function group_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if ($a->argc == 2 && $a->argv[1] == 'new') { $name = notags(trim($_POST['groupname'])); $r = group_add($name); if ($r) { notice(t('Group created.') . EOL); $r = group_byname($name); if ($r) { goaway($a->get_baseurl() . '/group/' . $r); } } else { notice(t('Could not create group.') . EOL); } goaway($a->get_baseurl() . '/group'); return; // NOTREACHED } if ($a->argc == 2 && intval($a->argv[1])) { $r = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1", intval($a->argv[1])); if (!count($r)) { notice(t('Group not found.') . EOL); goaway($a->get_baseurl() . '/contacts'); } $group = $r[0]; $groupname = notags(trim($_POST['groupname'])); if (strlen($groupname) && $groupname != $group['name']) { $r = q("UPDATE `group` SET `name` = '%s' WHERE `id` = %d LIMIT 1", dbesc($groupname), intval($group['id'])); if ($r) { notice(t('Group name changed.') . EOL); } } $members = $_POST['group_members_select']; array_walk($members, 'validate_members'); $r = q("DELETE FROM `group_member` WHERE `gid` = %d ", intval($a->argv[1])); $result = true; if (count($members)) { foreach ($members as $member) { $r = q("INSERT INTO `group_member` ( `gid`, `contact-id`)\n\t\t\t\t\tVALUES ( %d, %d )", intval($group['id']), intval($member)); if (!$r) { $result = false; } } } if ($result) { notice(t('Membership list updated.') . EOL); } $a->page['aside'] = group_side(); } }
function group_add_member($name, $member) { $gid = group_byname($name); if (!$gid || !$member) { return false; } $r = q("SELECT * FROM `group_member` WHERE `id` = %d AND `contact-id` = %d LIMIT 1", intval($gid), intval($member)); if (count($r)) { return true; } // You might question this, but // we indicate success because the group was in fact created // -- It was just created at another time if (!count($r)) { $r = q("INSERT INTO `group_member` (`gid`, `contact-id`)\n\t\t\tVALUES( %d, %d ) ", intval($gid), intval($member)); } return $r; }
function group_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } if ($a->argc == 2 && $a->argv[1] === 'new') { check_form_security_token_redirectOnErr('/group/new', 'group_edit'); $name = notags(trim($_POST['groupname'])); $r = group_add(local_user(), $name); if ($r) { info(t('Group created.') . EOL); $r = group_byname(local_user(), $name); if ($r) { goaway($a->get_baseurl() . '/group/' . $r); } } else { notice(t('Could not create group.') . EOL); } goaway($a->get_baseurl() . '/group'); return; // NOTREACHED } if ($a->argc == 2 && intval($a->argv[1])) { check_form_security_token_redirectOnErr('/group', 'group_edit'); $r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user())); if (!count($r)) { notice(t('Group not found.') . EOL); goaway($a->get_baseurl() . '/contacts'); return; // NOTREACHED } $group = $r[0]; $groupname = notags(trim($_POST['groupname'])); if (strlen($groupname) && $groupname != $group['name']) { $r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), intval(local_user()), intval($group['id'])); if ($r) { info(t('Group name changed.') . EOL); } } $a->page['aside'] = group_side(); } return; }
function post() { if (!local_channel()) { notice(t('Permission denied.') . EOL); return; } if (argc() == 2 && argv(1) === 'new') { check_form_security_token_redirectOnErr('/group/new', 'group_edit'); $name = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); $r = group_add(local_channel(), $name, $public); if ($r) { info(t('Privacy group created.') . EOL); $r = group_byname(local_channel(), $name); if ($r) { goaway(z_root() . '/group/' . $r); } } else { notice(t('Could not create privacy group.') . EOL); } goaway(z_root() . '/group'); } if (argc() == 2 && intval(argv(1))) { check_form_security_token_redirectOnErr('/group', 'group_edit'); $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(argv(1)), intval(local_channel())); if (!$r) { notice(t('Privacy group not found.') . EOL); goaway(z_root() . '/connections'); } $group = $r[0]; $groupname = notags(trim($_POST['groupname'])); $public = intval($_POST['public']); if (strlen($groupname) && ($groupname != $group['gname'] || $public != $group['visible'])) { $r = q("UPDATE `groups` SET `gname` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d", dbesc($groupname), intval($public), intval(local_channel()), intval($group['id'])); if ($r) { info(t('Privacy group updated.') . EOL); } } goaway(z_root() . '/group/' . argv(1) . '/' . argv(2)); } return; }
/** * @brief This function removes the tag $tag from the text $body and replaces it * with the appropiate link. * * @param App $a * @param[in,out] string &$body the text to replace the tag in * @param[in,out] string &$access_tag used to return tag ACL exclusions e.g. @!foo * @param[in,out] string &$str_tags string to add the tag to * @param int $profile_uid * @param string $tag the tag to replace * @param boolean $diaspora default false * @return boolean true if replaced, false if not replaced */ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $diaspora = false) { $replaced = false; $r = null; $match = array(); $termtype = strpos($tag, '#') === 0 ? TERM_HASHTAG : TERM_UNKNOWN; $termtype = strpos($tag, '@') === 0 ? TERM_MENTION : $termtype; $termtype = strpos($tag, '#^[') === 0 ? TERM_BOOKMARK : $termtype; //is it a hash tag? if (strpos($tag, '#') === 0) { if (strpos($tag, '#^[') === 0) { if (preg_match('/#\\^\\[(url|zrl)(.*?)\\](.*?)\\[\\/(url|zrl)\\]/', $tag, $match)) { $basetag = $match[3]; $url = substr($match[2], 0, 1) === '=' ? substr($match[2], 1) : $match[3]; $replaced = true; } } elseif (strpos($tag, '[zrl=') || strpos($tag, '[url=')) { //...do nothing return $replaced; } if ($tag == '#getzot') { $basetag = 'getzot'; $url = 'http://hubzilla.org'; $newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]'; $body = str_replace($tag, $newtag, $body); $replaced = true; } if (!$replaced) { //base tag has the tags name only if (substr($tag, 0, 7) === '#"' && substr($tag, -6, 6) === '"') { $basetag = substr($tag, 7); $basetag = substr($basetag, 0, -6); } else { $basetag = str_replace('_', ' ', substr($tag, 1)); } //create text for link $url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag); $newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]'; //replace tag by the link. Make sure to not replace something in the middle of a word // The '=' is needed to not replace color codes if the code is also used as a tag // Much better would be to somehow completely avoiding things in e.g. [color]-tags. // This would allow writing things like "my favourite tag=#foobar". $body = preg_replace('/(?<![a-zA-Z0-9=])' . preg_quote($tag, '/') . '/', $newtag, $body); $replaced = true; } //is the link already in str_tags? if (!stristr($str_tags, $newtag)) { //append or set str_tags if (strlen($str_tags)) { $str_tags .= ','; } $str_tags .= $newtag; } return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, 'contact' => $r[0]); } //is it a person tag? if (strpos($tag, '@') === 0) { // The @! tag will alter permissions $exclusive = strpos($tag, '!') === 1 && !$diaspora ? true : false; //is it already replaced? if (strpos($tag, '[zrl=')) { return $replaced; } //get the person's name $name = substr($tag, $exclusive ? 2 : 1); // The name or name fragment we are going to replace $newname = $name; // a copy that we can mess with $tagcid = 0; $r = null; // is it some generated name? $forum = false; $trailing_plus_name = false; // @channel+ is a forum or network delivery tag if (substr($newname, -1, 1) === '+') { $forum = true; $newname = substr($newname, 0, -1); } // Here we're looking for an address book entry as provided by the auto-completer // of the form something+nnn where nnn is an abook_id or the first chars of xchan_hash // If there's a +nnn in the string make sure there isn't a space preceding it $t1 = strpos($newname, ' '); $t2 = strrpos($newname, '+'); if ($t1 && $t2 && $t1 < $t2) { $t2 = 0; } if ($t2 && !$diaspora) { //get the id $tagcid = substr($newname, $t2 + 1); if (strrpos($tagcid, ' ')) { $tagcid = substr($tagcid, 0, strrpos($tagcid, ' ')); } if (strlen($tagcid) < 16) { $abook_id = intval($tagcid); } //remove the next word from tag's name if (strpos($name, ' ')) { $name = substr($name, 0, strpos($name, ' ')); } if ($abook_id) { // if there was an id // select channel with that id from the logged in user's address book $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($abook_id), intval($profile_uid)); } else { $r = q("SELECT * FROM xchan \n\t\t\t\t\tWHERE xchan_hash like '%s%%' LIMIT 1", dbesc($tagcid)); } } if (!$r) { // look for matching names in the address book // Two ways to deal with spaces - double quote the name or use underscores // we see this after input filtering so quotes have been html entity encoded if (substr($name, 0, 6) === '"' && substr($name, -6, 6) === '"') { $newname = substr($name, 6); $newname = substr($newname, 0, -6); } else { $newname = str_replace('_', ' ', $name); } // do this bit over since we started over with $name if (substr($newname, -1, 1) === '+') { $forum = true; $newname = substr($newname, 0, -1); } //select someone from this user's contacts by name $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\tWHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval($profile_uid)); if (!$r) { //select someone by attag or nick and the name passed in $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", dbesc(strpos($newname, '@') ? $newname : $newname . '@%'), intval($profile_uid)); } if (!$r) { // it's possible somebody has a name ending with '+', which we stripped off as a forum indicator // This is very rare but we want to get it right. $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname . '+'), intval($profile_uid)); if ($r) { $trailing_plus_name = true; } } } // $r is set if we found something $channel = get_app()->get_channel(); if ($r) { $profile = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; // add the channel's xchan_hash to $access_tag if exclusive if ($exclusive) { $access_tag .= 'cid:' . $r[0]['xchan_hash']; } } else { // check for a group/collection exclusion tag // note that we aren't setting $replaced even though we're replacing text. // This tag isn't going to get a term attached to it. It's only used for // access control. The link points to out own channel just so it doesn't look // weird - as all the other tags are linked to something. if (local_channel() && local_channel() == $profile_uid) { require_once 'include/group.php'; $grp = group_byname($profile_uid, $name); if ($grp) { $g = q("select hash from groups where id = %d and visible = 1 limit 1", intval($grp)); if ($g && $exclusive) { $access_tag .= 'gid:' . $g[0]['hash']; } $channel = get_app()->get_channel(); if ($channel) { $newtag = '@' . ($exclusive ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]'; $body = str_replace('@' . ($exclusive ? '!' : '') . $name, $newtag, $body); } } } } if ($exclusive && !$access_tag) { $access_tag .= 'cid:' . $channel['channel_hash']; } // if there is an url for this channel if (isset($profile)) { $replaced = true; //create profile link $profile = str_replace(',', '%2c', $profile); $url = $profile; $newtag = '@' . ($exclusive ? '!' : '') . '[zrl=' . $profile . ']' . $newname . ($forum && !$trailing_plus_name ? '+' : '') . '[/zrl]'; $body = str_replace('@' . ($exclusive ? '!' : '') . $name, $newtag, $body); //append tag to str_tags if (!stristr($str_tags, $newtag)) { if (strlen($str_tags)) { $str_tags .= ','; } $str_tags .= $newtag; } } } return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]); }
function group_add_member($uid, $name, $member, $gid = 0) { if (!$gid) { $gid = group_byname($uid, $name); } if (!$gid || !$uid || !$member) { return false; } $r = q("SELECT * FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `xchan` = '%s' LIMIT 1", intval($uid), intval($gid), dbesc($member)); if (count($r)) { return true; } // You might question this, but // we indicate success because the group member was in fact created // -- It was just created at another time if (!count($r)) { $r = q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\tVALUES( %d, %d, '%s' ) ", intval($uid), intval($gid), dbesc($member)); } build_sync_packet($uid, null, true); return $r; }