function search_ac_init(&$a)
{
if (!local_channel()) {
killme();
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel()));
$results = array();
if ($r) {
foreach ($r as $g) {
$results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => '');
}
}
$r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
if (count($r)) {
foreach ($r as $g) {
$results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => '');
}
}
header("content-type: application/json");
$o = array('start' => $start, 'count' => $count, 'items' => $results);
echo json_encode($o);
logger('search_ac: ' . print_r($x, true));
killme();
}
function chatroom_destroy($channel, $arr)
{
$ret = array('success' => false);
if (intval($arr['cr_id'])) {
$sql_extra = " and cr_id = " . intval($arr['cr_id']) . " ";
} elseif (trim($arr['cr_name'])) {
$sql_extra = " and cr_name = '" . protect_sprintf(dbesc(trim($arr['cr_name']))) . "' ";
} else {
$ret['message'] = t('Invalid room specifier.');
return $ret;
}
$r = q("select * from chatroom where cr_uid = %d {$sql_extra} limit 1", intval($channel['channel_id']));
if (!$r) {
$ret['message'] = t('Invalid room specifier.');
return $ret;
}
build_sync_packet($channel['channel_id'], array('chatroom' => $r));
q("delete from chatroom where cr_id = %d", intval($r[0]['cr_id']));
if ($r[0]['cr_id']) {
q("delete from chatpresence where cp_room = %d", intval($r[0]['cr_id']));
q("delete from chat where chat_room = %d", intval($r[0]['cr_id']));
}
$ret['success'] = true;
return $ret;
}
function term_query($table, $s, $type = TERM_UNKNOWN, $type2 = '')
{
if ($type2) {
return sprintf(" AND " . ($table ? dbesc($table) . '.' : '') . "id in (select term.oid from term where term.type in (%d, %d) and term.term = '%s' and term.uid = " . ($table ? dbesc($table) . '.' : '') . "uid ) ", intval($type), intval($type2), protect_sprintf(dbesc($s)));
} else {
return sprintf(" AND " . ($table ? dbesc($table) . '.' : '') . "id in (select term.oid from term where term.type = %d and term.term = '%s' and term.uid = " . ($table ? dbesc($table) . '.' : '') . "uid ) ", intval($type), protect_sprintf(dbesc($s)));
}
}
function menu_list_count($channel_id, $name = '', $flags = 0)
{
$sel_options = '';
$sel_options .= $name ? " and menu_name = '" . protect_sprintf(dbesc($name)) . "' " : '';
$sel_options .= $flags ? " and menu_flags = " . intval($flags) . " " : '';
$r = q("select count(*) as total from menu where menu_channel_id = %d {$sel_options}", intval($channel_id));
return $r[0]['total'];
}
/**
* If $flags is present, check that all the bits in $flags are set
* so that MENU_SYSTEM|MENU_BOOKMARK will return entries with both
* bits set. We will use this to find system generated bookmarks.
*/
function menu_list($channel_id, $name = '', $flags = 0)
{
$sel_options = '';
$sel_options .= $name ? " and menu_name = '" . protect_sprintf(dbesc($name)) . "' " : '';
$sel_options .= $flags ? " and menu_flags = " . intval($flags) . " " : '';
$r = q("select * from menu where menu_channel_id = %d {$sel_options} order by menu_desc", intval($channel_id));
return $r;
}
function sync_directories($dirmode)
{
if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL) {
return;
}
$realm = get_directory_realm();
if ($realm == DIRECTORY_REALM) {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and ( site_realm = '%s' or site_realm = '') ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc($realm));
} else {
$r = q("select * from site where (site_flags & %d) and site_url != '%s' and site_realm like '%s' ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc(protect_sprintf('%' . $realm . '%')));
}
// If there are no directory servers, setup the fallback master
// FIXME - what to do if we're in a different realm?
if (!$r && z_root() != DIRECTORY_FALLBACK_MASTER) {
$r = array('site_url' => DIRECTORY_FALLBACK_MASTER, 'site_flags' => DIRECTORY_MODE_PRIMARY, 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', 'site_realm' => DIRECTORY_REALM);
$x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm )\n\t\t\tvalues ( '%s', %d', '%s', '%s', '%s' ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), dbesc($r[0]['site_realm']));
$r = q("select * from site where (site_flags & %d) and site_url != '%s'", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()));
}
if (!$r) {
return;
}
foreach ($r as $rr) {
if (!$rr['site_directory']) {
continue;
}
logger('sync directories: ' . $rr['site_directory']);
// for brand new directory servers, only load the last couple of days. Everything before that will be repeats.
$syncdate = $rr['site_sync'] === NULL_DATE ? datetime_convert('UTC', 'UTC', 'now - 2 days') : $rr['site_sync'];
$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate));
if (!$x['success']) {
continue;
}
$j = json_decode($x['body'], true);
if (!$j['transactions'] || !is_array($j['transactions'])) {
continue;
}
q("update site set site_sync = '%s' where site_url = '%s' limit 1", dbesc(datetime_convert()), dbesc($rr['site_url']));
logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j, true), LOGGER_DATA);
if (count($j['transactions'])) {
foreach ($j['transactions'] as $t) {
$r = q("select * from updates where ud_guid = '%s' limit 1", dbesc($t['transaction_id']));
if ($r) {
continue;
}
$ud_flags = 0;
if (is_array($t['flags']) && in_array('deleted', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_DELETED;
}
if (is_array($t['flags']) && in_array('forced', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_FORCED;
}
$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )\n\t\t\t\t\tvalues ( '%s', '%s', '%s', %d, '%s' ) ", dbesc($t['hash']), dbesc($t['transaction_id']), dbesc($t['timestamp']), intval($ud_flags), dbesc($t['address']));
}
}
}
}
function init()
{
if (!local_channel()) {
killme();
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
$do_people = true;
$do_tags = true;
if (substr($search, 0, 1) === '@') {
$do_tags = false;
$search = substr($search, 1);
}
if (substr($search, 0, 1) === '#') {
$do_people = false;
$search = substr($search, 1);
}
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND xchan_name LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$results = [];
if ($do_people) {
$r = q("SELECT abook_id, xchan_name, xchan_photo_s, xchan_url, xchan_addr FROM abook \n\t\t\t\tleft join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t\t\t{$people_sql_extra}\n\t\t\t\tORDER BY xchan_name ASC ", intval(local_channel()));
if ($r) {
foreach ($r as $g) {
$results[] = ['photo' => $g['xchan_photo_s'], 'name' => '@' . $g['xchan_name'], 'id' => $g['abook_id'], 'link' => $g['xchan_url'], 'label' => '', 'nick' => ''];
}
}
}
if ($do_tags) {
$r = q("select distinct term, tid, url from term \n\t\t\t\twhere ttype in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
if ($r) {
foreach ($r as $g) {
$results[] = ['photo' => z_root() . '/images/hashtag.png', 'name' => '#' . $g['term'], 'id' => $g['tid'], 'link' => $g['url'], 'label' => '', 'nick' => ''];
}
}
}
header("content-type: application/json");
$o = array('start' => $start, 'count' => $count, 'items' => $results);
echo json_encode($o);
logger('search_ac: ' . print_r($x, true), LOGGER_DATA, LOG_INFO);
killme();
}
function search_ac_init(&$a)
{
if (!local_user()) {
return "";
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
$sql_extra = '';
$x = array();
$x['query'] = $search;
$x['photos'] = array();
$x['links'] = array();
$x['suggestions'] = array();
$x['data'] = array();
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_user()));
if ($r) {
foreach ($r as $g) {
$x['photos'][] = $g['xchan_photo_s'];
$x['links'][] = $g['xchan_url'];
$x['suggestions'][] = '@' . $g['xchan_name'];
$x['data'][] = 'cid=' . intval($g['abook_id']);
}
}
$r = q("select distinct term, tid, url from term where type = %d {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG));
if (count($r)) {
foreach ($r as $g) {
$x['photos'][] = $a->get_baseurl() . '/images/hashtag.png';
$x['links'][] = $g['url'];
$x['suggestions'][] = '#' . $g['term'];
$x['data'][] = intval($g['tid']);
}
}
header("content-type: application/json");
echo json_encode($x);
logger('search_ac: ' . print_r($x, true));
killme();
}
function get($update = 0, $load = false)
{
if (!local_channel()) {
$_SESSION['return_url'] = \App::$query_string;
return login(false);
}
if ($load) {
$_SESSION['loadtime'] = datetime_convert();
}
$arr = array('query' => \App::$query_string);
call_hooks('network_content_init', $arr);
$channel = \App::get_channel();
$item_normal = item_normal();
$datequery = $datequery2 = '';
$group = 0;
$nouveau = false;
$datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : '';
$datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : '';
$nouveau = x($_GET, 'new') ? intval($_GET['new']) : 0;
$gid = x($_GET, 'gid') ? intval($_GET['gid']) : 0;
$category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : '';
$hashtags = x($_REQUEST, 'tag') ? $_REQUEST['tag'] : '';
$verb = x($_REQUEST, 'verb') ? $_REQUEST['verb'] : '';
$search = $_GET['search'] ? $_GET['search'] : '';
if ($search) {
if (strpos($search, '@') === 0) {
$r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", dbesc(substr($search, 1)), intval(local_channel()));
if ($r) {
$_GET['cid'] = $r[0]['abook_id'];
$search = $_GET['search'] = '';
}
} elseif (strpos($search, '#') === 0) {
$hashtags = substr($search, 1);
$search = $_GET['search'] = '';
}
}
if ($datequery) {
$_GET['order'] = 'post';
}
// filter by collection (e.g. group)
if ($gid) {
$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1", intval($gid), intval(local_channel()));
if (!$r) {
if ($update) {
killme();
}
notice(t('No such group') . EOL);
goaway(z_root() . '/network');
// NOTREACHED
}
$group = $gid;
$group_hash = $r[0]['hash'];
$def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>');
}
$o = '';
// if no tabs are selected, defaults to comments
$cid = x($_GET, 'cid') ? intval($_GET['cid']) : 0;
$star = x($_GET, 'star') ? intval($_GET['star']) : 0;
$order = x($_GET, 'order') ? notags($_GET['order']) : 'comment';
$liked = x($_GET, 'liked') ? intval($_GET['liked']) : 0;
$conv = x($_GET, 'conv') ? intval($_GET['conv']) : 0;
$spam = x($_GET, 'spam') ? intval($_GET['spam']) : 0;
$cmin = x($_GET, 'cmin') ? intval($_GET['cmin']) : 0;
$cmax = x($_GET, 'cmax') ? intval($_GET['cmax']) : 99;
$firehose = x($_GET, 'fh') ? intval($_GET['fh']) : 0;
$file = x($_GET, 'file') ? $_GET['file'] : '';
$deftag = '';
if (x($_GET, 'search') || x($_GET, 'file')) {
$nouveau = true;
}
if ($cid) {
$r = q("SELECT abook_xchan FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($cid), intval(local_channel()));
if (!$r) {
if ($update) {
killme();
}
notice(t('No such channel') . EOL);
goaway(z_root() . '/network');
// NOTREACHED
}
if ($_GET['pf'] === '1') {
$deftag = '@' . t('forum') . '+' . intval($cid) . '+';
} else {
$def_acl = array('allow_cid' => '<' . $r[0]['abook_xchan'] . '>');
}
}
if (!$update) {
$tabs = network_tabs();
$o .= $tabs;
// search terms header
if ($search) {
$o .= replace_macros(get_markup_template("section_title.tpl"), array('$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8')));
}
nav_set_selected('network');
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
$private_editing = ($group || $cid) && !intval($_GET['pf']) ? true : false;
$x = array('is_owner' => true, 'allow_location' => intval(get_pconfig($channel['channel_id'], 'system', 'use_browser_location')) ? '1' : '', 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => $private_editing || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'acl' => populate_acl($private_editing ? $def_acl : $channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'bang' => $private_editing ? '!' : '', 'visitor' => true, 'profile_uid' => local_channel(), 'editor_autocomplete' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true);
if ($deftag) {
$x['pretext'] = $deftag;
}
$status_editor = status_editor($a, $x);
$o .= $status_editor;
}
// We don't have to deal with ACL's on this page. You're looking at everything
// that belongs to you, hence you can see all of it. We will filter by group if
// desired.
$sql_options = $star ? " and item_starred = 1 " : '';
$sql_nets = '';
$sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE item_thread_top = 1 {$sql_options} ) ";
if ($group) {
$contact_str = '';
$contacts = group_get_members($group);
if ($contacts) {
foreach ($contacts as $c) {
if ($contact_str) {
$contact_str .= ',';
}
$contact_str .= "'" . $c['xchan'] . "'";
}
} else {
$contact_str = ' 0 ';
info(t('Privacy group is empty'));
}
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND (( author_xchan IN ( {$contact_str} ) OR owner_xchan in ( {$contact_str} )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent {$item_normal} ) ";
$x = group_rec_byhash(local_channel(), $group_hash);
if ($x) {
$title = replace_macros(get_markup_template("section_title.tpl"), array('$title' => t('Privacy group: ') . $x['name']));
}
$o = $tabs;
$o .= $title;
$o .= $status_editor;
} elseif ($cid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1", intval($cid), intval(local_channel()));
if ($r) {
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) {$item_normal} ) ";
$title = replace_macros(get_markup_template("section_title.tpl"), array('$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s']) . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>'));
$o = $tabs;
$o .= $title;
$o .= $status_editor;
} else {
notice(t('Invalid connection.') . EOL);
goaway(z_root() . '/network');
}
}
if (x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if (x($hashtags)) {
$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
}
if (!$update) {
// The special div is needed for liveUpdate to kick in for this page.
// We only launch liveUpdate if you aren't filtering in some incompatible
// way and also you aren't writing a comment (discovered in javascript).
if ($gid || $cid || $cmin || $cmax != 99 || $star || $liked || $conv || $spam || $nouveau || $list) {
$firehose = 0;
}
$maxheight = get_pconfig(local_channel(), 'system', 'network_divmore_height');
if (!$maxheight) {
$maxheight = 400;
}
$o .= '<div id="live-network"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . local_channel() . "; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'network', '$uid' => local_channel() ? local_channel() : '0', '$gid' => $gid ? $gid : '0', '$cid' => $cid ? $cid : '0', '$cmin' => $cmin ? $cmin : '0', '$cmax' => $cmax ? $cmax : '0', '$star' => $star ? $star : '0', '$liked' => $liked ? $liked : '0', '$conv' => $conv ? $conv : '0', '$spam' => $spam ? $spam : '0', '$fh' => $firehose ? $firehose : '0', '$nouveau' => $nouveau ? $nouveau : '0', '$wall' => '0', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$page' => \App::$pager['page'] != 1 ? \App::$pager['page'] : 1, '$search' => $search ? $search : '', '$order' => $order, '$file' => $file, '$cats' => $category, '$tags' => $hashtags, '$dend' => $datequery, '$mid' => '', '$verb' => $verb, '$dbegin' => $datequery2));
}
$sql_extra3 = '';
if ($datequery) {
$sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
$sql_extra2 = $nouveau ? '' : " AND item.parent = item.id ";
$sql_extra3 = $nouveau ? '' : $sql_extra3;
if (x($_GET, 'search')) {
$search = escape_tags($_GET['search']);
if (strpos($search, '#') === 0) {
$sql_extra .= term_query('item', substr($search, 1), TERM_HASHTAG, TERM_COMMUNITYTAG);
} else {
$sql_extra .= sprintf(" AND item.body like '%s' ", dbesc(protect_sprintf('%' . $search . '%')));
}
}
if ($verb) {
$sql_extra .= sprintf(" AND item.verb like '%s' ", dbesc(protect_sprintf('%' . $verb . '%')));
}
if (strlen($file)) {
$sql_extra .= term_query('item', $file, TERM_FILE);
}
if ($conv) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ", dbesc(protect_sprintf($channel['channel_hash'])));
}
if ($update && !$load) {
// only setup pagination on initial page view
$pager_sql = '';
} else {
$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
\App::set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
}
if ($cmin != 0 || $cmax != 99) {
// Not everybody who shows up in the network stream will be in your address book.
// By default those that aren't are assumed to have closeness = 99; but this isn't
// recorded anywhere. So if cmax is 99, we'll open the search up to anybody in
// the stream with a NULL address book entry.
$sql_nets .= " AND ";
if ($cmax == 99) {
$sql_nets .= " ( ";
}
$sql_nets .= "( abook.abook_closeness >= " . intval($cmin) . " ";
$sql_nets .= " AND abook.abook_closeness <= " . intval($cmax) . " ) ";
if ($cmax == 99) {
$sql_nets .= " OR abook.abook_closeness IS NULL ) ";
}
}
$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
if ($firehose && !get_config('system', 'disable_discover_tab')) {
require_once 'include/identity.php';
$sys = get_sys_channel();
$uids = " and item.uid = " . intval($sys['channel_id']) . " ";
\App::$data['firehose'] = intval($sys['channel_id']);
} else {
$uids = " and item.uid = " . local_channel() . " ";
}
if (get_pconfig(local_channel(), 'system', 'network_list_mode')) {
$page_mode = 'list';
} else {
$page_mode = 'client';
}
$simple_update = $update ? " and item_unseen = 1 " : '';
// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
// or three and look at your matrix page - after opening up your browser. The first page loads just as it
// should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page
// (before the page 1 content). The update code is actually doing just what it's supposed
// to, it's fetching posts that have the ITEM_UNSEEN bit set. But the reason that page 2 content is being
// returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything
// that we loaded for page 1 is now marked as seen. But the stuff on page 2 hasn't been. So... it's being
// treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content
// which "arrived as you were reading page 1". We're going to do this
// by storing in your session the current UTC time whenever you LOAD a network page, and only UPDATE items
// which are both ITEM_UNSEEN and have "changed" since that time. Cross fingers...
if ($update && $_SESSION['loadtime']) {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) ";
}
if ($load) {
$simple_update = '';
}
if ($nouveau && $load) {
// "New Item View" - show all items unthreaded in reverse created date order
$items = q("SELECT item.*, item.id AS item_id, received FROM item\n\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t{$simple_update}\n\t\t\t\t{$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY item.received DESC {$pager_sql} ");
require_once 'include/items.php';
xchan_query($items);
$items = fetch_post_tags($items, true);
} elseif ($update) {
// Normal conversation view
if ($order === 'post') {
$ordering = "created";
} else {
$ordering = "commented";
}
if ($load) {
// Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id, {$ordering} FROM item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\t\tAND item.parent = item.id\n\t\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets}\n\t\t\t\t\tORDER BY {$ordering} DESC {$pager_sql} ");
} else {
// this is an update
$r = q("SELECT item.parent AS item_id FROM item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE true {$uids} {$item_normal} {$simple_update}\n\t\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets} ");
$_SESSION['loadtime'] = datetime_convert();
}
// Then fetch all the children of the parents that are on this page
$parents_str = '';
$update_unseen = '';
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\t\tAND item.parent IN ( %s )\n\t\t\t\t\t{$sql_extra} ", dbesc($parents_str));
xchan_query($items, true, $firehose ? local_channel() : 0);
$items = fetch_post_tags($items, true);
$items = conv_sort($items, $ordering);
} else {
$items = array();
}
if ($page_mode === 'list') {
/**
* in "list mode", only mark the parent item and any like activities as "seen".
* We won't distinguish between comment likes and post likes. The important thing
* is that the number of unseen comments will be accurate. The SQL to separate the
* comment likes could also get somewhat hairy.
*/
if ($parents_str) {
$update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )";
$update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) ";
}
} else {
if ($parents_str) {
$update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )";
}
}
}
if ($update_unseen && !$firehose) {
$r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d {$update_unseen} ", intval(local_channel()));
}
$mode = $nouveau ? 'network-new' : 'network';
$o .= conversation($a, $items, $mode, $update, $page_mode);
if ($items && !$update) {
$o .= alt_pager($a, count($items));
}
return $o;
}
function xchan_query(&$items, $abook = true, $effective_uid = 0)
{
$arr = array();
if ($items && count($items)) {
if ($effective_uid) {
for ($x = 0; $x < count($items); $x++) {
$items[$x]['real_uid'] = $items[$x]['uid'];
$items[$x]['uid'] = $effective_uid;
}
}
foreach ($items as $item) {
if ($item['owner_xchan'] && !in_array($item['owner_xchan'], $arr)) {
$arr[] = "'" . dbesc($item['owner_xchan']) . "'";
}
if ($item['author_xchan'] && !in_array($item['author_xchan'], $arr)) {
$arr[] = "'" . dbesc($item['author_xchan']) . "'";
}
}
}
if (count($arr)) {
if ($abook) {
$chans = q("select * from xchan left join hubloc on hubloc_hash = xchan_hash left join abook on abook_xchan = xchan_hash and abook_channel = %d\n\t\t\t\twhere xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1", intval($item['uid']));
} else {
$chans = q("select xchan.*,hubloc.* from xchan left join hubloc on hubloc_hash = xchan_hash\n\t\t\t\twhere xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and hubloc_primary = 1");
}
$xchans = q("select * from xchan where xchan_hash in (" . protect_sprintf(implode(',', $arr)) . ") and xchan_network in ('rss','unknown')");
if (!$chans) {
$chans = $xchans;
} else {
$chans = array_merge($xchans, $chans);
}
}
if ($items && count($items) && $chans && count($chans)) {
for ($x = 0; $x < count($items); $x++) {
$items[$x]['owner'] = find_xchan_in_array($items[$x]['owner_xchan'], $chans);
$items[$x]['author'] = find_xchan_in_array($items[$x]['author_xchan'], $chans);
}
}
}
function get($update = 0, $load = false)
{
if ($load) {
$_SESSION['loadtime'] = datetime_convert();
}
$checkjs = new \Zotlabs\Web\CheckJS(1);
$category = $datequery = $datequery2 = '';
$mid = x($_REQUEST, 'mid') ? $_REQUEST['mid'] : '';
$datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : '';
$datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : '';
if (observer_prohibited(true)) {
return login();
}
$category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : '';
$hashtags = x($_REQUEST, 'tag') ? $_REQUEST['tag'] : '';
$groups = array();
$o = '';
if ($update) {
// Ensure we've got a profile owner if updating.
\App::$profile['profile_uid'] = \App::$profile_uid = $update;
} else {
if (\App::$profile['profile_uid'] == local_channel()) {
nav_set_selected('home');
}
}
$is_owner = local_channel() && \App::$profile['profile_uid'] == local_channel() ? true : false;
$channel = \App::get_channel();
$observer = \App::get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms(\App::$profile['profile_uid'], $ob_hash);
if (!$perms['view_stream']) {
// We may want to make the target of this redirect configurable
if ($perms['view_profile']) {
notice(t('Insufficient permissions. Request redirected to profile page.') . EOL);
goaway(z_root() . "/profile/" . \App::$profile['channel_address']);
}
notice(t('Permission denied.') . EOL);
return;
}
if (!$update) {
$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
if ($channel && $is_owner) {
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
} else {
$channel_acl = array();
}
if ($perms['post_wall']) {
$x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig(\App::$profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? \App::$profile['channel_location'] : '', 'nickname' => \App::$profile['channel_address'], 'lockstate' => strlen(\App::$profile['channel_allow_cid']) || strlen(\App::$profile['channel_allow_gid']) || strlen(\App::$profile['channel_deny_cid']) || strlen(\App::$profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => \App::$profile['profile_uid'], 'editor_autocomplete' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true);
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$item_normal = item_normal();
$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
if (get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_list_mode') && !$mid) {
$page_mode = 'list';
} else {
$page_mode = 'client';
}
$abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " ";
$simple_update = $update ? " AND item_unseen = 1 " : '';
\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
if ($update && $_SESSION['loadtime']) {
$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) ";
}
if ($load) {
$simple_update = '';
}
if ($update && !$load) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 AND item_unseen = 1 {$sql_extra} limit 1", dbesc($mid . '%'), intval(\App::$profile['profile_uid']));
} else {
$r = q("SELECT distinct parent AS `item_id`, created from item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\tAND item_wall = 1 {$simple_update}\n\t\t\t\t\tAND (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tORDER BY created DESC", intval(\App::$profile['profile_uid']));
$_SESSION['loadtime'] = datetime_convert();
}
} else {
if (x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if (x($hashtags)) {
$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
\App::set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
if ($load || $checkjs->disabled()) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 {$sql_extra} limit 1", dbesc($mid), intval(\App::$profile['profile_uid']));
if (!$r) {
notice(t('Permission denied.') . EOL);
}
} else {
$r = q("SELECT distinct id AS item_id, created FROM item \n\t\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\t\tWHERE uid = %d {$item_normal}\n\t\t\t\t\t\tAND item_wall = 1 and item_thread_top = 1\n\t\t\t\t\t\tAND (abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval(\App::$profile['profile_uid']));
}
} else {
$r = array();
}
}
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\t\tFROM `item`\n\t\t\t\tWHERE `item`.`uid` = %d {$item_normal}\n\t\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t\t{$sql_extra} ", intval(\App::$profile['profile_uid']), dbesc($parents_str));
xchan_query($items);
$items = fetch_post_tags($items, true);
$items = conv_sort($items, 'created');
if ($load && $mid && !count($items)) {
// This will happen if we don't have sufficient permissions
// to view the parent item (or the item itself if it is toplevel)
notice(t('Permission denied.') . EOL);
}
} else {
$items = array();
}
if (!$update && !$load) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
$maxheight = get_pconfig(\App::$profile['profile_uid'], 'system', 'channel_divmore_height');
if (!$maxheight) {
$maxheight = 400;
}
$o .= '<div id="live-channel"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => \App::$profile['profile_uid'] ? \App::$profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => \App::$pager['page'] != 1 ? \App::$pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$tags' => $hashtags ? $hashtags : '', '$mid' => $mid, '$verb' => '', '$dend' => $datequery, '$dbegin' => $datequery2));
}
$update_unseen = '';
if ($page_mode === 'list') {
/**
* in "list mode", only mark the parent item and any like activities as "seen".
* We won't distinguish between comment likes and post likes. The important thing
* is that the number of unseen comments will be accurate. The SQL to separate the
* comment likes could also get somewhat hairy.
*/
if ($parents_str) {
$update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )";
$update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) ";
}
} else {
if ($parents_str) {
$update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )";
}
}
if ($is_owner && $update_unseen) {
$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d {$update_unseen}", intval(local_channel()));
}
if ($checkjs->disabled()) {
$o .= conversation($a, $items, 'channel', $update, 'traditional');
} else {
$o .= conversation($a, $items, 'channel', $update, $page_mode);
}
if (!$update || $checkjs->disabled()) {
$o .= alt_pager($a, count($items));
if ($mid && $items[0]['title']) {
\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
}
}
if ($mid) {
$o .= '<div id="content-complete"></div>';
}
return $o;
}
function contacts_content(&$a)
{
$sort_type = 0;
$o = '';
nav_set_selected('contacts');
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
if ($a->argc == 3) {
$contact_id = intval($a->argv[1]);
if (!$contact_id) {
return;
}
$cmd = $a->argv[2];
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", intval($contact_id), intval(local_user()));
if (!count($orig_record)) {
notice(t('Could not access contact record.') . EOL);
goaway($a->get_baseurl(true) . '/contacts');
return;
// NOTREACHED
}
if ($cmd === 'update') {
_contact_update($contact_id);
goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
// NOTREACHED
}
if ($cmd === 'updateprofile') {
_contact_update_profile($contact_id);
goaway($a->get_baseurl(true) . '/crepair/' . $contact_id);
// NOTREACHED
}
if ($cmd === 'block') {
$r = _contact_block($contact_id, $orig_record[0]);
if ($r) {
$blocked = $orig_record[0]['blocked'] ? 0 : 1;
info(($blocked ? t('Contact has been blocked') : t('Contact has been unblocked')) . EOL);
}
goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return;
// NOTREACHED
}
if ($cmd === 'ignore') {
$r = _contact_ignore($contact_id, $orig_record[0]);
if ($r) {
$readonly = $orig_record[0]['readonly'] ? 0 : 1;
info(($readonly ? t('Contact has been ignored') : t('Contact has been unignored')) . EOL);
}
goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return;
// NOTREACHED
}
if ($cmd === 'archive') {
$r = _contact_archive($contact_id, $orig_record[0]);
if ($r) {
$archived = $orig_record[0]['archive'] ? 0 : 1;
info(($archived ? t('Contact has been archived') : t('Contact has been unarchived')) . EOL);
}
goaway($a->get_baseurl(true) . '/contacts/' . $contact_id);
return;
// NOTREACHED
}
if ($cmd === 'drop') {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
// <form> can't take arguments in its "action" parameter
// so add any arguments as hidden inputs
$query = explode_querystring($a->query_string);
$inputs = array();
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
}
}
$a->page['aside'] = '';
return replace_macros(get_markup_template('contact_drop_confirm.tpl'), array('$contact' => _contact_detail_for_template($orig_record[0]), '$method' => 'get', '$message' => t('Do you really want to delete this contact?'), '$extra_inputs' => $inputs, '$confirm' => t('Yes'), '$confirm_url' => $query['base'], '$confirm_name' => 'confirmed', '$cancel' => t('Cancel')));
}
// Now check how the user responded to the confirmation query
if ($_REQUEST['canceled']) {
if (x($_SESSION, 'return_url')) {
goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
} else {
goaway($a->get_baseurl(true) . '/contacts');
}
}
_contact_drop($contact_id, $orig_record[0]);
info(t('Contact has been removed.') . EOL);
if (x($_SESSION, 'return_url')) {
goaway($a->get_baseurl(true) . '/' . $_SESSION['return_url']);
} else {
goaway($a->get_baseurl(true) . '/contacts');
}
return;
// NOTREACHED
}
}
$_SESSION['return_url'] = $a->query_string;
if (x($a->data, 'contact') && is_array($a->data['contact'])) {
$contact_id = $a->data['contact']['id'];
$contact = $a->data['contact'];
$editselect = 'none';
if (feature_enabled(local_user(), 'richtext')) {
$editselect = 'exact';
}
$a->page['htmlhead'] .= replace_macros(get_markup_template('contact_head.tpl'), array('$baseurl' => $a->get_baseurl(true), '$editselect' => $editselect));
$a->page['end'] .= replace_macros(get_markup_template('contact_end.tpl'), array('$baseurl' => $a->get_baseurl(true), '$editselect' => $editselect));
require_once 'include/contact_selectors.php';
$tpl = get_markup_template("contact_edit.tpl");
switch ($contact['rel']) {
case CONTACT_IS_FRIEND:
$dir_icon = 'images/lrarrow.gif';
$relation_text = t('You are mutual friends with %s');
break;
case CONTACT_IS_FOLLOWER:
$dir_icon = 'images/larrow.gif';
$relation_text = t('You are sharing with %s');
break;
case CONTACT_IS_SHARING:
$dir_icon = 'images/rarrow.gif';
$relation_text = t('%s is sharing with you');
break;
default:
break;
}
if (!in_array($contact['network'], array(NETWORK_DFRN, NETWORK_OSTATUS, NETWORK_DIASPORA))) {
$relation_text = "";
}
$relation_text = sprintf($relation_text, $contact['name']);
if ($contact['network'] === NETWORK_DFRN && $contact['rel']) {
$url = "redir/{$contact['id']}";
$sparkle = ' class="sparkle" ';
} else {
$url = $contact['url'];
$sparkle = '';
}
$insecure = t('Private communications are not available for this contact.');
$last_update = $contact['last-update'] == '0000-00-00 00:00:00' ? t('Never') : datetime_convert('UTC', date_default_timezone_get(), $contact['last-update'], 'D, j M Y, g:i A');
if ($contact['last-update'] !== '0000-00-00 00:00:00') {
$last_update .= ' ' . ($contact['last-update'] <= $contact['success_update'] ? t("(Update was successful)") : t("(Update was not successful)"));
}
$lblsuggest = $contact['network'] === NETWORK_DFRN ? t('Suggest friends') : '';
$poll_enabled = in_array($contact['network'], array(NETWORK_DFRN, NETWORK_OSTATUS, NETWORK_FEED, NETWORK_MAIL, NETWORK_MAIL2));
$nettype = sprintf(t('Network type: %s'), network_to_name($contact['network']));
$common = count_common_friends(local_user(), $contact['id']);
$common_text = $common ? sprintf(tt('%d contact in common', '%d contacts in common', $common), $common) : '';
$polling = $contact['network'] === NETWORK_MAIL | $contact['network'] === NETWORK_FEED ? 'polling' : '';
$x = count_all_friends(local_user(), $contact['id']);
$all_friends = $x ? t('View all contacts') : '';
// tabs
$tabs = array(array('label' => $contact['blocked'] ? t('Unblock') : t('Block'), 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/block', 'sel' => '', 'title' => t('Toggle Blocked status')), array('label' => $contact['readonly'] ? t('Unignore') : t('Ignore'), 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/ignore', 'sel' => '', 'title' => t('Toggle Ignored status')), array('label' => $contact['archive'] ? t('Unarchive') : t('Archive'), 'url' => $a->get_baseurl(true) . '/contacts/' . $contact_id . '/archive', 'sel' => '', 'title' => t('Toggle Archive status')), array('label' => t('Repair'), 'url' => $a->get_baseurl(true) . '/crepair/' . $contact_id, 'sel' => '', 'title' => t('Advanced Contact Settings')));
$tab_tpl = get_markup_template('common_tabs.tpl');
$tab_str = replace_macros($tab_tpl, array('$tabs' => $tabs));
$lost_contact = $contact['archive'] && $contact['term-date'] != '0000-00-00 00:00:00' && $contact['term-date'] < datetime_convert('', '', 'now') ? t('Communications lost with this contact!') : '';
if ($contact['network'] == NETWORK_FEED) {
$fetch_further_information = array('fetch_further_information', t('Fetch further information for feeds'), $contact['fetch_further_information'], t('Fetch further information for feeds'), array('0' => t('Disabled'), '1' => t('Fetch information'), '2' => t('Fetch information and keywords')));
}
if (in_array($contact['network'], array(NETWORK_FEED, NETWORK_MAIL, NETWORK_MAIL2))) {
$poll_interval = contact_poll_interval($contact['priority'], !$poll_enabled);
}
if ($contact['network'] == NETWORK_DFRN) {
$profile_select = contact_profile_assign($contact['profile-id'], $contact['network'] !== NETWORK_DFRN ? true : false);
}
$o .= replace_macros($tpl, array('$header' => t('Contact Editor'), '$tab_str' => $tab_str, '$submit' => t('Submit'), '$lbl_vis1' => t('Profile Visibility'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['name']), '$lbl_info1' => t('Contact Information / Notes'), '$infedit' => t('Edit contact notes'), '$common_text' => $common_text, '$common_link' => $a->get_baseurl(true) . '/common/loc/' . local_user() . '/' . $contact['id'], '$all_friends' => $all_friends, '$relation_text' => $relation_text, '$visit' => sprintf(t('Visit %s\'s profile [%s]'), $contact['name'], $contact['url']), '$blockunblock' => t('Block/Unblock contact'), '$ignorecont' => t('Ignore contact'), '$lblcrepair' => t("Repair URL settings"), '$lblrecent' => t('View conversations'), '$lblsuggest' => $lblsuggest, '$delete' => t('Delete contact'), '$nettype' => $nettype, '$poll_interval' => $poll_interval, '$poll_enabled' => $poll_enabled, '$lastupdtext' => t('Last update:'), '$lost_contact' => $lost_contact, '$updpub' => t('Update public posts'), '$last_update' => $last_update, '$udnow' => t('Update now'), '$profile_select' => $profile_select, '$contact_id' => $contact['id'], '$block_text' => $contact['blocked'] ? t('Unblock') : t('Block'), '$ignore_text' => $contact['readonly'] ? t('Unignore') : t('Ignore'), '$insecure' => $contact['network'] !== NETWORK_DFRN && $contact['network'] !== NETWORK_MAIL && $contact['network'] !== NETWORK_FACEBOOK && $contact['network'] !== NETWORK_DIASPORA ? $insecure : '', '$info' => $contact['info'], '$blocked' => $contact['blocked'] ? t('Currently blocked') : '', '$ignored' => $contact['readonly'] ? t('Currently ignored') : '', '$archived' => $contact['archive'] ? t('Currently archived') : '', '$hidden' => array('hidden', t('Hide this contact from others'), $contact['hidden'] == 1, t('Replies/likes to your public posts <strong>may</strong> still be visible')), '$notify' => array('notify', t('Notification for new posts'), $contact['notify_new_posts'] == 1, t('Send a notification of every new post of this contact')), '$fetch_further_information' => $fetch_further_information, '$ffi_keyword_blacklist' => $contact['ffi_keyword_blacklist'], '$ffi_keyword_blacklist' => array('ffi_keyword_blacklist', t('Blacklisted keywords'), $contact['ffi_keyword_blacklist'], t('Comma separated list of keywords that should not be converted to hashtags, when "Fetch information and keywords" is selected')), '$photo' => $contact['photo'], '$name' => $contact['name'], '$dir_icon' => $dir_icon, '$alt_text' => $alt_text, '$sparkle' => $sparkle, '$url' => $url));
$arr = array('contact' => $contact, 'output' => $o);
call_hooks('contact_edit', $arr);
return $arr['output'];
}
$blocked = false;
$hidden = false;
$ignored = false;
$all = false;
if ($a->argc == 2 && $a->argv[1] === 'all') {
$sql_extra = '';
$all = true;
} elseif ($a->argc == 2 && $a->argv[1] === 'blocked') {
$sql_extra = " AND `blocked` = 1 ";
$blocked = true;
} elseif ($a->argc == 2 && $a->argv[1] === 'hidden') {
$sql_extra = " AND `hidden` = 1 ";
$hidden = true;
} elseif ($a->argc == 2 && $a->argv[1] === 'ignored') {
$sql_extra = " AND `readonly` = 1 ";
$ignored = true;
} elseif ($a->argc == 2 && $a->argv[1] === 'archived') {
$sql_extra = " AND `archive` = 1 ";
$archived = true;
} else {
$sql_extra = " AND `blocked` = 0 ";
}
$search = x($_GET, 'search') ? notags(trim($_GET['search'])) : '';
$nets = x($_GET, 'nets') ? notags(trim($_GET['nets'])) : '';
$tabs = array(array('label' => t('Suggestions'), 'url' => $a->get_baseurl(true) . '/suggest', 'sel' => '', 'title' => t('Suggest potential friends')), array('label' => t('All Contacts'), 'url' => $a->get_baseurl(true) . '/contacts/all', 'sel' => $all ? 'active' : '', 'title' => t('Show all contacts')), array('label' => t('Unblocked'), 'url' => $a->get_baseurl(true) . '/contacts', 'sel' => !$all && !$blocked && !$hidden && !$search && !$nets && !$ignored && !$archived ? 'active' : '', 'title' => t('Only show unblocked contacts')), array('label' => t('Blocked'), 'url' => $a->get_baseurl(true) . '/contacts/blocked', 'sel' => $blocked ? 'active' : '', 'title' => t('Only show blocked contacts')), array('label' => t('Ignored'), 'url' => $a->get_baseurl(true) . '/contacts/ignored', 'sel' => $ignored ? 'active' : '', 'title' => t('Only show ignored contacts')), array('label' => t('Archived'), 'url' => $a->get_baseurl(true) . '/contacts/archived', 'sel' => $archived ? 'active' : '', 'title' => t('Only show archived contacts')), array('label' => t('Hidden'), 'url' => $a->get_baseurl(true) . '/contacts/hidden', 'sel' => $hidden ? 'active' : '', 'title' => t('Only show hidden contacts')));
$tab_tpl = get_markup_template('common_tabs.tpl');
$t = replace_macros($tab_tpl, array('$tabs' => $tabs));
$searching = false;
if ($search) {
$search_hdr = $search;
$search_txt = dbesc(protect_sprintf(preg_quote($search)));
$searching = true;
}
$sql_extra .= $searching ? " AND (name REGEXP '{$search_txt}' OR url REGEXP '{$search_txt}' OR nick REGEXP '{$search_txt}') " : "";
if ($nets) {
$sql_extra .= sprintf(" AND network = '%s' ", dbesc($nets));
}
$sql_extra2 = $sort_type > 0 && $sort_type <= CONTACT_IS_FRIEND ? sprintf(" AND `rel` = %d ", intval($sort_type)) : '';
$r = q("SELECT COUNT(*) AS `total` FROM `contact`\n\t\tWHERE `uid` = %d AND `self` = 0 AND `pending` = 0 {$sql_extra} {$sql_extra2} ", intval($_SESSION['uid']));
if (count($r)) {
$a->set_pager_total($r[0]['total']);
$total = $r[0]['total'];
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 0 AND `pending` = 0 {$sql_extra} {$sql_extra2} ORDER BY `name` ASC LIMIT %d , %d ", intval($_SESSION['uid']), intval($a->pager['start']), intval($a->pager['itemspage']));
$contacts = array();
if (count($r)) {
foreach ($r as $rr) {
$contacts[] = _contact_detail_for_template($rr);
}
}
$tpl = get_markup_template("contacts-template.tpl");
$o .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$header' => t('Contacts') . ($nets ? ' - ' . network_to_name($nets) : ''), '$tabs' => $t, '$total' => $total, '$search' => $search_hdr, '$desc' => t('Search your contacts'), '$finding' => $searching ? t('Finding: ') . "'" . $search . "'" : "", '$submit' => t('Find'), '$cmd' => $a->cmd, '$contacts' => $contacts, '$contact_drop_confirm' => t('Do you really want to delete this contact?'), '$batch_actions' => array('contacts_batch_update' => t('Update'), 'contacts_batch_block' => t('Block') . "/" . t("Unblock"), "contacts_batch_ignore" => t('Ignore') . "/" . t("Unignore"), "contacts_batch_archive" => t('Archive') . "/" . t("Unarchive"), "contacts_batch_drop" => t('Delete')), '$paginate' => paginate($a)));
return $o;
}
/**
* @brief Look up if channel is known and previously verified.
*
* A guid and a url, both signed by the sender, distinguish a known sender at a
* known location.
* This function looks these up to see if the channel is known and therefore
* previously verified. If not, we will need to verify it.
*
* @param array $arr an associative array which must contain:
* * \e string \b guid => guid of conversant
* * \e string \b guid_sig => guid signed with conversant's private key
* * \e string \b url => URL of the origination hub of this communication
* * \e string \b url_sig => URL signed with conversant's private key
*
* @returns array|null null if site is blacklisted or not found, otherwise an
* array with an hubloc record
*/
function zot_gethub($arr, $multiple = false)
{
if ($arr['guid'] && $arr['guid_sig'] && $arr['url'] && $arr['url_sig']) {
$blacklisted = false;
$bl1 = get_config('system', 'blacklisted_sites');
if (is_array($bl1) && $bl1) {
foreach ($bl1 as $bl) {
if ($bl && strpos($arr['url'], $bl) !== false) {
$blacklisted = true;
break;
}
}
}
if ($blacklisted) {
logger('zot_gethub: blacklisted site: ' . $arr['url']);
return null;
}
$limit = $multiple ? '' : ' limit 1 ';
$sitekey = array_key_exists('sitekey', $arr) && $arr['sitekey'] ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : '';
$r = q("select * from hubloc\n\t\t\t\twhere hubloc_guid = '%s' and hubloc_guid_sig = '%s'\n\t\t\t\tand hubloc_url = '%s' and hubloc_url_sig = '%s'\n\t\t\t\t{$sitekey} {$limit}", dbesc($arr['guid']), dbesc($arr['guid_sig']), dbesc($arr['url']), dbesc($arr['url_sig']));
if ($r) {
logger('zot_gethub: found', LOGGER_DEBUG);
return $multiple ? $r : $r[0];
}
}
logger('zot_gethub: not found: ' . print_r($arr, true), LOGGER_DEBUG);
return null;
}
function profile_content(&$a, $update = 0)
{
$category = $datequery = $datequery2 = '';
if ($a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
$datequery2 = escape_tags($a->argv[$x]);
} else {
$datequery = escape_tags($a->argv[$x]);
}
} else {
$category = $a->argv[$x];
}
}
}
if (!x($category)) {
$category = x($_GET, 'category') ? $_GET['category'] : '';
}
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
return login();
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
require_once 'include/items.php';
$groups = array();
$tab = 'posts';
$o = '';
if ($update) {
// Ensure we've got a profile owner if updating.
$a->profile['profile_uid'] = $update;
} else {
if ($a->profile['profile_uid'] == local_user()) {
nav_set_selected('home');
}
}
$contact = null;
$remote_contact = false;
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid']));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false;
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
if (!$update) {
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$o .= profile_tabs($a, $is_owner, $a->profile['nickname']);
if ($tab === 'profile') {
$o .= advanced_profile($a);
call_hooks('profile_advanced', $o);
return $o;
}
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
if (x($_SESSION, 'new_member') && $_SESSION['new_member'] && $is_owner) {
$o .= '<a href="newmember" id="newmember-tips" style="font-size: 1.2em;"><b>' . t('Tips for New Members') . '</b></a>' . EOL;
}
$commpage = $a->profile['page-flags'] == PAGE_COMMUNITY ? true : false;
$commvisitor = $commpage && $remote_contact == true ? true : false;
$a->page['aside'] .= posted_date_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true);
$a->page['aside'] .= categories_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'], x($category) ? xmlify($category) : '');
if (can_write_wall($a, $a->profile['profile_uid'])) {
$x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $commvisitor) && $a->profile['allow_location'] ? true : false, 'default_location' => $is_owner ? $a->user['default-location'] : '', 'nickname' => $a->profile['nickname'], 'lockstate' => is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($a->user, true) : '', 'bang' => '', 'visitor' => $is_owner || $commvisitor ? 'block' : 'none', 'profile_uid' => $a->profile['profile_uid'], 'acl_data' => $is_owner ? construct_acl_data($a, $a->user) : '');
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups);
if ($update) {
$r = q("SELECT distinct(parent) AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND\n\t\t\t(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE . "' OR item.verb = '" . ACTIVITY_DISLIKE . "')\n\t\t\tand `item`.`moderated` = 0 and `item`.`unseen` = 1\n\t\t\tAND `item`.`wall` = 1\n\t\t\t{$sql_extra}\n\t\t\tORDER BY `item`.`created` DESC", intval($a->profile['profile_uid']));
} else {
$sql_post_table = "";
if (x($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid']));
//$sql_extra .= protect_sprintf(file_tag_file_query('item',$category,'category'));
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
if (get_config('system', 'old_pager')) {
$r = q("SELECT COUNT(*) AS `total`\n\t\t\t FROM `thread` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`\n\t\t\t {$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`\n\t\t\t AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t WHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0\n\t\t\t and `thread`.`moderated` = 0\n\t\t\t AND `thread`.`wall` = 1\n\t\t\t {$sql_extra} {$sql_extra2} ", intval($a->profile['profile_uid']));
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
}
// check if we serve a mobile device and get the user settings
// accordingly
if ($a->is_mobile) {
$itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_mobile_network');
$itemspage_network = intval($itemspage_network) ? $itemspage_network : 20;
} else {
$itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_network');
$itemspage_network = intval($itemspage_network) ? $itemspage_network : 40;
}
// now that we have the user settings, see if the theme forces
// a maximum item number which is lower then the user choice
if ($a->force_max_items > 0 && $a->force_max_items < $itemspage_network) {
$itemspage_network = $a->force_max_items;
}
$a->set_pager_itemspage($itemspage_network);
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
$r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`,\n\t\t\t`thread`.`uid` AS `contact-uid`\n\t\t\tFROM `thread` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`\n\t\t\t{$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tWHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0\n\t\t\tand `thread`.`moderated` = 0\n\t\t\tAND `thread`.`wall` = 1\n\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\tORDER BY `thread`.`created` DESC {$pager_sql} ", intval($a->profile['profile_uid']));
}
$parents_arr = array();
$parents_str = '';
if (count($r)) {
foreach ($r as $rr) {
$parents_arr[] = $rr['item_id'];
}
$parents_str = implode(', ', $parents_arr);
$items = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`network`, `contact`.`rel`,\n\t\t\t`contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`, `contact`\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\t\tand `item`.`moderated` = 0\n\t\t\tAND `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t{$sql_extra} ", intval($a->profile['profile_uid']), dbesc($parents_str));
$items = conv_sort($items, 'created');
} else {
$items = array();
}
if ($is_owner && !$update && !get_config('theme', 'hide_eventlist')) {
$o .= get_birthdays();
$o .= get_events();
}
if ($is_owner) {
$r = q("UPDATE `item` SET `unseen` = 0\n\t\t\tWHERE `wall` = 1 AND `unseen` = 1 AND `uid` = %d", intval(local_user()));
}
$o .= conversation($a, $items, 'profile', $update);
if (!$update) {
if (!get_config('system', 'old_pager')) {
$o .= alt_pager($a, count($items));
} else {
$o .= paginate($a);
}
}
return $o;
}
function dir_query_build($joiner, $field, $s)
{
$ret = '';
if (trim($s)) {
$ret .= dbesc($joiner) . " " . dbesc($field) . " like '" . protect_sprintf('%' . dbesc($s) . '%') . "' ";
}
return $ret;
}
function search_content(&$a, $update = 0, $load = false)
{
if (get_config('system', 'block_public') || get_config('system', 'block_public_search')) {
if (!local_channel() && !remote_channel()) {
notice(t('Public access denied.') . EOL);
return;
}
}
if ($load) {
$_SESSION['loadtime'] = datetime_convert();
}
nav_set_selected('search');
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/items.php';
$format = $_REQUEST['format'] ? $_REQUEST['format'] : '';
if ($format !== '') {
$update = $load = 1;
}
$observer = $a->get_observer();
$observer_hash = $observer ? $observer['xchan_hash'] : '';
$o = '<div id="live-search"></div>' . "\r\n";
$o .= '<h3>' . t('Search') . '</h3>';
if (x($a->data, 'search')) {
$search = trim($a->data['search']);
} else {
$search = x($_GET, 'search') ? trim(rawurldecode($_GET['search'])) : '';
}
$tag = false;
if (x($_GET, 'tag')) {
$tag = true;
$search = x($_GET, 'tag') ? trim(rawurldecode($_GET['tag'])) : '';
}
if (!local_channel() || !feature_enabled(local_channel(), 'savedsearch')) {
$o .= search($search, 'search-box', '/search', local_channel() ? true : false);
}
if (strpos($search, '#') === 0) {
$tag = true;
$search = substr($search, 1);
}
if (strpos($search, '@') === 0) {
$search = substr($search, 1);
goaway(z_root() . '/directory' . '?f=1&search=' . $search);
}
// look for a naked webbie
if (strpos($search, '@') !== false) {
goaway(z_root() . '/directory' . '?f=1&search=' . $search);
}
if (!$search) {
return $o;
}
if ($tag) {
$sql_extra = sprintf(" AND `item`.`id` IN (select `oid` from term where otype = %d and type = %d and term = '%s') ", intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)));
} else {
$regstr = db_getfunc('REGEXP');
$sql_extra = sprintf(" AND `item`.`body` {$regstr} '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
// Here is the way permissions work in the search module...
// Only public posts can be shown
// OR your own posts if you are a logged in member
// No items will be shown if the member has a blocked profile wall.
if (!$update && !$load) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
$o .= '<div id="live-search"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . (intval(local_channel()) ? local_channel() : -1) . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'search', '$uid' => $a->profile['profile_uid'] ? $a->profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$fh' => '0', '$nouveau' => '0', '$wall' => '0', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$page' => $a->pager['page'] != 1 ? $a->pager['page'] : 1, '$search' => ($tag ? urlencode('#') : '') . $search, '$order' => '', '$file' => '', '$cats' => '', '$tags' => '', '$mid' => '', '$verb' => '', '$dend' => '', '$dbegin' => ''));
}
$pub_sql = public_permissions_sql($observer_hash);
require_once 'include/identity.php';
$sys = get_sys_channel();
if ($update && $load) {
$itemspage = get_pconfig(local_channel(), 'system', 'itemspage');
$a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($a->pager['itemspage']), intval($a->pager['start']));
// in case somebody turned off public access to sys channel content with permissions
if (!perm_is_allowed($sys['channel_id'], $observer_hash, 'view_stream')) {
$sys['xchan_hash'] .= 'disabled';
}
if ($load) {
$r = null;
if (ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
$prefix = 'distinct on (created, mid)';
$suffix = 'ORDER BY created DESC, mid';
} else {
$prefix = 'distinct';
$suffix = 'group by mid ORDER BY created DESC';
}
if (local_channel()) {
$r = q("SELECT {$prefix} mid, item.id as item_id, item.* from item\n\t\t\t\t\tWHERE item_restrict = 0\n\t\t\t\t\tAND ((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND item_private = 0 ) \n\t\t\t\t\tOR ( `item`.`uid` = %d )) OR item.owner_xchan = '%s' )\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\t{$suffix} {$pager_sql} ", intval(local_channel()), dbesc($sys['xchan_hash']));
}
if ($r === null) {
$r = q("SELECT {$prefix} mid, item.id as item_id, item.* from item\n\t\t\t\t\tWHERE item_restrict = 0\n\t\t\t\t\tAND (((( `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = ''\n\t\t\t\t\tAND `item`.`deny_gid` = '' AND item_private = 0 )\n\t\t\t\t\tand owner_xchan in ( " . stream_perms_xchans($observer ? PERMS_NETWORK | PERMS_PUBLIC : PERMS_PUBLIC) . " ))\n\t\t\t\t\t\t{$pub_sql} ) OR owner_xchan = '%s')\n\t\t\t\t\t{$sql_extra} \n\t\t\t\t\t{$suffix} {$pager_sql}", dbesc($sys['xchan_hash']));
}
} else {
$r = array();
}
}
if ($r) {
xchan_query($r);
$items = fetch_post_tags($r, true);
} else {
$items = array();
}
if ($format == 'json') {
$result = array();
require_once 'include/conversation.php';
foreach ($items as $item) {
$item['html'] = bbcode($item['body']);
$x = encode_item($item);
$x['html'] = prepare_text($item['body'], $item['mimetype']);
$result[] = $x;
}
json_return_and_die(array('success' => true, 'messages' => $result));
}
if ($tag) {
$o .= '<h2>Items tagged with: ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8') . '</h2>';
} else {
$o .= '<h2>Search results for: ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8') . '</h2>';
}
$o .= conversation($a, $items, 'search', $update, 'client');
return $o;
}
function channel_content(&$a, $update = 0, $load = false)
{
$category = $datequery = $datequery2 = '';
$mid = $_GET['mid'];
$datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : '';
$datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : '';
if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) {
return login();
}
$category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : '';
$groups = array();
$o = '';
if ($update) {
// Ensure we've got a profile owner if updating.
$a->profile['profile_uid'] = $update;
} else {
if ($a->profile['profile_uid'] == local_user()) {
nav_set_selected('home');
}
}
$is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false;
$channel = $a->get_channel();
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($a->profile['profile_uid'], $ob_hash);
if (!$perms['view_stream']) {
// We may want to make the target of this redirect configurable
if ($perms['view_profile']) {
notice(t('Insufficient permissions. Request redirected to profile page.') . EOL);
goaway(z_root() . "/profile/" . $a->profile['channel_address']);
}
notice(t('Permission denied.') . EOL);
return;
}
if (!$update) {
$o .= profile_tabs($a, $is_owner, $a->profile['channel_address']);
$o .= common_friends_visitor_widget($a->profile['profile_uid']);
if ($channel && $is_owner) {
$channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
} else {
$channel_acl = array();
}
if ($perms['post_wall']) {
$x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $observer) && intval(get_pconfig($a->profile['profile_uid'], 'system', 'use_browser_location')) ? true : false, 'default_location' => $is_owner ? $a->profile['channel_location'] : '', 'nickname' => $a->profile['channel_address'], 'lockstate' => strlen($a->profile['channel_allow_cid']) || strlen($a->profile['channel_allow_gid']) || strlen($a->profile['channel_deny_cid']) || strlen($a->profile['channel_deny_gid']) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($channel_acl) : '', 'showacl' => $is_owner ? 'yes' : '', 'bang' => '', 'visitor' => $is_owner || $observer ? true : false, 'profile_uid' => $a->profile['profile_uid']);
$o .= status_editor($a, $x);
}
}
/**
* Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups
*/
$sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups);
if ($update && !$load) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN));
} else {
$r = q("SELECT distinct parent AS `item_id` from item\n\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\tAND (item_flags & %d) AND ( item_flags & %d ) \n\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY created DESC", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_UNSEEN), intval(ABOOK_FLAG_BLOCKED));
}
} else {
if (x($category)) {
$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
}
if ($datequery) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
$itemspage = get_pconfig(local_user(), 'system', 'itemspage');
$a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
if ($load || $_COOKIE['jsAvailable'] != 1) {
if ($mid) {
$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) {$sql_extra} limit 1", dbesc($mid), intval($a->profile['profile_uid']), intval(ITEM_WALL));
if (!$r) {
notice(t('Permission denied.') . EOL);
}
} else {
$r = q("SELECT distinct id AS item_id FROM item \n\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\tWHERE uid = %d AND item_restrict = 0\n\t\t\t\t\tAND (item_flags & %d) and (item_flags & %d)\n\t\t\t\t\tAND ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\t\t\tORDER BY created DESC {$pager_sql} ", intval($a->profile['profile_uid']), intval(ITEM_WALL), intval(ITEM_THREAD_TOP), intval(ABOOK_FLAG_BLOCKED));
}
} else {
$r = array();
}
}
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
$items = q("SELECT `item`.*, `item`.`id` AS `item_id` \n\t\t\tFROM `item`\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`item_restrict` = 0\n\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t{$sql_extra} ", intval($a->profile['profile_uid']), dbesc($parents_str));
xchan_query($items);
$items = fetch_post_tags($items, true);
$items = conv_sort($items, 'created');
if ($load && $mid && !count($items)) {
// This will happen if we don't have sufficient permissions
// to view the parent item (or the item itself if it is toplevel)
notice(t('Permission denied.') . EOL);
}
} else {
$items = array();
}
if (!$update && !$load) {
// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
// because browser prefetching might change it on us. We have to deliver it with the page.
$o .= '<div id="live-channel"></div>' . "\r\n";
$o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
$a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'channel', '$uid' => $a->profile['profile_uid'] ? $a->profile['profile_uid'] : '0', '$gid' => '0', '$cid' => '0', '$cmin' => '0', '$cmax' => '0', '$star' => '0', '$liked' => '0', '$conv' => '0', '$spam' => '0', '$nouveau' => '0', '$wall' => '1', '$fh' => '0', '$page' => $a->pager['page'] != 1 ? $a->pager['page'] : 1, '$search' => '', '$order' => '', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$file' => '', '$cats' => $category ? $category : '', '$mid' => $mid, '$dend' => $datequery, '$dbegin' => $datequery2));
}
if ($is_owner) {
$r = q("UPDATE item SET item_flags = (item_flags ^ %d)\n\t\t\tWHERE (item_flags & %d) AND (item_flags & %d) AND uid = %d ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(ITEM_WALL), intval(local_user()));
}
if ($_COOKIE['jsAvailable'] == 1) {
$o .= conversation($a, $items, 'channel', $update, 'client');
} else {
$o .= conversation($a, $items, 'channel', $update, 'traditional');
}
if (!$update || $_COOKIE['jsAvailable'] != 1) {
$o .= alt_pager($a, count($items));
}
if ($mid) {
$o .= '<div id="content-complete"></div>';
}
return $o;
}
function network_content(&$a, $update = 0)
{
require_once 'include/conversation.php';
if (!local_user()) {
$_SESSION['return_url'] = $a->query_string;
return login(false);
}
// TODO:is this really necessary? $a is already available to hooks
$arr = array('query' => $a->query_string);
call_hooks('network_content_init', $arr);
$datequery = $datequery2 = '';
$group = 0;
$nouveau = false;
if ($a->argc > 1) {
for ($x = 1; $x < $a->argc; $x++) {
if (is_a_date_arg($a->argv[$x])) {
if ($datequery) {
$datequery2 = escape_tags($a->argv[$x]);
} else {
$datequery = escape_tags($a->argv[$x]);
$_GET['order'] = 'post';
}
} elseif ($a->argv[$x] === 'new') {
$nouveau = true;
} elseif (intval($a->argv[$x])) {
$group = intval($a->argv[$x]);
$def_acl = array('allow_gid' => '<' . $group . '>');
}
}
}
$o = '';
// item filter tabs
// TODO: fix this logic, reduce duplication
//$a->page['content'] .= '<div class="tabs-wrapper">';
list($no_active, $all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active) = network_query_get_sel_tab($a);
// if no tabs are selected, defaults to comments
if ($no_active == 'active') {
$all_active = 'active';
}
$cmd = $datequery ? '' : $a->cmd;
$len_naked_cmd = strlen(str_replace('/new', '', $cmd));
// tabs
$tabs = array(array('label' => t('Commented Order'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . '?f=&order=comment' . (x($_GET, 'cid') ? '&cid=' . $_GET['cid'] : ''), 'sel' => $all_active, 'title' => t('Sort by Comment Date')), array('label' => t('Posted Order'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . '?f=&order=post' . (x($_GET, 'cid') ? '&cid=' . $_GET['cid'] : ''), 'sel' => $postord_active, 'title' => t('Sort by Post Date')));
if (feature_enabled(local_user(), 'personal_tab')) {
$tabs[] = array('label' => t('Personal'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . (x($_GET, 'cid') ? '/?f=&cid=' . $_GET['cid'] : '/?f=') . '&conv=1', 'sel' => $conv_active, 'title' => t('Posts that mention or involve you'));
}
if (feature_enabled(local_user(), 'new_tab')) {
$tabs[] = array('label' => t('New'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . ($len_naked_cmd ? '/' : '') . 'new' . (x($_GET, 'cid') ? '/?f=&cid=' . $_GET['cid'] : ''), 'sel' => $new_active, 'title' => t('Activity Stream - by date'));
}
if (feature_enabled(local_user(), 'link_tab')) {
$tabs[] = array('label' => t('Shared Links'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . (x($_GET, 'cid') ? '/?f=&cid=' . $_GET['cid'] : '/?f=') . '&bmark=1', 'sel' => $bookmarked_active, 'title' => t('Interesting Links'));
}
if (feature_enabled(local_user(), 'star_posts')) {
$tabs[] = array('label' => t('Starred'), 'url' => $a->get_baseurl(true) . '/' . str_replace('/new', '', $cmd) . (x($_GET, 'cid') ? '/?f=&cid=' . $_GET['cid'] : '/?f=') . '&star=1', 'sel' => $starred_active, 'title' => t('Favourite Posts'));
}
// save selected tab, but only if not in search or file mode
if (!x($_GET, 'search') && !x($_GET, 'file')) {
set_pconfig(local_user(), 'network.view', 'tab.selected', array($all_active, $postord_active, $conv_active, $new_active, $starred_active, $bookmarked_active, $spam_active));
}
$arr = array('tabs' => $tabs);
call_hooks('network_tabs', $arr);
$o .= replace_macros(get_markup_template('common_tabs.tpl'), array('$tabs' => $arr['tabs']));
// --- end item filter tabs
$contact_id = $a->cid;
require_once 'include/acl_selectors.php';
$cid = x($_GET, 'cid') ? intval($_GET['cid']) : 0;
$star = x($_GET, 'star') ? intval($_GET['star']) : 0;
$bmark = x($_GET, 'bmark') ? intval($_GET['bmark']) : 0;
$order = x($_GET, 'order') ? notags($_GET['order']) : 'comment';
$liked = x($_GET, 'liked') ? intval($_GET['liked']) : 0;
$conv = x($_GET, 'conv') ? intval($_GET['conv']) : 0;
$spam = x($_GET, 'spam') ? intval($_GET['spam']) : 0;
$nets = x($_GET, 'nets') ? $_GET['nets'] : '';
$cmin = x($_GET, 'cmin') ? intval($_GET['cmin']) : 0;
$cmax = x($_GET, 'cmax') ? intval($_GET['cmax']) : 99;
$file = x($_GET, 'file') ? $_GET['file'] : '';
if (x($_GET, 'search') || x($_GET, 'file')) {
$nouveau = true;
}
if ($cid) {
$def_acl = array('allow_cid' => '<' . intval($cid) . '>');
}
if ($nets) {
$r = q("select id from contact where uid = %d and network = '%s' and self = 0", intval(local_user()), dbesc($nets));
$str = '';
if (count($r)) {
foreach ($r as $rr) {
$str .= '<' . $rr['id'] . '>';
}
}
if (strlen($str)) {
$def_acl = array('allow_cid' => $str);
}
}
set_pconfig(local_user(), 'network.view', 'net.selected', $nets ? $nets : 'all');
if (!$update) {
if ($group) {
if (($t = group_public_members($group)) && !get_pconfig(local_user(), 'system', 'nowarn_insecure')) {
notice(sprintf(tt('Warning: This group contains %s member from an insecure network.', 'Warning: This group contains %s members from an insecure network.', $t), $t) . EOL);
notice(t('Private messages to this group are at risk of public disclosure.') . EOL);
}
}
nav_set_selected('network');
$content = "";
if ($cid) {
$contact = q("SELECT `nick` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `forum`", intval($cid), intval(local_user()));
if ($contact) {
$content = "@" . $contact[0]["nick"] . "+" . $cid;
}
}
$x = array('is_owner' => true, 'allow_location' => $a->user['allow_location'], 'default_location' => $a->user['default-location'], 'nickname' => $a->user['nickname'], 'lockstate' => $group || $cid || $nets || is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'default_perms' => get_acl_permissions($a->user), 'acl' => populate_acl($group || $cid || $nets ? $def_acl : $a->user, true), 'bang' => $group || $cid || $nets ? '!' : '', 'visitor' => 'block', 'profile_uid' => local_user(), 'acl_data' => construct_acl_data($a, $a->user), 'content' => $content);
$o .= status_editor($a, $x);
}
// We don't have to deal with ACLs on this page. You're looking at everything
// that belongs to you, hence you can see all of it. We will filter by group if
// desired.
$sql_post_table = "";
$sql_options = $star ? " and starred = 1 " : '';
$sql_options .= $bmark ? " and bookmark = 1 " : '';
$sql_extra = $sql_options;
$sql_extra2 = "";
$sql_extra3 = "";
$sql_table = "`thread`";
$sql_parent = "`iid`";
if ($nouveau or strlen($file) or $update) {
$sql_table = "`item`";
$sql_parent = "`parent`";
}
$sql_nets = $nets ? sprintf(" and {$sql_table}.`network` = '%s' ", dbesc($nets)) : '';
if ($group) {
$r = q("SELECT `name`, `id` FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($group), intval($_SESSION['uid']));
if (!count($r)) {
if ($update) {
killme();
}
notice(t('No such group') . EOL);
goaway($a->get_baseurl(true) . '/network/0');
// NOTREACHED
}
$contacts = expand_groups(array($group));
$contact_str_self = "";
if (is_array($contacts) && count($contacts)) {
$contact_str = implode(',', $contacts);
$self = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self`", intval($_SESSION['uid']));
if (count($self)) {
$contact_str_self = "," . $self[0]["id"];
}
} else {
$contact_str = ' 0 ';
info(t('Group is empty'));
}
//$sql_post_table = " INNER JOIN (SELECT DISTINCT(`parent`) FROM `item` WHERE (`contact-id` IN ($contact_str) OR `allow_gid` like '".protect_sprintf('%<'.intval($group).'>%')."') and deleted = 0 ORDER BY `created` DESC) AS `temp1` ON $sql_table.$sql_parent = `temp1`.`parent` ";
$sql_extra3 .= " AND `contact-id` IN ({$contact_str}{$contact_str_self}) ";
$sql_extra3 .= " AND EXISTS (SELECT id FROM `item` WHERE (`contact-id` IN ({$contact_str}) \n\t\t\t\tOR `allow_gid` like '" . protect_sprintf('%<' . intval($group) . '>%') . "') and deleted = 0 \n\t\t\t\tAND parent = {$sql_table}.{$sql_parent}) ";
$o = replace_macros(get_markup_template("section_title.tpl"), array('$title' => sprintf(t('Group: %s'), $r[0]['name']))) . $o;
} elseif ($cid) {
$r = q("SELECT `id`,`name`,`network`,`writable`,`nurl` FROM `contact` WHERE `id` = %d\n\t\t\t\tAND `blocked` = 0 AND `pending` = 0 LIMIT 1", intval($cid));
if (count($r)) {
$sql_post_table = " INNER JOIN (SELECT DISTINCT(`parent`) FROM `item` \n\t\t\t\t\t WHERE 1 {$sql_options} AND `contact-id` = " . intval($cid) . " and deleted = 0 \n\t\t\t\t\t ORDER BY `item`.`received` DESC) AS `temp1` \n\t\t\t\t\t ON {$sql_table}.{$sql_parent} = `temp1`.`parent` ";
$sql_extra = "";
$o = replace_macros(get_markup_template("section_title.tpl"), array('$title' => sprintf(t('Contact: %s'), $r[0]['name']))) . $o;
if ($r[0]['network'] === NETWORK_OSTATUS && $r[0]['writable'] && !get_pconfig(local_user(), 'system', 'nowarn_insecure')) {
notice(t('Private messages to this person are at risk of public disclosure.') . EOL);
}
} else {
notice(t('Invalid contact.') . EOL);
goaway($a->get_baseurl(true) . '/network');
// NOTREACHED
}
}
if (!$group && !$cid && !$update && !get_config('theme', 'hide_eventlist')) {
$o .= get_birthdays();
$o .= get_events();
}
if ($datequery) {
$sql_extra3 .= protect_sprintf(sprintf(" AND {$sql_table}.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery))));
}
if ($datequery2) {
$sql_extra3 .= protect_sprintf(sprintf(" AND {$sql_table}.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2))));
}
//$sql_extra2 = (($nouveau) ? '' : " AND `item`.`parent` = `item`.`id` ");
$sql_extra2 = $nouveau ? '' : $sql_extra2;
$sql_extra3 = $nouveau ? '' : $sql_extra3;
$sql_order = "";
$order_mode = "received";
$tag = false;
if (x($_GET, 'search')) {
$search = escape_tags($_GET['search']);
if (strpos($search, '#') === 0) {
$tag = true;
$search = substr($search, 1);
}
if (get_config('system', 'only_tag_search')) {
$tag = true;
}
if ($tag) {
$sql_extra = "";
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($search)), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), intval(local_user()));
$sql_order = "`item`.`id`";
$order_mode = "id";
} else {
if (get_config('system', 'use_fulltext_engine')) {
$sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search)));
} else {
$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
$sql_order = "`item`.`received`";
$order_mode = "received";
}
}
if (strlen($file)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($file)), intval(TERM_OBJ_POST), intval(TERM_FILE), intval(local_user()));
$sql_order = "`item`.`id`";
$order_mode = "id";
}
if ($conv) {
$sql_extra3 .= " AND `mention`";
}
if ($update) {
// only setup pagination on initial page view
$pager_sql = '';
} else {
if (get_config('system', 'old_pager')) {
$r = q("SELECT COUNT(*) AS `total`\n\t\t\t FROM {$sql_table} {$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = {$sql_table}.`contact-id`\n\t\t\t AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t WHERE {$sql_table}.`uid` = %d AND {$sql_table}.`visible` = 1 AND {$sql_table}.`deleted` = 0\n\t\t\t {$sql_extra2} {$sql_extra3}\n\t\t\t {$sql_extra} {$sql_nets} ", intval($_SESSION['uid']));
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
}
// check if we serve a mobile device and get the user settings
// accordingly
if ($a->is_mobile) {
$itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_mobile_network');
$itemspage_network = intval($itemspage_network) ? $itemspage_network : 20;
} else {
$itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_network');
$itemspage_network = intval($itemspage_network) ? $itemspage_network : 40;
}
// now that we have the user settings, see if the theme forces
// a maximum item number which is lower then the user choice
if ($a->force_max_items > 0 && $a->force_max_items < $itemspage_network) {
$itemspage_network = $a->force_max_items;
}
$a->set_pager_itemspage($itemspage_network);
$pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage']));
}
if ($nouveau) {
$simple_update = $update ? " and `item`.`unseen` = 1 " : '';
if ($sql_order == "") {
$sql_order = "`item`.`received`";
}
// "New Item View" - show all items unthreaded in reverse created date order
$items = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`, `contact`.`writable`,\n\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM {$sql_table} {$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1\n\t\t\tAND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t{$simple_update}\n\t\t\t{$sql_extra} {$sql_nets}\n\t\t\tORDER BY {$sql_order} DESC {$pager_sql} ", intval($_SESSION['uid']));
$update_unseen = ' WHERE uid = ' . intval($_SESSION['uid']) . " AND unseen = 1 {$sql_extra} {$sql_nets}";
} else {
// Normal conversation view
if ($order === 'post') {
$ordering = "`created`";
if ($sql_order == "") {
$order_mode = "created";
}
} else {
$ordering = "`commented`";
if ($sql_order == "") {
$order_mode = "commented";
}
}
if ($sql_order == "") {
$sql_order = "{$sql_table}.{$ordering}";
}
if ($_GET["offset"] != "") {
$sql_extra3 .= sprintf(" AND {$sql_order} <= '%s'", dbesc($_GET["offset"]));
}
// Fetch a page full of parent items for this page
if ($update) {
if (!get_config("system", "like_no_comment")) {
$sql_extra4 = "(`item`.`deleted` = 0 OR `item`.`verb` = '" . ACTIVITY_LIKE . "' OR `item`.`verb` = '" . ACTIVITY_DISLIKE . "')";
} else {
$sql_extra4 = "`item`.`deleted` = 0 AND `item`.`verb` = '" . ACTIVITY_POST . "'";
}
$r = q("SELECT `item`.`parent` AS `item_id`, `item`.`network` AS `item_network`, `contact`.`uid` AS `contact_uid`\n\t\t\t\tFROM {$sql_table} {$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND {$sql_extra4}\n\t\t\t\tAND `item`.`moderated` = 0 AND `item`.`unseen` = 1\n\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets} ORDER BY `item_id` DESC LIMIT 100", intval(local_user()));
} else {
$r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`, `contact`.`uid` AS `contact_uid`\n\t\t\t\tFROM {$sql_table} {$sql_post_table} STRAIGHT_JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tWHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0\n\t\t\t\tAND `thread`.`moderated` = 0\n\t\t\t\t{$sql_extra2} {$sql_extra3} {$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY {$sql_order} DESC {$pager_sql} ", intval(local_user()));
}
// Then fetch all the children of the parents that are on this page
$parents_arr = array();
$parents_str = '';
$date_offset = "";
if (count($r)) {
foreach ($r as $rr) {
if (!in_array($rr['item_id'], $parents_arr)) {
$parents_arr[] = $rr['item_id'];
}
}
$parents_str = implode(", ", $parents_arr);
// splitted into separate queries to avoid the problem with very long threads
// so always the last X comments are loaded
// This problem can occur expecially with imported facebook posts
$max_comments = get_config("system", "max_comments");
if ($max_comments == 0) {
$max_comments = 100;
}
$items = array();
foreach ($parents_arr as $parents) {
// $sql_extra ORDER BY `item`.`commented` DESC LIMIT %d",
$thread_items = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`, `contact`.`writable`,\n\t\t\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\t\tFROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\t\t\t\tAND `item`.`moderated` = 0\n\t\t\t\t\tAND `item`.`parent` = %d\n\t\t\t\t\tORDER BY `item`.`commented` DESC LIMIT %d", intval(local_user()), intval($parents), intval($max_comments + 1));
$items = array_merge($items, $thread_items);
}
$items = conv_sort($items, $ordering);
} else {
$items = array();
}
if ($_GET["offset"] == "") {
$date_offset = $items[0][$order_mode];
} else {
$date_offset = $_GET["offset"];
}
$a->page_offset = $date_offset;
if ($parents_str) {
$update_unseen = ' WHERE uid = ' . intval(local_user()) . ' AND unseen = 1 AND parent IN ( ' . dbesc($parents_str) . ' )';
}
}
// We aren't going to try and figure out at the item, group, and page
// level which items you've seen and which you haven't. If you're looking
// at the top level network page just mark everything seen.
// The $update_unseen is a bit unreliable if you have stuff coming into your stream from a new contact -
// and other feeds that bring in stuff from the past. One can't find it all.
// I'm reviving this block to mark everything seen on page 1 of the network as a temporary measure.
// The correct solution is to implement a network notifications box just like the system notifications popup
// with the ability in the popup to "mark all seen".
// Several people are complaining because there are unseen messages they can't find and as time goes
// on they just get buried deeper. It has happened to me a couple of times also.
if (!$group && !$cid && !$star) {
$r = q("UPDATE `item` SET `unseen` = 0\n\t\t\tWHERE `unseen` = 1 AND `uid` = %d", intval(local_user()));
} else {
if ($update_unseen) {
$r = q("UPDATE `item` SET `unseen` = 0 {$update_unseen}");
}
}
// Set this so that the conversation function can find out contact info for our wall-wall items
$a->page_contact = $a->contact;
$mode = $nouveau ? 'network-new' : 'network';
$o .= conversation($a, $items, $mode, $update);
if (!$update) {
if (get_pconfig(local_user(), 'system', 'infinite_scroll')) {
$o .= scroll_loader();
} elseif (!get_config('system', 'old_pager')) {
$o .= alt_pager($a, count($items));
} else {
$o .= paginate($a);
}
}
return $o;
}
function init()
{
// logger('mod_acl: ' . print_r($_REQUEST,true));
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 500;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : '';
$type = x($_REQUEST, 'type') ? $_REQUEST['type'] : '';
$noforums = x($_REQUEST, 'n') ? $_REQUEST['n'] : false;
// $type =
// '' => standard ACL request
// 'g' => Groups only ACL request
// 'c' => Connections only ACL request or editor (textarea) mention request
// $_REQUEST['search'] contains ACL search text.
// $type =
// 'm' => autocomplete private mail recipient (checks post_mail permission)
// 'a' => autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos)
// 'x' => nav search bar autocomplete (match any xchan)
// $_REQUEST['query'] contains autocomplete search text.
// List of channels whose connections to also suggest,
// e.g. currently viewed channel or channels mentioned in a post
$extra_channels = x($_REQUEST, 'extra_channels') ? $_REQUEST['extra_channels'] : array();
// The different autocomplete libraries use different names for the search text
// parameter. Internaly we'll use $search to represent the search text no matter
// what request variable it was attached to.
if (array_key_exists('query', $_REQUEST)) {
$search = $_REQUEST['query'];
}
if (!local_channel() && !($type == 'x' || $type == 'c')) {
killme();
}
if ($search) {
$sql_extra = " AND `name` LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . " OR xchan_addr LIKE " . protect_sprintf("'%" . dbesc($search) . (strpos($search, '@') === false ? "%@%'" : "%'")) . ") ";
// This horrible mess is needed because position also returns 0 if nothing is found.
// Would be MUCH easier if it instead returned a very large value
// Otherwise we could just
// order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)).
$order_extra2 = "CASE WHEN xchan_name LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . " then POSITION('" . dbesc($search) . "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, ";
$col = strpos($search, '@') !== false ? 'xchan_addr' : 'xchan_name';
$sql_extra3 = "AND {$col} like " . protect_sprintf("'%" . dbesc($search) . "%'") . " ";
} else {
$sql_extra = $sql_extra2 = $sql_extra3 = "";
}
$groups = array();
$contacts = array();
if ($type == '' || $type == 'g') {
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`gname`\n\t\t\t\t\tFROM `groups`,`group_member` \n\t\t\t\t\tWHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d \n\t\t\t\t\tAND `group_member`.`gid`=`groups`.`id`\n\t\t\t\t\t{$sql_extra}\n\t\t\t\t\tGROUP BY `groups`.`id`\n\t\t\t\t\tORDER BY `groups`.`gname` \n\t\t\t\t\tLIMIT %d OFFSET %d", intval(local_channel()), intval($count), intval($start));
if ($r) {
foreach ($r as $g) {
// logger('acl: group: ' . $g['gname'] . ' members: ' . group_get_members_xchan($g['id']));
$groups[] = array("type" => "g", "photo" => "images/twopeople.png", "name" => $g['gname'], "id" => $g['id'], "xid" => $g['hash'], "uids" => group_get_members_xchan($g['id']), "link" => '');
}
}
}
if ($type == '' || $type == 'c') {
$extra_channels_sql = '';
// Only include channels who allow the observer to view their permissions
foreach ($extra_channels as $channel) {
if (perm_is_allowed(intval($channel), get_observer_hash(), 'view_contacts')) {
$extra_channels_sql .= "," . intval($channel);
}
}
$extra_channels_sql = substr($extra_channels_sql, 1);
// Remove initial comma
// Getting info from the abook is better for local users because it contains info about permissions
if (local_channel()) {
if ($extra_channels_sql != '') {
$extra_channels_sql = " OR (abook_channel IN ({$extra_channels_sql})) and abook_hidden = 0 ";
}
$r2 = null;
$r1 = q("select * from atoken where atoken_uid = %d", intval(local_channel()));
if ($r1) {
require_once 'include/security.php';
$r2 = array();
foreach ($r1 as $rr) {
$x = atoken_xchan($rr);
$r2[] = ['id' => 'a' . $rr['atoken_id'], 'hash' => $x['xchan_hash'], 'name' => $x['xchan_name'], 'micro' => $x['xchan_photo_m'], 'url' => z_root(), 'nick' => $x['xchan_addr'], 'abook_their_perms' => 0, 'abook_flags' => 0, 'abook_self' => 0];
}
}
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self \n\t\t\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE (abook_channel = %d {$extra_channels_sql}) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 {$sql_extra2} order by {$order_extra2} xchan_name asc", intval(local_channel()));
if ($r2) {
$r = array_merge($r2, $r);
}
} else {
// Visitors
$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self\n\t\t\t\t\tFROM xchan left join xlink on xlink_link = xchan_hash\n\t\t\t\t\tWHERE xlink_xchan = '%s' AND xchan_deleted = 0 {$sql_extra2} order by {$order_extra2} xchan_name asc", dbesc(get_observer_hash()));
// Find contacts of extra channels
// This is probably more complicated than it needs to be
if ($extra_channels_sql) {
// Build a list of hashes that we got previously so we don't get them again
$known_hashes = array("'" . get_observer_hash() . "'");
if ($r) {
foreach ($r as $rr) {
$known_hashes[] = "'" . $rr['hash'] . "'";
}
}
$known_hashes_sql = 'AND xchan_hash not in (' . join(',', $known_hashes) . ')';
$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self \n\t\t\t\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\t\tWHERE abook_channel IN ({$extra_channels_sql}) {$known_hashes_sql} AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 {$sql_extra2} order by {$order_extra2} xchan_name asc");
if ($r2) {
$r = array_merge($r, $r2);
}
// Sort accoring to match position, then alphabetically. This could be avoided if the above two SQL queries could be combined into one, and the sorting could be done on the SQl server (like in the case of a local user)
$matchpos = function ($x) use($search) {
$namepos = strpos($x['name'], $search);
$nickpos = strpos($x['nick'], $search);
// Use a large position if not found
return min($namepos === false ? 9999 : $namepos, $nickpos === false ? 9999 : $nickpos);
};
// This could be made simpler if PHP supported stable sorting
usort($r, function ($a, $b) use($matchpos) {
$pos1 = $matchpos($a);
$pos2 = $matchpos($b);
if ($pos1 == $pos2) {
// Order alphabetically if match position is the same
if ($a['name'] == $b['name']) {
return 0;
} else {
return $a['name'] < $b['name'] ? -1 : 1;
}
}
return $pos1 < $pos2 ? -1 : 1;
});
}
}
if (intval(get_config('system', 'taganyone')) || intval(get_pconfig(local_channel(), 'system', 'taganyone'))) {
if (count($r) < 100 && $type == 'c') {
$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self \n\t\t\t\t\t\tFROM xchan \n\t\t\t\t\t\tWHERE xchan_deleted = 0 {$sql_extra2} order by {$order_extra2} xchan_name asc");
if ($r2) {
$r = array_merge($r, $r2);
}
}
}
} elseif ($type == 'm') {
$r = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url \n\t\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\tWHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d )>0)\n\t\t\t\tand xchan_deleted = 0\n\t\t\t\t{$sql_extra3}\n\t\t\t\tORDER BY `xchan_name` ASC ", intval(local_channel()), intval(PERMS_W_MAIL));
} elseif ($type == 'a') {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\tWHERE abook_channel = %d\n\t\t\t\tand xchan_deleted = 0\n\t\t\t\t{$sql_extra3}\n\t\t\t\tORDER BY xchan_name ASC ", intval(local_channel()));
} elseif ($type == 'x') {
$r = $this->navbar_complete($a);
$contacts = array();
if ($r) {
foreach ($r as $g) {
$contacts[] = array("photo" => $g['photo'], "name" => $g['name'], "nick" => $g['address']);
}
}
$o = array('start' => $start, 'count' => $count, 'items' => $contacts);
echo json_encode($o);
killme();
} else {
$r = array();
}
if ($r) {
foreach ($r as $g) {
// remove RSS feeds from ACLs - they are inaccessible
if (strpos($g['hash'], '/') && $type != 'a') {
continue;
}
if ($g['abook_their_perms'] & PERMS_W_TAGWALL && $type == 'c' && !$noforums) {
$contacts[] = array("type" => "c", "photo" => "images/twopeople.png", "name" => $g['name'] . '+', "id" => $g['id'] . '+', "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'], 0, strpos($g['nick'], '@')), "self" => intval($g['abook_self']) ? 'abook-self' : '', "taggable" => 'taggable', "label" => t('network'));
}
$contacts[] = array("type" => "c", "photo" => $g['micro'], "name" => $g['name'], "id" => $g['id'], "xid" => $g['hash'], "link" => $g['nick'], "nick" => $g['nick'] ? substr($g['nick'], 0, strpos($g['nick'], '@')) : t('RSS'), "self" => intval($g['abook_self']) ? 'abook-self' : '', "taggable" => '', "label" => '');
}
}
$items = array_merge($groups, $contacts);
$o = array('start' => $start, 'count' => $count, 'items' => $items);
echo json_encode($o);
killme();
}
/**
*
* http://developer.twitter.com/doc/get/statuses/mentions
*
*/
function api_statuses_mentions(&$a, $type)
{
if (api_user() === false) {
return false;
}
$user_info = api_get_user($a);
// get last newtork messages
// params
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 20;
$page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0;
if ($page < 0) {
$page = 0;
}
$since_id = x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0;
$max_id = x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0;
//$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$start = $page * $count;
//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
$myurl = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
$myurl = substr($myurl, strpos($myurl, '://') + 3);
//$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
$myurl = str_replace('www.', '', $myurl);
$diasp_url = str_replace('/profile/', '/u/', $myurl);
/* if (get_config('system','use_fulltext_engine'))
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where (MATCH(`author-link`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(`tag`) AGAINST ('".'"%s"'."' in boolean mode) or MATCH(tag) AGAINST ('".'"%s"'."' in boolean mode))) ",
dbesc(protect_sprintf($myurl)),
dbesc(protect_sprintf($myurl)),
dbesc(protect_sprintf($diasp_url))
);
else
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where ( `author-link` like '%s' or `tag` like '%s' or tag like '%s' )) ",
dbesc(protect_sprintf('%' . $myurl)),
dbesc(protect_sprintf('%' . $myurl . ']%')),
dbesc(protect_sprintf('%' . $diasp_url . ']%'))
);
*/
$sql_extra .= sprintf(" AND `item`.`parent` IN (SELECT distinct(`parent`) from item where `author-link` IN ('https://%s', 'http://%s') OR `mention`)", dbesc(protect_sprintf($myurl)), dbesc(protect_sprintf($myurl)));
if ($max_id > 0) {
$sql_extra .= ' AND `item`.`id` <= ' . intval($max_id);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`, `contact`\n\t\t\tWHERE `item`.`uid` = %d\n\t\t\tAND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0\n\t\t\tAND `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t{$sql_extra}\n\t\t\tAND `item`.`id`>%d\n\t\t\tORDER BY `item`.`received` DESC LIMIT %d ,%d ", intval($user_info['uid']), intval($since_id), intval($start), intval($count));
$ret = api_format_items($r, $user_info);
$data = array('$statuses' => $ret);
switch ($type) {
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
break;
case "as":
$as = api_format_as($a, $ret, $user_info);
$as["title"] = $a->config['sitename'] . " Mentions";
$as['link']['url'] = $a->get_baseurl() . "/";
return $as;
break;
}
return api_apply_template("timeline", $type, $data);
}
/**
*
* http://developer.twitter.com/doc/get/statuses/mentions
*
*/
function api_statuses_mentions(&$a, $type)
{
if (api_user() === false) {
return false;
}
unset($_REQUEST["user_id"]);
unset($_GET["user_id"]);
unset($_REQUEST["screen_name"]);
unset($_GET["screen_name"]);
$user_info = api_get_user($a);
// get last newtork messages
// params
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 20;
$page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0;
if ($page < 0) {
$page = 0;
}
$since_id = x($_REQUEST, 'since_id') ? $_REQUEST['since_id'] : 0;
$max_id = x($_REQUEST, 'max_id') ? $_REQUEST['max_id'] : 0;
//$since_id = 0;//$since_id = (x($_REQUEST,'since_id')?$_REQUEST['since_id']:0);
$start = $page * $count;
// Ugly code - should be changed
$myurl = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
$myurl = substr($myurl, strpos($myurl, '://') + 3);
//$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
$myurl = str_replace('www.', '', $myurl);
$diasp_url = str_replace('/profile/', '/u/', $myurl);
if ($max_id > 0) {
$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`, `contact`\n\t\t\tWHERE `item`.`uid` = %d AND `verb` = '%s'\n\t\t\tAND NOT (`item`.`author-link` IN ('https://%s', 'http://%s'))\n\t\t\tAND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`deleted` = 0\n\t\t\tAND `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tAND `item`.`parent` IN (SELECT `iid` from thread where uid = %d AND `mention` AND !`ignored`)\n\t\t\t{$sql_extra}\n\t\t\tAND `item`.`id`>%d\n\t\t\tORDER BY `item`.`id` DESC LIMIT %d ,%d ", intval(api_user()), dbesc(ACTIVITY_POST), dbesc(protect_sprintf($myurl)), dbesc(protect_sprintf($myurl)), intval(api_user()), intval($since_id), intval($start), intval($count));
$ret = api_format_items($r, $user_info);
$data = array('$statuses' => $ret);
switch ($type) {
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
break;
case "as":
$as = api_format_as($a, $ret, $user_info);
$as["title"] = $a->config['sitename'] . " Mentions";
$as['link']['url'] = $a->get_baseurl() . "/";
return $as;
break;
}
return api_apply_template("timeline", $type, $data);
}
function acl_init(&$a)
{
// logger('mod_acl: ' . print_r($_REQUEST,true));
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
$type = x($_REQUEST, 'type') ? $_REQUEST['type'] : "";
// For use with jquery.autocomplete for private mail completion
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
if (!$type) {
$type = 'm';
}
$search = $_REQUEST['query'];
}
if (!local_user()) {
if ($type != 'x') {
killme();
}
}
if ($search != "") {
$sql_extra = " AND `name` LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . " ";
$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . " OR xchan_addr LIKE " . protect_sprintf("'%" . dbesc($search) . "%'") . ") ";
$col = strpos($search, '@') !== false ? 'xchan_addr' : 'xchan_name';
$sql_extra3 = "AND {$col} like " . protect_sprintf("'%" . dbesc($search) . "%'") . " ";
} else {
$sql_extra = $sql_extra2 = $sql_extra3 = "";
}
// count groups and contacts
if ($type == '' || $type == 'g') {
$r = q("SELECT COUNT(`id`) AS g FROM `groups` WHERE `deleted` = 0 AND `uid` = %d {$sql_extra}", intval(local_user()));
$group_count = (int) $r[0]['g'];
} else {
$group_count = 0;
}
if ($type == '' || $type == 'c') {
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\tWHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) {$sql_extra2}", intval(local_user()), intval(ABOOK_FLAG_BLOCKED | ABOOK_FLAG_PENDING | ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED));
$contact_count = (int) $r[0]['c'];
if (intval(get_config('system', 'taganyone')) || intval(get_pconfig(local_user(), 'system', 'taganyone'))) {
if ((!$r || !$r[0]['total']) && $type == 'c') {
$r = q("SELECT COUNT(xchan_hash) AS c FROM xchan \n\t\t\t\t\tWHERE not (xchan_flags & %d ) {$sql_extra2}", intval(XCHAN_FLAGS_DELETED));
$contact_count = (int) $r[0]['c'];
}
}
} elseif ($type == 'm') {
// autocomplete for Private Messages
$r = q("SELECT count(xchan_hash) as c\n\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))\n\t\t\tand not ( xchan_flags & %d )\n\t\t\t{$sql_extra2} ", intval(local_user()), intval(PERMS_W_MAIL), intval(XCHAN_FLAGS_DELETED));
if ($r) {
$contact_count = (int) $r[0]['c'];
}
} elseif ($type == 'a') {
// autocomplete for Contacts
$r = q("SELECT COUNT(abook_id) AS c FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\tWHERE abook_channel = %d and not ( xchan_flags & %d ) {$sql_extra2}", intval(local_user()), intval(XCHAN_FLAGS_DELETED));
$contact_count = (int) $r[0]['c'];
} else {
$contact_count = 0;
}
$tot = $group_count + $contact_count;
$groups = array();
$contacts = array();
if ($type == '' || $type == 'g') {
$r = q("SELECT `groups`.`id`, `groups`.`hash`, `groups`.`name`, \n\t\t\t\tGROUP_CONCAT(DISTINCT `group_member`.`xchan` SEPARATOR ',') as uids\n\t\t\t\tFROM `groups`,`group_member` \n\t\t\t\tWHERE `groups`.`deleted` = 0 AND `groups`.`uid` = %d \n\t\t\t\t\tAND `group_member`.`gid`=`groups`.`id`\n\t\t\t\t\t{$sql_extra}\n\t\t\t\tGROUP BY `groups`.`id`\n\t\t\t\tORDER BY `groups`.`name` \n\t\t\t\tLIMIT %d,%d", intval(local_user()), intval($start), intval($count));
foreach ($r as $g) {
// logger('acl: group: ' . $g['name'] . ' members: ' . $g['uids']);
$groups[] = array("type" => "g", "photo" => "images/twopeople.png", "name" => $g['name'], "id" => $g['id'], "xid" => $g['hash'], "uids" => explode(",", $g['uids']), "link" => '');
}
}
if ($type == '' || $type == 'c') {
$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags \n\t\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\tWHERE abook_channel = %d AND not ( abook_flags & %d ) and not (xchan_flags & %d ) {$sql_extra2} order by xchan_name asc", intval(local_user()), intval(ABOOK_FLAG_BLOCKED | ABOOK_FLAG_PENDING | ABOOK_FLAG_ARCHIVED), intval(XCHAN_FLAGS_DELETED));
if (intval(get_config('system', 'taganyone')) || intval(get_pconfig(local_user(), 'system', 'taganyone'))) {
if (!$r && $type == 'c') {
$r = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags \n\t\t\t\t\tFROM xchan \n\t\t\t\t\tWHERE not (xchan_flags & %d ) {$sql_extra2} order by xchan_name asc", intval(XCHAN_FLAGS_DELETED));
}
}
} elseif ($type == 'm') {
$r = q("SELECT xchan_hash as id, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url \n\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_channel = %d and ( (abook_their_perms = null) or (abook_their_perms & %d ))\n\t\t\tand not (xchan_flags & %d)\n\t\t\t{$sql_extra3}\n\t\t\tORDER BY `xchan_name` ASC ", intval(local_user()), intval(PERMS_W_MAIL), intval(XCHAN_FLAGS_DELETED));
} elseif ($type == 'a') {
$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_channel = %d\n\t\t\tand not (xchan_flags & %d)\n\t\t\t{$sql_extra3}\n\t\t\tORDER BY xchan_name ASC ", intval(local_user()), intval(XCHAN_FLAGS_DELETED));
} elseif ($type == 'x') {
$r = navbar_complete($a);
$x = array();
$x['query'] = $search;
$x['photos'] = array();
$x['links'] = array();
$x['suggestions'] = array();
$x['data'] = array();
if ($r) {
foreach ($r as $g) {
$x['photos'][] = $g['photo'];
$x['links'][] = $g['url'];
$x['suggestions'][] = '@' . $g['name'];
$x['data'][] = $g['name'];
}
}
echo json_encode($x);
killme();
} else {
$r = array();
}
if ($type == 'm' || $type == 'a') {
$x = array();
$x['query'] = $search;
$x['photos'] = array();
$x['links'] = array();
$x['suggestions'] = array();
$x['data'] = array();
if (count($r)) {
foreach ($r as $g) {
$x['photos'][] = $g['micro'];
$x['links'][] = $g['url'];
$x['suggestions'][] = $g['name'];
$x['data'][] = $g['id'];
}
}
echo json_encode($x);
killme();
}
if (count($r)) {
foreach ($r as $g) {
// remove RSS feeds from ACLs - they are inaccessible
if (strpos($g['hash'], '/')) {
continue;
}
if ($g['abook_their_perms'] & PERMS_W_TAGWALL && $type == 'c') {
$contacts[] = array("type" => "c", "photo" => "images/twopeople.png", "name" => $g['name'] . '+', "id" => $g['id'] . '+', "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'], 0, strpos($g['nick'], '@')), "self" => $g['abook_flags'] & ABOOK_FLAG_SELF ? 'abook-self' : '', "taggable" => 'taggable', "label" => t('network'));
}
$contacts[] = array("type" => "c", "photo" => $g['micro'], "name" => $g['name'], "id" => $g['id'], "xid" => $g['hash'], "link" => $g['nick'], "nick" => substr($g['nick'], 0, strpos($g['nick'], '@')), "self" => $g['abook_flags'] & ABOOK_FLAG_SELF ? 'abook-self' : '', "taggable" => '', "label" => '');
}
}
$items = array_merge($groups, $contacts);
$o = array('tot' => $tot, 'start' => $start, 'count' => $count, 'items' => $items);
echo json_encode($o);
killme();
}
function connections_content(&$a)
{
$sort_type = 0;
$o = '';
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return login();
}
$blocked = false;
$hidden = false;
$ignored = false;
$archived = false;
$unblocked = false;
$pending = false;
$unconnected = false;
$all = false;
if (!$_REQUEST['aj']) {
$_SESSION['return_url'] = $a->query_string;
}
$search_flags = 0;
$head = '';
if (argc() == 2) {
switch (argv(1)) {
case 'blocked':
$search_flags = ABOOK_FLAG_BLOCKED;
$head = t('Blocked');
$blocked = true;
break;
case 'ignored':
$search_flags = ABOOK_FLAG_IGNORED;
$head = t('Ignored');
$ignored = true;
break;
case 'hidden':
$search_flags = ABOOK_FLAG_HIDDEN;
$head = t('Hidden');
$hidden = true;
break;
case 'archived':
$search_flags = ABOOK_FLAG_ARCHIVED;
$head = t('Archived');
$archived = true;
break;
case 'pending':
$search_flags = ABOOK_FLAG_PENDING;
$head = t('New');
$pending = true;
nav_set_selected('intros');
break;
case 'ifpending':
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d)>0 and not ((abook_flags & %d)>0 or (xchan_flags & %d)>0)", intval(local_channel()), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF | ABOOK_FLAG_IGNORED), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN));
if ($r && $r[0]['total']) {
$search_flags = ABOOK_FLAG_PENDING;
$head = t('New');
$pending = true;
nav_set_selected('intros');
$a->argv[1] = 'pending';
} else {
$head = t('All');
$search_flags = 0;
$all = true;
$a->argc = 1;
unset($a->argv[1]);
}
nav_set_selected('intros');
break;
// case 'unconnected':
// $search_flags = ABOOK_FLAG_UNCONNECTED;
// $head = t('Unconnected');
// $unconnected = true;
// break;
// case 'unconnected':
// $search_flags = ABOOK_FLAG_UNCONNECTED;
// $head = t('Unconnected');
// $unconnected = true;
// break;
case 'all':
$head = t('All');
default:
$search_flags = 0;
$all = true;
break;
}
$sql_extra = $search_flags ? " and ( abook_flags & " . $search_flags . " )>0 " : "";
if (argv(1) === 'pending') {
$sql_extra .= " and not ( abook_flags & " . ABOOK_FLAG_IGNORED . " )>0 ";
}
} else {
$sql_extra = " and not ( abook_flags & " . ABOOK_FLAG_BLOCKED . " )>0 ";
$unblocked = true;
}
$search = x($_REQUEST, 'search') ? notags(trim($_REQUEST['search'])) : '';
$tabs = array(array('label' => t('Suggestions'), 'url' => z_root() . '/suggest', 'sel' => '', 'title' => t('Suggest new connections')), array('label' => t('New Connections'), 'url' => z_root() . '/connections/pending', 'sel' => $pending ? 'active' : '', 'title' => t('Show pending (new) connections')), array('label' => t('All Connections'), 'url' => z_root() . '/connections/all', 'sel' => $all ? 'active' : '', 'title' => t('Show all connections')), array('label' => t('Unblocked'), 'url' => z_root() . '/connections', 'sel' => $unblocked && !$search && !$nets ? 'active' : '', 'title' => t('Only show unblocked connections')), array('label' => t('Blocked'), 'url' => z_root() . '/connections/blocked', 'sel' => $blocked ? 'active' : '', 'title' => t('Only show blocked connections')), array('label' => t('Ignored'), 'url' => z_root() . '/connections/ignored', 'sel' => $ignored ? 'active' : '', 'title' => t('Only show ignored connections')), array('label' => t('Archived'), 'url' => z_root() . '/connections/archived', 'sel' => $archived ? 'active' : '', 'title' => t('Only show archived connections')), array('label' => t('Hidden'), 'url' => z_root() . '/connections/hidden', 'sel' => $hidden ? 'active' : '', 'title' => t('Only show hidden connections')));
$tab_tpl = get_markup_template('common_tabs.tpl');
$t = replace_macros($tab_tpl, array('$tabs' => $tabs));
$searching = false;
if ($search) {
$search_hdr = $search;
$search_txt = dbesc(protect_sprintf(preg_quote($search)));
$searching = true;
}
$sql_extra .= $searching ? protect_sprintf(" AND xchan_name like '%{$search_txt}%' ") : "";
if ($_REQUEST['gid']) {
$sql_extra .= " and xchan_hash in ( select xchan from group_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
}
$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash \n\t\twhere abook_channel = %d and not (abook_flags & %d)>0 and not (xchan_flags & %d )>0 {$sql_extra} {$sql_extra2} ", intval(local_channel()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN));
if ($r) {
$a->set_pager_total($r[0]['total']);
$total = $r[0]['total'];
}
$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash\n\t\tWHERE abook_channel = %d and not (abook_flags & %d)>0 and not ( xchan_flags & %d)>0 {$sql_extra} {$sql_extra2} ORDER BY xchan_name LIMIT %d OFFSET %d ", intval(local_channel()), intval(ABOOK_FLAG_SELF), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN), intval($a->pager['itemspage']), intval($a->pager['start']));
$contacts = array();
if (count($r)) {
foreach ($r as $rr) {
if ($rr['xchan_url']) {
$contacts[] = array('img_hover' => sprintf(t('%1$s [%2$s]'), $rr['xchan_name'], $rr['xchan_url']), 'edit_hover' => t('Edit connection'), 'id' => $rr['abook_id'], 'alt_text' => $alt_text, 'dir_icon' => $dir_icon, 'thumb' => $rr['xchan_photo_m'], 'name' => $rr['xchan_name'], 'username' => $rr['xchan_name'], 'classes' => $rr['abook_flags'] & ABOOK_FLAG_ARCHIVED ? 'archived' : '', 'link' => z_root() . '/connedit/' . $rr['abook_id'], 'edit' => t('Edit'), 'url' => chanlink_url($rr['xchan_url']), 'network' => network_to_name($rr['network']));
}
}
}
if ($_REQUEST['aj']) {
if ($contacts) {
$o = replace_macros(get_markup_template('contactsajax.tpl'), array('$contacts' => $contacts, '$edit' => t('Edit')));
} else {
$o = '<div id="content-complete"></div>';
}
echo $o;
killme();
} else {
$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
$o .= replace_macros(get_markup_template('connections.tpl'), array('$header' => t('Connections') . ($head ? ' - ' . $head : ''), '$tabs' => $t, '$total' => $total, '$search' => $search_hdr, '$desc' => t('Search your connections'), '$finding' => $searching ? t('Finding: ') . "'" . $search . "'" : "", '$submit' => t('Find'), '$edit' => t('Edit'), '$cmd' => $a->cmd, '$contacts' => $contacts, '$paginate' => paginate($a)));
}
if (!$contacts) {
$o .= '<div id="content-complete"></div>';
}
return $o;
}
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false)
{
$sitefeed = strlen($owner_nick) ? false : true;
// not yet implemented, need to rewrite huge chunks of following logic
$public_feed = $dfrn_id ? false : true;
$starred = false;
// not yet implemented, possible security issues
$converse = false;
if ($public_feed && $a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if ($a->argv[$x] == 'converse') {
$converse = true;
}
if ($a->argv[$x] == 'starred') {
$starred = true;
}
if ($a->argv[$x] === 'category' && $a->argc > $x + 1 && strlen($a->argv[$x + 1])) {
$category = $a->argv[$x + 1];
}
}
}
// default permissions - anonymous user
$sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' ";
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`\n\t\tFROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick));
if (!count($r)) {
killme();
}
$owner = $r[0];
$owner_id = $owner['user_uid'];
$owner_nick = $owner['nickname'];
$birthday = feed_birthday($owner_id, $owner['timezone']);
$sql_post_table = "";
$visibility = "";
if (!$public_feed) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
return false;
break;
// NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id));
if (!count($r)) {
killme();
}
$contact = $r[0];
require_once 'include/security.php';
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf("\n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )\n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )\n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s')\n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($public_feed) {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
// Include answers to status.net posts in pubsub feeds
if ($forpubsub) {
$sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`\n\t\t\t\tLEFT JOIN `item` AS `thritem` ON `thritem`.`uri`=`item`.`thr-parent` AND `thritem`.`uid`=`item`.`uid`";
$visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND ((`thread`.`network`='%s') OR (`thritem`.`network` = '%s')))", dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS));
$date_field = "`received`";
$sql_order = "`item`.`received` DESC";
} else {
$date_field = "`changed`";
$sql_order = "`item`.`parent` " . $sort . ", `item`.`created` ASC";
}
if (!strlen($last_update)) {
$last_update = 'now -30 days';
}
if (isset($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id));
//$sql_extra .= file_tag_file_query('item',$category,'category');
}
if ($public_feed) {
if (!$converse) {
$sql_extra .= " AND `contact`.`self` = 1 ";
}
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
// AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
// dbesc($check_date),
$r = q("SELECT STRAIGHT_JOIN `item`.*, `item`.`id` AS `item_id`,\n\t\t`contact`.`name`, `contact`.`network`, `contact`.`photo`, `contact`.`url`,\n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,\n\t\t`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,\n\t\t`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`\n\t\tFROM `item` {$sql_post_table}\n\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tLEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`parent` != 0\n\t\tAND ((`item`.`wall` = 1) {$visibility}) AND `item`.{$date_field} > '%s'\n\t\t{$sql_extra}\n\t\tORDER BY {$sql_order} LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($sort));
// Will check further below if this actually returned results.
// We will provide an empty feed if that is the case.
$items = $r;
$feed_template = get_markup_template($dfrn_id ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
$atom = '';
$hubxml = feed_hublinks();
$salmon = feed_salmonlinks($owner_nick);
$alternatelink = $owner['url'];
if (isset($category)) {
$alternatelink .= "/category/" . $category;
}
$atom .= replace_macros($feed_template, array('$version' => xmlify(FRIENDICA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$hub' => $hubxml, '$salmon' => $salmon, '$alternatelink' => xmlify($alternatelink), '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', ATOM_TIME)), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', ATOM_TIME)), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', ATOM_TIME)), '$birthday' => strlen($birthday) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '', '$community' => $owner['page-flags'] == PAGE_COMMUNITY ? '<dfrn:community>1</dfrn:community>' : ''));
call_hooks('atom_feed', $atom);
if (!count($items)) {
call_hooks('atom_feed_end', $atom);
$atom .= '</feed>' . "\r\n";
return $atom;
}
foreach ($items as $item) {
// prevent private email from leaking.
if ($item['network'] === NETWORK_MAIL) {
continue;
}
// public feeds get html, our own nodes use bbcode
if ($public_feed) {
$type = 'html';
// catch any email that's in a public conversation and make sure it doesn't leak
if ($item['private']) {
continue;
}
} else {
$type = 'text';
}
$atom .= atom_entry($item, $type, null, $owner, true);
}
call_hooks('atom_feed_end', $atom);
$atom .= '</feed>' . "\r\n";
return $atom;
}
function public_permissions_sql($observer_hash)
{
$observer = get_app()->get_observer();
$groups = init_groups_visitor($observer_hash);
$gs = '<<>>';
// should be impossible to match
if (is_array($groups) && count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . $g . '>';
}
}
$sql = '';
if ($observer_hash) {
$sql = sprintf(" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')\n\t\t\t AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )\n\t\t\t ))\n\t\t\t", dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs), dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs));
}
return $sql;
}
/**
* @brief Returns a list of files/attachments.
*
* @param $channel_id
* @param $observer
* @param $hash (optional)
* @param $filename (optional)
* @param $filetype (optional)
* @param $orderby
* @param $start
* @param $entries
* @return associative array with:
* * \e boolean \b success
* * \e array|boolean \b results array with results, or false
* * \e string \b message with error messages if any
*/
function attach_list_files($channel_id, $observer, $hash = '', $filename = '', $filetype = '', $orderby = 'created desc', $start = 0, $entries = 0)
{
$ret = array('success' => false);
if (!perm_is_allowed($channel_id, $observer, 'view_storage')) {
$ret['message'] = t('Permission denied.');
return $ret;
}
require_once 'include/security.php';
$sql_extra = permissions_sql($channel_id);
if ($hash) {
$sql_extra .= protect_sprintf(" and hash = '" . dbesc($hash) . "' ");
}
if ($filename) {
$sql_extra .= protect_sprintf(" and filename like '@" . dbesc($filename) . "@' ");
}
if ($filetype) {
$sql_extra .= protect_sprintf(" and filetype like '@" . dbesc($filetype) . "@' ");
}
if ($entries) {
$limit = " limit " . intval($start) . ", " . intval(entries) . " ";
}
// Retrieve all columns except 'data'
$r = q("select id, aid, uid, hash, filename, filetype, filesize, revision, folder, os_storage, is_dir, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d {$sql_extra} ORDER BY {$orderby} {$limit}", intval($channel_id));
$ret['success'] = is_array($r) ? true : false;
$ret['results'] = is_array($r) ? $r : false;
return $ret;
}
function items_fetch($arr, $channel = null, $observer_hash = null, $client_mode = CLIENT_MODE_NORMAL, $module = 'network')
{
$result = array('success' => false);
$a = get_app();
$sql_extra = '';
$sql_nets = '';
$sql_options = '';
$sql_extra2 = '';
$sql_extra3 = '';
$def_acl = '';
$item_uids = ' true ';
if ($arr['uid']) {
$uid = $arr['uid'];
}
if ($channel) {
$uid = $channel['channel_id'];
$uidhash = $channel['channel_hash'];
$item_uids = " item.uid = " . intval($uid) . " ";
}
if ($arr['star']) {
$sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 ";
}
if ($arr['wall']) {
$sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 ";
}
$sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 {$sql_options} ) ";
if ($arr['since_id']) {
$sql_extra .= " and item.id > " . $since_id . " ";
}
if ($arr['gid'] && $uid) {
$r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", intval($arr['group']), intval($uid));
if (!$r) {
$result['message'] = t('Collection not found.');
return $result;
}
$contact_str = '';
/** @FIXME $group is undefined */
$contacts = group_get_members($group);
if ($contacts) {
foreach ($contacts as $c) {
if ($contact_str) {
$contact_str .= ',';
}
$contact_str .= "'" . $c['xchan'] . "'";
}
} else {
$contact_str = ' 0 ';
$result['message'] = t('Collection is empty.');
return $result;
}
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND (( author_xchan IN ( {$contact_str} ) OR owner_xchan in ( {$contact_str})) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) ";
$x = group_rec_byhash($uid, $r[0]['hash']);
$result['headline'] = sprintf(t('Collection: %s'), $x['name']);
} elseif ($arr['cid'] && $uid) {
$r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1", intval($arr['cid']), intval(local_channel()));
if ($r) {
$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND uid = " . intval($arr['uid']) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) ";
$result['headline'] = sprintf(t('Connection: %s'), $r[0]['xchan_name']);
} else {
$result['message'] = t('Connection not found.');
return $result;
}
}
if ($arr['datequery']) {
$sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $arr['datequery']))));
}
if ($arr['datequery2']) {
$sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $arr['datequery2']))));
}
if (!array_key_exists('nouveau', $arr)) {
$sql_extra2 = " AND item.parent = item.id ";
$sql_extra3 = '';
}
if ($arr['search']) {
if (strpos($arr['search'], '#') === 0) {
$sql_extra .= term_query('item', substr($arr['search'], 1), TERM_HASHTAG);
} else {
$sql_extra .= sprintf(" AND item.body like '%s' ", dbesc(protect_sprintf('%' . $arr['search'] . '%')));
}
}
if (strlen($arr['file'])) {
$sql_extra .= term_query('item', $arr['files'], TERM_FILE);
}
if ($arr['conv'] && $channel) {
$sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ", dbesc(protect_sprintf($uidhash)), intval(ITEM_MENTIONSME));
}
if ($client_mode & CLIENT_MODE_UPDATE && !($client_mode & CLIENT_MODE_LOAD)) {
// only setup pagination on initial page view
$pager_sql = '';
} else {
$itemspage = $channel ? get_pconfig($uid, 'system', 'itemspage') : 20;
$a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20);
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start']));
}
if (isset($arr['start']) && isset($arr['records'])) {
$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start']));
}
if (array_key_exists('cmin', $arr) || array_key_exists('cmax', $arr)) {
if ($arr['cmin'] != 0 || $arr['cmax'] != 99) {
// Not everybody who shows up in the network stream will be in your address book.
// By default those that aren't are assumed to have closeness = 99; but this isn't
// recorded anywhere. So if cmax is 99, we'll open the search up to anybody in
// the stream with a NULL address book entry.
$sql_nets .= " AND ";
if ($arr['cmax'] == 99) {
$sql_nets .= " ( ";
}
$sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " ";
$sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) ";
/** @fixme dead code, $cmax is undefined */
if ($cmax == 99) {
$sql_nets .= " OR abook.abook_closeness IS NULL ) ";
}
}
}
$simple_update = $client_mode & CLIENT_MODE_UPDATE ? " and ( item.item_unseen = 1 ) " : '';
if ($client_mode & CLIENT_MODE_LOAD) {
$simple_update = '';
}
//$start = dba_timer();
require_once 'include/security.php';
$sql_extra .= item_permissions_sql($channel['channel_id'], $observer_hash);
if ($arr['pages']) {
$item_restrict = " AND (item_restrict & " . ITEM_WEBPAGE . ") ";
} else {
$item_restrict = " AND item_restrict = 0 ";
}
if ($arr['nouveau'] && $client_mode & CLIENT_MODE_LOAD && $channel) {
// "New Item View" - show all items unthreaded in reverse created date order
$items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\tWHERE {$item_uids} {$item_restrict}\n\t\t\t\t{$simple_update}\n\t\t\t\t{$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY item.received DESC {$pager_sql}");
require_once 'include/items.php';
xchan_query($items);
$items = fetch_post_tags($items, true);
} else {
// Normal conversation view
if ($arr['order'] === 'post') {
$ordering = "created";
} else {
$ordering = "commented";
}
if ($client_mode & CLIENT_MODE_LOAD || $client_mode == CLIENT_MODE_NORMAL) {
// Fetch a page full of parent items for this page
$r = q("SELECT distinct item.id AS item_id, item.{$ordering} FROM item\n left join abook on item.author_xchan = abook.abook_xchan\n WHERE {$item_uids} {$item_restrict}\n AND item.parent = item.id\n and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n {$sql_extra3} {$sql_extra} {$sql_nets}\n ORDER BY item.{$ordering} DESC {$pager_sql} ", intval(ABOOK_FLAG_BLOCKED));
} else {
// update
$r = q("SELECT item.parent AS item_id FROM item\n left join abook on item.author_xchan = abook.abook_xchan\n WHERE {$item_uids} {$item_restrict} {$simple_update}\n and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n {$sql_extra3} {$sql_extra} {$sql_nets} ", intval(ABOOK_FLAG_BLOCKED));
}
//$first = dba_timer();
// Then fetch all the children of the parents that are on this page
if ($r) {
$parents_str = ids_to_querystr($r, 'item_id');
if ($arr['top']) {
$sql_extra = ' and id = parent ' . $sql_extra;
}
$items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\tWHERE {$item_uids} {$item_restrict}\n\t\t\t\tAND item.parent IN ( %s )\n\t\t\t\t{$sql_extra} ", dbesc($parents_str));
//$second = dba_timer();
xchan_query($items);
//$third = dba_timer();
$items = fetch_post_tags($items, true);
//$fourth = dba_timer();
require_once 'include/conversation.php';
$items = conv_sort($items, $ordering);
//logger('items: ' . print_r($items,true));
} else {
$items = array();
}
if ($parents_str && $arr['mark_seen']) {
$update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )';
}
/** @FIXME finish mark unseen sql */
}
return $items;
}
function search_content(&$a)
{
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
if (get_config('system', 'local_search') and !local_user()) {
notice(t('Public access denied.') . EOL);
return;
//http_status_exit(403);
//killme();
}
nav_set_selected('search');
$o = '<h3>' . t('Search') . '</h3>';
if (x($a->data, 'search')) {
$search = notags(trim($a->data['search']));
} else {
$search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : '';
}
$tag = false;
if (x($_GET, 'tag')) {
$tag = true;
$search = x($_GET, 'tag') ? notags(trim(rawurldecode($_GET['tag']))) : '';
}
$o .= search($search, 'search-box', '/search', local_user() ? true : false, false);
if (strpos($search, '#') === 0) {
$tag = true;
$search = substr($search, 1);
}
if (strpos($search, '@') === 0) {
return dirfind_content($a);
}
if (strpos($search, '!') === 0) {
return dirfind_content($a);
}
if (x($_GET, 'search-option')) {
switch ($_GET['search-option']) {
case 'fulltext':
break;
case 'tags':
$tag = true;
break;
case 'contacts':
return dirfind_content($a, "@");
break;
case 'forums':
return dirfind_content($a, "!");
break;
}
}
if (!$search) {
return $o;
}
if (get_config('system', 'only_tag_search')) {
$tag = true;
}
// Here is the way permissions work in the search module...
// Only public posts can be shown
// OR your own posts if you are a logged in member
// No items will be shown if the member has a blocked profile wall.
if ($tag) {
logger("Start tag search for '" . $search . "'", LOGGER_DEBUG);
$r = q("SELECT STRAIGHT_JOIN `item`.`uri`, `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `term`\n\t\t\t\tINNER JOIN `item` ON `item`.`id`=`term`.`oid`\n\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND NOT `contact`.`blocked` AND NOT `contact`.`pending`\n\t\t\tWHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`\n\t\t\t\tAND (`term`.`uid` = 0 OR (`term`.`uid` = %d AND NOT `term`.`global`)) AND `term`.`otype` = %d AND `term`.`type` = %d AND `term`.`term` = '%s'\n\t\t\tORDER BY term.created DESC LIMIT %d , %d ", intval(local_user()), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)), intval($a->pager['start']), intval($a->pager['itemspage']));
} else {
logger("Start fulltext search for '" . $search . "'", LOGGER_DEBUG);
if (get_config('system', 'use_fulltext_engine')) {
$sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search)));
} else {
$sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search))));
}
$r = q("SELECT STRAIGHT_JOIN `item`.`uri`, `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`\n\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND NOT `contact`.`blocked` AND NOT `contact`.`pending`\n\t\t\tWHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`\n\t\t\t\tAND (`item`.`uid` = 0 OR (`item`.`uid` = %s AND (`item`.`private` OR NOT `item`.`network` IN ('%s', '%s', '%s'))))\n\t\t\t\t{$sql_extra}\n\t\t\tGROUP BY `item`.`uri` ORDER BY `item`.`id` DESC LIMIT %d , %d ", intval(local_user()), dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_DIASPORA), intval($a->pager['start']), intval($a->pager['itemspage']));
}
if (!count($r)) {
info(t('No results.') . EOL);
return $o;
}
if ($tag) {
$title = sprintf(t('Items tagged with: %s'), $search);
} else {
$title = sprintf(t('Search results for: %s'), $search);
}
$o .= replace_macros(get_markup_template("section_title.tpl"), array('$title' => $title));
logger("Start Conversation for '" . $search . "'", LOGGER_DEBUG);
$o .= conversation($a, $r, 'search', false);
$o .= alt_pager($a, count($r));
logger("Done '" . $search . "'", LOGGER_DEBUG);
return $o;
}
/**
* @brief Checks the directory mode of this hub.
*
* Checks the directory mode of this hub to see if it is some form of directory server. If it is,
* get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
* a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB.
* In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored
* directly if the rater's signature matches.
*
* @param int $dirmode;
*/
function sync_directories($dirmode)
{
if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL) {
return;
}
$realm = get_directory_realm();
if ($realm == DIRECTORY_REALM) {
$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), intval(SITE_TYPE_ZOT), dbesc($realm));
} else {
$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ", intval(DIRECTORY_MODE_PRIMARY | DIRECTORY_MODE_SECONDARY), dbesc(z_root()), dbesc(protect_sprintf('%' . $realm . '%')), intval(SITE_TYPE_ZOT));
}
// If there are no directory servers, setup the fallback master
/** @FIXME What to do if we're in a different realm? */
if (!$r && z_root() != DIRECTORY_FALLBACK_MASTER) {
$r = array();
$r[] = array('site_url' => DIRECTORY_FALLBACK_MASTER, 'site_flags' => DIRECTORY_MODE_PRIMARY, 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', 'site_realm' => DIRECTORY_REALM, 'site_valid' => 1);
$x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid )\n\t\t\tvalues ( '%s', %d, '%s', '%s', '%s', %d ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), dbesc($r[0]['site_realm']), intval($r[0]['site_valid']));
$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ", intval(DIRECTORY_MODE_PRIMARY), intval(DIRECTORY_MODE_SECONDARY), dbesc(z_root()), intval(SITE_TYPE_ZOT));
}
if (!$r) {
return;
}
foreach ($r as $rr) {
if (!$rr['site_directory']) {
continue;
}
logger('sync directories: ' . $rr['site_directory']);
// for brand new directory servers, only load the last couple of days.
// It will take about a month for a new directory to obtain the full current repertoire of channels.
/** @FIXME Go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. */
$token = get_config('system', 'realm_token');
$syncdate = $rr['site_sync'] === NULL_DATE ? datetime_convert('UTC', 'UTC', 'now - 2 days') : $rr['site_sync'];
$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . ($token ? '&t=' . $token : ''));
if (!$x['success']) {
continue;
}
$j = json_decode($x['body'], true);
if (!$j['transactions'] || $j['ratings']) {
continue;
}
q("update site set site_sync = '%s' where site_url = '%s'", dbesc(datetime_convert()), dbesc($rr['site_url']));
logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j, true), LOGGER_DATA);
if (is_array($j['transactions']) && count($j['transactions'])) {
foreach ($j['transactions'] as $t) {
$r = q("select * from updates where ud_guid = '%s' limit 1", dbesc($t['transaction_id']));
if ($r) {
continue;
}
$ud_flags = 0;
if (is_array($t['flags']) && in_array('deleted', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_DELETED;
}
if (is_array($t['flags']) && in_array('forced', $t['flags'])) {
$ud_flags |= UPDATE_FLAGS_FORCED;
}
$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )\n\t\t\t\t\tvalues ( '%s', '%s', '%s', %d, '%s' ) ", dbesc($t['hash']), dbesc($t['transaction_id']), dbesc($t['timestamp']), intval($ud_flags), dbesc($t['address']));
}
}
if (is_array($j['ratings']) && count($j['ratings'])) {
foreach ($j['ratings'] as $rr) {
$x = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($rr['channel']), dbesc($rr['target']));
if ($x && $x[0]['xlink_updated'] >= $rr['edited']) {
continue;
}
// Ratings are signed by the rater. We need to verify before we can accept it.
/** @TODO Queue or defer if the xchan is not yet present on our site */
$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1", dbesc($rr['channel']));
if (!$y) {
logger('key unavailable on this site for ' . $rr['channel']);
continue;
}
if (!rsa_verify($rr['target'] . '.' . $rr['rating'] . '.' . $rr['rating_text'], base64url_decode($rr['signature']), $y[0]['xchan_pubkey'])) {
logger('failed to verify rating');
continue;
}
if ($x) {
$z = q("update xlink set xlink_rating = %d, xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s' where xlink_id = %d", intval($rr['rating']), dbesc($rr['rating_text']), dbesc($rr['signature']), dbesc(datetime_convert()), intval($x[0]['xlink_id']));
logger('rating updated');
} else {
$z = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($rr['channel']), dbesc($rr['target']), intval($rr['rating']), dbesc($rr['rating_text']), dbesc($rr['signature']), dbesc(datetime_convert()));
logger('rating created');
}
}
}
}
}
/**
* @brief Look up if channel is known and previously verified.
*
* A guid and a url, both signed by the sender, distinguish a known sender at a
* known location.
* This function looks these up to see if the channel is known and therefore
* previously verified. If not, we will need to verify it.
*
* @param array $arr an associative array which must contain:
* * \e string \b guid => guid of conversant
* * \e string \b guid_sig => guid signed with conversant's private key
* * \e string \b url => URL of the origination hub of this communication
* * \e string \b url_sig => URL signed with conversant's private key
*
* @returns array|null null if site is blacklisted or not found, otherwise an
* array with an hubloc record
*/
function zot_gethub($arr, $multiple = false)
{
if ($arr['guid'] && $arr['guid_sig'] && $arr['url'] && $arr['url_sig']) {
if (!check_siteallowed($arr['url'])) {
logger('blacklisted site: ' . $arr['url']);
return null;
}
$limit = $multiple ? '' : ' limit 1 ';
$sitekey = array_key_exists('sitekey', $arr) && $arr['sitekey'] ? " and hubloc_sitekey = '" . protect_sprintf($arr['sitekey']) . "' " : '';
$r = q("select * from hubloc\n\t\t\t\twhere hubloc_guid = '%s' and hubloc_guid_sig = '%s'\n\t\t\t\tand hubloc_url = '%s' and hubloc_url_sig = '%s'\n\t\t\t\t{$sitekey} {$limit}", dbesc($arr['guid']), dbesc($arr['guid_sig']), dbesc($arr['url']), dbesc($arr['url_sig']));
if ($r) {
logger('zot_gethub: found', LOGGER_DEBUG);
return $multiple ? $r : $r[0];
}
}
logger('zot_gethub: not found: ' . print_r($arr, true), LOGGER_DEBUG);
return null;
}
