function items_fetch($arr, $channel = null, $observer_hash = null, $client_mode = CLIENT_MODE_NORMAL, $module = 'network') { $result = array('success' => false); $a = get_app(); $sql_extra = ''; $sql_nets = ''; $sql_options = ''; $sql_extra2 = ''; $sql_extra3 = ''; $def_acl = ''; $item_uids = ' true '; if ($arr['uid']) { $uid = $arr['uid']; } if ($channel) { $uid = $channel['channel_id']; $uidhash = $channel['channel_hash']; $item_uids = " item.uid = " . intval($uid) . " "; } if ($arr['star']) { $sql_options .= " and (item_flags & " . intval(ITEM_STARRED) . ")>0 "; } if ($arr['wall']) { $sql_options .= " and (item_flags & " . intval(ITEM_WALL) . ")>0 "; } $sql_extra = " AND item.parent IN ( SELECT parent FROM item WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ")>0 {$sql_options} ) "; if ($arr['since_id']) { $sql_extra .= " and item.id > " . $since_id . " "; } if ($arr['gid'] && $uid) { $r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", intval($arr['group']), intval($uid)); if (!$r) { $result['message'] = t('Collection not found.'); return $result; } $contact_str = ''; /** @FIXME $group is undefined */ $contacts = group_get_members($group); if ($contacts) { foreach ($contacts as $c) { if ($contact_str) { $contact_str .= ','; } $contact_str .= "'" . $c['xchan'] . "'"; } } else { $contact_str = ' 0 '; $result['message'] = t('Collection is empty.'); return $result; } $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND (( author_xchan IN ( {$contact_str} ) OR owner_xchan in ( {$contact_str})) or allow_gid like '" . protect_sprintf('%<' . dbesc($r[0]['hash']) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; $x = group_rec_byhash($uid, $r[0]['hash']); $result['headline'] = sprintf(t('Collection: %s'), $x['name']); } elseif ($arr['cid'] && $uid) { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ")>0 limit 1", intval($arr['cid']), intval(local_channel())); if ($r) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND uid = " . intval($arr['uid']) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) "; $result['headline'] = sprintf(t('Connection: %s'), $r[0]['xchan_name']); } else { $result['message'] = t('Connection not found.'); return $result; } } if ($arr['datequery']) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $arr['datequery'])))); } if ($arr['datequery2']) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $arr['datequery2'])))); } if (!array_key_exists('nouveau', $arr)) { $sql_extra2 = " AND item.parent = item.id "; $sql_extra3 = ''; } if ($arr['search']) { if (strpos($arr['search'], '#') === 0) { $sql_extra .= term_query('item', substr($arr['search'], 1), TERM_HASHTAG); } else { $sql_extra .= sprintf(" AND item.body like '%s' ", dbesc(protect_sprintf('%' . $arr['search'] . '%'))); } } if (strlen($arr['file'])) { $sql_extra .= term_query('item', $arr['files'], TERM_FILE); } if ($arr['conv'] && $channel) { $sql_extra .= sprintf(" AND parent IN (SELECT distinct parent from item where ( author_xchan like '%s' or ( item_flags & %d )>0)) ", dbesc(protect_sprintf($uidhash)), intval(ITEM_MENTIONSME)); } if ($client_mode & CLIENT_MODE_UPDATE && !($client_mode & CLIENT_MODE_LOAD)) { // only setup pagination on initial page view $pager_sql = ''; } else { $itemspage = $channel ? get_pconfig($uid, 'system', 'itemspage') : 20; $a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start'])); } if (isset($arr['start']) && isset($arr['records'])) { $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval($arr['records']), intval($arr['start'])); } if (array_key_exists('cmin', $arr) || array_key_exists('cmax', $arr)) { if ($arr['cmin'] != 0 || $arr['cmax'] != 99) { // Not everybody who shows up in the network stream will be in your address book. // By default those that aren't are assumed to have closeness = 99; but this isn't // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in // the stream with a NULL address book entry. $sql_nets .= " AND "; if ($arr['cmax'] == 99) { $sql_nets .= " ( "; } $sql_nets .= "( abook.abook_closeness >= " . intval($arr['cmin']) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($arr['cmax']) . " ) "; /** @fixme dead code, $cmax is undefined */ if ($cmax == 99) { $sql_nets .= " OR abook.abook_closeness IS NULL ) "; } } } $simple_update = $client_mode & CLIENT_MODE_UPDATE ? " and ( item.item_unseen = 1 ) " : ''; if ($client_mode & CLIENT_MODE_LOAD) { $simple_update = ''; } //$start = dba_timer(); require_once 'include/security.php'; $sql_extra .= item_permissions_sql($channel['channel_id'], $observer_hash); if ($arr['pages']) { $item_restrict = " AND (item_restrict & " . ITEM_WEBPAGE . ") "; } else { $item_restrict = " AND item_restrict = 0 "; } if ($arr['nouveau'] && $client_mode & CLIENT_MODE_LOAD && $channel) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\tWHERE {$item_uids} {$item_restrict}\n\t\t\t\t{$simple_update}\n\t\t\t\t{$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY item.received DESC {$pager_sql}"); require_once 'include/items.php'; xchan_query($items); $items = fetch_post_tags($items, true); } else { // Normal conversation view if ($arr['order'] === 'post') { $ordering = "created"; } else { $ordering = "commented"; } if ($client_mode & CLIENT_MODE_LOAD || $client_mode == CLIENT_MODE_NORMAL) { // Fetch a page full of parent items for this page $r = q("SELECT distinct item.id AS item_id, item.{$ordering} FROM item\n left join abook on item.author_xchan = abook.abook_xchan\n WHERE {$item_uids} {$item_restrict}\n AND item.parent = item.id\n and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n {$sql_extra3} {$sql_extra} {$sql_nets}\n ORDER BY item.{$ordering} DESC {$pager_sql} ", intval(ABOOK_FLAG_BLOCKED)); } else { // update $r = q("SELECT item.parent AS item_id FROM item\n left join abook on item.author_xchan = abook.abook_xchan\n WHERE {$item_uids} {$item_restrict} {$simple_update}\n and ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n {$sql_extra3} {$sql_extra} {$sql_nets} ", intval(ABOOK_FLAG_BLOCKED)); } //$first = dba_timer(); // Then fetch all the children of the parents that are on this page if ($r) { $parents_str = ids_to_querystr($r, 'item_id'); if ($arr['top']) { $sql_extra = ' and id = parent ' . $sql_extra; } $items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\tWHERE {$item_uids} {$item_restrict}\n\t\t\t\tAND item.parent IN ( %s )\n\t\t\t\t{$sql_extra} ", dbesc($parents_str)); //$second = dba_timer(); xchan_query($items); //$third = dba_timer(); $items = fetch_post_tags($items, true); //$fourth = dba_timer(); require_once 'include/conversation.php'; $items = conv_sort($items, $ordering); //logger('items: ' . print_r($items,true)); } else { $items = array(); } if ($parents_str && $arr['mark_seen']) { $update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )'; } /** @FIXME finish mark unseen sql */ } return $items; }
function connections_post(&$a) { if (!local_channel()) { return; } $contact_id = intval(argv(1)); if (!$contact_id) { return; } $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($contact_id), intval(local_channel())); if (!$orig_record) { notice(t('Could not access contact record.') . EOL); goaway(z_root() . '/connections'); return; // NOTREACHED } call_hooks('contact_edit_post', $_POST); $profile_id = $_POST['profile_assign']; if ($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", dbesc($profile_id), intval(local_channel())); if (!count($r)) { notice(t('Could not locate selected profile.') . EOL); return; } } $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if ($priority > 5 || $priority < 0) { $priority = 0; } $closeness = intval($_POST['closeness']); if ($closeness < 0) { $closeness = 99; } $abook_my_perms = 0; foreach ($_POST as $k => $v) { if (strpos($k, 'perms_') === 0) { $abook_my_perms += $v; } } $abook_flags = $orig_record[0]['abook_flags']; $new_friend = false; if ($_REQUEST['pending'] && $abook_flags & ABOOK_FLAG_PENDING) { $abook_flags = $abook_flags ^ ABOOK_FLAG_PENDING; $new_friend = true; } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d\n\t\twhere abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), intval($abook_flags), intval($contact_id), intval(local_channel())); if ($r) { info(t('Connection updated.') . EOL); } else { notice(t('Failed to update connection record.') . EOL); } if (x($a->data, 'abook') && $a->data['abook']['abook_my_perms'] != $abook_my_perms && !($a->data['abook']['abook_flags'] & ABOOK_FLAG_SELF)) { proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); } if ($new_friend) { $channel = $a->get_channel(); $default_group = $channel['channel_default_group']; if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash(local_channel(), $default_group); if ($g) { group_add_member(local_channel(), '', $a->data['abook_xchan'], $g['id']); } } // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity // TODO // pull in a bit of content if there is any to pull in proc_run('php', 'include/onepoll.php', $contact_id); } // Refresh the structure in memory with the new data $r = q("SELECT abook.*, xchan.* \n\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\tWHERE abook_channel = %d and abook_id = %d LIMIT 1", intval(local_channel()), intval($contact_id)); if ($r) { $a->data['abook'] = $r[0]; } if ($new_friend) { $arr = array('channel_id' => local_channel(), 'abook' => $a->data['abook']); call_hooks('accept_follow', $arr); } connections_clone($a); return; }
function new_contact($uid, $url, $channel, $interactive = false, $confirm = false) { $result = array('success' => false, 'message' => ''); $is_red = false; $is_http = strpos($url, '://') !== false ? true : false; if ($is_http && substr($url, -1, 1) === '/') { $url = substr($url, 0, -1); } if (!allowed_url($url)) { $result['message'] = t('Channel is blocked on this site.'); return $result; } if (!$url) { $result['message'] = t('Channel location missing.'); return $result; } // check service class limits $r = q("select count(*) as total from abook where abook_channel = %d and abook_self = 0 ", intval($uid)); if ($r) { $total_channels = $r[0]['total']; } if (!service_class_allows($uid, 'total_channels', $total_channels)) { $result['message'] = upgrade_message(); return $result; } $arr = array('url' => $url, 'channel' => array()); call_hooks('follow', $arr); if ($arr['channel']['success']) { $ret = $arr['channel']; } elseif (!$is_http) { $ret = Zotlabs\Zot\Finger::run($url, $channel); } if ($ret && is_array($ret) && $ret['success']) { $is_red = true; $j = $ret; } $my_perms = get_channel_default_perms($uid); $role = get_pconfig($uid, 'system', 'permissions_role'); if ($role) { $x = \Zotlabs\Access\PermissionRoles::role_perms($role); if ($x['perms_connect']) { $my_perms = $x['perms_connect']; } } if ($is_red && $j) { logger('follow: ' . $url . ' ' . print_r($j, true), LOGGER_DEBUG); if (!($j['success'] && $j['guid'])) { $result['message'] = t('Response from remote channel was incomplete.'); logger('mod_follow: ' . $result['message']); return $result; } // Premium channel, set confirm before callback to avoid recursion if (array_key_exists('connect_url', $j) && $interactive && !$confirm) { goaway(zid($j['connect_url'])); } // do we have an xchan and hubloc? // If not, create them. $x = import_xchan($j); if (array_key_exists('deleted', $j) && intval($j['deleted'])) { $result['message'] = t('Channel was deleted and no longer exists.'); return $result; } if (!$x['success']) { return $x; } $xchan_hash = $x['hash']; if (array_key_exists('permissions', $j) && array_key_exists('data', $j['permissions'])) { $permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']); if ($permissions) { $permissions = json_decode($permissions, true); } logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA); } else { $permissions = $j['permissions']; } if (is_array($permissions) && $permissions) { foreach ($permissions as $k => $v) { set_abconfig($channel['channel_uid'], $xchan_hash, 'their_perms', $k, intval($v)); } } } else { $xchan_hash = ''; $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", dbesc($url), dbesc($url)); if (!$r) { // attempt network auto-discovery $d = discover_by_webbie($url); if (!$d && $is_http) { // try RSS discovery if (get_config('system', 'feed_contacts')) { $d = discover_by_url($url); } else { $result['message'] = t('Protocol disabled.'); return $result; } } if ($d) { $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", dbesc($url), dbesc($url)); } } // if discovery was a success we should have an xchan record in $r if ($r) { $xchan = $r[0]; $xchan_hash = $r[0]['xchan_hash']; $their_perms = 0; } } if (!$xchan_hash) { $result['message'] = t('Channel discovery failed.'); logger('follow: ' . $result['message']); return $result; } $allowed = $is_red || $r[0]['xchan_network'] === 'rss' ? 1 : 0; $x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => $allowed, 'singleton' => 0); call_hooks('follow_allow', $x); if (!$x['allowed']) { $result['message'] = t('Protocol disabled.'); return $result; } $singleton = intval($x['singleton']); $aid = $channel['channel_account_id']; $hash = get_observer_hash(); $default_group = $channel['channel_default_group']; if ($xchan['xchan_network'] === 'rss') { // check service class feed limits $r = q("select count(*) as total from abook where abook_account = %d and abook_feed = 1 ", intval($aid)); if ($r) { $total_feeds = $r[0]['total']; } if (!service_class_allows($uid, 'total_feeds', $total_feeds)) { $result['message'] = upgrade_message(); return $result; } } if ($hash == $xchan_hash) { $result['message'] = t('Cannot connect to yourself.'); return $result; } $r = q("select abook_xchan, abook_instance from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid)); if ($is_http) { // Always set these "remote" permissions for feeds since we cannot interact with them // to negotiate a suitable permission response set_abconfig($uid, $xchan_hash, 'their_perms', 'view_stream', 1); set_abconfig($uid, $xchan_hash, 'their_perms', 'republish', 1); } if ($r) { $abook_instance = $r[0]['abook_instance']; if ($singleton && strpos($abook_instance, z_root()) === false) { if ($abook_instance) { $abook_instance .= ','; } $abook_instance .= z_root(); } $x = q("update abook set abook_instance = '%s' where abook_id = %d", dbesc($abook_instance), intval($r[0]['abook_id'])); } else { $closeness = get_pconfig($uid, 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_created, abook_updated, abook_instance )\n\t\t\tvalues( %d, %d, %d, '%s', %d, '%s', '%s', '%s' ) ", intval($aid), intval($uid), intval($closeness), dbesc($xchan_hash), intval($is_http ? 1 : 0), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($singleton ? z_root() : '')); } if (!$r) { logger('mod_follow: abook creation failed'); } $all_perms = \Zotlabs\Access\Permissions::Perms(); if ($all_perms) { foreach ($all_perms as $k => $v) { if (in_array($k, $my_perms)) { set_abconfig($uid, $xchan_hash, 'my_perms', $k, 1); } else { set_abconfig($uid, $xchan_hash, 'my_perms', $k, 0); } } } $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash \n\t\twhere abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid)); if ($r) { $result['abook'] = $r[0]; Zotlabs\Daemon\Master::Summon(array('Notifier', 'permission_create', $result['abook']['abook_id'])); } $arr = array('channel_id' => $uid, 'channel' => $channel, 'abook' => $result['abook']); call_hooks('follow', $arr); /** If there is a default group for this channel, add this connection to it */ if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash($uid, $default_group); if ($g) { group_add_member($uid, '', $xchan_hash, $g['id']); } } $result['success'] = true; return $result; }
function diaspora_request($importer, $xml) { $a = get_app(); $sender_handle = unxmlify($xml->sender_handle); $recipient_handle = unxmlify($xml->recipient_handle); if (!$sender_handle || !$recipient_handle) { return; } // Do we already have an abook record? $contact = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); if ($contact && $contact['abook_id']) { // perhaps we were already sharing with this person. Now they're sharing with us. // That makes us friends. Maybe. // Please note some of these permissions such as PERMS_R_PAGES are impossible for Disapora. // They cannot authenticate to our system. $newperms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES; $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d limit 1", intval($newperms), intval($contact['abook_id']), intval($importer['channel_id'])); return; } $ret = find_diaspora_person_by_handle($sender_handle); if (!$ret || !strstr($ret['xchan_network'], 'diaspora')) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); return; } $default_perms = 0; // look for default permissions to apply in return - e.g. auto-friend $z = q("select * from abook where abook_channel = %d and (abook_flags & %d) limit 1", intval($importer['channel_id']), intval(ABOOK_FLAG_SELF)); if ($z) { $default_perms = intval($z[0]['abook_my_perms']); } $their_perms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES; $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_my_perms, abook_their_perms, abook_closeness, abook_rating, abook_created, abook_updated, abook_connected, abook_dob, abook_flags) values ( %d, %d, '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($importer['channel_account_id']), intval($importer['channel_id']), dbesc($ret['xchan_hash']), intval($default_perms), intval($their_perms), intval(99), intval(0), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(NULL_DATE), intval($default_perms ? 0 : ABOOK_FLAG_PENDING)); if ($r) { logger("New Diaspora introduction received for {$importer['channel_name']}"); $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash left join hubloc on hubloc_hash = xchan_hash where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", intval($importer['channel_id']), dbesc($ret['xchan_hash'])); if ($new_connection) { require_once 'include/enotify.php'; notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $ret['xchan_hash'], 'to_xchan' => $importer['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'])); if ($default_perms) { // Send back a sharing notification to them diaspora_share($importer, $new_connection[0]); } } } // find the abook record we just created $contact_record = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); if (!$contact_record) { logger('diaspora_request: unable to locate newly created contact record.'); return; } /** If there is a default group for this channel, add this member to it */ if ($importer['channel_default_group']) { require_once 'include/group.php'; $g = group_rec_byhash($importer['channel_id'], $importer['channel_default_group']); if ($g) { group_add_member($importer['channel_id'], '', $contact_record['xchan_hash'], $g['id']); } } return; }
function get($update = 0, $load = false) { if (!local_channel()) { $_SESSION['return_url'] = \App::$query_string; return login(false); } if ($load) { $_SESSION['loadtime'] = datetime_convert(); } $arr = array('query' => \App::$query_string); call_hooks('network_content_init', $arr); $channel = \App::get_channel(); $item_normal = item_normal(); $datequery = $datequery2 = ''; $group = 0; $nouveau = false; $datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : ''; $datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : ''; $nouveau = x($_GET, 'new') ? intval($_GET['new']) : 0; $gid = x($_GET, 'gid') ? intval($_GET['gid']) : 0; $category = x($_REQUEST, 'cat') ? $_REQUEST['cat'] : ''; $hashtags = x($_REQUEST, 'tag') ? $_REQUEST['tag'] : ''; $verb = x($_REQUEST, 'verb') ? $_REQUEST['verb'] : ''; $search = $_GET['search'] ? $_GET['search'] : ''; if ($search) { if (strpos($search, '@') === 0) { $r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", dbesc(substr($search, 1)), intval(local_channel())); if ($r) { $_GET['cid'] = $r[0]['abook_id']; $search = $_GET['search'] = ''; } } elseif (strpos($search, '#') === 0) { $hashtags = substr($search, 1); $search = $_GET['search'] = ''; } } if ($datequery) { $_GET['order'] = 'post'; } // filter by collection (e.g. group) if ($gid) { $r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1", intval($gid), intval(local_channel())); if (!$r) { if ($update) { killme(); } notice(t('No such group') . EOL); goaway(z_root() . '/network'); // NOTREACHED } $group = $gid; $group_hash = $r[0]['hash']; $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } $o = ''; // if no tabs are selected, defaults to comments $cid = x($_GET, 'cid') ? intval($_GET['cid']) : 0; $star = x($_GET, 'star') ? intval($_GET['star']) : 0; $order = x($_GET, 'order') ? notags($_GET['order']) : 'comment'; $liked = x($_GET, 'liked') ? intval($_GET['liked']) : 0; $conv = x($_GET, 'conv') ? intval($_GET['conv']) : 0; $spam = x($_GET, 'spam') ? intval($_GET['spam']) : 0; $cmin = x($_GET, 'cmin') ? intval($_GET['cmin']) : 0; $cmax = x($_GET, 'cmax') ? intval($_GET['cmax']) : 99; $firehose = x($_GET, 'fh') ? intval($_GET['fh']) : 0; $file = x($_GET, 'file') ? $_GET['file'] : ''; $deftag = ''; if (x($_GET, 'search') || x($_GET, 'file')) { $nouveau = true; } if ($cid) { $r = q("SELECT abook_xchan FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($cid), intval(local_channel())); if (!$r) { if ($update) { killme(); } notice(t('No such channel') . EOL); goaway(z_root() . '/network'); // NOTREACHED } if ($_GET['pf'] === '1') { $deftag = '@' . t('forum') . '+' . intval($cid) . '+'; } else { $def_acl = array('allow_cid' => '<' . $r[0]['abook_xchan'] . '>'); } } if (!$update) { $tabs = network_tabs(); $o .= $tabs; // search terms header if ($search) { $o .= replace_macros(get_markup_template("section_title.tpl"), array('$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8'))); } nav_set_selected('network'); $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); $private_editing = ($group || $cid) && !intval($_GET['pf']) ? true : false; $x = array('is_owner' => true, 'allow_location' => intval(get_pconfig($channel['channel_id'], 'system', 'use_browser_location')) ? '1' : '', 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => $private_editing || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'acl' => populate_acl($private_editing ? $def_acl : $channel_acl, true, \PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'), 'bang' => $private_editing ? '!' : '', 'visitor' => true, 'profile_uid' => local_channel(), 'editor_autocomplete' => true, 'bbco_autocomplete' => 'bbcode', 'bbcode' => true); if ($deftag) { $x['pretext'] = $deftag; } $status_editor = status_editor($a, $x); $o .= $status_editor; } // We don't have to deal with ACL's on this page. You're looking at everything // that belongs to you, hence you can see all of it. We will filter by group if // desired. $sql_options = $star ? " and item_starred = 1 " : ''; $sql_nets = ''; $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE item_thread_top = 1 {$sql_options} ) "; if ($group) { $contact_str = ''; $contacts = group_get_members($group); if ($contacts) { foreach ($contacts as $c) { if ($contact_str) { $contact_str .= ','; } $contact_str .= "'" . $c['xchan'] . "'"; } } else { $contact_str = ' 0 '; info(t('Privacy group is empty')); } $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND (( author_xchan IN ( {$contact_str} ) OR owner_xchan in ( {$contact_str} )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent {$item_normal} ) "; $x = group_rec_byhash(local_channel(), $group_hash); if ($x) { $title = replace_macros(get_markup_template("section_title.tpl"), array('$title' => t('Privacy group: ') . $x['name'])); } $o = $tabs; $o .= $title; $o .= $status_editor; } elseif ($cid) { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and abook_blocked = 0 limit 1", intval($cid), intval(local_channel())); if ($r) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) {$item_normal} ) "; $title = replace_macros(get_markup_template("section_title.tpl"), array('$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s']) . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>')); $o = $tabs; $o .= $title; $o .= $status_editor; } else { notice(t('Invalid connection.') . EOL); goaway(z_root() . '/network'); } } if (x($category)) { $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY)); } if (x($hashtags)) { $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG)); } if (!$update) { // The special div is needed for liveUpdate to kick in for this page. // We only launch liveUpdate if you aren't filtering in some incompatible // way and also you aren't writing a comment (discovered in javascript). if ($gid || $cid || $cmin || $cmax != 99 || $star || $liked || $conv || $spam || $nouveau || $list) { $firehose = 0; } $maxheight = get_pconfig(local_channel(), 'system', 'network_divmore_height'); if (!$maxheight) { $maxheight = 400; } $o .= '<div id="live-network"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . local_channel() . "; var profile_page = " . \App::$pager['page'] . "; divmore_height = " . intval($maxheight) . "; </script>\r\n"; \App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'network', '$uid' => local_channel() ? local_channel() : '0', '$gid' => $gid ? $gid : '0', '$cid' => $cid ? $cid : '0', '$cmin' => $cmin ? $cmin : '0', '$cmax' => $cmax ? $cmax : '0', '$star' => $star ? $star : '0', '$liked' => $liked ? $liked : '0', '$conv' => $conv ? $conv : '0', '$spam' => $spam ? $spam : '0', '$fh' => $firehose ? $firehose : '0', '$nouveau' => $nouveau ? $nouveau : '0', '$wall' => '0', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$page' => \App::$pager['page'] != 1 ? \App::$pager['page'] : 1, '$search' => $search ? $search : '', '$order' => $order, '$file' => $file, '$cats' => $category, '$tags' => $hashtags, '$dend' => $datequery, '$mid' => '', '$verb' => $verb, '$dbegin' => $datequery2)); } $sql_extra3 = ''; if ($datequery) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); } if ($datequery2) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } $sql_extra2 = $nouveau ? '' : " AND item.parent = item.id "; $sql_extra3 = $nouveau ? '' : $sql_extra3; if (x($_GET, 'search')) { $search = escape_tags($_GET['search']); if (strpos($search, '#') === 0) { $sql_extra .= term_query('item', substr($search, 1), TERM_HASHTAG, TERM_COMMUNITYTAG); } else { $sql_extra .= sprintf(" AND item.body like '%s' ", dbesc(protect_sprintf('%' . $search . '%'))); } } if ($verb) { $sql_extra .= sprintf(" AND item.verb like '%s' ", dbesc(protect_sprintf('%' . $verb . '%'))); } if (strlen($file)) { $sql_extra .= term_query('item', $file, TERM_FILE); } if ($conv) { $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or item_mentionsme = 1 )) ", dbesc(protect_sprintf($channel['channel_hash']))); } if ($update && !$load) { // only setup pagination on initial page view $pager_sql = ''; } else { $itemspage = get_pconfig(local_channel(), 'system', 'itemspage'); \App::set_pager_itemspage(intval($itemspage) ? $itemspage : 20); $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start'])); } if ($cmin != 0 || $cmax != 99) { // Not everybody who shows up in the network stream will be in your address book. // By default those that aren't are assumed to have closeness = 99; but this isn't // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in // the stream with a NULL address book entry. $sql_nets .= " AND "; if ($cmax == 99) { $sql_nets .= " ( "; } $sql_nets .= "( abook.abook_closeness >= " . intval($cmin) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($cmax) . " ) "; if ($cmax == 99) { $sql_nets .= " OR abook.abook_closeness IS NULL ) "; } } $abook_uids = " and abook.abook_channel = " . local_channel() . " "; if ($firehose && !get_config('system', 'disable_discover_tab')) { require_once 'include/identity.php'; $sys = get_sys_channel(); $uids = " and item.uid = " . intval($sys['channel_id']) . " "; \App::$data['firehose'] = intval($sys['channel_id']); } else { $uids = " and item.uid = " . local_channel() . " "; } if (get_pconfig(local_channel(), 'system', 'network_list_mode')) { $page_mode = 'list'; } else { $page_mode = 'client'; } $simple_update = $update ? " and item_unseen = 1 " : ''; // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day // or three and look at your matrix page - after opening up your browser. The first page loads just as it // should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page // (before the page 1 content). The update code is actually doing just what it's supposed // to, it's fetching posts that have the ITEM_UNSEEN bit set. But the reason that page 2 content is being // returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything // that we loaded for page 1 is now marked as seen. But the stuff on page 2 hasn't been. So... it's being // treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content // which "arrived as you were reading page 1". We're going to do this // by storing in your session the current UTC time whenever you LOAD a network page, and only UPDATE items // which are both ITEM_UNSEEN and have "changed" since that time. Cross fingers... if ($update && $_SESSION['loadtime']) { $simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) OR item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' ) "; } if ($load) { $simple_update = ''; } if ($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT item.*, item.id AS item_id, received FROM item\n\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t{$simple_update}\n\t\t\t\t{$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY item.received DESC {$pager_sql} "); require_once 'include/items.php'; xchan_query($items); $items = fetch_post_tags($items, true); } elseif ($update) { // Normal conversation view if ($order === 'post') { $ordering = "created"; } else { $ordering = "commented"; } if ($load) { // Fetch a page full of parent items for this page $r = q("SELECT distinct item.id AS item_id, {$ordering} FROM item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\t\tAND item.parent = item.id\n\t\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets}\n\t\t\t\t\tORDER BY {$ordering} DESC {$pager_sql} "); } else { // this is an update $r = q("SELECT item.parent AS item_id FROM item\n\t\t\t\t\tleft join abook on ( item.owner_xchan = abook.abook_xchan {$abook_uids} )\n\t\t\t\t\tWHERE true {$uids} {$item_normal} {$simple_update}\n\t\t\t\t\tand (abook.abook_blocked = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets} "); $_SESSION['loadtime'] = datetime_convert(); } // Then fetch all the children of the parents that are on this page $parents_str = ''; $update_unseen = ''; if ($r) { $parents_str = ids_to_querystr($r, 'item_id'); $items = q("SELECT item.*, item.id AS item_id FROM item\n\t\t\t\t\tWHERE true {$uids} {$item_normal}\n\t\t\t\t\tAND item.parent IN ( %s )\n\t\t\t\t\t{$sql_extra} ", dbesc($parents_str)); xchan_query($items, true, $firehose ? local_channel() : 0); $items = fetch_post_tags($items, true); $items = conv_sort($items, $ordering); } else { $items = array(); } if ($page_mode === 'list') { /** * in "list mode", only mark the parent item and any like activities as "seen". * We won't distinguish between comment likes and post likes. The important thing * is that the number of unseen comments will be accurate. The SQL to separate the * comment likes could also get somewhat hairy. */ if ($parents_str) { $update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )"; $update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) "; } } else { if ($parents_str) { $update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )"; } } } if ($update_unseen && !$firehose) { $r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d {$update_unseen} ", intval(local_channel())); } $mode = $nouveau ? 'network-new' : 'network'; $o .= conversation($a, $items, $mode, $update, $page_mode); if ($items && !$update) { $o .= alt_pager($a, count($items)); } return $o; }
function diaspora_request($importer, $xml) { $a = get_app(); $sender_handle = unxmlify($xml->sender_handle); $recipient_handle = unxmlify($xml->recipient_handle); if (!$sender_handle || !$recipient_handle) { return; } // Do we already have an abook record? $contact = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); if ($contact && $contact['abook_id']) { // perhaps we were already sharing with this person. Now they're sharing with us. // That makes us friends. Maybe. // Please note some of these permissions such as PERMS_R_PAGES are impossible for Disapora. // They cannot authenticate to our system. $newperms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES; $r = q("update abook set abook_their_perms = %d where abook_id = %d and abook_channel = %d", intval($newperms), intval($contact['abook_id']), intval($importer['channel_id'])); return; } $ret = find_diaspora_person_by_handle($sender_handle); if (!$ret || !strstr($ret['xchan_network'], 'diaspora')) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); return; } //FIXME /* if(feature_enabled($channel['channel_id'],'premium_channel')) { $myaddr = $importer['channel_address'] . '@' . get_app()->get_hostname(); $cnv = random_string(); $mid = random_string(); $msg = t('You have started sharing with a Redmatrix premium channel.'); $msg .= t('Redmatrix premium channels are not available for sharing with Diaspora members. This sharing request has been blocked.') . "\r"; $msg .= t('Please do not reply to this message, as this channel is not sharing with you and any reply will not be seen by the recipient.') . "\r"; $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); $signed_text = $mid . ';' . $cnv . ';' . $msg . ';' . $created . ';' . $myaddr . ';' . $cnv; $sig = base64_encode(rsa_sign($signed_text,$importer['channel_prvkey'],'sha256')); $conv = array( 'guid' => xmlify($cnv), 'subject' => xmlify(t('Sharing request failed.')), 'created_at' => xmlify($created), 'diaspora_handle' => xmlify($myaddr), 'participant_handles' => xmlify($myaddr . ';' . $sender_handle) ); $msg = array( 'guid' => xmlify($mid), 'parent_guid' => xmlify($cnv), 'parent_author_signature' => xmlify($sig), 'author_signature' => xmlify($sig), 'text' => xmlify($msg), 'created_at' => xmlify($created), 'diaspora_handle' => xmlify($myaddr), 'conversation_guid' => xmlify($cnv) ); $conv['messages'] = array($msg); $tpl = get_markup_template('diaspora_conversation.tpl'); $xmsg = replace_macros($tpl, array('$conv' => $conv)); $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($xmsg,$importer,$ret,$importer['channel_prvkey'],$ret['xchan_pubkey'],false))); diaspora_transmit($importer,$ret,$slap,false); return; } */ // End FIXME $role = get_pconfig($channel['channel_id'], 'system', 'permissions_role'); if ($role) { $x = get_role_perms($role); if ($x['perms_auto']) { $default_perms = $x['perms_accept']; } } if (!$default_perms) { $default_perms = intval(get_pconfig($importer['channel_id'], 'system', 'autoperms')); } $their_perms = PERMS_R_STREAM | PERMS_R_PROFILE | PERMS_R_PHOTOS | PERMS_R_ABOOK | PERMS_W_STREAM | PERMS_W_COMMENT | PERMS_W_MAIL | PERMS_W_CHAT | PERMS_R_STORAGE | PERMS_R_PAGES; $closeness = get_pconfig($importer['channel_id'], 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_my_perms, abook_their_perms, abook_closeness, abook_rating, abook_created, abook_updated, abook_connected, abook_dob, abook_flags) values ( %d, %d, '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', %d )", intval($importer['channel_account_id']), intval($importer['channel_id']), dbesc($ret['xchan_hash']), intval($default_perms), intval($their_perms), intval($closeness), intval(0), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(NULL_DATE), intval($default_perms ? 0 : ABOOK_FLAG_PENDING)); if ($r) { logger("New Diaspora introduction received for {$importer['channel_name']}"); $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash left join hubloc on hubloc_hash = xchan_hash where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", intval($importer['channel_id']), dbesc($ret['xchan_hash'])); if ($new_connection) { require_once 'include/enotify.php'; notification(array('type' => NOTIFY_INTRO, 'from_xchan' => $ret['xchan_hash'], 'to_xchan' => $importer['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'])); if ($default_perms) { // Send back a sharing notification to them diaspora_share($importer, $new_connection[0]); } } } // find the abook record we just created $contact_record = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); if (!$contact_record) { logger('diaspora_request: unable to locate newly created contact record.'); return; } /** If there is a default group for this channel, add this member to it */ if ($importer['channel_default_group']) { require_once 'include/group.php'; $g = group_rec_byhash($importer['channel_id'], $importer['channel_default_group']); if ($g) { group_add_member($importer['channel_id'], '', $contact_record['xchan_hash'], $g['id']); } } return; }
function new_contact($uid, $url, $channel, $interactive = false, $confirm = false) { $result = array('success' => false, 'message' => ''); $a = get_app(); $is_red = false; $is_http = strpos($url, '://') !== false ? true : false; if ($is_http && substr($url, -1, 1) === '/') { $url = substr($url, 0, -1); } if (!allowed_url($url)) { $result['message'] = t('Channel is blocked on this site.'); return $result; } if (!$url) { $result['message'] = t('Channel location missing.'); return $result; } // check service class limits $r = q("select count(*) as total from abook where abook_channel = %d and abook_self = 0 ", intval($uid)); if ($r) { $total_channels = $r[0]['total']; } if (!service_class_allows($uid, 'total_channels', $total_channels)) { $result['message'] = upgrade_message(); return $result; } $arr = array('url' => $url, 'channel' => array()); call_hooks('follow', $arr); if ($arr['channel']['success']) { $ret = $arr['channel']; } elseif (!$is_http) { $ret = zot_finger($url, $channel); } if ($ret && $ret['success']) { $is_red = true; $j = json_decode($ret['body'], true); } $my_perms = get_channel_default_perms($uid); $role = get_pconfig($uid, 'system', 'permissions_role'); if ($role) { $x = get_role_perms($role); if ($x['perms_follow']) { $my_perms = $x['perms_follow']; } } if ($is_red && $j) { logger('follow: ' . $url . ' ' . print_r($j, true), LOGGER_DEBUG); if (!($j['success'] && $j['guid'])) { $result['message'] = t('Response from remote channel was incomplete.'); logger('mod_follow: ' . $result['message']); return $result; } // Premium channel, set confirm before callback to avoid recursion if (array_key_exists('connect_url', $j) && $interactive && !$confirm) { goaway(zid($j['connect_url'])); } // do we have an xchan and hubloc? // If not, create them. $x = import_xchan($j); if (array_key_exists('deleted', $j) && intval($j['deleted'])) { $result['message'] = t('Channel was deleted and no longer exists.'); return $result; } if (!$x['success']) { return $x; } $xchan_hash = $x['hash']; $their_perms = 0; $global_perms = get_perms(); if (array_key_exists('permissions', $j) && array_key_exists('data', $j['permissions'])) { $permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']); if ($permissions) { $permissions = json_decode($permissions, true); } logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA); } else { $permissions = $j['permissions']; } foreach ($permissions as $k => $v) { if ($v) { $their_perms = $their_perms | intval($global_perms[$k][1]); } } } else { $their_perms = 0; $xchan_hash = ''; $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", dbesc($url), dbesc($url)); if (!$r) { // attempt network auto-discovery if (strpos($url, '@') && !$is_http) { $r = discover_by_webbie($url); } elseif ($is_http) { $r = discover_by_url($url); $r['allowed'] = intval(get_config('system', 'feed_contacts')); } if ($r) { $r['channel_id'] = $uid; call_hooks('follow_allow', $r); if (!$r['allowed']) { $result['message'] = t('Protocol disabled.'); return $result; } $r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1", dbesc($url), dbesc($url)); } } if ($r) { $xchan_hash = $r[0]['xchan_hash']; $their_perms = 0; } } if (!$xchan_hash) { $result['message'] = t('Channel discovery failed.'); logger('follow: ' . $result['message']); return $result; } if (local_channel() && $uid == local_channel()) { $aid = get_account_id(); $hash = get_observer_hash(); $ch = $a->get_channel(); $default_group = $ch['channel_default_group']; } else { $r = q("select * from channel where channel_id = %d limit 1", intval($uid)); if (!$r) { $result['message'] = t('local account not found.'); return $result; } $aid = $r[0]['channel_account_id']; $hash = $r[0]['channel_hash']; $default_group = $r[0]['channel_default_group']; } if ($is_http) { $r = q("select count(*) as total from abook where abook_account = %d and abook_feed = 1 ", intval($aid)); if ($r) { $total_feeds = $r[0]['total']; } if (!service_class_allows($uid, 'total_feeds', $total_feeds)) { $result['message'] = upgrade_message(); return $result; } } if ($hash == $xchan_hash) { $result['message'] = t('Cannot connect to yourself.'); return $result; } $r = q("select abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid)); if ($r) { $x = q("update abook set abook_their_perms = %d where abook_id = %d", intval($their_perms), intval($r[0]['abook_id'])); } else { $closeness = get_pconfig($uid, 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $r = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_feed, abook_their_perms, abook_my_perms, abook_created, abook_updated )\n\t\t\tvalues( %d, %d, %d, '%s', %d, %d, %d, '%s', '%s' ) ", intval($aid), intval($uid), intval($closeness), dbesc($xchan_hash), intval($is_http ? 1 : 0), intval($is_http ? $their_perms | PERMS_R_STREAM | PERMS_A_REPUBLISH : $their_perms), intval($my_perms), dbesc(datetime_convert()), dbesc(datetime_convert())); } if (!$r) { logger('mod_follow: abook creation failed'); } $r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash \n\t\twhere abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($xchan_hash), intval($uid)); if ($r) { $result['abook'] = $r[0]; proc_run('php', 'include/notifier.php', 'permission_update', $result['abook']['abook_id']); } $arr = array('channel_id' => $uid, 'abook' => $result['abook']); call_hooks('follow', $arr); /** If there is a default group for this channel, add this member to it */ if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash($uid, $default_group); if ($g) { group_add_member($uid, '', $xchan_hash, $g['id']); } } $result['success'] = true; return $result; }
/** * @brief Refreshes after permission changed or friending, etc. * * zot_refresh is typically invoked when somebody has changed permissions of a channel and they are notified * to fetch new permissions via a finger/discovery operation. This may result in a new connection * (abook entry) being added to a local channel and it may result in auto-permissions being granted. * * Friending in zot is accomplished by sending a refresh packet to a specific channel which indicates a * permission change has been made by the sender which affects the target channel. The hub controlling * the target channel does targetted discovery (a zot-finger request requesting permissions for the local * channel). These are decoded here, and if necessary and abook structure (addressbook) is created to store * the permissions assigned to this channel. * * Initially these abook structures are created with a 'pending' flag, so that no reverse permissions are * implied until this is approved by the owner channel. A channel can also auto-populate permissions in * return and send back a refresh packet of its own. This is used by forum and group communication channels * so that friending and membership in the channel's "club" is automatic. * * @param array $them => xchan structure of sender * @param array $channel => local channel structure of target recipient, required for "friending" operations * @param array $force default false * * @returns boolean true if successful, else false */ function zot_refresh($them, $channel = null, $force = false) { if (array_key_exists('xchan_network', $them) && $them['xchan_network'] !== 'zot') { logger('zot_refresh: not got zot. ' . $them['xchan_name']); return true; } logger('zot_refresh: them: ' . print_r($them, true), LOGGER_DATA, LOG_DEBUG); if ($channel) { logger('zot_refresh: channel: ' . print_r($channel, true), LOGGER_DATA, LOG_DEBUG); } $url = null; if ($them['hubloc_url']) { $url = $them['hubloc_url']; } else { $r = null; // if they re-installed the server we could end up with the wrong record - pointing to the old install. // We'll order by reverse id to try and pick off the newest one first and hopefully end up with the // correct hubloc. If this doesn't work we may have to re-write this section to try them all. if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) { $r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_addr = '%s' order by hubloc_id desc", dbesc($them['xchan_addr'])); } if (!$r) { $r = q("select hubloc_url, hubloc_primary from hubloc where hubloc_hash = '%s' order by hubloc_id desc", dbesc($them['xchan_hash'])); } if ($r) { foreach ($r as $rr) { if (intval($rr['hubloc_primary'])) { $url = $rr['hubloc_url']; break; } } if (!$url) { $url = $r[0]['hubloc_url']; } } } if (!$url) { logger('zot_refresh: no url'); return false; } $token = random_string(); $postvars = array(); $postvars['token'] = $token; if ($channel) { $postvars['target'] = $channel['channel_guid']; $postvars['target_sig'] = $channel['channel_guid_sig']; $postvars['key'] = $channel['channel_pubkey']; } if (array_key_exists('xchan_addr', $them) && $them['xchan_addr']) { $postvars['address'] = $them['xchan_addr']; } if (array_key_exists('xchan_hash', $them) && $them['xchan_hash']) { $postvars['guid_hash'] = $them['xchan_hash']; } if (array_key_exists('xchan_guid', $them) && $them['xchan_guid'] && array_key_exists('xchan_guid_sig', $them) && $them['xchan_guid_sig']) { $postvars['guid'] = $them['xchan_guid']; $postvars['guid_sig'] = $them['xchan_guid_sig']; } $rhs = '/.well-known/zot-info'; $result = z_post_url($url . $rhs, $postvars); logger('zot_refresh: zot-info: ' . print_r($result, true), LOGGER_DATA, LOG_DEBUG); if ($result['success']) { $j = json_decode($result['body'], true); if (!($j && $j['success'])) { logger('zot_refresh: result not decodable'); return false; } $signed_token = is_array($j) && array_key_exists('signed_token', $j) ? $j['signed_token'] : null; if ($signed_token) { $valid = rsa_verify('token.' . $token, base64url_decode($signed_token), $j['key']); if (!$valid) { logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_ERR); return false; } } else { logger('No signed token from ' . $url . $rhs, LOGGER_NORMAL, LOG_WARNING); // after 2017-01-01 this will be a hard error unless you over-ride it. if (time() > 1483228800 && !get_config('system', 'allow_unsigned_zotfinger')) { return false; } } $x = import_xchan($j, $force ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED); if (!$x['success']) { return false; } $their_perms = 0; if ($channel) { $global_perms = get_perms(); if ($j['permissions']['data']) { $permissions = crypto_unencapsulate(array('data' => $j['permissions']['data'], 'key' => $j['permissions']['key'], 'iv' => $j['permissions']['iv']), $channel['channel_prvkey']); if ($permissions) { $permissions = json_decode($permissions, true); } logger('decrypted permissions: ' . print_r($permissions, true), LOGGER_DATA, LOG_DEBUG); } else { $permissions = $j['permissions']; } $connected_set = false; if ($permissions && is_array($permissions)) { foreach ($permissions as $k => $v) { // The connected permission means you are in their address book if ($k === 'connected') { $connected_set = intval($v); continue; } if ($v && array_key_exists($k, $global_perms)) { $their_perms = $their_perms | intval($global_perms[$k][1]); } } } if (array_key_exists('profile', $j) && array_key_exists('next_birthday', $j['profile'])) { $next_birthday = datetime_convert('UTC', 'UTC', $j['profile']['next_birthday']); } else { $next_birthday = NULL_DATE; } $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($x['hash']), intval($channel['channel_id'])); if ($r) { // connection exists // if the dob is the same as what we have stored (disregarding the year), keep the one // we have as we may have updated the year after sending a notification; and resetting // to the one we just received would cause us to create duplicated events. if (substr($r[0]['abook_dob'], 5) == substr($next_birthday, 5)) { $next_birthday = $r[0]['abook_dob']; } $current_abook_connected = intval($r[0]['abook_unconnected']) ? 0 : 1; $y = q("update abook set abook_their_perms = %d, abook_dob = '%s'\n\t\t\t\t\twhere abook_xchan = '%s' and abook_channel = %d\n\t\t\t\t\tand abook_self = 0 ", intval($their_perms), dbescdate($next_birthday), dbesc($x['hash']), intval($channel['channel_id'])); // if(($connected_set === 0 || $connected_set === 1) && ($connected_set !== $current_abook_unconnected)) { // if they are in your address book but you aren't in theirs, and/or this does not // match your current connected state setting, toggle it. /** @FIXME uncoverted to postgres */ /** @FIXME when this was enabled, all contacts became unconnected. Currently disabled intentionally */ // $y1 = q("update abook set abook_unconnected = 1 // where abook_xchan = '%s' and abook_channel = %d // and abook_self = 0 limit 1", // dbesc($x['hash']), // intval($channel['channel_id']) // ); // } if (!$y) { logger('abook update failed'); } else { // if we were just granted read stream permission and didn't have it before, try to pull in some posts if (!($r[0]['abook_their_perms'] & PERMS_R_STREAM) && $their_perms & PERMS_R_STREAM) { Zotlabs\Daemon\Master::Summon(array('Onepoll', $r[0]['abook_id'])); } } } else { // new connection $role = get_pconfig($channel['channel_id'], 'system', 'permissions_role'); if ($role) { $xx = get_role_perms($role); if ($xx['perms_auto']) { $default_perms = $xx['perms_accept']; } } if (!$default_perms) { $default_perms = intval(get_pconfig($channel['channel_id'], 'system', 'autoperms')); } // Keep original perms to check if we need to notify them $previous_perms = get_all_perms($channel['channel_id'], $x['hash']); $closeness = get_pconfig($channel['channel_id'], 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $y = q("insert into abook ( abook_account, abook_channel, abook_closeness, abook_xchan, abook_their_perms, abook_my_perms, abook_created, abook_updated, abook_dob, abook_pending ) values ( %d, %d, %d, '%s', %d, %d, '%s', '%s', '%s', %d )", intval($channel['channel_account_id']), intval($channel['channel_id']), intval($closeness), dbesc($x['hash']), intval($their_perms), intval($default_perms), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc($next_birthday), intval($default_perms ? 0 : 1)); if ($y) { logger("New introduction received for {$channel['channel_name']}"); $new_perms = get_all_perms($channel['channel_id'], $x['hash']); // Send a clone sync packet and a permissions update if permissions have changed $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 order by abook_created desc limit 1", dbesc($x['hash']), intval($channel['channel_id'])); if ($new_connection) { if ($new_perms != $previous_perms) { Zotlabs\Daemon\Master::Summon(array('Notifier', 'permission_create', $new_connection[0]['abook_id'])); } Zotlabs\Lib\Enotify::submit(array('type' => NOTIFY_INTRO, 'from_xchan' => $x['hash'], 'to_xchan' => $channel['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id'])); if ($their_perms & PERMS_R_STREAM) { if ($channel['channel_w_stream'] & PERMS_PENDING || !intval($new_connection[0]['abook_pending'])) { Zotlabs\Daemon\Master::Summon(array('Onepoll', $new_connection[0]['abook_id'])); } } /** If there is a default group for this channel, add this connection to it */ $default_group = $channel['channel_default_group']; if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash($channel['channel_id'], $default_group); if ($g) { group_add_member($channel['channel_id'], '', $x['hash'], $g['id']); } } unset($new_connection[0]['abook_id']); unset($new_connection[0]['abook_account']); unset($new_connection[0]['abook_channel']); $abconfig = load_abconfig($channel['channel_id'], $new_connection['abook_xchan']); if ($abconfig) { $new_connection['abconfig'] = $abconfig; } build_sync_packet($channel['channel_id'], array('abook' => $new_connection)); } } } } return true; } return false; }
function post() { if (!local_channel()) { return; } $contact_id = intval(argv(1)); if (!$contact_id) { return; } $channel = \App::get_channel(); // TODO if configured for hassle-free permissions, we'll post the form with ajax as soon as the // connection enable is toggled to a special autopost url and set permissions immediately, leaving // the other form elements alone pending a manual submit of the form. The downside is that there // will be a window of opportunity when the permissions have been set but before you've had a chance // to review and possibly restrict them. The upside is we won't have to warn you that your connection // can't do anything until you save the bloody form. $autopost = argc() > 2 && argv(2) === 'auto' ? true : false; $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($contact_id), intval(local_channel())); if (!$orig_record) { notice(t('Could not access contact record.') . EOL); goaway(z_root() . '/connections'); return; // NOTREACHED } call_hooks('contact_edit_post', $_POST); if (intval($orig_record[0]['abook_self'])) { $autoperms = intval($_POST['autoperms']); $is_self = true; } else { $autoperms = null; $is_self = false; } $profile_id = $_POST['profile_assign']; if ($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", dbesc($profile_id), intval(local_channel())); if (!count($r)) { notice(t('Could not locate selected profile.') . EOL); return; } } $abook_incl = escape_tags($_POST['abook_incl']); $abook_excl = escape_tags($_POST['abook_excl']); $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if ($priority > 5 || $priority < 0) { $priority = 0; } $closeness = intval($_POST['closeness']); if ($closeness < 0) { $closeness = 99; } $rating = intval($_POST['rating']); if ($rating < -10) { $rating = -10; } if ($rating > 10) { $rating = 10; } $rating_text = trim(escape_tags($_REQUEST['rating_text'])); $abook_my_perms = 0; foreach ($_POST as $k => $v) { if (strpos($k, 'perms_') === 0) { $abook_my_perms += $v; } } $new_friend = false; if (!$is_self) { $signed = $orig_record[0]['abook_xchan'] . '.' . $rating . '.' . $rating_text; $sig = base64url_encode(rsa_sign($signed, $channel['channel_prvkey'])); $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan'])); if ($z) { $record = $z[0]['xlink_id']; $w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s'\n\t\t\t\t\twhere xlink_id = %d", intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()), intval($record)); } else { $w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan']), intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert())); $z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan'])); if ($z) { $record = $z[0]['xlink_id']; } } if ($record) { proc_run('php', 'include/ratenotif.php', 'rating', $record); } } if ($_REQUEST['pending'] && intval($orig_record[0]['abook_pending'])) { $new_friend = true; // @fixme it won't be common, but when you accept a new connection request // the permissions will now be that of your permissions role and ignore // any you may have set manually on the form. We'll probably see a bug if somebody // tries to set the permissions *and* approve the connection in the same // request. The workaround is to approve the connection, then go back and // adjust permissions as desired. $abook_my_perms = get_channel_default_perms(local_channel()); $role = get_pconfig(local_channel(), 'system', 'permissions_role'); if ($role) { $x = get_role_perms($role); if ($x['perms_accept']) { $abook_my_perms = $x['perms_accept']; } } } $abook_pending = $new_friend ? 0 : $orig_record[0]['abook_pending']; $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_pending = %d,\n\t\t\tabook_incl = '%s', abook_excl = '%s'\n\t\t\twhere abook_id = %d AND abook_channel = %d", dbesc($profile_id), intval($abook_my_perms), intval($closeness), intval($abook_pending), dbesc($abook_incl), dbesc($abook_excl), intval($contact_id), intval(local_channel())); if ($orig_record[0]['abook_profile'] != $profile_id) { //Update profile photo permissions logger('A new profile was assigned - updating profile photos'); profile_photo_set_profile_perms($profile_id); } if ($r) { info(t('Connection updated.') . EOL); } else { notice(t('Failed to update connection record.') . EOL); } if (\App::$poi && \App::$poi['abook_my_perms'] != $abook_my_perms && !intval(\App::$poi['abook_self'])) { proc_run('php', 'include/notifier.php', $new_friend ? 'permission_create' : 'permission_update', $contact_id); } if ($new_friend) { $default_group = $channel['channel_default_group']; if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash(local_channel(), $default_group); if ($g) { group_add_member(local_channel(), '', \App::$poi['abook_xchan'], $g['id']); } } // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity $pr = q("select * from profile where uid = %d and is_default = 1 and hide_friends = 0", intval($channel['channel_id'])); if ($pr && !intval($orig_record[0]['abook_hidden']) && intval(get_pconfig($channel['channel_id'], 'system', 'post_newfriend'))) { $xarr = array(); $xarr['verb'] = ACTIVITY_FRIEND; $xarr['item_wall'] = 1; $xarr['item_origin'] = 1; $xarr['item_thread_top'] = 1; $xarr['owner_xchan'] = $xarr['author_xchan'] = $channel['channel_hash']; $xarr['allow_cid'] = $channel['channel_allow_cid']; $xarr['allow_gid'] = $channel['channel_allow_gid']; $xarr['deny_cid'] = $channel['channel_deny_cid']; $xarr['deny_gid'] = $channel['channel_deny_gid']; $xarr['item_private'] = $xarr['allow_cid'] || $xarr['allow_gid'] || $xarr['deny_cid'] || $xarr['deny_gid'] ? 1 : 0; $obj = array('type' => ACTIVITY_OBJ_PERSON, 'title' => \App::$poi['xchan_name'], 'id' => \App::$poi['xchan_hash'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => \App::$poi['xchan_url']), array('rel' => 'photo', 'type' => \App::$poi['xchan_photo_mimetype'], 'href' => \App::$poi['xchan_photo_l']))); $xarr['object'] = json_encode($obj); $xarr['obj_type'] = ACTIVITY_OBJ_PERSON; $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . \App::$poi['xchan_url'] . ']' . \App::$poi['xchan_name'] . '[/zrl]'; $xarr['body'] .= "\n\n\n" . '[zrl=' . \App::$poi['xchan_url'] . '][zmg=80x80]' . \App::$poi['xchan_photo_m'] . '[/zmg][/zrl]'; post_activity_item($xarr); } // pull in a bit of content if there is any to pull in proc_run('php', 'include/onepoll.php', $contact_id); } // Refresh the structure in memory with the new data $r = q("SELECT abook.*, xchan.*\n\t\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\tWHERE abook_channel = %d and abook_id = %d LIMIT 1", intval(local_channel()), intval($contact_id)); if ($r) { \App::$poi = $r[0]; } if ($new_friend) { $arr = array('channel_id' => local_channel(), 'abook' => \App::$poi); call_hooks('accept_follow', $arr); } if (!is_null($autoperms)) { set_pconfig(local_channel(), 'system', 'autoperms', $autoperms ? $abook_my_perms : 0); } $this->connedit_clone($a); if ($_REQUEST['pending'] && !$_REQUEST['done']) { goaway(z_root() . '/connections/ifpending'); } return; }
function diaspora_request($importer, $xml) { $a = get_app(); $sender_handle = unxmlify(diaspora_get_author($xml)); $recipient_handle = unxmlify(diaspora_get_recipient($xml)); // @TODO - map these perms to $newperms below if (array_key_exists('following', $xml) && array_key_exists('sharing', $xml)) { $following = unxmlify($xml['following']) === 'true' ? true : false; $sharing = unxmlify($xml['sharing']) === 'true' ? true : false; } else { $following = true; $sharing = true; } if (!$sender_handle || !$recipient_handle) { return; } // Do we already have an abook record? $contact = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); // Please note some permissions such as PERMS_R_PAGES are impossible for Disapora. // They cannot currently authenticate to our system. $x = \Zotlabs\Access\PermissionRoles::role_perms('social'); $their_perms = \Zotlabs\Access\Permissions::FilledPerms($x['perms_connect']); if ($contact && $contact['abook_id']) { // perhaps we were already sharing with this person. Now they're sharing with us. // That makes us friends. Maybe. foreach ($their_perms as $k => $v) { set_abconfig($importer['channel_id'], $contact['abook_xchan'], 'their_perms', $k, $v); } $abook_instance = $contact['abook_instance']; if ($abook_instance) { $abook_instance .= ','; } $abook_instance .= z_root(); $r = q("update abook set abook_instance = '%s' where abook_id = %d and abook_channel = %d", dbesc($abook_instance), intval($contact['abook_id']), intval($importer['channel_id'])); return; } $ret = find_diaspora_person_by_handle($sender_handle); if (!$ret || !strstr($ret['xchan_network'], 'diaspora')) { logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); return; } $my_perms = false; $role = get_pconfig($importer['channel_id'], 'system', 'permissions_role'); if ($role) { $x = \Zotlabs\Access\PermissionRoles::role_perms($role); if ($x['perms_auto']) { $my_perms = \Zotlabs\Access\Permissions::FilledPerms($x['perms_connect']); } } if (!$my_perms) { $my_perms = \Zotlabs\Access\Permissions::FilledAutoperms($importer['channel_id']); } $closeness = get_pconfig($importer['channel_id'], 'system', 'new_abook_closeness'); if ($closeness === false) { $closeness = 80; } $r = q("insert into abook ( abook_account, abook_channel, abook_xchan, abook_my_perms, abook_their_perms, abook_closeness, abook_created, abook_updated, abook_connected, abook_dob, abook_pending, abook_instance ) values ( %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', %d, '%s' )", intval($importer['channel_account_id']), intval($importer['channel_id']), dbesc($ret['xchan_hash']), intval($default_perms), intval($their_perms), intval($closeness), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(NULL_DATE), intval($my_perms ? 0 : 1), dbesc(z_root())); if ($my_perms) { foreach ($my_perms as $k => $v) { set_abconfig($importer['channel_id'], $ret['xchan_hash'], 'my_perms', $k, $v); } } if ($their_perms) { foreach ($their_perms as $k => $v) { set_abconfig($importer['channel_id'], $ret['xchan_hash'], 'their_perms', $k, $v); } } if ($r) { logger("New Diaspora introduction received for {$importer['channel_name']}"); $new_connection = q("select * from abook left join xchan on abook_xchan = xchan_hash left join hubloc on hubloc_hash = xchan_hash where abook_channel = %d and abook_xchan = '%s' order by abook_created desc limit 1", intval($importer['channel_id']), dbesc($ret['xchan_hash'])); if ($new_connection) { \Zotlabs\Lib\Enotify::submit(['type' => NOTIFY_INTRO, 'from_xchan' => $ret['xchan_hash'], 'to_xchan' => $importer['channel_hash'], 'link' => z_root() . '/connedit/' . $new_connection[0]['abook_id']]); if ($my_perms) { // Send back a sharing notification to them $x = diaspora_share($importer, $new_connection[0]); if ($x) { Zotlabs\Daemon\Master::Summon(array('Deliver', $x)); } } $clone = array(); foreach ($new_connection[0] as $k => $v) { if (strpos($k, 'abook_') === 0) { $clone[$k] = $v; } } unset($clone['abook_id']); unset($clone['abook_account']); unset($clone['abook_channel']); $abconfig = load_abconfig($importer['channel_id'], $clone['abook_xchan']); if ($abconfig) { $clone['abconfig'] = $abconfig; } build_sync_packet($importer['channel_id'], ['abook' => array($clone)]); } } // find the abook record we just created $contact_record = diaspora_get_contact_by_handle($importer['channel_id'], $sender_handle); if (!$contact_record) { logger('diaspora_request: unable to locate newly created contact record.'); return; } /** If there is a default group for this channel, add this member to it */ if ($importer['channel_default_group']) { require_once 'include/group.php'; $g = group_rec_byhash($importer['channel_id'], $importer['channel_default_group']); if ($g) { group_add_member($importer['channel_id'], '', $contact_record['xchan_hash'], $g['id']); } } return; }
function connedit_post(&$a) { if (!local_user()) { return; } $contact_id = intval(argv(1)); if (!$contact_id) { return; } $orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($contact_id), intval(local_user())); if (!$orig_record) { notice(t('Could not access contact record.') . EOL); goaway($a->get_baseurl(true) . '/connections'); return; // NOTREACHED } call_hooks('contact_edit_post', $_POST); $profile_id = $_POST['profile_assign']; if ($profile_id) { $r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1", dbesc($profile_id), intval(local_user())); if (!count($r)) { notice(t('Could not locate selected profile.') . EOL); return; } } $hidden = intval($_POST['hidden']); $priority = intval($_POST['poll']); if ($priority > 5 || $priority < 0) { $priority = 0; } $closeness = intval($_POST['closeness']); if ($closeness < 0) { $closeness = 99; } $abook_my_perms = 0; foreach ($_POST as $k => $v) { if (strpos($k, 'perms_') === 0) { $abook_my_perms += $v; } } $abook_flags = $orig_record[0]['abook_flags']; $new_friend = false; if ($_REQUEST['pending'] && $abook_flags & ABOOK_FLAG_PENDING) { $abook_flags = $abook_flags ^ ABOOK_FLAG_PENDING; $new_friend = true; } $r = q("UPDATE abook SET abook_profile = '%s', abook_my_perms = %d , abook_closeness = %d, abook_flags = %d\n\t\twhere abook_id = %d AND abook_channel = %d LIMIT 1", dbesc($profile_id), intval($abook_my_perms), intval($closeness), intval($abook_flags), intval($contact_id), intval(local_user())); if ($orig_record[0]['abook_profile'] != $profile_id) { //Update profile photo permissions logger('As a new profile was assigned updating profile photos'); require_once 'mod/profile_photo.php'; profile_photo_set_profile_perms($profile_id); } if ($r) { info(t('Connection updated.') . EOL); } else { notice(t('Failed to update connection record.') . EOL); } if ($a->poi && $a->poi['abook_my_perms'] != $abook_my_perms && !($a->poi['abook_flags'] & ABOOK_FLAG_SELF)) { proc_run('php', 'include/notifier.php', 'permission_update', $contact_id); } if ($new_friend) { $channel = $a->get_channel(); $default_group = $channel['channel_default_group']; if ($default_group) { require_once 'include/group.php'; $g = group_rec_byhash(local_user(), $default_group); if ($g) { group_add_member(local_user(), '', $a->poi['abook_xchan'], $g['id']); } } // Check if settings permit ("post new friend activity" is allowed, and // friends in general or this friend in particular aren't hidden) // and send out a new friend activity $pr = q("select * from profile where uid = %d and is_default = 1 and hide_friends = 0", intval($channel['channel_id'])); if ($pr && !($abook_flags & ABOOK_FLAG_HIDDEN) && intval(get_pconfig($channel['channel_id'], 'system', 'post_newfriend'))) { $xarr = array(); $xarr['verb'] = ACTIVITY_FRIEND; $xarr['item_flags'] = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP; $xarr['owner_xchan'] = $xarr['author_xchan'] = $channel['channel_hash']; $xarr['allow_cid'] = $channel['channel_allow_cid']; $xarr['allow_gid'] = $channel['channel_allow_gid']; $xarr['deny_cid'] = $channel['channel_deny_cid']; $xarr['deny_gid'] = $channel['channel_deny_gid']; $xarr['item_private'] = $xarr['allow_cid'] || $xarr['allow_gid'] || $xarr['deny_cid'] || $xarr['deny_gid'] ? 1 : 0; $obj = array('type' => ACTIVITY_OBJ_PERSON, 'title' => $a->poi['xchan_name'], 'id' => $a->poi['xchan_hash'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $a->poi['xchan_url']), array('rel' => 'photo', 'type' => $a->poi['xchan_photo_mimetype'], 'href' => $a->poi['xchan_photo_l']))); $xarr['object'] = json_encode($obj); $xarr['obj_type'] = ACTIVITY_OBJ_PERSON; $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . $a->poi['xchan_url'] . ']' . $a->poi['xchan_name'] . '[/zrl]'; $xarr['body'] .= "\n\n\n" . '[zrl=' . $a->poi['xchan_url'] . '][zmg=80x80]' . $a->poi['xchan_photo_m'] . '[/zmg][/zrl]'; post_activity_item($xarr); } // pull in a bit of content if there is any to pull in proc_run('php', 'include/onepoll.php', $contact_id); } // Refresh the structure in memory with the new data $r = q("SELECT abook.*, xchan.* \n\t\tFROM abook left join xchan on abook_xchan = xchan_hash\n\t\tWHERE abook_channel = %d and abook_id = %d LIMIT 1", intval(local_user()), intval($contact_id)); if ($r) { $a->poi = $r[0]; } if ($new_friend) { $arr = array('channel_id' => local_user(), 'abook' => $a->poi); call_hooks('accept_follow', $arr); } connedit_clone($a); return; }
function network_content(&$a, $update = 0, $load = false) { if (!local_user()) { $_SESSION['return_url'] = $a->query_string; return login(false); } $arr = array('query' => $a->query_string); call_hooks('network_content_init', $arr); $channel = $a->get_channel(); $search = $_GET['search'] ? $_GET['search'] : ''; if ($search) { if (strpos($search, '@') === 0) { $r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1", dbesc(substr($search, 1)), intval(local_user())); if ($r) { $_GET['cid'] = $r[0]['abook_id']; $search = $_GET['search'] = ''; } } elseif (strpos($search, '#') === 0) { $search = $_GET['search'] = substr($search, 1); } } $datequery = $datequery2 = ''; $group = 0; $nouveau = false; $datequery = x($_GET, 'dend') && is_a_date_arg($_GET['dend']) ? notags($_GET['dend']) : ''; $datequery2 = x($_GET, 'dbegin') && is_a_date_arg($_GET['dbegin']) ? notags($_GET['dbegin']) : ''; $nouveau = x($_GET, 'new') ? intval($_GET['new']) : 0; $gid = x($_GET, 'gid') ? intval($_GET['gid']) : 0; if ($datequery) { $_GET['order'] = 'post'; } if ($gid) { $r = q("SELECT * FROM `groups` WHERE id = %d AND uid = %d LIMIT 1", intval($gid), intval(local_user())); if (!$r) { if ($update) { killme(); } notice(t('No such group') . EOL); goaway($a->get_baseurl(true) . '/network'); // NOTREACHED } $group = $gid; $group_hash = $r[0]['hash']; $def_acl = array('allow_gid' => '<' . $r[0]['hash'] . '>'); } $o = ''; // if no tabs are selected, defaults to comments $cid = x($_GET, 'cid') ? intval($_GET['cid']) : 0; $star = x($_GET, 'star') ? intval($_GET['star']) : 0; $order = x($_GET, 'order') ? notags($_GET['order']) : 'comment'; $liked = x($_GET, 'liked') ? intval($_GET['liked']) : 0; $conv = x($_GET, 'conv') ? intval($_GET['conv']) : 0; $spam = x($_GET, 'spam') ? intval($_GET['spam']) : 0; $cmin = x($_GET, 'cmin') ? intval($_GET['cmin']) : 0; $cmax = x($_GET, 'cmax') ? intval($_GET['cmax']) : 99; $firehose = x($_GET, 'fh') ? intval($_GET['fh']) : 0; $file = x($_GET, 'file') ? $_GET['file'] : ''; if (x($_GET, 'search') || x($_GET, 'file')) { $nouveau = true; } if ($cid) { $def_acl = array('allow_cid' => '<' . intval($cid) . '>'); } if (!$update) { $o .= network_tabs(); // search terms header if ($search) { $o .= '<h2>' . t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT, 'UTF-8') . '</h2>'; } nav_set_selected('network'); $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']); $x = array('is_owner' => true, 'allow_location' => intval(get_pconfig($channel['channel_id'], 'system', 'use_browser_location')) ? '1' : '', 'default_location' => $channel['channel_location'], 'nickname' => $channel['channel_address'], 'lockstate' => $group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid'] ? 'lock' : 'unlock', 'acl' => populate_acl($group || $cid ? $def_acl : $channel_acl), 'bang' => $group || $cid ? '!' : '', 'visitor' => true, 'profile_uid' => local_user()); $o .= status_editor($a, $x); } // We don't have to deal with ACL's on this page. You're looking at everything // that belongs to you, hence you can see all of it. We will filter by group if // desired. $sql_options = $star ? " and (item_flags & " . intval(ITEM_STARRED) . ")" : ''; $sql_nets = ''; $sql_extra = " AND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE (item_flags & " . intval(ITEM_THREAD_TOP) . ") {$sql_options} ) "; if ($group) { $contact_str = ''; $contacts = group_get_members($group); if ($contacts) { foreach ($contacts as $c) { if ($contact_str) { $contact_str .= ','; } $contact_str .= "'" . $c['xchan'] . "'"; } } else { $contact_str = ' 0 '; info(t('Collection is empty')); } $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND (( author_xchan IN ( {$contact_str} ) OR owner_xchan in ( {$contact_str} )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent and item_restrict = 0 ) "; $x = group_rec_byhash(local_user(), $group_hash); if ($x) { $o = '<h2>' . t('Collection: ') . $x['name'] . '</h2>' . $o; } } elseif ($cid) { $r = q("SELECT abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_channel = %d and not ( abook_flags & " . intval(ABOOK_FLAG_BLOCKED) . ") limit 1", intval($cid), intval(local_user())); if ($r) { $sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true {$sql_options} AND uid = " . intval(local_user()) . " AND ( author_xchan = '" . dbesc($r[0]['abook_xchan']) . "' or owner_xchan = '" . dbesc($r[0]['abook_xchan']) . "' ) and item_restrict = 0 ) "; $o = '<h2>' . t('Connection: ') . $r[0]['xchan_name'] . '</h2>' . $o; } else { notice(t('Invalid connection.') . EOL); goaway($a->get_baseurl(true) . '/network'); } } if (!$update) { // The special div is needed for liveUpdate to kick in for this page. // We only launch liveUpdate if you aren't filtering in some incompatible // way and also you aren't writing a comment (discovered in javascript). if ($gid || $cid || $cmin || $cmax != 99 || $star || $liked || $conv || $spam || $nouveau || $list) { $firehose = 0; } $o .= '<div id="live-network"></div>' . "\r\n"; $o .= "<script> var profile_uid = " . $_SESSION['uid'] . "; var profile_page = " . $a->pager['page'] . ";</script>"; $a->page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"), array('$baseurl' => z_root(), '$pgtype' => 'network', '$uid' => local_user() ? local_user() : '0', '$gid' => $gid ? $gid : '0', '$cid' => $cid ? $cid : '0', '$cmin' => $cmin ? $cmin : '0', '$cmax' => $cmax ? $cmax : '0', '$star' => $star ? $star : '0', '$liked' => $liked ? $liked : '0', '$conv' => $conv ? $conv : '0', '$spam' => $spam ? $spam : '0', '$fh' => $firehose ? $firehose : '0', '$nouveau' => $nouveau ? $nouveau : '0', '$wall' => '0', '$list' => x($_REQUEST, 'list') ? intval($_REQUEST['list']) : 0, '$page' => $a->pager['page'] != 1 ? $a->pager['page'] : 1, '$search' => $search ? $search : '', '$order' => $order, '$file' => $file, '$cats' => '', '$dend' => $datequery, '$mid' => '', '$dbegin' => $datequery2)); } $sql_extra3 = ''; if ($datequery) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); } if ($datequery2) { $sql_extra3 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } $sql_extra2 = $nouveau ? '' : " AND `item`.`parent` = `item`.`id` "; $sql_extra3 = $nouveau ? '' : $sql_extra3; if (x($_GET, 'search')) { $search = escape_tags($_GET['search']); if (strpos($search, '#') === 0) { $sql_extra .= term_query('item', substr($search, 1), TERM_HASHTAG); } else { $sql_extra .= sprintf(" AND `item`.`body` like '%s' ", dbesc(protect_sprintf('%' . $search . '%'))); } } if (strlen($file)) { $sql_extra .= term_query('item', $file, TERM_FILE); } if ($conv) { $sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan like '%s' or ( item_flags & %d ))) ", dbesc(protect_sprintf($channel['channel_hash'])), intval(ITEM_MENTIONSME)); } if ($update && !$load) { // only setup pagination on initial page view $pager_sql = ''; } else { $itemspage = get_pconfig(local_user(), 'system', 'itemspage'); $a->set_pager_itemspage(intval($itemspage) ? $itemspage : 20); $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage'])); } if ($cmin != 0 || $cmax != 99) { // Not everybody who shows up in the network stream will be in your address book. // By default those that aren't are assumed to have closeness = 99; but this isn't // recorded anywhere. So if cmax is 99, we'll open the search up to anybody in // the stream with a NULL address book entry. $sql_nets .= " AND "; if ($cmax == 99) { $sql_nets .= " ( "; } $sql_nets .= "( abook.abook_closeness >= " . intval($cmin) . " "; $sql_nets .= " AND abook.abook_closeness <= " . intval($cmax) . " ) "; if ($cmax == 99) { $sql_nets .= " OR abook.abook_closeness IS NULL ) "; } } if ($firehose && !get_config('system', 'disable_discover_tab')) { require_once 'include/identity.php'; $sys = get_sys_channel(); $uids = " and item.uid = " . intval($sys['channel_id']) . " "; $a->data['firehose'] = intval($sys['channel_id']); } else { $uids = " and item.uid = " . local_user() . " "; } $simple_update = $update ? " and ( item.item_flags & " . intval(ITEM_UNSEEN) . " ) " : ''; // This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day // or three and look at your matrix page - after opening up your browser. The first page loads just as it // should. All of a sudden a few seconds later, page 2 will get inserted at the beginning of the page // (before the page 1 content). The update code is actually doing just what it's supposed // to, it's fetching posts that have the ITEM_UNSEEN bit set. But the reason that page 2 content is being // returned in an UPDATE is because you hadn't gotten that far yet - you're still on page 1 and everything // that we loaded for page 1 is now marked as seen. But the stuff on page 2 hasn't been. So... it's being // treated as "new fresh" content because it is unseen. We need to distinguish it somehow from content // which "arrived as you were reading page 1". We're going to do this // by storing in your session the current UTC time whenever you LOAD a network page, and only UPDATE items // which are both ITEM_UNSEEN and have "changed" since that time. Cross fingers... if ($update && $_SESSION['loadtime']) { $simple_update .= " and item.changed > '" . datetime_convert('UTC', 'UTC', $_SESSION['loadtime']) . "' "; } if ($load) { $simple_update = ''; } if ($nouveau && $load) { // "New Item View" - show all items unthreaded in reverse created date order $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` \n\t\t\tWHERE true {$uids} AND item_restrict = 0 \n\t\t\t{$simple_update}\n\t\t\t{$sql_extra} {$sql_nets}\n\t\t\tORDER BY `item`.`received` DESC {$pager_sql} "); require_once 'include/items.php'; xchan_query($items); $items = fetch_post_tags($items, true); } elseif ($update) { // Normal conversation view if ($order === 'post') { $ordering = "`created`"; } else { $ordering = "`commented`"; } if ($load) { $_SESSION['loadtime'] = datetime_convert(); // Fetch a page full of parent items for this page $r = q("SELECT distinct item.id AS item_id FROM item \n\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\tWHERE true {$uids} AND item.item_restrict = 0\n\t\t\t\tAND item.parent = item.id\n\t\t\t\tand ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets}\n\t\t\t\tORDER BY item.{$ordering} DESC {$pager_sql} ", intval(ABOOK_FLAG_BLOCKED)); } else { if (!$firehose) { // update $r = q("SELECT item.parent AS item_id FROM item\n\t\t\t\t\tleft join abook on item.author_xchan = abook.abook_xchan\n\t\t\t\t\tWHERE true {$uids} AND item.item_restrict = 0 {$simple_update}\n\t\t\t\t\tand ((abook.abook_flags & %d) = 0 or abook.abook_flags is null)\n\t\t\t\t\t{$sql_extra3} {$sql_extra} {$sql_nets} ", intval(ABOOK_FLAG_BLOCKED)); } } // Then fetch all the children of the parents that are on this page $parents_str = ''; $update_unseen = ''; if ($r) { $parents_str = ids_to_querystr($r, 'item_id'); $items = q("SELECT `item`.*, `item`.`id` AS `item_id` FROM `item` \n\t\t\t\tWHERE true {$uids} AND `item`.`item_restrict` = 0\n\t\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t\t{$sql_extra} ", dbesc($parents_str)); xchan_query($items); $items = fetch_post_tags($items, true); $items = conv_sort($items, $ordering); } else { $items = array(); } if ($parents_str) { $update_unseen = ' AND parent IN ( ' . dbesc($parents_str) . ' )'; } } if ($update_unseen && !$firehose) { $r = q("UPDATE `item` SET item_flags = ( item_flags ^ %d)\n\t\t\tWHERE (item_flags & %d) AND `uid` = %d {$update_unseen} ", intval(ITEM_UNSEEN), intval(ITEM_UNSEEN), intval(local_user())); } $mode = $nouveau ? 'network-new' : 'network'; $o .= conversation($a, $items, $mode, $update, 'client'); if ($items && !$update) { $o .= alt_pager($a, count($items)); } return $o; }