function message_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$replyto = x($_POST, 'replyto') ? notags(trim($_POST['replyto'])) : '';
$subject = x($_POST, 'subject') ? notags(trim($_POST['subject'])) : '';
$body = x($_POST, 'body') ? escape_tags(trim($_POST['body'])) : '';
$recipient = x($_POST, 'messageto') ? intval($_POST['messageto']) : 0;
$ret = send_message($recipient, $body, $subject, $replyto);
switch ($ret) {
case -1:
notice(t('No recipient selected.') . EOL);
break;
case -2:
notice(t('Unable to locate contact information.') . EOL);
break;
case -3:
notice(t('Message could not be sent.') . EOL);
break;
case -4:
notice(t('Message collection failure.') . EOL);
break;
default:
info(t('Message sent.') . EOL);
}
}
function get()
{
nav_set_selected('help');
if ($_REQUEST['search']) {
$o .= '<div id="help-content" class="generic-content-wrapper">';
$o .= '<div class="section-title-wrapper">';
$o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
$o .= '</div>';
$o .= '<div class="section-content-wrapper">';
$r = search_doc_files($_REQUEST['search']);
if ($r) {
$o .= '<ul class="help-searchlist">';
foreach ($r as $rr) {
$dirname = dirname($rr['v']);
$fname = basename($rr['v']);
$fname = substr($fname, 0, strrpos($fname, '.'));
$path = trim(substr($dirname, 4), '/');
$o .= '<li><a href="help/' . ($path ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_', ' ', notags($fname))) . '</a><br />' . '<b><i>' . 'help/' . ($path ? $path . '/' : '') . $fname . '</i></b><br />' . '...' . str_replace('$Projectname', \Zotlabs\Lib\System::get_platform_name(), $rr['text']) . '...<br /><br /></li>';
}
$o .= '</ul>';
$o .= '</div>';
$o .= '</div>';
}
return $o;
}
$content = get_help_content();
return replace_macros(get_markup_template("help.tpl"), array('$title' => t('$Projectname Documentation'), '$content' => $content));
}
function qsearch_init(&$a)
{
if (!local_user()) {
killme();
}
$limit = get_config('system', 'qsearch_limit') ? intval(get_config('system', 'qsearch_limit')) : 100;
$search = x($_GET, 's') ? notags(trim(urldecode($_GET['s']))) : '';
if (!strlen($search)) {
killme();
}
if ($search) {
$search = dbesc($search);
}
$results = array();
$r = q("SELECT * FROM `group` WHERE `name` REGEXP '{$search}' AND `deleted` = 0 AND `uid` = %d LIMIT 0, %d ", intval(local_user()), intval($limit));
if (count($r)) {
foreach ($r as $rr) {
$results[] = array(0, (int) $rr['id'], $rr['name'], '', '');
}
}
$sql_extra = strlen($search) ? " AND (`name` REGEXP '{$search}' OR `nick` REGEXP '{$search}') " : "";
$r = q("SELECT * FROM `contact` WHERE `uid` = %d {$sql_extra} ORDER BY `name` ASC LIMIT 0, %d ", intval(local_user()), intval($limit));
if (count($r)) {
foreach ($r as $rr) {
$results[] = array((int) $rr['id'], 0, $rr['name'], $rr['url'], $rr['photo']);
}
}
echo json_encode((object) $results);
killme();
}
function follow_init(&$a)
{
if (!local_channel()) {
return;
}
$uid = local_channel();
$url = notags(trim($_REQUEST['url']));
$return_url = $_SESSION['return_url'];
$confirm = intval($_REQUEST['confirm']);
$result = new_contact($uid, $url, $a->get_channel(), true, $confirm);
if ($result['success'] == false) {
if ($result['message']) {
notice($result['message']);
}
goaway($return_url);
}
info(t('Channel added.') . EOL);
$clone = array();
foreach ($result['abook'] as $k => $v) {
if (strpos($k, 'abook_') === 0) {
$clone[$k] = $v;
}
}
unset($clone['abook_id']);
unset($clone['abook_account']);
unset($clone['abook_channel']);
build_sync_packet(0, array('abook' => array($clone)));
// If we can view their stream, pull in some posts
if ($result['abook']['abook_their_perms'] & PERMS_R_STREAM || $result['abook']['xchan_network'] === 'rss') {
proc_run('php', 'include/onepoll.php', $result['abook']['abook_id']);
}
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
}
function oexchange_content(&$a)
{
if (!local_user()) {
$o = login(false);
return $o;
}
if ($a->argc > 1 && $a->argv[1] === 'done') {
info(t('Post successful.') . EOL);
return;
}
$url = x($_GET, 'url') && strlen($_GET['url']) ? urlencode(notags(trim($_GET['url']))) : '';
$title = x($_GET, 'title') && strlen($_GET['title']) ? '&title=' . urlencode(notags(trim($_GET['title']))) : '';
$description = x($_GET, 'description') && strlen($_GET['description']) ? '&description=' . urlencode(notags(trim($_GET['description']))) : '';
$tags = x($_GET, 'tags') && strlen($_GET['tags']) ? '&tags=' . urlencode(notags(trim($_GET['tags']))) : '';
$s = fetch_url($a->get_baseurl() . '/parse_url?f=&url=' . $url . $title . $description . $tags);
if (!strlen($s)) {
return;
}
require_once 'include/html2bbcode.php';
$post = array();
$post['profile_uid'] = local_user();
$post['return'] = '/oexchange/done';
$post['body'] = html2bbcode($s);
$post['type'] = 'wall';
$_POST = $post;
require_once 'mod/item.php';
item_post($a);
}
function pubsub_post(&$a)
{
$xml = file_get_contents('php://input');
logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd);
logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
logger('pubsub: data: ' . $xml, LOGGER_DATA);
// if(! stristr($xml,'<?xml')) {
// logger('pubsub_post: bad xml');
// hub_post_return();
// }
$nick = $a->argc > 1 ? notags(trim($a->argv[1])) : '';
$contact_id = $a->argc > 2 ? intval($a->argv[2]) : 0;
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", dbesc($nick));
if (!count($r)) {
hub_post_return();
}
$importer = $r[0];
$r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d \n\t\tAND ( `rel` = %d OR `rel` = %d OR network = '%s' ) AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($contact_id), intval($importer['uid']), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), dbesc(NETWORK_FEED));
if (!count($r)) {
logger('pubsub: no contact record for "' . $nick . ' (' . $contact_id . ')" - ignored. ' . $xml);
hub_post_return();
}
$contact = $r[0];
// we have no way to match Diaspora guid's with atom post id's and could get duplicates.
// we'll assume that direct delivery is robust (and this is a bad assumption, but the duplicates are messy).
if ($r[0]['network'] === NETWORK_DIASPORA) {
hub_post_return();
}
$feedhub = '';
require_once 'include/items.php';
consume_feed($xml, $importer, $contact, $feedhub, 1, 1);
// do it a second time so that any children find their parents.
consume_feed($xml, $importer, $contact, $feedhub, 1, 2);
hub_post_return();
}
/**
*
* @param object &$a
*/
function filestorage_post(&$a)
{
$channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0;
if (!$channel_id || !local_channel() || $channel_id != local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0;
$resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : '';
$notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0;
if (!$resource) {
notice(t('Item not found.') . EOL);
return;
}
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
$channel = $a->get_channel();
$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
//get the object before permissions change so we can catch eventual former allowed members
$object = get_file_activity_object($channel_id, $resource, $cloudPath);
attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse);
file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify);
goaway($cloudPath);
}
function help_content(&$a)
{
nav_set_selected('help');
global $lang;
$text = '';
if ($a->argc > 1) {
$text = load_doc_file('doc/' . $a->argv[1] . '.md');
$a->page['title'] = t('Help:') . ' ' . str_replace('-', ' ', notags($a->argv[1]));
}
$home = load_doc_file('doc/Home.md');
if (!$text) {
$text = $home;
$a->page['title'] = t('Help');
} else {
$a->page['aside'] = Markdown($home);
}
if (!strlen($text)) {
header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
$tpl = get_markup_template("404.tpl");
return replace_macros($tpl, array('$message' => t('Page not found.')));
}
$html = Markdown($text);
$html = "<style>.md_warning { padding: 1em; border: #ff0000 solid 2px; background-color: #f9a3a3; color: #ffffff;</style>" . $html;
return $html;
}
function init()
{
$uri = urldecode(notags(trim($_GET['uri'])));
logger('xrd: ' . $uri, LOGGER_DEBUG);
$resource = $uri;
if (substr($uri, 0, 4) === 'http') {
$uri = str_replace('~', '', $uri);
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: application/xrd+xml");
$aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
for ($x = 0; $x < count($aliases); $x++) {
if ($aliases[$x] === $resource) {
unset($aliases[$x]);
}
}
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
/**
*
* @param object &$a
*/
function filestorage_post(&$a)
{
$channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0;
if (!$channel_id || !local_channel() || $channel_id != local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0;
$resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : '';
$notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0;
if (!$resource) {
notice(t('Item not found.') . EOL);
return;
}
$channel = $a->get_channel();
$acl = new AccessList($channel);
$acl->set_from_array($_REQUEST);
$x = $acl->get();
$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
//get the object before permissions change so we can catch eventual former allowed members
$object = get_file_activity_object($channel_id, $resource, $cloudPath);
attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse);
file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
goaway($cloudPath);
}
function tagrm_post(&$a)
{
if (!local_user()) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : '';
$item = x($_POST, 'item') ? intval($_POST['item']) : 0;
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user()));
if (!count($r)) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$arr = explode(',', $r[0]['tag']);
for ($x = 0; $x < count($arr); $x++) {
if ($arr[$x] === $tag) {
unset($arr[$x]);
break;
}
}
$tag_str = implode(',', $arr);
q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user()));
info(t('Tag removed') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name));
if (!count($r)) {
killme();
}
$salmon_key = salmon_key($r[0]['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
if (get_config('system', 'diaspora_enabled')) {
//$tpl = file_get_contents('view/xrd_diaspora.tpl');
$tpl = get_markup_template('xrd_diaspora.tpl');
$dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey']))));
} else {
$dspr = '';
}
//$tpl = file_get_contents('view/xrd_person.tpl');
$tpl = get_markup_template('xrd_person.tpl');
$o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function lostpass_post(&$a)
{
$loginame = notags(trim($_POST['login-name']));
if (!$loginame) {
goaway(z_root());
}
$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `verified` = 1 AND `blocked` = 0 LIMIT 1", dbesc($loginame), dbesc($loginame));
if (!count($r)) {
notice(t('No valid account found.') . EOL);
goaway(z_root());
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(12) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `pwdreset` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
if ($r) {
info(t('Password reset request issued. Check your email.') . EOL);
}
$email_tpl = get_intltext_template("lostpass_eml.tpl");
$email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$reset_link' => $a->get_baseurl() . '/lostpass?verify=' . $new_password));
$res = mail($email, email_header_encode(sprintf(t('Password reset requested at %s'), $a->config['sitename']), 'UTF-8'), $email_tpl, 'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
goaway(z_root());
}
function follow_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
goaway($_SESSION['return_url']);
// NOTREACHED
}
if ($_REQUEST['cancel']) {
goaway($_SESSION['return_url']);
}
$uid = local_user();
$url = notags(trim($_REQUEST['url']));
$return_url = $_SESSION['return_url'];
// Makes the connection request for friendica contacts easier
// This is just a precaution if maybe this page is called somewhere directly via POST
$_SESSION["fastlane"] = $url;
$result = new_contact($uid, $url, true);
if ($result['success'] == false) {
if ($result['message']) {
notice($result['message']);
}
goaway($return_url);
} elseif ($result['cid']) {
goaway($a->get_baseurl() . '/contacts/' . $result['cid']);
}
info(t('Contact added') . EOL);
if (strstr($return_url, 'contacts')) {
goaway($a->get_baseurl() . '/contacts/' . $contact_id);
}
goaway($return_url);
// NOTREACHED
}
function post()
{
check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
$allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : '';
$not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : '';
set_config('system', 'allowed_email', $allowed_email);
set_config('system', 'not_allowed_email', $not_allowed_email);
$block_public = x($_POST, 'block_public') ? True : False;
set_config('system', 'block_public', $block_public);
$ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites']));
set_config('system', 'whitelisted_sites', $ws);
$bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites']));
set_config('system', 'blacklisted_sites', $bs);
$wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels']));
set_config('system', 'whitelisted_channels', $wc);
$bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels']));
set_config('system', 'blacklisted_channels', $bc);
$embed_sslonly = x($_POST, 'embed_sslonly') ? True : False;
set_config('system', 'embed_sslonly', $embed_sslonly);
$we = $this->trim_array_elems(explode("\n", $_POST['embed_allow']));
set_config('system', 'embed_allow', $we);
$be = $this->trim_array_elems(explode("\n", $_POST['embed_deny']));
set_config('system', 'embed_deny', $be);
$ts = x($_POST, 'transport_security') ? True : False;
set_config('system', 'transport_security_header', $ts);
$cs = x($_POST, 'content_security') ? True : False;
set_config('system', 'content_security_policy', $cs);
goaway(z_root() . '/admin/security');
}
function dirfind_content(&$a)
{
$search = notags(trim($_REQUEST['search']));
if (strpos($search, '@') === 0) {
$search = substr($search, 1);
}
$o = '';
$o .= '<h2>' . t('People Search') . ' - ' . $search . '</h2>';
if ($search) {
$p = $a->pager['page'] != 1 ? '&p=' . $a->pager['page'] : '';
if (strlen(get_config('system', 'directory_submit_url'))) {
$x = fetch_url('http://dir.friendica.com/lsearch?f=' . $p . '&search=' . urlencode($search));
}
//TODO fallback local search if global dir not available.
// else
// $x = post_url($a->get_baseurl() . '/lsearch', $params);
$j = json_decode($x);
if ($j->total) {
$a->set_pager_total($j->total);
$a->set_pager_itemspage($j->items_page);
}
if (count($j->results)) {
$tpl = get_markup_template('match.tpl');
foreach ($j->results as $jj) {
$o .= replace_macros($tpl, array('$url' => zrl($jj->url), '$name' => $jj->name, '$photo' => $jj->photo, '$tags' => $jj->tags));
}
} else {
info(t('No matches') . EOL);
}
}
$o .= '<div class="clear"></div>';
$o .= paginate($a);
return $o;
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = get_markup_template('view/xrd_person.tpl');
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function tumblr_plugin_admin_post(&$a)
{
$consumer_key = x($_POST, 'consumer_key') ? notags(trim($_POST['consumer_key'])) : '';
$consumer_secret = x($_POST, 'consumer_secret') ? notags(trim($_POST['consumer_secret'])) : '';
set_config('tumblr', 'consumer_key', $consumer_key);
set_config('tumblr', 'consumer_secret', $consumer_secret);
info(t('Settings updated.') . EOL);
}
function appnet_plugin_admin_post(&$a)
{
$clientid = x($_POST, 'clientid') ? notags(trim($_POST['clientid'])) : '';
$clientsecret = x($_POST, 'clientsecret') ? notags(trim($_POST['clientsecret'])) : '';
set_config('appnet', 'clientid', $clientid);
set_config('appnet', 'clientsecret', $clientsecret);
info(t('Settings updated.') . EOL);
}
function geocoordinates_plugin_admin_post(&$a)
{
$api_key = x($_POST, 'api_key') ? notags(trim($_POST['api_key'])) : '';
set_config('geocoordinates', 'api_key', $api_key);
$language = x($_POST, 'language') ? notags(trim($_POST['language'])) : '';
set_config('geocoordinates', 'language', $language);
info(t('Settings updated.') . EOL);
}
function openstreetmap_plugin_admin_post(&$a)
{
$url = x($_POST, 'tmsserver') ? notags(trim($_POST['tmsserver'])) : '';
$zoom = x($_POST, 'zoom') ? intval(trim($_POST['zoom'])) : '17';
set_config('openstreetmap', 'tmsserver', $url);
set_config('openstreetmap', 'zoom', $zoom);
info(t('Settings updated.') . EOL);
}
/**
* @brief Used to wrap ACL elements in angle brackets for storage.
*
* @param[in,out] array &$item
*/
function sanitise_acl(&$item)
{
if (strlen($item)) {
$item = '<' . notags(trim($item)) . '>';
} else {
unset($item);
}
}
/**
* test, that tags are escaped
*/
public function testEscapeTags()
{
$invalidstring = '<submit type="button" onclick="alert(\'failed!\');" />';
$validstring = notags($invalidstring);
$escapedString = escape_tags($invalidstring);
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
$this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
}
/**
* Save admin settings
*/
function gravatar_plugin_admin_post(&$a)
{
check_form_security_token('gravatarsave');
$default_avatar = x($_POST, 'avatar') ? notags(trim($_POST['avatar'])) : 'identicon';
$rating = x($_POST, 'rating') ? notags(trim($_POST['rating'])) : 'g';
set_config('gravatar', 'default_img', $default_avatar);
set_config('gravatar', 'rating', $rating);
info(t('Gravatar settings updated.') . EOL);
}
function pubsub_init(&$a)
{
$nick = argc() > 1 ? escape_tags(trim(argv(1))) : '';
$contact_id = argc() > 2 ? intval(argv(2)) : 0;
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$hub_mode = x($_GET, 'hub_mode') ? notags(trim($_GET['hub_mode'])) : '';
$hub_topic = x($_GET, 'hub_topic') ? notags(trim($_GET['hub_topic'])) : '';
$hub_challenge = x($_GET, 'hub_challenge') ? notags(trim($_GET['hub_challenge'])) : '';
$hub_lease = x($_GET, 'hub_lease_seconds') ? notags(trim($_GET['hub_lease_seconds'])) : '';
$hub_verify = x($_GET, 'hub_verify_token') ? notags(trim($_GET['hub_verify_token'])) : '';
logger('pubsub: Subscription from ' . $_SERVER['REMOTE_ADDR']);
logger('pubsub: data: ' . print_r($_GET, true), LOGGER_DATA);
$subscribe = $hub_mode === 'subscribe' ? 1 : 0;
$channel = channelx_by_nick($nick);
if (!$channel) {
http_status_exit(404, 'not found.');
}
$connections = abook_connections($channel['channel_id'], ' and abook_id = ' . $contact_id);
if ($connections) {
$xchan = $connections[0];
} else {
logger('connection ' . $contact_id . ' not found.');
http_status_exit(404, 'not found.');
}
if ($hub_verify) {
$verify = get_abconfig($channel['channel_id'], $xchan['xchan_hash'], 'pubsubhubbub', 'verify_token');
if ($verify != $hub_verify) {
logger('hub verification failed.');
http_status_exit(404, 'not found.');
}
}
$feed_url = z_root() . '/feed/' . $channel['channel_address'];
if ($hub_topic) {
if (!link_compare($hub_topic, $feed_url)) {
logger('hub topic ' . $hub_topic . ' != ' . $feed_url);
// should abort but let's humour them.
}
}
$contact = $r[0];
// We must initiate an unsubscribe request with a verify_token.
// Don't allow outsiders to unsubscribe us.
if ($hub_mode === 'unsubscribe') {
if (!strlen($hub_verify)) {
logger('pubsub: bogus unsubscribe');
http_status_exit(403, 'permission denied.');
}
logger('pubsub: unsubscribe success');
}
if ($hub_mode) {
set_abconfig($channel['channel_id'], $xchan['xchan_hash'], 'pubsubhubbub', 'subscribed', intval($subscribe));
}
header($_SERVER["SERVER_PROTOCOL"] . ' 200 ' . 'OK');
echo $hub_challenge;
killme();
}
}
function submit_content(&$a)
{
//Decode the URL.
$url = hex2bin(notags(trim($_GET['url'])));
//Currently we simply push RAW URL's to our targets.
sync_push($url);
//Run the submit sequence.
run_submit($url);
exit;
}
function group_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
if ($a->argc == 2 && $a->argv[1] == 'new') {
$name = notags(trim($_POST['groupname']));
$r = group_add($name);
if ($r) {
notice(t('Group created.') . EOL);
$r = group_byname($name);
if ($r) {
goaway($a->get_baseurl() . '/group/' . $r);
}
} else {
notice(t('Could not create group.') . EOL);
}
goaway($a->get_baseurl() . '/group');
return;
// NOTREACHED
}
if ($a->argc == 2 && intval($a->argv[1])) {
$r = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1", intval($a->argv[1]));
if (!count($r)) {
notice(t('Group not found.') . EOL);
goaway($a->get_baseurl() . '/contacts');
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if (strlen($groupname) && $groupname != $group['name']) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `id` = %d LIMIT 1", dbesc($groupname), intval($group['id']));
if ($r) {
notice(t('Group name changed.') . EOL);
}
}
$members = $_POST['group_members_select'];
array_walk($members, 'validate_members');
$r = q("DELETE FROM `group_member` WHERE `gid` = %d ", intval($a->argv[1]));
$result = true;
if (count($members)) {
foreach ($members as $member) {
$r = q("INSERT INTO `group_member` ( `gid`, `contact-id`)\n\t\t\t\t\tVALUES ( %d, %d )", intval($group['id']), intval($member));
if (!$r) {
$result = false;
}
}
}
if ($result) {
notice(t('Membership list updated.') . EOL);
}
$a->page['aside'] = group_side();
}
}
function post()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/', 'send_invite');
$max_invites = intval(get_config('system', 'max_invites'));
if (!$max_invites) {
$max_invites = 50;
}
$current_invites = intval(get_pconfig(local_channel(), 'system', 'sent_invites'));
if ($current_invites > $max_invites) {
notice(t('Total invitation limit exceeded.') . EOL);
return;
}
$recips = x($_POST, 'recipients') ? explode("\n", $_POST['recipients']) : array();
$message = x($_POST, 'message') ? notags(trim($_POST['message'])) : '';
$total = 0;
if (get_config('system', 'invitation_only')) {
$invonly = true;
$x = get_pconfig(local_channel(), 'system', 'invites_remaining');
if (!$x && !is_site_admin()) {
return;
}
}
foreach ($recips as $recip) {
$recip = trim($recip);
if (!$recip) {
continue;
}
if (!valid_email($recip)) {
notice(sprintf(t('%s : Not a valid email address.'), $recip) . EOL);
continue;
} else {
$nmessage = $message;
}
$account = \App::get_account();
$res = mail($recip, sprintf(t('Please join us on $Projectname'), \App::$config['sitename']), $nmessage, "From: " . $account['account_email'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
if ($res) {
$total++;
$current_invites++;
set_pconfig(local_channel(), 'system', 'sent_invites', $current_invites);
if ($current_invites > $max_invites) {
notice(t('Invitation limit exceeded. Please contact your site administrator.') . EOL);
return;
}
} else {
notice(sprintf(t('%s : Message delivery failed.'), $recip) . EOL);
}
}
notice(sprintf(tt("%d message sent.", "%d messages sent.", $total), $total) . EOL);
return;
}
function newmemberwidget_plugin_admin_post(&$a)
{
$ft = x($_POST, 'freetext') ? trim($_POST['freetext']) : "";
$lsn = x($_POST, 'localsupportname') ? notags(trim($_POST['localsupportname'])) : "";
$gs = intval($_POST['linkglobalsupport']);
$ls = intval($_POST['linklocalsupport']);
set_config('newmemberwidget', 'freetext', trim($ft));
set_config('newmemberwidget', 'linkglobalsupport', $gs);
set_config('newmemberwidget', 'linklocalsupport', $ls);
set_config('newmemberwidget', 'localsupport', trim($lsn));
}
function community_content(&$a, $update = 0)
{
$o = '';
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
if (get_config('system', 'no_community_page')) {
notice(t('Not available.') . EOL);
return;
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
$o .= '<h3>' . t('Community') . '</h3>';
if (!$update) {
nav_set_selected('community');
}
if (x($a->data, 'search')) {
$search = notags(trim($a->data['search']));
} else {
$search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : '';
}
// Here is the way permissions work in this module...
// Only public posts can be shown
// OR your own posts if you are a logged in member
if (!get_config('alt_pager', 'global') && !get_pconfig(local_user(), 'system', 'alt_pager')) {
$r = q("SELECT COUNT(distinct(`item`.`uri`)) AS `total`\n\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' \n\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 \n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0");
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
if (!$r[0]['total']) {
info(t('No results.') . EOL);
return $o;
}
}
//$r = q("SELECT distinct(`item`.`uri`)
$r = q("SELECT `item`.`uri`, `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,\n\t\t`user`.`nickname`, `user`.`hidewall`\n\t\tFROM `item` FORCE INDEX (`received`) LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' \n\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `item`.`id` = `item`.`parent`\n\t\tAND `user`.`hidewall` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self`\n\t\tORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
// group by `item`.`uri`
if (!count($r)) {
info(t('No results.') . EOL);
return $o;
}
// we behave the same in message lists as the search module
$o .= conversation($a, $r, 'community', $update);
if (get_config('alt_pager', 'global') || get_pconfig(local_user(), 'system', 'alt_pager')) {
$o .= alt_pager($a, count($r));
} else {
$o .= paginate($a);
}
return $o;
}