function init()
{
if (argc() != 3 || !in_array(argv(1), ['post', 'status_message', 'reshare'])) {
http_status_exit(404, 'Not found');
}
$guid = argv(2);
// Fetch the item
$item = q("SELECT * from item where mid = '%s' and item_private = 0 and mid = parent_mid limit 1", dbesc($guid));
if (!$item) {
http_status_exit(404, 'Not found');
}
xchan_query($item);
$item = fetch_post_tags($item, true);
$channel = channelx_by_hash($item[0]['author_xchan']);
if (!$channel) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item[0]['author_xchan']));
if ($r) {
$url = $r[0]['xchan_url'];
if (strpos($url, z_root()) === false) {
$m = parse_url($url);
goaway($m['scheme'] . '://' . $m['host'] . ($m['port'] ? ':' . $m['port'] : '') . '/fetch/' . argv(1) . '/' . argv(2));
}
}
http_status_exit(404, 'Not found');
}
$status = diaspora_build_status($item[0], $channel);
header("Content-type: application/magic-envelope+xml; charset=utf-8");
echo diaspora_magic_env($channel, $status);
killme();
}
/**
* @brief Initialisation for the setup module.
*
* @param[in,out] App &$a
*/
function setup_init(&$a)
{
// Ensure that if somebody hasn't read the install documentation and doesn't have all
// the required modules or has a totally borked shared hosting provider and they can't
// figure out what the hell is going on - that we at least spit out an error message which
// we can inquire about when they write to tell us that our software doesn't work.
// The worst thing we can do at this point is throw a white screen of death and rely on
// them knowing about servers and php modules and logfiles enough so that we can guess
// at the source of the problem. As ugly as it may be, we need to throw a technically worded
// PHP error message in their face. Once installation is complete application errors will
// throw a white screen because these error messages divulge information which can
// potentially be useful to hackers.
error_reporting(E_ERROR | E_WARNING | E_PARSE);
ini_set('log_errors', '0');
ini_set('display_errors', '1');
// $baseurl/setup/testrwrite to test if rewite in .htaccess is working
if (argc() == 2 && argv(1) == "testrewrite") {
echo 'ok';
killme();
}
global $install_wizard_pass;
if (x($_POST, 'pass')) {
$install_wizard_pass = intval($_POST['pass']);
}
}
function init()
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$profile = '';
$channel = \App::get_channel();
if (local_channel() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
$profile = argv(1);
$r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel()));
if (!$r) {
$profile = '';
}
$profile = $r[0]['profile_guid'];
}
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
if (!$profile) {
$x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1)));
if ($x) {
\App::$profile = $x[0];
}
}
profile_load($a, $which, $profile);
}
function uexport_init(&$a)
{
if (!local_channel()) {
killme();
}
if (argc() > 1) {
$channel = App::get_channel();
require_once 'include/identity.php';
if (argc() > 1 && intval(argv(1)) > 1900) {
$year = intval(argv(1));
}
if (argc() > 2 && intval(argv(2)) > 0 && intval(argv(2)) <= 12) {
$month = intval(argv(2));
}
header('content-type: application/octet_stream');
header('content-disposition: attachment; filename="' . $channel['channel_address'] . ($year ? '-' . $year : '') . ($month ? '-' . $month : '') . '.json"');
if ($year) {
echo json_encode(identity_export_year(local_channel(), $year, $month));
killme();
}
if (argc() > 1 && argv(1) === 'basic') {
echo json_encode(identity_basic_export(local_channel()));
killme();
}
// FIXME - this basically doesn't work in the wild with a channel more than a few months old due to memory and execution time limits.
// It probably needs to be built at the CLI and offered to download as a tarball. Maybe stored in the members dav.
if (argc() > 1 && argv(1) === 'complete') {
echo json_encode(identity_basic_export(local_channel(), true));
killme();
}
}
}
function update_public_content(&$a)
{
$profile_uid = intval($_GET['p']) ? intval($_GET['p']) : -1;
$load = argc() > 1 && argv(1) == 'load' ? 1 : 0;
header("Content-type: text/html");
echo "<!DOCTYPE html><html><body>\r\n";
echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '<div>' : '<section>';
$text = public_content($a, $profile_uid, $load);
$pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
$replace = "<img\${1} dst=\"\${2}\"";
// $text = preg_replace($pattern, $replace, $text);
/*
if(! $load) {
$replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
$pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
$text = preg_replace($pattern, $replace, $text);
}
*/
echo str_replace("\t", ' ', $text);
echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '</div>' : '</section>';
echo "</body></html>\r\n";
killme();
}
function pdledit_content(&$a)
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() > 1) {
$module = 'mod_' . argv(1) . '.pdl';
} else {
$o .= '<h1>' . t('Edit System Page Description') . '</h1>';
$files = glob('mod/*');
if ($files) {
foreach ($files as $f) {
$name = basename($f, '.php');
$x = theme_include('mod_' . $name . '.pdl');
if ($x) {
$o .= '<a href="pdledit/' . $name . '" >' . $name . '</a><br />';
}
}
}
// list module pdl files
return $o;
}
$t = get_pconfig(local_channel(), 'system', $module);
if (!$t) {
$t = file_get_contents(theme_include($module));
}
if (!$t) {
notice(t('Layout not found.') . EOL);
return '';
}
$o = replace_macros(get_markup_template('pdledit.tpl'), array('$header' => t('Edit System Page Description'), '$mname' => t('Module Name:'), '$help' => t('Layout Help'), '$module' => argv(1), '$content' => htmlspecialchars($t, ENT_COMPAT, 'UTF-8'), '$submit' => t('Submit')));
return $o;
}
function init()
{
$result = null;
$cmd = argc() > 1 ? argv(1) : '';
// Provide a stored request for somebody desiring a connection
// when they first need to register someplace. Once they've
// created a channel, we'll try to revive the connection request
// and process it.
if ($_REQUEST['connect']) {
$_SESSION['connect'] = $_REQUEST['connect'];
}
switch ($cmd) {
case 'invite_check.json':
$result = check_account_invite($_REQUEST['invite_code']);
break;
case 'email_check.json':
$result = check_account_email($_REQUEST['email']);
break;
case 'password_check.json':
$result = check_account_password($_REQUEST['password']);
break;
default:
break;
}
if ($result) {
json_return_and_die($result);
}
}
function get()
{
$args = '';
$l = '';
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['chord']) && strlen($_POST['chord'])) {
$args .= escapeshellarg(ucfirst(trim($_POST['chord'])));
}
if (strlen($args) && isset($_POST['tuning']) && strlen($_POST['tuning'])) {
$args .= ' ' . escapeshellarg($_POST['tuning']);
}
if (strlen($args) && isset($_POST['lefty'])) {
$args .= ' lefty';
}
}
if (!$_POST['chord'] && argc() > 1) {
$_REQUEST['chord'] = argv(1);
$args = escapeshellarg(ucfirst(basename(argv(1))));
}
$tunings = ['' => 'Em11 [Standard] (EADGBE)', 'openg' => 'G/D [Drop D] (DGDGBD)', 'opene' => 'Open E (EBEG#BE)', 'dadgad' => 'Dsus4 (DADGAD'];
if (strlen($args)) {
$chords = '<pre>';
$chords .= shell_exec("addon/chords/chord " . $args);
$chords .= '</pre>';
}
$p1 = t('This is a fairly comprehensive and complete guitar chord dictionary which will list most of the available ways to play a certain chord, starting from the base of the fingerboard up to a few frets beyond the twelfth fret (beyond which everything repeats). A couple of non-standard tunings are provided for the benefit of slide players, etc.');
$p2 = t('Chord names start with a root note (A-G) and may include sharps (#) and flats (b). This software will parse most of the standard naming conventions such as maj, min, dim, sus(2 or 4), aug, with optional repeating elements.');
$p3 = t('Valid examples include A, A7, Am7, Amaj7, Amaj9, Ammaj7, Aadd4, Asus2Add4, E7b13b11 ...');
$o .= replace_macros(get_markup_template('chords.tpl', 'addon/chords'), ['$header' => t('Guitar Chords'), '$desc' => t('The complete online chord dictionary'), '$p1' => $p1, '$p2' => $p2, '$p3' => $p3, '$chords' => $chords, '$tuning' => ['tuning', t('Tuning'), $_POST['tuning'], '', $tunings], '$chord' => ['chord', t('Chord name: example: Em7'), $_REQUEST['chord'], ''], '$lefty' => ['lefty', t('Show for left handed stringing'), $_POST['lefty'], ''], '$submit' => t('Submit')]);
return $o;
}
function get()
{
$profile_uid = intval($_GET['p']);
if (!$profile_uid) {
$profile_uid = -1;
}
$load = argc() > 1 && argv(1) == 'load' ? 1 : 0;
header("Content-type: text/html");
echo "<!DOCTYPE html><html><body>\r\n";
echo $_GET['msie'] == 1 ? '<div>' : '<section>';
$mod = new Display();
$text = $mod->get($profile_uid, $load);
$pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
$replace = "<img\${1} dst=\"\${2}\"";
// $text = preg_replace($pattern, $replace, $text);
/*
if(! $load) {
$replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
$pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
$text = preg_replace($pattern, $replace, $text);
$pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
$text = preg_replace($pattern, $replace, $text);
}
*/
echo str_replace("\t", ' ', $text);
echo $_GET['msie'] == 1 ? '</div>' : '</section>';
echo "</body></html>\r\n";
// logger('update_display: ' . $text);
killme();
}
function init()
{
$starred = 0;
if (!local_channel()) {
killme();
}
if (argc() > 1) {
$message_id = intval(argv(1));
}
if (!$message_id) {
killme();
}
$r = q("SELECT item_flags FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_channel()), intval($message_id));
if (!count($r)) {
killme();
}
$item_starred = intval($r[0]['item_starred']) ? 0 : 1;
$r = q("UPDATE item SET item_starred = %d WHERE uid = %d and id = %d", intval($item_starred), intval(local_channel()), intval($message_id));
$r = q("select * from item where id = %d", intval($message_id));
if ($r) {
xchan_query($r);
$sync_item = fetch_post_tags($r);
build_sync_packet(local_channel(), ['item' => [encode_item($sync_item[0], true)]]);
}
header('Content-type: application/json');
echo json_encode(array('result' => $item_starred));
killme();
}
function regmod_content(&$a)
{
global $lang;
$_SESSION['return_url'] = $a->cmd;
if (!local_channel()) {
info(t('Please login.') . EOL);
$o .= '<br /><br />' . login($a->config['system']['register_policy'] == REGISTER_CLOSED ? 0 : 1);
return $o;
}
if (!is_site_admin()) {
notice(t('Permission denied.') . EOL);
return '';
}
if (argc() != 3) {
killme();
}
$cmd = argv(1);
$hash = argv(2);
if ($cmd === 'deny') {
if (!user_deny($hash)) {
killme();
}
}
if ($cmd === 'allow') {
if (!user_allow($hash)) {
killme();
}
}
}
function attach_init(&$a)
{
if (argc() < 2) {
notice(t('Item not available.') . EOL);
return;
}
$r = attach_by_hash(argv(1), argc() > 2 ? intval(argv(2)) : 0);
if (!$r['success']) {
notice($r['message'] . EOL);
return;
}
$c = q("select channel_address from channel where channel_id = %d limit 1", intval($r['data']['uid']));
if (!$c) {
return;
}
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r['data']['filetype'], $unsafe_types)) {
header('Content-type: text/plain');
} else {
header('Content-type: ' . $r['data']['filetype']);
}
header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
if ($r['data']['flags'] & ATTACH_FLAG_OS) {
$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $r['data']['data'], 'rb');
$ostream = fopen('php://output', 'wb');
if ($istream && $ostream) {
pipe_streams($istream, $ostream);
fclose($istream);
fclose($ostream);
}
} else {
echo $r['data']['data'];
}
killme();
}
function viewsrc_content(&$a)
{
$o = '';
$item_id = argc() > 1 ? intval(argv(1)) : 0;
$json = argc() > 2 && argv(2) === 'json' ? true : false;
if (!local_user()) {
notice(t('Permission denied.') . EOL);
}
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.') . EOL);
}
if (local_user() && $item_id) {
$r = q("select item_flags, body from item where item_restrict = 0 and uid = %d and id = %d limit 1", intval(local_user()), intval($item_id));
if ($r) {
if ($r[0]['item_flags'] & ITEM_OBSCURED) {
$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'], true), get_config('system', 'prvkey'));
}
$o = $json ? json_encode($r[0]['body']) : str_replace("\n", '<br />', $r[0]['body']);
}
}
if (is_ajax()) {
echo $o;
killme();
}
return $o;
}
function contactgroup_content(&$a)
{
if (!local_user()) {
killme();
}
if (argc() > 2 && intval(argv(1)) && argv(2)) {
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d ) limit 1", dbesc(argv(2)), intval(local_user()), intval(ABOOK_FLAG_SELF));
if ($r) {
$change = $r[0]['abook_xchan'];
}
}
if (argc() > 1 && intval(argv(1))) {
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_user()));
if (!$r) {
killme();
}
$group = $r[0];
$members = group_get_members($group['id']);
$preselected = array();
if (count($members)) {
foreach ($members as $member) {
$preselected[] = $member['xchan_hash'];
}
}
if ($change) {
if (in_array($change, $preselected)) {
group_rmv_member(local_user(), $group['name'], $change);
} else {
group_add_member(local_user(), $group['name'], $change);
}
}
}
killme();
}
function channel_init(&$a)
{
$which = null;
if (argc() > 1) {
$which = argv(1);
}
if (!$which) {
if (local_user()) {
$channel = $a->get_channel();
if ($channel && $channel['channel_address']) {
$which = $channel['channel_address'];
}
}
}
if (!$which) {
notice(t('You must be logged in to see this page.') . EOL);
return;
}
$profile = 0;
$channel = $a->get_channel();
if (local_user() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
$profile = argv(1);
}
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/feed/' . $which . '" />' . "\r\n";
// Run profile_load() here to make sure the theme is set before
// we start loading content
profile_load($a, $which, $profile);
}
function feed_init(&$a)
{
$params = array();
$params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE;
$params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : '';
$params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml';
$params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0;
$params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0;
$params['start'] = x($params, 'start') ? intval($params['start']) : 0;
$params['records'] = x($params, 'records') ? intval($params['records']) : 40;
$params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc';
$params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : '';
$channel = '';
if (argc() > 1) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1)));
if (!($r && count($r))) {
killme();
}
$channel = $r[0];
if (intval(get_config('system', 'block_public')) && !get_account_id()) {
killme();
}
logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
echo get_public_feed($channel, $params);
killme();
}
}
function get()
{
if (argc() == 2 && argv(1) == 'edit') {
$mode = 'edit';
} else {
$mode = 'list';
}
$_SESSION['return_url'] = \App::$cmd;
$apps = array();
if (local_channel()) {
import_system_apps();
$syslist = array();
$list = app_list(local_channel(), false, $_GET['cat']);
if ($list) {
foreach ($list as $x) {
$syslist[] = app_encode($x);
}
}
translate_system_apps($syslist);
} else {
$syslist = get_system_apps(true);
}
usort($syslist, 'app_name_compare');
// logger('apps: ' . print_r($syslist,true));
foreach ($syslist as $app) {
$apps[] = app_render($app, $mode);
}
return replace_macros(get_markup_template('myapps.tpl'), array('$sitename' => get_config('system', 'sitename'), '$cat' => array_key_exists('cat', $_GET) && $_GET['cat'] ? ' - ' . escape_tags($_GET['cat']) : '', '$title' => t('Apps'), '$apps' => $apps));
}
function apps_content(&$a)
{
if (argc() == 2 && argv(1) == 'edit') {
$mode = 'edit';
} else {
$mode = 'list';
}
$_SESSION['return_url'] = $a->cmd;
$apps = array();
$syslist = get_system_apps();
if (local_channel()) {
$list = app_list(local_channel());
if ($list) {
foreach ($list as $x) {
$syslist[] = app_encode($x);
}
}
}
usort($syslist, 'app_name_compare');
// logger('apps: ' . print_r($syslist,true));
foreach ($syslist as $app) {
$apps[] = app_render($app, $mode);
}
return replace_macros(get_markup_template('myapps.tpl'), array('$sitename' => get_config('system', 'sitename'), '$title' => t('Apps'), '$apps' => $apps));
}
function zotfeed_init(&$a)
{
$result = array('success' => false);
$mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : '';
if (!$mindate) {
$mindate = datetime_convert('UTC', 'UTC', 'now - 1 month');
}
if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) {
$result['message'] = 'Public access denied';
json_return_and_die($result);
}
$observer = $a->get_observer();
$channel_address = argc() > 1 ? argv(1) : '';
if ($channel_address) {
$r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", dbesc(argv(1)), intval(PAGE_REMOVED));
} else {
$x = get_sys_channel();
if ($x) {
$r = array($x);
}
}
if (!$r) {
$result['message'] = 'Channel not found.';
json_return_and_die($result);
}
logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG);
$result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], $mindate);
$result['success'] = true;
json_return_and_die($result);
}
function get()
{
if (!local_channel()) {
return login();
}
$content = '<h3>' . t('Configuration Editor') . '</h3>';
$content .= '<div class="descriptive-paragraph">' . t('Warning: Changing some settings could render your channel inoperable. Please leave this page unless you are comfortable with and knowledgeable about how to correctly use this feature.') . '</div>' . EOL . EOL;
if (argc() == 3) {
$content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL;
$content .= '<a href="pconfig/' . escape_tags(argv(1)) . '">pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . ']</a>' . EOL . EOL;
$content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . escape_tags(argv(2)) . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . escape_tags(argv(2)) . ']</a> = ' . get_pconfig(local_channel(), escape_tags(argv(1)), escape_tags(argv(2))) . EOL;
if (in_array(argv(2), $this->disallowed_pconfig())) {
notice(t('This setting requires special processing and editing has been blocked.') . EOL);
return $content;
} else {
$content .= $this->pconfig_form(escape_tags(argv(1)), escape_tags(argv(2)));
}
}
if (argc() == 2) {
$content .= '<a href="pconfig">pconfig[' . local_channel() . ']</a>' . EOL;
load_pconfig(local_channel(), escape_tags(argv(1)));
foreach (\App::$config[local_channel()][escape_tags(argv(1))] as $k => $x) {
$content .= '<a href="pconfig/' . escape_tags(argv(1)) . '/' . $k . '" >pconfig[' . local_channel() . '][' . escape_tags(argv(1)) . '][' . $k . ']</a> = ' . escape_tags($x) . EOL;
}
}
if (argc() == 1) {
$r = q("select * from pconfig where uid = " . local_channel());
if ($r) {
foreach ($r as $rr) {
$content .= '<a href="' . 'pconfig/' . escape_tags($rr['cat']) . '/' . escape_tags($rr['k']) . '" >pconfig[' . local_channel() . '][' . escape_tags($rr['cat']) . '][' . escape_tags($rr['k']) . ']</a> = ' . escape_tags($rr['v']) . EOL;
}
}
}
return $content;
}
function get()
{
if (!local_channel()) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
// remove tag on the fly if item and tag are provided
if (argc() == 4 && argv(1) === 'drop' && intval(argv(2))) {
$item = intval(argv(2));
$tag = argv(3);
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
$item = $r[0];
$new_tags = array();
if ($item['term']) {
for ($x = 0; $x < count($item['term']); $x++) {
if ($item['term'][$x]['term'] !== hex2bin($tag)) {
$new_tags[] = $item['term'][$x];
}
}
}
if ($new_tags) {
$item['term'] = $new_tags;
} else {
unset($item['term']);
}
item_store_update($item);
info(t('Tag removed') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
//if we got only the item print a list of tags to select
if (argc() == 3 && argv(1) === 'drop' && intval(argv(2))) {
$o = '';
$item = intval(argv(2));
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
if (!count($r[0]['term'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$o .= '<h3>' . t('Remove Item Tag') . '</h3>';
$o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>';
$o .= '<form id="tagrm" action="tagrm" method="post" >';
$o .= '<input type="hidden" name="item" value="' . $item . '" />';
$o .= '<ul>';
foreach ($r[0]['term'] as $x) {
$o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x['term']) . '" >' . bbcode($x['term']) . '</input></li>';
}
$o .= '</ul>';
$o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') . '" />';
$o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') . '" />';
$o .= '</form>';
return $o;
}
}
function viewsrc_content(&$a)
{
$o = '';
$sys = get_sys_channel();
$item_id = argc() > 1 ? intval(argv(1)) : 0;
$json = argc() > 2 && argv(2) === 'json' ? true : false;
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
}
if (!$item_id) {
App::$error = 404;
notice(t('Item not found.') . EOL);
}
$item_normal = item_normal();
if (local_channel() && $item_id) {
$r = q("select id, item_flags, item_obscured, body from item where uid in (%d , %d) and id = %d {$item_normal} limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id));
if ($r) {
if (intval($r[0]['item_obscured'])) {
$r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'], true), get_config('system', 'prvkey'));
}
$o = $json ? json_encode($r[0]['body']) : str_replace("\n", '<br />', $r[0]['body']);
}
}
if (is_ajax()) {
print '<div><i class="icon-pencil"> ' . t('Source of Item') . ' ' . $r[0]['id'] . '</i></div>';
echo $o;
killme();
}
return $o;
}
function init()
{
$result = array('success' => false);
$mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : '';
if (!$mindate) {
$mindate = datetime_convert('UTC', 'UTC', 'now - 14 days');
}
if (observer_prohibited()) {
$result['message'] = 'Public access denied';
json_return_and_die($result);
}
$observer = \App::get_observer();
$channel_address = argc() > 1 ? argv(1) : '';
if ($channel_address) {
$r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", dbesc(argv(1)));
} else {
$x = get_sys_channel();
if ($x) {
$r = array($x);
}
$mindate = datetime_convert('UTC', 'UTC', 'now - 14 days');
}
if (!$r) {
$result['message'] = 'Channel not found.';
json_return_and_die($result);
}
logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG);
$result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], array('mindate' => $mindate));
$result['success'] = true;
json_return_and_die($result);
}
function get()
{
if (!local_channel()) {
killme();
}
if (argc() > 2 && intval(argv(1)) && argv(2)) {
$r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_channel()));
if ($r) {
$change = $r[0]['abook_xchan'];
}
}
if (argc() > 1 && intval(argv(1))) {
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_channel()));
if (!$r) {
killme();
}
$group = $r[0];
$members = group_get_members($group['id']);
$preselected = array();
if (count($members)) {
foreach ($members as $member) {
$preselected[] = $member['xchan_hash'];
}
}
if ($change) {
if (in_array($change, $preselected)) {
group_rmv_member(local_channel(), $group['gname'], $change);
} else {
group_add_member(local_channel(), $group['gname'], $change);
}
}
}
killme();
}
function p_init(&$a)
{
if (argc() < 2) {
http_status_exit(401);
}
$mid = str_replace('.xml', '', argv(1));
$r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", dbesc($mid));
if (!$r || !perm_is_allowed($r[0]['uid'], '', 'view_stream')) {
http_status_exit(404);
}
$c = q("select * from channel where channel_id = %d limit 1", intval($r[0]['uid']));
if (!$c) {
http_status_exit(404);
}
$myaddr = $c[0]['channel_address'] . '@' . App::get_hostname();
$item = $r[0];
$title = $item['title'];
$body = bb2diaspora_itembody($item);
$created = datetime_convert('UTC', 'UTC', $item['created'], 'Y-m-d H:i:s \\U\\T\\C');
$tpl = get_markup_template('diaspora_post.tpl', 'addon/diaspora');
$msg = replace_macros($tpl, array('$body' => xmlify($body), '$guid' => $item['mid'], '$handle' => xmlify($myaddr), '$public' => 'true', '$created' => $created, '$provider' => $item['app'] ? $item['app'] : t('$projectname')));
header('Content-type: text/xml');
echo $msg;
killme();
}
function post()
{
$using_api = false;
if (\App::$data['api_info'] && array_key_exists('media', $_FILES)) {
$using_api = true;
$user_info = \App::$data['api_info'];
$nick = $user_info['screen_name'];
$channel = get_channel_by_nick($user_info['screen_name']);
} elseif (argc() > 1) {
$channel = get_channel_by_nick(argv(1));
}
if (!$channel) {
killme();
}
$observer = \App::get_observer();
$def_album = get_pconfig($channel['channel_id'], 'system', 'photo_path');
$def_attach = get_pconfig($channel['channel_id'], 'system', 'attach_path');
$r = attach_store($channel, $observer ? $observer['xchan_hash'] : '', '', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'allow_cid' => '<' . $channel['channel_hash'] . '>'));
if (!$r['success']) {
notice($r['message'] . EOL);
killme();
}
if (intval($r['data']['is_photo'])) {
$s = "\n\n" . $r['body'] . "\n\n";
} else {
$s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n";
}
if ($using_api) {
return $s;
}
echo $s;
killme();
}
function init()
{
$which = null;
if (argc() > 1) {
$which = argv(1);
}
if (!$which) {
if (local_channel()) {
$channel = \App::get_channel();
if ($channel && $channel['channel_address']) {
$which = $channel['channel_address'];
}
}
}
if (!$which) {
notice(t('You must be logged in to see this page.') . EOL);
return;
}
$profile = 0;
$channel = \App::get_channel();
if (local_channel() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
$profile = argv(1);
}
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Posts and comments') . '" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Only posts') . '" href="' . z_root() . '/feed/' . $which . '?top=1" />' . "\r\n";
// Not yet ready for prime time
// \App::$page['htmlhead'] .= '<link rel="openid.server" href="' . z_root() . '/id/' . $which .'?f=" />' . "\r\n" ;
// \App::$page['htmlhead'] .= '<link rel="openid.delegate" href="' . z_root() . '/channel/' . $which .'" />' . "\r\n" ;
// Run profile_load() here to make sure the theme is set before
// we start loading content
profile_load($a, $which, $profile);
}
/** @file */
function notes_init(&$a)
{
if (!local_channel()) {
return;
}
$ret = array('success' => true);
if (array_key_exists('note_text', $_REQUEST)) {
$body = escape_tags($_REQUEST['note_text']);
// I've had my notes vanish into thin air twice in four years.
// Provide a backup copy if there were contents previously
// and there are none being saved now.
if (!$body) {
$old_text = get_pconfig(local_channel(), 'notes', 'text');
if ($old_text) {
set_pconfig(local_channel(), 'notes', 'text.bak', $old_text);
}
}
set_pconfig(local_channel(), 'notes', 'text', $body);
}
// push updates to channel clones
if (argc() > 1 && argv(1) === 'sync') {
require_once 'include/zot.php';
build_sync_packet();
}
logger('notes saved.', LOGGER_DEBUG);
json_return_and_die($ret);
}
function get()
{
if (argc() > 2 && argv(2) === 'add') {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional'))));
return $o;
}
if (argc() > 3 && argv(2) === 'edit') {
$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
if (!count($r)) {
notice(t('Application not found.'));
return;
}
$app = $r[0];
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], '')));
return $o;
}
if (argc() > 3 && argv(2) === 'delete') {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel());
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r));
return $o;
}
/**
* @return string
*/
function get()
{
logger('admin_content', LOGGER_DEBUG);
if (!is_site_admin()) {
return login(false);
}
/*
* Page content
*/
$o = '';
if (argc() > 1) {
$o = $this->sm->call('get');
if ($o === false) {
notice(t('Item not found.'));
}
} else {
$o = $this->admin_page_summary();
}
if (is_ajax()) {
echo $o;
killme();
return '';
} else {
return $o;
}
}
