Ejemplo n.º 1
0
function change_channel($change_channel)
{
    $ret = false;
    if ($change_channel) {
        $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and not ( channel_pageflags & %d) limit 1", intval($change_channel), intval(get_account_id()), intval(PAGE_REMOVED));
        if ($r) {
            $hash = $r[0]['channel_hash'];
            $_SESSION['uid'] = intval($r[0]['channel_id']);
            get_app()->set_channel($r[0]);
            $_SESSION['theme'] = $r[0]['channel_theme'];
            $_SESSION['mobile_theme'] = get_pconfig(local_user(), 'system', 'mobile_theme');
            date_default_timezone_set($r[0]['channel_timezone']);
            $ret = $r[0];
        }
        $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash));
        if ($x) {
            $_SESSION['my_url'] = $x[0]['xchan_url'];
            $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3);
            get_app()->set_observer($x[0]);
            get_app()->set_perms(get_all_perms(local_user(), $hash));
        }
        if (!is_dir('store/' . $r[0]['channel_address'])) {
            @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true);
        }
    }
    return $ret;
}
Ejemplo n.º 2
0
 function init()
 {
     if (!is_dir('store')) {
         os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
     }
     $which = null;
     if (argc() > 1) {
         $which = argv(1);
     }
     $profile = 0;
     \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
     if ($which) {
         profile_load($which, $profile);
     }
     $auth = new \Zotlabs\Storage\BasicAuth();
     $ob_hash = get_observer_hash();
     if ($ob_hash) {
         if (local_channel()) {
             $channel = \App::get_channel();
             $auth->setCurrentUser($channel['channel_address']);
             $auth->channel_id = $channel['channel_id'];
             $auth->channel_hash = $channel['channel_hash'];
             $auth->channel_account_id = $channel['channel_account_id'];
             if ($channel['channel_timezone']) {
                 $auth->setTimezone($channel['channel_timezone']);
             }
         }
         $auth->observer = $ob_hash;
     }
     if ($_GET['davguest']) {
         $_SESSION['davguest'] = true;
     }
     $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
     $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
     $_SERVER['QUERY_STRING'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
     $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
     $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
     $_SERVER['REQUEST_URI'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
     $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
     // A SabreDAV server-object
     $server = new SDAV\Server($rootDirectory);
     // prevent overwriting changes each other with a lock backend
     $lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
     $lockPlugin = new SDAV\Locks\Plugin($lockBackend);
     $server->addPlugin($lockPlugin);
     $is_readable = false;
     // provide a directory view for the cloud in Hubzilla
     $browser = new \Zotlabs\Storage\Browser($auth);
     $auth->setBrowserPlugin($browser);
     $server->addPlugin($browser);
     // Experimental QuotaPlugin
     //	require_once('\Zotlabs\Storage/QuotaPlugin.php');
     //	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
     ob_start();
     // All we need to do now, is to fire up the server
     $server->exec();
     ob_end_flush();
     killme();
 }
Ejemplo n.º 3
0
function wiki_init_wiki($channel, $wiki)
{
    // Store the path as a relative path, but pass absolute path to mkdir
    $path = 'store/[data]/git/' . $channel['channel_address'] . '/wiki/' . $wiki['urlName'];
    if (!os_mkdir(__DIR__ . '/../' . $path, 0770, true)) {
        logger('Error creating wiki path: ' . $path);
        return null;
    }
    // Create GitRepo object
    $git = new GitRepo($channel['channel_address'], null, false, $name, __DIR__ . '/../' . $path);
    if (!$git->initRepo()) {
        logger('Error creating new git repo in ' . $git->path);
        return null;
    }
    return array('path' => $path);
}
Ejemplo n.º 4
0
 function init()
 {
     // workaround for HTTP-auth in CGI mode
     if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
         $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
         if (strlen($userpass)) {
             list($name, $password) = explode(':', $userpass);
             $_SERVER['PHP_AUTH_USER'] = $name;
             $_SERVER['PHP_AUTH_PW'] = $password;
         }
     }
     if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
         $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
         if (strlen($userpass)) {
             list($name, $password) = explode(':', $userpass);
             $_SERVER['PHP_AUTH_USER'] = $name;
             $_SERVER['PHP_AUTH_PW'] = $password;
         }
     }
     if (!is_dir('store')) {
         os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
     }
     if (argc() > 1) {
         profile_load(argv(1), 0);
     }
     $auth = new \Zotlabs\Storage\BasicAuth();
     $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
     $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
     // A SabreDAV server-object
     $server = new SDAV\Server($rootDirectory);
     $authPlugin = new \Sabre\DAV\Auth\Plugin($auth);
     $server->addPlugin($authPlugin);
     // prevent overwriting changes each other with a lock backend
     $lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
     $lockPlugin = new SDAV\Locks\Plugin($lockBackend);
     $server->addPlugin($lockPlugin);
     // provide a directory view for the cloud in Hubzilla
     $browser = new \Zotlabs\Storage\Browser($auth);
     $auth->setBrowserPlugin($browser);
     // Experimental QuotaPlugin
     // require_once('Zotlabs/Storage/QuotaPlugin.php');
     // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
     // All we need to do now, is to fire up the server
     $server->exec();
     killme();
 }
Ejemplo n.º 5
0
 public function __construct()
 {
     // Cannot use get_config() here because it is called during installation when there is no DB.
     // FIXME: this may leak private information such as system pathnames.
     $basecompiledir = array_key_exists('smarty3_folder', \App::$config['system']) ? \App::$config['system']['smarty3_folder'] : '';
     if (!$basecompiledir) {
         $basecompiledir = str_replace('Zotlabs', '', dirname(__DIR__)) . "/" . TEMPLATE_BUILD_PATH;
     }
     if (!is_dir($basecompiledir)) {
         @os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true);
         if (!is_dir($basecompiledir)) {
             echo "<b>ERROR:</b> folder <tt>{$basecompiledir}</tt> does not exist.";
             killme();
         }
     }
     if (!is_writable($basecompiledir)) {
         echo "<b>ERROR:</b> folder <tt>{$basecompiledir}</tt> must be writable by webserver.";
         killme();
     }
     \App::$config['system']['smarty3_folder'] = $basecompiledir;
 }
Ejemplo n.º 6
0
Archivo: update.php Proyecto: Mauru/red
function update_r1116()
{
    @os_mkdir('store/[data]/smarty3', STORAGE_DEFAULT_PERMISSIONS, true);
    return UPDATE_SUCCESS;
}
Ejemplo n.º 7
0
/**
 * @brief Create directory (recursive).
 *
 * @param array $channel channel array of owner
 * @param string $observer_hash hash of current observer
 * @param array $arr parameter array to fulfil request
 * - Required:
 *  * \e string \b pathname
 *  * \e string \b folder hash of parent directory, empty string for root directory
 * - Optional:
 *  * \e string \b allow_cid
 *  * \e string \b allow_gid
 *  * \e string \b deny_cid
 *  * \e string \b deny_gid
 * @return array
 */
function attach_mkdirp($channel, $observer_hash, $arr = null)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $sql_options = '';
    $basepath = 'store/' . $channel['channel_address'];
    logger('attach_mkdirp: basepath: ' . $basepath);
    if (!is_dir($basepath)) {
        os_mkdir($basepath, STORAGE_DEFAULT_PERMISSIONS, true);
    }
    if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    if (!$arr['pathname']) {
        $ret['message'] = t('Empty pathname');
        return $ret;
    }
    $paths = explode('/', $arr['pathname']);
    if (!$paths) {
        $ret['message'] = t('Empty path');
        return $ret;
    }
    $current_parent = '';
    foreach ($paths as $p) {
        if (!$p) {
            continue;
        }
        $arx = array('filename' => $p, 'folder' => $current_parent, 'force' => 1);
        if (array_key_exists('allow_cid', $arr)) {
            $arx['allow_cid'] = $arr['allow_cid'];
        }
        if (array_key_exists('deny_cid', $arr)) {
            $arx['deny_cid'] = $arr['deny_cid'];
        }
        if (array_key_exists('allow_gid', $arr)) {
            $arx['allow_gid'] = $arr['allow_gid'];
        }
        if (array_key_exists('deny_gid', $arr)) {
            $arx['deny_gid'] = $arr['deny_gid'];
        }
        $x = attach_mkdir($channel, $observer_hash, $arx);
        if ($x['success']) {
            $current_parent = $x['data']['hash'];
        } else {
            $ret['message'] = $x['message'];
            return $ret;
        }
    }
    if (isset($x)) {
        $ret['success'] = true;
        $ret['data'] = $x['data'];
    }
    return $ret;
}
Ejemplo n.º 8
0
Archivo: cloud.php Proyecto: Mauru/red
/**
 * @brief Fires up the SabreDAV server.
 *
 * @param App &$a
 */
function cloud_init(&$a)
{
    // call ($currenttheme)_init since we're operating outside of index.php
    $theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";
    if (file_exists($theme_info_file)) {
        require_once $theme_info_file;
        if (function_exists(str_replace('-', '_', current_theme()) . '_init')) {
            $func = str_replace('-', '_', current_theme()) . '_init';
            $func($a);
        }
    }
    require_once 'include/reddav.php';
    if (!is_dir('store')) {
        os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
    }
    $which = null;
    if (argc() > 1) {
        $which = argv(1);
    }
    $profile = 0;
    $channel = $a->get_channel();
    $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n";
    if ($which) {
        profile_load($a, $which, $profile);
    }
    $auth = new RedBasicAuth();
    $ob_hash = get_observer_hash();
    if ($ob_hash) {
        if (local_user()) {
            $channel = $a->get_channel();
            $auth->setCurrentUser($channel['channel_address']);
            $auth->channel_name = $channel['channel_address'];
            $auth->channel_id = $channel['channel_id'];
            $auth->channel_hash = $channel['channel_hash'];
            $auth->channel_account_id = $channel['channel_account_id'];
            if ($channel['channel_timezone']) {
                $auth->timezone = $channel['channel_timezone'];
            }
        }
        $auth->observer = $ob_hash;
    }
    if ($_GET['davguest']) {
        $_SESSION['davguest'] = true;
    }
    $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
    $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
    $rootDirectory = new RedDirectory('/', $auth);
    // A SabreDAV server-object
    $server = new DAV\Server($rootDirectory);
    // prevent overwriting changes each other with a lock backend
    $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
    $lockPlugin = new DAV\Locks\Plugin($lockBackend);
    $server->addPlugin($lockPlugin);
    // The next section of code allows us to bypass prompting for http-auth if a FILE is being accessed anonymously and permissions
    // allow this. This way one can create hotlinks to public media files in their cloud and anonymous viewers won't get asked to login.
    // If a DIRECTORY is accessed or there are permission issues accessing the file and we aren't previously authenticated via zot,
    // prompt for HTTP-auth. This will be the default case for mounting a DAV directory.
    // In order to avoid prompting for passwords for viewing a DIRECTORY, add the URL query parameter 'davguest=1'
    $isapublic_file = false;
    $davguest = x($_SESSION, 'davguest') ? true : false;
    if (!$auth->observer && $_SERVER['REQUEST_METHOD'] === 'GET') {
        try {
            $x = RedFileData('/' . $a->cmd, $auth);
            if ($x instanceof RedFile) {
                $isapublic_file = true;
            }
        } catch (Exception $e) {
            $isapublic_file = false;
        }
    }
    if (!$auth->observer && !$isapublic_file && !$davguest) {
        try {
            $auth->Authenticate($server, t('Red Matrix - Guests: Username: {your email address}, Password: +++'));
        } catch (Exception $e) {
            logger('mod_cloud: auth exception' . $e->getMessage());
            http_status_exit($e->getHTTPCode(), $e->getMessage());
        }
    }
    // provide a directory view for the cloud in Red Matrix
    $browser = new RedBrowser($auth);
    $auth->setBrowserPlugin($browser);
    $server->addPlugin($browser);
    // All we need to do now, is to fire up the server
    $server->exec();
    killme();
}
Ejemplo n.º 9
0
/**
 * @brief Check for store directory.
 *
 * @param[out] array &$checks
 */
function check_store(&$checks)
{
    $status = true;
    $help = '';
    @os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true);
    if (!is_writable('store')) {
        $status = false;
        $help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
        $help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.') . EOL;
    }
    check_add($checks, t('store is writable'), $status, true, $help);
}
Ejemplo n.º 10
0
/**
 * @brief Fires up the SabreDAV server.
 *
 * @param App &$a
 */
function cloud_init(&$a)
{
    require_once 'include/reddav.php';
    if (!is_dir('store')) {
        os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
    }
    $which = null;
    if (argc() > 1) {
        $which = argv(1);
    }
    $profile = 0;
    $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n";
    if ($which) {
        profile_load($a, $which, $profile);
    }
    $auth = new RedDAV\RedBasicAuth();
    $ob_hash = get_observer_hash();
    if ($ob_hash) {
        if (local_channel()) {
            $channel = $a->get_channel();
            $auth->setCurrentUser($channel['channel_address']);
            $auth->channel_id = $channel['channel_id'];
            $auth->channel_hash = $channel['channel_hash'];
            $auth->channel_account_id = $channel['channel_account_id'];
            if ($channel['channel_timezone']) {
                $auth->setTimezone($channel['channel_timezone']);
            }
        }
        $auth->observer = $ob_hash;
    }
    if ($_GET['davguest']) {
        $_SESSION['davguest'] = true;
    }
    $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
    $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
    $rootDirectory = new RedDAV\RedDirectory('/', $auth);
    // A SabreDAV server-object
    $server = new DAV\Server($rootDirectory);
    // prevent overwriting changes each other with a lock backend
    $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
    $lockPlugin = new DAV\Locks\Plugin($lockBackend);
    $server->addPlugin($lockPlugin);
    $is_readable = false;
    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
        try {
            $x = RedFileData('/' . $a->cmd, $auth);
        } catch (\Exception $e) {
            if ($e instanceof Sabre\DAV\Exception\Forbidden) {
                http_status_exit(401, 'Permission denied.');
            }
        }
    }
    require_once 'include/RedDAV/RedBrowser.php';
    // provide a directory view for the cloud in Hubzilla
    $browser = new RedDAV\RedBrowser($auth);
    $auth->setBrowserPlugin($browser);
    $server->addPlugin($browser);
    // Experimental QuotaPlugin
    //	require_once('include/RedDAV/QuotaPlugin.php');
    //	$server->addPlugin(new RedDAV\QuotaPlugin($auth));
    // All we need to do now, is to fire up the server
    $server->exec();
    killme();
}
Ejemplo n.º 11
0
function sync_files($channel, $files)
{
    require_once 'include/attach.php';
    if ($channel && $files) {
        foreach ($files as $f) {
            if (!$f) {
                continue;
            }
            $fetch_url = $f['fetch_url'];
            $oldbase = dirname($fetch_url);
            $original_channel = $f['original_channel'];
            if (!($fetch_url && $original_channel)) {
                continue;
            }
            if ($f['attach']) {
                $attachment_stored = false;
                foreach ($f['attach'] as $att) {
                    convert_oldfields($att, 'data', 'content');
                    if ($att['deleted']) {
                        attach_delete($channel, $att['hash']);
                        continue;
                    }
                    $attach_exists = false;
                    $x = attach_by_hash($att['hash']);
                    logger('sync_files duplicate check: attach_exists=' . $attach_exists, LOGGER_DEBUG);
                    logger('sync_files duplicate check: att=' . print_r($att, true), LOGGER_DEBUG);
                    logger('sync_files duplicate check: attach_by_hash() returned ' . print_r($x, true), LOGGER_DEBUG);
                    if ($x['success']) {
                        $attach_exists = true;
                        $attach_id = $x[0]['id'];
                    }
                    $newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['content']);
                    unset($att['id']);
                    $att['aid'] = $channel['channel_account_id'];
                    $att['uid'] = $channel['channel_id'];
                    // check for duplicate folder names with the same parent.
                    // If we have a duplicate that doesn't match this hash value
                    // change the name so that the contents won't be "covered over"
                    // by the existing directory. Use the same logic we use for
                    // duplicate files.
                    if (strpos($att['filename'], '.') !== false) {
                        $basename = substr($att['filename'], 0, strrpos($att['filename'], '.'));
                        $ext = substr($att['filename'], strrpos($att['filename'], '.'));
                    } else {
                        $basename = $att['filename'];
                        $ext = '';
                    }
                    $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($att['folder']), dbesc($att['hash']));
                    if ($r) {
                        $x = 1;
                        do {
                            $found = false;
                            foreach ($r as $rr) {
                                if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
                                    $found = true;
                                    break;
                                }
                            }
                            if ($found) {
                                $x++;
                            }
                        } while ($found);
                        $att['filename'] = $basename . '(' . $x . ')' . $ext;
                    } else {
                        $att['filename'] = $basename . $ext;
                    }
                    // end duplicate detection
                    // @fixme - update attachment structures if they are modified rather than created
                    $att['content'] = $newfname;
                    // Note: we use $att['hash'] below after it has been escaped to
                    // fetch the file contents.
                    // If the hash ever contains any escapable chars this could cause
                    // problems. Currently it does not.
                    dbesc_array($att);
                    if ($attach_exists) {
                        logger('sync_files attach exists: ' . print_r($att, true), LOGGER_DEBUG);
                        $str = '';
                        foreach ($att as $k => $v) {
                            if ($str) {
                                $str .= ",";
                            }
                            $str .= " `" . $k . "` = '" . $v . "' ";
                        }
                        $r = dbq("update `attach` set " . $str . " where id = " . intval($attach_id));
                    } else {
                        logger('sync_files attach does not exists: ' . print_r($att, true), LOGGER_DEBUG);
                        $r = dbq("INSERT INTO attach (`" . implode("`, `", array_keys($att)) . "`) VALUES ('" . implode("', '", array_values($att)) . "')");
                    }
                    // is this a directory?
                    if ($att['filetype'] === 'multipart/mixed' && $att['is_dir']) {
                        os_mkdir($newfname, STORAGE_DEFAULT_PERMISSIONS, true);
                        $attachment_stored = true;
                        continue;
                    } else {
                        // it's a file
                        // for the sync version of this algorithm (as opposed to 'offline import')
                        // we will fetch the actual file from the source server so it can be
                        // streamed directly to disk and avoid consuming PHP memory if it's a huge
                        // audio/video file or something.
                        $time = datetime_convert();
                        $parr = array('hash' => $channel['channel_hash'], 'time' => $time, 'resource' => $att['hash'], 'revision' => 0, 'signature' => base64url_encode(rsa_sign($channel['channel_hash'] . '.' . $time, $channel['channel_prvkey'])));
                        $store_path = $newfname;
                        $fp = fopen($newfname, 'w');
                        if (!$fp) {
                            logger('failed to open storage file.', LOGGER_NORMAL, LOG_ERR);
                            continue;
                        }
                        $redirects = 0;
                        $x = z_post_url($fetch_url, $parr, $redirects, array('filep' => $fp));
                        fclose($fp);
                        if ($x['success']) {
                            $attachment_stored = true;
                        }
                        continue;
                    }
                }
            }
            if (!$attachment_stored) {
                // @TODO should we queue this and retry or delete everything or what?
                logger('attachment store failed', LOGGER_NORMAL, LOG_ERR);
            }
            if ($f['photo']) {
                foreach ($f['photo'] as $p) {
                    unset($p['id']);
                    $p['aid'] = $channel['channel_account_id'];
                    $p['uid'] = $channel['channel_id'];
                    convert_oldfields($p, 'data', 'content');
                    convert_oldfields($p, 'scale', 'imgscale');
                    convert_oldfields($p, 'size', 'filesize');
                    convert_oldfields($p, 'type', 'mimetype');
                    // if this is a profile photo, undo the profile photo bit
                    // for any other photo which previously held it.
                    if ($p['photo_usage'] == PHOTO_PROFILE) {
                        $e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), dbesc($p['resource_id']), intval($channel['channel_id']));
                    }
                    // same for cover photos
                    if ($p['photo_usage'] == PHOTO_COVER) {
                        $e = q("update photo set photo_usage = %d where photo_usage = %d\n\t\t\t\t\t\t\tand resource_id != '%s' and uid = %d ", intval(PHOTO_NORMAL), intval(PHOTO_COVER), dbesc($p['resource_id']), intval($channel['channel_id']));
                    }
                    if ($p['imgscale'] === 0 && $p['os_storage']) {
                        $p['content'] = $store_path;
                    } else {
                        $p['content'] = base64_decode($p['content']);
                    }
                    $exists = q("select * from photo where resource_id = '%s' and imgscale = %d and uid = %d limit 1", dbesc($p['resource_id']), intval($p['imgscale']), intval($channel['channel_id']));
                    dbesc_array($p);
                    if ($exists) {
                        $str = '';
                        foreach ($p as $k => $v) {
                            if ($str) {
                                $str .= ",";
                            }
                            $str .= " `" . $k . "` = '" . $v . "' ";
                        }
                        $r = dbq("update `photo` set " . $str . " where id = " . intval($exists[0]['id']));
                    } else {
                        $r = dbq("INSERT INTO photo (`" . implode("`, `", array_keys($p)) . "`) VALUES ('" . implode("', '", array_values($p)) . "')");
                    }
                }
            }
            if ($f['item']) {
                sync_items($channel, $f['item'], ['channel_address' => $original_channel, 'url' => $oldbase]);
            }
        }
    }
}
Ejemplo n.º 12
0
/**
 * @brief Change to another channel with current logged-in account.
 *
 * @param int $change_channel The channel_id of the channel you want to change to
 *
 * @return bool|array false or channel record of the new channel
 */
function change_channel($change_channel)
{
    $ret = false;
    if ($change_channel) {
        $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_account_id = %d and channel_removed = 0 limit 1", intval($change_channel), intval(get_account_id()));
        // It's not there.  Is this an administrator, and is this the sys channel?
        if (is_developer()) {
            if (!$r) {
                if (is_site_admin()) {
                    $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel_id = %d and channel_system = 1 and channel_removed = 0 limit 1", intval($change_channel));
                }
            }
        }
        if ($r) {
            $hash = $r[0]['channel_hash'];
            $_SESSION['uid'] = intval($r[0]['channel_id']);
            App::set_channel($r[0]);
            $_SESSION['theme'] = $r[0]['channel_theme'];
            $_SESSION['mobile_theme'] = get_pconfig(local_channel(), 'system', 'mobile_theme');
            date_default_timezone_set($r[0]['channel_timezone']);
            $ret = $r[0];
        }
        $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($hash));
        if ($x) {
            $_SESSION['my_url'] = $x[0]['xchan_url'];
            $_SESSION['my_address'] = $r[0]['channel_address'] . '@' . App::get_hostname();
            App::set_observer($x[0]);
            App::set_perms(get_all_perms(local_channel(), $hash));
        }
        if (!is_dir('store/' . $r[0]['channel_address'])) {
            @os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS, true);
        }
        $arr = ['channel_id' => $change_channel, 'chanx' => $ret];
        call_hooks('change_channel', $arr);
    }
    return $ret;
}
Ejemplo n.º 13
0
Archivo: attach.php Proyecto: Mauru/red
/**
 * @function attach_mkdir($channel,$observer_hash,$arr);
 *
 * @brief Create directory.
 *
 * @param array $channel channel array of owner
 * @param string $observer_hash hash of current observer
 * @param array $arr parameter array to fulfil request
 * Required:
 *    $arr['filename']
 *    $arr['folder'] // hash of parent directory, empty string for root directory
 * Optional:
 *    $arr['hash']  // precumputed hash for this node
 *    $arr['allow_cid']
 *    $arr['allow_gid']
 *    $arr['deny_cid']
 *    $arr['deny_gid']
 */
function attach_mkdir($channel, $observer_hash, $arr = null)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $sql_options = '';
    $basepath = 'store/' . $channel['channel_address'];
    logger('attach_mkdir: basepath: ' . $basepath);
    if (!is_dir($basepath)) {
        os_mkdir($basepath, STORAGE_DEFAULT_PERMISSIONS, true);
    }
    if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    if (!$arr['filename']) {
        $ret['message'] = t('Empty pathname');
        return $ret;
    }
    $arr['hash'] = $arr['hash'] ? $arr['hash'] : random_string();
    // Check for duplicate name.
    // Check both the filename and the hash as we will be making use of both.
    $r = q("select hash from attach where ( filename = '%s' or hash = '%s' ) and folder = '%s' and uid = %d limit 1", dbesc($arr['filename']), dbesc($arr['hash']), dbesc($arr['folder']), intval($channel['channel_id']));
    if ($r) {
        $ret['message'] = t('duplicate filename or path');
        return $ret;
    }
    if ($arr['folder']) {
        // Walk the directory tree from parent back to root to make sure the parent is valid and name is unique and we
        // have permission to see this path. This implies the root directory itself is public since we won't have permissions
        // set on the psuedo-directory. We can however set permissions for anything and everything contained within it.
        $lpath = '';
        $lfile = $arr['folder'];
        $sql_options = permissions_sql($channel['channel_id']);
        do {
            $r = q("select filename, hash, flags, folder from attach where uid = %d and hash = '%s' and ( flags & %d ) \n\t\t\t\t{$sql_options} limit 1", intval($channel['channel_id']), dbesc($lfile), intval(ATTACH_FLAG_DIR));
            if (!$r) {
                logger('attach_mkdir: hash ' . $lfile . ' not found in ' . $lpath);
                $ret['message'] = t('Path not found.');
                return $ret;
            }
            if ($lfile) {
                $lpath = $r[0]['hash'] . '/' . $lpath;
            }
            $lfile = $r[0]['folder'];
        } while ($r[0]['folder'] && $r[0]['flags'] & ATTACH_FLAG_DIR);
        $path = $basepath . '/' . $lpath;
    } else {
        $path = $basepath . '/';
    }
    $path .= $arr['hash'];
    $created = datetime_convert();
    $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($arr['hash']), dbesc(get_observer_hash()), dbesc($arr['filename']), dbesc('multipart/mixed'), intval(0), intval(0), dbesc($arr['folder']), intval(ATTACH_FLAG_DIR | ATTACH_FLAG_OS), dbesc($path), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $channel['channel_allow_cid']), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $channel['channel_allow_gid']), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $channel['channel_deny_cid']), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $channel['channel_deny_gid']));
    if ($r) {
        if (os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) {
            $ret['success'] = true;
            $ret['data'] = $arr;
            // update the parent folder's lastmodified timestamp
            $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($created), dbesc($arr['folder']), intval($channel_id));
        } else {
            logger('attach_mkdir: ' . mkdir . ' ' . $path . 'failed.');
            $ret['message'] = t('mkdir failed.');
        }
    } else {
        $ret['message'] = t('database storage failed.');
    }
    return $ret;
}
Ejemplo n.º 14
0
/**
 * @brief Fires up the SabreDAV server.
 *
 * @param App &$a
 */
function cloud_init(&$a)
{
    require_once 'include/reddav.php';
    if (!is_dir('store')) {
        os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
    }
    $which = null;
    if (argc() > 1) {
        $which = argv(1);
    }
    $profile = 0;
    $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n";
    if ($which) {
        profile_load($a, $which, $profile);
    }
    $auth = new RedDAV\RedBasicAuth();
    $ob_hash = get_observer_hash();
    if ($ob_hash) {
        if (local_channel()) {
            $channel = $a->get_channel();
            $auth->setCurrentUser($channel['channel_address']);
            $auth->channel_id = $channel['channel_id'];
            $auth->channel_hash = $channel['channel_hash'];
            $auth->channel_account_id = $channel['channel_account_id'];
            if ($channel['channel_timezone']) {
                $auth->setTimezone($channel['channel_timezone']);
            }
        }
        $auth->observer = $ob_hash;
    }
    if ($_GET['davguest']) {
        $_SESSION['davguest'] = true;
    }
    $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
    $_SERVER['QUERY_STRING'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
    $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
    $_SERVER['REQUEST_URI'] = preg_replace('/[\\?&]davguest=(.*?)([\\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
    $rootDirectory = new RedDAV\RedDirectory('/', $auth);
    // A SabreDAV server-object
    $server = new DAV\Server($rootDirectory);
    // prevent overwriting changes each other with a lock backend
    $lockBackend = new DAV\Locks\Backend\File('store/[data]/locks');
    $lockPlugin = new DAV\Locks\Plugin($lockBackend);
    $server->addPlugin($lockPlugin);
    /* This next bit should no longer be needed... */
    // The next section of code allows us to bypass prompting for http-auth if a
    // FILE is being accessed anonymously and permissions allow this. This way
    // one can create hotlinks to public media files in their cloud and anonymous
    // viewers won't get asked to login.
    // If a DIRECTORY is accessed or there are permission issues accessing the
    // file and we aren't previously authenticated via zot, prompt for HTTP-auth.
    // This will be the default case for mounting a DAV directory.
    // In order to avoid prompting for passwords for viewing a DIRECTORY, add
    // the URL query parameter 'davguest=1'.
    //	$isapublic_file = false;
    //	$davguest = ((x($_SESSION, 'davguest')) ? true : false);
    //	if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
    //		try {
    //			$x = RedFileData('/' . $a->cmd, $auth);
    //			if($x instanceof RedDAV\RedFile)
    //				$isapublic_file = true;
    //		}
    //		catch (Exception $e) {
    //			$isapublic_file = false;
    //		}
    //	}
    //	if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
    //		logger('mod_cloud: auth exception');
    //		http_status_exit(401, 'Permission denied.');
    //	}
    require_once 'include/RedDAV/RedBrowser.php';
    // provide a directory view for the cloud in Hubzilla
    $browser = new RedDAV\RedBrowser($auth);
    $auth->setBrowserPlugin($browser);
    $server->addPlugin($browser);
    // Experimental QuotaPlugin
    //	require_once('include/RedDAV/QuotaPlugin.php');
    //	$server->addPlugin(new RedDAV\QuotaPlugin($auth));
    // All we need to do now, is to fire up the server
    $server->exec();
    killme();
}
Ejemplo n.º 15
0
 function init()
 {
     // workaround for HTTP-auth in CGI mode
     if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
         $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
         if (strlen($userpass)) {
             list($name, $password) = explode(':', $userpass);
             $_SERVER['PHP_AUTH_USER'] = $name;
             $_SERVER['PHP_AUTH_PW'] = $password;
         }
     }
     if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
         $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
         if (strlen($userpass)) {
             list($name, $password) = explode(':', $userpass);
             $_SERVER['PHP_AUTH_USER'] = $name;
             $_SERVER['PHP_AUTH_PW'] = $password;
         }
     }
     require_once 'include/reddav.php';
     if (!is_dir('store')) {
         os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
     }
     $which = null;
     if (argc() > 1) {
         $which = argv(1);
     }
     $profile = 0;
     \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
     if ($which) {
         profile_load($a, $which, $profile);
     }
     $auth = new \Zotlabs\Storage\BasicAuth();
     //		$authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) {
     //			if(account_verify_password($userName,$password))
     //				return true;
     //			return false;
     //		});
     //		$ob_hash = get_observer_hash();
     //		if ($ob_hash) {
     //			if (local_channel()) {
     //				$channel = \App::get_channel();
     //				$auth->setCurrentUser($channel['channel_address']);
     //				$auth->channel_id = $channel['channel_id'];
     //				$auth->channel_hash = $channel['channel_hash'];
     //				$auth->channel_account_id = $channel['channel_account_id'];
     //				if($channel['channel_timezone'])
     //					$auth->setTimezone($channel['channel_timezone']);
     //			}
     //			$auth->observer = $ob_hash;
     //		}
     //		if ($_GET['davguest'])
     //			$_SESSION['davguest'] = true;
     //		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
     //		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
     //		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
     //
     //		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
     //		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
     //		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
     $rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
     // A SabreDAV server-object
     $server = new SDAV\Server($rootDirectory);
     $authPlugin = new \Sabre\DAV\Auth\Plugin($auth);
     $server->addPlugin($authPlugin);
     // prevent overwriting changes each other with a lock backend
     $lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
     $lockPlugin = new SDAV\Locks\Plugin($lockBackend);
     $server->addPlugin($lockPlugin);
     // The next section of code allows us to bypass prompting for http-auth if a
     // FILE is being accessed anonymously and permissions allow this. This way
     // one can create hotlinks to public media files in their cloud and anonymous
     // viewers won't get asked to login.
     // If a DIRECTORY is accessed or there are permission issues accessing the
     // file and we aren't previously authenticated via zot, prompt for HTTP-auth.
     // This will be the default case for mounting a DAV directory.
     // In order to avoid prompting for passwords for viewing a DIRECTORY, add
     // the URL query parameter 'davguest=1'.
     //		$isapublic_file = false;
     //		$davguest = ((x($_SESSION, 'davguest')) ? true : false);
     //		if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
     //			try {
     //				$x = RedFileData('/' . \App::$cmd, $auth);
     //				if($x instanceof \Zotlabs\Storage\File)
     //					$isapublic_file = true;
     //			}
     //			catch (Exception $e) {
     //				$isapublic_file = false;
     //			}
     //		}
     //		if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
     //			try {
     //				$auth->Authenticate($server, t('$Projectname channel'));
     //			}
     //			catch (Exception $e) {
     //				logger('mod_cloud: auth exception' . $e->getMessage());
     //				http_status_exit($e->getHTTPCode(), $e->getMessage());
     //			}
     //		}
     //	require_once('Zotlabs/Storage/Browser.php');
     // provide a directory view for the cloud in Hubzilla
     $browser = new \Zotlabs\Storage\Browser($auth);
     $auth->setBrowserPlugin($browser);
     // Experimental QuotaPlugin
     //	require_once('Zotlabs/Storage/QuotaPlugin.php');
     //	$server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
     // All we need to do now, is to fire up the server
     $server->exec();
     killme();
 }