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_storage'), '$action' => 'item', '$share' => t('Edit'), '$bold' => t('Bold'), '$italic' => t('Italic'), '$underline' => t('Underline'), '$quote' => t('Quote'), '$code' => t('Code'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => get_pconfig($uid, 'system', 'use_browser_location') ? t('Clear browser location') : '', '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => z_root(), '$defloc' => $itm[0]['location'], '$visitor' => $is_owner ? true : false, '$acl' => populate_acl($itm[0], false), '$showacl' => $is_owner ? true : false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$mimeselect' => $mimeselect, '$layoutselect' => $layoutselect, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Title (optional)'), '$category' => '', '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), 'lockstate' => strlen($itm[0]['allow_cid']) || strlen($itm[0]['allow_gid']) || strlen($itm[0]['deny_cid']) || strlen($itm[0]['deny_gid']) ? 'lock' : 'unlock', '$bang' => '', '$profile_uid' => intval($owner), '$preview' => t('Preview'), '$jotplugins' => $jotplugins, '$sourceapp' => App::$sourcename, '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'), '$bbcode' => $mimetype == 'text/bbcode' ? true : false)); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Webpage'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$editor' => $editor, '$id' => $itm[0]['id'])); return $o; }
/** * @brief * * @param App $a * @param boolean $is_owner default false * @param string $nickname default null * @return void|string */ function profile_tabs($a, $is_owner = false, $nickname = null) { // Don't provide any profile tabs if we're running as the sys channel if (App::$is_sys) { return; } $channel = App::get_channel(); if (is_null($nickname)) { $nickname = $channel['channel_address']; } $uid = App::$profile['profile_uid'] ? App::$profile['profile_uid'] : local_channel(); if ($uid == local_channel()) { $cal_link = ''; } else { $cal_link = '/cal/' . $nickname; } if (get_pconfig($uid, 'system', 'noprofiletabs')) { return; } if (x($_GET, 'tab')) { $tab = notags(trim($_GET['tab'])); } $url = z_root() . '/channel/' . $nickname; $pr = z_root() . '/profile/' . $nickname; $tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab')); $p = get_all_perms($uid, get_observer_hash()); if ($p['view_profile']) { $tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab'); } if ($p['view_storage']) { $tabs[] = array('label' => t('Photos'), 'url' => z_root() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab'); $tabs[] = array('label' => t('Files'), 'url' => z_root() . '/cloud/' . $nickname, 'sel' => argv(0) == 'cloud' || argv(0) == 'sharedwithme' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab'); } if ($p['view_stream'] && $cal_link) { $tabs[] = array('label' => t('Events'), 'url' => z_root() . $cal_link, 'sel' => argv(0) == 'cal' || argv(0) == 'events' ? 'active' : '', 'title' => t('Events'), 'id' => 'event-tab'); } if ($p['chat'] && feature_enabled($uid, 'ajaxchat')) { $has_chats = Zotlabs\Lib\Chatroom::list_count($uid); if ($has_chats) { $tabs[] = array('label' => t('Chatrooms'), 'url' => z_root() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab'); } } require_once 'include/menu.php'; $has_bookmarks = menu_list_count(local_channel(), '', MENU_BOOKMARK) + menu_list_count(local_channel(), '', MENU_SYSTEM | MENU_BOOKMARK); if ($is_owner && $has_bookmarks) { $tabs[] = array('label' => t('Bookmarks'), 'url' => z_root() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab'); } if ($p['write_pages'] && feature_enabled($uid, 'webpages')) { $tabs[] = array('label' => t('Webpages'), 'url' => z_root() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab'); } if (feature_enabled($uid, 'wiki') && !UNO) { $tabs[] = array('label' => t('Wiki'), 'url' => z_root() . '/wiki/' . $nickname, 'sel' => argv(0) == 'wiki' ? 'active' : '', 'title' => t('Wiki'), 'id' => 'wiki-tab'); } $arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs); call_hooks('profile_tabs', $arr); $tpl = get_markup_template('common_tabs.tpl'); return replace_macros($tpl, array('$tabs' => $arr['tabs'])); }
function profile_tabs($a, $is_owner = False, $nickname = Null) { //echo "<pre>"; var_dump($a->user); killme(); $channel = $a->get_channel(); if (is_null($nickname)) { $nickname = $channel['channel_address']; } $uid = $a->profile['profile_uid'] ? $a->profile['profile_uid'] : local_user(); if (get_pconfig($uid, 'system', 'noprofiletabs')) { return; } if (x($_GET, 'tab')) { $tab = notags(trim($_GET['tab'])); } $url = $a->get_baseurl() . '/channel/' . $nickname; $pr = $a->get_baseurl() . '/profile/' . $nickname; $tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab')); $p = get_all_perms($uid, get_observer_hash()); if ($p['view_profile']) { $tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab'); } if ($p['view_photos']) { $tabs[] = array('label' => t('Photos'), 'url' => $a->get_baseurl() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab'); } if ($p['view_storage']) { $tabs[] = array('label' => t('Files'), 'url' => $a->get_baseurl() . '/cloud/' . $nickname . (get_observer_hash() ? '' : '?f=&davguest=1'), 'sel' => argv(0) == 'cloud' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab'); } require_once 'include/chat.php'; $chats = chatroom_list($uid); if (count($chats)) { $tabs[] = array('label' => t('Chatrooms'), 'url' => $a->get_baseurl() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab'); } if ($is_owner) { $tabs[] = array('label' => t('Bookmarks'), 'url' => $a->get_baseurl() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab'); } if ($is_owner && feature_enabled($uid, 'webpages')) { $tabs[] = array('label' => t('Webpages'), 'url' => $a->get_baseurl() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab'); } else { // FIXME // we probably need a listing of events that were created by // this channel and are visible to the observer } $arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs); call_hooks('profile_tabs', $arr); $tpl = get_markup_template('common_tabs.tpl'); return replace_macros($tpl, array('$tabs' => $arr['tabs'])); }
function zfinger_init(&$a) { require_once 'include/zot.php'; require_once 'include/crypto.php'; $ret = array('success' => false); $zhash = x($_REQUEST, 'guid_hash') ? $_REQUEST['guid_hash'] : ''; $zguid = x($_REQUEST, 'guid') ? $_REQUEST['guid'] : ''; $zguid_sig = x($_REQUEST, 'guid_sig') ? $_REQUEST['guid_sig'] : ''; $zaddr = x($_REQUEST, 'address') ? $_REQUEST['address'] : ''; $ztarget = x($_REQUEST, 'target') ? $_REQUEST['target'] : ''; $zsig = x($_REQUEST, 'target_sig') ? $_REQUEST['target_sig'] : ''; $zkey = x($_REQUEST, 'key') ? $_REQUEST['key'] : ''; $mindate = x($_REQUEST, 'mindate') ? $_REQUEST['mindate'] : ''; $feed = x($_REQUEST, 'feed') ? intval($_REQUEST['feed']) : 0; if ($ztarget) { if (!$zkey || !$zsig || !rsa_verify($ztarget, base64url_decode($zsig), $zkey)) { logger('zfinger: invalid target signature'); $ret['message'] = t("invalid target signature"); json_return_and_die($ret); } } // allow re-written domains so bob@foo.example.com can provide an address of bob@example.com // The top-level domain also needs to redirect .well-known/zot-info to the sub-domain with a 301 or 308 // TODO: Make 308 work in include/network.php for zot_fetch_url and zot_post_url if ($zaddr && ($s = get_config('system', 'zotinfo_domainrewrite'))) { $arr = explode('^', $s); if (count($arr) == 2) { $zaddr = str_replace($arr[0], $arr[1], $zaddr); } } $r = null; if (strlen($zhash)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_hash = '%s' limit 1", dbesc($zhash)); } elseif (strlen($zguid) && strlen($zguid_sig)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_guid = '%s' and channel_guid_sig = '%s' limit 1", dbesc($zguid), dbesc($zguid_sig)); } elseif (strlen($zaddr)) { if (strpos($zaddr, '[system]') === false) { /* normal address lookup */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", dbesc($zaddr), dbesc($zaddr)); } else { /** * The special address '[system]' will return a system channel if one has been defined, * Or the first valid channel we find if there are no system channels. * * This is used by magic-auth if we have no prior communications with this site - and * returns an identity on this site which we can use to create a valid hub record so that * we can exchange signed messages. The precise identity is irrelevant. It's the hub * information that we really need at the other end - and this will return it. * */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_pageflags & %d ) order by channel_id limit 1", intval(PAGE_SYSTEM)); if (!$r) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\t\twhere not ( channel_pageflags & %d ) order by channel_id limit 1", intval(PAGE_REMOVED)); } } } else { $ret['message'] = 'Invalid request'; json_return_and_die($ret); } if (!$r) { $ret['message'] = 'Item not found.'; json_return_and_die($ret); } $e = $r[0]; $id = $e['channel_id']; $special_channel = $e['channel_pageflags'] & PAGE_PREMIUM ? true : false; $adult_channel = $e['channel_pageflags'] & PAGE_ADULT ? true : false; $censored = $e['channel_pageflags'] & PAGE_CENSORED ? true : false; $searchable = $e['channel_pageflags'] & PAGE_HIDDEN ? false : true; $deleted = $e['xchan_flags'] & XCHAN_FLAGS_DELETED ? true : false; if ($deleted || $censored) { $searchable = false; } // This is for birthdays and keywords, but must check access permissions $p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id'])); $profile = array(); if ($p) { if (!intval($p[0]['publish'])) { $searchable = false; } $profile['description'] = $p[0]['pdesc']; $profile['birthday'] = $p[0]['dob']; if ($profile['birthday'] != '0000-00-00' && ($bd = z_birthday($p[0]['dob'], $e['channel_timezone'])) !== '') { $profile['next_birthday'] = $bd; } if ($age = age($p[0]['dob'], $e['channel_timezone'], '')) { $profile['age'] = $age; } $profile['gender'] = $p[0]['gender']; $profile['marital'] = $p[0]['marital']; $profile['sexual'] = $p[0]['sexual']; $profile['locale'] = $p[0]['locality']; $profile['region'] = $p[0]['region']; $profile['postcode'] = $p[0]['postal_code']; $profile['country'] = $p[0]['country_name']; $profile['about'] = $p[0]['about']; $profile['homepage'] = $p[0]['homepage']; $profile['hometown'] = $p[0]['hometown']; if ($p[0]['keywords']) { $tags = array(); $k = explode(' ', $p[0]['keywords']); if ($k) { foreach ($k as $kk) { if (trim($kk, " \t\n\r\v,")) { $tags[] = trim($kk, " \t\n\r\v,"); } } } if ($tags) { $profile['keywords'] = $tags; } } } $ret['success'] = true; // Communication details $ret['guid'] = $e['xchan_guid']; $ret['guid_sig'] = $e['xchan_guid_sig']; $ret['key'] = $e['xchan_pubkey']; $ret['name'] = $e['xchan_name']; $ret['name_updated'] = $e['xchan_name_date']; $ret['address'] = $e['xchan_addr']; $ret['photo_mimetype'] = $e['xchan_photo_mimetype']; $ret['photo'] = $e['xchan_photo_l']; $ret['photo_updated'] = $e['xchan_photo_date']; $ret['url'] = $e['xchan_url']; $ret['connections_url'] = $e['xchan_connurl'] ? $e['xchan_connurl'] : z_root() . '/poco/' . $e['channel_address']; $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; $ret['adult_content'] = $adult_channel; if ($deleted) { $ret['deleted'] = $deleted; } // premium or other channel desiring some contact with potential followers before connecting. // This is a template - %s will be replaced with the follow_url we discover for the return channel. if ($special_channel) { $ret['connect_url'] = z_root() . '/connect/' . $e['channel_address']; } // This is a template for our follow url, %s will be replaced with a webbie $ret['follow_url'] = z_root() . '/follow?f=&url=%s'; $ztarget_hash = $ztarget && $zsig ? make_xchan_hash($ztarget, $zsig) : ''; $permissions = get_all_perms($e['channel_id'], $ztarget_hash, false); if ($ztarget_hash) { $permissions['connected'] = false; $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($ztarget_hash), intval($e['channel_id'])); if ($b) { $permissions['connected'] = true; } } $ret['permissions'] = $ztarget && $zkey ? crypto_encapsulate(json_encode($permissions), $zkey) : $permissions; if ($permissions['view_profile']) { $ret['profile'] = $profile; } // array of (verified) hubs this channel uses $ret['locations'] = array(); $x = zot_get_hublocs($e['channel_hash']); if ($x && count($x)) { foreach ($x as $hub) { if (!($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) { $ret['locations'][] = array('host' => $hub['hubloc_host'], 'address' => $hub['hubloc_addr'], 'primary' => $hub['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY ? true : false, 'url' => $hub['hubloc_url'], 'url_sig' => $hub['hubloc_url_sig'], 'callback' => $hub['hubloc_callback'], 'sitekey' => $hub['hubloc_sitekey'], 'deleted' => $hub['hubloc_flags'] & HUBLOC_FLAGS_DELETED ? true : false); } } } $ret['site'] = array(); $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(), $e['channel_prvkey'])); $dirmode = get_config('system', 'directory_mode'); if ($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { $ret['site']['directory_mode'] = 'normal'; } if ($dirmode == DIRECTORY_MODE_PRIMARY) { $ret['site']['directory_mode'] = 'primary'; } elseif ($dirmode == DIRECTORY_MODE_SECONDARY) { $ret['site']['directory_mode'] = 'secondary'; } elseif ($dirmode == DIRECTORY_MODE_STANDALONE) { $ret['site']['directory_mode'] = 'standalone'; } if ($dirmode != DIRECTORY_MODE_NORMAL) { $ret['site']['directory_url'] = z_root() . '/dirsearch'; } // hide detailed site information if you're off the grid if ($dirmode != DIRECTORY_MODE_STANDALONE) { $register_policy = intval(get_config('system', 'register_policy')); if ($register_policy == REGISTER_CLOSED) { $ret['site']['register_policy'] = 'closed'; } if ($register_policy == REGISTER_APPROVE) { $ret['site']['register_policy'] = 'approve'; } if ($register_policy == REGISTER_OPEN) { $ret['site']['register_policy'] = 'open'; } $access_policy = intval(get_config('system', 'access_policy')); if ($access_policy == ACCESS_PRIVATE) { $ret['site']['access_policy'] = 'private'; } if ($access_policy == ACCESS_PAID) { $ret['site']['access_policy'] = 'paid'; } if ($access_policy == ACCESS_FREE) { $ret['site']['access_policy'] = 'free'; } if ($access_policy == ACCESS_TIERED) { $ret['site']['access_policy'] = 'tiered'; } $ret['site']['accounts'] = account_total(); require_once 'include/identity.php'; $ret['site']['channels'] = channel_total(); $ret['site']['version'] = RED_PLATFORM . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']'; $ret['site']['admin'] = get_config('system', 'admin_email'); $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if ($r) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } $ret['site']['plugins'] = $visible_plugins; $ret['site']['sitehash'] = get_config('system', 'location_hash'); $ret['site']['sitename'] = get_config('system', 'sitename'); $ret['site']['sellpage'] = get_config('system', 'sellpage'); $ret['site']['location'] = get_config('system', 'site_location'); $ret['site']['realm'] = get_directory_realm(); } call_hooks('zot_finger', $ret); json_return_and_die($ret); }
function connedit_content(&$a) { $sort_type = 0; $o = ''; // this triggers some javascript to set Full Sharing by default after // completing a "follow" - which can be changed to something else before // form submission, but this gives us something useable if ($_GET['follow'] == 1) { $o .= '<script>var after_following = 1;</script>'; } if (!local_user()) { notice(t('Permission denied.') . EOL); return login(); } if (argc() == 3) { $contact_id = intval(argv(1)); if (!$contact_id) { return; } $cmd = argv(2); $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_id = %d AND abook_channel = %d AND NOT ( abook_flags & %d ) LIMIT 1", intval($contact_id), intval(local_user()), intval(ABOOK_FLAG_SELF)); if (!count($orig_record)) { notice(t('Could not access address book record.') . EOL); goaway($a->get_baseurl(true) . '/connections'); } if ($cmd === 'update') { // pull feed and consume it, which should subscribe to the hub. proc_run('php', "include/poller.php", "{$contact_id}"); goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'refresh') { if (!zot_refresh($orig_record[0], get_app()->get_channel())) { notice(t('Refresh failed - channel is currently unavailable.')); } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'block') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_BLOCKED)) { info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_BLOCKED ? t('Channel has been unblocked') : t('Channel has been blocked')) . EOL); connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'ignore') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_IGNORED)) { info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_IGNORED ? t('Channel has been unignored') : t('Channel has been ignored')) . EOL); connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'archive') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_ARCHIVED)) { info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_ARCHIVED ? t('Channel has been unarchived') : t('Channel has been archived')) . EOL); connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'hide') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_HIDDEN)) { info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_HIDDEN ? t('Channel has been unhidden') : t('Channel has been hidden')) . EOL); connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } // We'll prevent somebody from unapproving an already approved contact. // Though maybe somebody will want this eventually (??) if ($cmd === 'approve') { if ($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING) { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_PENDING)) { info(($orig_record[0]['abook_flags'] & ABOOK_FLAG_PENDING ? t('Channel has been approved') : t('Channel has been unapproved')) . EOL); connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } } goaway($a->get_baseurl(true) . '/connedit/' . $contact_id); } if ($cmd === 'drop') { require_once 'include/Contact.php'; // FIXME // We need to send either a purge or a refresh packet to the other side (the channel being unfriended). // The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs // in the background there could be a race condition preventing this packet from being sent in all cases. // PLACEHOLDER contact_remove(local_user(), $orig_record[0]['abook_id']); build_sync_packet(0, array('abook' => array('abook_xchan' => $orig_record[0]['abook_xchan'], 'entry_deleted' => true))); info(t('Connection has been removed.') . EOL); if (x($_SESSION, 'return_url')) { goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']); } goaway($a->get_baseurl(true) . '/contacts'); } } if ($a->poi) { $contact_id = $a->poi['abook_id']; $contact = $a->poi; $tabs = array(array('label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf(t('View %s\'s profile'), $contact['xchan_name'])), array('label' => t('Refresh Permissions'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions')), array('label' => t('Recent Activity'), 'url' => $a->get_baseurl(true) . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_BLOCKED ? t('Unblock') : t('Block'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_BLOCKED ? 'active' : '', 'title' => t('Block or Unblock this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_IGNORED ? t('Unignore') : t('Ignore'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_IGNORED ? 'active' : '', 'title' => t('Ignore or Unignore this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_ARCHIVED ? t('Unarchive') : t('Archive'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_ARCHIVED ? 'active' : '', 'title' => t('Archive or Unarchive this connection')), array('label' => $contact['abook_flags'] & ABOOK_FLAG_HIDDEN ? t('Unhide') : t('Hide'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => $contact['abook_flags'] & ABOOK_FLAG_HIDDEN ? 'active' : '', 'title' => t('Hide or Unhide this connection')), array('label' => t('Delete'), 'url' => $a->get_baseurl(true) . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection'))); $self = false; if (!($contact['abook_flags'] & ABOOK_FLAG_SELF)) { $tab_tpl = get_markup_template('common_tabs.tpl'); $t = replace_macros($tab_tpl, array('$tabs' => $tabs)); } else { $self = true; } $a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array('$baseurl' => $a->get_baseurl(true), '$editselect' => $editselect)); require_once 'include/contact_selectors.php'; $tpl = get_markup_template("abook_edit.tpl"); if (feature_enabled(local_user(), 'affinity')) { $slider_tpl = get_markup_template('contact_slider.tpl'); $slide = replace_macros($slider_tpl, array('$me' => t('Me'), '$val' => $contact['abook_closeness'] ? $contact['abook_closeness'] : 99, '$intimate' => t('Best Friends'), '$friends' => t('Friends'), '$oldfriends' => t('Former Friends'), '$acquaintances' => t('Acquaintances'), '$world' => t('Unknown'))); } $perms = array(); $channel = $a->get_channel(); $global_perms = get_perms(); $existing = get_all_perms(local_user(), $contact['abook_xchan']); $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication')); foreach ($global_perms as $k => $v) { $thisperm = $contact['abook_my_perms'] & $v[1] ? "1" : ''; // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner if (!$self && $existing[$k]) { $thisperm = "1"; } $perms[] = array('perms_' . $k, $v[3], $contact['abook_their_perms'] & $v[1] ? "1" : "", $thisperm, $v[1], $channel[$v[0]] == PERMS_SPECIFIC ? '' : '1', $v[4]); } $o .= replace_macros($tpl, array('$header' => $self ? t('Automatic Permissions Settings') : sprintf(t('Connections: settings for %s'), $contact['xchan_name']), '$addr' => $contact['xchan_addr'], '$notself' => $self ? '' : '1', '$self' => $self ? '1' : '', '$autolbl' => t('When receiving a channel introduction, any permissions provided here will be applied to the new connection automatically and the introduction approved. Leave this page if you do not wish to use this feature.'), '$viewprof' => t('View Profile'), '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$slide' => $slide, '$tabs' => $t, '$tab_str' => $tab_str, '$is_pending' => $contact['abook_flags'] & ABOOK_FLAG_PENDING ? 1 : '', '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$approve' => t('Approve this connection'), '$noperms' => !$self && !$contact['abook_my_perms'] ? t('Connection has no individual permissions!') : '', '$noperm_desc' => !$self && !$contact['abook_my_perms'] ? t('This may be appropriate based on your <a href="settings">privacy settings</a>, though you may wish to review the "Advanced Permissions".') : '', '$submit' => t('Submit'), '$lbl_vis1' => t('Profile Visibility'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), '$lbl_info1' => t('Contact Information / Notes'), '$infedit' => t('Edit contact notes'), '$close' => $contact['abook_closeness'], '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$clear' => t('Clear/Disable Automatic Permissions'), '$forum' => t('Forum Members'), '$soapbox' => t('Soapbox'), '$full' => t('Full Sharing (typical social network permissions)'), '$cautious' => t('Cautious Sharing '), '$follow' => t('Follow Only'), '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel <a href="settings">privacy settings</a>, which have higher priority than individual settings. Changing those inherited settings on this page will have no effect.'), '$advanced' => t('Advanced Permissions'), '$quick' => t('Simple Permissions (select one and submit)'), '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], '$all_friends' => $all_friends, '$relation_text' => $relation_text, '$visit' => sprintf(t('Visit %s\'s profile - %s'), $contact['xchan_name'], $contact['xchan_url']), '$blockunblock' => t('Block/Unblock contact'), '$ignorecont' => t('Ignore contact'), '$lblcrepair' => t("Repair URL settings"), '$lblrecent' => t('View conversations'), '$lblsuggest' => $lblsuggest, '$delete' => t('Delete contact'), '$poll_interval' => contact_poll_interval($contact['priority'], !$poll_enabled), '$poll_enabled' => $poll_enabled, '$lastupdtext' => t('Last update:'), '$lost_contact' => $lost_contact, '$updpub' => t('Update public posts'), '$last_update' => relative_date($contact['abook_connected']), '$udnow' => t('Update now'), '$profile_select' => contact_profile_assign($contact['abook_profile']), '$multiprofs' => feature_enabled(local_user(), 'multi_profiles'), '$contact_id' => $contact['abook_id'], '$block_text' => $contact['blocked'] ? t('Unblock') : t('Block'), '$ignore_text' => $contact['readonly'] ? t('Unignore') : t('Ignore'), '$blocked' => $contact['blocked'] ? t('Currently blocked') : '', '$ignored' => $contact['readonly'] ? t('Currently ignored') : '', '$archived' => $contact['archive'] ? t('Currently archived') : '', '$pending' => $contact['archive'] ? t('Currently pending') : '', '$hidden' => array('hidden', t('Hide this contact from others'), $contact['hidden'] == 1, t('Replies/likes to your public posts <strong>may</strong> still be visible')), '$photo' => $contact['photo'], '$name' => $contact['name'], '$dir_icon' => $dir_icon, '$alt_text' => $alt_text, '$sparkle' => $sparkle, '$url' => $url)); $arr = array('contact' => $contact, 'output' => $o); call_hooks('contact_edit', $arr); return $arr['output']; } }
function get() { if (!\App::$profile) { notice(t('Requested profile is not available.') . EOL); \App::$error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = \App::get_observer(); $channel = \App::get_channel(); if (\App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) { notice(t('Permission denied.') . EOL); return; } $is_owner = $uid && $uid == $owner ? true : false; $o = ''; // Figure out which post we're editing $post_id = argc() > 2 ? intval(argv(2)) : 0; if (!$post_id) { notice(t('Item not found') . EOL); return; } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // We've already figured out which item we want and whose copy we need, // so we don't need anything fancy here $sql_extra = item_permissions_sql($owner); $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s {$sql_extra} LIMIT 1", intval($post_id), intval($owner)); if (!$itm) { notice(t('Permission denied.') . EOL); return; } if (intval($itm[0]['item_obscured'])) { $key = get_config('system', 'prvkey'); if ($itm[0]['title']) { $itm[0]['title'] = crypto_unencapsulate(json_decode_plus($itm[0]['title']), $key); } if ($itm[0]['body']) { $itm[0]['body'] = crypto_unencapsulate(json_decode_plus($itm[0]['body']), $key); } } $item_id = q("select * from item_id where service = 'WEBPAGE' and iid = %d limit 1", intval($itm[0]['id'])); if ($item_id) { $page_title = $item_id[0]['sid']; } $mimetype = $itm[0]['mimetype']; if ($mimetype === 'application/x-php') { if (!$uid || $uid != $itm[0]['uid']) { notice(t('Permission denied.') . EOL); return; } } $layout = $itm[0]['layout_mid']; $tpl = get_markup_template("jot.tpl"); $rp = 'webpages/' . $which; $x = array('nickname' => $channel['channel_address'], 'bbco_autocomplete' => $mimetype == 'text/bbcode' ? 'bbcode' : '', 'return_path' => $rp, 'webpage' => ITEM_TYPE_WEBPAGE, 'ptlabel' => t('Page link'), 'pagetitle' => $page_title, 'writefiles' => $mimetype == 'text/bbcode' ? perm_is_allowed($owner, get_observer_hash(), 'write_storage') : false, 'button' => t('Edit'), 'weblink' => $mimetype == 'text/bbcode' ? t('Insert web link') : false, 'hide_location' => true, 'hide_voting' => true, 'ptyp' => $itm[0]['type'], 'body' => undo_post_tagging($itm[0]['body']), 'post_id' => $post_id, 'visitor' => $is_owner ? true : false, 'acl' => populate_acl($itm[0], false, \PermissionDescription::fromGlobalPermission('view_pages')), 'showacl' => $is_owner ? true : false, 'mimetype' => $mimetype, 'mimeselect' => true, 'layout' => $layout, 'layoutselect' => true, 'title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), 'lockstate' => strlen($itm[0]['allow_cid']) || strlen($itm[0]['allow_gid']) || strlen($itm[0]['deny_cid']) || strlen($itm[0]['deny_gid']) ? 'lock' : 'unlock', 'profile_uid' => intval($owner), 'bbcode' => $mimetype == 'text/bbcode' ? true : false); $editor = status_editor($a, $x); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Webpage'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$editor' => $editor, '$id' => $itm[0]['id'])); return $o; }
function blocks_content(&$a) { if (!$a->profile) { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = $a->get_observer(); $channel = $a->get_channel(); if ($a->is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // Block design features from visitors if (!$uid || $uid != $owner) { notice(t('Permission denied.') . EOL); return; } if (feature_enabled($owner, 'expert')) { $mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype'); if (!$mimetype) { $mimetype = 'choose'; } } else { $mimetype = 'text/bbcode'; } $x = array('webpage' => ITEM_BUILDBLOCK, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => true, 'mimetype' => $mimetype, 'ptlabel' => t('Block Name'), 'profile_uid' => intval($owner)); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $o .= status_editor($a, $x); $r = q("select * from item_id where uid = %d and service = 'BUILDBLOCK' order by sid asc", intval($owner)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { $pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid']); } } //Build the base URL for edit links $url = z_root() . '/editblock/' . $which; $o .= replace_macros(get_markup_template('blocklist.tpl'), array('$baseurl' => $url, '$edit' => t('Edit'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1')); return $o; }
/** * @brief Refreshes after permission changed or friending, etc. * * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified * to fetch new permissions via a finger/discovery operation. This may result in a new connection * (abook entry) being added to a local channel and it may result in auto-permissions being granted. * * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a * permission change has been made by the sender which affects the target channel. The hub controlling * the target channel does targetted discovery (a zot-finger request requesting permissions for the local * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store * the permissions assigned to this channel. * * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are * implied until this is approved by the owner channel. A channel can also auto-populate permissions in * return and send back a refresh packet of its own. This is used by forum and group communication channels * so that friending and membership in the channel's "club" is automatic. * * @param array $them => xchan structure of sender * @param array $channel => local channel structure of target recipient, required for "friending" operations * @param array $force default false * * @returns boolean true if successful, else false */ function zot_refresh($them, $channel = null, $force = false) { if (array_key_exists('xchan_network', $them) && $them['xchan_network'] !== 'zot') { logger('zot_refresh: not got zot. ' . $them['xchan_name']); return true; } logger('zot_refresh: them: ' . print_r($them, true), LOGGER_DATA); if ($channel) { logger('zot_refresh: channel: ' . print_r($channel, true), LOGGER_DATA); } $url = null; if ($them['hubloc_url']) { $url = $them['hubloc_url']; } else { $r = null; if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) { $r = q("select hubloc_url, hubloc_flags from hubloc where hubloc_addr = '%s'", dbesc($them['xchan_addr'])); } if (!$r) { $r = q("select hubloc_url, hubloc_flags from hubloc where hubloc_hash = '%s'", dbesc($them['xchan_hash'])); } if ($r) { foreach ($r as $rr) { if ($rr['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) { $url = $rr['hubloc_url']; break; } } if (!$url) { $url = $r[0]['hubloc_url']; } } } if (!$url) { logger('zot_refresh: no url'); return false; } $postvars = array(); if ($channel) { $postvars['target'] = $channel['channel_guid']; $postvars['target_sig'] = $channel['channel_guid_sig']; $postvars['key'] = $channel['channel_pubkey']; } if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) { $postvars['address'] = $them['xchan_addr']; } if (array_key_exists('xchan_hash', $them) && $them['xchan_hash']) { $postvars['guid_hash'] = $them['xchan_hash']; } if (array_key_exists('xchan_guid', $them) && $them['xchan_guid'] && array_key_exists('xchan_guid_sig', $them) && $them['xchan_guid_sig']) { $postvars['guid'] = $them['xchan_guid']; $postvars['guid_sig'] = $them['xchan_guid_sig']; } $rhs = '/.well-known/zot-info'; $result = z_post_url($url . $rhs, $postvars); logger('zot_refresh: zot-info: ' . print_r($result, true), LOGGER_DATA); if ($result['success']) { $j = json_decode($result['body'], true); if (!($j && $j['success'])) { logger('zot_refresh: result not decodable'); return false; } $x = import_xchan($j, $force ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED); if (!$x['success']) { return false; } $their_perms = 0; if ($channel) { $global_perms = get_perms(); if ($j['permissions']['data']) { $permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']); if ($permissions) { $permissions = json_decode($permissions, true); } logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA); } else { $permissions = $j['permissions']; } $connected_set = false; if ($permissions && is_array($permissions)) { foreach ($permissions as $k => $v) { // The connected permission means you are in their address book if ($k === 'connected') { $connected_set = intval($v); continue; } if ($v && array_key_exists($k, $global_perms)) { $their_perms = $their_perms | intval($global_perms[$k][1]); } } } if (array_key_exists('profile', $j) && array_key_exists('next_birthday', $j['profile'])) { $next_birthday = datetime_convert('UTC', 'UTC', $j['profile']['next_birthday']); } else { $next_birthday = NULL_DATE; } $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF)); if ($r) { // connection exists // if the dob is the same as what we have stored (disregarding the year), keep the one // we have as we may have updated the year after sending a notification; and resetting // to the one we just received would cause us to create duplicated events. if (substr($r[0]['abook_dob'], 5) == substr($next_birthday, 5)) { $next_birthday = $r[0]['abook_dob']; } $current_abook_connected = $r[0]['abook_flags'] & ABOOK_FLAG_UNCONNECTED ? 0 : 1; $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'\n\t\t\t\t\twhere abook_xchan = '%s' and abook_channel = %d\n\t\t\t\t\tand not (abook_flags & %d) > 0 ", intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF)); // if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) { // if they are in your address book but you aren't in theirs, and/or this does not // match your current connected state setting, toggle it. /** @FIXME uncoverted to postgres */ /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */ // $y1 = q("update abook set abook_flags = (abook_flags ^ %d) // where abook_xchan = '%s' and abook_channel = %d // and not (abook_flags & %d) limit 1", // intval(ABOOK_FLAG_UNCONNECTED), // dbesc($x['hash']), // intval($channel['channel_id']), // intval(ABOOK_FLAG_SELF) // ); // } if (!$y) { logger('abook update failed'); } else { // if we were just granted read stream permission and didn't have it before, try to pull in some posts if (!($r[0]['abook_their_perms'] & PERMS_R_STREAM) && $their_perms & PERMS_R_STREAM) { proc_run('php', 'include/onepoll.php', $r[0]['abook_id']); } } } else { // new connection $role = get_pconfig($channel['channel_id'], 'system', 'permissions_role'); if ($role) { $xx = get_role_perms($role); if ($xx['perms_auto']) { $default_perms = $xx['perms_accept']; } } if (!$default_perms) { $default_perms = intval(get_pconfig($channel['channel_id'], 'system', 'autoperms')); } // Keep original perms to check if we need to notify them $previous_perms = get_all_perms($channel['channel_id'], $x['hash']); $closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_flags ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), intval($their_perms), intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), intval($default_perms ? 0 : ABOOK_FLAG_PENDING)); if ($y) { logger("New introduction received for {$channel['channel_name']}"); $new_perms = get_all_perms($channel['channel_id'], $x['hash']); // Send a clone sync packet and a permissions update if permissions have changed $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and not (abook_flags & %d) > 0 order by abook_created desc limit 1", dbesc($x['hash']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF)); if ($new_connection) { if ($new_perms != $previous_perms) { proc_run('php', 'include/notifier.php', 'permission_update', $new_connection[0]['abook_id']); } require_once 'include/enotify.php'; notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'])); if ($their_perms & PERMS_R_STREAM) { if ($channel['channel_w_stream'] & PERMS_PENDING || !($new_connection[0]['abook_flags'] & ABOOK_FLAG_PENDING)) { proc_run('php', 'include/onepoll.php', $new_connection[0]['abook_id']); } } unset($new_connection[0]['abook_id']); unset($new_connection[0]['abook_account']); unset($new_connection[0]['abook_channel']); build_sync_packet($channel['channel_id'], array('abook' => $new_connection)); } } } } return true; } return false; }
/** * @brief Change to another channel with current logged-in account. * * @param int $change_channel The channel_id of the channel you want to change to * * @return bool|array false or channel record of the new channel */ function change_channel($change_channel) { $ret = false; if ($change_channel) { $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1", intval($change_channel), intval(get_account_id())); // It's not there. Is this an administrator, and is this the sys channel? if (is_developer()) { if (!$r) { if (is_site_admin()) { $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_system = 1 and channel_removed = 0 limit 1", intval($change_channel)); } } } if ($r) { $hash = $r[0]['channel_hash']; $_SESSION['uid'] = intval($r[0]['channel_id']); App::set_channel($r[0]); $_SESSION['theme'] = $r[0]['channel_theme']; $_SESSION['mobile_theme'] = get_pconfig(local_channel(), 'system', 'mobile_theme'); date_default_timezone_set($r[0]['channel_timezone']); $ret = $r[0]; } $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash)); if ($x) { $_SESSION['my_url'] = $x[0]['xchan_url']; $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . App::get_hostname(); App::set_observer($x[0]); App::set_perms(get_all_perms(local_channel(), $hash)); } if (!is_dir('store/' . $r[0]['channel_address'])) { @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true); } $arr = ['channel_id' => $change_channel, 'chanx' => $ret]; call_hooks('change_channel', $arr); } return $ret; }
function webpages_content(&$a) { if (!App::$profile) { notice(t('Requested profile is not available.') . EOL); App::$error = 404; return; } $which = argv(1); $_SESSION['return_url'] = App::$query_string; $uid = local_channel(); $owner = 0; $channel = null; $observer = App::get_observer(); $channel = App::get_channel(); if (App::$is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } $mimetype = $_REQUEST['mimetype'] ? $_REQUEST['mimetype'] : get_pconfig($owner, 'system', 'page_mimetype'); if (!$mimetype) { $mimetype = 'choose'; } $layout = $_REQUEST['layout'] ? $_REQUEST['layout'] : get_pconfig($owner, 'system', 'page_layout'); if (!$layout) { $layout = 'choose'; } // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owner's. // This lets you post pages at other people's channels. if (!$channel && $uid && $uid == App::$profile_uid) { $channel = App::get_channel(); } if ($channel) { $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); } else { $channel_acl = array(); } $is_owner = $uid && $uid == $owner; $o = profile_tabs($a, $is_owner, App::$profile['channel_address']); $x = array('webpage' => ITEM_TYPE_WEBPAGE, 'is_owner' => true, 'nickname' => App::$profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'acl' => $is_owner ? populate_acl($channel_acl, false) : '', 'showacl' => $is_owner ? true : false, 'visitor' => true, 'profile_uid' => intval($owner), 'mimetype' => $mimetype, 'layout' => $layout, 'expanded' => true, 'novoting' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $editor = status_editor($a, $x); // Get a list of webpages. We can't display all them because endless scroll makes that unusable, // so just list titles and an edit link. /** @TODO - this should be replaced with pagelist_widget */ $sql_extra = item_permissions_sql($owner); $r = q("select * from item_id left join item on item_id.iid = item.id \n\t\twhere item_id.uid = %d and service = 'WEBPAGE' and item_type = %d {$sql_extra} order by item.created desc", intval($owner), intval(ITEM_TYPE_WEBPAGE)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { unobscure($rr); $lockstate = $rr['allow_cid'] || $rr['allow_gid'] || $rr['deny_cid'] || $rr['deny_gid'] ? 'lock' : 'unlock'; $element_arr = array('type' => 'webpage', 'title' => $rr['title'], 'body' => $rr['body'], 'created' => $rr['created'], 'edited' => $rr['edited'], 'mimetype' => $rr['mimetype'], 'pagetitle' => $rr['sid'], 'mid' => $rr['mid'], 'layout_mid' => $rr['layout_mid']); $pages[$rr['iid']][] = array('url' => $rr['iid'], 'pagetitle' => $rr['sid'], 'title' => $rr['title'], 'created' => datetime_convert('UTC', date_default_timezone_get(), $rr['created']), 'edited' => datetime_convert('UTC', date_default_timezone_get(), $rr['edited']), 'bb_element' => '[element]' . base64url_encode(json_encode($element_arr)) . '[/element]', 'lockstate' => $lockstate); } } //Build the base URL for edit links $url = z_root() . '/editwebpage/' . $which; $o .= replace_macros(get_markup_template('webpagelist.tpl'), array('$listtitle' => t('Webpages'), '$baseurl' => $url, '$create' => t('Create'), '$edit' => t('Edit'), '$share' => t('Share'), '$delete' => t('Delete'), '$pages' => $pages, '$channel' => $which, '$editor' => $editor, '$view' => t('View'), '$preview' => t('Preview'), '$actions_txt' => t('Actions'), '$pagelink_txt' => t('Page Link'), '$title_txt' => t('Page Title'), '$created_txt' => t('Created'), '$edited_txt' => t('Edited'))); return $o; }
function layouts_content(&$a) { if (!$a->profile) { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = $a->get_observer(); $channel = $a->get_channel(); if ($a->is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } // Block design features from visitors if (!$uid || $uid != $owner) { notice(t('Permission denied.') . EOL); return; } // Get the observer, check their permissions $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } if (argc() > 3 && argv(2) === 'share' && argv(3)) { $r = q("select sid, service, mimetype, title, body from item_id \n\t\t\tleft join item on item.id = item_id.iid \n\t\t\twhere item_id.uid = %d and item.mid = '%s' and service = 'PDL' order by sid asc", intval($owner), dbesc(argv(3))); if ($r) { header('Content-type: application/x-redmatrix-layout'); header('Content-disposition: attachment; filename="' . $r[0]['sid'] . '.pdl"'); echo json_encode($r); killme(); } } $tabs = array(array('label' => t('Layout Help'), 'url' => 'help/Comanche', 'sel' => '', 'title' => t('Help with this feature'), 'id' => 'layout-help-tab')); $o .= replace_macros(get_markup_template('common_tabs.tpl'), array('$tabs' => $tabs)); // Create a status editor (for now - we'll need a WYSIWYG eventually) to create pages // Nickname is set to the observers xchan, and profile_uid to the owners. // This lets you post pages at other people's channels. $x = array('webpage' => ITEM_PDL, 'is_owner' => true, 'nickname' => $a->profile['channel_address'], 'lockstate' => $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'bang' => '', 'showacl' => false, 'visitor' => false, 'nopreview' => 1, 'ptlabel' => t('Layout Name'), 'profile_uid' => intval($owner)); if ($_REQUEST['title']) { $x['title'] = $_REQUEST['title']; } if ($_REQUEST['body']) { $x['body'] = $_REQUEST['body']; } if ($_REQUEST['pagetitle']) { $x['pagetitle'] = $_REQUEST['pagetitle']; } $o .= status_editor($a, $x); $r = q("select iid, sid, mid from item_id left join item on item.id = item_id.iid \n\t\twhere item_id.uid = %d and service = 'PDL' order by sid asc", intval($owner)); $pages = null; if ($r) { $pages = array(); foreach ($r as $rr) { $pages[$rr['iid']][] = array('url' => $rr['iid'], 'title' => $rr['sid'], 'mid' => $rr['mid']); } } //Build the base URL for edit links $url = z_root() . '/editlayout/' . $which; $o .= replace_macros(get_markup_template('layoutlist.tpl'), array('$baseurl' => $url, '$edit' => t('Edit'), '$share' => t('Share'), '$pages' => $pages, '$channel' => $which, '$view' => t('View'), '$preview' => '1')); return $o; }
function get($update = 0, $load = false) { if ($load) { $_SESSION['loadtime'] = datetime_convert(); } $checkjs = new \Zotlabs\Web\CheckJS(1); $category = $datequery = $datequery2 = ''; $mid = x($_REQUEST, 'mid') ? $_REQUEST['mid'] : ''; $datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : ''; $datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : ''; if (observer_prohibited(true)) { return login(); } $category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : ''; $hashtags = x($_REQUEST, 'tag') ? $_REQUEST['tag'] : ''; $groups = array(); $o = ''; if ($update) { // Ensure we've got a profile owner if updating. \App::$profile['profile_uid'] = \App::$profile_uid = $update; } else { if (\App::$profile['profile_uid'] == local_channel()) { nav_set_selected('home'); } } $is_owner = local_channel() && \App::$profile['profile_uid'] == local_channel() ? true : false; $channel = \App::get_channel(); $observer = \App::get_observer(); $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms(\App::$profile['profile_uid'], $ob_hash); if (!$perms['view_stream']) { // We may want to make the target of this redirect configurable if ($perms['view_profile']) { notice(t('Insufficient permissions. Request redirected to profile page.') . EOL); goaway(z_root() . "/profile/" . \App::$profile['channel_address']); } notice(t('Permission denied.') . EOL); return; } if (!$update) { $o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']); $o .= common_friends_visitor_widget(\App::$profile['profile_uid']); if ($channel && $is_owner) { $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); } else { $channel_acl = array(); } if ($perms['post_wall']) { $x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig(\App::$profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? \App::$profile['channel_location'] : '', 'nickname' => \App::$profile['channel_address'], 'lockstate' => strlen(\App::$profile['channel_allow_cid']) || strlen(\App::$profile['channel_allow_gid']) || strlen(\App::$profile['channel_deny_cid']) || strlen(\App::$profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => \App::$profile['profile_uid'], 'editor_autocomplete' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true); $o .= status_editor($a, $x); } } /** * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ $item_normal = item_normal(); $sql_extra = item_permissions_sql(\App::$profile['profile_uid']); if (get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_list_mode') && !$mid) { $page_mode = 'list'; } else { $page_mode = 'client'; } $abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " "; $simple_update = $update ? " AND item_unseen = 1 " : ''; \App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n"; if ($update && $_SESSION['loadtime']) { $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) "; } if ($load) { $simple_update = ''; } if ($update && !$load) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 AND item_unseen = 1 {$sql_extra} limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid'])); } else { $r = q("SELECT distinct parent AS `item_id`, created from item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 {$simple_update}\n\t\t\t\t\tAND (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tORDER BY created DESC", intval(\App::$profile['profile_uid'])); $_SESSION['loadtime'] = datetime_convert(); } } else { if (x($category)) { $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); } if (x($hashtags)) { $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); } if ($datequery) { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); } if ($datequery2) { $sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } $itemspage = get_pconfig(local_channel(), 'system', 'itemspage'); \App::set_pager_itemspage(intval($itemspage) ? $itemspage : 20); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); if ($load || $checkjs->disabled()) { if ($mid) { $r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 {$sql_extra} limit 1", dbesc($mid), intval(\App::$profile['profile_uid'])); if (!$r) { notice(t('Permission denied.') . EOL); } } else { $r = q("SELECT distinct id AS item_id, created FROM item \n\t\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 and item_thread_top = 1\n\t\t\t\t\t\tAND (abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval(\App::$profile['profile_uid'])); } } else { $r = array(); } } if ($r) { $parents_str = ids_to_querystr($r, 'item_id'); $items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\t\tFROM `item`\n\t\t\t\tWHERE `item`.`uid` = %d {$item_normal}\n\t\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t\t{$sql_extra} ", intval(\App::$profile['profile_uid']), dbesc($parents_str)); xchan_query($items); $items = fetch_post_tags($items, true); $items = conv_sort($items, 'created'); if ($load && $mid && !count($items)) { // This will happen if we don't have sufficient permissions // to view the parent item (or the item itself if it is toplevel) notice(t('Permission denied.') . EOL); } } else { $items = array(); } if (!$update && !$load) { // This is ugly, but we can't pass the profile_uid through the session to the ajax updater, // because browser prefetching might change it on us. We have to deliver it with the page. $maxheight = get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_divmore_height'); if (!$maxheight) { $maxheight = 400; } $o .= '<div id="live-channel"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => \App::$profile['profile_uid'] ? \App::$profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => \App::$pager['page'] != 1 ? \App::$pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$tags' => $hashtags ? $hashtags : '', '$mid' => $mid, '$verb' => '', '$dend' => $datequery, '$dbegin' => $datequery2)); } $update_unseen = ''; if ($page_mode === 'list') { /** * in "list mode", only mark the parent item and any like activities as "seen". * We won't distinguish between comment likes and post likes. The important thing * is that the number of unseen comments will be accurate. The SQL to separate the * comment likes could also get somewhat hairy. */ if ($parents_str) { $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; } } else { if ($parents_str) { $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; } } if ($is_owner && $update_unseen) { $r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d {$update_unseen}", intval(local_channel())); } if ($checkjs->disabled()) { $o .= conversation($a, $items, 'channel', $update, 'traditional'); } else { $o .= conversation($a, $items, 'channel', $update, $page_mode); } if (!$update || $checkjs->disabled()) { $o .= alt_pager($a, count($items)); if ($mid && $items[0]['title']) { \App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title']; } } if ($mid) { $o .= '<div id="content-complete"></div>'; } return $o; }
function wiki_get_permissions($resource_id, $owner_id, $observer_hash) { // TODO: For now, only the owner can edit $sql_extra = item_permissions_sql($owner_id, $observer_hash); $r = q("SELECT * FROM item WHERE resource_type = '%s' AND resource_id = '%s' {$sql_extra} LIMIT 1", dbesc(WIKI_ITEM_RESOURCE_TYPE), dbesc($resource_id)); if (!$r) { return array('read' => false, 'write' => false, 'success' => true); } else { $perms = get_all_perms($owner_id, $observer_hash); // TODO: Create a new permission setting for wiki analogous to webpages. Until // then, use webpage permissions if (!$perms['write_pages']) { $write = false; } else { $write = true; } return array('read' => true, 'write' => $write, 'success' => true); } }
/** * @brief * * @param App $a * @param boolean $is_owner default false * @param string $nickname default null * @return void|string */ function profile_tabs($a, $is_owner = false, $nickname = null) { // Don't provide any profile tabs if we're running as the sys channel if ($a->is_sys) { return; } $channel = $a->get_channel(); if (is_null($nickname)) { $nickname = $channel['channel_address']; } $uid = $a->profile['profile_uid'] ? $a->profile['profile_uid'] : local_channel(); if (get_pconfig($uid, 'system', 'noprofiletabs')) { return; } if (x($_GET, 'tab')) { $tab = notags(trim($_GET['tab'])); } $url = $a->get_baseurl() . '/channel/' . $nickname; $pr = $a->get_baseurl() . '/profile/' . $nickname; $tabs = array(array('label' => t('Channel'), 'url' => $url, 'sel' => argv(0) == 'channel' ? 'active' : '', 'title' => t('Status Messages and Posts'), 'id' => 'status-tab')); $p = get_all_perms($uid, get_observer_hash()); if ($p['view_profile']) { $tabs[] = array('label' => t('About'), 'url' => $pr, 'sel' => argv(0) == 'profile' ? 'active' : '', 'title' => t('Profile Details'), 'id' => 'profile-tab'); } if ($p['view_photos']) { $tabs[] = array('label' => t('Photos'), 'url' => $a->get_baseurl() . '/photos/' . $nickname, 'sel' => argv(0) == 'photos' ? 'active' : '', 'title' => t('Photo Albums'), 'id' => 'photo-tab'); } if ($p['view_storage']) { $tabs[] = array('label' => t('Files'), 'url' => $a->get_baseurl() . '/cloud/' . $nickname . (get_observer_hash() ? '' : '?f=&davguest=1'), 'sel' => argv(0) == 'cloud' || argv(0) == 'sharedwithme' ? 'active' : '', 'title' => t('Files and Storage'), 'id' => 'files-tab'); } if ($p['chat']) { require_once 'include/chat.php'; $has_chats = chatroom_list_count($uid); if ($has_chats) { $tabs[] = array('label' => t('Chatrooms'), 'url' => $a->get_baseurl() . '/chat/' . $nickname, 'sel' => argv(0) == 'chat' ? 'active' : '', 'title' => t('Chatrooms'), 'id' => 'chat-tab'); } } require_once 'include/menu.php'; $has_bookmarks = menu_list_count(local_channel(), '', MENU_BOOKMARK) + menu_list_count(local_channel(), '', MENU_SYSTEM | MENU_BOOKMARK); if ($is_owner && $has_bookmarks) { $tabs[] = array('label' => t('Bookmarks'), 'url' => $a->get_baseurl() . '/bookmarks', 'sel' => argv(0) == 'bookmarks' ? 'active' : '', 'title' => t('Saved Bookmarks'), 'id' => 'bookmarks-tab'); } if ($is_owner && feature_enabled($uid, 'webpages')) { $tabs[] = array('label' => t('Webpages'), 'url' => $a->get_baseurl() . '/webpages/' . $nickname, 'sel' => argv(0) == 'webpages' ? 'active' : '', 'title' => t('Manage Webpages'), 'id' => 'webpages-tab'); } else { /** * @FIXME we probably need a listing of events that were created by * this channel and are visible to the observer */ } $arr = array('is_owner' => $is_owner, 'nickname' => $nickname, 'tab' => $tab ? $tab : false, 'tabs' => $tabs); call_hooks('profile_tabs', $arr); $tpl = get_markup_template('common_tabs.tpl'); return replace_macros($tpl, array('$tabs' => $arr['tabs'])); }
function editlayout_content(&$a) { if (!$a->profile) { notice(t('Requested profile is not available.') . EOL); $a->error = 404; return; } $which = argv(1); $uid = local_channel(); $owner = 0; $channel = null; $observer = $a->get_observer(); $channel = $a->get_channel(); if ($a->is_sys && is_site_admin()) { $sys = get_sys_channel(); if ($sys && intval($sys['channel_id'])) { $uid = $owner = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } } if (!$owner) { // Figure out who the page owner is. $r = q("select channel_id from channel where channel_address = '%s'", dbesc($which)); if ($r) { $owner = intval($r[0]['channel_id']); } } $ob_hash = $observer ? $observer['xchan_hash'] : ''; if (!perm_is_allowed($owner, $ob_hash, 'write_pages')) { notice(t('Permission denied.') . EOL); return; } $is_owner = $uid && $uid == $owner ? true : false; $o = ''; // Figure out which post we're editing $post_id = argc() > 2 ? intval(argv(2)) : 0; if (!$post_id) { notice(t('Item not found') . EOL); return; } // Now we've got a post and an owner, let's find out if we're allowed to edit it $ob_hash = $observer ? $observer['xchan_hash'] : ''; $perms = get_all_perms($owner, $ob_hash); if (!$perms['write_pages']) { notice(t('Permission denied.') . EOL); return; } $itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner)); $item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", intval($itm[0]['id'])); if ($item_id) { $layout_title = $item_id[0]['sid']; } $plaintext = true; $a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$pretext' => '', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $channel['channel_address'], '$confirmdelete' => t('Delete layout?'))); $tpl = get_markup_template("jot.tpl"); $jotplugins = ''; $jotnets = ''; call_hooks('jot_tool', $jotplugins); call_hooks('jot_networks', $jotnets); // FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD // instead of loading a sensible page. So, send folk to the webpage list. $rp = 'layouts/' . $which; $editor = replace_macros($tpl, array('$return_path' => $rp, '$action' => 'item', '$webpage' => ITEM_TYPE_PDL, '$share' => t('Edit'), '$bold' => t('Bold'), '$italic' => t('Italic'), '$underline' => t('Underline'), '$quote' => t('Quote'), '$code' => t('Code'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $channel['channel_location'], '$visitor' => false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Layout Description (Optional)'), '$pagetitle' => $layout_title, '$placeholdpagetitle' => t('Layout Name'), '$category' => '', '$placeholdercategory' => t('Categories (optional, comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', '$profile_uid' => intval($owner), '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date'))); $o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout'), '$delete' => $itm[0]['author_xchan'] === $ob_hash || $itm[0]['owner_xchan'] === $ob_hash ? t('Delete') : false, '$id' => $itm[0]['id'], '$editor' => $editor)); return $o; }
function zotinfo($arr) { $ret = array('success' => false); $zhash = x($arr, 'guid_hash') ? $arr['guid_hash'] : ''; $zguid = x($arr, 'guid') ? $arr['guid'] : ''; $zguid_sig = x($arr, 'guid_sig') ? $arr['guid_sig'] : ''; $zaddr = x($arr, 'address') ? $arr['address'] : ''; $ztarget = x($arr, 'target') ? $arr['target'] : ''; $zsig = x($arr, 'target_sig') ? $arr['target_sig'] : ''; $zkey = x($arr, 'key') ? $arr['key'] : ''; $mindate = x($arr, 'mindate') ? $arr['mindate'] : ''; $feed = x($arr, 'feed') ? intval($arr['feed']) : 0; if ($ztarget) { if (!$zkey || !$zsig || !rsa_verify($ztarget, base64url_decode($zsig), $zkey)) { logger('zfinger: invalid target signature'); $ret['message'] = t("invalid target signature"); return $ret; } } $r = null; if (strlen($zhash)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_hash = '%s' limit 1", dbesc($zhash)); } elseif (strlen($zguid) && strlen($zguid_sig)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_guid = '%s' and channel_guid_sig = '%s' limit 1", dbesc($zguid), dbesc($zguid_sig)); } elseif (strlen($zaddr)) { if (strpos($zaddr, '[system]') === false) { /* normal address lookup */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere ( channel_address = '%s' or xchan_addr = '%s' ) limit 1", dbesc($zaddr), dbesc($zaddr)); } else { /** * The special address '[system]' will return a system channel if one has been defined, * Or the first valid channel we find if there are no system channels. * * This is used by magic-auth if we have no prior communications with this site - and * returns an identity on this site which we can use to create a valid hub record so that * we can exchange signed messages. The precise identity is irrelevant. It's the hub * information that we really need at the other end - and this will return it. * */ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\twhere channel_system = 1 order by channel_id limit 1"); if (!$r) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash\n\t\t\t\t\twhere channel_removed = 0 order by channel_id limit 1"); } } } else { $ret['message'] = 'Invalid request'; return $ret; } if (!$r) { $ret['message'] = 'Item not found.'; return $ret; } $e = $r[0]; $id = $e['channel_id']; $sys_channel = intval($e['channel_system']) ? true : false; $special_channel = $e['channel_pageflags'] & PAGE_PREMIUM ? true : false; $adult_channel = $e['channel_pageflags'] & PAGE_ADULT ? true : false; $censored = $e['channel_pageflags'] & PAGE_CENSORED ? true : false; $searchable = $e['channel_pageflags'] & PAGE_HIDDEN ? false : true; $deleted = intval($e['xchan_deleted']) ? true : false; if ($deleted || $censored || $sys_channel) { $searchable = false; } $public_forum = false; $role = get_pconfig($e['channel_id'], 'system', 'permissions_role'); if ($role === 'forum' || $role === 'repository') { $public_forum = true; } else { // check if it has characteristics of a public forum based on custom permissions. $t = q("select abook_my_perms from abook where abook_channel = %d and abook_self = 1 limit 1", intval($e['channel_id'])); if ($t && ($t[0]['abook_my_perms'] & PERMS_W_TAGWALL && !($t[0]['abook_my_perms'] & PERMS_W_STREAM))) { $public_forum = true; } } // This is for birthdays and keywords, but must check access permissions $p = q("select * from profile where uid = %d and is_default = 1", intval($e['channel_id'])); $profile = array(); if ($p) { if (!intval($p[0]['publish'])) { $searchable = false; } $profile['description'] = $p[0]['pdesc']; $profile['birthday'] = $p[0]['dob']; if ($profile['birthday'] != '0000-00-00' && ($bd = z_birthday($p[0]['dob'], $e['channel_timezone'])) !== '') { $profile['next_birthday'] = $bd; } if ($age = age($p[0]['dob'], $e['channel_timezone'], '')) { $profile['age'] = $age; } $profile['gender'] = $p[0]['gender']; $profile['marital'] = $p[0]['marital']; $profile['sexual'] = $p[0]['sexual']; $profile['locale'] = $p[0]['locality']; $profile['region'] = $p[0]['region']; $profile['postcode'] = $p[0]['postal_code']; $profile['country'] = $p[0]['country_name']; $profile['about'] = $p[0]['about']; $profile['homepage'] = $p[0]['homepage']; $profile['hometown'] = $p[0]['hometown']; if ($p[0]['keywords']) { $tags = array(); $k = explode(' ', $p[0]['keywords']); if ($k) { foreach ($k as $kk) { if (trim($kk, " \t\n\r\v,")) { $tags[] = trim($kk, " \t\n\r\v,"); } } } if ($tags) { $profile['keywords'] = $tags; } } } $ret['success'] = true; // Communication details $ret['guid'] = $e['xchan_guid']; $ret['guid_sig'] = $e['xchan_guid_sig']; $ret['key'] = $e['xchan_pubkey']; $ret['name'] = $e['xchan_name']; $ret['name_updated'] = $e['xchan_name_date']; $ret['address'] = $e['xchan_addr']; $ret['photo_mimetype'] = $e['xchan_photo_mimetype']; $ret['photo'] = $e['xchan_photo_l']; $ret['photo_updated'] = $e['xchan_photo_date']; $ret['url'] = $e['xchan_url']; $ret['connections_url'] = $e['xchan_connurl'] ? $e['xchan_connurl'] : z_root() . '/poco/' . $e['channel_address']; $ret['target'] = $ztarget; $ret['target_sig'] = $zsig; $ret['searchable'] = $searchable; $ret['adult_content'] = $adult_channel; $ret['public_forum'] = $public_forum; if ($deleted) { $ret['deleted'] = $deleted; } if (intval($e['channel_removed'])) { $ret['deleted_locally'] = true; } // premium or other channel desiring some contact with potential followers before connecting. // This is a template - %s will be replaced with the follow_url we discover for the return channel. if ($special_channel) { $ret['connect_url'] = z_root() . '/connect/' . $e['channel_address']; } // This is a template for our follow url, %s will be replaced with a webbie $ret['follow_url'] = z_root() . '/follow?f=&url=%s'; $ztarget_hash = $ztarget && $zsig ? make_xchan_hash($ztarget, $zsig) : ''; $permissions = get_all_perms($e['channel_id'], $ztarget_hash, false); if ($ztarget_hash) { $permissions['connected'] = false; $b = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($ztarget_hash), intval($e['channel_id'])); if ($b) { $permissions['connected'] = true; } } $ret['permissions'] = $ztarget && $zkey ? crypto_encapsulate(json_encode($permissions), $zkey) : $permissions; if ($permissions['view_profile']) { $ret['profile'] = $profile; } // array of (verified) hubs this channel uses $x = zot_encode_locations($e); if ($x) { $ret['locations'] = $x; } $ret['site'] = array(); $ret['site']['url'] = z_root(); $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(), $e['channel_prvkey'])); $dirmode = get_config('system', 'directory_mode'); if ($dirmode === false || $dirmode == DIRECTORY_MODE_NORMAL) { $ret['site']['directory_mode'] = 'normal'; } if ($dirmode == DIRECTORY_MODE_PRIMARY) { $ret['site']['directory_mode'] = 'primary'; } elseif ($dirmode == DIRECTORY_MODE_SECONDARY) { $ret['site']['directory_mode'] = 'secondary'; } elseif ($dirmode == DIRECTORY_MODE_STANDALONE) { $ret['site']['directory_mode'] = 'standalone'; } if ($dirmode != DIRECTORY_MODE_NORMAL) { $ret['site']['directory_url'] = z_root() . '/dirsearch'; } // hide detailed site information if you're off the grid if ($dirmode != DIRECTORY_MODE_STANDALONE) { $register_policy = intval(get_config('system', 'register_policy')); if ($register_policy == REGISTER_CLOSED) { $ret['site']['register_policy'] = 'closed'; } if ($register_policy == REGISTER_APPROVE) { $ret['site']['register_policy'] = 'approve'; } if ($register_policy == REGISTER_OPEN) { $ret['site']['register_policy'] = 'open'; } $access_policy = intval(get_config('system', 'access_policy')); if ($access_policy == ACCESS_PRIVATE) { $ret['site']['access_policy'] = 'private'; } if ($access_policy == ACCESS_PAID) { $ret['site']['access_policy'] = 'paid'; } if ($access_policy == ACCESS_FREE) { $ret['site']['access_policy'] = 'free'; } if ($access_policy == ACCESS_TIERED) { $ret['site']['access_policy'] = 'tiered'; } $ret['site']['accounts'] = account_total(); require_once 'include/identity.php'; $ret['site']['channels'] = channel_total(); $ret['site']['version'] = PLATFORM_NAME . ' ' . RED_VERSION . '[' . DB_UPDATE_VERSION . ']'; $ret['site']['admin'] = get_config('system', 'admin_email'); $a = get_app(); $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if ($r) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } $ret['site']['plugins'] = $visible_plugins; $ret['site']['sitehash'] = get_config('system', 'location_hash'); $ret['site']['sitename'] = get_config('system', 'sitename'); $ret['site']['sellpage'] = get_config('system', 'sellpage'); $ret['site']['location'] = get_config('system', 'site_location'); $ret['site']['realm'] = get_directory_realm(); $ret['site']['project'] = PLATFORM_NAME; } check_zotinfo($e, $x, $ret); call_hooks('zot_finger', $ret); return $ret; }
function get() { $sort_type = 0; $o = ''; if (!local_channel()) { notice(t('Permission denied.') . EOL); return login(); } $channel = \App::get_channel(); $my_perms = get_channel_default_perms(local_channel()); $role = get_pconfig(local_channel(), 'system', 'permissions_role'); if ($role) { $x = get_role_perms($role); if ($x['perms_accept']) { $my_perms = $x['perms_accept']; } } $yes_no = array(t('No'), t('Yes')); if ($my_perms) { $o .= "<script>function connectDefaultShare() {\n\t\t\t\$('.abook-edit-me').each(function() {\n\t\t\t\tif(! \$(this).is(':disabled'))\n\t\t\t\t\t\$(this).prop('checked', false);\n\t\t\t});\n\n"; $perms = get_perms(); foreach ($perms as $p => $v) { if ($my_perms & $v[1]) { $o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n"; } } $o .= " }\n</script>\n"; } if (argc() == 3) { $contact_id = intval(argv(1)); if (!$contact_id) { return; } $cmd = argv(2); $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\tWHERE abook_id = %d AND abook_channel = %d AND abook_self = 0 LIMIT 1", intval($contact_id), intval(local_channel())); if (!count($orig_record)) { notice(t('Could not access address book record.') . EOL); goaway(z_root() . '/connections'); } if ($cmd === 'update') { // pull feed and consume it, which should subscribe to the hub. proc_run('php', "include/poller.php", "{$contact_id}"); goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'refresh') { if ($orig_record[0]['xchan_network'] === 'zot') { if (!zot_refresh($orig_record[0], \App::get_channel())) { notice(t('Refresh failed - channel is currently unavailable.')); } } else { // if you are on a different network we'll force a refresh of the connection basic info proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); } goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'block') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_BLOCKED)) { $this->connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'ignore') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_IGNORED)) { $this->connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'archive') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_ARCHIVED)) { $this->connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'hide') { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_HIDDEN)) { $this->connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } goaway(z_root() . '/connedit/' . $contact_id); } // We'll prevent somebody from unapproving an already approved contact. // Though maybe somebody will want this eventually (??) if ($cmd === 'approve') { if (intval($orig_record[0]['abook_pending'])) { if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_PENDING)) { $this->connedit_clone($a); } else { notice(t('Unable to set address book parameters.') . EOL); } } goaway(z_root() . '/connedit/' . $contact_id); } if ($cmd === 'drop') { require_once 'include/Contact.php'; // FIXME // We need to send either a purge or a refresh packet to the other side (the channel being unfriended). // The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs // in the background there could be a race condition preventing this packet from being sent in all cases. // PLACEHOLDER contact_remove(local_channel(), $orig_record[0]['abook_id']); build_sync_packet(0, array('abook' => array(array('abook_xchan' => $orig_record[0]['abook_xchan'], 'entry_deleted' => true)))); info(t('Connection has been removed.') . EOL); if (x($_SESSION, 'return_url')) { goaway(z_root() . '/' . $_SESSION['return_url']); } goaway(z_root() . '/contacts'); } } if (\App::$poi) { $contact_id = \App::$poi['abook_id']; $contact = \App::$poi; $tools = array('view' => array('label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf(t('View %s\'s profile'), $contact['xchan_name'])), 'refresh' => array('label' => t('Refresh Permissions'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions')), 'recent' => array('label' => t('Recent Activity'), 'url' => z_root() . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments')), 'block' => array('label' => intval($contact['abook_blocked']) ? t('Unblock') : t('Block'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => intval($contact['abook_blocked']) ? 'active' : '', 'title' => t('Block (or Unblock) all communications with this connection'), 'info' => intval($contact['abook_blocked']) ? t('This connection is blocked!') : ''), 'ignore' => array('label' => intval($contact['abook_ignored']) ? t('Unignore') : t('Ignore'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => intval($contact['abook_ignored']) ? 'active' : '', 'title' => t('Ignore (or Unignore) all inbound communications from this connection'), 'info' => intval($contact['abook_ignored']) ? t('This connection is ignored!') : ''), 'archive' => array('label' => intval($contact['abook_archived']) ? t('Unarchive') : t('Archive'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => intval($contact['abook_archived']) ? 'active' : '', 'title' => t('Archive (or Unarchive) this connection - mark channel dead but keep content'), 'info' => intval($contact['abook_archived']) ? t('This connection is archived!') : ''), 'hide' => array('label' => intval($contact['abook_hidden']) ? t('Unhide') : t('Hide'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => intval($contact['abook_hidden']) ? 'active' : '', 'title' => t('Hide or Unhide this connection from your other connections'), 'info' => intval($contact['abook_hidden']) ? t('This connection is hidden!') : ''), 'delete' => array('label' => t('Delete'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection'))); $self = false; if (intval($contact['abook_self'])) { $self = true; } require_once 'include/contact_selectors.php'; $tpl = get_markup_template("abook_edit.tpl"); if (feature_enabled(local_channel(), 'affinity')) { $labels = array(t('Me'), t('Family'), t('Friends'), t('Acquaintances'), t('All')); call_hooks('affinity_labels', $labels); $label_str = ''; if ($labels) { foreach ($labels as $l) { if ($label_str) { $label_str .= ", '|'"; $label_str .= ", '" . $l . "'"; } else { $label_str .= "'" . $l . "'"; } } } $slider_tpl = get_markup_template('contact_slider.tpl'); $slide = replace_macros($slider_tpl, array('$min' => 1, '$val' => $contact['abook_closeness'] ? $contact['abook_closeness'] : 99, '$labels' => $label_str)); } $rating_val = 0; $rating_text = ''; $xl = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($contact['xchan_hash'])); if ($xl) { $rating_val = intval($xl[0]['xlink_rating']); $rating_text = $xl[0]['xlink_rating_text']; } $poco_rating = get_config('system', 'poco_rating_enable'); // if unset default to enabled if ($poco_rating === false) { $poco_rating = true; } if ($poco_rating) { $rating = replace_macros(get_markup_template('rating_slider.tpl'), array('$min' => -10, '$val' => $rating_val)); } else { $rating = false; } $perms = array(); $channel = \App::get_channel(); $global_perms = get_perms(); $existing = get_all_perms(local_channel(), $contact['abook_xchan']); $unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'), 'Yes')); $multiprofs = feature_enabled(local_channel(), 'multi_profiles') ? true : false; if ($slide && !$multiprofs) { $affinity = t('Set Affinity'); } if (!$slide && $multiprofs) { $affinity = t('Set Profile'); } if ($slide && $multiprofs) { $affinity = t('Set Affinity & Profile'); } foreach ($global_perms as $k => $v) { $thisperm = $contact['abook_my_perms'] & $v[1] ? "1" : ''; $checkinherited = $channel[$v[0]] && $channel[$v[0]] != PERMS_SPECIFIC ? "1" : ''; // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner if (!$self && $existing[$k]) { $thisperm = "1"; } $perms[] = array('perms_' . $k, $v[3], $contact['abook_their_perms'] & $v[1] ? "1" : "", $thisperm, $v[1], $channel[$v[0]] == PERMS_SPECIFIC ? '' : '1', $v[4], $checkinherited); } $locstr = ''; $locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'\n\t\t\t\tand hubloc_deleted = 0 and site_dead = 0", dbesc($contact['xchan_hash'])); if ($locs) { foreach ($locs as $l) { if (!$l['location']) { continue; } if (strpos($locstr, $l['location']) !== false) { continue; } if (strlen($locstr)) { $locstr .= ', '; } $locstr .= $l['location']; } } else { $locstr = t('none'); } $o .= replace_macros($tpl, array('$header' => $self ? t('Connection Default Permissions') : sprintf(t('Connection: %s'), $contact['xchan_name']), '$autoperms' => array('autoperms', t('Apply these permissions automatically'), get_pconfig(local_channel(), 'system', 'autoperms') ? 1 : 0, t('Connection requests will be approved without your interaction'), $yes_no), '$addr' => $contact['xchan_addr'], '$addr_text' => t('This connection\'s primary address is'), '$loc_text' => t('Available locations:'), '$locstr' => $locstr, '$notself' => $self ? '' : '1', '$self' => $self ? '1' : '', '$autolbl' => t('The permissions indicated on this page will be applied to all new connections.'), '$tools_label' => t('Connection Tools'), '$tools' => $self ? '' : $tools, '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$lbl_rating' => t('Rating'), '$lbl_rating_label' => t('Slide to adjust your rating'), '$lbl_rating_txt' => t('Optionally explain your rating'), '$connfilter' => feature_enabled(local_channel(), 'connfilter'), '$connfilter_label' => t('Custom Filter'), '$incl' => array('abook_incl', t('Only import posts with this text'), $contact['abook_incl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$excl' => array('abook_excl', t('Do not import posts with this text'), $contact['abook_excl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$rating_text' => array('rating_text', t('Optionally explain your rating'), $rating_text, ''), '$rating_info' => t('This information is public!'), '$rating' => $rating, '$rating_val' => $rating_val, '$slide' => $slide, '$affinity' => $affinity, '$pending_label' => t('Connection Pending Approval'), '$is_pending' => intval($contact['abook_pending']) ? 1 : '', '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$submit' => t('Submit'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), '$close' => $contact['abook_closeness'], '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'), '$permnote_self' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'), '$lastupdtext' => t('Last update:'), '$last_update' => relative_date($contact['abook_connected']), '$profile_select' => contact_profile_assign($contact['abook_profile']), '$multiprofs' => $multiprofs, '$contact_id' => $contact['abook_id'], '$name' => $contact['xchan_name'])); $arr = array('contact' => $contact, 'output' => $o); call_hooks('contact_edit', $arr); return $arr['output']; } }