/**
* @brief Logs admin page.
*
* @return string
*/
function get()
{
$log_choices = array(LOGGER_NORMAL => 'Normal', LOGGER_TRACE => 'Trace', LOGGER_DEBUG => 'Debug', LOGGER_DATA => 'Data', LOGGER_ALL => 'All');
$t = get_markup_template('admin_logs.tpl');
$f = get_config('system', 'logfile');
$data = '';
if (!file_exists($f)) {
$data = t("Error trying to open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} exist and is \n\treadable.");
} else {
$fp = fopen($f, 'r');
if (!$fp) {
$data = t("Couldn't open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} is readable.");
} else {
$fstat = fstat($fp);
$size = $fstat['size'];
if ($size != 0) {
if ($size > 5000000 || $size < 0) {
$size = 5000000;
}
$seek = fseek($fp, 0 - $size, SEEK_END);
if ($seek === 0) {
$data = escape_tags(fread($fp, $size));
while (!feof($fp)) {
$data .= escape_tags(fread($fp, 4096));
}
}
}
fclose($fp);
}
}
return replace_macros($t, array('$title' => t('Administration'), '$page' => t('Logs'), '$submit' => t('Submit'), '$clear' => t('Clear'), '$data' => $data, '$baseurl' => z_root(), '$logname' => get_config('system', 'logfile'), '$debugging' => array('debugging', t("Debugging"), get_config('system', 'debugging'), ""), '$logfile' => array('logfile', t("Log file"), get_config('system', 'logfile'), t("Must be writable by web server. Relative to your top-level webserver directory.")), '$loglevel' => array('loglevel', t("Log level"), get_config('system', 'loglevel'), "", $log_choices), '$form_security_token' => get_form_security_token('admin_logs')));
}
function init()
{
if (!local_channel()) {
killme();
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t\t{$people_sql_extra}\n\t\t\tORDER BY `xchan_name` ASC ", intval(local_channel()));
$results = array();
if ($r) {
foreach ($r as $g) {
$results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => '');
}
}
$r = q("select distinct term, tid, url from term where ttype in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
if (count($r)) {
foreach ($r as $g) {
$results[] = array("photo" => z_root() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => '');
}
}
header("content-type: application/json");
$o = array('start' => $start, 'count' => $count, 'items' => $results);
echo json_encode($o);
logger('search_ac: ' . print_r($x, true));
killme();
}
function post()
{
check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
$allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : '';
$not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : '';
set_config('system', 'allowed_email', $allowed_email);
set_config('system', 'not_allowed_email', $not_allowed_email);
$block_public = x($_POST, 'block_public') ? True : False;
set_config('system', 'block_public', $block_public);
$ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites']));
set_config('system', 'whitelisted_sites', $ws);
$bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites']));
set_config('system', 'blacklisted_sites', $bs);
$wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels']));
set_config('system', 'whitelisted_channels', $wc);
$bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels']));
set_config('system', 'blacklisted_channels', $bc);
$embed_sslonly = x($_POST, 'embed_sslonly') ? True : False;
set_config('system', 'embed_sslonly', $embed_sslonly);
$we = $this->trim_array_elems(explode("\n", $_POST['embed_allow']));
set_config('system', 'embed_allow', $we);
$be = $this->trim_array_elems(explode("\n", $_POST['embed_deny']));
set_config('system', 'embed_deny', $be);
$ts = x($_POST, 'transport_security') ? True : False;
set_config('system', 'transport_security_header', $ts);
$cs = x($_POST, 'content_security') ? True : False;
set_config('system', 'content_security_policy', $cs);
goaway(z_root() . '/admin/security');
}
function init()
{
$uri = urldecode(notags(trim($_GET['uri'])));
logger('xrd: ' . $uri, LOGGER_DEBUG);
$resource = $uri;
if (substr($uri, 0, 4) === 'http') {
$uri = str_replace('~', '', $uri);
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: application/xrd+xml");
$aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
for ($x = 0; $x < count($aliases); $x++) {
if ($aliases[$x] === $resource) {
unset($aliases[$x]);
}
}
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function get()
{
if (!local_channel()) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
// remove tag on the fly if item and tag are provided
if (argc() == 4 && argv(1) === 'drop' && intval(argv(2))) {
$item = intval(argv(2));
$tag = argv(3);
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
$item = $r[0];
$new_tags = array();
if ($item['term']) {
for ($x = 0; $x < count($item['term']); $x++) {
if ($item['term'][$x]['term'] !== hex2bin($tag)) {
$new_tags[] = $item['term'][$x];
}
}
}
if ($new_tags) {
$item['term'] = $new_tags;
} else {
unset($item['term']);
}
item_store_update($item);
info(t('Tag removed') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
//if we got only the item print a list of tags to select
if (argc() == 3 && argv(1) === 'drop' && intval(argv(2))) {
$o = '';
$item = intval(argv(2));
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
if (!count($r[0]['term'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$o .= '<h3>' . t('Remove Item Tag') . '</h3>';
$o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>';
$o .= '<form id="tagrm" action="tagrm" method="post" >';
$o .= '<input type="hidden" name="item" value="' . $item . '" />';
$o .= '<ul>';
foreach ($r[0]['term'] as $x) {
$o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x['term']) . '" >' . bbcode($x['term']) . '</input></li>';
}
$o .= '</ul>';
$o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') . '" />';
$o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') . '" />';
$o .= '</form>';
return $o;
}
}
public static function get_site_icon()
{
if (is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url']) {
return \App::$config['system']['site_icon_url'];
}
return z_root() . '/images/hz-32.png';
}
function checksites_run($argv, $argc)
{
cli_startup();
$a = get_app();
logger('checksites: start');
if ($argc > 1 && $argv[1]) {
$site_id = $argv[1];
}
if ($site_id) {
$sql_options = " and site_url = '" . dbesc($argv[1]) . "' ";
}
$days = intval(get_config('system', 'sitecheckdays'));
if ($days < 1) {
$days = 30;
}
$r = q("select * from site where site_dead = 0 and site_update < %s - INTERVAL %s and site_type = %d {$sql_options} ", db_utcnow(), db_quoteinterval($days . ' DAY'), intval(SITE_TYPE_ZOT));
if (!$r) {
return;
}
foreach ($r as $rr) {
if (!strcasecmp($rr['site_url'], z_root())) {
continue;
}
$x = ping_site($rr['site_url']);
if ($x['success']) {
logger('checksites: ' . $rr['site_url']);
q("update site set site_update = '%s' where site_url = '%s' ", dbesc(datetime_convert()), dbesc($rr['site_url']));
} else {
logger('marking dead site: ' . $x['message']);
q("update site set site_dead = 1 where site_url = '%s' ", dbesc($rr['site_url']));
}
}
return;
}
function get()
{
if (local_channel()) {
goaway(z_root());
}
return login(\App::$config['system']['register_policy'] == REGISTER_CLOSED ? false : true);
}
function redir_init(&$a)
{
if (!local_user() || !($a->argc == 2) || !intval($a->argv[1])) {
goaway(z_root());
}
$cid = $a->argv[1];
$url = x($_GET, 'url') ? $_GET['url'] : '';
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user()));
if (!count($r) || $r[0]['network'] !== 'dfrn') {
goaway(z_root());
}
$dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id'];
if ($r[0]['duplex'] && $r[0]['issued-id']) {
$orig_id = $r[0]['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
$sec = random_string();
q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(local_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45));
logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
$dest = $url ? '&destination_url=' . $url : '';
goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
}
function __construct($req)
{
$this->ret = array('success' => false);
$this->success = false;
$this->test = array_key_exists('test', $req) ? intval($req['test']) : 0;
$this->address = $req['auth'];
$this->desturl = $req['dest'];
$this->sec = $req['sec'];
$this->version = $req['version'];
$this->delegate = $req['delegate'];
$c = get_sys_channel();
if (!$c) {
logger('unable to obtain response (sys) channel');
reply_die('no local channels found.');
}
$x = $this->GetHublocs($this->address);
if ($x) {
foreach ($x as $xx) {
if ($this->Verify($c, $xx)) {
break;
}
}
}
/**
* @FIXME we really want to save the return_url in the session before we
* visit rmagic. This does however prevent a recursion if you visit
* rmagic directly, as it would otherwise send you back here again.
* But z_root() probably isn't where you really want to go.
*/
if (strstr($this->desturl, z_root() . '/rmagic')) {
goaway(z_root());
}
$this->reply_die();
}
function post()
{
$address = trim($_REQUEST['address']);
if (strpos($address, '@') === false) {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
// if they're still here...
notice(t('Authentication failed.') . EOL);
return;
} else {
// Presumed Red identity. Perform reverse magic auth
if (strpos($address, '@') === false) {
notice('Invalid address.');
return;
}
$r = null;
if ($address) {
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($address));
}
if ($r) {
$url = $r[0]['hubloc_url'];
} else {
$url = 'https://' . substr($address, strpos($address, '@') + 1);
}
if ($url) {
if ($_SESSION['return_url']) {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', $_SESSION['return_url']));
} else {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', \App::$query_string));
}
goaway($url . '/magic' . '?f=&dest=' . $dest);
}
}
}
function get()
{
if (!get_config('system', 'hidden_version_siteinfo')) {
$version = sprintf(t('Version %s'), \Zotlabs\Lib\System::get_project_version());
if (@is_dir('.git') && function_exists('shell_exec')) {
$commit = @shell_exec('git log -1 --format="%h"');
$tag = \Zotlabs\Lib\System::get_std_version();
// @shell_exec('git describe --tags --abbrev=0');
}
if (!isset($commit) || strlen($commit) > 16) {
$commit = '';
}
} else {
$version = $commit = '';
}
$plugins_list = implode(', ', visible_plugin_list());
if ($plugins_list) {
$plugins_text = t('Installed plugins/addons/apps:');
} else {
$plugins_text = t('No installed plugins/addons/apps');
}
$txt = get_config('system', 'admininfo');
$admininfo = bbcode($txt);
if (file_exists('doc/site_donate.html')) {
$donate .= file_get_contents('doc/site_donate.html');
}
if (function_exists('sys_getloadavg')) {
$loadavg = sys_getloadavg();
}
$o = replace_macros(get_markup_template('siteinfo.tpl'), array('$title' => t('$Projectname'), '$description' => t('This is a hub of $Projectname - a global cooperative network of decentralized privacy enhanced websites.'), '$version' => $version, '$tag_txt' => t('Tag: '), '$tag' => $tag, '$polled' => t('Last background fetch: '), '$lastpoll' => get_poller_runtime(), '$load_average' => t('Current load average: '), '$loadavg_all' => $loadavg[0] . ', ' . $loadavg[1] . ', ' . $loadavg[2], '$commit' => $commit, '$web_location' => t('Running at web location') . ' ' . z_root(), '$visit' => t('Please visit <a href="http://hubzilla.org">hubzilla.org</a> to learn more about $Projectname.'), '$bug_text' => t('Bug reports and issues: please visit'), '$bug_link_url' => 'https://github.com/redmatrix/hubzilla/issues', '$bug_link_text' => t('$projectname issues'), '$contact' => t('Suggestions, praise, etc. - please email "redmatrix" at librelist - dot com'), '$donate' => $donate, '$adminlabel' => t('Site Administrators'), '$admininfo' => $admininfo, '$plugins_text' => $plugins_text, '$plugins_list' => $plugins_list));
call_hooks('about_hook', $o);
return $o;
}
function post()
{
if (!local_channel()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'requires' => escape_tags($_REQUEST['requires']), 'system' => intval($_REQUEST['system']), 'sig' => escape_tags($_REQUEST['sig']), 'categories' => escape_tags($_REQUEST['categories']));
$_REQUEST['appid'] = Zlib\Apps::app_install(local_channel(), $arr);
if (Zlib\Apps::app_installed(local_channel(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = Zlib\Apps::app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
Zlib\Apps::app_install(local_channel(), $papp);
if (Zlib\Apps::app_installed(local_channel(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
Zlib\Apps::app_destroy(local_channel(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps');
}
function __construct($test = 0)
{
if (intval($_REQUEST['jsdisabled'])) {
$this->jsdisabled = 1;
} else {
$this->jsdisabled = 0;
}
if (intval($_COOKIE['jsdisabled'])) {
$this->jsdisabled = 1;
} else {
$this->jsdisabled = 0;
}
if (!$this->jsdisabled) {
$page = urlencode(\App::$query_string);
if ($test) {
if (!array_key_exists('jsdisabled', $_COOKIE)) {
\App::$page['htmlhead'] .= "\r\n" . '<script>document.cookie="jsdisabled=0; path=/"; var jsMatch = /\\&jsdisabled=0/; if (!jsMatch.exec(location.href)) { location.href = "' . z_root() . '/nojs/0?f=&redir=' . $page . '" ; }</script>' . "\r\n";
/* emulate JS cookie if cookies are not accepted */
if (array_key_exists('jsdisabled', $_GET)) {
$_COOKIE['jsdisabled'] = $_GET['jsdisabled'];
}
}
} else {
\App::$page['htmlhead'] .= "\r\n" . '<noscript><meta http-equiv="refresh" content="0; url=' . z_root() . '/nojs?f=&redir=' . $page . '"></noscript>' . "\r\n";
}
}
}
function init()
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$profile = '';
$channel = \App::get_channel();
if (local_channel() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
$profile = argv(1);
$r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel()));
if (!$r) {
$profile = '';
}
$profile = $r[0]['profile_guid'];
}
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
if (!$profile) {
$x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1)));
if ($x) {
\App::$profile = $x[0];
}
}
profile_load($which, $profile);
}
function friendica_content(&$a)
{
$o = '';
$o .= '<h3>Friendica</h3>';
$o .= '<p></p><p>';
$o .= t('This is Friendica, version') . ' ' . FRIENDICA_VERSION . ' ';
$o .= t('running at web location') . ' ' . z_root() . '</p><p>';
$o .= t('Please visit <a href="http://friendica.com">Friendica.com</a> to learn more about the Friendica project.') . '</p><p>';
$o .= t('Bug reports and issues: please visit') . ' ' . '<a href="http://bugs.friendica.com">Bugs.Friendica.com</a></p><p>';
$o .= t('Suggestions, praise, donations, etc. - please email "Info" at Friendica - dot com') . '</p>';
$o .= '<p></p>';
if (count($a->plugins)) {
$o .= '<p>' . t('Installed plugins/addons/apps') . '</p>';
$o .= '<ul>';
foreach ($a->plugins as $p) {
if (strlen($p)) {
$o .= '<li>' . $p . '</li>';
}
}
$o .= '</ul>';
} else {
$o .= '<p>' . t('No installed plugins/addons/apps');
}
call_hooks('about_hook', $o);
return $o;
}
function irc_content(&$a)
{
$baseurl = z_root() . '/addon/irc';
$o = '';
/* set the list of popular channels */
$sitechats = get_config('irc', 'sitechats');
if ($sitechats) {
$chats = explode(',', $sitechats);
} else {
$chats = array('hubzilla', 'friendica', 'chat', 'chatback', 'hottub', 'ircbar', 'dateroom', 'debian');
}
App::$page['aside'] .= '<div class="widget"><h3>' . t('Popular Channels') . '</h3><ul>';
foreach ($chats as $chat) {
App::$page['aside'] .= '<li><a href="' . z_root() . '/irc?channels=' . $chat . '" >' . '#' . $chat . '</a></li>';
}
App::$page['aside'] .= '</ul></div>';
/* setting the channel(s) to auto connect */
$autochans = get_config('irc', 'autochans');
if ($autochans) {
$channels = $autochans;
} else {
$channels = x($_GET, 'channels') ? $_GET['channels'] : 'hubzilla';
}
/* add the chatroom frame and some html */
$o .= <<<EOT
<h2>IRC chat</h2>
<p><a href="http://tldp.org/HOWTO/IRC/beginners.html" target="_blank">A beginner's guide to using IRC. [en]</a></p>
<iframe src="//webchat.freenode.net?channels={$channels}" width="100%" height="600"></iframe>
EOT;
return $o;
}
function get()
{
if (!local_channel()) {
return;
}
$postid = $_REQUEST['postid'];
if (!$postid) {
return;
}
$emoji = $_REQUEST['emoji'];
if ($_REQUEST['emoji']) {
$i = q("select * from item where id = %d and uid = %d", intval($postid), intval(local_channel()));
if (!$i) {
return;
}
$channel = \App::get_channel();
$n = array();
$n['aid'] = $channel['channel_account_id'];
$n['uid'] = $channel['channel_id'];
$n['item_origin'] = true;
$n['parent'] = $postid;
$n['parent_mid'] = $i[0]['mid'];
$n['mid'] = item_message_id();
$n['verb'] = ACTIVITY_REACT . '#' . $emoji;
$n['body'] = "\n\n[zmg=32x32]" . z_root() . '/images/emoji/' . $emoji . '.png[/zmg]' . "\n\n";
$n['author_xchan'] = $channel['channel_hash'];
$x = item_store($n);
if ($x['success']) {
$nid = $x['item_id'];
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'like', $nid));
}
}
}
function notifications_post(&$a)
{
if (!local_user()) {
goaway(z_root());
}
$request_id = $a->argc > 1 ? $a->argv[1] : 0;
if ($request_id === "all") {
return;
}
if ($request_id) {
$r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($request_id), intval(local_user()));
if (count($r)) {
$intro_id = $r[0]['id'];
$contact_id = $r[0]['contact-id'];
} else {
notice(t('Invalid request identifier.') . EOL);
return;
}
// If it is a friend suggestion, the contact is not a new friend but an existing friend
// that should not be deleted.
$fid = $r[0]['fid'];
if ($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id));
if (!$fid) {
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", intval($contact_id), intval(local_user()));
}
return;
}
if ($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", intval($intro_id));
return;
}
}
}
function post()
{
// logger('file upload: ' . print_r($_REQUEST,true));
$channel = $_REQUEST['channick'] ? get_channel_by_nick($_REQUEST['channick']) : null;
if (!$channel) {
logger('channel not found');
killme();
}
$_REQUEST['source'] = 'file_upload';
if ($channel['channel_id'] != local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
if ($_REQUEST['filename']) {
$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
} else {
$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
}
goaway(z_root() . '/' . $_REQUEST['return_url']);
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash));
if (!count($r)) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset')));
return $o;
}
}
function wfinger_init(&$a)
{
$result = array();
$scheme = '';
if (x($_SERVER, 'HTTPS') && $_SERVER['HTTPS']) {
$scheme = 'https';
} elseif (x($_SERVER, 'SERVER_PORT') && intval($_SERVER['SERVER_PORT']) == 443) {
$scheme = 'https';
}
// Don't complain to me - I'm just implementing the spec.
if ($scheme !== 'https') {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS');
killme();
}
$resource = $_REQUEST['resource'];
$r = null;
if ($resource) {
if (strpos($resource, 'acct:') === 0) {
$channel = str_replace('acct:', '', $resource);
if (strpos($channel, '@') !== false) {
$host = substr($channel, strpos($channel, '@') + 1);
if (strcasecmp($host, get_app()->get_hostname())) {
goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource);
}
$channel = substr($channel, 0, strpos($channel, '@'));
}
}
if (strpos($resource, 'http') === 0) {
$channel = str_replace('~', '', basename($resource));
}
$r = q("select * from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_address = '%s' limit 1", dbesc($channel));
}
header('Access-Control-Allow-Origin: *');
header('Content-type: application/jrd+json');
if ($resource && $r) {
$h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", dbesc($r[0]['channel_hash']));
$result['subject'] = $resource;
$aliases = array(z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
if ($h) {
foreach ($h as $hh) {
$aliases[] = 'acct:' . $hh['hubloc_addr'];
}
}
$result['aliases'] = array();
$result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']);
foreach ($aliases as $alias) {
if ($alias != $resource) {
$result['aliases'][] = $alias;
}
}
$result['links'] = array(array('rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l']), array('rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address']), array('rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address']), array('rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr']));
} else {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request');
killme();
}
$arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result);
call_hooks('webfinger', $arr);
echo json_encode($arr['result']);
killme();
}
function likebanner_content(&$a)
{
if (local_channel()) {
$channel = $a->get_channel();
} else {
$channel = null;
}
$o = '<h1>Like Banner</h1>';
$def = $_REQUEST['addr'];
if ($channel && !$def) {
$def = $channel['xchan_addr'];
}
$o .= '<form action="likebanner" method="get" >';
$o .= t('Your Webbie:');
$o .= '<br /><br />';
$o .= '<input type="text" name="addr" size="32" value="' . $def . '" />';
$o .= '<br /><br />' . t('Fontsize (px):');
$o .= '<br /><br />';
$o .= '<input type="text" name="size" size="32" value="' . ($_REQUEST['size'] ? $_REQUEST['size'] : 28) . '" /><br /><br />';
$o .= '<input type="submit" name="submit" value="' . t('Submit') . '" /></form><br /><br/>';
if ($_REQUEST['addr']) {
$o .= '<img style="border: 1px solid #000;" src="likebanner/show/?f=&addr=' . urlencode($_REQUEST['addr']) . '&size=' . $_REQUEST['size'] . '" alt="banner" />';
if ($channel) {
$p = q("select profile_guid from profile where uid = %d and is_default = 1 limit 1", intval($channel['channel_id']));
if ($p) {
$link = z_root() . '/like/profile/' . $p[0]['profile_guid'] . '?f=&verb=like&interactive=1';
$o .= EOL . EOL . t('Link:') . EOL . '<input type="text" size="64" onclick="this.select();" value="' . $link . '" />';
$html = '<a href="' . $link . '" ><img src="' . z_root() . '/likebanner?f=&addr=' . $def . '&size=' . $_REQUEST['size'] . '" alt="' . t('Like us on RedMatrix') . '" /></a>';
$o .= EOL . EOL . t('Embed:') . EOL . '<input type="text" size="64" onclick="this.select();" value="' . htmlspecialchars($html, ENT_QUOTES, 'UTF-8') . '" />';
}
}
}
return $o;
}
public static function run($argc, $argv)
{
/**
* Cron Weekly
*
* Actions in the following block are executed once per day only on Sunday (once per week).
*
*/
call_hooks('cron_weekly', datetime_convert());
z_check_cert();
require_once 'include/hubloc.php';
prune_hub_reinstalls();
mark_orphan_hubsxchans();
// get rid of really old poco records
q("delete from xlink where xlink_updated < %s - INTERVAL %s and xlink_static = 0 ", db_utcnow(), db_quoteinterval('14 DAY'));
$dirmode = intval(get_config('system', 'directory_mode'));
if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true));
}
// Check for dead sites
Master::Summon(array('Checksites'));
// update searchable doc indexes
Master::Summon(array('Importdoc'));
/**
* End Cron Weekly
*/
}
function appman_post(&$a)
{
if (!local_user()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'sig' => escape_tags($_REQUEST['sig']));
$_REQUEST['appid'] = app_install(local_user(), $arr);
if (app_installed(local_user(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
app_install(local_user(), $papp);
if (app_installed(local_user(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
app_destroy(local_user(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps/personal');
}
function login_content(&$a)
{
if (local_channel()) {
goaway(z_root());
}
return login($a->config['system']['register_policy'] == REGISTER_CLOSED ? false : true);
}
function pubsites_content(&$a)
{
require_once 'include/dir_fns.php';
$dirmode = intval(get_config('system', 'directory_mode'));
if ($dirmode == DIRECTORY_MODE_PRIMARY || $dirmode == DIRECTORY_MODE_STANDALONE) {
$url = z_root() . '/dirsearch';
}
if (!$url) {
$directory = find_upstream_directory($dirmode);
$url = $directory['url'] . '/dirsearch';
}
$url .= '/sites';
$o .= '<h1>' . t('Public Sites') . '</h1>';
$o .= '<div class="descriptive-text">' . t('The listed sites allow public registration into the Red Matrix. All sites in the matrix are interlinked so membership on any of them conveys membership in the matrix as a whole. Some sites may require subscription or provide tiered service plans. The provider links <strong>may</strong> provide additional details.') . '</div>' . EOL;
$ret = z_fetch_url($url);
if ($ret['success']) {
$j = json_decode($ret['body'], true);
if ($j) {
$rate_meta = local_channel() ? '<td>' . t('Rate this hub') . '</td>' : '';
$o .= '<table border="1"><tr><td>' . t('Site URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Location') . '</td><td>' . t('View hub ratings') . '</td>' . $rate_meta . '</tr>';
if ($j['sites']) {
foreach ($j['sites'] as $jj) {
$host = strtolower(substr($jj['url'], strpos($jj['url'], '://') + 3));
$rate_links = local_channel() ? '<td><a href="rate?f=&target=' . $host . '" class="btn-btn-default"><i class="icon-check"></i> ' . t('Rate') . '</a></td>' : '';
$o .= '<tr><td>' . '<a href="' . ($jj['sellpage'] ? $jj['sellpage'] : $jj['url'] . '/register') . '" >' . $jj['url'] . '</a>' . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . $jj['location'] . '</td><td><a href="ratings/' . $host . '" class="btn-btn-default"><i class="icon-eye-open"></i> ' . t('View ratings') . '</a></td>' . $rate_links . '</tr>';
}
}
$o .= '</table>';
}
}
return $o;
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
if (!$r) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$aid = $r[0]['account_id'];
$email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8');
$res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
return $o;
}
}
function get()
{
if (argc() > 2 && argv(2) === 'add') {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional'))));
return $o;
}
if (argc() > 3 && argv(2) === 'edit') {
$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
if (!count($r)) {
notice(t('Application not found.'));
return;
}
$app = $r[0];
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], '')));
return $o;
}
if (argc() > 3 && argv(2) === 'delete') {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel());
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r));
return $o;
}
function init()
{
if (argc() != 3 || !in_array(argv(1), ['post', 'status_message', 'reshare'])) {
http_status_exit(404, 'Not found');
}
$guid = argv(2);
// Fetch the item
$item = q("SELECT * from item where mid = '%s' and item_private = 0 and mid = parent_mid limit 1", dbesc($guid));
if (!$item) {
http_status_exit(404, 'Not found');
}
xchan_query($item);
$item = fetch_post_tags($item, true);
$channel = channelx_by_hash($item[0]['author_xchan']);
if (!$channel) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item[0]['author_xchan']));
if ($r) {
$url = $r[0]['xchan_url'];
if (strpos($url, z_root()) === false) {
$m = parse_url($url);
goaway($m['scheme'] . '://' . $m['host'] . ($m['port'] ? ':' . $m['port'] : '') . '/fetch/' . argv(1) . '/' . argv(2));
}
}
http_status_exit(404, 'Not found');
}
$status = diaspora_build_status($item[0], $channel);
header("Content-type: application/magic-envelope+xml; charset=utf-8");
echo diaspora_magic_env($channel, $status);
killme();
}