function chat_post(&$a) { if ($_POST['room_name']) { $room = strip_tags(trim($_POST['room_name'])); } if (!$room || !local_channel()) { return; } $channel = $a->get_channel(); if ($_POST['action'] === 'drop') { logger('delete chatroom'); chatroom_destroy($channel, array('cr_name' => $room)); goaway(z_root() . '/chat/' . $channel['channel_address']); } $arr = array('name' => $room); $arr['allow_gid'] = perms2str($_REQUEST['group_allow']); $arr['allow_cid'] = perms2str($_REQUEST['contact_allow']); $arr['deny_gid'] = perms2str($_REQUEST['group_deny']); $arr['deny_cid'] = perms2str($_REQUEST['contact_deny']); chatroom_create($channel, $arr); $x = q("select cr_id from chatroom where cr_name = '%s' and cr_uid = %d limit 1", dbesc($room), intval(local_channel())); if ($x) { goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']); } // that failed. Try again perhaps? goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new'); }
/** * * @param object &$a */ function filestorage_post(&$a) { $channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0; if (!$channel_id || !local_channel() || $channel_id != local_channel()) { notice(t('Permission denied.') . EOL); return; } $recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0; $resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : ''; $notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0; if (!$resource) { notice(t('Item not found.') . EOL); return; } $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); $channel = $a->get_channel(); $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); //get the object before permissions change so we can catch eventual former allowed members $object = get_file_activity_object($channel_id, $resource, $cloudPath); attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse); file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify); goaway($cloudPath); }
function post() { // logger('file upload: ' . print_r($_REQUEST,true)); $channel = $_REQUEST['channick'] ? get_channel_by_nick($_REQUEST['channick']) : null; if (!$channel) { logger('channel not found'); killme(); } $_REQUEST['source'] = 'file_upload'; if ($channel['channel_id'] != local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } if ($_REQUEST['filename']) { $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); } else { $r = attach_store($channel, get_observer_hash(), '', $_REQUEST); } goaway(z_root() . '/' . $_REQUEST['return_url']); }
/** * Set AccessList from arrays, such as those provided by * acl_selector(). For convenience, a string (or non-array) input is * assumed to be a comma-separated list and auto-converted into an array. */ function set_from_array($arr, $explicit = true) { $this->allow_cid = perms2str(is_array($arr['contact_allow']) ? $arr['contact_allow'] : explode(',', $arr['contact_allow'])); $this->allow_gid = perms2str(is_array($arr['group_allow']) ? $arr['group_allow'] : explode(',', $arr['group_allow'])); $this->deny_cid = perms2str(is_array($arr['contact_deny']) ? $arr['contact_deny'] : explode(',', $arr['contact_deny'])); $this->deny_gid = perms2str(is_array($arr['group_deny']) ? $arr['group_deny'] : explode(',', $arr['group_deny'])); $this->explicit = $explicit; }
function filestorage_post(&$a) { $channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0; if (!$channel_id || !local_user() || $channel_id != local_user()) { notice(t('Permission denied.') . EOL); return; } $recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0; $resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : ''; if (!$resource) { notice(t('Item not found.') . EOL); return; } $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse = false); //Build directory tree and redirect $channel = $a->get_channel(); $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); goaway($cloudPath); }
function settings_post(&$a) { if (!local_user()) { return; } if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } $old_page_flags = $a->user['page-flags']; if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { check_form_security_token_redirectOnErr('/settings/addon', 'settings_addon'); call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { check_form_security_token_redirectOnErr('/settings/connectors', 'settings_connectors'); if (x($_POST, 'imap-submit')) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_action = x($_POST, 'mail_action') ? trim($_POST['mail_action']) : ''; $mail_movetofolder = x($_POST, 'mail_movetofolder') ? trim($_POST['mail_movetofolder']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`action` = %d, `movetofolder` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), intval($mail_action), dbesc($mail_movetofolder), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); logger("mail: updating mailaccount. Response: " . print_r($r, true)); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); foreach ($_POST as $k => $v) { if (strpos($k, 'feature_') === 0) { set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0); } } info(t('Features updated') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->user['theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $noinfo = x($_POST, 'noinfo') ? intval($_POST['noinfo']) : 0; $infinite_scroll = x($_POST, 'infinite_scroll') ? intval($_POST['infinite_scroll']) : 0; $no_auto_update = x($_POST, 'no_auto_update') ? intval($_POST['no_auto_update']) : 0; $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage_network = x($_POST, 'itemspage_network') ? intval($_POST['itemspage_network']) : 40; if ($itemspage_network > 100) { $itemspage_network = 100; } $itemspage_mobile_network = x($_POST, 'itemspage_mobile_network') ? intval($_POST['itemspage_mobile_network']) : 20; if ($itemspage_mobile_network > 100) { $itemspage_mobile_network = 100; } if ($mobile_theme !== '') { set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_user(), 'system', 'update_interval', $browser_update); set_pconfig(local_user(), 'system', 'itemspage_network', $itemspage_network); set_pconfig(local_user(), 'system', 'itemspage_mobile_network', $itemspage_mobile_network); set_pconfig(local_user(), 'system', 'no_smilies', $nosmile); set_pconfig(local_user(), 'system', 'ignore_info', $noinfo); set_pconfig(local_user(), 'system', 'infinite_scroll', $infinite_scroll); set_pconfig(local_user(), 'system', 'no_auto_update', $no_auto_update); if ($theme == $a->user['theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE `user` SET `theme` = '%s' WHERE `uid` = %d", dbesc($theme), intval(local_user())); call_hooks('display_settings_post', $_POST); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } check_form_security_token_redirectOnErr('/settings', 'settings'); if (x($_POST, 'resend_relocate')) { proc_run('php', 'include/notifier.php', 'relocate', local_user()); info(t("Relocate message has been send to your contacts")); goaway($a->get_baseurl(true) . '/settings'); } call_hooks('settings_post', $_POST); if (x($_POST, 'password') || x($_POST, 'confirm')) { $newpass = $_POST['password']; $confirm = $_POST['confirm']; $oldpass = hash('whirlpool', $_POST['opassword']); $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } // check if the old password was supplied correctly before // changing it to the new value $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); if ($oldpass != $r[0]['password']) { notice(t('Wrong password.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $def_gid = x($_POST, 'group-selection') ? intval($_POST['group-selection']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $email_textonly = $_POST['email_textonly'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; // check for the correct password $r = q("SELECT `password` FROM `user`WHERE `uid` = %d LIMIT 1", intval(local_user())); $password = hash('whirlpool', $_POST['mpassword']); if ($password != $r[0]['password']) { $err .= t('Wrong Password') . EOL; $email = $a->user['email']; } // check the email is valid if (!valid_email($email)) { $err .= t(' Not valid email.'); } // ensure new email is not the admin mail //if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) { if (x($a->config, 'admin_email')) { $adminlist = explode(",", str_replace(" ", "", strtolower($a->config['admin_email']))); if (in_array(strtolower($email), $adminlist)) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; $openid = normalise_openid($openid); // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'expire', 'network_only', $expire_network_only); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_user(), 'system', 'email_textonly', $email_textonly); if ($page_flags == PAGE_PRVGROUP) { $hidewall = 1; if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) { if ($def_gid) { info(t('Private forum has no privacy permissions. Using default privacy group.') . EOL); $str_group_allow = '<' . $def_gid . '>'; } else { notice(t('Private forum has no privacy permissions and no default privacy group.') . EOL); } } } $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `def_gid` = %d, `blockwall` = %d, `hidewall` = %d, `blocktags` = %d, `unkmail` = %d, `cntunkmail` = %d WHERE `uid` = %d", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), intval($maxreq), intval($expire), dbesc($openidserver), intval($def_gid), intval($blockwall), intval($hidewall), intval($blocktags), intval($unkmail), intval($cntunkmail), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile`\n\t\tSET `publish` = %d,\n\t\t`name` = '%s',\n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d", intval($publish), dbesc($username), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish || $page_flags != $old_page_flags) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function settings_post(&$a) { if (!local_channel()) { return; } if ($_SESSION['delegate']) { return; } $channel = $a->get_channel(); logger('mod_settings: ' . print_r($_REQUEST, true)); if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_channel()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; $ok = true; if ($name == '') { $ok = false; notice(t('Name is required') . EOL); } if ($key == '' || $secret == '') { $ok = false; notice(t('Key and Secret are required') . EOL); } if ($ok) { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()), dbesc($key)); } else { $r = q("INSERT INTO clients (client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel())); $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), intval(local_channel()), dbesc('all')); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if (argc() > 1 && argv(1) == 'featured') { check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured'); call_hooks('feature_settings_post', $_POST); if ($_POST['dspr-submit']) { set_pconfig(local_channel(), 'system', 'diaspora_allowed', intval($_POST['dspr_allowed'])); set_pconfig(local_channel(), 'system', 'diaspora_public_comments', intval($_POST['dspr_pubcomment'])); set_pconfig(local_channel(), 'system', 'prevent_tag_hijacking', intval($_POST['dspr_hijack'])); info(t('Diaspora Policy Settings updated.') . EOL); } build_sync_packet(); return; } if (argc() > 1 && argv(1) === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); // Build list of features and check which are set $features = get_features(); $all_features = array(); foreach ($features as $k => $v) { foreach ($v as $f) { $all_features[] = $f[0]; } } foreach ($all_features as $k) { if (x($_POST, "feature_{$k}")) { set_pconfig(local_channel(), 'feature', $k, 1); } else { set_pconfig(local_channel(), 'feature', $k, 0); } } build_sync_packet(); return; } if (argc() > 1 && argv(1) == 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->channel['channel_theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $title_tosource = x($_POST, 'title_tosource') ? intval($_POST['title_tosource']) : 0; $channel_list_mode = x($_POST, 'channel_list_mode') ? intval($_POST['channel_list_mode']) : 0; $network_list_mode = x($_POST, 'network_list_mode') ? intval($_POST['network_list_mode']) : 0; $channel_divmore_height = x($_POST, 'channel_divmore_height') ? intval($_POST['channel_divmore_height']) : 400; if ($channel_divmore_height < 50) { $channel_divmore_height = 50; } $network_divmore_height = x($_POST, 'network_divmore_height') ? intval($_POST['network_divmore_height']) : 400; if ($network_divmore_height < 50) { $network_divmore_height = 50; } $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20; if ($itemspage > 100) { $itemspage = 100; } if ($mobile_theme == "---") { del_pconfig(local_channel(), 'system', 'mobile_theme'); } else { set_pconfig(local_channel(), 'system', 'mobile_theme', $mobile_theme); } set_pconfig(local_channel(), 'system', 'user_scalable', $user_scalable); set_pconfig(local_channel(), 'system', 'update_interval', $browser_update); set_pconfig(local_channel(), 'system', 'itemspage', $itemspage); set_pconfig(local_channel(), 'system', 'no_smilies', 1 - intval($nosmile)); set_pconfig(local_channel(), 'system', 'title_tosource', $title_tosource); set_pconfig(local_channel(), 'system', 'channel_list_mode', $channel_list_mode); set_pconfig(local_channel(), 'system', 'network_list_mode', $network_list_mode); set_pconfig(local_channel(), 'system', 'channel_divmore_height', $channel_divmore_height); set_pconfig(local_channel(), 'system', 'network_divmore_height', $network_divmore_height); if ($theme == $a->channel['channel_theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_channel())); call_hooks('display_settings_post', $_POST); build_sync_packet(); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } if (argc() > 1 && argv(1) === 'account') { check_form_security_token_redirectOnErr('/settings/account', 'settings_account'); call_hooks('settings_account', $_POST); $errs = array(); if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = $_POST['npassword']; $confirm = $_POST['confirm']; if ($newpass != $confirm) { $errs[] = t('Passwords do not match. Password unchanged.'); } if (!x($newpass) || !x($confirm)) { $errs[] = t('Empty passwords are not allowed. Password unchanged.'); } if (!$errs) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); $r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id())); if ($r) { info(t('Password changed.') . EOL); } else { $errs[] = t('Password update failed. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } $errs = array(); } $email = x($_POST, 'email') ? trim(notags($_POST['email'])) : ''; $account = $a->get_account(); if ($email != $account['account_email']) { if (!valid_email($email)) { $errs[] = t('Not valid email.'); } $adm = trim(get_config('system', 'admin_email')); if ($adm && strcasecmp($email, $adm) == 0) { $errs[] = t('Protected email address. Cannot change to that email.'); $email = $a->user['email']; } if (!$errs) { $r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id'])); if (!$r) { $errs[] = t('System failure storing new email. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } } goaway($a->get_baseurl(true) . '/settings/account'); } check_form_security_token_redirectOnErr('/settings', 'settings'); call_hooks('settings_post', $_POST); $set_perms = ''; $role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : ''; $oldrole = get_pconfig(local_channel(), 'system', 'permissions_role'); if ($role != $oldrole || $role === 'custom') { if ($role === 'custom') { $hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : ''; $r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel())); $global_perms = get_perms(); foreach ($global_perms as $k => $v) { $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' '; } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s'\n\t\t\t\twhere channel_id = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval(local_channel())); } else { $role_permissions = get_role_perms($_POST['permissions_role']); if (!$role_permissions) { notice('Permissions category could not be found.'); return; } $hide_presence = 1 - intval($role_permissions['online']); if ($role_permissions['default_collection']) { $r = q("select hash from groups where uid = %d and name = '%s' limit 1", intval(local_channel()), dbesc(t('Friends'))); if (!$r) { require_once 'include/group.php'; group_add(local_channel(), t('Friends')); group_add_member(local_channel(), t('Friends'), $channel['channel_hash']); $r = q("select hash from groups where uid = %d and name = '%s' limit 1", intval(local_channel()), dbesc(t('Friends'))); } if ($r) { q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel())); } else { notice(sprintf('Default privacy collection \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL); return; } } else { q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel())); } $r = q("update abook set abook_my_perms = %d where abook_channel = %d and (abook_flags & %d)>0", intval($role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0), intval(local_channel()), intval(ABOOK_FLAG_SELF)); set_pconfig(local_channel(), 'system', 'autoperms', $role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0); foreach ($role_permissions as $p => $v) { if (strpos($p, 'channel_') !== false) { $set_perms .= ', ' . $p . ' = ' . intval($v) . ' '; } if ($p === 'directory_publish') { $publish = intval($v); } } } set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence); set_pconfig(local_channel(), 'system', 'permissions_role', $role); } $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3; $channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : ''; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $adult = $_POST['adult'] == 1 ? 1 : 0; $channel = $a->get_channel(); $pageflags = $channel['channel_pageflags']; $existing_adult = $pageflags & PAGE_ADULT ? 1 : 0; if ($adult != $existing_adult) { $pageflags = $pageflags ^ PAGE_ADULT; } $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $vnotify = 0; if (x($_POST, 'vnotify1')) { $vnotify += intval($_POST['vnotify1']); } if (x($_POST, 'vnotify2')) { $vnotify += intval($_POST['vnotify2']); } if (x($_POST, 'vnotify3')) { $vnotify += intval($_POST['vnotify3']); } if (x($_POST, 'vnotify4')) { $vnotify += intval($_POST['vnotify4']); } if (x($_POST, 'vnotify5')) { $vnotify += intval($_POST['vnotify5']); } if (x($_POST, 'vnotify6')) { $vnotify += intval($_POST['vnotify6']); } if (x($_POST, 'vnotify7')) { $vnotify += intval($_POST['vnotify7']); } if (x($_POST, 'vnotify8')) { $vnotify += intval($_POST['vnotify8']); } if (x($_POST, 'vnotify9')) { $vnotify += intval($_POST['vnotify9']); } if (x($_POST, 'vnotify10')) { $vnotify += intval($_POST['vnotify10']); } if (x($_POST, 'vnotify11')) { $vnotify += intval($_POST['vnotify11']); } $always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0; $channel = $a->get_channel(); $err = ''; $name_change = false; if ($username != $channel['channel_name']) { $name_change = true; require_once 'include/identity.php'; $err = validate_channelname($username); if ($err) { notice($err); return; } } if ($timezone != $channel['channel_timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location); set_pconfig(local_channel(), 'system', 'suggestme', $suggestme); set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_channel(), 'system', 'blocktags', $blocktags); set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu); set_pconfig(local_channel(), 'system', 'vnotify', $vnotify); set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices); set_pconfig(local_channel(), 'system', 'evdays', $evdays); $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel())); if ($r) { info(t('Settings updated.') . EOL); } if (!is_null($publish)) { $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel())); } if ($name_change) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash'])); $r = q("update profile set name = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id'])); } proc_run('php', 'include/directory.php', local_channel()); build_sync_packet(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['system']['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function item_post(&$a) { if (!local_user() && !remote_user()) { return; } require_once 'include/security.php'; $uid = local_user(); if (x($_POST, 'dropitems')) { require_once 'include/items.php'; $arr_drop = explode(',', $_POST['dropitems']); drop_items($arr_drop); $json = array('success' => 1); echo json_encode($json); killme(); } call_hooks('post_local_start', $_POST); $api_source = x($_POST, 'api_source') && $_POST['api_source'] ? true : false; $return_path = x($_POST, 'return') ? $_POST['return'] : ''; /** * Is this a reply to something? */ $parent = x($_POST, 'parent') ? intval($_POST['parent']) : 0; $parent_uri = x($_POST, 'parent_uri') ? trim($_POST['parent_uri']) : ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; $parid = 0; $r = false; $preview = x($_POST, 'preview') ? intval($_POST['preview']) : 0; if ($parent || $parent_uri) { if (!x($_POST, 'type')) { $_POST['type'] = 'net-comment'; } if ($parent) { $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent)); } elseif ($parent_uri && local_user()) { // This is coming from an API source, and we are logged in $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_uri), intval(local_user())); } // if this isn't the real parent of the conversation, find it if ($r !== false && count($r)) { $parid = $r[0]['parent']; if ($r[0]['id'] != $r[0]['parent']) { $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid)); } } if ($r === false || !count($r)) { notice(t('Unable to locate original post.') . EOL); if (x($_POST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } $parent_item = $r[0]; $parent = $r[0]['id']; // multi-level threading - preserve the info but re-parent to our single level threading if ($parid && $parid != $parent) { $thr_parent = $parent_uri; } if ($parent_item['contact-id'] && $uid) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($parent_item['contact-id']), intval($uid)); if (count($r)) { $parent_contact = $r[0]; } } } if ($parent) { logger('mod_post: parent=' . $parent); } $profile_uid = x($_POST, 'profile_uid') ? intval($_POST['profile_uid']) : 0; $post_id = x($_POST['post_id']) ? intval($_POST['post_id']) : 0; $app = x($_POST['source']) ? strip_tags($_POST['source']) : ''; if (!can_write_wall($a, $profile_uid)) { notice(t('Permission denied.') . EOL); if (x($_POST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } // is this an edited post? $orig_post = null; if ($post_id) { $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id)); if (!count($i)) { killme(); } $orig_post = $i[0]; } $user = null; $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($profile_uid)); if (count($r)) { $user = $r[0]; } if ($orig_post) { $str_group_allow = $orig_post['allow_gid']; $str_contact_allow = $orig_post['allow_cid']; $str_group_deny = $orig_post['deny_gid']; $str_contact_deny = $orig_post['deny_cid']; $title = $orig_post['title']; $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; $emailcc = $orig_post['emailcc']; $app = $orig_post['app']; $body = escape_tags(trim($_POST['body'])); $private = $orig_post['private']; $pubmail_enable = $orig_post['pubmail']; } else { $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $title = notags(trim($_POST['title'])); $location = notags(trim($_POST['location'])); $coord = notags(trim($_POST['coord'])); $verb = notags(trim($_POST['verb'])); $emailcc = notags(trim($_POST['emailcc'])); $body = escape_tags(trim($_POST['body'])); $private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) ? 1 : 0; if ($parent_item && ($parent_item['private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid']))) { $private = 1; } $pubmail_enable = x($_POST, 'pubmail_enable') && intval($_POST['pubmail_enable']) && !$private ? 1 : 0; // if using the API, we won't see pubmail_enable - figure out if it should be set if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) { $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (!$mail_disabled) { $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", intval(local_user())); if (count($r) && intval($r[0]['pubmail'])) { $pubmail_enabled = true; } } } if (!strlen($body)) { info(t('Empty post discarded.') . EOL); if (x($_POST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } if ($api_source && !array_key_exists('allow_cid', $_REQUEST) && !array_key_exists('allow_gid', $_REQUEST) && !array_key_exists('deny_cid', $_REQUEST) && !array_key_exists('deny_gid', $_REQUEST)) { $str_group_allow = $user['allow_gid']; $str_contact_allow = $user['allow_cid']; $str_group_deny = $user['deny_gid']; $str_contact_deny = $user['deny_cid']; } // get contact info for poster $author = null; $self = false; if ($_SESSION['uid'] && $_SESSION['uid'] == $profile_uid) { $self = true; $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); } else { if (x($_SESSION, 'visitor_id') && intval($_SESSION['visitor_id'])) { $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($_SESSION['visitor_id'])); } } if (count($r)) { $author = $r[0]; $contact_id = $author['id']; } // get contact info for owner if ($profile_uid == $_SESSION['uid']) { $contact_record = $author; } else { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($profile_uid)); if (count($r)) { $contact_record = $r[0]; } } $post_type = notags(trim($_POST['type'])); if ($post_type === 'net-comment') { if ($parent_item !== null) { if ($parent_item['wall'] == 1) { $post_type = 'wall-comment'; } else { $post_type = 'remote-comment'; } } } /** * * When a photo was uploaded into the message using the (profile wall) ajax * uploader, The permissions are initially set to disallow anybody but the * owner from seeing it. This is because the permissions may not yet have been * set for the post. If it's private, the photo permissions should be set * appropriately. But we didn't know the final permissions on the post until * now. So now we'll look for links of uploaded messages that are in the * post and set them to the same permissions as the post itself. * */ $match = null; if (!$preview && preg_match_all("/\\[img\\](.*?)\\[\\/img\\]/", $body, $match)) { $images = $match[1]; if (count($images)) { foreach ($images as $image) { if (!stristr($image, $a->get_baseurl() . '/photo/')) { continue; } $image_uri = substr($image, strrpos($image, '/') + 1); $image_uri = substr($image_uri, 0, strpos($image_uri, '-')); if (!strlen($image_uri)) { continue; } $srch = '<' . intval($profile_uid) . '>'; $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''\n\t\t\t\t\tAND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid)); if (!count($r)) { continue; } $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\tWHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($image_uri), intval($profile_uid), dbesc(t('Wall Photos'))); } } } /** * Next link in any attachment references we find in the post. */ $match = false; if (!$preview && preg_match_all("/\\[attachment\\](.*?)\\[\\/attachment\\]/", $body, $match)) { $attaches = $match[1]; if (count($attaches)) { foreach ($attaches as $attach) { $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($attach)); if (count($r)) { $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\t\tWHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($profile_uid), intval($attach)); } } } } // embedded bookmark in post? set bookmark flag $bookmark = 0; if (preg_match_all("/\\[bookmark\\=([^\\]]*)\\](.*?)\\[\\/bookmark\\]/ism", $body, $match, PREG_SET_ORDER)) { $bookmark = 1; } $body = bb_translate_video($body); /** * Fold multi-line [code] sequences */ $body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body); /** * Look for any tags and linkify them */ $str_tags = ''; $inform = ''; $tags = get_tags($body); /** * add a statusnet style reply tag if the original post was from there * and we are replying, and there isn't one already */ if ($parent_contact && $parent_contact['network'] === NETWORK_OSTATUS && $parent_contact['nick'] && !in_array('@' . $parent_contact['nick'], $tags)) { $body = '@' . $parent_contact['nick'] . ' ' . $body; $tags[] = '@' . $parent_contact['nick']; } if (count($tags)) { foreach ($tags as $tag) { if (isset($profile)) { unset($profile); } if (strpos($tag, '#') === 0) { if (strpos($tag, '[url=')) { continue; } $basetag = str_replace('_', ' ', substr($tag, 1)); $body = str_replace($tag, '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]', $body); $newtag = '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]'; if (!stristr($str_tags, $newtag)) { if (strlen($str_tags)) { $str_tags .= ','; } $str_tags .= $newtag; } continue; } if (strpos($tag, '@') === 0) { if (strpos($tag, '[url=')) { continue; } $stat = false; $name = substr($tag, 1); if (strpos($name, '@') || strpos($name, 'http://')) { $newname = $name; $links = @lrdd($name); if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $profile = $link['@attributes']['href']; } if ($link['@attributes']['rel'] === 'salmon') { if (strlen($inform)) { $inform .= ','; } $inform .= 'url:' . str_replace(',', '%2c', $link['@attributes']['href']); } } } } else { $newname = $name; $alias = ''; $tagcid = 0; if (strrpos($newname, '+')) { $tagcid = intval(substr($newname, strrpos($newname, '+') + 1)); if (strpos($name, ' ')) { $name = substr($name, 0, strpos($name, ' ')); } } if ($tagcid) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), intval($profile_uid)); } elseif (strstr($name, '_') || strstr($name, ' ')) { $newname = str_replace('_', ' ', $name); $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval($profile_uid)); } else { $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($profile_uid)); } if (count($r)) { $profile = $r[0]['url']; if ($r[0]['network'] === 'stat') { $newname = $r[0]['nick']; $stat = true; if ($r[0]['alias']) { $alias = $r[0]['alias']; } } else { $newname = $r[0]['name']; } if (strlen($inform)) { $inform .= ','; } $inform .= 'cid:' . $r[0]['id']; } } if ($profile) { $body = str_replace('@' . $name, '@' . '[url=' . $profile . ']' . $newname . '[/url]', $body); $profile = str_replace(',', '%2c', $profile); $newtag = '@[url=' . $profile . ']' . $newname . '[/url]'; if (!stristr($str_tags, $newtag)) { if (strlen($str_tags)) { $str_tags .= ','; } $str_tags .= $newtag; } // Status.Net seems to require the numeric ID URL in a mention if the person isn't // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both. if (strlen($alias)) { $newtag = '@[url=' . $alias . ']' . $newname . '[/url]'; if (!stristr($str_tags, $newtag)) { if (strlen($str_tags)) { $str_tags .= ','; } $str_tags .= $newtag; } } } } } } $attachments = ''; $match = false; if (preg_match_all('/(\\[attachment\\]([0-9]+)\\[\\/attachment\\])/', $body, $match)) { foreach ($match[2] as $mtch) { $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($mtch)); if (count($r)) { if (strlen($attachments)) { $attachments .= ','; } $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . ($r[0]['filename'] ? $r[0]['filename'] : '') . '"[/attach]'; } $body = str_replace($match[1], '', $body); } } $wall = 0; if ($post_type === 'wall' || $post_type === 'wall-comment') { $wall = 1; } if (!strlen($verb)) { $verb = ACTIVITY_POST; } $gravity = $parent ? 6 : 0; // even if the post arrived via API we are considering that it // originated on this site by default for determining relayability. $origin = x($_REQUEST, 'origin') ? intval($_REQUEST['origin']) : 1; $notify_type = $parent ? 'comment-new' : 'wall-new'; $uri = item_new_uri($a->get_hostname(), $profile_uid); $datarray = array(); $datarray['uid'] = $profile_uid; $datarray['type'] = $post_type; $datarray['wall'] = $wall; $datarray['gravity'] = $gravity; $datarray['contact-id'] = $contact_id; $datarray['owner-name'] = $contact_record['name']; $datarray['owner-link'] = $contact_record['url']; $datarray['owner-avatar'] = $contact_record['thumb']; $datarray['author-name'] = $author['name']; $datarray['author-link'] = $author['url']; $datarray['author-avatar'] = $author['thumb']; $datarray['created'] = datetime_convert(); $datarray['edited'] = datetime_convert(); $datarray['commented'] = datetime_convert(); $datarray['received'] = datetime_convert(); $datarray['changed'] = datetime_convert(); $datarray['uri'] = $uri; $datarray['title'] = $title; $datarray['body'] = $body; $datarray['app'] = $app; $datarray['location'] = $location; $datarray['coord'] = $coord; $datarray['tag'] = $str_tags; $datarray['inform'] = $inform; $datarray['verb'] = $verb; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private; $datarray['pubmail'] = $pubmail_enable; $datarray['attach'] = $attachments; $datarray['bookmark'] = intval($bookmark); $datarray['thr-parent'] = $thr_parent; $datarray['postopts'] = ''; $datarray['origin'] = $origin; /** * These fields are for the convenience of plugins... * 'self' if true indicates the owner is posting on their own wall * If parent is 0 it is a top-level post. */ $datarray['parent'] = $parent; $datarray['self'] = $self; // $datarray['prvnets'] = $user['prvnets']; if ($orig_post) { $datarray['edit'] = true; } else { $datarray['guid'] = get_guid(); } // preview mode - prepare the body for display and send it via json if ($preview) { require_once 'include/conversation.php'; $o = conversation(&$a, array(array_merge($contact_record, $datarray)), 'search', false, true); echo json_encode(array('preview' => $o)); killme(); } call_hooks('post_local', $datarray); if ($orig_post) { $r = q("UPDATE `item` SET `body` = '%s', `edited` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($body), dbesc(datetime_convert()), intval($post_id), intval($profile_uid)); proc_run('php', "include/notifier.php", 'edit_post', "{$post_id}"); if (x($_POST, 'return') && strlen($return_path)) { logger('return: ' . $return_path); goaway($a->get_baseurl() . "/" . $return_path); } killme(); } else { $post_id = 0; } $r = q("INSERT INTO `item` (`guid`, `uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, \n\t\t`author-name`, `author-link`, `author-avatar`, `created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, \n\t\t`tag`, `inform`, `verb`, `postopts`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark`,`origin` )\n\t\tVALUES( '%s', %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d )", dbesc($datarray['guid']), intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), intval($datarray['gravity']), intval($datarray['contact-id']), dbesc($datarray['owner-name']), dbesc($datarray['owner-link']), dbesc($datarray['owner-avatar']), dbesc($datarray['author-name']), dbesc($datarray['author-link']), dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), dbesc($datarray['commented']), dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), dbesc($datarray['thr-parent']), dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['app']), dbesc($datarray['location']), dbesc($datarray['coord']), dbesc($datarray['tag']), dbesc($datarray['inform']), dbesc($datarray['verb']), dbesc($datarray['postopts']), dbesc($datarray['allow_cid']), dbesc($datarray['allow_gid']), dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), intval($datarray['pubmail']), dbesc($datarray['attach']), intval($datarray['bookmark']), intval($datarray['origin'])); $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($datarray['uri'])); if (count($r)) { $post_id = $r[0]['id']; logger('mod_item: saved item ' . $post_id); if ($parent) { // This item is the last leaf and gets the comment box, clear any ancestors $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ", dbesc(datetime_convert()), intval($parent)); // Inherit ACL's from the parent item. $r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d\n\t\t\t\tWHERE `id` = %d LIMIT 1", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), intval($parent_item['private']), intval($post_id)); if ($contact_record != $author) { notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id, 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item')); } // We won't be able to sign Diaspora comments for authenticated visitors - we don't have their private key if ($self) { require_once 'include/bb2diaspora.php'; $signed_body = html_entity_decode(bb2diaspora($datarray['body'])); $myaddr = $a->user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(), '://') + 3); if ($datarray['verb'] === ACTIVITY_LIKE) { $signed_text = $datarray['guid'] . ';' . 'Post' . ';' . $parent_item['guid'] . ';' . 'true' . ';' . $myaddr; } else { $signed_text = $datarray['guid'] . ';' . $parent_item['guid'] . ';' . $signed_body . ';' . $myaddr; } $authorsig = base64_encode(rsa_sign($signed_text, $a->user['prvkey'], 'sha256')); q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($post_id), dbesc($signed_text), dbesc(base64_encode($authorsig)), dbesc($myaddr)); } } else { $parent = $post_id; if ($contact_record != $author) { notification(array('type' => NOTIFY_WALL, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id, 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item')); } } // fallback so that parent always gets set to non-zero. if (!$parent) { $parent = $post_id; } $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1\n\t\t\tWHERE `id` = %d LIMIT 1", intval($parent), dbesc($parent == $post_id ? $uri : $parent_item['uri']), dbesc($a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id), dbesc(datetime_convert()), intval($post_id)); // photo comments turn the corresponding item visible to the profile wall // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. if (!$parent_item['visible']) { $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d LIMIT 1", intval($parent_item['id'])); } } else { logger('mod_item: unable to retrieve post that was just stored.'); notify(t('System error. Post not saved.')); goaway($a->get_baseurl() . "/" . $return_path); // NOTREACHED } // update the commented timestamp on the parent q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($parent)); $datarray['id'] = $post_id; $datarray['plink'] = $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id; call_hooks('post_local_end', $datarray); if (strlen($emailcc) && $profile_uid == local_user()) { $erecips = explode(',', $emailcc); if (count($erecips)) { foreach ($erecips as $recip) { $addr = trim($recip); if (!strlen($addr)) { continue; } $disclaimer = '<hr />' . sprintf(t('This message was sent to you by %s, a member of the Friendica social network.'), $a->user['username']) . '<br />'; $disclaimer .= sprintf(t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL; $disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL; $subject = '[Friendica]' . ' ' . sprintf(t('%s posted an update.'), $a->user['username']); $headers = 'From: ' . $a->user['username'] . ' <' . $a->user['email'] . '>' . "\n"; $headers .= 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-Type: text/html; charset=UTF-8' . "\n"; $headers .= 'Content-Transfer-Encoding: 8bit' . "\n\n"; $link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />'; $html = prepare_body($datarray); $message = '<html><body>' . $link . $html . $disclaimer . '</body></html>'; @mail($addr, $subject, $message, $headers); } } } // This is a real juggling act on shared hosting services which kill your processes // e.g. dreamhost. We used to start delivery to our native delivery agents in the background // and then run our plugin delivery from the foreground. We're now doing plugin delivery first, // because as soon as you start loading up a bunch of remote delivey processes, *this* page is // likely to get killed off. If you end up looking at an /item URL and a blank page, // it's very likely the delivery got killed before all your friends could be notified. // Currently the only realistic fixes are to use a reliable server - which precludes shared hosting, // or cut back on plugins which do remote deliveries. proc_run('php', "include/notifier.php", $notify_type, "{$post_id}"); logger('post_complete'); // figure out how to return, depending on from whence we came if ($api_source) { return; } if ($return_path) { goaway($a->get_baseurl() . "/" . $return_path); } $json = array('success' => 1); if (x($_POST, 'jsreload') && strlen($_POST['jsreload'])) { $json['reload'] = $a->get_baseurl() . '/' . $_POST['jsreload']; } logger('post_json: ' . print_r($json, true), LOGGER_DEBUG); echo json_encode($json); killme(); // NOTREACHED }
function photos_post(&$a) { logger('mod-photos: photos_post: begin', LOGGER_DEBUG); logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA); $can_post = false; $visitor = 0; $page_owner_uid = $a->data['user']['uid']; $community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $page_owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($page_owner_uid)); if (count($r)) { $can_post = true; $visitor = remote_user(); } } } if (!$can_post) { notice(t('Permission denied.') . EOL); killme(); } $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid` \n\t\tWHERE `user`.`uid` = %d AND `self` = 1 LIMIT 1", intval($page_owner_uid)); if (!count($r)) { notice(t('Contact information unavailable') . EOL); logger('photos_post: unable to locate contact record for page owner. uid=' . $page_owner_uid); killme(); } $owner_record = $r[0]; if ($a->argc > 3 && $a->argv[2] === 'album') { $album = hex2bin($a->argv[3]); if ($album === t('Profile Photos') || $album === 'Contact Photos' || $album === t('Contact Photos')) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' AND `uid` = %d", dbesc($album), intval($page_owner_uid)); if (!count($r)) { notice(t('Album not found.') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $newalbum = notags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' AND `uid` = %d", dbesc($newalbum), dbesc($album), intval($page_owner_uid)); $newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']); goaway($a->get_baseurl() . '/' . $newurl); return; // NOTREACHED } if ($_POST['dropalbum'] == t('Delete Album')) { $res = array(); // get the list of photos we are about to delete if ($visitor) { $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `album` = '%s'", intval($visitor), intval($page_owner_uid), dbesc($album)); } else { $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", intval(local_user()), dbesc($album)); } if (count($r)) { foreach ($r as $rr) { $res[] = "'" . dbesc($rr['rid']) . "'"; } } else { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $str_res = implode(',', $res); // remove the associated photos q("DELETE FROM `photo` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid)); // find and delete the corresponding item with all the comments and likes/dislikes $r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( {$str_res} ) AND `uid` = %d", intval($page_owner_uid)); if (count($r)) { foreach ($r as $rr) { q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc($rr['parent-uri']), intval($page_owner_uid)); $drop_id = intval($rr['id']); // send the notification upstream/downstream as the case may be if ($rr['visible']) { proc_run('php', "include/notifier.php", "drop", "{$drop_id}"); } } } } goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']); return; // NOTREACHED } if ($a->argc > 2 && x($_POST, 'delete') && $_POST['delete'] == t('Delete Photo')) { // same as above but remove single photo if ($visitor) { $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval($visitor), intval($page_owner_uid), dbesc($a->argv[2])); } else { $r = q("SELECT `id`, `resource-id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' LIMIT 1", intval(local_user()), dbesc($a->argv[2])); } if (count($r)) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource-id'])); $i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($r[0]['resource-id']), intval($page_owner_uid)); if (count($i)) { q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['uri']), intval($page_owner_uid)); $url = $a->get_baseurl(); $drop_id = intval($i[0]['id']); if ($i[0]['visible']) { proc_run('php', "include/notifier.php", "drop", "{$drop_id}"); } } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) { $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : ''; $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : ''; $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0; $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : ''; $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $resource_id = $a->argv[2]; if (!strlen($albname)) { $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'); } if (x($_POST, 'rotate') !== false && intval($_POST['rotate']) == 1) { logger('rotate'); $r = q("select * from photo where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid)); if (count($r)) { $ph = new Photo($r[0]['data']); if ($ph->is_valid()) { $ph->rotate(270); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 640 || $height > 640) { $ph->scaleImage(640); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 1 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource-id` = '%s' and uid = %d and scale = 2 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } } } } $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid)); if (count($p)) { $r = q("UPDATE `photo` SET `desc` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource-id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid)); } /* Don't make the item visible if the only change was the album name */ $visibility = 0; if ($p[0]['desc'] !== $desc || strlen($rawtags)) { $visibility = 1; } if (!$item_id) { // Create item container $title = ''; $uri = item_new_uri($a->get_hostname(), $page_owner_uid); $arr = array(); $arr['uid'] = $page_owner_uid; $arr['uri'] = $uri; $arr['parent-uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; $arr['resource-id'] = $p[0]['resource-id']; $arr['contact-id'] = $owner_record['id']; $arr['owner-name'] = $owner_record['name']; $arr['owner-link'] = $owner_record['url']; $arr['owner-avatar'] = $owner_record['thumb']; $arr['author-name'] = $owner_record['name']; $arr['author-link'] = $owner_record['url']; $arr['author-avatar'] = $owner_record['thumb']; $arr['title'] = $title; $arr['allow_cid'] = $p[0]['allow_cid']; $arr['allow_gid'] = $p[0]['allow_gid']; $arr['deny_cid'] = $p[0]['deny_cid']; $arr['deny_gid'] = $p[0]['deny_gid']; $arr['last-child'] = 1; $arr['visible'] = $visibility; $arr['origin'] = 1; $arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]' . '[/url]'; $item_id = item_store($arr); } if ($item_id) { $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid)); } if (count($r)) { $old_tag = $r[0]['tag']; $old_inform = $r[0]['inform']; } if (strlen($rawtags)) { $str_tags = ''; $inform = ''; // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a hashtag $x = substr($rawtags, 0, 1); if ($x !== '@' && $x !== '#') { $rawtags = '#' . $rawtags; } $taginfo = array(); $tags = get_tags($rawtags); if (count($tags)) { foreach ($tags as $tag) { if (isset($profile)) { unset($profile); } if (strpos($tag, '@') === 0) { $name = substr($tag, 1); if (strpos($name, '@') || strpos($name, 'http://')) { $newname = $name; $links = @lrdd($name); if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $profile = $link['@attributes']['href']; } if ($link['@attributes']['rel'] === 'salmon') { $salmon = '$url:' . str_replace(',', '%sc', $link['@attributes']['href']); if (strlen($inform)) { $inform .= ','; } $inform .= $salmon; } } } $taginfo[] = array($newname, $profile, $salmon); } else { $newname = $name; $alias = ''; $tagcid = 0; if (strrpos($newname, '+')) { $tagcid = intval(substr($newname, strrpos($newname, '+') + 1)); } if ($tagcid) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($tagcid), intval($profile_uid)); } elseif (strstr($name, '_') || strstr($name, ' ')) { $newname = str_replace('_', ' ', $name); $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval($page_owner_uid)); } else { $r = q("SELECT * FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1", dbesc($name), dbesc($name), intval($page_owner_uid)); } if (count($r)) { $newname = $r[0]['name']; $profile = $r[0]['url']; $notify = 'cid:' . $r[0]['id']; if (strlen($inform)) { $inform .= ','; } $inform .= $notify; } } if ($profile) { if (substr($notify, 0, 4) === 'cid:') { $taginfo[] = array($newname, $profile, $notify, $r[0], '@[url=' . str_replace(',', '%2c', $profile) . ']' . $newname . '[/url]'); } else { $taginfo[] = array($newname, $profile, $notify, null, $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'); } if (strlen($str_tags)) { $str_tags .= ','; } $profile = str_replace(',', '%2c', $profile); $str_tags .= '@[url=' . $profile . ']' . $newname . '[/url]'; } } } } $newtag = $old_tag; if (strlen($newtag) && strlen($str_tags)) { $newtag .= ','; } $newtag .= $str_tags; $newinform = $old_inform; if (strlen($newinform) && strlen($inform)) { $newinform .= ','; } $newinform .= $inform; $r = q("UPDATE `item` SET `tag` = '%s', `inform` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($newtag), dbesc($newinform), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($item_id), intval($page_owner_uid)); $best = 0; foreach ($p as $scales) { if (intval($scales['scale']) == 2) { $best = 2; break; } if (intval($scales['scale']) == 4) { $best = 4; break; } } if (count($taginfo)) { foreach ($taginfo as $tagged) { $uri = item_new_uri($a->get_hostname(), $page_owner_uid); $arr = array(); $arr['uid'] = $page_owner_uid; $arr['uri'] = $uri; $arr['parent-uri'] = $uri; $arr['type'] = 'activity'; $arr['wall'] = 1; $arr['contact-id'] = $owner_record['id']; $arr['owner-name'] = $owner_record['name']; $arr['owner-link'] = $owner_record['url']; $arr['owner-avatar'] = $owner_record['thumb']; $arr['author-name'] = $owner_record['name']; $arr['author-link'] = $owner_record['url']; $arr['author-avatar'] = $owner_record['thumb']; $arr['title'] = ''; $arr['allow_cid'] = $p[0]['allow_cid']; $arr['allow_gid'] = $p[0]['allow_gid']; $arr['deny_cid'] = $p[0]['deny_cid']; $arr['deny_gid'] = $p[0]['deny_gid']; $arr['last-child'] = 1; $arr['visible'] = 1; $arr['verb'] = ACTIVITY_TAG; $arr['object-type'] = ACTIVITY_OBJ_PERSON; $arr['target-type'] = ACTIVITY_OBJ_PHOTO; $arr['tag'] = $tagged[4]; $arr['inform'] = $tagged[2]; $arr['origin'] = 1; $arr['body'] = '[url=' . $tagged[1] . ']' . $tagged[0] . '[/url]' . ' ' . t('was tagged in a') . ' ' . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . t('photo') . '[/url]' . ' ' . t('by') . ' ' . '[url=' . $owner_record['url'] . ']' . $owner_record['name'] . '[/url]'; $arr['body'] .= "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '[/img][/url]' . "\n"; $arr['object'] = '<object><type>' . ACTIVITY_OBJ_PERSON . '</type><title>' . $tagged[0] . '</title><id>' . $tagged[1] . '/' . $tagged[0] . '</id>'; $arr['object'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $tagged[1] . '" />' . "\n"); if ($tagged[3]) { $arr['object'] .= xmlify('<link rel="photo" type="image/jpeg" href="' . $tagged[3]['photo'] . '" />' . "\n"); } $arr['object'] .= '</link></object>' . "\n"; $arr['target'] = '<target><type>' . ACTIVITY_OBJ_PHOTO . '</type><title>' . $p[0]['desc'] . '</title><id>' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '</id>'; $arr['target'] .= '<link>' . xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $p[0]['resource-id'] . '" />' . "\n" . '<link rel="preview" type="image/jpeg" href="' . $a->get_baseurl() . "/photo/" . $p[0]['resource-id'] . '-' . $best . '.jpg' . '" />') . '</link></target>'; $item_id = item_store($arr); if ($item_id) { q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id), intval($page_owner_uid), intval($item_id)); proc_run('php', "include/notifier.php", "tag", "{$item_id}"); } } } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } /** * default post action - upload a photo */ call_hooks('photo_post_init', $_POST); /** * Determine the album to use */ $album = notags(trim($_REQUEST['album'])); $newalbum = notags(trim($_REQUEST['newalbum'])); logger('mod/photos.php: photos_post(): album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG); if (!strlen($album)) { if (strlen($newalbum)) { $album = $newalbum; } else { $album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'); } } /** * * We create a wall item for every photo, but we don't want to * overwhelm the data stream with a hundred newly uploaded photos. * So we will make the first photo uploaded to this album in the last several hours * visible by default, the rest will become visible over time when and if * they acquire comments, likes, dislikes, and/or tags * */ $r = q("SELECT * FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `created` > UTC_TIMESTAMP() - INTERVAL 3 HOUR ", dbesc($album), intval($page_owner_uid)); if (!count($r) || $album == t('Profile Photos')) { $visible = 1; } else { $visible = 0; } if (intval($_REQUEST['not_visible']) || $_REQUEST['not_visible'] === 'true') { $visible = 0; } $str_group_allow = perms2str(is_array($_REQUEST['group_allow']) ? $_REQUEST['group_allow'] : explode(',', $_REQUEST['group_allow'])); $str_contact_allow = perms2str(is_array($_REQUEST['contact_allow']) ? $_REQUEST['contact_allow'] : explode(',', $_REQUEST['contact_allow'])); $str_group_deny = perms2str(is_array($_REQUEST['group_deny']) ? $_REQUEST['group_deny'] : explode(',', $_REQUEST['group_deny'])); $str_contact_deny = perms2str(is_array($_REQUEST['contact_deny']) ? $_REQUEST['contact_deny'] : explode(',', $_REQUEST['contact_deny'])); $ret = array('src' => '', 'filename' => '', 'filesize' => 0); call_hooks('photo_post_file', $ret); if (x($ret, 'src') && x($ret, 'filesize')) { $src = $ret['src']; $filename = $ret['filename']; $filesize = $ret['filesize']; } else { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); } logger('photos: upload: received file: ' . $filename . ' as ' . $src . ' ' . $filesize . ' bytes', LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { notice(t('Image exceeds size limit of ') . $maximagesize . EOL); @unlink($src); $foo = 0; call_hooks('photo_post_end', $foo); return; } if (!$filesize) { notice(t('Image file is empty.') . EOL); @unlink($src); $foo = 0; call_hooks('photo_post_end', $foo); return; } logger('mod/photos.php: photos_post(): loading the contents of ' . $src, LOGGER_DEBUG); $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); if (!$ph->is_valid()) { logger('mod/photos.php: photos_post(): unable to process image', LOGGER_DEBUG); notice(t('Unable to process image.') . EOL); @unlink($src); $foo = 0; call_hooks('photo_post_end', $foo); killme(); } @unlink($src); $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = photo_new_resource(); $r = $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 0, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if (!$r) { logger('mod/photos.php: photos_post(): image store failed', LOGGER_DEBUG); notice(t('Image upload failed.') . EOL); killme(); } if ($width > 640 || $height > 640) { $ph->scaleImage(640); $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $ph->store($page_owner_uid, $visitor, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } $basename = basename($filename); $uri = item_new_uri($a->get_hostname(), $page_owner_uid); // Create item container $arr = array(); $arr['uid'] = $page_owner_uid; $arr['uri'] = $uri; $arr['parent-uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; $arr['resource-id'] = $photo_hash; $arr['contact-id'] = $owner_record['id']; $arr['owner-name'] = $owner_record['name']; $arr['owner-link'] = $owner_record['url']; $arr['owner-avatar'] = $owner_record['thumb']; $arr['author-name'] = $owner_record['name']; $arr['author-link'] = $owner_record['url']; $arr['author-avatar'] = $owner_record['thumb']; $arr['title'] = ''; $arr['allow_cid'] = $str_contact_allow; $arr['allow_gid'] = $str_group_allow; $arr['deny_cid'] = $str_contact_deny; $arr['deny_gid'] = $str_group_deny; $arr['last-child'] = 1; $arr['visible'] = $visible; $arr['origin'] = 1; $arr['body'] = '[url=' . $a->get_baseurl() . '/photos/' . $owner_record['nickname'] . '/image/' . $photo_hash . ']' . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]' . '[/url]'; $item_id = item_store($arr); if ($item_id) { q("UPDATE `item` SET `plink` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($a->get_baseurl() . '/display/' . $owner_record['nickname'] . '/' . $item_id), intval($page_owner_uid), intval($item_id)); } if ($visible) { proc_run('php', "include/notifier.php", 'wall-new', $item_id); } call_hooks('photo_post_end', intval($item_id)); // addon uploaders should call "killme()" [e.g. exit] within the photo_post_end hook // if they do not wish to be redirected goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); // NOTREACHED }
/** * @brief Activity for files. * * @param int $channel_id * @param array $object * @param string $allow_cid * @param string $allow_gid * @param string $deny_cid * @param string $deny_gid * @param string $verb * @param boolean $no_activity */ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $verb, $notify) { require_once 'include/items.php'; $poster = get_app()->get_observer(); //if we got no object something went wrong if (!$object) { return; } //turn strings into arrays $arr_allow_cid = expand_acl($allow_cid); $arr_allow_gid = expand_acl($allow_gid); $arr_deny_cid = expand_acl($deny_cid); $arr_deny_gid = expand_acl($deny_gid); //filter out receivers which do not have permission to view filestorage $arr_allow_cid = check_list_permissions($channel_id, $arr_allow_cid, 'view_storage'); $is_dir = intval($object['is_dir']) ? true : false; //do not send activity for folders for now if ($is_dir) { return; } //check for recursive perms if we are in a folder if ($object['folder']) { $folder_hash = $object['folder']; $r_perms = recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny_cid, $arr_deny_gid, $folder_hash); //split up returned perms $arr_allow_cid = $r_perms['allow_cid']; $arr_allow_gid = $r_perms['allow_gid']; $arr_deny_cid = $r_perms['deny_cid']; $arr_deny_gid = $r_perms['deny_gid']; //filter out receivers which do not have permission to view filestorage $arr_allow_cid = check_list_permissions($channel_id, $arr_allow_cid, 'view_storage'); } $mid = item_message_id(); $arr = array(); $arr['item_wall'] = 1; $arr['item_origin'] = 1; $arr['item_unseen'] = 1; $objtype = ACTIVITY_OBJ_FILE; $private = $arr_allow_cid[0] || $arr_allow_gid[0] || $arr_deny_cid[0] || $arr_deny_gid[0] ? 1 : 0; $jsonobject = json_encode($object); //check if item for this object exists $y = q("SELECT mid FROM item WHERE verb = '%s' AND obj_type = '%s' AND resource_id = '%s' AND uid = %d LIMIT 1", dbesc(ACTIVITY_POST), dbesc($objtype), dbesc($object['hash']), intval(local_channel())); if ($y) { $update = true; $object['d_mid'] = $y[0]['mid']; //attach mid of the old object $u_jsonobject = json_encode($object); //we have got the relevant info - delete the old item before we create the new one $z = q("DELETE FROM item WHERE obj_type = '%s' AND verb = '%s' AND mid = '%s'", dbesc(ACTIVITY_OBJ_FILE), dbesc(ACTIVITY_POST), dbesc($y[0]['mid'])); } if ($update && $verb == 'post') { //send update activity and create a new one //updates should be sent to everybody with recursive perms and all eventual former allowed members ($object['allow_cid'] etc.). $u_arr_allow_cid = array_unique(array_merge($arr_allow_cid, expand_acl($object['allow_cid']))); $u_arr_allow_gid = array_unique(array_merge($arr_allow_gid, expand_acl($object['allow_gid']))); $u_arr_deny_cid = array_unique(array_merge($arr_deny_cid, expand_acl($object['deny_cid']))); $u_arr_deny_gid = array_unique(array_merge($arr_deny_gid, expand_acl($object['deny_gid']))); $u_mid = item_message_id(); $arr['aid'] = get_account_id(); $arr['uid'] = $channel_id; $arr['mid'] = $u_mid; $arr['parent_mid'] = $u_mid; $arr['author_xchan'] = $poster['xchan_hash']; $arr['owner_xchan'] = $poster['xchan_hash']; $arr['title'] = ''; //updates should be visible to everybody -> perms may have changed $arr['allow_cid'] = ''; $arr['allow_gid'] = ''; $arr['deny_cid'] = ''; $arr['deny_gid'] = ''; $arr['item_hidden'] = 1; $arr['item_private'] = 0; $arr['verb'] = ACTIVITY_UPDATE; $arr['obj_type'] = $objtype; $arr['object'] = $u_jsonobject; $arr['resource_id'] = $object['hash']; $arr['resource_type'] = 'attach'; $arr['body'] = ''; $post = item_store($arr); $item_id = $post['item_id']; if ($item_id) { proc_run('php', "include/notifier.php", "activity", $item_id); } call_hooks('post_local_end', $arr); $update = false; //notice( t('File activity updated') . EOL); } if (!$notify) { return; } $arr = array(); $arr['aid'] = get_account_id(); $arr['uid'] = $channel_id; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_wall'] = 1; $arr['item_origin'] = 1; $arr['item_unseen'] = 1; $arr['author_xchan'] = $poster['xchan_hash']; $arr['owner_xchan'] = $poster['xchan_hash']; $arr['title'] = ''; $arr['allow_cid'] = perms2str($arr_allow_cid); $arr['allow_gid'] = perms2str($arr_allow_gid); $arr['deny_cid'] = perms2str($arr_deny_cid); $arr['deny_gid'] = perms2str($arr_deny_gid); $arr['item_hidden'] = 1; $arr['item_private'] = $private; $arr['verb'] = $update ? ACTIVITY_UPDATE : ACTIVITY_POST; $arr['obj_type'] = $objtype; $arr['resource_id'] = $object['hash']; $arr['resource_type'] = 'attach'; $arr['object'] = $update ? $u_jsonobject : $jsonobject; $arr['body'] = ''; $post = item_store($arr); $item_id = $post['item_id']; if ($item_id) { proc_run('php', "include/notifier.php", "activity", $item_id); } call_hooks('post_local_end', $arr); //(($verb === 'post') ? notice( t('File activity posted') . EOL) : notice( t('File activity dropped') . EOL)); return; }
function events_post(&$a) { logger('post: ' . print_r($_REQUEST, true)); if (!local_channel()) { return; } $event_id = x($_POST, 'event_id') ? intval($_POST['event_id']) : 0; $event_hash = x($_POST, 'event_hash') ? $_POST['event_hash'] : ''; $xchan = x($_POST, 'xchan') ? dbesc($_POST['xchan']) : ''; $uid = local_channel(); $start_text = escape_tags($_REQUEST['start_text']); $finish_text = escape_tags($_REQUEST['finish_text']); $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); $categories = escape_tags(trim($_POST['category'])); // only allow editing your own events. if ($xchan && $xchan !== get_observer_hash()) { return; } // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; if ($start_text) { $start = $start_text; } else { $start = sprintf('%d-%d-%d %d:%d:0', $startyear, $startmonth, $startday, $starthour, $startminute); } if ($nofinish) { $finish = NULL_DATE; } if ($finish_text) { $finish = $finish_text; } else { $finish = sprintf('%d-%d-%d %d:%d:0', $finishyear, $finishmonth, $finishday, $finishhour, $finishminute); } if ($adjust) { $start = datetime_convert(date_default_timezone_get(), 'UTC', $start); if (!$nofinish) { $finish = datetime_convert(date_default_timezone_get(), 'UTC', $finish); } } else { $start = datetime_convert('UTC', 'UTC', $start); if (!$nofinish) { $finish = datetime_convert('UTC', 'UTC', $finish); } } // Don't allow the event to finish before it begins. // It won't hurt anything, but somebody will file a bug report // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. $summary = escape_tags(trim($_POST['summary'])); $desc = escape_tags(trim($_POST['desc'])); $location = escape_tags(trim($_POST['location'])); $type = 'event'; require_once 'include/text.php'; linkify_tags($a, $desc, local_channel()); linkify_tags($a, $location, local_channel()); $action = $event_hash == '' ? 'new' : "event/" . $event_hash; $onerror_url = $a->get_baseurl() . "/events/" . $action . "?summary={$summary}&description={$desc}&location={$location}&start={$start_text}&finish={$finish_text}&adjust={$adjust}&nofinish={$nofinish}"; if (strcmp($finish, $start) < 0 && !$nofinish) { notice(t('Event can not end before it has started.') . EOL); if (intval($_REQUEST['preview'])) { echo t('Unable to generate preview.'); killme(); } goaway($onerror_url); } if (!$summary || !$start) { notice(t('Event title and start time are required.') . EOL); if (intval($_REQUEST['preview'])) { echo t('Unable to generate preview.'); killme(); } goaway($onerror_url); } $share = intval($_POST['share']) ? intval($_POST['share']) : 0; $channel = $a->get_channel(); if ($event_id) { $x = q("select * from event where id = %d and uid = %d limit 1", intval($event_id), intval(local_channel())); if (!$x) { notice(t('Event not found.') . EOL); if (intval($_REQUEST['preview'])) { echo t('Unable to generate preview.'); killme(); } return; } if ($x[0]['allow_cid'] === '<' . $channel['channel_hash'] . '>' && $x[0]['allow_gid'] === '' && $x[0]['deny_cid'] === '' && $x[0]['deny_gid'] === '') { $share = false; } else { $share = true; $str_group_allow = $x[0]['allow_gid']; $str_contact_allow = $x[0]['allow_cid']; $str_group_deny = $x[0]['deny_gid']; $str_contact_deny = $x[0]['deny_cid']; if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) { $private_event = true; } } } else { if ($share) { $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) { $private_event = true; } } else { $str_contact_allow = '<' . $channel['channel_hash'] . '>'; $str_group_allow = $str_contact_deny = $str_group_deny = ''; $private_event = true; } } $post_tags = array(); $channel = $a->get_channel(); if (strlen($categories)) { $cats = explode(',', $categories); foreach ($cats as $cat) { $post_tags[] = array('uid' => $profile_uid, 'type' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $channel['xchan_url'] . '?f=&cat=' . urlencode(trim($cat))); } } $datarray = array(); $datarray['start'] = $start; $datarray['finish'] = $finish; $datarray['summary'] = $summary; $datarray['description'] = $desc; $datarray['location'] = $location; $datarray['type'] = $type; $datarray['adjust'] = $adjust; $datarray['nofinish'] = $nofinish; $datarray['uid'] = local_channel(); $datarray['account'] = get_account_id(); $datarray['event_xchan'] = $channel['channel_hash']; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private_event ? 1 : 0; $datarray['id'] = $event_id; $datarray['created'] = $created; $datarray['edited'] = $edited; if (intval($_REQUEST['preview'])) { $html = format_event_html($datarray); echo $html; killme(); } $event = event_store_event($datarray); if ($post_tags) { $datarray['term'] = $post_tags; } $item_id = event_store_item($datarray, $event); if ($share) { proc_run('php', "include/notifier.php", "event", "{$item_id}"); } }
/** * @brief * * @param array $channel * @param array $observer * @param array $args * @return array */ function photo_upload($channel, $observer, $args) { $ret = array('success' => false); $channel_id = $channel['channel_id']; $account_id = $channel['channel_account_id']; if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'post_photos')) { $ret['message'] = t('Permission denied.'); return $ret; } call_hooks('photo_upload_begin', $args); /* * Determine the album to use */ $album = $args['album']; $newalbum = $args['newalbum']; logger('photo_upload: album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG); if (!$album) { if ($newalbum) { $album = $newalbum; } else { $album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m'); } } if (intval($args['visible']) || $args['visible'] === 'true') { $visible = 1; } else { $visible = 0; } $str_group_allow = perms2str(is_array($args['group_allow']) ? $args['group_allow'] : explode(',', $args['group_allow'])); $str_contact_allow = perms2str(is_array($args['contact_allow']) ? $args['contact_allow'] : explode(',', $args['contact_allow'])); $str_group_deny = perms2str(is_array($args['group_deny']) ? $args['group_deny'] : explode(',', $args['group_deny'])); $str_contact_deny = perms2str(is_array($args['contact_deny']) ? $args['contact_deny'] : explode(',', $args['contact_deny'])); if ($args['data']) { // allow an import from a binary string representing the image. // This bypasses the upload step and max size limit checking $imagedata = $args['data']; $filename = $args['filename']; $filesize = strlen($imagedata); // this is going to be deleted if it exists $src = '/tmp/deletemenow'; $type = $args['type']; } else { $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => ''); call_hooks('photo_upload_file', $f); if (x($f, 'src') && x($f, 'filesize')) { $src = $f['src']; $filename = $f['filename']; $filesize = $f['filesize']; $type = $f['type']; } else { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $type = $_FILES['userfile']['type']; } if (!$type) { $type = guess_image_type($filename); } logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } if (!$filesize) { $ret['message'] = t('Image file is empty.'); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG); $imagedata = @file_get_contents($src); } $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id)); $limit = service_class_fetch($channel_id, 'photo_upload_limit'); if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $ret['message'] = upgrade_message(); @unlink($src); call_hooks('photo_post_end', $ret); return $ret; } $ph = photo_factory($imagedata, $type); if (!$ph->is_valid()) { $ret['message'] = t('Unable to process image'); logger('photo_upload: unable to process image'); @unlink($src); call_hooks('photo_upload_end', $ret); return $ret; } $exif = $ph->orient($src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); } $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource(); $visitor = ''; if ($channel['channel_hash'] !== $observer['xchan_hash']) { $visitor = $observer['xchan_hash']; } $errors = false; $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_flags' => PHOTO_NORMAL, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny); if ($args['created']) { $p['created'] = $args['created']; } if ($args['edited']) { $p['edited'] = $args['edited']; } if ($args['title']) { $p['title'] = $args['title']; } if ($args['description']) { $p['description'] = $args['description']; } $r1 = $ph->save($p); if (!$r1) { $errors = true; } if (($width > 640 || $height > 640) && !$errors) { $ph->scaleImage(640); $p['scale'] = 1; $r2 = $ph->save($p); $smallest = 1; if (!$r2) { $errors = true; } } if (($width > 320 || $height > 320) && !$errors) { $ph->scaleImage(320); $p['scale'] = 2; $r3 = $ph->save($p); $smallest = 2; if (!$r3) { $errors = true; } } if ($errors) { q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id)); $ret['message'] = t('Photo storage failed.'); logger('photo_upload: photo store failed.'); call_hooks('photo_upload_end', $ret); return $ret; } // This will be the width and height of the smallest representation $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight(); $mid = item_message_id(); // Create item container $lat = $lon = null; if ($exif && $exif['GPS']) { if (feature_enabled($channel_id, 'photo_location')) { $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']); $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']); } } $item_flags = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP; $item_restrict = $visible ? ITEM_VISIBLE : ITEM_HIDDEN; $title = ''; $mid = item_message_id(); $arr = array(); if ($lat && $lon) { $arr['coord'] = $lat . ' ' . $lon; } $arr['aid'] = $account_id; $arr['uid'] = $channel_id; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_flags'] = $item_flags; $arr['item_restrict'] = $item_restrict; $arr['resource_type'] = 'photo'; $arr['resource_id'] = $photo_hash; $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['title'] = $title; $arr['allow_cid'] = $str_contact_allow; $arr['allow_gid'] = $str_group_allow; $arr['deny_cid'] = $str_contact_deny; $arr['deny_gid'] = $str_group_deny; $arr['verb'] = ACTIVITY_POST; $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; // We should also put a width_x_height on large photos. Left as an exercise for // devs looking fo simple stuff to fix. $larger = feature_enabled($channel['channel_id'], 'large_photos'); if ($larger) { $tag = '[zmg]'; if ($r2) { $smallest = 1; } else { $smallest = 0; } } else { if ($width_x_height) { $tag = '[zmg=' . $width_x_height . ']'; } else { $tag = '[zmg]'; } } $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]'; $result = item_store($arr); $item_id = $result['item_id']; if ($visible) { proc_run('php', "include/notifier.php", 'wall-new', $item_id); } $ret['success'] = true; $ret['item'] = $arr; $ret['body'] = $arr['body']; $ret['resource_id'] = $photo_hash; $ret['photoitem_id'] = $item_id; call_hooks('photo_upload_end', $ret); return $ret; }
function photos_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); killme(); } $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `user`.`uid` = 1 WHERE `self` = 1 LIMIT 1"); $contact_record = $r[0]; if ($a->argc > 2 && $a->argv[1] == 'album') { $album = hex2bin($a->argv[2]); if ($album == t('Profile Photos') || $album == t('Contact Photos')) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $r = q("SELECT count(*) FROM `photo` WHERE `album` = '%s' ", dbesc($album)); if (!count($r)) { notice(t('Album not found.') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $newalbum = notags(trim($_POST['albumname'])); if ($newalbum != $album) { q("UPDATE `photo` SET `album` = '%s' WHERE `album` = '%s' ", dbesc($newalbum), dbesc($album)); $newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']); goaway($a->get_baseurl() . '/' . $newurl); return; // NOTREACHED } if ($_POST['dropalbum'] == t('Delete Album')) { $res = array(); $r = q("SELECT distinct(`resource-id`) as `rid` FROM `photo` WHERE `album` = '%s'", dbesc($album)); if (count($r)) { foreach ($r as $rr) { $res[] = "'" . dbesc($rr['rid']) . "'"; } } else { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } $str_res = implode(',', $res); q("DELETE FROM `photo` WHERE `resource-id` IN ( {$str_res} ) "); $r = q("SELECT `parent-uri` FROM `item` WHERE `resource-id` IN ( {$str_res} ) "); if (count($r)) { foreach ($r as $rr) { q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `parent-uri` = '%s' ", dbesc(datetime_convert()), dbesc($rr['parent-uri'])); $drop_id = intval($rr['id']); $php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php'; // send the notification upstream/downstream as the case may be if ($rr['visible']) { proc_close(proc_open("\"{$php_path}\" \"include/notifier.php\" \"drop\" \"{$drop_id}\" & ", array(), $foo)); } } } } goaway($a->get_baseurl() . '/photos/' . $a->data['user']['nickname']); return; // NOTREACHED } if ($a->argc > 1 && x($_POST, 'delete') && $_POST['delete'] == t('Delete Photo')) { $r = q("SELECT `id` FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", dbesc($a->argv[1])); if (count($r)) { q("DELETE FROM `photo` WHERE `resource-id` = '%s'", dbesc($r[0]['resource-id'])); $i = q("SELECT * FROM `item` WHERE `resource-id` = '%s' LIMIT 1", dbesc($r[0]['resource-id'])); if (count($i)) { q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s' WHERE `parent-uri` = '%s' ", dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['uri'])); $drop_id = intval($i[0]['id']); $php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php'; // send the notification upstream/downstream as the case may be if ($i[0]['visible']) { proc_close(proc_open("\"{$php_path}\" \"include/notifier.php\" \"drop\" \"{$drop_id}\" & ", array(), $foo)); } } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } if ($a->argc > 1 && x($_POST, 'desc') !== false) { $desc = notags(trim($_POST['desc'])); $tags = notags(trim($_POST['tags'])); $item_id = intval($_POST['item_id']); $resource_id = $a->argv[1]; $p = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' ORDER BY `scale` DESC", dbesc($resource_id)); if (count($r)) { $r = q("UPDATE `photo` SET `desc` = '%s' WHERE `resource-id` = '%s' ", dbesc($desc), dbesc($resource_id)); } if (!$item_id) { $title = ''; $basename = basename($filename); // Create item container $body = '[url=' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $p[0]['resource-id'] . ']' . '[img]' . $a->get_baseurl() . '/photo/' . $p[0]['resource-id'] . '-' . $p[0]['scale'] . '.jpg' . '[/img]' . '[/url]'; $uri = item_new_uri($a->get_hostname(), get_uid()); $r = q("INSERT INTO `item` (`type`, `wall`, `resource-id`, `contact-id`,\n\t\t\t\t`owner-name`,`owner-link`,`owner-avatar`, `created`,\n\t\t\t\t`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)\n\t\t\t\tVALUES( '%s', %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", dbesc('photo'), intval(1), dbesc($p[0]['resource-id']), intval($contact_record['id']), dbesc($contact_record['name']), dbesc($contact_record['url']), dbesc($contact_record['thumb']), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($uri), dbesc($uri), dbesc($title), dbesc($body), dbesc($p[0]['allow_cid']), dbesc($p[0]['allow_gid']), dbesc($p[0]['deny_cid']), dbesc($p[0]['deny_gid'])); if ($r) { $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($uri)); if (count($r)) { $item_id = $r[0]['id']; } q("UPDATE `item` SET `parent` = %d, `last-child` = 1 WHERE `id` = %d LIMIT 1", intval($r[0]['id']), intval($r[0]['id'])); } } $r = q("UPDATE `item` SET `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1", dbesc($tags), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($item_id)); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } if (!x($_FILES, 'userfile')) { killme(); } if ($_POST['partitionCount']) { $java_upload = true; } else { $java_upload = false; } $album = notags(trim($_POST['album'])); $newalbum = notags(trim($_POST['newalbum'])); if (!strlen($album)) { if (strlen($newalbum)) { $album = $newalbum; } else { $album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'); } } $r = q("SELECT * FROM `photo` WHERE `album` = '%s' ", dbesc($album)); if (!count($r) || $album == t('Profile Photos')) { $visible = 1; } else { $visibile = 0; } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $imagedata = @file_get_contents($src); $ph = new Photo($imagedata); if (!($image = $ph->getImage())) { notice(t('Unable to process image.') . EOL); @unlink($src); killme(); } @unlink($src); $width = $ph->getWidth(); $height = $ph->getHeight(); $smallest = 0; $photo_hash = hash('md5', uniqid(mt_rand(), true)); $r = $ph->store(0, $photo_hash, $filename, $album, 0, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); if (!$r) { notice(t('Image upload failed.') . EOL); killme(); } if ($width > 640 || $height > 640) { $ph->scaleImage(640); $ph->store(0, $photo_hash, $filename, $album, 1, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 1; } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $ph->store(0, $photo_hash, $filename, $album, 2, 0, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); $smallest = 2; } $basename = basename($filename); // Create item container $body = '[url=' . $a->get_baseurl() . '/photos/' . $contact_record['nickname'] . '/image/' . $photo_hash . ']' . '[img]' . $a->get_baseurl() . "/photo/{$photo_hash}-{$smallest}.jpg" . '[/img]' . '[/url]'; $uri = item_new_uri($a->get_hostname(), get_uid()); $r = q("INSERT INTO `item` (`type`, `wall`, `resource-id`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`,\n\t\t`edited`, `changed`, `uri`, `parent-uri`, `title`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `visible`)\n\t\tVALUES( '%s', %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )", dbesc('photo'), intval(1), dbesc($photo_hash), intval($contact_record['id']), dbesc($contact_record['name']), dbesc($contact_record['url']), dbesc($contact_record['thumb']), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($uri), dbesc($uri), dbesc($title), dbesc($body), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($visible)); if ($r) { $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($uri)); if (count($r)) { q("UPDATE `item` SET `parent` = %d, `last-child` = 1 WHERE `id` = %d LIMIT 1", intval($r[0]['id']), intval($r[0]['id'])); } } if (!$java_upload) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } killme(); return; // NOTREACHED }
function menu_edit_item($menu_id, $uid, $arr) { $mitem_id = intval($arr['mitem_id']); $mitem_link = escape_tags($arr['mitem_link']); $mitem_desc = escape_tags($arr['mitem_desc']); $mitem_order = intval($arr['mitem_order']); $mitem_flags = intval($arr['mitem_flags']); if (local_channel() == $uid) { $channel = get_app()->get_channel(); } $str_group_allow = perms2str($arr['group_allow']); $str_contact_allow = perms2str($arr['contact_allow']); $str_group_deny = perms2str($arr['group_deny']); $str_contact_deny = perms2str($arr['contact_deny']); $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d", dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($mitem_order), intval($uid), intval($menu_id), intval($mitem_id)); $x = q("update menu set menu_edited = '%s' where menu_id = %d and menu_channel_id = %d", dbesc(datetime_convert()), intval($menu_id), intval($uid)); return $r; }
function settings_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != $_SESSION['uid']) { notice(t('Permission denied.') . EOL); return; } if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = trim($_POST['npassword']); $confirm = trim($_POST['confirm']); $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($password), intval(get_uid())); if ($r) { notice(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $theme = notags(trim($_POST['theme'])); $username = notags(trim($_POST['username'])); $email = notags(trim($_POST['email'])); $timezone = notags(trim($_POST['timezone'])); $defloc = notags(trim($_POST['defloc'])); $publish = $_POST['profile_in_directory'] == 1 ? 1 : 0; $net_publish = $_POST['profile_in_netdirectory'] == 1 ? 1 : 0; $old_visibility = intval($_POST['visibility']) == 1 ? 1 : 0; $notify = 0; if ($_POST['notify1']) { $notify += intval($_POST['notify1']); } if ($_POST['notify2']) { $notify += intval($_POST['notify2']); } if ($_POST['notify3']) { $notify += intval($_POST['notify3']); } if ($_POST['notify4']) { $notify += intval($_POST['notify4']); } if ($_POST['notify5']) { $notify += intval($_POST['notify5']); } $username_changed = false; $email_changed = false; $zone_changed = false; $err = ''; if ($username != $a->user['username']) { $username_changed = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; if (!eregi('[A-Za-z0-9._%-]+@[A-Za-z0-9._%-]+\\.[A-Za-z]{2,6}', $email)) { $err .= t(' Not valid email.'); } $r = q("SELECT `uid` FROM `user`\n \tWHERE `email` = '%s' LIMIT 1", dbesc($email)); if ($r !== NULL && count($r)) { $err .= t(' This email address is already registered.'); } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { $zone_changed = true; if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `default-location` = '%s', `theme` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), dbesc($defloc), dbesc($theme), intval($_SESSION['uid'])); if ($r) { notice(t('Settings updated.') . EOL); } $r = q("UPDATE `profile` \n\t\tSET `publish` = %d, `net-publish` = %d\n\t\tWHERE `is-default` = 1 LIMIT 1", intval($publish), intval($net_publish)); if ($old_visibility != $net_publish) { // Update global directory in background $php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php'; $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_close(proc_open("\"{$php_path}\" \"include/directory.php\" \"{$url}\" &", array(), $foo)); } } $_SESSION['theme'] = $theme; goaway($a->get_baseurl() . '/settings'); }
function item_post(&$a) { if (!local_user() && !remote_user() && !x($_REQUEST, 'commenter')) { return; } require_once 'include/security.php'; $uid = local_user(); if (x($_REQUEST, 'dropitems')) { $arr_drop = explode(',', $_REQUEST['dropitems']); drop_items($arr_drop); $json = array('success' => 1); echo json_encode($json); killme(); } call_hooks('post_local_start', $_REQUEST); // logger('postinput ' . file_get_contents('php://input')); logger('postvars ' . print_r($_REQUEST, true), LOGGER_DATA); $api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false; $message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : ''; $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : ''; $preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0; // Check for doubly-submitted posts, and reject duplicates // Note that we have to ignore previews, otherwise nothing will post // after it's been previewed if (!$preview && x($_REQUEST['post_id_random'])) { if (x($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) { logger("item post: duplicate post", LOGGER_DEBUG); item_post_return($a->get_baseurl(), $api_source, $return_path); } else { $_SESSION['post-random'] = $_REQUEST['post_id_random']; } } /** * Is this a reply to something? */ $parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0; $parent_uri = x($_REQUEST, 'parent_uri') ? trim($_REQUEST['parent_uri']) : ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; $parid = 0; $r = false; $objecttype = null; if ($parent || $parent_uri) { $objecttype = ACTIVITY_OBJ_COMMENT; if (!x($_REQUEST, 'type')) { $_REQUEST['type'] = 'net-comment'; } if ($parent) { $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent)); } elseif ($parent_uri && local_user()) { // This is coming from an API source, and we are logged in $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_uri), intval(local_user())); } // if this isn't the real parent of the conversation, find it if ($r !== false && count($r)) { $parid = $r[0]['parent']; $parent_uri = $r[0]['uri']; if ($r[0]['id'] != $r[0]['parent']) { $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid)); } } if ($r === false || !count($r)) { notice(t('Unable to locate original post.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } $parent_item = $r[0]; $parent = $r[0]['id']; // multi-level threading - preserve the info but re-parent to our single level threading //if(($parid) && ($parid != $parent)) $thr_parent = $parent_uri; if ($parent_item['contact-id'] && $uid) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($parent_item['contact-id']), intval($uid)); if (count($r)) { $parent_contact = $r[0]; // If the contact id doesn't fit with the contact, then set the contact to null $thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent)); if (count($thrparent) and $thrparent[0]["network"] === NETWORK_OSTATUS and normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"])) { $parent_contact = null; require_once "include/Scrape.php"; $probed_contact = probe_url($thrparent[0]["author-link"]); if ($probed_contact["network"] != NETWORK_FEED) { $parent_contact = $probed_contact; $parent_contact["nurl"] = normalise_link($probed_contact["url"]); $parent_contact["thumb"] = $probed_contact["photo"]; $parent_contact["micro"] = $probed_contact["photo"]; } logger('parent contact: ' . print_r($parent_contact, true), LOGGER_DEBUG); } else { logger('no contact found: ' . print_r($thrparent, true), LOGGER_DEBUG); } } } } if ($parent) { logger('mod_item: item_post parent=' . $parent); } $profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0; $post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0; $app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : ''; $extid = x($_REQUEST, 'extid') ? strip_tags($_REQUEST['extid']) : ''; $allow_moderated = false; // here is where we are going to check for permission to post a moderated comment. // First check that the parent exists and it is a wall item. if (x($_REQUEST, 'commenter') && (!$parent || !$parent_item['wall'])) { notice(t('Permission denied.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } // Now check that it is a page_type of PAGE_BLOG, and that valid personal details // have been provided, and run any anti-spam plugins // TODO if (!can_write_wall($a, $profile_uid) && !$allow_moderated) { notice(t('Permission denied.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } // is this an edited post? $orig_post = null; if ($post_id) { $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id)); if (!count($i)) { killme(); } $orig_post = $i[0]; } $user = null; $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($profile_uid)); if (count($r)) { $user = $r[0]; } if ($orig_post) { $str_group_allow = $orig_post['allow_gid']; $str_contact_allow = $orig_post['allow_cid']; $str_group_deny = $orig_post['deny_gid']; $str_contact_deny = $orig_post['deny_cid']; $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; $objecttype = $orig_post['object-type']; $emailcc = $orig_post['emailcc']; $app = $orig_post['app']; $categories = $orig_post['file']; $title = notags(trim($_REQUEST['title'])); $body = escape_tags(trim($_REQUEST['body'])); $private = $orig_post['private']; $pubmail_enable = $orig_post['pubmail']; $network = $orig_post['network']; $guid = $orig_post['guid']; $extid = $orig_post['extid']; } else { // if coming from the API and no privacy settings are set, // use the user default permissions - as they won't have // been supplied via a form. if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) { $str_group_allow = $user['allow_gid']; $str_contact_allow = $user['allow_cid']; $str_group_deny = $user['deny_gid']; $str_contact_deny = $user['deny_cid']; } else { // use the posted permissions $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); } $title = notags(trim($_REQUEST['title'])); $location = notags(trim($_REQUEST['location'])); $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); $emailcc = notags(trim($_REQUEST['emailcc'])); $body = escape_tags(trim($_REQUEST['body'])); $network = notags(trim($_REQUEST['network'])); $guid = get_guid(32); $naked_body = preg_replace('/\\[(.+?)\\]/', '', $body); if (version_compare(PHP_VERSION, '5.3.0', '>=')) { $l = new Text_LanguageDetect(); //$lng = $l->detectConfidence($naked_body); //$postopts = (($lng['language']) ? 'lang=' . $lng['language'] . ';' . $lng['confidence'] : ''); $lng = $l->detect($naked_body, 3); if (sizeof($lng) > 0) { $postopts = ""; foreach ($lng as $language => $score) { if ($postopts == "") { $postopts = "lang="; } else { $postopts .= ":"; } $postopts .= $language . ";" . $score; } } logger('mod_item: detect language' . print_r($lng, true) . $naked_body, LOGGER_DATA); } else { $postopts = ''; } $private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) ? 1 : 0; if ($user['hidewall']) { $private = 2; } // If this is a comment, set the permissions from the parent. if ($parent_item) { $private = 0; // for non native networks use the network of the original post as network of the item if ($parent_item['network'] != NETWORK_DIASPORA and $parent_item['network'] != NETWORK_OSTATUS and $network == "") { $network = $parent_item['network']; } if ($parent_item['private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid'])) { $private = $parent_item['private'] ? $parent_item['private'] : 1; } $str_contact_allow = $parent_item['allow_cid']; $str_group_allow = $parent_item['allow_gid']; $str_contact_deny = $parent_item['deny_cid']; $str_group_deny = $parent_item['deny_gid']; } $pubmail_enable = x($_REQUEST, 'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && !$private ? 1 : 0; // if using the API, we won't see pubmail_enable - figure out if it should be set if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) { $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (!$mail_disabled) { $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", intval(local_user())); if (count($r) && intval($r[0]['pubmail'])) { $pubmail_enabled = true; } } } if (!strlen($body)) { if ($preview) { killme(); } info(t('Empty post discarded.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } if (strlen($categories)) { // get the "fileas" tags for this post $filedas = file_tag_file_to_list($categories, 'file'); } // save old and new categories, so we can determine what needs to be deleted from pconfig $categories_old = $categories; $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category'); $categories_new = $categories; if (strlen($filedas)) { // append the fileas stuff to the new categories list $categories .= file_tag_list_to_file($filedas, 'file'); } // Work around doubled linefeeds in Tinymce 3.5b2 // First figure out if it's a status post that would've been // created using tinymce. Otherwise leave it alone. /* $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) || !feature_enabled($profile_uid,'richtext') : 0); if((! $parent) && (! $api_source) && (! $plaintext)) { $body = fix_mce_lf($body); }*/ $plaintext = local_user() ? !feature_enabled($profile_uid, 'richtext') : 0; if (!$parent && !$api_source && !$plaintext) { $body = fix_mce_lf($body); } // get contact info for poster $author = null; $self = false; $contact_id = 0; if (local_user() && local_user() == $profile_uid) { $self = true; $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); } elseif (remote_user()) { if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $profile_uid) { $contact_id = $v['cid']; break; } } } if ($contact_id) { $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id)); } } if (count($r)) { $author = $r[0]; $contact_id = $author['id']; } // get contact info for owner if ($profile_uid == local_user()) { $contact_record = $author; } else { $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($profile_uid)); if (count($r)) { $contact_record = $r[0]; } } $post_type = notags(trim($_REQUEST['type'])); if ($post_type === 'net-comment') { if ($parent_item !== null) { if ($parent_item['wall'] == 1) { $post_type = 'wall-comment'; } else { $post_type = 'remote-comment'; } } } /** * * When a photo was uploaded into the message using the (profile wall) ajax * uploader, The permissions are initially set to disallow anybody but the * owner from seeing it. This is because the permissions may not yet have been * set for the post. If it's private, the photo permissions should be set * appropriately. But we didn't know the final permissions on the post until * now. So now we'll look for links of uploaded messages that are in the * post and set them to the same permissions as the post itself. * */ $match = null; if (!$preview && preg_match_all("/\\[img([\\=0-9x]*?)\\](.*?)\\[\\/img\\]/", $body, $match)) { $images = $match[2]; if (count($images)) { $objecttype = ACTIVITY_OBJ_IMAGE; foreach ($images as $image) { if (!stristr($image, $a->get_baseurl() . '/photo/')) { continue; } $image_uri = substr($image, strrpos($image, '/') + 1); $image_uri = substr($image_uri, 0, strpos($image_uri, '-')); if (!strlen($image_uri)) { continue; } $srch = '<' . intval($contact_id) . '>'; $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''\n\t\t\t\t\tAND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid)); if (!count($r)) { continue; } $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\tWHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($image_uri), intval($profile_uid), dbesc(t('Wall Photos'))); } } } /** * Next link in any attachment references we find in the post. */ $match = false; if (!$preview && preg_match_all("/\\[attachment\\](.*?)\\[\\/attachment\\]/", $body, $match)) { $attaches = $match[1]; if (count($attaches)) { foreach ($attaches as $attach) { $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($attach)); if (count($r)) { $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\t\tWHERE `uid` = %d AND `id` = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($profile_uid), intval($attach)); } } } } // embedded bookmark in post? set bookmark flag $bookmark = 0; if (preg_match_all("/\\[bookmark\\=([^\\]]*)\\](.*?)\\[\\/bookmark\\]/ism", $body, $match, PREG_SET_ORDER)) { $objecttype = ACTIVITY_OBJ_BOOKMARK; $bookmark = 1; } $body = bb_translate_video($body); /** * Fold multi-line [code] sequences */ $body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body); $body = scale_external_images($body, false); // Setting the object type if not defined before if (!$objecttype) { $objecttype = ACTIVITY_OBJ_NOTE; // Default value require_once "include/plaintext.php"; $objectdata = get_attached_data($body); if ($post["type"] == "link") { $objecttype = ACTIVITY_OBJ_BOOKMARK; } elseif ($post["type"] == "video") { $objecttype = ACTIVITY_OBJ_VIDEO; } elseif ($post["type"] == "photo") { $objecttype = ACTIVITY_OBJ_IMAGE; } } /** * Look for any tags and linkify them */ $str_tags = ''; $inform = ''; $tags = get_tags($body); /** * add a statusnet style reply tag if the original post was from there * and we are replying, and there isn't one already */ if ($parent_contact && $parent_contact['network'] === NETWORK_OSTATUS && $parent_contact['nick'] && !in_array('@' . $parent_contact['nick'], $tags)) { $body = '@' . $parent_contact['nick'] . ' ' . $body; $tags[] = '@' . $parent_contact['nick']; } $tagged = array(); $private_forum = false; if (count($tags)) { foreach ($tags as $tag) { if (strpos($tag, '#') === 0) { continue; } // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. // Robert Johnson should be first in the $tags array $fullnametagged = false; for ($x = 0; $x < count($tagged); $x++) { if (stristr($tagged[$x], $tag . ' ')) { $fullnametagged = true; break; } } if ($fullnametagged) { continue; } $success = handle_tag($a, $body, $inform, $str_tags, local_user() ? local_user() : $profile_uid, $tag, $network); if ($success['replaced']) { $tagged[] = $tag; } if (is_array($success['contact']) && intval($success['contact']['prv'])) { $private_forum = true; $private_id = $success['contact']['id']; } } } if ($private_forum && !$parent && !$private) { // we tagged a private forum in a top level post and the message was public. // Restrict it. $private = 1; $str_contact_allow = '<' . $private_id . '>'; } $attachments = ''; $match = false; if (preg_match_all('/(\\[attachment\\]([0-9]+)\\[\\/attachment\\])/', $body, $match)) { foreach ($match[2] as $mtch) { $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($mtch)); if (count($r)) { if (strlen($attachments)) { $attachments .= ','; } $attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . ($r[0]['filename'] ? $r[0]['filename'] : '') . '"[/attach]'; } $body = str_replace($match[1], '', $body); } } $wall = 0; if ($post_type === 'wall' || $post_type === 'wall-comment') { $wall = 1; } if (!strlen($verb)) { $verb = ACTIVITY_POST; } if ($network == "") { $network = NETWORK_DFRN; } $gravity = $parent ? 6 : 0; // even if the post arrived via API we are considering that it // originated on this site by default for determining relayability. $origin = x($_REQUEST, 'origin') ? intval($_REQUEST['origin']) : 1; $notify_type = $parent ? 'comment-new' : 'wall-new'; $uri = $message_id ? $message_id : item_new_uri($a->get_hostname(), $profile_uid); // Fallback so that we alway have a thr-parent if (!$thr_parent) { $thr_parent = $uri; } $datarray = array(); $datarray['uid'] = $profile_uid; $datarray['type'] = $post_type; $datarray['wall'] = $wall; $datarray['gravity'] = $gravity; $datarray['network'] = $network; $datarray['contact-id'] = $contact_id; $datarray['owner-name'] = $contact_record['name']; $datarray['owner-link'] = $contact_record['url']; $datarray['owner-avatar'] = $contact_record['thumb']; $datarray['author-name'] = $author['name']; $datarray['author-link'] = $author['url']; $datarray['author-avatar'] = $author['thumb']; $datarray['created'] = datetime_convert(); $datarray['edited'] = datetime_convert(); $datarray['commented'] = datetime_convert(); $datarray['received'] = datetime_convert(); $datarray['changed'] = datetime_convert(); $datarray['extid'] = $extid; $datarray['guid'] = $guid; $datarray['uri'] = $uri; $datarray['title'] = $title; $datarray['body'] = $body; $datarray['app'] = $app; $datarray['location'] = $location; $datarray['coord'] = $coord; $datarray['tag'] = $str_tags; $datarray['file'] = $categories; $datarray['inform'] = $inform; $datarray['verb'] = $verb; $datarray['object-type'] = $objecttype; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private; $datarray['pubmail'] = $pubmail_enable; $datarray['attach'] = $attachments; $datarray['bookmark'] = intval($bookmark); $datarray['thr-parent'] = $thr_parent; $datarray['postopts'] = $postopts; $datarray['origin'] = $origin; $datarray['moderated'] = $allow_moderated; /** * These fields are for the convenience of plugins... * 'self' if true indicates the owner is posting on their own wall * If parent is 0 it is a top-level post. */ $datarray['parent'] = $parent; $datarray['self'] = $self; // $datarray['prvnets'] = $user['prvnets']; if ($orig_post) { $datarray['edit'] = true; } // Search for hashtags item_body_set_hashtags($datarray); // preview mode - prepare the body for display and send it via json if ($preview) { require_once 'include/conversation.php'; $o = conversation($a, array(array_merge($contact_record, $datarray)), 'search', false, true); logger('preview: ' . $o); echo json_encode(array('preview' => $o)); killme(); } call_hooks('post_local', $datarray); if (x($datarray, 'cancel')) { logger('mod_item: post cancelled by plugin.'); if ($return_path) { goaway($a->get_baseurl() . "/" . $return_path); } $json = array('cancel' => 1); if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) { $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload']; } echo json_encode($json); killme(); } // Fill the cache field put_item_in_cache($datarray); if ($orig_post) { $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `rendered-html` = '%s', `rendered-hash` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc($datarray['attach']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash']), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($post_id), intval($profile_uid)); create_tags_from_item($post_id); create_files_from_item($post_id); update_thread($post_id); // update filetags in pconfig file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category'); proc_run('php', "include/notifier.php", 'edit_post', "{$post_id}"); if (x($_REQUEST, 'return') && strlen($return_path)) { logger('return: ' . $return_path); goaway($a->get_baseurl() . "/" . $return_path); } killme(); } else { $post_id = 0; } $r = q("INSERT INTO `item` (`guid`, `extid`, `uid`,`type`,`wall`,`gravity`, `network`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`,\n\t\t`created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `object-type`, `postopts`,\n\t\t`allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark`,`origin`, `moderated`, `file`, `rendered-html`, `rendered-hash`)\n\t\tVALUES( '%s', '%s', %d, '%s', %d, %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s')", dbesc($datarray['guid']), dbesc($datarray['extid']), intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), intval($datarray['gravity']), dbesc($datarray['network']), intval($datarray['contact-id']), dbesc($datarray['owner-name']), dbesc($datarray['owner-link']), dbesc($datarray['owner-avatar']), dbesc($datarray['author-name']), dbesc($datarray['author-link']), dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), dbesc($datarray['commented']), dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), dbesc($datarray['thr-parent']), dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['app']), dbesc($datarray['location']), dbesc($datarray['coord']), dbesc($datarray['tag']), dbesc($datarray['inform']), dbesc($datarray['verb']), dbesc($datarray['object-type']), dbesc($datarray['postopts']), dbesc($datarray['allow_cid']), dbesc($datarray['allow_gid']), dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), intval($datarray['pubmail']), dbesc($datarray['attach']), intval($datarray['bookmark']), intval($datarray['origin']), intval($datarray['moderated']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash'])); $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($datarray['uri'])); if (!count($r)) { logger('mod_item: unable to retrieve post that was just stored.'); notice(t('System error. Post not saved.') . EOL); goaway($a->get_baseurl() . "/" . $return_path); // NOTREACHED } $post_id = $r[0]['id']; logger('mod_item: saved item ' . $post_id); $datarray["id"] = $post_id; $datarray["plink"] = $a->get_baseurl() . '/display/' . urlencode($datarray["guid"]); // update filetags in pconfig file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category'); if ($parent) { // This item is the last leaf and gets the comment box, clear any ancestors $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ", dbesc(datetime_convert()), intval($parent)); update_thread($parent, true); // Inherit ACLs from the parent item. $r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d\n\t\t\tWHERE `id` = %d", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), intval($parent_item['private']), intval($post_id)); if ($contact_record != $author) { notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_uri' => $parent_item['uri'])); } // Store the comment signature information in case we need to relay to Diaspora store_diaspora_comment_sig($datarray, $author, $self ? $a->user['prvkey'] : false, $parent_item, $post_id); } else { $parent = $post_id; if ($contact_record != $author) { notification(array('type' => NOTIFY_WALL, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item')); } } // fallback so that parent always gets set to non-zero. if (!$parent) { $parent = $post_id; } $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1\n\t\tWHERE `id` = %d", intval($parent), dbesc($parent == $post_id ? $uri : $parent_item['uri']), dbesc($a->get_baseurl() . '/display/' . urlencode($datarray['guid'])), dbesc(datetime_convert()), intval($post_id)); // photo comments turn the corresponding item visible to the profile wall // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. if (!$parent_item['visible']) { $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d", intval($parent_item['id'])); update_thread($parent_item['id']); } // update the commented timestamp on the parent q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($parent)); if ($post_id != $parent) { update_thread($parent); } call_hooks('post_local_end', $datarray); if (strlen($emailcc) && $profile_uid == local_user()) { $erecips = explode(',', $emailcc); if (count($erecips)) { foreach ($erecips as $recip) { $addr = trim($recip); if (!strlen($addr)) { continue; } $disclaimer = '<hr />' . sprintf(t('This message was sent to you by %s, a member of the Friendica social network.'), $a->user['username']) . '<br />'; $disclaimer .= sprintf(t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL; $disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL; if (!$datarray['title'] == '') { $subject = email_header_encode($datarray['title'], 'UTF-8'); } else { $subject = email_header_encode('[Friendica]' . ' ' . sprintf(t('%s posted an update.'), $a->user['username']), 'UTF-8'); } $link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />'; $html = prepare_body($datarray); $message = '<html><body>' . $link . $html . $disclaimer . '</body></html>'; include_once 'include/html2plain.php'; $params = array('fromName' => $a->user['username'], 'fromEmail' => $a->user['email'], 'toEmail' => $addr, 'replyTo' => $a->user['email'], 'messageSubject' => $subject, 'htmlVersion' => $message, 'textVersion' => html2plain($html . $disclaimer)); Emailer::send($params); } } } create_tags_from_item($post_id); create_files_from_item($post_id); if ($post_id == $parent) { add_thread($post_id); } // This is a real juggling act on shared hosting services which kill your processes // e.g. dreamhost. We used to start delivery to our native delivery agents in the background // and then run our plugin delivery from the foreground. We're now doing plugin delivery first, // because as soon as you start loading up a bunch of remote delivey processes, *this* page is // likely to get killed off. If you end up looking at an /item URL and a blank page, // it's very likely the delivery got killed before all your friends could be notified. // Currently the only realistic fixes are to use a reliable server - which precludes shared hosting, // or cut back on plugins which do remote deliveries. proc_run('php', "include/notifier.php", $notify_type, "{$post_id}"); logger('post_complete'); item_post_return($a->get_baseurl(), $api_source, $return_path); // NOTREACHED }
function photos_post(&$a) { logger('mod-photos: photos_post: begin', LOGGER_DEBUG); logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA); logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA); $ph = photo_factory(''); $phototypes = $ph->supportedTypes(); $can_post = false; $page_owner_uid = $a->data['channel']['channel_id']; if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'post_photos')) { $can_post = true; } if (!$can_post) { notice(t('Permission denied.') . EOL); if (is_ajax()) { killme(); } return; } $s = abook_self($page_owner_uid); if (!$s) { notice(t('Page owner information could not be retrieved.') . EOL); logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid); if (is_ajax()) { killme(); } return; } $owner_record = $s[0]; if (argc() > 3 && argv(2) === 'album') { $album = hex2bin(argv(3)); if ($album === t('Profile Photos')) { // not allowed goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } if (!photos_album_exists($page_owner_uid, $album)) { notice(t('Album not found.') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } /* * RENAME photo album */ $newalbum = notags(trim($_REQUEST['albumname'])); if ($newalbum != $album) { $x = photos_album_rename($page_owner_uid, $album, $newalbum); if ($x) { $newurl = str_replace(bin2hex($album), bin2hex($newalbum), $_SESSION['photo_return']); goaway($a->get_baseurl() . '/' . $newurl); } } /* * DELETE photo album and all its photos */ if ($_REQUEST['dropalbum'] == t('Delete Album')) { $res = array(); // get the list of photos we are about to delete if (remote_user() && !local_user()) { $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_user()); } elseif (local_user()) { $str = photos_album_get_db_idstr(local_user(), $album); } else { $str = null; } if (!$str) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $r = q("select id, item_restrict from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d", intval($page_owner_uid)); if ($r) { foreach ($r as $i) { drop_item($i['id'], false); if (!$item_restrict) { proc_run('php', 'include/notifier.php', 'drop', $i['id']); } } } // remove the associated photos in case they weren't attached to an item q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid)); } goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']); } if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) { // same as above but remove single photo $ob_hash = get_observer_hash(); if (!$ob_hash) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_user()), dbesc($a->argv[2])); if ($r) { q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'", intval($page_owner_uid), dbesc($r[0]['resource_id'])); $i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1", dbesc($r[0]['resource_id']), intval($page_owner_uid)); if (count($i)) { q("UPDATE `item` SET item_restrict = (item_restrict | %d), `edited` = '%s', `changed` = '%s' WHERE `parent_mid` = '%s' AND `uid` = %d", intval(ITEM_DELETED), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($i[0]['mid']), intval($page_owner_uid)); $url = $a->get_baseurl(); $drop_id = intval($i[0]['id']); if ($i[0]['visible']) { proc_run('php', "include/notifier.php", "drop", "{$drop_id}"); } } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) { $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : ''; $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : ''; $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0; $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : ''; $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $resource_id = $a->argv[2]; if (!strlen($albname)) { $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y'); } if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) { logger('rotate'); $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid)); if (count($r)) { $ph = photo_factory($r[0]['data'], $r[0]['type']); if ($ph->is_valid()) { $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90; $ph->rotate($rotate_deg); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); if ($width > 640 || $height > 640) { $ph->scaleImage(640); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $width = $ph->getWidth(); $height = $ph->getHeight(); $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2 limit 1", dbesc($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid)); } } } } $p = q("SELECT * FROM `photo` WHERE `resource_id` = '%s' AND `uid` = %d and ( photo_flags = %d or photo_flags = %d ) ORDER BY `scale` DESC", dbesc($resource_id), intval($page_owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE)); if (count($p)) { $ext = $phototypes[$p[0]['type']]; $r = q("UPDATE `photo` SET `description` = '%s', `album` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($albname), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($resource_id), intval($page_owner_uid)); } $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false; /* Don't make the item visible if the only change was the album name */ $visibility = 0; if ($p[0]['description'] !== $desc || strlen($rawtags)) { $visibility = 1; } if (!$item_id) { $item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility); } if ($item_id) { $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid)); } if ($r) { $old_tag = $r[0]['tag']; $old_inform = $r[0]['inform']; } // make sure the linked item has the same permissions as the photo regardless of any other changes $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d limit 1", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($item_private), intval($item_id)); if (strlen($rawtags)) { $str_tags = ''; $inform = ''; // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention $x = substr($rawtags, 0, 1); if ($x !== '@' && $x !== '#') { $rawtags = '@' . $rawtags; } $taginfo = array(); $tags = get_tags($rawtags); if (count($tags)) { foreach ($tags as $tag) { // If we already tagged 'Robert Johnson', don't try and tag 'Robert'. // Robert Johnson should be first in the $tags array $fullnametagged = false; for ($x = 0; $x < count($tagged); $x++) { if (stristr($tagged[$x], $tag . ' ')) { $fullnametagged = true; break; } } if ($fullnametagged) { continue; } require_once 'mod/item.php'; $body = $access_tag = ''; $success = handle_tag($a, $body, $access_tag, $str_tags, local_user() ? local_user() : $a->profile['profile_uid'], $tag); logger('handle_tag: ' . print_r($success, tue), LOGGER_DEBUG); if ($access_tag) { logger('access_tag: ' . $tag . ' ' . print_r($access_tag, true), LOGGER_DEBUG); if (strpos($access_tag, 'cid:') === 0) { $str_contact_allow .= '<' . substr($access_tag, 4) . '>'; $access_tag = ''; } elseif (strpos($access_tag, 'gid:') === 0) { $str_group_allow .= '<' . substr($access_tag, 4) . '>'; $access_tag = ''; } } if ($success['replaced']) { $tagged[] = $tag; $post_tags[] = array('uid' => $a->profile['profile_uid'], 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']); } } } $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid)); if ($r) { $datarray = $r[0]; $datarray['term'] = $post_tags; item_store_update($datarray, $execflag); } } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); return; // NOTREACHED } /** * default post action - upload a photo */ $_REQUEST['source'] = 'photos'; $r = photo_upload($a->channel, $a->get_observer(), $_REQUEST); if (!$r['success']) { notice($r['message'] . EOL); } goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); }
/** * API: map_shareUserLocation * Share real-time location data by generating an access token and posting it. * $data contains the ACL specified by the user. The access token is returned * @param type $data */ function map_shareUserLocation($data) { $resource_type = 'locserv'; $token = random_string(); //Extract the ACL for permissions $args = array(); $args['allow_cid'] = perms2str($data['contact_allow']); $args['allow_gid'] = perms2str($data['group_allow']); $args['deny_cid'] = perms2str($data['contact_deny']); $args['deny_gid'] = perms2str($data['group_deny']); $args['token'] = $token; array_key_exists('token', $args) ? $token = $args['token'] : ($token = ''); $channel = App::get_channel(); $observer = App::get_observer(); $acl = new Zotlabs\Access\AccessList($channel); if (array_key_exists('allow_cid', $args)) { $acl->set($args); } $ac = $acl->get(); $mid = item_message_id(); // Generate a unique message ID $arr = array(); // Initialize the array of parameters for the post // If this were an actual location, ACTIVITY_OBJ_LOCATION would make sense, // but since this is actually an access token to retrieve location data, we'll // have to use something more vague $objtype = ACTIVITY_OBJ_THING; //check if item for this object exists $y = q("SELECT mid FROM item WHERE obj_type = '%s' AND resource_type = '%s' AND resource_id = '%s' AND uid = %d LIMIT 1", dbesc(ACTIVITY_POST), dbesc($resource_type), dbesc($token), intval($channel['channel_id'])); if ($y) { notice('Error posting access token. Item already exists.'); logger('map plugin: Error posting access token. item already exists: ' . json_encode($y)); die; } $body = $channel['channel_name'] . ' shared their location with you. '; $link = z_root() . '/map/?action=getLatestLocation&token=' . $token; /* * The local map plugin link for the receiver only needs the token. The plugin * will look up the stored item table record and use the object->locationDataType * to determine what kind of location data has been shared. This will allow it * to make the proper request for data to the sharer's hub. For example, if the * object->locationDataType is a dynamicMarker, then the receiver will request * only the most recent location associated with that token */ $body .= '[url=' . z_root() . '/map?action=getLatestLocation&token=' . $token . ']Click here to view[/url]'; // Encode object according to Activity Streams: http://activitystrea.ms/specs/json/1.0/ $object = json_encode(array('type' => $objtype, 'title' => 'location data access token', 'locationDataType' => 'dynamicMarker', 'id' => $token, 'url' => $link)); if (intval($data['visible']) || $data['visible'] === 'true') { $visible = 1; } else { $visible = 0; } $item_hidden = $visible ? 0 : 1; $arr['aid'] = $channel['channel_account_id']; $arr['uid'] = $channel['channel_id']; $arr['mid'] = $mid; $arr['parent_mid'] = $mid; $arr['item_hidden'] = $item_hidden; $arr['resource_type'] = $resource_type; $arr['resource_id'] = $token; $arr['owner_xchan'] = $channel['channel_hash']; $arr['author_xchan'] = $observer['xchan_hash']; $arr['title'] = 'Shared Location'; $arr['allow_cid'] = $ac['allow_cid']; $arr['allow_gid'] = $ac['allow_gid']; $arr['deny_cid'] = $ac['deny_cid']; $arr['deny_gid'] = $ac['deny_gid']; $arr['item_wall'] = 0; $arr['item_origin'] = 1; $arr['item_thread_top'] = 1; $arr['item_private'] = intval($acl->is_private()); $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid']; $arr['verb'] = ACTIVITY_POST; $arr['obj_type'] = $objtype; $arr['object'] = $object; $arr['body'] = $body; $post = item_store($arr); $item_id = $post['item_id']; if ($item_id) { proc_run('php', "include/notifier.php", "activity", $item_id); echo json_encode(array('item' => $arr, 'status' => true)); } else { echo json_encode(array('item' => null, 'status' => false)); } die; }
function events_post(&$a) { logger('post: ' . print_r($_REQUEST, true)); if (!local_user()) { return; } $event_id = x($_POST, 'event_id') ? intval($_POST['event_id']) : 0; $cid = x($_POST, 'cid') ? intval($_POST['cid']) : 0; $uid = local_user(); $start_text = escape_tags($_REQUEST['start_text']); $finish_text = escape_tags($_REQUEST['finish_text']); $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); // The default setting for the `private` field in event_store() is false, so mirror that $private_event = false; if ($start_text) { $start = $start_text; } else { $start = sprintf('%d-%d-%d %d:%d:0', $startyear, $startmonth, $startday, $starthour, $startminute); } if ($nofinish) { $finish = '0000-00-00 00:00:00'; } if ($finish_text) { $finish = $finish_text; } else { $finish = sprintf('%d-%d-%d %d:%d:0', $finishyear, $finishmonth, $finishday, $finishhour, $finishminute); } if ($adjust) { $start = datetime_convert(date_default_timezone_get(), 'UTC', $start); if (!$nofinish) { $finish = datetime_convert(date_default_timezone_get(), 'UTC', $finish); } } else { $start = datetime_convert('UTC', 'UTC', $start); if (!$nofinish) { $finish = datetime_convert('UTC', 'UTC', $finish); } } // Don't allow the event to finish before it begins. // It won't hurt anything, but somebody will file a bug report // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. $summary = escape_tags(trim($_POST['summary'])); $desc = escape_tags(trim($_POST['desc'])); $location = escape_tags(trim($_POST['location'])); $type = 'event'; $action = $event_id == '' ? 'new' : "event/" . $event_id; $onerror_url = $a->get_baseurl() . "/events/" . $action . "?summary={$summary}&description={$desc}&location={$location}&start={$start_text}&finish={$finish_text}&adjust={$adjust}&nofinish={$nofinish}"; if (strcmp($finish, $start) < 0 && !$nofinish) { notice(t('Event can not end before it has started.') . EOL); if (intval($_REQUEST['preview'])) { echo t('Event can not end before it has started.'); killme(); } goaway($onerror_url); } if (!$summary || !$start) { notice(t('Event title and start time are required.') . EOL); if (intval($_REQUEST['preview'])) { echo t('Event title and start time are required.'); killme(); } goaway($onerror_url); } $share = intval($_POST['share']) ? intval($_POST['share']) : 0; $c = q("select id from contact where uid = %d and self = 1 limit 1", intval(local_user())); if (count($c)) { $self = $c[0]['id']; } else { $self = 0; } if ($share) { $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); // Undo the pseudo-contact of self, since there are real contacts now if (strpos($str_contact_allow, '<' . $self . '>') !== false) { $str_contact_allow = str_replace('<' . $self . '>', '', $str_contact_allow); } // Make sure to set the `private` field as true. This is necessary to // have the posts show up correctly in Diaspora if an event is created // as visible only to self at first, but then edited to display to others. if (strlen($str_group_allow) or strlen($str_contact_allow) or strlen($str_group_deny) or strlen($str_contact_deny)) { $private_event = true; } } else { // Note: do not set `private` field for self-only events. It will // keep even you from seeing them! $str_contact_allow = '<' . $self . '>'; $str_group_allow = $str_contact_deny = $str_group_deny = ''; } $datarray = array(); $datarray['start'] = $start; $datarray['finish'] = $finish; $datarray['summary'] = $summary; $datarray['desc'] = $desc; $datarray['location'] = $location; $datarray['type'] = $type; $datarray['adjust'] = $adjust; $datarray['nofinish'] = $nofinish; $datarray['uid'] = $uid; $datarray['cid'] = $cid; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['private'] = $private_event ? 1 : 0; $datarray['id'] = $event_id; $datarray['created'] = $created; $datarray['edited'] = $edited; if (intval($_REQUEST['preview'])) { $html = format_event_html($datarray); echo $html; killme(); } $item_id = event_store($datarray); if (!$cid) { proc_run('php', "include/notifier.php", "event", "{$item_id}"); } goaway($_SESSION['return_url']); }
function events_post(&$a) { if (!local_user()) { return; } $event_id = x($_POST, 'event_id') ? intval($_POST['event_id']) : 0; $cid = x($_POST, 'cid') ? intval($_POST['cid']) : 0; $uid = local_user(); $startyear = intval($_POST['startyear']); $startmonth = intval($_POST['startmonth']); $startday = intval($_POST['startday']); $starthour = intval($_POST['starthour']); $startminute = intval($_POST['startminute']); $finishyear = intval($_POST['finishyear']); $finishmonth = intval($_POST['finishmonth']); $finishday = intval($_POST['finishday']); $finishhour = intval($_POST['finishhour']); $finishminute = intval($_POST['finishminute']); $adjust = intval($_POST['adjust']); $nofinish = intval($_POST['nofinish']); $start = sprintf('%d-%d-%d %d:%d:0', $startyear, $startmonth, $startday, $starthour, $startminute); if ($nofinish) { $finish = '0000-00-00 00:00:00'; } else { $finish = sprintf('%d-%d-%d %d:%d:0', $finishyear, $finishmonth, $finishday, $finishhour, $finishminute); } if ($adjust) { $start = datetime_convert(date_default_timezone_get(), 'UTC', $start); if (!$nofinish) { $finish = datetime_convert(date_default_timezone_get(), 'UTC', $finish); } } else { $start = datetime_convert('UTC', 'UTC', $start); if (!$nofinish) { $finish = datetime_convert('UTC', 'UTC', $finish); } } // Don't allow the event to finish before it begins. // It won't hurt anything, but somebody will file a bug report // and we'll waste a bunch of time responding to it. Time that // could've been spent doing something else. if (strcmp($finish, $start) < 0) { $finish = $start; } $desc = escape_tags(trim($_POST['desc'])); $location = escape_tags(trim($_POST['location'])); $type = 'event'; if (!$desc || !$start) { notice(t('Event description and start time are required.') . EOL); goaway($a->get_baseurl() . '/events/new'); } $share = intval($_POST['share']) ? intval($_POST['share']) : 0; if ($share) { $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); } else { $str_contact_allow = '<' . local_user() . '>'; $str_group_allow = $str_contact_deny = $str_group_deny = ''; } $datarray = array(); $datarray['start'] = $start; $datarray['finish'] = $finish; $datarray['desc'] = $desc; $datarray['location'] = $location; $datarray['type'] = $type; $datarray['adjust'] = $adjust; $datarray['nofinish'] = $nofinish; $datarray['uid'] = $uid; $datarray['cid'] = $cid; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['id'] = $event_id; $datarray['created'] = $created; $datarray['edited'] = $edited; $item_id = event_store($datarray); if (!$cid) { proc_run('php', "include/notifier.php", "event", "{$item_id}"); } }
function settings_post(&$a) { if (!local_user()) { return; } // logger('mod_settings: ' . print_r($_REQUEST,true)); if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth'); $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; $ok = true; if ($name == '') { $ok = false; notice(t('Name is required') . EOL); } if ($key == '' || $secret == '') { $ok = false; notice(t('Key and Secret are required') . EOL); } if ($ok) { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl(true) . "/settings/oauth/"); return; } if (argc() > 1 && argv(1) == 'featured') { check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured'); call_hooks('feature_settings_post', $_POST); build_sync_packet(); return; } if (argc() > 1 && argv(1) === 'features') { check_form_security_token_redirectOnErr('/settings/features', 'settings_features'); foreach ($_POST as $k => $v) { if (strpos($k, 'feature_') === 0) { set_pconfig(local_user(), 'feature', substr($k, 8), intval($v) ? 1 : 0); } } build_sync_packet(); return; } if (argc() > 1 && argv(1) == 'display') { check_form_security_token_redirectOnErr('/settings/display', 'settings_display'); $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : $a->channel['channel_theme']; $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : ''; $user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0; $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0; $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0; $browser_update = $browser_update * 1000; if ($browser_update < 10000) { $browser_update = 10000; } $itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20; if ($itemspage > 100) { $itemspage = 100; } if ($mobile_theme !== '') { set_pconfig(local_user(), 'system', 'mobile_theme', $mobile_theme); } // $chanview_full = ((x($_POST,'chanview_full')) ? intval($_POST['chanview_full']) : 0); set_pconfig(local_user(), 'system', 'user_scalable', $user_scalable); set_pconfig(local_user(), 'system', 'update_interval', $browser_update); set_pconfig(local_user(), 'system', 'itemspage', $itemspage); set_pconfig(local_user(), 'system', 'no_smilies', $nosmile); // set_pconfig(local_user(),'system','chanview_full',$chanview_full); if ($theme == $a->channel['channel_theme']) { // call theme_post only if theme has not been changed if (($themeconfigfile = get_theme_config_file($theme)) != null) { require_once $themeconfigfile; theme_post($a); } } $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d LIMIT 1", dbesc($theme), intval(local_user())); call_hooks('display_settings_post', $_POST); build_sync_packet(); goaway($a->get_baseurl(true) . '/settings/display'); return; // NOTREACHED } if (argc() > 1 && argv(1) === 'account') { check_form_security_token_redirectOnErr('/settings/account', 'settings_account'); call_hooks('settings_account', $_POST); $errs = array(); if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = $_POST['npassword']; $confirm = $_POST['confirm']; if ($newpass != $confirm) { $errs[] = t('Passwords do not match. Password unchanged.'); } if (!x($newpass) || !x($confirm)) { $errs[] = t('Empty passwords are not allowed. Password unchanged.'); } if (!$errs) { $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $newpass); $r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\twhere account_id = %d limit 1", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id())); if ($r) { info(t('Password changed.') . EOL); } else { $errs[] = t('Password update failed. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } $errs = array(); } $email = x($_POST, 'email') ? trim(notags($_POST['email'])) : ''; $account = $a->get_account(); if ($email != $account['account_email']) { if (!valid_email($email)) { $errs[] = t('Not valid email.'); } $adm = trim(get_config('system', 'admin_email')); if ($adm && strcasecmp($email, $adm) == 0) { $errs[] = t('Protected email address. Cannot change to that email.'); $email = $a->user['email']; } if (!$errs) { $r = q("update account set account_email = '%s' where account_id = %d limit 1", dbesc($email), intval($account['account_id'])); if (!$r) { $errs[] = t('System failure storing new email. Please try again.'); } } } if ($errs) { foreach ($errs as $err) { notice($err . EOL); } } goaway($a->get_baseurl(true) . '/settings/account'); } check_form_security_token_redirectOnErr('/settings', 'settings'); call_hooks('settings_post', $_POST); $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : ''; $channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : ''; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0; $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0; $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide_friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0; $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0; $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0; $adult = $_POST['adult'] == 1 ? 1 : 0; $channel = $a->get_channel(); $pageflags = $channel['channel_pageflags']; $existing_adult = $pageflags & PAGE_ADULT ? 1 : 0; if ($adult != $existing_adult) { $pageflags = $pageflags ^ PAGE_ADULT; } $arr = array(); $arr['channel_r_stream'] = $_POST['view_stream'] ? $_POST['view_stream'] : 0; $arr['channel_r_profile'] = $_POST['view_profile'] ? $_POST['view_profile'] : 0; $arr['channel_r_photos'] = $_POST['view_photos'] ? $_POST['view_photos'] : 0; $arr['channel_r_abook'] = $_POST['view_contacts'] ? $_POST['view_contacts'] : 0; $arr['channel_w_stream'] = $_POST['send_stream'] ? $_POST['send_stream'] : 0; $arr['channel_w_wall'] = $_POST['post_wall'] ? $_POST['post_wall'] : 0; $arr['channel_w_tagwall'] = $_POST['tag_deliver'] ? $_POST['tag_deliver'] : 0; $arr['channel_w_comment'] = $_POST['post_comments'] ? $_POST['post_comments'] : 0; $arr['channel_w_mail'] = $_POST['post_mail'] ? $_POST['post_mail'] : 0; $arr['channel_w_photos'] = $_POST['post_photos'] ? $_POST['post_photos'] : 0; $arr['channel_w_chat'] = $_POST['chat'] ? $_POST['chat'] : 0; $arr['channel_a_delegate'] = $_POST['delegate'] ? $_POST['delegate'] : 0; $arr['channel_r_storage'] = $_POST['view_storage'] ? $_POST['view_storage'] : 0; $arr['channel_w_storage'] = $_POST['write_storage'] ? $_POST['write_storage'] : 0; $arr['channel_r_pages'] = $_POST['view_pages'] ? $_POST['view_pages'] : 0; $arr['channel_w_pages'] = $_POST['write_pages'] ? $_POST['write_pages'] : 0; $arr['channel_a_republish'] = $_POST['republish'] ? $_POST['republish'] : 0; $arr['channel_w_like'] = $_POST['post_like'] ? $_POST['post_like'] : 0; $defperms = 0; if (x($_POST['def_view_stream'])) { $defperms += $_POST['def_view_stream']; } if (x($_POST['def_view_profile'])) { $defperms += $_POST['def_view_profile']; } if (x($_POST['def_view_photos'])) { $defperms += $_POST['def_view_photos']; } if (x($_POST['def_view_contacts'])) { $defperms += $_POST['def_view_contacts']; } if (x($_POST['def_send_stream'])) { $defperms += $_POST['def_send_stream']; } if (x($_POST['def_post_wall'])) { $defperms += $_POST['def_post_wall']; } if (x($_POST['def_tag_deliver'])) { $defperms += $_POST['def_tag_deliver']; } if (x($_POST['def_post_comments'])) { $defperms += $_POST['def_post_comments']; } if (x($_POST['def_post_mail'])) { $defperms += $_POST['def_post_mail']; } if (x($_POST['def_post_photos'])) { $defperms += $_POST['def_post_photos']; } if (x($_POST['def_chat'])) { $defperms += $_POST['def_chat']; } if (x($_POST['def_delegate'])) { $defperms += $_POST['def_delegate']; } if (x($_POST['def_view_storage'])) { $defperms += $_POST['def_view_storage']; } if (x($_POST['def_write_storage'])) { $defperms += $_POST['def_write_storage']; } if (x($_POST['def_view_pages'])) { $defperms += $_POST['def_view_pages']; } if (x($_POST['def_write_pages'])) { $defperms += $_POST['def_write_pages']; } if (x($_POST['def_republish'])) { $defperms += $_POST['def_republish']; } if (x($_POST['def_post_like'])) { $defperms += $_POST['def_post_like']; } $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } if (x($_POST, 'notify6')) { $notify += intval($_POST['notify6']); } if (x($_POST, 'notify7')) { $notify += intval($_POST['notify7']); } if (x($_POST, 'notify8')) { $notify += intval($_POST['notify8']); } $channel = $a->get_channel(); $err = ''; $name_change = false; if ($username != $channel['channel_name']) { $name_change = true; require_once 'include/identity.php'; $err = validate_channelname($username); if ($err) { notice($err); return; } } if ($timezone != $channel['channel_timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); set_pconfig(local_user(), 'system', 'use_browser_location', $allow_location); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); set_pconfig(local_user(), 'system', 'post_newfriend', $post_newfriend); set_pconfig(local_user(), 'system', 'post_joingroup', $post_joingroup); set_pconfig(local_user(), 'system', 'post_profilechange', $post_profilechange); set_pconfig(local_user(), 'system', 'blocktags', $blocktags); set_pconfig(local_user(), 'system', 'hide_online_status', $hide_presence); set_pconfig(local_user(), 'system', 'channel_menu', $channel_menu); $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d, channel_default_group = '%s', channel_r_stream = %d, channel_r_profile = %d, channel_r_photos = %d, channel_r_abook = %d, channel_w_stream = %d, channel_w_wall = %d, channel_w_tagwall = %d, channel_w_comment = %d, channel_w_mail = %d, channel_w_photos = %d, channel_w_chat = %d, channel_a_delegate = %d, channel_r_storage = %d, channel_w_storage = %d, channel_r_pages = %d, channel_w_pages = %d, channel_a_republish = %d, channel_w_like = %d, channel_allow_cid = '%s', channel_allow_gid = '%s', channel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d limit 1", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), dbesc($def_group), intval($arr['channel_r_stream']), intval($arr['channel_r_profile']), intval($arr['channel_r_photos']), intval($arr['channel_r_abook']), intval($arr['channel_w_stream']), intval($arr['channel_w_wall']), intval($arr['channel_w_tagwall']), intval($arr['channel_w_comment']), intval($arr['channel_w_mail']), intval($arr['channel_w_photos']), intval($arr['channel_w_chat']), intval($arr['channel_a_delegate']), intval($arr['channel_r_storage']), intval($arr['channel_w_storage']), intval($arr['channel_r_pages']), intval($arr['channel_w_pages']), intval($arr['channel_a_republish']), intval($arr['channel_w_like']), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile` \n\t\tSET `publish` = %d, \n\t\t`hide_friends` = %d\n\t\tWHERE `is_default` = 1 AND `uid` = %d LIMIT 1", intval($publish), intval($hide_friends), intval(local_user())); if ($name_change) { $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash'])); $r = q("update profile set name = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id'])); } proc_run('php', 'include/directory.php', local_user()); build_sync_packet(); //$_SESSION['theme'] = $theme; if ($email_changed && $a->config['system']['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout // Why? Are we verifying people or email addresses? } goaway($a->get_baseurl(true) . '/settings'); return; // NOTREACHED }
function menu_edit_item($menu_id, $uid, $arr) { $mitem_id = intval($arr['mitem_id']); $mitem_link = escape_tags($arr['mitem_link']); $mitem_desc = escape_tags($arr['mitem_desc']); $mitem_order = intval($arr['mitem_order']); $mitem_flags = intval($arr['mitem_flags']); if (local_user() == $uid) { $channel = get_app()->get_channel(); } if (!$arr['contact_allow'] && !$arr['group_allow'] && !$arr['contact_deny'] && !$arr['group_deny']) { $str_group_allow = $channel['channel_allow_gid']; $str_contact_allow = $channel['channel_allow_cid']; $str_group_deny = $channel['channel_deny_gid']; $str_contact_deny = $channel['channel_deny_cid']; } else { // use the posted permissions $str_group_allow = perms2str($arr['group_allow']); $str_contact_allow = perms2str($arr['contact_allow']); $str_group_deny = perms2str($arr['group_deny']); $str_contact_deny = perms2str($arr['contact_deny']); } $r = q("update menu_item set mitem_link = '%s', mitem_desc = '%s', mitem_flags = %d, allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', mitem_order = %d where mitem_channel_id = %d and mitem_menu_id = %d and mitem_id = %d limit 1", dbesc($mitem_link), dbesc($mitem_desc), intval($mitem_flags), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($mitem_order), intval($uid), intval($menu_id), intval($mitem_id)); return $r; }
function item_post(&$a) { // This will change. Figure out who the observer is and whether or not // they have permission to post here. Else ignore the post. if (!local_channel() && !remote_channel() && !x($_REQUEST, 'commenter')) { return; } require_once 'include/security.php'; $uid = local_channel(); $channel = null; $observer = null; /** * Is this a reply to something? */ $parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0; $parent_mid = x($_REQUEST, 'parent_mid') ? trim($_REQUEST['parent_mid']) : ''; $remote_xchan = x($_REQUEST, 'remote_xchan') ? trim($_REQUEST['remote_xchan']) : false; $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($remote_xchan)); if ($r) { $remote_observer = $r[0]; } else { $remote_xchan = $remote_observer = false; } $profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0; require_once 'include/identity.php'; $sys = get_sys_channel(); if ($sys && $profile_uid && $sys['channel_id'] == $profile_uid && is_site_admin()) { $uid = intval($sys['channel_id']); $channel = $sys; $observer = $sys; } if (x($_REQUEST, 'dropitems')) { require_once 'include/items.php'; $arr_drop = explode(',', $_REQUEST['dropitems']); drop_items($arr_drop); $json = array('success' => 1); echo json_encode($json); killme(); } call_hooks('post_local_start', $_REQUEST); // logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA); $api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false; $consensus = intval($_REQUEST['consensus']); // 'origin' (if non-zero) indicates that this network is where the message originated, // for the purpose of relaying comments to other conversation members. // If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset. // If the API is used from another network with its own distribution // and deliveries, you may wish to set origin to 0 or false and allow the other // network to relay comments. // If you are unsure, it is prudent (and important) to leave it unset. $origin = $api_source && array_key_exists('origin', $_REQUEST) ? intval($_REQUEST['origin']) : 1; // To represent message-ids on other networks - this will create an item_id record $namespace = $api_source && array_key_exists('namespace', $_REQUEST) ? strip_tags($_REQUEST['namespace']) : ''; $remote_id = $api_source && array_key_exists('remote_id', $_REQUEST) ? strip_tags($_REQUEST['remote_id']) : ''; $owner_hash = null; $message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : ''; $created = x($_REQUEST, 'created') ? datetime_convert('UTC', 'UTC', $_REQUEST['created']) : datetime_convert(); $post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0; $app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : ''; $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : ''; $preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0; $categories = x($_REQUEST, 'category') ? escape_tags($_REQUEST['category']) : ''; $webpage = x($_REQUEST, 'webpage') ? intval($_REQUEST['webpage']) : 0; $pagetitle = x($_REQUEST, 'pagetitle') ? escape_tags(urlencode($_REQUEST['pagetitle'])) : ''; $layout_mid = x($_REQUEST, 'layout_mid') ? escape_tags($_REQUEST['layout_mid']) : ''; $plink = x($_REQUEST, 'permalink') ? escape_tags($_REQUEST['permalink']) : ''; $obj_type = x($_REQUEST, 'obj_type') ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE; // allow API to bulk load a bunch of imported items with sending out a bunch of posts. $nopush = x($_REQUEST, 'nopush') ? intval($_REQUEST['nopush']) : 0; /* * Check service class limits */ if ($uid && !x($_REQUEST, 'parent') && !x($_REQUEST, 'post_id')) { $ret = item_check_service_class($uid, $_REQUEST['webpage'] == ITEM_WEBPAGE ? true : false); if (!$ret['success']) { notice(t($ret['message']) . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } if ($pagetitle) { require_once 'library/urlify/URLify.php'; $pagetitle = strtolower(URLify::transliterate($pagetitle)); } $item_flags = $item_restrict = 0; $route = ''; $parent_item = null; $parent_contact = null; $thr_parent = ''; $parid = 0; $r = false; if ($parent || $parent_mid) { if (!x($_REQUEST, 'type')) { $_REQUEST['type'] = 'net-comment'; } if ($obj_type == ACTIVITY_OBJ_POST) { $obj_type = ACTIVITY_OBJ_COMMENT; } if ($parent) { $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent)); } elseif ($parent_mid && $uid) { // This is coming from an API source, and we are logged in $r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), intval($uid)); } // if this isn't the real parent of the conversation, find it if ($r !== false && count($r)) { $parid = $r[0]['parent']; $parent_mid = $r[0]['mid']; if ($r[0]['id'] != $r[0]['parent']) { $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid)); } } if ($r === false || !count($r)) { notice(t('Unable to locate original post.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } // can_comment_on_post() needs info from the following xchan_query xchan_query($r); $parent_item = $r[0]; $parent = $r[0]['id']; // multi-level threading - preserve the info but re-parent to our single level threading $thr_parent = $parent_mid; $route = $parent_item['route']; } if (!$observer) { $observer = $a->get_observer(); } if ($parent) { logger('mod_item: item_post parent=' . $parent); $can_comment = false; if (array_key_exists('owner', $parent_item) && $parent_item['owner']['abook_flags'] & ABOOK_FLAG_SELF) { $can_comment = perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_comments'); } else { $can_comment = can_comment_on_post($observer['xchan_hash'], $parent_item); } if (!$can_comment) { notice(t('Permission denied.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } else { if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_wall')) { notice(t('Permission denied.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } // is this an edited post? $orig_post = null; if ($namespace && $remote_id) { // It wasn't an internally generated post - see if we've got an item matching this remote service id $i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", dbesc($namespace), dbesc($remote_id)); if ($i) { $post_id = $i[0]['iid']; } } if ($post_id) { $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id)); if (!count($i)) { killme(); } $orig_post = $i[0]; } if (!$channel) { if ($uid && $uid == $profile_uid) { $channel = $a->get_channel(); } else { // posting as yourself but not necessarily to a channel you control $r = q("select * from channel left join account on channel_account_id = account_id where channel_id = %d LIMIT 1", intval($profile_uid)); if ($r) { $channel = $r[0]; } } } if (!$channel) { logger("mod_item: no channel."); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } $owner_xchan = null; $r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($channel['channel_hash'])); if ($r && count($r)) { $owner_xchan = $r[0]; } else { logger("mod_item: no owner."); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } $walltowall = false; $walltowall_comment = false; if ($remote_xchan) { $observer = $remote_observer; } if ($observer) { logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG); // wall-to-wall detection. // For top-level posts, if the author and owner are different it's a wall-to-wall // For comments, We need to additionally look at the parent and see if it's a wall post that originated locally. if ($observer['xchan_name'] != $owner_xchan['xchan_name']) { if ($parent_item && ($parent_item['item_flags'] & (ITEM_WALL | ITEM_ORIGIN)) == (ITEM_WALL | ITEM_ORIGIN)) { $walltowall_comment = true; $walltowall = true; } if (!$parent) { $walltowall = true; } } } $public_policy = x($_REQUEST, 'public_policy') ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'], true); if ($webpage) { $public_policy = ''; } if ($public_policy) { $private = 1; } if ($orig_post) { $private = 0; // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. if ($webpage) { $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); } else { $str_group_allow = $orig_post['allow_gid']; $str_contact_allow = $orig_post['allow_cid']; $str_group_deny = $orig_post['deny_gid']; $str_contact_deny = $orig_post['deny_cid']; $public_policy = $orig_post['public_policy']; $private = $orig_post['item_private']; } if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) || $private) { $private = 1; } $location = $orig_post['location']; $coord = $orig_post['coord']; $verb = $orig_post['verb']; $app = $orig_post['app']; $title = escape_tags(trim($_REQUEST['title'])); $body = trim($_REQUEST['body']); $item_flags = $orig_post['item_flags']; // force us to recalculate if we need to obscure this post if ($item_flags & ITEM_OBSCURED) { $item_flags = $item_flags ^ ITEM_OBSCURED; } $item_restrict = $orig_post['item_restrict']; $postopts = $orig_post['postopts']; $created = $orig_post['created']; $mid = $orig_post['mid']; $parent_mid = $orig_post['parent_mid']; $plink = $orig_post['plink']; } else { // if coming from the API and no privacy settings are set, // use the user default permissions - as they won't have // been supplied via a form. if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) { $str_group_allow = $channel['channel_allow_gid']; $str_contact_allow = $channel['channel_allow_cid']; $str_group_deny = $channel['channel_deny_gid']; $str_contact_deny = $channel['channel_deny_cid']; } elseif ($walltowall) { // use the channel owner's default permissions $str_group_allow = $channel['channel_allow_gid']; $str_contact_allow = $channel['channel_allow_cid']; $str_group_deny = $channel['channel_deny_gid']; $str_contact_deny = $channel['channel_deny_cid']; } else { // use the posted permissions $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); } $location = notags(trim($_REQUEST['location'])); $coord = notags(trim($_REQUEST['coord'])); $verb = notags(trim($_REQUEST['verb'])); $title = escape_tags(trim($_REQUEST['title'])); $body = trim($_REQUEST['body']); $body .= trim($_REQUEST['attachment']); $postopts = ''; $private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) ? 1 : 0; // If this is a comment, set the permissions from the parent. if ($parent_item) { $private = 0; if ($parent_item['item_private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid']) || strlen($parent_item['public_policy'])) { $private = $parent_item['item_private'] ? $parent_item['item_private'] : 1; } $public_policy = $parent_item['public_policy']; $str_contact_allow = $parent_item['allow_cid']; $str_group_allow = $parent_item['allow_gid']; $str_contact_deny = $parent_item['deny_cid']; $str_group_deny = $parent_item['deny_gid']; $owner_hash = $parent_item['owner_xchan']; } if (!strlen($body)) { if ($preview) { killme(); } info(t('Empty post discarded.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } $expires = NULL_DATE; if (feature_enabled($profile_uid, 'content_expire')) { if (x($_REQUEST, 'expire')) { $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['expire']); if ($expires <= datetime_convert()) { $expires = NULL_DATE; } } } $mimetype = notags(trim($_REQUEST['mimetype'])); if (!$mimetype) { $mimetype = 'text/bbcode'; } if ($preview) { $body = z_input_filter($profile_uid, $body, $mimetype); } // Verify ability to use html or php!!! $execflag = false; if ($mimetype === 'application/x-php') { $z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid)); if ($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE || $z[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { if ($uid && get_account_id() == $z[0]['account_id']) { $execflag = true; } else { notice(t('Executable content type not permitted to this channel.') . EOL); if (x($_REQUEST, 'return')) { goaway($a->get_baseurl() . "/" . $return_path); } killme(); } } } if ($mimetype === 'text/bbcode') { require_once 'include/text.php'; if ($uid && $uid == $profile_uid && feature_enabled($uid, 'markdown')) { require_once 'include/bb2diaspora.php'; $body = escape_tags($body); $body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_shield', $body); $body = diaspora2bb($body, true); $body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_unshield', $body); } // BBCODE alert: the following functions assume bbcode input // and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.) // we may need virtual or template classes to implement the possible alternatives // Work around doubled linefeeds in Tinymce 3.5b2 // First figure out if it's a status post that would've been // created using tinymce. Otherwise leave it alone. $plaintext = true; // $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true); // if((! $parent) && (! $api_source) && (! $plaintext)) { // $body = fix_mce_lf($body); // } // If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set. if (!$parent && get_pconfig($profile_uid, 'system', 'tagifonlyrecip') && substr_count($str_contact_allow, '<') == 1 && $str_group_allow == '' && $str_contact_deny == '' && $str_group_deny == '') { $x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc(str_replace(array('<', '>'), array('', ''), $str_contact_allow)), intval($profile_uid)); if ($x && $x[0]['abook_their_perms'] & PERMS_W_TAGWALL) { $body .= "\n\n@group+" . $x[0]['abook_id'] . "\n"; } } /** * fix naked links by passing through a callback to see if this is a red site * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both. * First protect any url inside certain bbcode tags so we don't double link it. */ $body = preg_replace_callback('/\\[code(.*?)\\[\\/(code)\\]/ism', 'red_escape_codeblock', $body); $body = preg_replace_callback('/\\[url(.*?)\\[\\/(url)\\]/ism', 'red_escape_codeblock', $body); $body = preg_replace_callback('/\\[zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_escape_codeblock', $body); $body = preg_replace_callback("/([^\\]\\='" . '"' . "\\/]|^|\\#\\^)(https?\\:\\/\\/[a-zA-Z0-9\\:\\/\\-\\?\\&\\;\\.\\=\\@\\_\\~\\#\\%\$\\!\\+\\,]+)/ism", 'red_zrl_callback', $body); $body = preg_replace_callback('/\\[\\$b64zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_unescape_codeblock', $body); $body = preg_replace_callback('/\\[\\$b64url(.*?)\\[\\/(url)\\]/ism', 'red_unescape_codeblock', $body); $body = preg_replace_callback('/\\[\\$b64code(.*?)\\[\\/(code)\\]/ism', 'red_unescape_codeblock', $body); // fix any img tags that should be zmg $body = preg_replace_callback('/\\[img(.*?)\\](.*?)\\[\\/img\\]/ism', 'red_zrlify_img_callback', $body); $body = bb_translate_video($body); /** * Fold multi-line [code] sequences */ $body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body); $body = scale_external_images($body, false); // Look for tags and linkify them $results = linkify_tags($a, $body, $uid ? $uid : $profile_uid); if ($results) { // Set permissions based on tag replacements set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private); $post_tags = array(); foreach ($results as $result) { $success = $result['success']; if ($success['replaced']) { $post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']); } } } /** * * When a photo was uploaded into the message using the (profile wall) ajax * uploader, The permissions are initially set to disallow anybody but the * owner from seeing it. This is because the permissions may not yet have been * set for the post. If it's private, the photo permissions should be set * appropriately. But we didn't know the final permissions on the post until * now. So now we'll look for links of uploaded photos and attachments that are in the * post and set them to the same permissions as the post itself. * * If the post was end-to-end encrypted we can't find images and attachments in the body, * use our media_str input instead which only contains these elements - but only do this * when encrypted content exists because the photo/attachment may have been removed from * the post and we should keep it private. If it's encrypted we have no way of knowing * so we'll set the permissions regardless and realise that the media may not be * referenced in the post. * * What is preventing us from being able to upload photos into comments is dealing with * the photo and attachment permissions, since we don't always know who was in the * distribution for the top level post. * * We might be able to provide this functionality with a lot of fiddling: * - if the top level post is public (make the photo public) * - if the top level post was written by us or a wall post that belongs to us (match the top level post) * - if the top level post has privacy mentions, add those to the permissions. * - otherwise disallow the photo *or* make the photo public. This is the part that gets messy. */ if (!$preview) { fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); fix_attached_file_permissions($channel, $observer['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny); } $attachments = ''; $match = false; if (preg_match_all('/(\\[attachment\\](.*?)\\[\\/attachment\\])/', $body, $match)) { $attachments = array(); foreach ($match[2] as $mtch) { $hash = substr($mtch, 0, strpos($mtch, ',')); $rev = intval(substr($mtch, strpos($mtch, ','))); $r = attach_by_hash_nodata($hash, $rev); if ($r['success']) { $attachments[] = array('href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], 'length' => $r['data']['filesize'], 'type' => $r['data']['filetype'], 'title' => urlencode($r['data']['filename']), 'revision' => $r['data']['revision']); } $body = str_replace($match[1], '', $body); } } } // BBCODE end alert if (strlen($categories)) { $cats = explode(',', $categories); foreach ($cats as $cat) { $post_tags[] = array('uid' => $profile_uid, 'type' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat))); } } $item_unseen = 1; // determine if this is a wall post if ($parent) { if ($parent_item['item_flags'] & ITEM_WALL) { $item_flags = $item_flags | ITEM_WALL; } } else { if (!$webpage) { $item_flags = $item_flags | ITEM_WALL; } } if ($origin) { $item_flags = $item_flags | ITEM_ORIGIN; } if ($moderated) { $item_restrict = $item_restrict | ITEM_MODERATED; } if ($webpage) { $item_restrict = $item_restrict | $webpage; } if (!strlen($verb)) { $verb = ACTIVITY_POST; } $notify_type = $parent ? 'comment-new' : 'wall-new'; if (!$mid) { $mid = $message_id ? $message_id : item_message_id(); } if (!$parent_mid) { $parent_mid = $mid; } if ($parent_item) { $parent_mid = $parent_item['mid']; } // Fallback so that we alway have a thr_parent if (!$thr_parent) { $thr_parent = $mid; } $datarray = array(); if (!$parent) { $item_flags = $item_flags | ITEM_THREAD_TOP; } if ($consensus) { $item_flags |= ITEM_CONSENSUS; } if (!$plink && $item_flags & ITEM_THREAD_TOP) { $plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid; } $datarray['aid'] = $channel['channel_account_id']; $datarray['uid'] = $profile_uid; $datarray['owner_xchan'] = $owner_hash ? $owner_hash : $owner_xchan['xchan_hash']; $datarray['author_xchan'] = $observer['xchan_hash']; $datarray['created'] = $created; $datarray['edited'] = $orig_post ? datetime_convert() : $created; $datarray['expires'] = $expires; $datarray['commented'] = $orig_post ? datetime_convert() : $created; $datarray['received'] = $orig_post ? datetime_convert() : $created; $datarray['changed'] = $orig_post ? datetime_convert() : $created; $datarray['mid'] = $mid; $datarray['parent_mid'] = $parent_mid; $datarray['mimetype'] = $mimetype; $datarray['title'] = $title; $datarray['body'] = $body; $datarray['app'] = $app; $datarray['location'] = $location; $datarray['coord'] = $coord; $datarray['verb'] = $verb; $datarray['obj_type'] = $obj_type; $datarray['allow_cid'] = $str_contact_allow; $datarray['allow_gid'] = $str_group_allow; $datarray['deny_cid'] = $str_contact_deny; $datarray['deny_gid'] = $str_group_deny; $datarray['item_private'] = $private; $datarray['attach'] = $attachments; $datarray['thr_parent'] = $thr_parent; $datarray['postopts'] = $postopts; $datarray['item_restrict'] = $item_restrict; $datarray['item_flags'] = $item_flags; $datarray['layout_mid'] = $layout_mid; $datarray['public_policy'] = $public_policy; $datarray['comment_policy'] = map_scope($channel['channel_w_comment']); $datarray['term'] = $post_tags; $datarray['plink'] = $plink; $datarray['route'] = $route; $datarray['item_unseen'] = $item_unseen; // preview mode - prepare the body for display and send it via json if ($preview) { require_once 'include/conversation.php'; $datarray['owner'] = $owner_xchan; $datarray['author'] = $observer; $datarray['attach'] = json_encode($datarray['attach']); $o = conversation($a, array($datarray), 'search', false, 'preview'); // logger('preview: ' . $o, LOGGER_DEBUG); echo json_encode(array('preview' => $o)); killme(); } if ($orig_post) { $datarray['edit'] = true; } call_hooks('post_local', $datarray); if (x($datarray, 'cancel')) { logger('mod_item: post cancelled by plugin.'); if ($return_path) { goaway($a->get_baseurl() . "/" . $return_path); } $json = array('cancel' => 1); if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) { $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload']; } echo json_encode($json); killme(); } if (mb_strlen($datarray['title']) > 255) { $datarray['title'] = mb_substr($datarray['title'], 0, 255); } if (array_key_exists('item_private', $datarray) && $datarray['item_private']) { $datarray['body'] = trim(z_input_filter($datarray['uid'], $datarray['body'], $datarray['mimetype'])); if ($uid) { if ($channel['channel_hash'] === $datarray['author_xchan']) { $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'], $channel['channel_prvkey'])); $datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED; } } logger('Encrypting local storage'); $key = get_config('system', 'pubkey'); $datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED; if ($datarray['title']) { $datarray['title'] = json_encode(crypto_encapsulate($datarray['title'], $key)); } if ($datarray['body']) { $datarray['body'] = json_encode(crypto_encapsulate($datarray['body'], $key)); } } if ($orig_post) { $datarray['id'] = $post_id; item_store_update($datarray, $execflag); update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid); if (!$nopush) { proc_run('php', "include/notifier.php", 'edit_post', $post_id); } if (x($_REQUEST, 'return') && strlen($return_path)) { logger('return: ' . $return_path); goaway($a->get_baseurl() . "/" . $return_path); } killme(); } else { $post_id = 0; } $post = item_store($datarray, $execflag); $post_id = $post['item_id']; if ($post_id) { logger('mod_item: saved item ' . $post_id); if ($parent) { // only send comment notification if this is a wall-to-wall comment, // otherwise it will happen during delivery if ($datarray['owner_xchan'] != $datarray['author_xchan'] && $parent_item['item_flags'] & ITEM_WALL) { notification(array('type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_mid' => $parent_item['mid'])); } } else { $parent = $post_id; if ($datarray['owner_xchan'] != $datarray['author_xchan']) { notification(array('type' => NOTIFY_WALL, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item')); } if ($uid && $uid == $profile_uid && !$datarray['item_restrict']) { q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($uid)); } } // photo comments turn the corresponding item visible to the profile wall // This way we don't see every picture in your new photo album posted to your wall at once. // They will show up as people comment on them. if ($parent_item['item_restrict'] & ITEM_HIDDEN) { $r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['id'])); } } else { logger('mod_item: unable to retrieve post that was just stored.'); notice(t('System error. Post not saved.') . EOL); goaway($a->get_baseurl() . "/" . $return_path); // NOTREACHED } if ($parent) { // Store the comment signature information in case we need to relay to Diaspora $ditem = $datarray; $ditem['author'] = $observer; store_diaspora_comment_sig($ditem, $channel, $parent_item, $post_id, $walltowall_comment ? 1 : 0); } update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid); $datarray['id'] = $post_id; $datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id; call_hooks('post_local_end', $datarray); if (!$nopush) { proc_run('php', 'include/notifier.php', $notify_type, $post_id); } logger('post_complete'); // figure out how to return, depending on from whence we came if ($api_source) { return $post; } if ($return_path) { goaway($a->get_baseurl() . "/" . $return_path); } $json = array('success' => 1); if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) { $json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload']; } logger('post_json: ' . print_r($json, true), LOGGER_DEBUG); echo json_encode($json); killme(); // NOTREACHED }
function item_post(&$a) { if (!local_user() && !remote_user()) { return; } require_once 'include/security.php'; $uid = $_SESSION['uid']; $parent = x($_POST, 'parent') ? intval($_POST['parent']) : 0; $parent_item = null; if ($parent) { $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent)); if (!count($r)) { notice(t('Unable to locate original post.') . EOL); goaway($a->get_baseurl() . "/" . $_POST['return']); } $parent_item = $r[0]; } $profile_uid = x($_POST, 'profile_uid') ? intval($_POST['profile_uid']) : 0; if (!can_write_wall($a, $profile_uid)) { notice(t('Permission denied.') . EOL); return; } $user = null; $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($profile_uid)); if (count($r)) { $user = $r[0]; } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $title = notags(trim($_POST['title'])); $body = escape_tags(trim($_POST['body'])); $location = notags(trim($_POST['location'])); $verb = notags(trim($_POST['verb'])); if (!strlen($body)) { notice(t('Empty post discarded.') . EOL); goaway($a->get_baseurl() . "/" . $_POST['return']); } // get contact info for poster $author = null; if ($_SESSION['uid'] && $_SESSION['uid'] == $profile_uid) { $r = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1", intval($_SESSION['uid'])); } else { if (x($_SESSION, 'visitor_id') && intval($_SESSION['visitor_id'])) { $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($_SESSION['visitor_id'])); } } if (count($r)) { $author = $r[0]; $contact_id = $author['id']; } // get contact info for owner if ($profile_uid == $_SESSION['uid']) { $contact_record = $author; } else { $r = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1", intval($profile_uid)); if (count($r)) { $contact_record = $r[0]; } } $post_type = notags(trim($_POST['type'])); if ($post_type == 'net-comment') { if ($parent_item !== null) { if ($parent_item['type'] == 'remote') { $post_type = 'remote-comment'; } else { $post_type = 'wall-comment'; } } } $wall = 0; if ($post_type == 'wall' || $post_type == 'wall-comment') { $wall = 1; } if (!strlen($verb)) { $verb = ACTIVITY_POST; } $gravity = $parent ? 6 : 0; $notify_type = $parent ? 'comment-new' : 'wall-new'; $uri = item_new_uri($a->get_hostname(), $profile_uid); $r = q("INSERT INTO `item` (`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, \n\t\t`author-name`, `author-link`, `author-avatar`, `created`,\n\t\t`edited`, `changed`, `uri`, `title`, `body`, `location`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)\n\t\tVALUES( '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", dbesc($post_type), intval($wall), intval($gravity), intval($contact_id), dbesc($contact_record['name']), dbesc($contact_record['url']), dbesc($contact_record['thumb']), dbesc($author['name']), dbesc($author['url']), dbesc($author['thumb']), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($uri), dbesc($title), dbesc($body), dbesc($location), dbesc($verb), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny)); $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($uri)); if (count($r)) { $post_id = $r[0]['id']; if ($parent) { // This item is the last leaf and gets the comment box, clear any ancestors $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ", dbesc(datetime_convert()), intval($parent)); // Inherit ACL's from the parent item. // TODO merge with subsequent UPDATE operation and save a db write $r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\tWHERE `id` = %d LIMIT 1", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), intval($post_id)); if ($user['notify-flags'] & NOTIFY_COMMENT && $contact_record != $author) { require_once 'bbcode.php'; $from = $author['name']; $tpl = file_get_contents('view/cmnt_received_eml.tpl'); $email_tpl = replace_macros($tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $user['username'], '$email' => $user['email'], '$from' => $from, '$body' => strip_tags(bbcode($body)))); $res = mail($user['email'], $from . t(" commented on your item at ") . $a->config['sitename'], $email_tpl, t("From: Administrator@") . $a->get_hostname()); } } else { $parent = $post_id; if ($user['notify-flags'] & NOTIFY_WALL && $contact_record != $author) { require_once 'bbcode.php'; $from = $author['name']; $tpl = file_get_contents('view/wall_received_eml.tpl'); $email_tpl = replace_macros($tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $user['username'], '$email' => $user['email'], '$from' => $from, '$body' => strip_tags(bbcode($body)))); $res = mail($user['email'], $from . t(" posted on your profile wall at ") . $a->config['sitename'], $email_tpl, t("From: Administrator@") . $a->get_hostname()); } } $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1\n\t\t\tWHERE `id` = %d LIMIT 1", intval($parent), dbesc($parent == $post_id ? $uri : $parent_item['uri']), dbesc(datetime_convert()), intval($post_id)); // photo comments turn the corresponding item visible to the profile wall if (!$parent_item['visible']) { $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d LIMIT 1", intval($parent_item['id'])); } } $php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php'; proc_close(proc_open("\"{$php_path}\" \"include/notifier.php\" \"{$notify_type}\" \"{$post_id}\" &", array(), $foo)); goaway($a->get_baseurl() . "/" . $_POST['return']); return; // NOTREACHED }
function settings_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) { notice(t('Permission denied.') . EOL); return; } if ($a->argc > 1 && $a->argv[1] === 'oauth' && x($_POST, 'remove')) { $key = $_POST['remove']; q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_user()); goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 2 && $a->argv[1] === 'oauth' && ($a->argv[2] === 'edit' || $a->argv[2] === 'add') && x($_POST, 'submit')) { $name = x($_POST, 'name') ? $_POST['name'] : ''; $key = x($_POST, 'key') ? $_POST['key'] : ''; $secret = x($_POST, 'secret') ? $_POST['secret'] : ''; $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : ''; $icon = x($_POST, 'icon') ? $_POST['icon'] : ''; if ($name == "" || $key == "" || $secret == "") { notice(t("Missing some important data!")); } else { if ($_POST['submit'] == t("Update")) { $r = q("UPDATE clients SET\n\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\tname='%s',\n\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user(), dbesc($key)); } else { $r = q("INSERT INTO clients\n\t\t\t\t\t\t\t(client_id, pw, name, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), local_user()); } } goaway($a->get_baseurl() . "/settings/oauth/"); return; } if ($a->argc > 1 && $a->argv[1] == 'addon') { call_hooks('plugin_settings_post', $_POST); return; } if ($a->argc > 1 && $a->argv[1] == 'connectors') { if (x($_POST['imap-submit'])) { $mail_server = x($_POST, 'mail_server') ? $_POST['mail_server'] : ''; $mail_port = x($_POST, 'mail_port') ? $_POST['mail_port'] : ''; $mail_ssl = x($_POST, 'mail_ssl') ? strtolower(trim($_POST['mail_ssl'])) : ''; $mail_user = x($_POST, 'mail_user') ? $_POST['mail_user'] : ''; $mail_pass = x($_POST, 'mail_pass') ? trim($_POST['mail_pass']) : ''; $mail_replyto = x($_POST, 'mail_replyto') ? $_POST['mail_replyto'] : ''; $mail_pubmail = x($_POST, 'mail_pubmail') ? $_POST['mail_pubmail'] : ''; $mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1; if (get_config('system', 'dfrn_only')) { $mail_disabled = 1; } if (!$mail_disabled) { $failed = false; $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (!count($r)) { q("INSERT INTO `mailacct` (`uid`) VALUES (%d)", intval(local_user())); } if (strlen($mail_pass)) { $pass = ''; openssl_public_encrypt($mail_pass, $pass, $a->user['pubkey']); q("UPDATE `mailacct` SET `pass` = '%s' WHERE `uid` = %d LIMIT 1", dbesc(bin2hex($pass)), intval(local_user())); } $r = q("UPDATE `mailacct` SET `server` = '%s', `port` = %d, `ssltype` = '%s', `user` = '%s',\n\t\t\t\t\t`mailbox` = 'INBOX', `reply_to` = '%s', `pubmail` = %d WHERE `uid` = %d LIMIT 1", dbesc($mail_server), intval($mail_port), dbesc($mail_ssl), dbesc($mail_user), dbesc($mail_replyto), intval($mail_pubmail), intval(local_user())); $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d LIMIT 1", intval(local_user())); if (count($r)) { $eacct = $r[0]; require_once 'include/email.php'; $mb = construct_mailbox_name($eacct); if (strlen($eacct['server'])) { $dcrpass = ''; openssl_private_decrypt(hex2bin($eacct['pass']), $dcrpass, $a->user['prvkey']); $mbox = email_connect($mb, $mail_user, $dcrpass); unset($dcrpass); if (!$mbox) { $failed = true; notice(t('Failed to connect with email account using the settings provided.') . EOL); } } } if (!$failed) { info(t('Email settings updated.') . EOL); } } } call_hooks('connector_settings_post', $_POST); return; } call_hooks('settings_post', $_POST); if (x($_POST, 'npassword') || x($_POST, 'confirm')) { $newpass = $_POST['npassword']; $confirm = $_POST['confirm']; $err = false; if ($newpass != $confirm) { notice(t('Passwords do not match. Password unchanged.') . EOL); $err = true; } if (!x($newpass) || !x($confirm)) { notice(t('Empty passwords are not allowed. Password unchanged.') . EOL); $err = true; } if (!$err) { $password = hash('whirlpool', $newpass); $r = q("UPDATE `user` SET `password` = '%s' WHERE `uid` = %d LIMIT 1", dbesc($password), intval(local_user())); if ($r) { info(t('Password changed.') . EOL); } else { notice(t('Password update failed. Please try again.') . EOL); } } } $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : ''; $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : ''; $email = x($_POST, 'email') ? notags(trim($_POST['email'])) : ''; $timezone = x($_POST, 'timezone') ? notags(trim($_POST['timezone'])) : ''; $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : ''; $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : ''; $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0; $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0; $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0; $expire_notes = x($_POST, 'expire_notes') ? intval($_POST['expire_notes']) : 0; $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0; $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0; $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0; $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0; $net_publish = x($_POST, 'profile_in_netdirectory') && intval($_POST['profile_in_netdirectory']) == 1 ? 1 : 0; $old_visibility = x($_POST, 'visibility') && intval($_POST['visibility']) == 1 ? 1 : 0; $page_flags = x($_POST, 'page-flags') && intval($_POST['page-flags']) ? intval($_POST['page-flags']) : 0; $blockwall = x($_POST, 'blockwall') && intval($_POST['blockwall']) == 1 ? 0 : 1; // this setting is inverted! $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1; // this setting is inverted! $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0; $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $hidewall = $_POST['hidewall'] == 1 ? 1 : 0; $notify = 0; if (x($_POST, 'notify1')) { $notify += intval($_POST['notify1']); } if (x($_POST, 'notify2')) { $notify += intval($_POST['notify2']); } if (x($_POST, 'notify3')) { $notify += intval($_POST['notify3']); } if (x($_POST, 'notify4')) { $notify += intval($_POST['notify4']); } if (x($_POST, 'notify5')) { $notify += intval($_POST['notify5']); } $email_changed = false; $err = ''; $name_change = false; if ($username != $a->user['username']) { $name_change = true; if (strlen($username) > 40) { $err .= t(' Please use a shorter name.'); } if (strlen($username) < 3) { $err .= t(' Name too short.'); } } if ($email != $a->user['email']) { $email_changed = true; if (!valid_email($email)) { $err .= t(' Not valid email.'); } if (x($a->config, 'admin_email') && strcasecmp($email, $a->config['admin_email']) == 0) { $err .= t(' Cannot change to that email.'); $email = $a->user['email']; } } if (strlen($err)) { notice($err . EOL); return; } if ($timezone != $a->user['timezone']) { if (strlen($timezone)) { date_default_timezone_set($timezone); } } $str_group_allow = perms2str($_POST['group_allow']); $str_contact_allow = perms2str($_POST['contact_allow']); $str_group_deny = perms2str($_POST['group_deny']); $str_contact_deny = perms2str($_POST['contact_deny']); $openidserver = $a->user['openidserver']; // If openid has changed or if there's an openid but no openidserver, try and discover it. if ($openid != $a->user['openid'] || strlen($openid) && !strlen($openidserver)) { $tmp_str = $openid; if (strlen($tmp_str) && validate_url($tmp_str)) { logger('updating openidserver'); require_once 'library/openid.php'; $open_id_obj = new LightOpenID(); $open_id_obj->identity = $openid; $openidserver = $open_id_obj->discover($open_id_obj->identity); } else { $openidserver = ''; } } set_pconfig(local_user(), 'expire', 'items', $expire_items); set_pconfig(local_user(), 'expire', 'notes', $expire_notes); set_pconfig(local_user(), 'expire', 'starred', $expire_starred); set_pconfig(local_user(), 'expire', 'photos', $expire_photos); set_pconfig(local_user(), 'system', 'suggestme', $suggestme); $r = q("UPDATE `user` SET `username` = '%s', `email` = '%s', `openid` = '%s', `timezone` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `notify-flags` = %d, `page-flags` = %d, `default-location` = '%s', `allow_location` = %d, `theme` = '%s', `maxreq` = %d, `expire` = %d, `openidserver` = '%s', `blockwall` = %d, `hidewall` = %d, `blocktags` = %d WHERE `uid` = %d LIMIT 1", dbesc($username), dbesc($email), dbesc($openid), dbesc($timezone), dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($notify), intval($page_flags), dbesc($defloc), intval($allow_location), dbesc($theme), intval($maxreq), intval($expire), dbesc($openidserver), intval($blockwall), intval($hidewall), intval($blocktags), intval(local_user())); if ($r) { info(t('Settings updated.') . EOL); } $r = q("UPDATE `profile` \n\t\tSET `publish` = %d, \n\t\t`net-publish` = %d,\n\t\t`hide-friends` = %d\n\t\tWHERE `is-default` = 1 AND `uid` = %d LIMIT 1", intval($publish), intval($net_publish), intval($hide_friends), intval(local_user())); if ($name_change) { q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `self` = 1 LIMIT 1", dbesc($username), dbesc(datetime_convert()), intval(local_user())); } if ($old_visibility != $net_publish) { // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory_submit_url'))) { proc_run('php', "include/directory.php", "{$url}"); } } require_once 'include/profile_update.php'; profile_change(); $_SESSION['theme'] = $theme; if ($email_changed && $a->config['register_policy'] == REGISTER_VERIFY) { // FIXME - set to un-verified, blocked and redirect to logout } goaway($a->get_baseurl() . '/settings'); return; // NOTREACHED }