/**
* file manager center start
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Modules
* @author Henry Ruhs
*/
function file_manager_center_start()
{
if (LOGGED_IN == TOKEN && FIRST_PARAMETER == 'admin' && SECOND_PARAMETER == 'file-manager') {
if (THIRD_PARAMETER == 'upload') {
file_manager_upload(FILE_MANAGER_DIRECTORY);
} else {
if (THIRD_PARAMETER == 'delete') {
if (TOKEN_PARAMETER == '') {
$error = l('token_incorrect');
} else {
/* file manager directory object */
$file_manager_directory = new Redaxscript\Directory(FILE_MANAGER_DIRECTORY);
$file_manager_directory_string = $file_manager_directory->get(ID_PARAMETER);
/* remove related children */
$file_manager_directory->remove($file_manager_directory_string);
}
}
}
/* handle error */
if ($error) {
notification(l('error_occurred'), $error, l('back'), 'admin/file-manager');
} else {
file_manager(FILE_MANAGER_DIRECTORY);
}
}
}
/**
* routing
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Center
* @author Henry Ruhs
*/
function routing()
{
/* check token */
if ($_POST && $_POST['token'] != TOKEN) {
notification(l('error_occurred'), l('token_incorrect'), l('home'), ROOT);
return;
}
/* call default post */
$post_list = array('comment', 'login', 'password_reset', 'registration', 'reminder', 'search');
foreach ($post_list as $value) {
if ($_POST[$value . '_post'] && function_exists($value . '_post')) {
call_user_func($value . '_post');
return;
}
}
/* general routing */
switch (FIRST_PARAMETER) {
case 'admin':
if (LOGGED_IN == TOKEN) {
admin_routing();
} else {
notification(l('error_occurred'), l('access_no'), l('login'), 'login');
}
return;
case 'login':
login_form();
return;
case 'logout':
if (LOGGED_IN == TOKEN) {
logout();
} else {
notification(l('error_occurred'), l('access_no'), l('login'), 'login');
}
return;
case 'password_reset':
if (s('reminder') == 1 && FIRST_SUB_PARAMETER && THIRD_PARAMETER) {
password_reset_form();
} else {
notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
}
return;
case 'registration':
if (s('registration')) {
registration_form();
} else {
notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
}
return;
case 'reminder':
if (s('reminder') == 1) {
reminder_form();
} else {
notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
}
return;
default:
contents();
return;
}
}
function update_fail($update_id, $error_message)
{
//send the administrators an e-mail
$admin_mail_list = "'" . implode("','", array_map(dbesc, explode(",", str_replace(" ", "", $a->config['admin_email'])))) . "'";
$adminlist = q("SELECT uid, language, email FROM user WHERE email IN (%s)", $admin_mail_list);
// every admin could had different language
foreach ($adminlist as $admin) {
$lang = $admin['language'] ? $admin['language'] : 'en';
push_lang($lang);
$preamble = deindent(t("\n\t\t\tThe friendica developers released update %s recently,\n\t\t\tbut when I tried to install it, something went terribly wrong.\n\t\t\tThis needs to be fixed soon and I can't do it alone. Please contact a\n\t\t\tfriendica developer if you can not help me on your own. My database might be invalid."));
$body = t("The error message is\n[pre]%s[/pre]");
$preamble = sprintf($preamble, $update_id);
$body = sprintf($body, $error_message);
notification(array('type' => "SYSTEM_EMAIL", 'to_email' => $admin['email'], 'preamble' => $preamble, 'body' => $body, 'language' => $lang));
}
/*
$email_tpl = get_intltext_template("update_fail_eml.tpl");
$email_msg = replace_macros($email_tpl, array(
'$sitename' => $a->config['sitename'],
'$siteurl' => $a->get_baseurl(),
'$update' => DB_UPDATE_VERSION,
'$error' => sprintf(t('Update %s failed. See error logs.'), DB_UPDATE_VERSION)
));
$subject=sprintf(t('Update Error at %s'), $a->get_baseurl());
require_once('include/email.php');
$subject = email_header_encode($subject,'UTF-8');
mail($a->config['admin_email'], $subject, $email_msg,
'From: ' . 'Administrator' . '@' . $_SERVER['SERVER_NAME']."\n"
.'Content-type: text/plain; charset=UTF-8'."\n"
.'Content-transfer-encoding: 8bit');
*/
//try the logger
logger("CRITICAL: Database structure update failed: " . $retval);
break;
}
function testdrive_cron($a, $b)
{
require_once 'include/enotify.php';
$r = q("select * from account where account_expires_on < %s + INTERVAL %s and\n\t\taccount_expire_notified = '%s' ", db_utcnow(), db_quoteinterval('5 DAY'), dbesc(NULL_DATE));
if ($r) {
foreach ($r as $rr) {
$uid = $rr['account_default_channel'];
if (!$uid) {
continue;
}
$x = q("select * from channel where channel_id = %d limit 1", intval($uid));
if (!$x) {
continue;
}
notification(array('type' => NOTIFY_SYSTEM, 'system_type' => 'testdrive_expire', 'from_xchan' => $x[0]['channel_hash'], 'to_xchan' => $x[0]['channel_hash']));
q("update account set account_expire_notified = '%s' where account_id = %d", dbesc(datetime_convert()), intval($rr['account_id']));
}
}
// give them a 5 day grace period. Then nuke the account.
$r = q("select * from account where account_expired = 1 and account_expires < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('5 DAY'));
if ($r) {
require_once 'include/Contact.php';
foreach ($r as $rr) {
account_remove($rr['account_id']);
}
}
}
function redirect($uri = '', $msg = '', $method = '', $http_response_code = 302)
{
if ($uri == 'referer' && !isset($_POST['ajx'])) {
$method = 'referer';
}
if (!preg_match('#^https?://#i', $uri)) {
$uri = site_url . str_replace("//", '/', '/' . $uri . '/');
}
if (isset($_POST['ajx']) && $method == '') {
$method = $_POST['ajx'];
}
getNotification($msg);
$_SESSION['not'] = empty($_POST['notification']) ? '' : $_POST['notification'];
// particualr forum echo
switch ($method) {
case 'ajx':
notification($_SESSION['not']);
break;
case 'refresh':
header("Refresh:0;url=" . $uri);
break;
case 'javascript':
echo "<script>window.location='" . $uri . "'</script>";
break;
case 'referer':
echo "<script>window.location='{$_SERVER['HTTP_REFERER']}'</script>";
break;
default:
header("Location: " . $uri, TRUE, $http_response_code);
break;
}
exit;
}
function public_server_cron($a, $b)
{
logger("public_server: cron start");
require_once 'include/enotify.php';
$r = q("select * from user where account_expires_on < UTC_TIMESTAMP() + INTERVAL 5 DAY and account_expires_on > '0000-00-00 00:00:00' and\n\t\texpire_notification_sent = '0000-00-00 00:00:00' ");
if (count($r)) {
foreach ($r as $rr) {
notification(array('uid' => $rr['uid'], 'type' => NOTIFY_SYSTEM, 'system_type' => 'public_server_expire', 'language' => $rr['language'], 'to_name' => $rr['username'], 'to_email' => $rr['email'], 'source_name' => t('Administrator'), 'source_link' => $a->get_baseurl(), 'source_photo' => $a->get_baseurl() . '/images/person-80.jpg'));
q("update user set expire_notification_sent = '%s' where uid = %d", dbesc(datetime_convert()), intval($rr['uid']));
}
}
$r = q("select * from user where account_expired = 1 and account_expires_on < UTC_TIMESTAMP() - INTERVAL 5 DAY and account_expires_on > '0000-00-00 00:00:00'");
if (count($r)) {
require_once 'include/Contact.php';
foreach ($r as $rr) {
user_remove($rr['uid']);
}
}
$nologin = get_config('public_server', 'nologin');
if ($nologin) {
$r = q("select uid from user where account_expired = 0 and login_date = '0000-00-00 00:00:00' and register_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00'", intval($nologin));
if (count($r)) {
foreach ($r as $rr) {
q("update user set account_expires_on = '%s' where uid = %d", dbesc(datetime_convert('UTC', 'UTC', 'now +' . '6 days')), intval($rr['uid']));
}
}
}
$flagusers = get_config('public_server', 'flagusers');
if ($flagusers) {
$r = q("select uid from user where account_expired = 0 and login_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00' and `page-flags` = 0", intval($flagusers));
if (count($r)) {
foreach ($r as $rr) {
q("update user set account_expires_on = '%s' where uid = %d", dbesc(datetime_convert('UTC', 'UTC', 'now +' . '6 days')), intval($rr['uid']));
}
}
}
$flagposts = get_config('public_server', 'flagposts');
$flagpostsexpire = get_config('public_server', 'flagpostsexpire');
if ($flagposts && $flagpostsexpire) {
$r = q("select uid from user where account_expired = 0 and login_date < UTC_TIMESTAMP() - INTERVAL %d DAY and account_expires_on = '0000-00-00 00:00:00' and expire = 0 and `page-flags` = 0", intval($flagposts));
if (count($r)) {
foreach ($r as $rr) {
q("update user set expire = %d where uid = %d", intval($flagpostsexpire), intval($rr['uid']));
}
}
}
logger("public_server: cron end");
}
function query($query)
{
require_once ABSOLUTE_BASEPATH . '/languages/' . BOARD_LANGUAGE . '.lang';
$dbquery = $this->dbtype . '_query';
$dbfetch = $this->dbtype . '_fetch_array';
if (!($this->res = @$dbquery($query))) {
require_once ABSOLUTE_BASEPATH . '/header.' . PHPEXT;
notification($this->_LANG['query_error'] . '<br><br>' . $query . '<br><br>' . mysql_error(), '', 60);
die;
}
$dbres = array();
while ($row = @$dbfetch($this->res, MYSQL_ASSOC)) {
array_push($dbres, $row);
}
return $dbres;
}
function testdrive_cron($a, $b)
{
require_once 'include/enotify.php';
$r = q("select * from user where account_expires_on < UTC_TIMESTAMP() + INTERVAL 5 DAY and\n\t\texpire_notification_sent = '0000-00-00 00:00:00' ");
if (count($r)) {
foreach ($r as $rr) {
notification(array('uid' => $rr['uid'], 'type' => NOTIFY_SYSTEM, 'system_type' => 'testdrive_expire', 'language' => $rr['language'], 'to_name' => $rr['username'], 'to_email' => $rr['email'], 'source_name' => t('Administrator'), 'source_link' => $a->get_baseurl(), 'source_photo' => $a->get_baseurl() . '/images/person-80.jpg'));
q("update user set expire_notification_sent = '%s' where uid = %d", dbesc(datetime_convert()), intval($rr['uid']));
}
}
$r = q("select * from user where account_expired = 1 and account_expires_on < UTC_TIMESTAMP() - INTERVAL 5 DAY ");
if (count($r)) {
require_once 'include/Contact.php';
foreach ($r as $rr) {
user_remove($rr['uid']);
}
}
}
/**
* login
*
* @since 2.2.0
*/
protected static function _login()
{
$root = Registry::get('root');
$token = Registry::get('token');
/* session values */
Request::setSession($root . '/logged_in', $token);
Request::setSession($root . '/my_name', 'Anonymous');
Request::setSession($root . '/my_user', 'demo');
Request::setSession($root . '/my_email', '*****@*****.**');
Request::setSession($root . '/categories_new', 1);
Request::setSession($root . '/categories_edit', 1);
Request::setSession($root . '/articles_new', 1);
Request::setSession($root . '/articles_edit', 1);
Request::setSession($root . '/comments_new', 1);
Request::setSession($root . '/comments_edit', 1);
Request::setSession($root . '/settings_edit', 1);
Request::setSession($root . '/filter', 1);
/* notification */
notification(l('welcome'), l('logged_in'), l('continue'), 'admin');
}
/**
* login
*
* @since 2.4.0
*/
protected static function _login()
{
$root = Registry::get('root');
$token = Registry::get('token');
$tableArray = array('categories', 'articles', 'extras', 'comments', 'groups', 'users');
/* session values */
Request::setSession($root . '/logged_in', $token);
Request::setSession($root . '/my_name', 'Demo');
Request::setSession($root . '/my_user', 'demo');
Request::setSession($root . '/my_email', 'demo@localhost');
foreach ($tableArray as $value) {
Request::setSession($root . '/' . $value . '_new', 1);
Request::setSession($root . '/' . $value . '_edit', 1);
Request::setSession($root . '/' . $value . '_delete', 1);
}
Request::setSession($root . '/modules_install', 0);
Request::setSession($root . '/modules_edit', 0);
Request::setSession($root . '/modules_uninstall', 0);
Request::setSession($root . '/settings_edit', 1);
Request::setSession($root . '/filter', 1);
/* notification */
notification(Language::get('welcome'), Language::get('logged_in'), Language::get('continue'), 'admin');
}
/**
* search post
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Search
* @author Henry Ruhs
*/
function search_post()
{
/* clean post */
if (ATTACK_BLOCKED < 10) {
$search_terms = clean($_POST['search_terms'], 1);
}
/* validate post */
if (strlen($search_terms) < 3 || $search_terms == l('search_terms')) {
$error = l('input_incorrect');
} else {
$search = array_filter(explode(' ', $search_terms));
$search_keys = array_keys($search);
$last = end($search_keys);
/* query search */
$query = 'SELECT id, title, alias, description, date, category, access FROM ' . PREFIX . 'articles WHERE (language = \'' . LANGUAGE . '\' || language = \'\') && status = 1';
if ($search) {
$query .= ' && (';
foreach ($search as $key => $value) {
$query .= 'title LIKE \'%' . $value . '%\' || description LIKE \'%' . $value . '%\' || keywords LIKE \'%' . $value . '%\' || text LIKE \'%' . $value . '%\'';
if ($last != $key) {
$query .= ' || ';
}
}
$query .= ')';
}
$query .= ' ORDER BY date DESC LIMIT 50';
$result = mysql_query($query);
$num_rows = mysql_num_rows($result);
if ($result == '' || $num_rows == '') {
$error = l('search_no');
} else {
if ($result) {
$accessValidator = new Redaxscript\Validator\Access();
$output = '<h2 class="title_content title_search_result">' . l('search') . '</h2>';
$output .= form_element('fieldset', '', 'set_search_result', '', '', '<span class="title_content_sub title_search_result_sub">' . l('articles') . '</span>') . '<ol class="list_search_result">';
while ($r = mysql_fetch_assoc($result)) {
$access = $r['access'];
$check_access = $accessValidator->validate($access, MY_GROUPS);
/* if access granted */
if ($check_access == 1) {
if ($r) {
foreach ($r as $key => $value) {
${$key} = stripslashes($value);
}
}
/* prepare metadata */
if ($description == '') {
$description = $title;
}
$date = date(s('date'), strtotime($date));
/* build route */
if ($category == 0) {
$route = $alias;
} else {
$route = build_route('articles', $id);
}
/* collect item output */
$output .= '<li class="item_search_result">' . anchor_element('internal', '', 'link_search_result', $title, $route, $description) . '<span class="date_search_result">' . $date . '</span></li>';
} else {
$counter++;
}
}
$output .= '</ol></fieldset>';
/* handle access */
if ($num_rows == $counter) {
$error = l('access_no');
}
}
}
}
/* handle error */
if ($error) {
notification(l('something_wrong'), $error);
} else {
echo $output;
}
}
/**
* Users admin page
*
* @param App $a
*/
function admin_page_users_post(&$a)
{
$pending = x($_POST, 'pending') ? $_POST['pending'] : array();
$users = x($_POST, 'user') ? $_POST['user'] : array();
$nu_name = x($_POST, 'new_user_name') ? $_POST['new_user_name'] : '';
$nu_nickname = x($_POST, 'new_user_nickname') ? $_POST['new_user_nickname'] : '';
$nu_email = x($_POST, 'new_user_email') ? $_POST['new_user_email'] : '';
check_form_security_token_redirectOnErr('/admin/users', 'admin_users');
if (!($nu_name === "") && !($nu_email === "") && !($nu_nickname === "")) {
require_once 'include/user.php';
$result = create_user(array('username' => $nu_name, 'email' => $nu_email, 'nickname' => $nu_nickname, 'verified' => 1));
if (!$result['success']) {
notice($result['message']);
return;
}
$nu = $result['user'];
$preamble = deindent(t('
Dear %1$s,
the administrator of %2$s has set up an account for you.'));
$body = deindent(t('
The login details are as follows:
Site Location: %1$s
Login Name: %2$s
Password: %3$s
You may change your password from your account "Settings" page after logging
in.
Please take a few moments to review the other account settings on that page.
You may also wish to add some basic information to your default profile
(on the "Profiles" page) so that other people can easily find you.
We recommend setting your full name, adding a profile photo,
adding some profile "keywords" (very useful in making new friends) - and
perhaps what country you live in; if you do not wish to be more specific
than that.
We fully respect your right to privacy, and none of these items are necessary.
If you are new and do not know anybody here, they may help
you to make some new and interesting friends.
Thank you and welcome to %4$s.'));
$preamble = sprintf($preamble, $nu['username'], $a->config['sitename']);
$body = sprintf($body, $a->get_baseurl(), $nu['email'], $result['password'], $a->config['sitename']);
notification(array('type' => "SYSTEM_EMAIL", 'to_email' => $nu['email'], 'subject' => sprintf(t('Registration details for %s'), $a->config['sitename']), 'preamble' => $preamble, 'body' => $body));
}
if (x($_POST, 'page_users_block')) {
foreach ($users as $uid) {
q("UPDATE `user` SET `blocked`=1-`blocked` WHERE `uid`=%s", intval($uid));
}
notice(sprintf(tt("%s user blocked/unblocked", "%s users blocked/unblocked", count($users)), count($users)));
}
if (x($_POST, 'page_users_delete')) {
require_once "include/Contact.php";
foreach ($users as $uid) {
user_remove($uid);
}
notice(sprintf(tt("%s user deleted", "%s users deleted", count($users)), count($users)));
}
if (x($_POST, 'page_users_approve')) {
require_once "mod/regmod.php";
foreach ($pending as $hash) {
user_allow($hash);
}
}
if (x($_POST, 'page_users_deny')) {
require_once "mod/regmod.php";
foreach ($pending as $hash) {
user_deny($hash);
}
}
goaway($a->get_baseurl(true) . '/admin/users');
return;
// NOTREACHED
}
/**
* logout
*
* @since 1.2.1
* @deprecated 2.0.0
*
* @package Redaxscript
* @category Login
* @author Henry Ruhs
*/
function logout()
{
session_destroy();
notification(l('goodbye'), l('logged_out'), l('continue'), 'login');
}
function diaspora_request($importer, $xml)
{
$a = get_app();
$sender_handle = unxmlify($xml->sender_handle);
$recipient_handle = unxmlify($xml->recipient_handle);
if (!$sender_handle || !$recipient_handle) {
return;
}
// Do we already have an abook record?
$contact = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle);
if ($contact && $contact['abook_id']) {
// perhaps we were already sharing with this person. Now they're sharing with us.
// That makes us friends. Maybe.
// Please note some of these permissions such as PERMS_R_PAGES are impossible for Disapora.
// They cannot authenticate to our system.
$newperms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES;
$r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1", intval($newperms), intval($contact['abook_id']), intval($importer['channel_id']));
return;
}
$ret = find_diaspora_person_by_handle($sender_handle);
if (!$ret || !strstr($ret['xchan_network'], 'diaspora')) {
logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle);
return;
}
$default_perms = 0;
// look for default permissions to apply in return - e.g. auto-friend
$z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", intval($importer['channel_id']), intval(ABOOK_FLAG_SELF));
if ($z) {
$default_perms = intval($z[0]['abook_my_perms']);
}
$their_perms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES;
$r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_my_perms, abook_their_perms, abook_closeness, abook_rating, abook_created, abook_updated, abook_connected, abook_dob, abook_flags) values ( %d, %d, '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($importer['channel_account_id']), intval($importer['channel_id']), dbesc($ret['xchan_hash']), intval($default_perms), intval($their_perms), intval(99), intval(0), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(NULL_DATE), intval($default_perms ? 0 : ABOOK_FLAG_PENDING));
if ($r) {
logger("New Diaspora introduction received for {$importer['channel_name']}");
$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash left join hubloc on hubloc_hash = xchan_hash where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", intval($importer['channel_id']), dbesc($ret['xchan_hash']));
if ($new_connection) {
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $ret['xchan_hash'], 'to_xchan' => $importer['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id']));
if ($default_perms) {
// Send back a sharing notification to them
diaspora_share($importer, $new_connection[0]);
}
}
}
// find the abook record we just created
$contact_record = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle);
if (!$contact_record) {
logger('diaspora_request: unable to locate newly created contact record.');
return;
}
/** If there is a default group for this channel, add this member to it */
if ($importer['channel_default_group']) {
require_once 'include/group.php';
$g = group_rec_byhash($importer['channel_id'], $importer['channel_default_group']);
if ($g) {
group_add_member($importer['channel_id'], '', $contact_record['xchan_hash'], $g['id']);
}
}
return;
}
/**
* 重置密码
*/
public function repwd()
{
$user_id = I('uid');
if (empty($user_id)) {
$this->ajaxReturn(array('status' => 0, 'message' => '无法获取该行'));
}
$where['user_id'] = array('eq', $user_id);
$info = M('User')->where($where)->find();
/* if(empty($info['identity_card_no'])){
$this->ajaxReturn(array('status'=>0,'message'=>'没有进行身份认证'));
}*/
/*if(md5($info['mobile'] == $info['password'])){
$this->ajaxReturn(array('status'=>1,'message'=>'重置密码成功'));
}*/
$update = M('User')->where($where)->save(array('password' => md5($info['mobile'])));
//($pwd);exit;
if ($update !== false) {
notification('userInfoChange', array('userId' => $user_id));
$this->ajaxReturn(array('status' => 1, 'message' => '重置密码成功'));
} else {
$this->ajaxReturn(array('status' => 0, 'message' => '重置密码失败'));
}
}
$strQuery = "UPDATE `prescriptions` set\n provider_id = " . add_escape_custom($provider_id) . ", \n start_date = '" . add_escape_custom($startDate) . "',\n form = '" . add_escape_custom($drug_form) . "',\n drug = '" . add_escape_custom($drug) . "', \n dosage = '" . add_escape_custom($dosage) . "', \n unit = '" . add_escape_custom($drug_units) . "', \n route = '" . add_escape_custom($drug_route) . "', \n `interval` = '" . add_escape_custom($drug_interval) . "', \n substitute = '" . add_escape_custom($substitute) . "',\n quantity = '" . add_escape_custom($quantity) . "', \n refills = '" . add_escape_custom($per_refill) . "', \n medication = '" . add_escape_custom($medication) . "',\n date_modified = '" . date('Y-m-d') . "',\n size = '" . add_escape_custom($size) . "', \n per_refill = '" . add_escape_custom($p_refill) . "',\n note = '" . add_escape_custom($note) . "'\n WHERE id = ?";
$result = sqlStatement($strQuery, array($id));
$list_result = 1;
if ($medication) {
$select_medication = "SELECT * FROM `lists` \n WHERE `type` LIKE 'medication'\n AND `title` LIKE ? \n AND `pid` = ?";
$result1 = sqlQuery($select_medication, array($drug, $patient_id));
if (!$result1) {
$list_query = "insert into lists(date,begdate,type,activity,pid,user,groupname,title) \n values (now(),cast(now() as date),'medication',1," . add_escape_custom($patientId) . ",'" . add_escape_custom($user) . "','','" . add_escape_custom($drug) . "')";
$list_result = sqlStatement($list_query);
}
}
$device_token_badge = getDeviceTokenBadge($provider_username, 'prescription');
$badge = $device_token_badge['badge'];
$deviceToken = $device_token_badge['device_token'];
if ($deviceToken) {
$notification_res = notification($deviceToken, $badge, $msg_count = 0, $apt_count = 0, $message = 'Update Prescription Notification!');
}
if ($result !== FALSE && $list_result !== FALSE) {
$xml_string .= "<status>0</status>";
$xml_string .= "<reason>The Patient prescription has been updated</reason>";
if ($notification_res) {
$xml_array['notification'] = 'Update Appointment Notification(' . $notification_res . ')';
} else {
$xml_array['notification'] = 'Notificaiotn Failed.';
}
} else {
$xml_string .= "<status>-1</status>";
$xml_string .= "<reason>ERROR: Sorry, there was an error processing your data. Please re-submit the information again.</reason>";
}
} else {
$xml_string .= "<status>-2</status>\n";
function item_post(&$a)
{
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
if (!local_channel() && !remote_channel() && !x($_REQUEST, 'commenter')) {
return;
}
require_once 'include/security.php';
$uid = local_channel();
$channel = null;
$observer = null;
/**
* Is this a reply to something?
*/
$parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0;
$parent_mid = x($_REQUEST, 'parent_mid') ? trim($_REQUEST['parent_mid']) : '';
$remote_xchan = x($_REQUEST, 'remote_xchan') ? trim($_REQUEST['remote_xchan']) : false;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($remote_xchan));
if ($r) {
$remote_observer = $r[0];
} else {
$remote_xchan = $remote_observer = false;
}
$profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0;
require_once 'include/identity.php';
$sys = get_sys_channel();
if ($sys && $profile_uid && $sys['channel_id'] == $profile_uid && is_site_admin()) {
$uid = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
if (x($_REQUEST, 'dropitems')) {
require_once 'include/items.php';
$arr_drop = explode(',', $_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false;
$consensus = intval($_REQUEST['consensus']);
// 'origin' (if non-zero) indicates that this network is where the message originated,
// for the purpose of relaying comments to other conversation members.
// If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset.
// If the API is used from another network with its own distribution
// and deliveries, you may wish to set origin to 0 or false and allow the other
// network to relay comments.
// If you are unsure, it is prudent (and important) to leave it unset.
$origin = $api_source && array_key_exists('origin', $_REQUEST) ? intval($_REQUEST['origin']) : 1;
// To represent message-ids on other networks - this will create an item_id record
$namespace = $api_source && array_key_exists('namespace', $_REQUEST) ? strip_tags($_REQUEST['namespace']) : '';
$remote_id = $api_source && array_key_exists('remote_id', $_REQUEST) ? strip_tags($_REQUEST['remote_id']) : '';
$owner_hash = null;
$message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : '';
$created = x($_REQUEST, 'created') ? datetime_convert('UTC', 'UTC', $_REQUEST['created']) : datetime_convert();
$post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0;
$app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : '';
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
$preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0;
$categories = x($_REQUEST, 'category') ? escape_tags($_REQUEST['category']) : '';
$webpage = x($_REQUEST, 'webpage') ? intval($_REQUEST['webpage']) : 0;
$pagetitle = x($_REQUEST, 'pagetitle') ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '';
$layout_mid = x($_REQUEST, 'layout_mid') ? escape_tags($_REQUEST['layout_mid']) : '';
$plink = x($_REQUEST, 'permalink') ? escape_tags($_REQUEST['permalink']) : '';
$obj_type = x($_REQUEST, 'obj_type') ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE;
// allow API to bulk load a bunch of imported items with sending out a bunch of posts.
$nopush = x($_REQUEST, 'nopush') ? intval($_REQUEST['nopush']) : 0;
/*
* Check service class limits
*/
if ($uid && !x($_REQUEST, 'parent') && !x($_REQUEST, 'post_id')) {
$ret = item_check_service_class($uid, $_REQUEST['webpage'] == ITEM_WEBPAGE ? true : false);
if (!$ret['success']) {
notice(t($ret['message']) . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
if ($pagetitle) {
require_once 'library/urlify/URLify.php';
$pagetitle = strtolower(URLify::transliterate($pagetitle));
}
$item_flags = $item_restrict = 0;
$route = '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
if ($parent || $parent_mid) {
if (!x($_REQUEST, 'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($obj_type == ACTIVITY_OBJ_POST) {
$obj_type = ACTIVITY_OBJ_COMMENT;
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent));
} elseif ($parent_mid && $uid) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), intval($uid));
}
// if this isn't the real parent of the conversation, find it
if ($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_mid = $r[0]['mid'];
if ($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid));
}
}
if ($r === false || !count($r)) {
notice(t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// can_comment_on_post() needs info from the following xchan_query
xchan_query($r);
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
$thr_parent = $parent_mid;
$route = $parent_item['route'];
}
if (!$observer) {
$observer = $a->get_observer();
}
if ($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
if (array_key_exists('owner', $parent_item) && $parent_item['owner']['abook_flags'] & ABOOK_FLAG_SELF) {
$can_comment = perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_comments');
} else {
$can_comment = can_comment_on_post($observer['xchan_hash'], $parent_item);
}
if (!$can_comment) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
} else {
if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_wall')) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
// is this an edited post?
$orig_post = null;
if ($namespace && $remote_id) {
// It wasn't an internally generated post - see if we've got an item matching this remote service id
$i = q("select iid from item_id where service = '%s' and sid = '%s' limit 1", dbesc($namespace), dbesc($remote_id));
if ($i) {
$post_id = $i[0]['iid'];
}
}
if ($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id));
if (!count($i)) {
killme();
}
$orig_post = $i[0];
}
if (!$channel) {
if ($uid && $uid == $profile_uid) {
$channel = $a->get_channel();
} else {
// posting as yourself but not necessarily to a channel you control
$r = q("select * from channel left join account on channel_account_id = account_id where channel_id = %d LIMIT 1", intval($profile_uid));
if ($r) {
$channel = $r[0];
}
}
}
if (!$channel) {
logger("mod_item: no channel.");
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$owner_xchan = null;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($channel['channel_hash']));
if ($r && count($r)) {
$owner_xchan = $r[0];
} else {
logger("mod_item: no owner.");
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$walltowall = false;
$walltowall_comment = false;
if ($remote_xchan) {
$observer = $remote_observer;
}
if ($observer) {
logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
// wall-to-wall detection.
// For top-level posts, if the author and owner are different it's a wall-to-wall
// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
if ($observer['xchan_name'] != $owner_xchan['xchan_name']) {
if ($parent_item && ($parent_item['item_flags'] & (ITEM_WALL | ITEM_ORIGIN)) == (ITEM_WALL | ITEM_ORIGIN)) {
$walltowall_comment = true;
$walltowall = true;
}
if (!$parent) {
$walltowall = true;
}
}
}
$public_policy = x($_REQUEST, 'public_policy') ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'], true);
if ($webpage) {
$public_policy = '';
}
if ($public_policy) {
$private = 1;
}
if ($orig_post) {
$private = 0;
// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if ($webpage) {
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
} else {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
if (strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) || $private) {
$private = 1;
}
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$app = $orig_post['app'];
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
// force us to recalculate if we need to obscure this post
if ($item_flags & ITEM_OBSCURED) {
$item_flags = $item_flags ^ ITEM_OBSCURED;
}
$item_restrict = $orig_post['item_restrict'];
$postopts = $orig_post['postopts'];
$created = $orig_post['created'];
$mid = $orig_post['mid'];
$parent_mid = $orig_post['parent_mid'];
$plink = $orig_post['plink'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) {
$str_group_allow = $channel['channel_allow_gid'];
$str_contact_allow = $channel['channel_allow_cid'];
$str_group_deny = $channel['channel_deny_gid'];
$str_contact_deny = $channel['channel_deny_cid'];
} elseif ($walltowall) {
// use the channel owner's default permissions
$str_group_allow = $channel['channel_allow_gid'];
$str_contact_allow = $channel['channel_allow_cid'];
$str_group_deny = $channel['channel_deny_gid'];
$str_contact_deny = $channel['channel_deny_cid'];
} else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$body .= trim($_REQUEST['attachment']);
$postopts = '';
$private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) || strlen($public_policy) ? 1 : 0;
// If this is a comment, set the permissions from the parent.
if ($parent_item) {
$private = 0;
if ($parent_item['item_private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid']) || strlen($parent_item['public_policy'])) {
$private = $parent_item['item_private'] ? $parent_item['item_private'] : 1;
}
$public_policy = $parent_item['public_policy'];
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
$owner_hash = $parent_item['owner_xchan'];
}
if (!strlen($body)) {
if ($preview) {
killme();
}
info(t('Empty post discarded.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
$expires = NULL_DATE;
if (feature_enabled($profile_uid, 'content_expire')) {
if (x($_REQUEST, 'expire')) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['expire']);
if ($expires <= datetime_convert()) {
$expires = NULL_DATE;
}
}
}
$mimetype = notags(trim($_REQUEST['mimetype']));
if (!$mimetype) {
$mimetype = 'text/bbcode';
}
if ($preview) {
$body = z_input_filter($profile_uid, $body, $mimetype);
}
// Verify ability to use html or php!!!
$execflag = false;
if ($mimetype === 'application/x-php') {
$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid));
if ($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE || $z[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
if ($uid && get_account_id() == $z[0]['account_id']) {
$execflag = true;
} else {
notice(t('Executable content type not permitted to this channel.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
}
if ($mimetype === 'text/bbcode') {
require_once 'include/text.php';
if ($uid && $uid == $profile_uid && feature_enabled($uid, 'markdown')) {
require_once 'include/bb2diaspora.php';
$body = escape_tags($body);
$body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_shield', $body);
$body = diaspora2bb($body, true);
$body = preg_replace_callback('/\\[share(.*?)\\]/ism', 'share_unshield', $body);
}
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
// we may need virtual or template classes to implement the possible alternatives
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
$plaintext = true;
// $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true);
// if((! $parent) && (! $api_source) && (! $plaintext)) {
// $body = fix_mce_lf($body);
// }
// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
if (!$parent && get_pconfig($profile_uid, 'system', 'tagifonlyrecip') && substr_count($str_contact_allow, '<') == 1 && $str_group_allow == '' && $str_contact_deny == '' && $str_group_deny == '') {
$x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc(str_replace(array('<', '>'), array('', ''), $str_contact_allow)), intval($profile_uid));
if ($x && $x[0]['abook_their_perms'] & PERMS_W_TAGWALL) {
$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
}
}
/**
* fix naked links by passing through a callback to see if this is a red site
* (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both.
* First protect any url inside certain bbcode tags so we don't double link it.
*/
$body = preg_replace_callback('/\\[code(.*?)\\[\\/(code)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[url(.*?)\\[\\/(url)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_escape_codeblock', $body);
$body = preg_replace_callback("/([^\\]\\='" . '"' . "\\/]|^|\\#\\^)(https?\\:\\/\\/[a-zA-Z0-9\\:\\/\\-\\?\\&\\;\\.\\=\\@\\_\\~\\#\\%\$\\!\\+\\,]+)/ism", 'red_zrl_callback', $body);
$body = preg_replace_callback('/\\[\\$b64zrl(.*?)\\[\\/(zrl)\\]/ism', 'red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64url(.*?)\\[\\/(url)\\]/ism', 'red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64code(.*?)\\[\\/(code)\\]/ism', 'red_unescape_codeblock', $body);
// fix any img tags that should be zmg
$body = preg_replace_callback('/\\[img(.*?)\\](.*?)\\[\\/img\\]/ism', 'red_zrlify_img_callback', $body);
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body);
$body = scale_external_images($body, false);
// Look for tags and linkify them
$results = linkify_tags($a, $body, $uid ? $uid : $profile_uid);
if ($results) {
// Set permissions based on tag replacements
set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private);
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded photos and attachments that are in the
* post and set them to the same permissions as the post itself.
*
* If the post was end-to-end encrypted we can't find images and attachments in the body,
* use our media_str input instead which only contains these elements - but only do this
* when encrypted content exists because the photo/attachment may have been removed from
* the post and we should keep it private. If it's encrypted we have no way of knowing
* so we'll set the permissions regardless and realise that the media may not be
* referenced in the post.
*
* What is preventing us from being able to upload photos into comments is dealing with
* the photo and attachment permissions, since we don't always know who was in the
* distribution for the top level post.
*
* We might be able to provide this functionality with a lot of fiddling:
* - if the top level post is public (make the photo public)
* - if the top level post was written by us or a wall post that belongs to us (match the top level post)
* - if the top level post has privacy mentions, add those to the permissions.
* - otherwise disallow the photo *or* make the photo public. This is the part that gets messy.
*/
if (!$preview) {
fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
fix_attached_file_permissions($channel, $observer['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
}
$attachments = '';
$match = false;
if (preg_match_all('/(\\[attachment\\](.*?)\\[\\/attachment\\])/', $body, $match)) {
$attachments = array();
foreach ($match[2] as $mtch) {
$hash = substr($mtch, 0, strpos($mtch, ','));
$rev = intval(substr($mtch, strpos($mtch, ',')));
$r = attach_by_hash_nodata($hash, $rev);
if ($r['success']) {
$attachments[] = array('href' => $a->get_baseurl() . '/attach/' . $r['data']['hash'], 'length' => $r['data']['filesize'], 'type' => $r['data']['filetype'], 'title' => urlencode($r['data']['filename']), 'revision' => $r['data']['revision']);
}
$body = str_replace($match[1], '', $body);
}
}
}
// BBCODE end alert
if (strlen($categories)) {
$cats = explode(',', $categories);
foreach ($cats as $cat) {
$post_tags[] = array('uid' => $profile_uid, 'type' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)));
}
}
$item_unseen = 1;
// determine if this is a wall post
if ($parent) {
if ($parent_item['item_flags'] & ITEM_WALL) {
$item_flags = $item_flags | ITEM_WALL;
}
} else {
if (!$webpage) {
$item_flags = $item_flags | ITEM_WALL;
}
}
if ($origin) {
$item_flags = $item_flags | ITEM_ORIGIN;
}
if ($moderated) {
$item_restrict = $item_restrict | ITEM_MODERATED;
}
if ($webpage) {
$item_restrict = $item_restrict | $webpage;
}
if (!strlen($verb)) {
$verb = ACTIVITY_POST;
}
$notify_type = $parent ? 'comment-new' : 'wall-new';
if (!$mid) {
$mid = $message_id ? $message_id : item_message_id();
}
if (!$parent_mid) {
$parent_mid = $mid;
}
if ($parent_item) {
$parent_mid = $parent_item['mid'];
}
// Fallback so that we alway have a thr_parent
if (!$thr_parent) {
$thr_parent = $mid;
}
$datarray = array();
if (!$parent) {
$item_flags = $item_flags | ITEM_THREAD_TOP;
}
if ($consensus) {
$item_flags |= ITEM_CONSENSUS;
}
if (!$plink && $item_flags & ITEM_THREAD_TOP) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
}
$datarray['aid'] = $channel['channel_account_id'];
$datarray['uid'] = $profile_uid;
$datarray['owner_xchan'] = $owner_hash ? $owner_hash : $owner_xchan['xchan_hash'];
$datarray['author_xchan'] = $observer['xchan_hash'];
$datarray['created'] = $created;
$datarray['edited'] = $orig_post ? datetime_convert() : $created;
$datarray['expires'] = $expires;
$datarray['commented'] = $orig_post ? datetime_convert() : $created;
$datarray['received'] = $orig_post ? datetime_convert() : $created;
$datarray['changed'] = $orig_post ? datetime_convert() : $created;
$datarray['mid'] = $mid;
$datarray['parent_mid'] = $parent_mid;
$datarray['mimetype'] = $mimetype;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['verb'] = $verb;
$datarray['obj_type'] = $obj_type;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['item_private'] = $private;
$datarray['attach'] = $attachments;
$datarray['thr_parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['item_restrict'] = $item_restrict;
$datarray['item_flags'] = $item_flags;
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
$datarray['route'] = $route;
$datarray['item_unseen'] = $item_unseen;
// preview mode - prepare the body for display and send it via json
if ($preview) {
require_once 'include/conversation.php';
$datarray['owner'] = $owner_xchan;
$datarray['author'] = $observer;
$datarray['attach'] = json_encode($datarray['attach']);
$o = conversation($a, array($datarray), 'search', false, 'preview');
// logger('preview: ' . $o, LOGGER_DEBUG);
echo json_encode(array('preview' => $o));
killme();
}
if ($orig_post) {
$datarray['edit'] = true;
}
call_hooks('post_local', $datarray);
if (x($datarray, 'cancel')) {
logger('mod_item: post cancelled by plugin.');
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('cancel' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
echo json_encode($json);
killme();
}
if (mb_strlen($datarray['title']) > 255) {
$datarray['title'] = mb_substr($datarray['title'], 0, 255);
}
if (array_key_exists('item_private', $datarray) && $datarray['item_private']) {
$datarray['body'] = trim(z_input_filter($datarray['uid'], $datarray['body'], $datarray['mimetype']));
if ($uid) {
if ($channel['channel_hash'] === $datarray['author_xchan']) {
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'], $channel['channel_prvkey']));
$datarray['item_flags'] = $datarray['item_flags'] | ITEM_VERIFIED;
}
}
logger('Encrypting local storage');
$key = get_config('system', 'pubkey');
$datarray['item_flags'] = $datarray['item_flags'] | ITEM_OBSCURED;
if ($datarray['title']) {
$datarray['title'] = json_encode(crypto_encapsulate($datarray['title'], $key));
}
if ($datarray['body']) {
$datarray['body'] = json_encode(crypto_encapsulate($datarray['body'], $key));
}
}
if ($orig_post) {
$datarray['id'] = $post_id;
item_store_update($datarray, $execflag);
update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid);
if (!$nopush) {
proc_run('php', "include/notifier.php", 'edit_post', $post_id);
}
if (x($_REQUEST, 'return') && strlen($return_path)) {
logger('return: ' . $return_path);
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
} else {
$post_id = 0;
}
$post = item_store($datarray, $execflag);
$post_id = $post['item_id'];
if ($post_id) {
logger('mod_item: saved item ' . $post_id);
if ($parent) {
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
if ($datarray['owner_xchan'] != $datarray['author_xchan'] && $parent_item['item_flags'] & ITEM_WALL) {
notification(array('type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_mid' => $parent_item['mid']));
}
} else {
$parent = $post_id;
if ($datarray['owner_xchan'] != $datarray['author_xchan']) {
notification(array('type' => NOTIFY_WALL, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item'));
}
if ($uid && $uid == $profile_uid && !$datarray['item_restrict']) {
q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($uid));
}
}
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if ($parent_item['item_restrict'] & ITEM_HIDDEN) {
$r = q("UPDATE `item` SET `item_restrict` = %d WHERE `id` = %d", intval($parent_item['item_restrict'] - ITEM_HIDDEN), intval($parent_item['id']));
}
} else {
logger('mod_item: unable to retrieve post that was just stored.');
notice(t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path);
// NOTREACHED
}
if ($parent) {
// Store the comment signature information in case we need to relay to Diaspora
$ditem = $datarray;
$ditem['author'] = $observer;
store_diaspora_comment_sig($ditem, $channel, $parent_item, $post_id, $walltowall_comment ? 1 : 0);
}
update_remote_id($channel, $post_id, $webpage, $pagetitle, $namespace, $remote_id, $mid);
$datarray['id'] = $post_id;
$datarray['llink'] = $a->get_baseurl() . '/display/' . $channel['channel_address'] . '/' . $post_id;
call_hooks('post_local_end', $datarray);
if (!$nopush) {
proc_run('php', 'include/notifier.php', $notify_type, $post_id);
}
logger('post_complete');
// figure out how to return, depending on from whence we came
if ($api_source) {
return $post;
}
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('success' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
logger('post_json: ' . print_r($json, true), LOGGER_DEBUG);
echo json_encode($json);
killme();
// NOTREACHED
}
function new_follower($importer, $contact, $datarray, $item, $sharing = false)
{
$url = notags(trim($datarray['author-link']));
$name = notags(trim($datarray['author-name']));
$photo = notags(trim($datarray['author-avatar']));
if (is_object($item)) {
$rawtag = $item->get_item_tags(NAMESPACE_ACTIVITY, 'actor');
if ($rawtag && $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data']) {
$nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'];
}
} else {
$nick = $item;
}
if (is_array($contact)) {
if ($contact['network'] == NETWORK_OSTATUS && $contact['rel'] == CONTACT_IS_SHARING || $sharing && $contact['rel'] == CONTACT_IS_FOLLOWER) {
$r = q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", intval(CONTACT_IS_FRIEND), intval($contact['id']), intval($importer['uid']));
}
// send email notification to owner?
} else {
// create contact record
$r = q("INSERT INTO `contact` (`uid`, `created`, `url`, `nurl`, `name`, `nick`, `photo`, `network`, `rel`,\n\t\t\t`blocked`, `readonly`, `pending`, `writable`)\n\t\t\tVALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1)", intval($importer['uid']), dbesc(datetime_convert()), dbesc($url), dbesc(normalise_link($url)), dbesc($name), dbesc($nick), dbesc($photo), dbesc($sharing ? NETWORK_ZOT : NETWORK_OSTATUS), intval($sharing ? CONTACT_IS_SHARING : CONTACT_IS_FOLLOWER));
$r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 LIMIT 1", intval($importer['uid']), dbesc($url));
if (count($r)) {
$contact_record = $r[0];
$photos = import_profile_photo($photo, $importer["uid"], $contact_record["id"]);
q("UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `id` = %d", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), intval($contact_record["id"]));
}
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer['uid']));
$a = get_app();
if (count($r) and !in_array($r[0]['page-flags'], array(PAGE_SOAPBOX, PAGE_FREELOVE))) {
// create notification
$hash = random_string();
if (is_array($contact_record)) {
$ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `hash`, `datetime`)\n\t\t\t\t\tVALUES ( %d, %d, 0, 0, '%s', '%s' )", intval($importer['uid']), intval($contact_record['id']), dbesc($hash), dbesc(datetime_convert()));
}
if (intval($r[0]['def_gid'])) {
require_once 'include/group.php';
group_add_member($r[0]['uid'], '', $contact_record['id'], $r[0]['def_gid']);
}
if ($r[0]['notify-flags'] & NOTIFY_INTRO && in_array($r[0]['page-flags'], array(PAGE_NORMAL))) {
notification(array('type' => NOTIFY_INTRO, 'notify_flags' => $r[0]['notify-flags'], 'language' => $r[0]['language'], 'to_name' => $r[0]['username'], 'to_email' => $r[0]['email'], 'uid' => $r[0]['uid'], 'link' => $a->get_baseurl() . '/notifications/intro', 'source_name' => strlen(stripslashes($contact_record['name'])) ? stripslashes($contact_record['name']) : t('[Name Withheld]'), 'source_link' => $contact_record['url'], 'source_photo' => $contact_record['photo'], 'verb' => $sharing ? ACTIVITY_FRIEND : ACTIVITY_FOLLOW, 'otype' => 'intro'));
}
} elseif (count($r) and in_array($r[0]['page-flags'], array(PAGE_SOAPBOX, PAGE_FREELOVE))) {
$r = q("UPDATE `contact` SET `pending` = 0 WHERE `uid` = %d AND `url` = '%s' AND `pending` LIMIT 1", intval($importer['uid']), dbesc($url));
}
}
}
echo "<br/><a href='index.php?c=bestelling&p=single&id=" . $result2['BestellingID'] . "'>(zie bestelling)</a>";
?>
</p>
</div>
<?php
}
/*************************/
/*************************/
?>
</div>
<div style="text-align: center; margin-top: 20px">
<?php
if ($page > 1) {
echo '<a href="index.php" class="button">1</a> ';
echo '<a href="index.php?page=' . ($page - 1) . '" class="button"><</a> ';
}
echo '<span style="font-size: 15px">' . $page . '</span>';
if ($page < $totalPages) {
echo ' <a href="index.php?page=' . ($page + 1) . '" class="button">></a>';
echo ' <a href="index.php?page=' . $totalPages . '" class="button">' . $totalPages . '</a>';
}
?>
</div>
<?php
} else {
echo notification("Er zijn op dit moment geen nieuwsitems aan u gericht.", 'info');
}
} else {
echo notification("Er zijn op dit moment geen nieuwsitems aan u gericht.", 'info');
}
}
/**
* 店铺审核
*/
public function audit()
{
$shopModel = M('Shop');
$columnModel = M('Column');
$goodsCategoryModel = M('Goods_category');
$shop_id = $_REQUEST['shop_id'];
$audit_status = $_REQUEST['audit'];
if (empty($shop_id)) {
$this->ajaxReturn(self::result(false, '店铺不能为空'));
}
if (!isset($_REQUEST['audit'])) {
$this->ajaxReturn(self::result(false, '状态不能为空'));
}
$shopInfo = $shopModel->where("shop_id=" . $shop_id)->field('contract_valid_to')->find();
if (!$shopInfo['contract_valid_to'] && $audit_status) {
$this->ajaxReturn(self::result(false, '生效日/截止日不能为空,请填写后再试'));
}
//审核状态:0-待审核,1-审核通过,2-审核被拒
$data['shop_id'] = $shop_id;
$data['shop_status'] = 99;
if ($audit_status == 0) {
$data['shop_status'] = 99;
$data['audit_status'] = 2;
}
if ($audit_status == 1) {
$data['shop_status'] = 0;
$data['audit_status'] = 1;
}
$ret = $shopModel->save($data);
/*
$shop = $shopModel->where(array('shop_id'=>$shop_id))->find();
$where = array('column_id'=>$shop['column_id']);
$column = $columnModel->where($where)->find();
//更新商铺服务分类
//判断是否存在根分类,如果存在则不更新
if($cate = $goodsCategoryModel->where(array('shop_id'=>$shop_id,'parent_category_id'=>0))->find()){
//更新
//print_r($cate);exit;
$category_data['shop_id'] = $shop_id;
$category_data['goods_category_id'] = $cate['goods_category_id'];
$category_data['status'] = 1;
$category_data['category_name'] = $column['column_name'];
$goodsCategoryModel->save($category_data);
}else{
$category_data['shop_id'] = $shop_id;
$category_data['parent_category_id'] = 0;
$category_data['status'] = 1;
$category_data['category_name'] = $column['column_name'];
$goodsCategoryModel->add($category_data);
}
*/
if ($data['audit_status'] == 1) {
//保证金-接口
notification('shopAudit', array('shopId' => $shop_id));
}
//更新缓存
notification('shopInfoChange', array('shopId' => $shop_id));
$this->ajaxReturn(self::result(true, '修改成功'));
}
function send_register_open_eml($email, $sitename, $siteurl, $username, $password)
{
$preamble = deindent(t('
Dear %1$s,
Thank you for registering at %2$s. Your account has been created.
'));
$body = deindent(t('
The login details are as follows:
Site Location: %3$s
Login Name: %1$s
Password: %5$s
You may change your password from your account "Settings" page after logging
in.
Please take a few moments to review the other account settings on that page.
You may also wish to add some basic information to your default profile
(on the "Profiles" page) so that other people can easily find you.
We recommend setting your full name, adding a profile photo,
adding some profile "keywords" (very useful in making new friends) - and
perhaps what country you live in; if you do not wish to be more specific
than that.
We fully respect your right to privacy, and none of these items are necessary.
If you are new and do not know anybody here, they may help
you to make some new and interesting friends.
Thank you and welcome to %2$s.'));
$preamble = sprintf($preamble, $username, $sitename);
$body = sprintf($body, $email, $sitename, $siteurl, $username, $password);
return notification(array('type' => "SYSTEM_EMAIL", 'to_email' => $email, 'subject' => sprintf(t('Registration details for %s'), $sitename), 'preamble' => $preamble, 'body' => $body));
}
/**
* @brief Refreshes after permission changed or friending, etc.
*
* zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified
* to fetch new permissions via a finger/discovery operation. This may result in a new connection
* (abook entry) being added to a local channel and it may result in auto-permissions being granted.
*
* Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a
* permission change has been made by the sender which affects the target channel. The hub controlling
* the target channel does targetted discovery (a zot-finger request requesting permissions for the local
* channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store
* the permissions assigned to this channel.
*
* Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are
* implied until this is approved by the owner channel. A channel can also auto-populate permissions in
* return and send back a refresh packet of its own. This is used by forum and group communication channels
* so that friending and membership in the channel's "club" is automatic.
*
* @param array $them => xchan structure of sender
* @param array $channel => local channel structure of target recipient, required for "friending" operations
* @param array $force default false
*
* @returns boolean true if successful, else false
*/
function zot_refresh($them, $channel = null, $force = false)
{
if (array_key_exists('xchan_network', $them) && $them['xchan_network'] !== 'zot') {
logger('zot_refresh: not got zot. ' . $them['xchan_name']);
return true;
}
logger('zot_refresh: them: ' . print_r($them, true), LOGGER_DATA);
if ($channel) {
logger('zot_refresh: channel: ' . print_r($channel, true), LOGGER_DATA);
}
$url = null;
if ($them['hubloc_url']) {
$url = $them['hubloc_url'];
} else {
$r = null;
// if they re-installed the server we could end up with the wrong record - pointing to the old install.
// We'll order by reverse id to try and pick off the newest one first and hopefully end up with the
// correct hubloc. If this doesn't work we may have to re-write this section to try them all.
if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
$r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_addr = '%s' order by hubloc_id desc", dbesc($them['xchan_addr']));
}
if (!$r) {
$r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_hash = '%s' order by hubloc_id desc", dbesc($them['xchan_hash']));
}
if ($r) {
foreach ($r as $rr) {
if (intval($rr['hubloc_primary'])) {
$url = $rr['hubloc_url'];
break;
}
}
if (!$url) {
$url = $r[0]['hubloc_url'];
}
}
}
if (!$url) {
logger('zot_refresh: no url');
return false;
}
$postvars = array();
if ($channel) {
$postvars['target'] = $channel['channel_guid'];
$postvars['target_sig'] = $channel['channel_guid_sig'];
$postvars['key'] = $channel['channel_pubkey'];
}
if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) {
$postvars['address'] = $them['xchan_addr'];
}
if (array_key_exists('xchan_hash', $them) && $them['xchan_hash']) {
$postvars['guid_hash'] = $them['xchan_hash'];
}
if (array_key_exists('xchan_guid', $them) && $them['xchan_guid'] && array_key_exists('xchan_guid_sig', $them) && $them['xchan_guid_sig']) {
$postvars['guid'] = $them['xchan_guid'];
$postvars['guid_sig'] = $them['xchan_guid_sig'];
}
$rhs = '/.well-known/zot-info';
$result = z_post_url($url . $rhs, $postvars);
logger('zot_refresh: zot-info: ' . print_r($result, true), LOGGER_DATA);
if ($result['success']) {
$j = json_decode($result['body'], true);
if (!($j && $j['success'])) {
logger('zot_refresh: result not decodable');
return false;
}
$x = import_xchan($j, $force ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED);
if (!$x['success']) {
return false;
}
$their_perms = 0;
if ($channel) {
$global_perms = get_perms();
if ($j['permissions']['data']) {
$permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']);
if ($permissions) {
$permissions = json_decode($permissions, true);
}
logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA);
} else {
$permissions = $j['permissions'];
}
$connected_set = false;
if ($permissions && is_array($permissions)) {
foreach ($permissions as $k => $v) {
// The connected permission means you are in their address book
if ($k === 'connected') {
$connected_set = intval($v);
continue;
}
if ($v && array_key_exists($k, $global_perms)) {
$their_perms = $their_perms | intval($global_perms[$k][1]);
}
}
}
if (array_key_exists('profile', $j) && array_key_exists('next_birthday', $j['profile'])) {
$next_birthday = datetime_convert('UTC', 'UTC', $j['profile']['next_birthday']);
} else {
$next_birthday = NULL_DATE;
}
$r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($x['hash']), intval($channel['channel_id']));
if ($r) {
// connection exists
// if the dob is the same as what we have stored (disregarding the year), keep the one
// we have as we may have updated the year after sending a notification; and resetting
// to the one we just received would cause us to create duplicated events.
if (substr($r[0]['abook_dob'], 5) == substr($next_birthday, 5)) {
$next_birthday = $r[0]['abook_dob'];
}
$current_abook_connected = intval($r[0]['abook_unconnected']) ? 0 : 1;
$y = q("update abook set abook_their_perms = %d, abook_dob = '%s'\n\t\t\t\t\twhere abook_xchan = '%s' and abook_channel = %d\n\t\t\t\t\tand abook_self = 0 ", intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id']));
// if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) {
// if they are in your address book but you aren't in theirs, and/or this does not
// match your current connected state setting, toggle it.
/** @FIXME uncoverted to postgres */
/** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */
// $y1 = q("update abook set abook_unconnected = 1
// where abook_xchan = '%s' and abook_channel = %d
// and abook_self = 0 limit 1",
// dbesc($x['hash']),
// intval($channel['channel_id'])
// );
// }
if (!$y) {
logger('abook update failed');
} else {
// if we were just granted read stream permission and didn't have it before, try to pull in some posts
if (!($r[0]['abook_their_perms'] & PERMS_R_STREAM) && $their_perms & PERMS_R_STREAM) {
proc_run('php', 'include/onepoll.php', $r[0]['abook_id']);
}
}
} else {
// new connection
$role = get_pconfig($channel['channel_id'], 'system', 'permissions_role');
if ($role) {
$xx = get_role_perms($role);
if ($xx['perms_auto']) {
$default_perms = $xx['perms_accept'];
}
}
if (!$default_perms) {
$default_perms = intval(get_pconfig($channel['channel_id'], 'system', 'autoperms'));
}
// Keep original perms to check if we need to notify them
$previous_perms = get_all_perms($channel['channel_id'], $x['hash']);
$closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness');
if ($closeness === false) {
$closeness = 80;
}
$y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), intval($their_perms), intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), intval($default_perms ? 0 : 1));
if ($y) {
logger("New introduction received for {$channel['channel_name']}");
$new_perms = get_all_perms($channel['channel_id'], $x['hash']);
// Send a clone sync packet and a permissions update if permissions have changed
$new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 order by abook_created desc limit 1", dbesc($x['hash']), intval($channel['channel_id']));
if ($new_connection) {
if ($new_perms != $previous_perms) {
proc_run('php', 'include/notifier.php', 'permission_create', $new_connection[0]['abook_id']);
}
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id']));
if ($their_perms & PERMS_R_STREAM) {
if ($channel['channel_w_stream'] & PERMS_PENDING || !intval($new_connection[0]['abook_pending'])) {
proc_run('php', 'include/onepoll.php', $new_connection[0]['abook_id']);
}
}
unset($new_connection[0]['abook_id']);
unset($new_connection[0]['abook_account']);
unset($new_connection[0]['abook_channel']);
build_sync_packet($channel['channel_id'], array('abook' => $new_connection));
}
}
}
}
return true;
}
return false;
}
function mail_store($arr)
{
if (!$arr['channel_id']) {
logger('mail_store: no uid');
return 0;
}
if (strpos($arr['body'], '<') !== false || strpos($arr['body'], '>') !== false) {
$arr['body'] = escape_tags($arr['body']);
}
if (array_key_exists('attach', $arr) && is_array($arr['attach'])) {
$arr['attach'] = json_encode($arr['attach']);
}
$arr['account_id'] = x($arr, 'account_id') ? intval($arr['account_id']) : 0;
$arr['mid'] = x($arr, 'mid') ? notags(trim($arr['mid'])) : random_string();
$arr['from_xchan'] = x($arr, 'from_xchan') ? notags(trim($arr['from_xchan'])) : '';
$arr['to_xchan'] = x($arr, 'to_xchan') ? notags(trim($arr['to_xchan'])) : '';
$arr['created'] = x($arr, 'created') !== false ? datetime_convert('UTC', 'UTC', $arr['created']) : datetime_convert();
$arr['expires'] = x($arr, 'expires') !== false ? datetime_convert('UTC', 'UTC', $arr['expires']) : NULL_DATE;
$arr['title'] = x($arr, 'title') ? notags(trim($arr['title'])) : '';
$arr['parent_mid'] = x($arr, 'parent_mid') ? notags(trim($arr['parent_mid'])) : '';
$arr['body'] = x($arr, 'body') ? trim($arr['body']) : '';
$arr['mail_flags'] = x($arr, 'mail_flags') ? intval($arr['mail_flags']) : 0;
if (!$arr['parent_mid']) {
logger('mail_store: missing parent');
$arr['parent_mid'] = $arr['mid'];
}
$r = q("SELECT `id` FROM mail WHERE `mid` = '%s' AND channel_id = %d LIMIT 1", dbesc($arr['mid']), intval($arr['channel_id']));
if ($r) {
logger('mail_store: duplicate item ignored. ' . print_r($arr, true));
return 0;
}
call_hooks('post_mail', $arr);
if (x($arr, 'cancel')) {
logger('mail_store: post cancelled by plugin.');
return 0;
}
dbesc_array($arr);
logger('mail_store: ' . print_r($arr, true), LOGGER_DATA);
$r = dbq("INSERT INTO mail (`" . implode("`, `", array_keys($arr)) . "`) VALUES ('" . implode("', '", array_values($arr)) . "')");
// find the item we just created
$r = q("SELECT `id` FROM mail WHERE `mid` = '%s' AND `channel_id` = %d ORDER BY `id` ASC ", $arr['mid'], intval($arr['channel_id']));
if ($r) {
$current_post = $r[0]['id'];
logger('mail_store: created item ' . $current_post, LOGGER_DEBUG);
$arr['id'] = $current_post;
// for notification
} else {
logger('mail_store: could not locate created item');
return 0;
}
if (count($r) > 1) {
logger('mail_store: duplicated post occurred. Removing duplicates.');
q("DELETE FROM mail WHERE `mid` = '%s' AND `channel_id` = %d AND `id` != %d ", $arr['mid'], intval($arr['channel_id']), intval($current_post));
} else {
require_once 'include/enotify.php';
$notif_params = array('from_xchan' => $arr['from_xchan'], 'to_xchan' => $arr['to_xchan'], 'type' => NOTIFY_MAIL, 'item' => $arr, 'verb' => ACTIVITY_POST, 'otype' => 'mail');
notification($notif_params);
}
call_hooks('post_mail_end', $arr);
return $current_post;
}
<?php
require "postGCM.php";
//imposto parametri per accedere al database
$location = $_SERVER['HTTP_HOST'];
$db_host = "localhost";
$db_user = "******";
$db_password = "******";
$db_database = "App";
//mi collego al DBMS
$connessione = mysql_connect($db_host, $db_user, $db_password);
//seleziono un database
mysql_select_db($db_database, $connessione);
//mysql_close($connessione); per chiudere la connessione al DBMS
if (isset($_POST['Testo'])) {
$query = "INSERT INTO Messages(Testo, Destinatario, Mittente, Dataora) VALUES('" . $_POST['Testo'] . "','" . $_POST['Destinatario'] . "','" . $_POST['Mittente'] . "', NOW());";
echo $query;
mysql_query($query, $connessione) or die("Query fallita!" . mysql_error($connessione));
$id = mysql_insert_id($connessione);
notification($id, $connessione);
}
mysql_close($connessione);
function dfrn_request_content(&$a)
{
if ($a->argc != 2 || !count($a->profile)) {
return "";
}
// "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
// to send us to the post section to record the introduction.
if (x($_GET, 'dfrn_url')) {
if (!local_user()) {
info(t("Please login to confirm introduction.") . EOL);
/* setup the return URL to come back to this page if they use openid */
$stripped = str_replace('q=', '', $a->query_string);
$_SESSION['return_url'] = trim($stripped, '/');
return login();
}
// Edge case, but can easily happen in the wild. This person is authenticated,
// but not as the person who needs to deal with this request.
if ($a->user['nickname'] != $a->argv[1]) {
notice(t("Incorrect identity currently logged in. Please login to <strong>this</strong> profile.") . EOL);
return login();
}
$dfrn_url = notags(trim(hex2bin($_GET['dfrn_url'])));
$aes_allow = x($_GET, 'aes_allow') && $_GET['aes_allow'] == 1 ? 1 : 0;
$confirm_key = x($_GET, 'confirm_key') ? $_GET['confirm_key'] : "";
$tpl = get_markup_template("dfrn_req_confirm.tpl");
$o = replace_macros($tpl, array('$dfrn_url' => $dfrn_url, '$aes_allow' => $aes_allow ? '<input type="hidden" name="aes_allow" value="1" />' : "", '$confirm_key' => $confirm_key, '$welcome' => sprintf(t('Welcome home %s.'), $a->user['username']), '$please' => sprintf(t('Please confirm your introduction/connection request to %s.'), $dfrn_url), '$submit' => t('Confirm'), '$uid' => $_SESSION['uid'], '$nickname' => $a->user['nickname'], 'dfrn_rawurl' => $_GET['dfrn_url']));
return $o;
} elseif (x($_GET, 'confirm_key') && strlen($_GET['confirm_key'])) {
// we are the requestee and it is now safe to send our user their introduction,
// We could just unblock it, but first we have to jump through a few hoops to
// send an email, or even to find out if we need to send an email.
$intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1", dbesc($_GET['confirm_key']));
if (count($intro)) {
$r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`\n\t\t\t\tWHERE `contact`.`id` = %d LIMIT 1", intval($intro[0]['contact-id']));
$auto_confirm = false;
if (count($r)) {
if ($r[0]['page-flags'] != PAGE_NORMAL) {
$auto_confirm = true;
}
if (!$auto_confirm) {
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_INTRO, 'notify_flags' => $r[0]['notify-flags'], 'language' => $r[0]['language'], 'to_name' => $r[0]['username'], 'to_email' => $r[0]['email'], 'link' => $a->get_baseurl() . '/notifications/intros', 'source_name' => strlen(stripslashes($r[0]['name'])) ? stripslashes($r[0]['name']) : t('[Name Withheld]'), 'source_link' => $r[0]['url'], 'source_photo' => $r[0]['photo'], 'verb' => ACTIVITY_REQ_FRIEND, 'otype' => 'intro'));
}
if ($auto_confirm) {
require_once 'mod/dfrn_confirm.php';
$handsfree = array('uid' => $r[0]['uid'], 'node' => $r[0]['nickname'], 'dfrn_id' => $r[0]['issued-id'], 'intro_id' => $intro[0]['id'], 'duplex' => $r[0]['page-flags'] == PAGE_FREELOVE ? 1 : 0);
dfrn_confirm_post($a, $handsfree);
}
}
if (!$auto_confirm) {
// If we are auto_confirming, this record will have already been nuked
// in dfrn_confirm_post()
$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1", dbesc($_GET['confirm_key']));
}
}
killme();
return;
// NOTREACHED
} else {
/**
* Normal web request. Display our user's introduction form.
*/
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
/**
* Try to auto-fill the profile address
*/
if (local_user()) {
if (strlen($a->path)) {
$myaddr = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
} else {
$myaddr = $a->user['nickname'] . '@' . substr(z_root(), strpos(z_root(), '://') + 3);
}
} elseif (x($_GET, 'addr')) {
$myaddr = hex2bin($_GET['addr']);
} else {
/* $_GET variables are already urldecoded */
$myaddr = x($_GET, 'address') ? $_GET['address'] : '';
}
$target_addr = $a->profile['nickname'] . '@' . substr(z_root(), strpos(z_root(), '://') + 3);
/**
*
* The auto_request form only has the profile address
* because nobody is going to read the comments and
* it doesn't matter if they know you or not.
*
*/
if ($a->profile['page-flags'] == PAGE_NORMAL) {
$tpl = get_markup_template('dfrn_request.tpl');
} else {
$tpl = get_markup_template('auto_request.tpl');
}
$page_desc = sprintf(t('Diaspora members: Please do not use this form. Instead, enter "%s" into your Diaspora search bar.'), $target_addr) . EOL . EOL;
$page_desc .= t("Please enter your 'Identity Address' from one of the following supported social networks:");
$o .= replace_macros($tpl, array('$header' => t('Friend/Connection Request'), '$desc' => t('Examples: jojo@demo.friendica.com, http://demo.friendica.com/profile/jojo, testuser@identi.ca'), '$pls_answer' => t('Please answer the following:'), '$does_know' => sprintf(t('Does %s know you?'), $a->profile['name']), '$yes' => t('Yes'), '$no' => t('No'), '$add_note' => t('Add a personal note:'), '$page_desc' => $page_desc, '$friendika' => t('Friendica'), '$statusnet' => t('StatusNet/Federated Social Web'), '$diaspora' => t('Diaspora'), '$diasnote' => t('- please share from your own site as noted above'), '$your_address' => t('Your Identity Address:'), '$submit' => t('Submit Request'), '$cancel' => t('Cancel'), '$nickname' => $a->argv[1], '$name' => $a->profile['name'], '$myaddr' => $myaddr));
return $o;
}
return;
// Somebody is fishing.
}
<fieldset class="info_fieldset">
<div id="fields">
<label style="font-weight: bold; width: 415px;">Gebruiker informatie</label>
<label>Email*</label><input class="textbox" type="text" name="iptGebEmail" value="" /><br />
<label>Voornaam*</label><input class="textbox" type="text" name="iptGebVoornaam" value="" /><br />
<label>Tussenvoegsel</label><input class="textbox" type="text" name="iptGebTussenvoegsel" value="" /><br />
<label>Achternaam*</label><input class="textbox" type="text" name="iptGebAchternaam" value="" /><br />
<label>Straat*</label><input class="textbox" type="text" name="iptGebStraat" value="" /><br />
<label>Huisnummer*</label><input class="textbox" type="text" name="iptGebHuisnummer" value="" /><br />
<label>Huisnummer toevoeging</label><input class="textbox" type="text" name="iptGebHuisnummerToevoeging" value="" /><br />
<label>Postcode*</label><input class="textbox" type="text" name="iptGebPostcode" value="" /><br />
<label>Woonplaats*</label><input class="textbox" type="text" name="iptGebWoonplaats" value="" /><br />
<label>Telefoon*</label><input class="textbox" type="text" name="iptGebTelefoon" value="" /><br />
<label style="font-weight: bold; width: 415px; margin-top: 20px;">Groothandel informatie</label>
<label>Bedrijfsnaam*</label><input class="textbox" type="text" name="iptBedBedrijfsnaam" value="" /><br />
<label>Email*</label><input class="textbox" type="text" name="iptBedEmail" value="" /><br />
<label>Straat*</label><input class="textbox" type="text" name="iptBedStraat" value="" /><br />
<label>Huisnummer*</label><input class="textbox" type="text" name="iptBedHuisnummer" value="" /><br />
<label>Huisnummer toevoeging</label><input class="textbox" type="text" name="iptBedHuisnummerToevoeging" value="" /><br />
<label>Postcode*</label><input class="textbox" type="text" name="iptBedPostcode" value="" /><br />
<label>Vestigingsplaats*</label><input class="textbox" type="text" name="iptBedVestigingsplaats" value="" /><br />
<label> </label><input class="formbutton" type="submit" name="submit" value="Verzenden" /><br/><br/>
</div>
<?php
echo notification("*Verplichte velden", 'info');
?>
</fieldset>
</form>
</div>
<?php
}
// Sinon le membre peut se connecter, on crée les sessions!
$_SESSION['id'] = $donnees_infosmembre->id;
$_SESSION['pseudo'] = $donnees_infosmembre->pseudo;
$_SESSION['acces'] = $session_acces;
//$_SESSION['niveau'] = $donnees_infosmembre->niveau;
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['clef'] = $donnees_infosmembre->clef;
//setcookie('GUID', $_SESSION['clef'], (time() + 365*24*3600));
//$connexion->exec('UPDATE connectes SET clefUnique = "' . $_SESSION['clef'] . '" WHERE ip = "' . $_SERVER['REMOTE_ADDR'] . '"');
$lastTime = $donnees_infosmembre->timestampBonus;
if (time() >= $lastTime + 86400) {
$xpBonus = rand(200, 800);
$ecBonus = rand(200, 800);
$connexion->query('UPDATE membres SET experience = (experience + ' . $xpBonus . ') WHERE id = ' . $_SESSION['id']);
$connexion->query('UPDATE membres SET ec = (ec + ' . $ecBonus . ') WHERE id = ' . $_SESSION['id']);
notification($_SESSION['id'], 1, "Vous avez reçu un bonus de fidélité !\n EXP : [b]+ " . $xpBonus . "[/b]\nEC : [b] + " . $ecBonus . "[/b]", $connexion);
$connexion->exec('UPDATE membres SET timestampBonus = "' . time() . '" WHERE id = ' . $_SESSION['id']);
}
$connexion->exec('UPDATE membres SET lastConnexion = "' . time() . '" WHERE id = ' . $_SESSION['id']);
header('Location: index.php');
} else {
avert('Pseudo non validé. Veuillez patienter.');
}
} else {
avert('Votre pseudo est exclu temporairement du site.');
}
} else {
avert('Votre pseudo est exclu définitivement du site.');
}
} else {
avert('Pseudo incorrect, ou mot de passe invalide.');
function item_post(&$a)
{
if (!local_user() && !remote_user() && !x($_REQUEST, 'commenter')) {
return;
}
require_once 'include/security.php';
$uid = local_user();
if (x($_REQUEST, 'dropitems')) {
$arr_drop = explode(',', $_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postinput ' . file_get_contents('php://input'));
logger('postvars ' . print_r($_REQUEST, true), LOGGER_DATA);
$api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false;
$message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : '';
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
$preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0;
// Check for doubly-submitted posts, and reject duplicates
// Note that we have to ignore previews, otherwise nothing will post
// after it's been previewed
if (!$preview && x($_REQUEST['post_id_random'])) {
if (x($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
logger("item post: duplicate post", LOGGER_DEBUG);
item_post_return($a->get_baseurl(), $api_source, $return_path);
} else {
$_SESSION['post-random'] = $_REQUEST['post_id_random'];
}
}
/**
* Is this a reply to something?
*/
$parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0;
$parent_uri = x($_REQUEST, 'parent_uri') ? trim($_REQUEST['parent_uri']) : '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
$objecttype = null;
if ($parent || $parent_uri) {
$objecttype = ACTIVITY_OBJ_COMMENT;
if (!x($_REQUEST, 'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent));
} elseif ($parent_uri && local_user()) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_uri), intval(local_user()));
}
// if this isn't the real parent of the conversation, find it
if ($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_uri = $r[0]['uri'];
if ($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid));
}
}
if ($r === false || !count($r)) {
notice(t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
//if(($parid) && ($parid != $parent))
$thr_parent = $parent_uri;
if ($parent_item['contact-id'] && $uid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($parent_item['contact-id']), intval($uid));
if (count($r)) {
$parent_contact = $r[0];
// If the contact id doesn't fit with the contact, then set the contact to null
$thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent));
if (count($thrparent) and $thrparent[0]["network"] === NETWORK_OSTATUS and normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"])) {
$parent_contact = null;
require_once "include/Scrape.php";
$probed_contact = probe_url($thrparent[0]["author-link"]);
if ($probed_contact["network"] != NETWORK_FEED) {
$parent_contact = $probed_contact;
$parent_contact["nurl"] = normalise_link($probed_contact["url"]);
$parent_contact["thumb"] = $probed_contact["photo"];
$parent_contact["micro"] = $probed_contact["photo"];
}
logger('parent contact: ' . print_r($parent_contact, true), LOGGER_DEBUG);
} else {
logger('no contact found: ' . print_r($thrparent, true), LOGGER_DEBUG);
}
}
}
}
if ($parent) {
logger('mod_item: item_post parent=' . $parent);
}
$profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0;
$post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0;
$app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : '';
$extid = x($_REQUEST, 'extid') ? strip_tags($_REQUEST['extid']) : '';
$allow_moderated = false;
// here is where we are going to check for permission to post a moderated comment.
// First check that the parent exists and it is a wall item.
if (x($_REQUEST, 'commenter') && (!$parent || !$parent_item['wall'])) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// Now check that it is a page_type of PAGE_BLOG, and that valid personal details
// have been provided, and run any anti-spam plugins
// TODO
if (!can_write_wall($a, $profile_uid) && !$allow_moderated) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// is this an edited post?
$orig_post = null;
if ($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id));
if (!count($i)) {
killme();
}
$orig_post = $i[0];
}
$user = null;
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($profile_uid));
if (count($r)) {
$user = $r[0];
}
if ($orig_post) {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$objecttype = $orig_post['object-type'];
$emailcc = $orig_post['emailcc'];
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enable = $orig_post['pubmail'];
$network = $orig_post['network'];
$guid = $orig_post['guid'];
$extid = $orig_post['extid'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) {
$str_group_allow = $user['allow_gid'];
$str_contact_allow = $user['allow_cid'];
$str_group_deny = $user['deny_gid'];
$str_contact_deny = $user['deny_cid'];
} else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$title = notags(trim($_REQUEST['title']));
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$emailcc = notags(trim($_REQUEST['emailcc']));
$body = escape_tags(trim($_REQUEST['body']));
$network = notags(trim($_REQUEST['network']));
$guid = get_guid(32);
$naked_body = preg_replace('/\\[(.+?)\\]/', '', $body);
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
$l = new Text_LanguageDetect();
//$lng = $l->detectConfidence($naked_body);
//$postopts = (($lng['language']) ? 'lang=' . $lng['language'] . ';' . $lng['confidence'] : '');
$lng = $l->detect($naked_body, 3);
if (sizeof($lng) > 0) {
$postopts = "";
foreach ($lng as $language => $score) {
if ($postopts == "") {
$postopts = "lang=";
} else {
$postopts .= ":";
}
$postopts .= $language . ";" . $score;
}
}
logger('mod_item: detect language' . print_r($lng, true) . $naked_body, LOGGER_DATA);
} else {
$postopts = '';
}
$private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) ? 1 : 0;
if ($user['hidewall']) {
$private = 2;
}
// If this is a comment, set the permissions from the parent.
if ($parent_item) {
$private = 0;
// for non native networks use the network of the original post as network of the item
if ($parent_item['network'] != NETWORK_DIASPORA and $parent_item['network'] != NETWORK_OSTATUS and $network == "") {
$network = $parent_item['network'];
}
if ($parent_item['private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid'])) {
$private = $parent_item['private'] ? $parent_item['private'] : 1;
}
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
}
$pubmail_enable = x($_REQUEST, 'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && !$private ? 1 : 0;
// if using the API, we won't see pubmail_enable - figure out if it should be set
if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) {
$mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1;
if (!$mail_disabled) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", intval(local_user()));
if (count($r) && intval($r[0]['pubmail'])) {
$pubmail_enabled = true;
}
}
}
if (!strlen($body)) {
if ($preview) {
killme();
}
info(t('Empty post discarded.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
if (strlen($categories)) {
// get the "fileas" tags for this post
$filedas = file_tag_file_to_list($categories, 'file');
}
// save old and new categories, so we can determine what needs to be deleted from pconfig
$categories_old = $categories;
$categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
$categories_new = $categories;
if (strlen($filedas)) {
// append the fileas stuff to the new categories list
$categories .= file_tag_list_to_file($filedas, 'file');
}
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
/* $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) || !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}*/
$plaintext = local_user() ? !feature_enabled($profile_uid, 'richtext') : 0;
if (!$parent && !$api_source && !$plaintext) {
$body = fix_mce_lf($body);
}
// get contact info for poster
$author = null;
$self = false;
$contact_id = 0;
if (local_user() && local_user() == $profile_uid) {
$self = true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']));
} elseif (remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id));
}
}
if (count($r)) {
$author = $r[0];
$contact_id = $author['id'];
}
// get contact info for owner
if ($profile_uid == local_user()) {
$contact_record = $author;
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($profile_uid));
if (count($r)) {
$contact_record = $r[0];
}
}
$post_type = notags(trim($_REQUEST['type']));
if ($post_type === 'net-comment') {
if ($parent_item !== null) {
if ($parent_item['wall'] == 1) {
$post_type = 'wall-comment';
} else {
$post_type = 'remote-comment';
}
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if (!$preview && preg_match_all("/\\[img([\\=0-9x]*?)\\](.*?)\\[\\/img\\]/", $body, $match)) {
$images = $match[2];
if (count($images)) {
$objecttype = ACTIVITY_OBJ_IMAGE;
foreach ($images as $image) {
if (!stristr($image, $a->get_baseurl() . '/photo/')) {
continue;
}
$image_uri = substr($image, strrpos($image, '/') + 1);
$image_uri = substr($image_uri, 0, strpos($image_uri, '-'));
if (!strlen($image_uri)) {
continue;
}
$srch = '<' . intval($contact_id) . '>';
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''\n\t\t\t\t\tAND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid));
if (!count($r)) {
continue;
}
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\tWHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($image_uri), intval($profile_uid), dbesc(t('Wall Photos')));
}
}
}
/**
* Next link in any attachment references we find in the post.
*/
$match = false;
if (!$preview && preg_match_all("/\\[attachment\\](.*?)\\[\\/attachment\\]/", $body, $match)) {
$attaches = $match[1];
if (count($attaches)) {
foreach ($attaches as $attach) {
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($attach));
if (count($r)) {
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\t\tWHERE `uid` = %d AND `id` = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($profile_uid), intval($attach));
}
}
}
}
// embedded bookmark in post? set bookmark flag
$bookmark = 0;
if (preg_match_all("/\\[bookmark\\=([^\\]]*)\\](.*?)\\[\\/bookmark\\]/ism", $body, $match, PREG_SET_ORDER)) {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
$bookmark = 1;
}
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body);
$body = scale_external_images($body, false);
// Setting the object type if not defined before
if (!$objecttype) {
$objecttype = ACTIVITY_OBJ_NOTE;
// Default value
require_once "include/plaintext.php";
$objectdata = get_attached_data($body);
if ($post["type"] == "link") {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
} elseif ($post["type"] == "video") {
$objecttype = ACTIVITY_OBJ_VIDEO;
} elseif ($post["type"] == "photo") {
$objecttype = ACTIVITY_OBJ_IMAGE;
}
}
/**
* Look for any tags and linkify them
*/
$str_tags = '';
$inform = '';
$tags = get_tags($body);
/**
* add a statusnet style reply tag if the original post was from there
* and we are replying, and there isn't one already
*/
if ($parent_contact && $parent_contact['network'] === NETWORK_OSTATUS && $parent_contact['nick'] && !in_array('@' . $parent_contact['nick'], $tags)) {
$body = '@' . $parent_contact['nick'] . ' ' . $body;
$tags[] = '@' . $parent_contact['nick'];
}
$tagged = array();
$private_forum = false;
if (count($tags)) {
foreach ($tags as $tag) {
if (strpos($tag, '#') === 0) {
continue;
}
// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
// Robert Johnson should be first in the $tags array
$fullnametagged = false;
for ($x = 0; $x < count($tagged); $x++) {
if (stristr($tagged[$x], $tag . ' ')) {
$fullnametagged = true;
break;
}
}
if ($fullnametagged) {
continue;
}
$success = handle_tag($a, $body, $inform, $str_tags, local_user() ? local_user() : $profile_uid, $tag, $network);
if ($success['replaced']) {
$tagged[] = $tag;
}
if (is_array($success['contact']) && intval($success['contact']['prv'])) {
$private_forum = true;
$private_id = $success['contact']['id'];
}
}
}
if ($private_forum && !$parent && !$private) {
// we tagged a private forum in a top level post and the message was public.
// Restrict it.
$private = 1;
$str_contact_allow = '<' . $private_id . '>';
}
$attachments = '';
$match = false;
if (preg_match_all('/(\\[attachment\\]([0-9]+)\\[\\/attachment\\])/', $body, $match)) {
foreach ($match[2] as $mtch) {
$r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($mtch));
if (count($r)) {
if (strlen($attachments)) {
$attachments .= ',';
}
$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . ($r[0]['filename'] ? $r[0]['filename'] : '') . '"[/attach]';
}
$body = str_replace($match[1], '', $body);
}
}
$wall = 0;
if ($post_type === 'wall' || $post_type === 'wall-comment') {
$wall = 1;
}
if (!strlen($verb)) {
$verb = ACTIVITY_POST;
}
if ($network == "") {
$network = NETWORK_DFRN;
}
$gravity = $parent ? 6 : 0;
// even if the post arrived via API we are considering that it
// originated on this site by default for determining relayability.
$origin = x($_REQUEST, 'origin') ? intval($_REQUEST['origin']) : 1;
$notify_type = $parent ? 'comment-new' : 'wall-new';
$uri = $message_id ? $message_id : item_new_uri($a->get_hostname(), $profile_uid);
// Fallback so that we alway have a thr-parent
if (!$thr_parent) {
$thr_parent = $uri;
}
$datarray = array();
$datarray['uid'] = $profile_uid;
$datarray['type'] = $post_type;
$datarray['wall'] = $wall;
$datarray['gravity'] = $gravity;
$datarray['network'] = $network;
$datarray['contact-id'] = $contact_id;
$datarray['owner-name'] = $contact_record['name'];
$datarray['owner-link'] = $contact_record['url'];
$datarray['owner-avatar'] = $contact_record['thumb'];
$datarray['author-name'] = $author['name'];
$datarray['author-link'] = $author['url'];
$datarray['author-avatar'] = $author['thumb'];
$datarray['created'] = datetime_convert();
$datarray['edited'] = datetime_convert();
$datarray['commented'] = datetime_convert();
$datarray['received'] = datetime_convert();
$datarray['changed'] = datetime_convert();
$datarray['extid'] = $extid;
$datarray['guid'] = $guid;
$datarray['uri'] = $uri;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['tag'] = $str_tags;
$datarray['file'] = $categories;
$datarray['inform'] = $inform;
$datarray['verb'] = $verb;
$datarray['object-type'] = $objecttype;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['private'] = $private;
$datarray['pubmail'] = $pubmail_enable;
$datarray['attach'] = $attachments;
$datarray['bookmark'] = intval($bookmark);
$datarray['thr-parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['origin'] = $origin;
$datarray['moderated'] = $allow_moderated;
/**
* These fields are for the convenience of plugins...
* 'self' if true indicates the owner is posting on their own wall
* If parent is 0 it is a top-level post.
*/
$datarray['parent'] = $parent;
$datarray['self'] = $self;
// $datarray['prvnets'] = $user['prvnets'];
if ($orig_post) {
$datarray['edit'] = true;
}
// Search for hashtags
item_body_set_hashtags($datarray);
// preview mode - prepare the body for display and send it via json
if ($preview) {
require_once 'include/conversation.php';
$o = conversation($a, array(array_merge($contact_record, $datarray)), 'search', false, true);
logger('preview: ' . $o);
echo json_encode(array('preview' => $o));
killme();
}
call_hooks('post_local', $datarray);
if (x($datarray, 'cancel')) {
logger('mod_item: post cancelled by plugin.');
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('cancel' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
echo json_encode($json);
killme();
}
// Fill the cache field
put_item_in_cache($datarray);
if ($orig_post) {
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `rendered-html` = '%s', `rendered-hash` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc($datarray['attach']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash']), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($post_id), intval($profile_uid));
create_tags_from_item($post_id);
create_files_from_item($post_id);
update_thread($post_id);
// update filetags in pconfig
file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category');
proc_run('php', "include/notifier.php", 'edit_post', "{$post_id}");
if (x($_REQUEST, 'return') && strlen($return_path)) {
logger('return: ' . $return_path);
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
} else {
$post_id = 0;
}
$r = q("INSERT INTO `item` (`guid`, `extid`, `uid`,`type`,`wall`,`gravity`, `network`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`,\n\t\t`created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `object-type`, `postopts`,\n\t\t`allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark`,`origin`, `moderated`, `file`, `rendered-html`, `rendered-hash`)\n\t\tVALUES( '%s', '%s', %d, '%s', %d, %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s')", dbesc($datarray['guid']), dbesc($datarray['extid']), intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), intval($datarray['gravity']), dbesc($datarray['network']), intval($datarray['contact-id']), dbesc($datarray['owner-name']), dbesc($datarray['owner-link']), dbesc($datarray['owner-avatar']), dbesc($datarray['author-name']), dbesc($datarray['author-link']), dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), dbesc($datarray['commented']), dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), dbesc($datarray['thr-parent']), dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['app']), dbesc($datarray['location']), dbesc($datarray['coord']), dbesc($datarray['tag']), dbesc($datarray['inform']), dbesc($datarray['verb']), dbesc($datarray['object-type']), dbesc($datarray['postopts']), dbesc($datarray['allow_cid']), dbesc($datarray['allow_gid']), dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), intval($datarray['pubmail']), dbesc($datarray['attach']), intval($datarray['bookmark']), intval($datarray['origin']), intval($datarray['moderated']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash']));
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($datarray['uri']));
if (!count($r)) {
logger('mod_item: unable to retrieve post that was just stored.');
notice(t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path);
// NOTREACHED
}
$post_id = $r[0]['id'];
logger('mod_item: saved item ' . $post_id);
$datarray["id"] = $post_id;
$datarray["plink"] = $a->get_baseurl() . '/display/' . urlencode($datarray["guid"]);
// update filetags in pconfig
file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category');
if ($parent) {
// This item is the last leaf and gets the comment box, clear any ancestors
$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ", dbesc(datetime_convert()), intval($parent));
update_thread($parent, true);
// Inherit ACLs from the parent item.
$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d\n\t\t\tWHERE `id` = %d", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), intval($parent_item['private']), intval($post_id));
if ($contact_record != $author) {
notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_uri' => $parent_item['uri']));
}
// Store the comment signature information in case we need to relay to Diaspora
store_diaspora_comment_sig($datarray, $author, $self ? $a->user['prvkey'] : false, $parent_item, $post_id);
} else {
$parent = $post_id;
if ($contact_record != $author) {
notification(array('type' => NOTIFY_WALL, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item'));
}
}
// fallback so that parent always gets set to non-zero.
if (!$parent) {
$parent = $post_id;
}
$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1\n\t\tWHERE `id` = %d", intval($parent), dbesc($parent == $post_id ? $uri : $parent_item['uri']), dbesc($a->get_baseurl() . '/display/' . urlencode($datarray['guid'])), dbesc(datetime_convert()), intval($post_id));
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if (!$parent_item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d", intval($parent_item['id']));
update_thread($parent_item['id']);
}
// update the commented timestamp on the parent
q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($parent));
if ($post_id != $parent) {
update_thread($parent);
}
call_hooks('post_local_end', $datarray);
if (strlen($emailcc) && $profile_uid == local_user()) {
$erecips = explode(',', $emailcc);
if (count($erecips)) {
foreach ($erecips as $recip) {
$addr = trim($recip);
if (!strlen($addr)) {
continue;
}
$disclaimer = '<hr />' . sprintf(t('This message was sent to you by %s, a member of the Friendica social network.'), $a->user['username']) . '<br />';
$disclaimer .= sprintf(t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL;
$disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL;
if (!$datarray['title'] == '') {
$subject = email_header_encode($datarray['title'], 'UTF-8');
} else {
$subject = email_header_encode('[Friendica]' . ' ' . sprintf(t('%s posted an update.'), $a->user['username']), 'UTF-8');
}
$link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
$html = prepare_body($datarray);
$message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
include_once 'include/html2plain.php';
$params = array('fromName' => $a->user['username'], 'fromEmail' => $a->user['email'], 'toEmail' => $addr, 'replyTo' => $a->user['email'], 'messageSubject' => $subject, 'htmlVersion' => $message, 'textVersion' => html2plain($html . $disclaimer));
Emailer::send($params);
}
}
}
create_tags_from_item($post_id);
create_files_from_item($post_id);
if ($post_id == $parent) {
add_thread($post_id);
}
// This is a real juggling act on shared hosting services which kill your processes
// e.g. dreamhost. We used to start delivery to our native delivery agents in the background
// and then run our plugin delivery from the foreground. We're now doing plugin delivery first,
// because as soon as you start loading up a bunch of remote delivey processes, *this* page is
// likely to get killed off. If you end up looking at an /item URL and a blank page,
// it's very likely the delivery got killed before all your friends could be notified.
// Currently the only realistic fixes are to use a reliable server - which precludes shared hosting,
// or cut back on plugins which do remote deliveries.
proc_run('php', "include/notifier.php", $notify_type, "{$post_id}");
logger('post_complete');
item_post_return($a->get_baseurl(), $api_source, $return_path);
// NOTREACHED
}
function diaspora_conversation($importer, $xml, $msg)
{
$a = get_app();
$guid = notags(unxmlify($xml->guid));
$subject = notags(unxmlify($xml->subject));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$participant_handles = notags(unxmlify($xml->participant_handles));
$created_at = datetime_convert('UTC', 'UTC', notags(unxmlify($xml->created_at)));
$parent_uri = $diaspora_handle . ':' . $guid;
$messages = $xml->message;
if (!count($messages)) {
logger('diaspora_conversation: empty conversation');
return;
}
$contact = diaspora_get_contact_by_handle($importer['uid'], $msg['author']);
if (!$contact) {
logger('diaspora_conversation: cannot find contact: ' . $msg['author']);
return;
}
if ($contact['rel'] == CONTACT_IS_FOLLOWER || $contact['blocked'] || $contact['readonly']) {
logger('diaspora_conversation: Ignoring this author.');
return 202;
}
$conversation = null;
$c = q("select * from conv where uid = %d and guid = '%s' limit 1", intval($importer['uid']), dbesc($guid));
if (count($c)) {
$conversation = $c[0];
} else {
$r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ", intval($importer['uid']), dbesc($guid), dbesc($diaspora_handle), dbesc(datetime_convert('UTC', 'UTC', $created_at)), dbesc(datetime_convert()), dbesc($subject), dbesc($participant_handles));
if ($r) {
$c = q("select * from conv where uid = %d and guid = '%s' limit 1", intval($importer['uid']), dbesc($guid));
}
if (count($c)) {
$conversation = $c[0];
}
}
if (!$conversation) {
logger('diaspora_conversation: unable to create conversation.');
return;
}
foreach ($messages as $mesg) {
$reply = 0;
$msg_guid = notags(unxmlify($mesg->guid));
$msg_parent_guid = notags(unxmlify($mesg->parent_guid));
$msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature));
$msg_author_signature = notags(unxmlify($mesg->author_signature));
$msg_text = unxmlify($mesg->text);
$msg_created_at = datetime_convert('UTC', 'UTC', notags(unxmlify($mesg->created_at)));
$msg_diaspora_handle = notags(unxmlify($mesg->diaspora_handle));
$msg_conversation_guid = notags(unxmlify($mesg->conversation_guid));
if ($msg_conversation_guid != $guid) {
logger('diaspora_conversation: message conversation guid does not belong to the current conversation. ' . $xml);
continue;
}
$body = diaspora2bb($msg_text);
$message_id = $msg_diaspora_handle . ':' . $msg_guid;
$author_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid;
$author_signature = base64_decode($msg_author_signature);
if (strcasecmp($msg_diaspora_handle, $msg['author']) == 0) {
$person = $contact;
$key = $msg['key'];
} else {
$person = find_diaspora_person_by_handle($msg_diaspora_handle);
if (is_array($person) && x($person, 'pubkey')) {
$key = $person['pubkey'];
} else {
logger('diaspora_conversation: unable to find author details');
continue;
}
}
if (!rsa_verify($author_signed_data, $author_signature, $key, 'sha256')) {
logger('diaspora_conversation: verification failed.');
continue;
}
if ($msg_parent_author_signature) {
$owner_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid;
$parent_author_signature = base64_decode($msg_parent_author_signature);
$key = $msg['key'];
if (!rsa_verify($owner_signed_data, $parent_author_signature, $key, 'sha256')) {
logger('diaspora_conversation: owner verification failed.');
continue;
}
}
$r = q("select id from mail where `uri` = '%s' limit 1", dbesc($message_id));
if (count($r)) {
logger('diaspora_conversation: duplicate message already delivered.', LOGGER_DEBUG);
continue;
}
q("insert into mail ( `uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) values ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", intval($importer['uid']), dbesc($msg_guid), intval($conversation['id']), dbesc($person['name']), dbesc($person['photo']), dbesc($person['url']), intval($contact['id']), dbesc($subject), dbesc($body), 0, 0, dbesc($message_id), dbesc($parent_uri), dbesc($msg_created_at));
q("update conv set updated = '%s' where id = %d", dbesc(datetime_convert()), intval($conversation['id']));
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_MAIL, 'notify_flags' => $importer['notify-flags'], 'language' => $importer['language'], 'to_name' => $importer['username'], 'to_email' => $importer['email'], 'uid' => $importer['uid'], 'item' => array('subject' => $subject, 'body' => $body), 'source_name' => $person['name'], 'source_link' => $person['url'], 'source_photo' => $person['thumb'], 'verb' => ACTIVITY_POST, 'otype' => 'mail'));
}
return;
}
<?php
$auth = array('2', '3');
require '../../includes/config.include.php';
//Get general include
require '../../includes/header.include.php';
//Get general header include
require '../../includes/orbis.include.php';
//Orbis Framework
if (isset($_POST['motdupdate'])) {
$motdcontent = $_POST['motd'];
$motdquery = $db->prepare("UPDATE settings SET site_motd = '{$motdcontent}' WHERE id = '1'");
$motdquery->execute();
$notification = notification('Successfully Updated MOTD. <br><a href="' . $protocol . $_SERVER['HTTP_HOST'] . $basepath . '/dash/group/1/">Click to view as a Staff Worker!</a>', 'success');
changelog('', 'The server MOTD was updated.', 'settings');
}
$currentuser = $_SESSION['staff_id'];
$quser = "******";
$resultuser = $db->query($quser);
while ($rowresult = $resultuser->fetch(PDO::FETCH_ASSOC)) {
?>
<!-- DASHBOARD PAGE START -->
<!-- Main Container -->
<main id="main-container">
<!-- Page Header -->
<?php
if ($rowresult['staff_background']) {
$staffbackground = "url('../../get/image.php?file=" . $rowresult['staff_background'] . "');";
} else {
$staffbackground = "url('../../assets/img/photos/photo8@2x.jpg');";
