function post()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
require_once 'include/activities.php';
$namechanged = false;
// import from json export file.
// Only import fields that are allowed on this hub
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filesize = intval($_FILES['userfile']['size']);
if ($filesize) {
$j = @json_decode(@file_get_contents($src), true);
@unlink($src);
if ($j) {
$fields = get_profile_fields_advanced();
if ($fields) {
foreach ($j as $jj => $v) {
foreach ($fields as $f => $n) {
if ($jj == $f) {
$_POST[$f] = $v;
break;
}
}
}
}
}
}
}
call_hooks('profile_post', $_POST);
if (argc() > 1 && argv(1) !== "new" && intval(argv(1))) {
$orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(\App::$argv[1]), intval(local_channel()));
if (!count($orig)) {
notice(t('Profile not found.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
$is_default = $orig[0]['is_default'] ? 1 : 0;
$profile_name = notags(trim($_POST['profile_name']));
if (!strlen($profile_name)) {
notice(t('Profile Name is required.') . EOL);
return;
}
$dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00';
// FIXME: Needs to be validated?
$y = substr($dob, 0, 4);
if (!ctype_digit($y) || $y < 1900) {
$ignore_year = true;
} else {
$ignore_year = false;
}
if ($dob != '0000-00-00') {
if (strpos($dob, '0000-') === 0) {
$ignore_year = true;
$dob = substr($dob, 5);
}
$dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d');
if ($ignore_year) {
$dob = '0000-' . $dob;
}
}
$name = escape_tags(trim($_POST['name']));
if ($orig[0]['fullname'] != $name) {
$namechanged = true;
$v = validate_channelname($name);
if ($v) {
notice($v);
$namechanged = false;
$name = $orig[0]['fullname'];
}
}
$pdesc = escape_tags(trim($_POST['pdesc']));
$gender = escape_tags(trim($_POST['gender']));
$address = escape_tags(trim($_POST['address']));
$locality = escape_tags(trim($_POST['locality']));
$region = escape_tags(trim($_POST['region']));
$postal_code = escape_tags(trim($_POST['postal_code']));
$country_name = escape_tags(trim($_POST['country_name']));
$keywords = escape_tags(trim($_POST['keywords']));
$marital = escape_tags(trim($_POST['marital']));
$howlong = escape_tags(trim($_POST['howlong']));
$sexual = escape_tags(trim($_POST['sexual']));
$homepage = escape_tags(trim($_POST['homepage']));
$hometown = escape_tags(trim($_POST['hometown']));
$politic = escape_tags(trim($_POST['politic']));
$religion = escape_tags(trim($_POST['religion']));
$likes = fix_mce_lf(escape_tags(trim($_POST['likes'])));
$dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes'])));
$about = fix_mce_lf(escape_tags(trim($_POST['about'])));
$interest = fix_mce_lf(escape_tags(trim($_POST['interest'])));
$contact = fix_mce_lf(escape_tags(trim($_POST['contact'])));
$channels = fix_mce_lf(escape_tags(trim($_POST['channels'])));
$music = fix_mce_lf(escape_tags(trim($_POST['music'])));
$book = fix_mce_lf(escape_tags(trim($_POST['book'])));
$tv = fix_mce_lf(escape_tags(trim($_POST['tv'])));
$film = fix_mce_lf(escape_tags(trim($_POST['film'])));
$romance = fix_mce_lf(escape_tags(trim($_POST['romance'])));
$work = fix_mce_lf(escape_tags(trim($_POST['work'])));
$education = fix_mce_lf(escape_tags(trim($_POST['education'])));
$hide_friends = intval($_POST['hide_friends']) ? 1 : 0;
require_once 'include/text.php';
linkify_tags($a, $likes, local_channel());
linkify_tags($a, $dislikes, local_channel());
linkify_tags($a, $about, local_channel());
linkify_tags($a, $interest, local_channel());
linkify_tags($a, $interest, local_channel());
linkify_tags($a, $contact, local_channel());
linkify_tags($a, $channels, local_channel());
linkify_tags($a, $music, local_channel());
linkify_tags($a, $book, local_channel());
linkify_tags($a, $tv, local_channel());
linkify_tags($a, $film, local_channel());
linkify_tags($a, $romance, local_channel());
linkify_tags($a, $work, local_channel());
linkify_tags($a, $education, local_channel());
$with = x($_POST, 'with') ? escape_tags(trim($_POST['with'])) : '';
if (!strlen($howlong)) {
$howlong = NULL_DATE;
} else {
$howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong);
}
// linkify the relationship target if applicable
$withchanged = false;
if (strlen($with)) {
if ($with != strip_tags($orig[0]['partner'])) {
$withchanged = true;
$prf = '';
$lookup = $with;
if (strpos($lookup, '@') === 0) {
$lookup = substr($lookup, 1);
}
$lookup = str_replace('_', ' ', $lookup);
$newname = $lookup;
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval(local_channel()));
if (!$r) {
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_addr = '%s' AND abook_channel = %d LIMIT 1", dbesc($lookup . '@%'), intval(local_channel()));
}
if ($r) {
$prf = $r[0]['xchan_url'];
$newname = $r[0]['xchan_name'];
}
if ($prf) {
$with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with);
if (strpos($with, '@') === 0) {
$with = substr($with, 1);
}
}
} else {
$with = $orig[0]['partner'];
}
}
$profile_fields_basic = get_profile_fields_basic();
$profile_fields_advanced = get_profile_fields_advanced();
$advanced = feature_enabled(local_channel(), 'advanced_profiles') ? true : false;
if ($advanced) {
$fields = $profile_fields_advanced;
} else {
$fields = $profile_fields_basic;
}
$z = q("select * from profdef where true");
if ($z) {
foreach ($z as $zz) {
if (array_key_exists($zz['field_name'], $fields)) {
$w = q("select * from profext where channel_id = %d and hash = '%s' and k = '%s' limit 1", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name']));
if ($w) {
q("update profext set v = '%s' where id = %d", dbesc(escape_tags(trim($_POST[$zz['field_name']]))), intval($w[0]['id']));
} else {
q("insert into profext ( channel_id, hash, k, v ) values ( %d, '%s', '%s', '%s') ", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name']), dbesc(escape_tags(trim($_POST[$zz['field_name']]))));
}
}
}
}
$changes = array();
$value = '';
if ($is_default) {
if ($marital != $orig[0]['marital']) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status');
$value = $marital;
}
if ($withchanged) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner');
$value = strip_tags($with);
}
if ($likes != $orig[0]['likes']) {
$changes[] = t('Likes');
$value = $likes;
}
if ($dislikes != $orig[0]['dislikes']) {
$changes[] = t('Dislikes');
$value = $dislikes;
}
if ($work != $orig[0]['employment']) {
$changes[] = t('Work/Employment');
}
if ($religion != $orig[0]['religion']) {
$changes[] = t('Religion');
$value = $religion;
}
if ($politic != $orig[0]['politic']) {
$changes[] = t('Political Views');
$value = $politic;
}
if ($gender != $orig[0]['gender']) {
$changes[] = t('Gender');
$value = $gender;
}
if ($sexual != $orig[0]['sexual']) {
$changes[] = t('Sexual Preference');
$value = $sexual;
}
if ($homepage != $orig[0]['homepage']) {
$changes[] = t('Homepage');
$value = $homepage;
}
if ($interest != $orig[0]['interest']) {
$changes[] = t('Interests');
$value = $interest;
}
if ($address != $orig[0]['address']) {
$changes[] = t('Address');
// New address not sent in notifications, potential privacy issues
// in case this leaks to unintended recipients. Yes, it's in the public
// profile but that doesn't mean we have to broadcast it to everybody.
}
if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country_name']) {
$changes[] = t('Location');
$comma1 = $locality && ($region || $country_name) ? ', ' : ' ';
$comma2 = $region && $country_name ? ', ' : '';
$value = $locality . $comma1 . $region . $comma2 . $country_name;
}
profile_activity($changes, $value);
}
$r = q("UPDATE `profile` \n\t\t\t\tSET `profile_name` = '%s',\n\t\t\t\t`fullname` = '%s',\n\t\t\t\t`pdesc` = '%s',\n\t\t\t\t`gender` = '%s',\n\t\t\t\t`dob` = '%s',\n\t\t\t\t`address` = '%s',\n\t\t\t\t`locality` = '%s',\n\t\t\t\t`region` = '%s',\n\t\t\t\t`postal_code` = '%s',\n\t\t\t\t`country_name` = '%s',\n\t\t\t\t`marital` = '%s',\n\t\t\t\t`partner` = '%s',\n\t\t\t\t`howlong` = '%s',\n\t\t\t\t`sexual` = '%s',\n\t\t\t\t`homepage` = '%s',\n\t\t\t\t`hometown` = '%s',\n\t\t\t\t`politic` = '%s',\n\t\t\t\t`religion` = '%s',\n\t\t\t\t`keywords` = '%s',\n\t\t\t\t`likes` = '%s',\n\t\t\t\t`dislikes` = '%s',\n\t\t\t\t`about` = '%s',\n\t\t\t\t`interest` = '%s',\n\t\t\t\t`contact` = '%s',\n\t\t\t\t`channels` = '%s',\n\t\t\t\t`music` = '%s',\n\t\t\t\t`book` = '%s',\n\t\t\t\t`tv` = '%s',\n\t\t\t\t`film` = '%s',\n\t\t\t\t`romance` = '%s',\n\t\t\t\t`employment` = '%s',\n\t\t\t\t`education` = '%s',\n\t\t\t\t`hide_friends` = %d\n\t\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($channels), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval(argv(1)), intval(local_channel()));
if ($r) {
info(t('Profile updated.') . EOL);
}
$r = q("select * from profile where id = %d and uid = %d limit 1", intval(argv(1)), intval(local_channel()));
if ($r) {
require_once 'include/zot.php';
build_sync_packet(local_channel(), array('profile' => $r));
}
$channel = \App::get_channel();
if ($namechanged && $is_default) {
$r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", dbesc($name), dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
$r = q("UPDATE channel SET channel_name = '%s' WHERE channel_hash = '%s'", dbesc($name), dbesc($channel['xchan_hash']));
}
if ($is_default) {
// reload the info for the sidebar widget - why does this not work?
profile_load($channel['channel_address']);
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
}
}
}
function profiles_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$namechanged = false;
call_hooks('profile_post', $_POST);
if ($a->argc > 1 && $a->argv[1] !== "new" && intval($a->argv[1])) {
$orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user()));
if (!count($orig)) {
notice(t('Profile not found.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
$is_default = $orig[0]['is-default'] ? 1 : 0;
$profile_name = notags(trim($_POST['profile_name']));
if (!strlen($profile_name)) {
notice(t('Profile Name is required.') . EOL);
return;
}
$dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00';
// FIXME: Needs to be validated?
$y = substr($dob, 0, 4);
if (!ctype_digit($y) || $y < 1900) {
$ignore_year = true;
} else {
$ignore_year = false;
}
if ($dob != '0000-00-00') {
if (strpos($dob, '0000-') === 0) {
$ignore_year = true;
$dob = substr($dob, 5);
}
$dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d');
if ($ignore_year) {
$dob = '0000-' . $dob;
}
}
$name = notags(trim($_POST['name']));
if (!strlen($name)) {
$name = '[No Name]';
}
if ($orig[0]['name'] != $name) {
$namechanged = true;
}
$pdesc = notags(trim($_POST['pdesc']));
$gender = notags(trim($_POST['gender']));
$address = notags(trim($_POST['address']));
$locality = notags(trim($_POST['locality']));
$region = notags(trim($_POST['region']));
$postal_code = notags(trim($_POST['postal_code']));
$country_name = notags(trim($_POST['country_name']));
$pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords'])));
$prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords'])));
$marital = notags(trim($_POST['marital']));
$howlong = notags(trim($_POST['howlong']));
$with = x($_POST, 'with') ? notags(trim($_POST['with'])) : '';
if (!strlen($howlong)) {
$howlong = '0000-00-00 00:00:00';
} else {
$howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong);
}
// linkify the relationship target if applicable
$withchanged = false;
if (strlen($with)) {
if ($with != strip_tags($orig[0]['with'])) {
$withchanged = true;
$prf = '';
$lookup = $with;
if (strpos($lookup, '@') === 0) {
$lookup = substr($lookup, 1);
}
$lookup = str_replace('_', ' ', $lookup);
if (strpos($lookup, '@') || strpos($lookup, 'http://')) {
$newname = $lookup;
$links = @lrdd($lookup);
if (count($links)) {
foreach ($links as $link) {
if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') {
$prf = $link['@attributes']['href'];
}
}
}
} else {
$newname = $lookup;
/* if(strstr($lookup,' ')) {
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
dbesc($newname),
intval(local_user())
);
}
else {
$r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
dbesc($lookup),
intval(local_user())
);
}*/
$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user()));
if (!$r) {
$r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user()));
}
if (count($r)) {
$prf = $r[0]['url'];
$newname = $r[0]['name'];
}
}
if ($prf) {
$with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with);
if (strpos($with, '@') === 0) {
$with = substr($with, 1);
}
}
} else {
$with = $orig[0]['with'];
}
}
$sexual = notags(trim($_POST['sexual']));
$homepage = notags(trim($_POST['homepage']));
if (strpos($homepage, 'http') !== 0 && strlen($homepage)) {
// neither http nor https in URL, add them
$homepage = 'http://' . $homepage;
}
$hometown = notags(trim($_POST['hometown']));
$politic = notags(trim($_POST['politic']));
$religion = notags(trim($_POST['religion']));
$likes = fix_mce_lf(escape_tags(trim($_POST['likes'])));
$dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes'])));
$about = fix_mce_lf(escape_tags(trim($_POST['about'])));
$interest = fix_mce_lf(escape_tags(trim($_POST['interest'])));
$contact = fix_mce_lf(escape_tags(trim($_POST['contact'])));
$music = fix_mce_lf(escape_tags(trim($_POST['music'])));
$book = fix_mce_lf(escape_tags(trim($_POST['book'])));
$tv = fix_mce_lf(escape_tags(trim($_POST['tv'])));
$film = fix_mce_lf(escape_tags(trim($_POST['film'])));
$romance = fix_mce_lf(escape_tags(trim($_POST['romance'])));
$work = fix_mce_lf(escape_tags(trim($_POST['work'])));
$education = fix_mce_lf(escape_tags(trim($_POST['education'])));
$hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0;
$changes = array();
$value = '';
if ($is_default) {
if ($marital != $orig[0]['marital']) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status');
$value = $marital;
}
if ($withchanged) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner');
$value = strip_tags($with);
}
if ($likes != $orig[0]['likes']) {
$changes[] = t('Likes');
$value = $likes;
}
if ($dislikes != $orig[0]['dislikes']) {
$changes[] = t('Dislikes');
$value = $dislikes;
}
if ($work != $orig[0]['work']) {
$changes[] = t('Work/Employment');
}
if ($religion != $orig[0]['religion']) {
$changes[] = t('Religion');
$value = $religion;
}
if ($politic != $orig[0]['politic']) {
$changes[] = t('Political Views');
$value = $politic;
}
if ($gender != $orig[0]['gender']) {
$changes[] = t('Gender');
$value = $gender;
}
if ($sexual != $orig[0]['sexual']) {
$changes[] = t('Sexual Preference');
$value = $sexual;
}
if ($homepage != $orig[0]['homepage']) {
$changes[] = t('Homepage');
$value = $homepage;
}
if ($interest != $orig[0]['interest']) {
$changes[] = t('Interests');
$value = $interest;
}
if ($address != $orig[0]['address']) {
$changes[] = t('Address');
// New address not sent in notifications, potential privacy issues
// in case this leaks to unintended recipients. Yes, it's in the public
// profile but that doesn't mean we have to broadcast it to everybody.
}
if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country-name']) {
$changes[] = t('Location');
$comma1 = $locality && ($region || $country_name) ? ', ' : ' ';
$comma2 = $region && $country_name ? ', ' : '';
$value = $locality . $comma1 . $region . $comma2 . $country_name;
}
profile_activity($changes, $value);
}
$r = q("UPDATE `profile`\n\t\t\tSET `profile-name` = '%s',\n\t\t\t`name` = '%s',\n\t\t\t`pdesc` = '%s',\n\t\t\t`gender` = '%s',\n\t\t\t`dob` = '%s',\n\t\t\t`address` = '%s',\n\t\t\t`locality` = '%s',\n\t\t\t`region` = '%s',\n\t\t\t`postal-code` = '%s',\n\t\t\t`country-name` = '%s',\n\t\t\t`marital` = '%s',\n\t\t\t`with` = '%s',\n\t\t\t`howlong` = '%s',\n\t\t\t`sexual` = '%s',\n\t\t\t`homepage` = '%s',\n\t\t\t`hometown` = '%s',\n\t\t\t`politic` = '%s',\n\t\t\t`religion` = '%s',\n\t\t\t`pub_keywords` = '%s',\n\t\t\t`prv_keywords` = '%s',\n\t\t\t`likes` = '%s',\n\t\t\t`dislikes` = '%s',\n\t\t\t`about` = '%s',\n\t\t\t`interest` = '%s',\n\t\t\t`contact` = '%s',\n\t\t\t`music` = '%s',\n\t\t\t`book` = '%s',\n\t\t\t`tv` = '%s',\n\t\t\t`film` = '%s',\n\t\t\t`romance` = '%s',\n\t\t\t`work` = '%s',\n\t\t\t`education` = '%s',\n\t\t\t`hide-friends` = %d\n\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($pub_keywords), dbesc($prv_keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval($a->argv[1]), intval(local_user()));
if ($r) {
info(t('Profile updated.') . EOL);
}
if ($namechanged && $is_default) {
$r = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($name), dbesc(datetime_convert()), intval(local_user()));
$r = q("UPDATE `user` set `username` = '%s' where `uid` = %d", dbesc($name), intval(local_user()));
}
if ($is_default) {
$location = $locality;
if ($region != "") {
if ($location != "") {
$location .= ", ";
}
$location .= $region;
}
if ($country_name != "") {
if ($location != "") {
$location .= ", ";
}
$location .= $country_name;
}
$r = q("UPDATE `contact` SET `about` = '%s', `location` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($about), dbesc($location), dbesc($pub_keywords), dbesc($gender), intval(local_user()));
// Update global directory in background
$url = $_SESSION['my_url'];
if ($url && strlen(get_config('system', 'directory'))) {
proc_run('php', "include/directory.php", "{$url}");
}
require_once 'include/profile_update.php';
profile_change();
}
}
}
