Beispiel #1
0
function message_post(&$a)
{
    if (!local_user()) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    $replyto = x($_POST, 'replyto') ? notags(trim($_POST['replyto'])) : '';
    $subject = x($_POST, 'subject') ? notags(trim($_POST['subject'])) : '';
    $body = x($_POST, 'body') ? escape_tags(trim($_POST['body'])) : '';
    $recipient = x($_POST, 'messageto') ? intval($_POST['messageto']) : 0;
    $ret = send_message($recipient, $body, $subject, $replyto);
    switch ($ret) {
        case -1:
            notice(t('No recipient selected.') . EOL);
            break;
        case -2:
            notice(t('Unable to locate contact information.') . EOL);
            break;
        case -3:
            notice(t('Message could not be sent.') . EOL);
            break;
        case -4:
            notice(t('Message collection failure.') . EOL);
            break;
        default:
            info(t('Message sent.') . EOL);
    }
}
Beispiel #2
0
 function get()
 {
     nav_set_selected('help');
     if ($_REQUEST['search']) {
         $o .= '<div id="help-content" class="generic-content-wrapper">';
         $o .= '<div class="section-title-wrapper">';
         $o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
         $o .= '</div>';
         $o .= '<div class="section-content-wrapper">';
         $r = search_doc_files($_REQUEST['search']);
         if ($r) {
             $o .= '<ul class="help-searchlist">';
             foreach ($r as $rr) {
                 $dirname = dirname($rr['v']);
                 $fname = basename($rr['v']);
                 $fname = substr($fname, 0, strrpos($fname, '.'));
                 $path = trim(substr($dirname, 4), '/');
                 $o .= '<li><a href="help/' . ($path ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_', ' ', notags($fname))) . '</a><br />' . '<b><i>' . 'help/' . ($path ? $path . '/' : '') . $fname . '</i></b><br />' . '...' . str_replace('$Projectname', \Zotlabs\Lib\System::get_platform_name(), $rr['text']) . '...<br /><br /></li>';
             }
             $o .= '</ul>';
             $o .= '</div>';
             $o .= '</div>';
         }
         return $o;
     }
     $content = get_help_content();
     return replace_macros(get_markup_template("help.tpl"), array('$title' => t('$Projectname Documentation'), '$content' => $content));
 }
Beispiel #3
0
function qsearch_init(&$a)
{
    if (!local_user()) {
        killme();
    }
    $limit = get_config('system', 'qsearch_limit') ? intval(get_config('system', 'qsearch_limit')) : 100;
    $search = x($_GET, 's') ? notags(trim(urldecode($_GET['s']))) : '';
    if (!strlen($search)) {
        killme();
    }
    if ($search) {
        $search = dbesc($search);
    }
    $results = array();
    $r = q("SELECT * FROM `group` WHERE `name` REGEXP '{$search}' AND `deleted` = 0 AND `uid` = %d LIMIT 0, %d ", intval(local_user()), intval($limit));
    if (count($r)) {
        foreach ($r as $rr) {
            $results[] = array(0, (int) $rr['id'], $rr['name'], '', '');
        }
    }
    $sql_extra = strlen($search) ? " AND (`name` REGEXP '{$search}' OR `nick` REGEXP '{$search}') " : "";
    $r = q("SELECT * FROM `contact` WHERE `uid` = %d {$sql_extra} ORDER BY `name` ASC LIMIT 0, %d ", intval(local_user()), intval($limit));
    if (count($r)) {
        foreach ($r as $rr) {
            $results[] = array((int) $rr['id'], 0, $rr['name'], $rr['url'], $rr['photo']);
        }
    }
    echo json_encode((object) $results);
    killme();
}
Beispiel #4
0
function follow_init(&$a)
{
    if (!local_channel()) {
        return;
    }
    $uid = local_channel();
    $url = notags(trim($_REQUEST['url']));
    $return_url = $_SESSION['return_url'];
    $confirm = intval($_REQUEST['confirm']);
    $result = new_contact($uid, $url, $a->get_channel(), true, $confirm);
    if ($result['success'] == false) {
        if ($result['message']) {
            notice($result['message']);
        }
        goaway($return_url);
    }
    info(t('Channel added.') . EOL);
    $clone = array();
    foreach ($result['abook'] as $k => $v) {
        if (strpos($k, 'abook_') === 0) {
            $clone[$k] = $v;
        }
    }
    unset($clone['abook_id']);
    unset($clone['abook_account']);
    unset($clone['abook_channel']);
    build_sync_packet(0, array('abook' => array($clone)));
    // If we can view their stream, pull in some posts
    if ($result['abook']['abook_their_perms'] & PERMS_R_STREAM || $result['abook']['xchan_network'] === 'rss') {
        proc_run('php', 'include/onepoll.php', $result['abook']['abook_id']);
    }
    goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
}
Beispiel #5
0
function oexchange_content(&$a)
{
    if (!local_user()) {
        $o = login(false);
        return $o;
    }
    if ($a->argc > 1 && $a->argv[1] === 'done') {
        info(t('Post successful.') . EOL);
        return;
    }
    $url = x($_GET, 'url') && strlen($_GET['url']) ? urlencode(notags(trim($_GET['url']))) : '';
    $title = x($_GET, 'title') && strlen($_GET['title']) ? '&title=' . urlencode(notags(trim($_GET['title']))) : '';
    $description = x($_GET, 'description') && strlen($_GET['description']) ? '&description=' . urlencode(notags(trim($_GET['description']))) : '';
    $tags = x($_GET, 'tags') && strlen($_GET['tags']) ? '&tags=' . urlencode(notags(trim($_GET['tags']))) : '';
    $s = fetch_url($a->get_baseurl() . '/parse_url?f=&url=' . $url . $title . $description . $tags);
    if (!strlen($s)) {
        return;
    }
    require_once 'include/html2bbcode.php';
    $post = array();
    $post['profile_uid'] = local_user();
    $post['return'] = '/oexchange/done';
    $post['body'] = html2bbcode($s);
    $post['type'] = 'wall';
    $_POST = $post;
    require_once 'mod/item.php';
    item_post($a);
}
Beispiel #6
0
function pubsub_post(&$a)
{
    $xml = file_get_contents('php://input');
    logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd);
    logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
    logger('pubsub: data: ' . $xml, LOGGER_DATA);
    //	if(! stristr($xml,'<?xml')) {
    //		logger('pubsub_post: bad xml');
    //		hub_post_return();
    //	}
    $nick = $a->argc > 1 ? notags(trim($a->argv[1])) : '';
    $contact_id = $a->argc > 2 ? intval($a->argv[2]) : 0;
    $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", dbesc($nick));
    if (!count($r)) {
        hub_post_return();
    }
    $importer = $r[0];
    $r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d \n\t\tAND ( `rel` = %d OR `rel` = %d OR network = '%s' ) AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($contact_id), intval($importer['uid']), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), dbesc(NETWORK_FEED));
    if (!count($r)) {
        logger('pubsub: no contact record for "' . $nick . ' (' . $contact_id . ')" - ignored. ' . $xml);
        hub_post_return();
    }
    $contact = $r[0];
    // we have no way to match Diaspora guid's with atom post id's and could get duplicates.
    // we'll assume that direct delivery is robust (and this is a bad assumption, but the duplicates are messy).
    if ($r[0]['network'] === NETWORK_DIASPORA) {
        hub_post_return();
    }
    $feedhub = '';
    require_once 'include/items.php';
    consume_feed($xml, $importer, $contact, $feedhub, 1, 1);
    // do it a second time so that any children find their parents.
    consume_feed($xml, $importer, $contact, $feedhub, 1, 2);
    hub_post_return();
}
Beispiel #7
0
/**
 *
 * @param object &$a
 */
function filestorage_post(&$a)
{
    $channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0;
    if (!$channel_id || !local_channel() || $channel_id != local_channel()) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    $recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0;
    $resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : '';
    $notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0;
    if (!$resource) {
        notice(t('Item not found.') . EOL);
        return;
    }
    $str_group_allow = perms2str($_REQUEST['group_allow']);
    $str_contact_allow = perms2str($_REQUEST['contact_allow']);
    $str_group_deny = perms2str($_REQUEST['group_deny']);
    $str_contact_deny = perms2str($_REQUEST['contact_deny']);
    $channel = $a->get_channel();
    $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
    //get the object before permissions change so we can catch eventual former allowed members
    $object = get_file_activity_object($channel_id, $resource, $cloudPath);
    attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse);
    file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify);
    goaway($cloudPath);
}
Beispiel #8
0
function help_content(&$a)
{
    nav_set_selected('help');
    global $lang;
    $text = '';
    if ($a->argc > 1) {
        $text = load_doc_file('doc/' . $a->argv[1] . '.md');
        $a->page['title'] = t('Help:') . ' ' . str_replace('-', ' ', notags($a->argv[1]));
    }
    $home = load_doc_file('doc/Home.md');
    if (!$text) {
        $text = $home;
        $a->page['title'] = t('Help');
    } else {
        $a->page['aside'] = Markdown($home);
    }
    if (!strlen($text)) {
        header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
        $tpl = get_markup_template("404.tpl");
        return replace_macros($tpl, array('$message' => t('Page not found.')));
    }
    $html = Markdown($text);
    $html = "<style>.md_warning { padding: 1em; border: #ff0000 solid 2px; background-color: #f9a3a3; color: #ffffff;</style>" . $html;
    return $html;
}
Beispiel #9
0
 function init()
 {
     $uri = urldecode(notags(trim($_GET['uri'])));
     logger('xrd: ' . $uri, LOGGER_DEBUG);
     $resource = $uri;
     if (substr($uri, 0, 4) === 'http') {
         $uri = str_replace('~', '', $uri);
         $name = basename($uri);
     } else {
         $local = str_replace('acct:', '', $uri);
         if (substr($local, 0, 2) == '//') {
             $local = substr($local, 2);
         }
         $name = substr($local, 0, strpos($local, '@'));
     }
     $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
     if (!$r) {
         killme();
     }
     $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
     $salmon_key = salmon_key($r[0]['channel_pubkey']);
     header('Access-Control-Allow-Origin: *');
     header("Content-type: application/xrd+xml");
     $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
     for ($x = 0; $x < count($aliases); $x++) {
         if ($aliases[$x] === $resource) {
             unset($aliases[$x]);
         }
     }
     $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
     $arr = array('user' => $r[0], 'xml' => $o);
     call_hooks('personal_xrd', $arr);
     echo $arr['xml'];
     killme();
 }
Beispiel #10
0
/**
 *
 * @param object &$a
 */
function filestorage_post(&$a)
{
    $channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0;
    if (!$channel_id || !local_channel() || $channel_id != local_channel()) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    $recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0;
    $resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : '';
    $notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0;
    if (!$resource) {
        notice(t('Item not found.') . EOL);
        return;
    }
    $channel = $a->get_channel();
    $acl = new AccessList($channel);
    $acl->set_from_array($_REQUEST);
    $x = $acl->get();
    $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
    //get the object before permissions change so we can catch eventual former allowed members
    $object = get_file_activity_object($channel_id, $resource, $cloudPath);
    attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse);
    file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
    goaway($cloudPath);
}
Beispiel #11
0
function tagrm_post(&$a)
{
    if (!local_user()) {
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
    }
    if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) {
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
    }
    $tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : '';
    $item = x($_POST, 'item') ? intval($_POST['item']) : 0;
    $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user()));
    if (!count($r)) {
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
    }
    $arr = explode(',', $r[0]['tag']);
    for ($x = 0; $x < count($arr); $x++) {
        if ($arr[$x] === $tag) {
            unset($arr[$x]);
            break;
        }
    }
    $tag_str = implode(',', $arr);
    q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user()));
    info(t('Tag removed') . EOL);
    goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
    // NOTREACHED
}
Beispiel #12
0
function xrd_init(&$a)
{
    $uri = urldecode(notags(trim($_GET['uri'])));
    if (substr($uri, 0, 4) === 'http') {
        $name = basename($uri);
    } else {
        $local = str_replace('acct:', '', $uri);
        if (substr($local, 0, 2) == '//') {
            $local = substr($local, 2);
        }
        $name = substr($local, 0, strpos($local, '@'));
    }
    $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name));
    if (!count($r)) {
        killme();
    }
    $salmon_key = salmon_key($r[0]['spubkey']);
    header('Access-Control-Allow-Origin: *');
    header("Content-type: text/xml");
    if (get_config('system', 'diaspora_enabled')) {
        //$tpl = file_get_contents('view/xrd_diaspora.tpl');
        $tpl = get_markup_template('xrd_diaspora.tpl');
        $dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey']))));
    } else {
        $dspr = '';
    }
    //$tpl = file_get_contents('view/xrd_person.tpl');
    $tpl = get_markup_template('xrd_person.tpl');
    $o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey'])));
    $arr = array('user' => $r[0], 'xml' => $o);
    call_hooks('personal_xrd', $arr);
    echo $arr['xml'];
    killme();
}
Beispiel #13
0
function lostpass_post(&$a)
{
    $loginame = notags(trim($_POST['login-name']));
    if (!$loginame) {
        goaway(z_root());
    }
    $r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", dbesc($loginame), dbesc($loginame));
    if (!count($r)) {
        notice(t('No valid account found.') . EOL);
        goaway(z_root());
    }
    $uid = $r[0]['uid'];
    $username = $r[0]['username'];
    $email = $r[0]['email'];
    $new_password = autoname(12) . mt_rand(100, 9999);
    $new_password_encoded = hash('whirlpool', $new_password);
    $r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
    if ($r) {
        info(t('Password reset request issued. Check your email.') . EOL);
    }
    $email_tpl = get_intltext_template("lostpass_eml.tpl");
    $email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password));
    $res = mail($email, email_header_encode(sprintf(t('Password reset requested at %s'), $a->config['sitename']), 'UTF-8'), $email_tpl, 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
    goaway(z_root());
}
Beispiel #14
0
function follow_post(&$a)
{
    if (!local_user()) {
        notice(t('Permission denied.') . EOL);
        goaway($_SESSION['return_url']);
        // NOTREACHED
    }
    if ($_REQUEST['cancel']) {
        goaway($_SESSION['return_url']);
    }
    $uid = local_user();
    $url = notags(trim($_REQUEST['url']));
    $return_url = $_SESSION['return_url'];
    // Makes the connection request for friendica contacts easier
    // This is just a precaution if maybe this page is called somewhere directly via POST
    $_SESSION["fastlane"] = $url;
    $result = new_contact($uid, $url, true);
    if ($result['success'] == false) {
        if ($result['message']) {
            notice($result['message']);
        }
        goaway($return_url);
    } elseif ($result['cid']) {
        goaway($a->get_baseurl() . '/contacts/' . $result['cid']);
    }
    info(t('Contact added') . EOL);
    if (strstr($return_url, 'contacts')) {
        goaway($a->get_baseurl() . '/contacts/' . $contact_id);
    }
    goaway($return_url);
    // NOTREACHED
}
Beispiel #15
0
 function post()
 {
     check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
     $allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : '';
     $not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : '';
     set_config('system', 'allowed_email', $allowed_email);
     set_config('system', 'not_allowed_email', $not_allowed_email);
     $block_public = x($_POST, 'block_public') ? True : False;
     set_config('system', 'block_public', $block_public);
     $ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites']));
     set_config('system', 'whitelisted_sites', $ws);
     $bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites']));
     set_config('system', 'blacklisted_sites', $bs);
     $wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels']));
     set_config('system', 'whitelisted_channels', $wc);
     $bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels']));
     set_config('system', 'blacklisted_channels', $bc);
     $embed_sslonly = x($_POST, 'embed_sslonly') ? True : False;
     set_config('system', 'embed_sslonly', $embed_sslonly);
     $we = $this->trim_array_elems(explode("\n", $_POST['embed_allow']));
     set_config('system', 'embed_allow', $we);
     $be = $this->trim_array_elems(explode("\n", $_POST['embed_deny']));
     set_config('system', 'embed_deny', $be);
     $ts = x($_POST, 'transport_security') ? True : False;
     set_config('system', 'transport_security_header', $ts);
     $cs = x($_POST, 'content_security') ? True : False;
     set_config('system', 'content_security_policy', $cs);
     goaway(z_root() . '/admin/security');
 }
Beispiel #16
0
function dirfind_content(&$a)
{
    $search = notags(trim($_REQUEST['search']));
    if (strpos($search, '@') === 0) {
        $search = substr($search, 1);
    }
    $o = '';
    $o .= '<h2>' . t('People Search') . ' - ' . $search . '</h2>';
    if ($search) {
        $p = $a->pager['page'] != 1 ? '&p=' . $a->pager['page'] : '';
        if (strlen(get_config('system', 'directory_submit_url'))) {
            $x = fetch_url('http://dir.friendica.com/lsearch?f=' . $p . '&search=' . urlencode($search));
        }
        //TODO fallback local search if global dir not available.
        //		else
        //			$x = post_url($a->get_baseurl() . '/lsearch', $params);
        $j = json_decode($x);
        if ($j->total) {
            $a->set_pager_total($j->total);
            $a->set_pager_itemspage($j->items_page);
        }
        if (count($j->results)) {
            $tpl = get_markup_template('match.tpl');
            foreach ($j->results as $jj) {
                $o .= replace_macros($tpl, array('$url' => zrl($jj->url), '$name' => $jj->name, '$photo' => $jj->photo, '$tags' => $jj->tags));
            }
        } else {
            info(t('No matches') . EOL);
        }
    }
    $o .= '<div class="clear"></div>';
    $o .= paginate($a);
    return $o;
}
Beispiel #17
0
function xrd_init(&$a)
{
    $uri = urldecode(notags(trim($_GET['uri'])));
    if (substr($uri, 0, 4) === 'http') {
        $name = basename($uri);
    } else {
        $local = str_replace('acct:', '', $uri);
        if (substr($local, 0, 2) == '//') {
            $local = substr($local, 2);
        }
        $name = substr($local, 0, strpos($local, '@'));
    }
    $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
    if (!$r) {
        killme();
    }
    $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
    $salmon_key = salmon_key($r[0]['channel_pubkey']);
    header('Access-Control-Allow-Origin: *');
    header("Content-type: text/xml");
    $tpl = get_markup_template('view/xrd_person.tpl');
    $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key));
    $arr = array('user' => $r[0], 'xml' => $o);
    call_hooks('personal_xrd', $arr);
    echo $arr['xml'];
    killme();
}
Beispiel #18
0
function tumblr_plugin_admin_post(&$a)
{
    $consumer_key = x($_POST, 'consumer_key') ? notags(trim($_POST['consumer_key'])) : '';
    $consumer_secret = x($_POST, 'consumer_secret') ? notags(trim($_POST['consumer_secret'])) : '';
    set_config('tumblr', 'consumer_key', $consumer_key);
    set_config('tumblr', 'consumer_secret', $consumer_secret);
    info(t('Settings updated.') . EOL);
}
Beispiel #19
0
function appnet_plugin_admin_post(&$a)
{
    $clientid = x($_POST, 'clientid') ? notags(trim($_POST['clientid'])) : '';
    $clientsecret = x($_POST, 'clientsecret') ? notags(trim($_POST['clientsecret'])) : '';
    set_config('appnet', 'clientid', $clientid);
    set_config('appnet', 'clientsecret', $clientsecret);
    info(t('Settings updated.') . EOL);
}
function geocoordinates_plugin_admin_post(&$a)
{
    $api_key = x($_POST, 'api_key') ? notags(trim($_POST['api_key'])) : '';
    set_config('geocoordinates', 'api_key', $api_key);
    $language = x($_POST, 'language') ? notags(trim($_POST['language'])) : '';
    set_config('geocoordinates', 'language', $language);
    info(t('Settings updated.') . EOL);
}
function openstreetmap_plugin_admin_post(&$a)
{
    $url = x($_POST, 'tmsserver') ? notags(trim($_POST['tmsserver'])) : '';
    $zoom = x($_POST, 'zoom') ? intval(trim($_POST['zoom'])) : '17';
    set_config('openstreetmap', 'tmsserver', $url);
    set_config('openstreetmap', 'zoom', $zoom);
    info(t('Settings updated.') . EOL);
}
Beispiel #22
0
/**
 * @brief Used to wrap ACL elements in angle brackets for storage.
 *
 * @param[in,out] array &$item
 */
function sanitise_acl(&$item)
{
    if (strlen($item)) {
        $item = '<' . notags(trim($item)) . '>';
    } else {
        unset($item);
    }
}
Beispiel #23
0
 /**
  * test, that tags are escaped
  */
 public function testEscapeTags()
 {
     $invalidstring = '<submit type="button" onclick="alert(\'failed!\');" />';
     $validstring = notags($invalidstring);
     $escapedString = escape_tags($invalidstring);
     $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
     $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
 }
Beispiel #24
0
/**
 * Save admin settings
 */
function gravatar_plugin_admin_post(&$a)
{
    check_form_security_token('gravatarsave');
    $default_avatar = x($_POST, 'avatar') ? notags(trim($_POST['avatar'])) : 'identicon';
    $rating = x($_POST, 'rating') ? notags(trim($_POST['rating'])) : 'g';
    set_config('gravatar', 'default_img', $default_avatar);
    set_config('gravatar', 'rating', $rating);
    info(t('Gravatar settings updated.') . EOL);
}
Beispiel #25
0
function pubsub_init(&$a)
{
    $nick = argc() > 1 ? escape_tags(trim(argv(1))) : '';
    $contact_id = argc() > 2 ? intval(argv(2)) : 0;
    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        $hub_mode = x($_GET, 'hub_mode') ? notags(trim($_GET['hub_mode'])) : '';
        $hub_topic = x($_GET, 'hub_topic') ? notags(trim($_GET['hub_topic'])) : '';
        $hub_challenge = x($_GET, 'hub_challenge') ? notags(trim($_GET['hub_challenge'])) : '';
        $hub_lease = x($_GET, 'hub_lease_seconds') ? notags(trim($_GET['hub_lease_seconds'])) : '';
        $hub_verify = x($_GET, 'hub_verify_token') ? notags(trim($_GET['hub_verify_token'])) : '';
        logger('pubsub: Subscription from ' . $_SERVER['REMOTE_ADDR']);
        logger('pubsub: data: ' . print_r($_GET, true), LOGGER_DATA);
        $subscribe = $hub_mode === 'subscribe' ? 1 : 0;
        $channel = channelx_by_nick($nick);
        if (!$channel) {
            http_status_exit(404, 'not found.');
        }
        $connections = abook_connections($channel['channel_id'], ' and abook_id = ' . $contact_id);
        if ($connections) {
            $xchan = $connections[0];
        } else {
            logger('connection ' . $contact_id . ' not found.');
            http_status_exit(404, 'not found.');
        }
        if ($hub_verify) {
            $verify = get_abconfig($channel['channel_id'], $xchan['xchan_hash'], 'pubsubhubbub', 'verify_token');
            if ($verify != $hub_verify) {
                logger('hub verification failed.');
                http_status_exit(404, 'not found.');
            }
        }
        $feed_url = z_root() . '/feed/' . $channel['channel_address'];
        if ($hub_topic) {
            if (!link_compare($hub_topic, $feed_url)) {
                logger('hub topic ' . $hub_topic . ' != ' . $feed_url);
                // should abort but let's humour them.
            }
        }
        $contact = $r[0];
        // We must initiate an unsubscribe request with a verify_token.
        // Don't allow outsiders to unsubscribe us.
        if ($hub_mode === 'unsubscribe') {
            if (!strlen($hub_verify)) {
                logger('pubsub: bogus unsubscribe');
                http_status_exit(403, 'permission denied.');
            }
            logger('pubsub: unsubscribe success');
        }
        if ($hub_mode) {
            set_abconfig($channel['channel_id'], $xchan['xchan_hash'], 'pubsubhubbub', 'subscribed', intval($subscribe));
        }
        header($_SERVER["SERVER_PROTOCOL"] . ' 200 ' . 'OK');
        echo $hub_challenge;
        killme();
    }
}
Beispiel #26
0
function submit_content(&$a)
{
    //Decode the URL.
    $url = hex2bin(notags(trim($_GET['url'])));
    //Currently we simply push RAW URL's to our targets.
    sync_push($url);
    //Run the submit sequence.
    run_submit($url);
    exit;
}
Beispiel #27
0
function group_post(&$a)
{
    if (!local_user()) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    if ($a->argc == 2 && $a->argv[1] == 'new') {
        $name = notags(trim($_POST['groupname']));
        $r = group_add($name);
        if ($r) {
            notice(t('Group created.') . EOL);
            $r = group_byname($name);
            if ($r) {
                goaway($a->get_baseurl() . '/group/' . $r);
            }
        } else {
            notice(t('Could not create group.') . EOL);
        }
        goaway($a->get_baseurl() . '/group');
        return;
        // NOTREACHED
    }
    if ($a->argc == 2 && intval($a->argv[1])) {
        $r = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1", intval($a->argv[1]));
        if (!count($r)) {
            notice(t('Group not found.') . EOL);
            goaway($a->get_baseurl() . '/contacts');
        }
        $group = $r[0];
        $groupname = notags(trim($_POST['groupname']));
        if (strlen($groupname) && $groupname != $group['name']) {
            $r = q("UPDATE `group` SET `name` = '%s' WHERE `id` = %d LIMIT 1", dbesc($groupname), intval($group['id']));
            if ($r) {
                notice(t('Group name changed.') . EOL);
            }
        }
        $members = $_POST['group_members_select'];
        array_walk($members, 'validate_members');
        $r = q("DELETE FROM `group_member` WHERE `gid` = %d ", intval($a->argv[1]));
        $result = true;
        if (count($members)) {
            foreach ($members as $member) {
                $r = q("INSERT INTO `group_member` ( `gid`, `contact-id`)\n\t\t\t\t\tVALUES ( %d, %d )", intval($group['id']), intval($member));
                if (!$r) {
                    $result = false;
                }
            }
        }
        if ($result) {
            notice(t('Membership list updated.') . EOL);
        }
        $a->page['aside'] = group_side();
    }
}
Beispiel #28
0
 function post()
 {
     if (!local_channel()) {
         notice(t('Permission denied.') . EOL);
         return;
     }
     check_form_security_token_redirectOnErr('/', 'send_invite');
     $max_invites = intval(get_config('system', 'max_invites'));
     if (!$max_invites) {
         $max_invites = 50;
     }
     $current_invites = intval(get_pconfig(local_channel(), 'system', 'sent_invites'));
     if ($current_invites > $max_invites) {
         notice(t('Total invitation limit exceeded.') . EOL);
         return;
     }
     $recips = x($_POST, 'recipients') ? explode("\n", $_POST['recipients']) : array();
     $message = x($_POST, 'message') ? notags(trim($_POST['message'])) : '';
     $total = 0;
     if (get_config('system', 'invitation_only')) {
         $invonly = true;
         $x = get_pconfig(local_channel(), 'system', 'invites_remaining');
         if (!$x && !is_site_admin()) {
             return;
         }
     }
     foreach ($recips as $recip) {
         $recip = trim($recip);
         if (!$recip) {
             continue;
         }
         if (!valid_email($recip)) {
             notice(sprintf(t('%s : Not a valid email address.'), $recip) . EOL);
             continue;
         } else {
             $nmessage = $message;
         }
         $account = \App::get_account();
         $res = mail($recip, sprintf(t('Please join us on $Projectname'), \App::$config['sitename']), $nmessage, "From: " . $account['account_email'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
         if ($res) {
             $total++;
             $current_invites++;
             set_pconfig(local_channel(), 'system', 'sent_invites', $current_invites);
             if ($current_invites > $max_invites) {
                 notice(t('Invitation limit exceeded. Please contact your site administrator.') . EOL);
                 return;
             }
         } else {
             notice(sprintf(t('%s : Message delivery failed.'), $recip) . EOL);
         }
     }
     notice(sprintf(tt("%d message sent.", "%d messages sent.", $total), $total) . EOL);
     return;
 }
function newmemberwidget_plugin_admin_post(&$a)
{
    $ft = x($_POST, 'freetext') ? trim($_POST['freetext']) : "";
    $lsn = x($_POST, 'localsupportname') ? notags(trim($_POST['localsupportname'])) : "";
    $gs = intval($_POST['linkglobalsupport']);
    $ls = intval($_POST['linklocalsupport']);
    set_config('newmemberwidget', 'freetext', trim($ft));
    set_config('newmemberwidget', 'linkglobalsupport', $gs);
    set_config('newmemberwidget', 'linklocalsupport', $ls);
    set_config('newmemberwidget', 'localsupport', trim($lsn));
}
Beispiel #30
0
function community_content(&$a, $update = 0)
{
    $o = '';
    if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
        notice(t('Public access denied.') . EOL);
        return;
    }
    if (get_config('system', 'no_community_page')) {
        notice(t('Not available.') . EOL);
        return;
    }
    require_once "include/bbcode.php";
    require_once 'include/security.php';
    require_once 'include/conversation.php';
    $o .= '<h3>' . t('Community') . '</h3>';
    if (!$update) {
        nav_set_selected('community');
    }
    if (x($a->data, 'search')) {
        $search = notags(trim($a->data['search']));
    } else {
        $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : '';
    }
    // Here is the way permissions work in this module...
    // Only public posts can be shown
    // OR your own posts if you are a logged in member
    if (!get_config('alt_pager', 'global') && !get_pconfig(local_user(), 'system', 'alt_pager')) {
        $r = q("SELECT COUNT(distinct(`item`.`uri`)) AS `total`\n\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\tAND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' \n\t\t\tAND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''\n\t\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 \n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0");
        if (count($r)) {
            $a->set_pager_total($r[0]['total']);
        }
        if (!$r[0]['total']) {
            info(t('No results.') . EOL);
            return $o;
        }
    }
    //$r = q("SELECT distinct(`item`.`uri`)
    $r = q("SELECT `item`.`uri`, `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,\n\t\t`user`.`nickname`, `user`.`hidewall`\n\t\tFROM `item` FORCE INDEX (`received`) LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\tAND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''\n\t\tAND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = '' \n\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `item`.`id` = `item`.`parent`\n\t\tAND `user`.`hidewall` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self`\n\t\tORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
    //		group by `item`.`uri`
    if (!count($r)) {
        info(t('No results.') . EOL);
        return $o;
    }
    // we behave the same in message lists as the search module
    $o .= conversation($a, $r, 'community', $update);
    if (get_config('alt_pager', 'global') || get_pconfig(local_user(), 'system', 'alt_pager')) {
        $o .= alt_pager($a, count($r));
    } else {
        $o .= paginate($a);
    }
    return $o;
}