function search_ac_init(&$a) { if (!local_channel()) { killme(); } $start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0; $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100; $search = x($_REQUEST, 'search') ? $_REQUEST['search'] : ""; if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) { $search = $_REQUEST['query']; } // Priority to people searches if ($search) { $people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' "); $tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' "); } $r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel())); $results = array(); if ($r) { foreach ($r as $g) { $results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => ''); } } $r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG)); if (count($r)) { foreach ($r as $g) { $results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => ''); } } header("content-type: application/json"); $o = array('start' => $start, 'count' => $count, 'items' => $results); echo json_encode($o); logger('search_ac: ' . print_r($x, true)); killme(); }
function new_access_token($token, $consumer, $verifier = null) { logger(__FUNCTION__ . ":" . $token . ", " . $consumer . ", " . $verifier, LOGGER_DEBUG); // return a new access token attached to this consumer // for the user associated with this token if the request token // is authorized // should also invalidate the request token $ret = Null; // get user for this verifier $uverifier = get_config("oauth", $verifier); logger(__FUNCTION__ . ":" . $verifier . "," . $uverifier, LOGGER_DEBUG); if (is_null($verifier) || $uverifier !== false) { $key = $this->gen_token(); $sec = $this->gen_token(); $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)", dbesc($key), dbesc($sec), dbesc($consumer->key), 'access', time() + intval(ACCESS_TOKEN_DURATION), intval($uverifier)); if ($r) { $ret = new OAuth1Token($key, $sec); } } q("DELETE FROM tokens WHERE id='%s'", $token->key); if (!is_null($ret) && $uverifier !== false) { del_config("oauth", $verifier); // $apps = get_pconfig($uverifier, "oauth", "apps"); // if ($apps===false) $apps=array(); // $apps[] = $consumer->key; // set_pconfig($uverifier, "oauth", "apps", $apps); } return $ret; }
function post() { if (!local_channel()) { return; } if (\App::$argc != 2) { return; } $contact_id = intval(\App::$argv[1]); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_channel())); if (!count($r)) { notice(t('Contact not found.') . EOL); return; } $contact = $r[0]; $new_contact = intval($_POST['suggest']); $hash = random_string(); $note = escape_tags(trim($_POST['note'])); if ($new_contact) { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_channel())); if (count($r)) { $x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)\n\t\t\t\t\tVALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_channel()), intval($contact_id), dbesc($r[0]['name']), dbesc($r[0]['url']), dbesc($r[0]['request']), dbesc($r[0]['photo']), dbesc($hash), dbesc(datetime_convert())); $r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", dbesc($hash), intval(local_channel())); if (count($r)) { $fsuggest_id = $r[0]['id']; q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_channel())); proc_run('php', 'include/notifier.php', 'suggest', $fsuggest_id); } info(t('Friend suggestion sent.') . EOL); } } }
function repair_ostatus_content(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); goaway($_SESSION['return_url']); // NOTREACHED } $o = "<h2>" . t("Resubsribing to OStatus contacts") . "</h2>"; $uid = local_user(); $a = get_app(); $counter = intval($_REQUEST['counter']); $r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING)); if (!$r) { return $o . t("Error"); } $total = $r[0]["total"]; $r = q("SELECT `url` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)\n\t\tORDER BY `url`\n\t\tLIMIT %d, 1", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING), $counter++); if (!$r) { $o .= t("Done"); return $o; } $o .= "<p>" . $counter . "/" . $total . ": " . $r[0]["url"] . "</p>"; $o .= "<p>" . t("Keep this window open until done.") . "</p>"; $result = new_contact($uid, $r[0]["url"], true); $a->page['htmlhead'] = '<meta http-equiv="refresh" content="1; URL=' . $a->get_baseurl() . '/repair_ostatus?counter=' . $counter . '">'; return $o; }
function bookmarks_init(&$a) { if (!local_user()) { return; } $item_id = intval($_REQUEST['item']); if (!$item_id) { return; } $u = $a->get_channel(); $i = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_user())); if (!$i) { return; } $i = fetch_post_tags($i); $item = $i[0]; $terms = get_terms_oftype($item['term'], TERM_BOOKMARK); if ($terms && !$item['item_restrict']) { require_once 'include/bookmarks.php'; $s = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan'])); if (!$s) { logger('mod_bookmarks: author lookup failed.'); killme(); } foreach ($terms as $t) { bookmark_add($u, $s[0], $t, $item['item_private']); info(t('Bookmark added') . EOL); } } killme(); }
function siteinfo_init(&$a) { if ($a->argv[1] == "json") { $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); $sql_extra = ''; if (x($a->config, 'admin_nickname')) { $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname'])); } if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') { $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email'])); $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']); } else { $admin = false; } $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if (count($r)) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } if (@is_dir('.git') && function_exists('shell_exec')) { $commit = @shell_exec('git log -1 --format="%h"'); } if (!isset($commit) || strlen($commit) > 16) { $commit = ''; } $data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : ''); echo json_encode($data); killme(); } }
function xrd_init(&$a) { $uri = urldecode(notags(trim($_GET['uri']))); if (substr($uri, 0, 4) === 'http') { $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name)); if (!count($r)) { killme(); } $salmon_key = salmon_key($r[0]['spubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); if (get_config('system', 'diaspora_enabled')) { //$tpl = file_get_contents('view/xrd_diaspora.tpl'); $tpl = get_markup_template('xrd_diaspora.tpl'); $dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey'])))); } else { $dspr = ''; } //$tpl = file_get_contents('view/xrd_person.tpl'); $tpl = get_markup_template('xrd_person.tpl'); $o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey']))); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
/** * Updates an addressbook's properties * * See Sabre_DAV_IProperties for a description of the mutations array, as * well as the return value. * * @param mixed $addressBookId * @param array $mutations * @throws Sabre_DAV_Exception_Forbidden * @see Sabre_DAV_IProperties::updateProperties * @return bool|array */ public function updateAddressBook($addressBookId, array $mutations) { $updates = array(); foreach ($mutations as $property => $newValue) { switch ($property) { case '{DAV:}displayname': $updates['displayname'] = $newValue; break; case '{' . Sabre_CardDAV_Plugin::NS_CARDDAV . '}addressbook-description': $updates['description'] = $newValue; break; default: // If any unsupported values were being updated, we must // let the entire request fail. return false; } } // No values are being updated? if (!$updates) { return false; } $query = 'UPDATE ' . CALDAV_SQL_DB . CALDAV_SQL_PREFIX . 'addressbooks SET ctag = ctag + 1 '; foreach ($updates as $key => $value) { $query .= ', `' . dbesc($key) . '` = ' . dbesc($key) . ' '; } $query .= ' WHERE id = ' . IntVal($addressBookId); q($query); return true; }
function checksites_run($argv, $argc) { cli_startup(); $a = get_app(); logger('checksites: start'); if ($argc > 1 && $argv[1]) { $site_id = $argv[1]; } if ($site_id) { $sql_options = " and site_url = '" . dbesc($argv[1]) . "' "; } $days = intval(get_config('system', 'sitecheckdays')); if ($days < 1) { $days = 30; } $r = q("select * from site where site_dead = 0 and site_update < %s - INTERVAL %s and site_type = %d {$sql_options} ", db_utcnow(), db_quoteinterval($days . ' DAY'), intval(SITE_TYPE_ZOT)); if (!$r) { return; } foreach ($r as $rr) { if (!strcasecmp($rr['site_url'], z_root())) { continue; } $x = ping_site($rr['site_url']); if ($x['success']) { logger('checksites: ' . $rr['site_url']); q("update site set site_update = '%s' where site_url = '%s' ", dbesc(datetime_convert()), dbesc($rr['site_url'])); } else { logger('marking dead site: ' . $x['message']); q("update site set site_dead = 1 where site_url = '%s' ", dbesc($rr['site_url'])); } } return; }
function xrd_init(&$a) { $uri = urldecode(notags(trim($_GET['uri']))); if (substr($uri, 0, 4) === 'http') { $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name)); if (!$r) { killme(); } $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])))); $salmon_key = salmon_key($r[0]['channel_pubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); $tpl = get_markup_template('view/xrd_person.tpl'); $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key)); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
function chat_post(&$a) { if ($_POST['room_name']) { $room = strip_tags(trim($_POST['room_name'])); } if (!$room || !local_channel()) { return; } $channel = $a->get_channel(); if ($_POST['action'] === 'drop') { logger('delete chatroom'); chatroom_destroy($channel, array('cr_name' => $room)); goaway(z_root() . '/chat/' . $channel['channel_address']); } $arr = array('name' => $room); $arr['allow_gid'] = perms2str($_REQUEST['group_allow']); $arr['allow_cid'] = perms2str($_REQUEST['contact_allow']); $arr['deny_gid'] = perms2str($_REQUEST['group_deny']); $arr['deny_cid'] = perms2str($_REQUEST['contact_deny']); chatroom_create($channel, $arr); $x = q("select cr_id from chatroom where cr_name = '%s' and cr_uid = %d limit 1", dbesc($room), intval(local_channel())); if ($x) { goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']); } // that failed. Try again perhaps? goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new'); }
function notify_init(&$a) { if (!local_user()) { return; } if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) { $r = q("select * from notify where id = %d and uid = %d limit 1", intval($a->argv[2]), intval(local_user())); if (count($r)) { q("update notify set seen = 1 where ( link = '%s' or ( parent != 0 and parent = %d and otype = '%s' )) and uid = %d", dbesc($r[0]['link']), intval($r[0]['parent']), dbesc($r[0]['otype']), intval(local_user())); // The friendica client has problems with the GUID. this is some workaround if ($a->is_friendica_app()) { require_once "include/items.php"; $urldata = parse_url($r[0]['link']); $guid = basename($urldata["path"]); $itemdata = get_item_id($guid, local_user()); if ($itemdata["id"] != 0) { $r[0]['link'] = $a->get_baseurl() . '/display/' . $itemdata["nick"] . '/' . $itemdata["id"]; } } goaway($r[0]['link']); } goaway($a->get_baseurl(true)); } if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') { $r = q("update notify set seen = 1 where uid = %d", intval(local_user())); $j = json_encode(array('result' => $r ? 'success' : 'fail')); echo $j; killme(); } }
function attach_init(&$a) { if ($a->argc != 2) { notice(t('Item not available.') . EOL); return; } $item_id = intval($a->argv[1]); // Check for existence, which will also provide us the owner uid $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id)); if (!count($r)) { notice(t('Item was not found.') . EOL); return; } $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the attachment $r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id)); if (!count($r)) { notice(t('Permission denied.') . EOL); return; } // Use quotes around the filename to prevent a "multiple Content-Disposition" // error in Chrome for filenames with commas in them header('Content-type: ' . $r[0]['filetype']); header('Content-length: ' . $r[0]['filesize']); if (isset($_GET['attachment']) && $_GET['attachment'] === '0') { header('Content-disposition: filename="' . $r[0]['filename'] . '"'); } else { header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); } echo $r[0]['data']; killme(); // NOTREACHED }
function pubsub_post(&$a) { $xml = file_get_contents('php://input'); logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd); logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']); logger('pubsub: data: ' . $xml, LOGGER_DATA); // if(! stristr($xml,'<?xml')) { // logger('pubsub_post: bad xml'); // hub_post_return(); // } $nick = $a->argc > 1 ? notags(trim($a->argv[1])) : ''; $contact_id = $a->argc > 2 ? intval($a->argv[2]) : 0; $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", dbesc($nick)); if (!count($r)) { hub_post_return(); } $importer = $r[0]; $r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d \n\t\tAND ( `rel` = %d OR `rel` = %d OR network = '%s' ) AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($contact_id), intval($importer['uid']), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), dbesc(NETWORK_FEED)); if (!count($r)) { logger('pubsub: no contact record for "' . $nick . ' (' . $contact_id . ')" - ignored. ' . $xml); hub_post_return(); } $contact = $r[0]; // we have no way to match Diaspora guid's with atom post id's and could get duplicates. // we'll assume that direct delivery is robust (and this is a bad assumption, but the duplicates are messy). if ($r[0]['network'] === NETWORK_DIASPORA) { hub_post_return(); } $feedhub = ''; require_once 'include/items.php'; consume_feed($xml, $importer, $contact, $feedhub, 1, 1); // do it a second time so that any children find their parents. consume_feed($xml, $importer, $contact, $feedhub, 1, 2); hub_post_return(); }
function get() { if (!local_channel()) { notice(t('Permission denied.') . EOL); return; } $channel = \App::get_channel(); $app = null; $embed = null; if ($_REQUEST['appid']) { $r = q("select * from app where app_id = '%s' and app_channel = %d limit 1", dbesc($_REQUEST['appid']), dbesc(local_channel())); if ($r) { $app = $r[0]; $term = q("select * from term where otype = %d and oid = %d", intval(TERM_OBJ_APP), intval($r[0]['id'])); if ($term) { $app['categories'] = ''; foreach ($term as $t) { if ($app['categories']) { $app['categories'] .= ','; } $app['categories'] .= $t['term']; } } } $embed = array('embed', t('Embed code'), app_encode($app, true), '', 'onclick="this.select();"'); } return replace_macros(get_markup_template('app_create.tpl'), array('$banner' => $app ? t('Edit App') : t('Create App'), '$app' => $app, '$guid' => $app ? $app['app_id'] : '', '$author' => $app ? $app['app_author'] : $channel['channel_hash'], '$addr' => $app ? $app['app_addr'] : $channel['xchan_addr'], '$name' => array('name', t('Name of app'), $app ? $app['app_name'] : '', t('Required')), '$url' => array('url', t('Location (URL) of app'), $app ? $app['app_url'] : '', t('Required')), '$desc' => array('desc', t('Description'), $app ? $app['app_desc'] : '', ''), '$photo' => array('photo', t('Photo icon URL'), $app ? $app['app_photo'] : '', t('80 x 80 pixels - optional')), '$categories' => array('categories', t('Categories (optional, comma separated list)'), $app ? $app['categories'] : '', ''), '$version' => array('version', t('Version ID'), $app ? $app['app_version'] : '', ''), '$price' => array('price', t('Price of app'), $app ? $app['app_price'] : '', ''), '$page' => array('page', t('Location (URL) to purchase app'), $app ? $app['app_page'] : '', ''), '$system' => $app ? intval($app['app_system']) : 0, '$requires' => $app ? $app['app_requires'] : '', '$embed' => $embed, '$submit' => t('Submit'))); }
function init() { $result = array('success' => false); $mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : ''; if (!$mindate) { $mindate = datetime_convert('UTC', 'UTC', 'now - 14 days'); } if (observer_prohibited()) { $result['message'] = 'Public access denied'; json_return_and_die($result); } $observer = \App::get_observer(); $channel_address = argc() > 1 ? argv(1) : ''; if ($channel_address) { $r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", dbesc(argv(1))); } else { $x = get_sys_channel(); if ($x) { $r = array($x); } $mindate = datetime_convert('UTC', 'UTC', 'now - 14 days'); } if (!$r) { $result['message'] = 'Channel not found.'; json_return_and_die($result); } logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); $result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], array('mindate' => $mindate)); $result['success'] = true; json_return_and_die($result); }
/** * Display admin settings for this addon */ function libravatar_plugin_admin(&$a, &$o) { $t = get_markup_template("admin.tpl", "addon/libravatar"); $default_avatar = get_config('libravatar', 'default_img'); // set default values for first configuration if (!$default_avatar) { $default_avatar = 'identicon'; } // pseudo-random geometric pattern based on email hash // Available options for the select boxes $default_avatars = array('mm' => t('generic profile image'), 'identicon' => t('random geometric pattern'), 'monsterid' => t('monster face'), 'wavatar' => t('computer generated face'), 'retro' => t('retro arcade style face')); // Show warning if PHP version is too old if (!version_compare(PHP_VERSION, '5.3.0', '>=')) { $o = '<h5>' . t('Warning') . '</h5><p>'; $o .= sprintf(t('Your PHP version %s is lower than the required PHP >= 5.3.'), PHP_VERSION); $o .= '<br>' . t('This addon is not functional on your server.') . '<p><br>'; return; } // Libravatar falls back to gravatar, so show warning about gravatar addon if enabled $r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", dbesc('gravatar')); if (count($r)) { $o = '<h5>' . t('Information') . '</h5><p>' . t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') . '</p><br><br>'; } // output Libravatar settings $o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token("libravatarsave") . '">'; $o .= replace_macros($t, array('$submit' => t('Save Settings'), '$default_avatar' => array('avatar', t('Default avatar image'), $default_avatar, t('Select default avatar image if none was found. See README'), $default_avatars))); }
function zotfeed_init(&$a) { $result = array('success' => false); $mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : ''; if (!$mindate) { $mindate = datetime_convert('UTC', 'UTC', 'now - 1 month'); } if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) { $result['message'] = 'Public access denied'; json_return_and_die($result); } $observer = $a->get_observer(); $channel_address = argc() > 1 ? argv(1) : ''; if ($channel_address) { $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", dbesc(argv(1)), intval(PAGE_REMOVED)); } else { $x = get_sys_channel(); if ($x) { $r = array($x); } } if (!$r) { $result['message'] = 'Channel not found.'; json_return_and_die($result); } logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); $result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], $mindate); $result['success'] = true; json_return_and_die($result); }
function p_init(&$a) { if (argc() < 2) { http_status_exit(401); } $mid = str_replace('.xml', '', argv(1)); $r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", dbesc($mid)); if (!$r || !perm_is_allowed($r[0]['uid'], '', 'view_stream')) { http_status_exit(404); } $c = q("select * from channel where channel_id = %d limit 1", intval($r[0]['uid'])); if (!$c) { http_status_exit(404); } $myaddr = $c[0]['channel_address'] . '@' . App::get_hostname(); $item = $r[0]; $title = $item['title']; $body = bb2diaspora_itembody($item); $created = datetime_convert('UTC', 'UTC', $item['created'], 'Y-m-d H:i:s \\U\\T\\C'); $tpl = get_markup_template('diaspora_post.tpl', 'addon/diaspora'); $msg = replace_macros($tpl, array('$body' => xmlify($body), '$guid' => $item['mid'], '$handle' => xmlify($myaddr), '$public' => 'true', '$created' => $created, '$provider' => $item['app'] ? $item['app'] : t('$projectname'))); header('Content-type: text/xml'); echo $msg; killme(); }
function onedirsync_run($argv, $argc) { cli_startup(); $a = get_app(); logger('onedirsync: start ' . intval($argv[1])); if ($argc > 1 && intval($argv[1])) { $update_id = intval($argv[1]); } if (!$update_id) { logger('onedirsync: no update'); return; } $r = q("select * from updates where ud_id = %d limit 1", intval($update_id)); if (!$r) { return; } if ($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED || !$r[0]['ud_addr']) { return; } // Have we probed this channel more recently than the other directory server // (where we received this update from) ? // If we have, we don't need to do anything except mark any older entries updated $x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1", dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_date']), intval(UPDATE_FLAGS_UPDATED)); if ($x) { $y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ", intval(UPDATE_FLAGS_UPDATED), dbesc($r[0]['ud_addr']), intval(UPDATE_FLAGS_UPDATED), dbesc($x[0]['ud_date'])); return; } update_directory_entry($r[0]); return; }
function handle_pubsubhubbub() { global $a, $db; logger('start'); // We'll push to each subscriber that has push > 0, // i.e. there has been an update (set in notifier.php). $r = q("SELECT * FROM `push_subscriber` WHERE `push` > 0"); foreach ($r as $rr) { $params = get_feed_for($a, '', $rr['nickname'], $rr['last_update'], 0, true); $hmac_sig = hash_hmac("sha1", $params, $rr['secret']); $headers = array("Content-type: application/atom+xml", sprintf("Link: <%s>;rel=hub," . "<%s>;rel=self", $a->get_baseurl() . '/pubsubhubbub', $rr['topic']), "X-Hub-Signature: sha1=" . $hmac_sig); logger('POST ' . print_r($headers, true) . "\n" . $params, LOGGER_DEBUG); post_url($rr['callback_url'], $params, $headers); $ret = $a->get_curl_code(); if ($ret >= 200 && $ret <= 299) { logger('successfully pushed to ' . $rr['callback_url']); // set last_update to "now", and reset push=0 $date_now = datetime_convert('UTC', 'UTC', 'now', 'Y-m-d H:i:s'); q("UPDATE `push_subscriber` SET `push` = 0, last_update = '%s' WHERE id = %d", dbesc($date_now), intval($rr['id'])); } else { logger('error when pushing to ' . $rr['callback_url'] . ' HTTP: ' . $ret); // we use the push variable also as a counter, if we failed we // increment this until some upper limit where we give up $new_push = intval($rr['push']) + 1; if ($new_push > 30) { // OK, let's give up $new_push = 0; } q("UPDATE `push_subscriber` SET `push` = %d WHERE id = %d", $new_push, intval($rr['id'])); } } logger('done'); }
function lostpass_content(&$a) { if (x($_GET, 'verify')) { $verify = $_GET['verify']; $hash = hash('whirlpool', $verify); $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash)); if (!count($r)) { notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); goaway(z_root()); return; } $uid = $r[0]['uid']; $username = $r[0]['username']; $email = $r[0]['email']; $new_password = autoname(6) . mt_rand(100, 9999); $new_password_encoded = hash('whirlpool', $new_password); $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid)); if ($r) { $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl())); info("Your password has been reset." . EOL); $email_tpl = get_intltext_template("passchanged_eml.tpl"); $email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid)); $res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit'); return $o; } } else { $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset'))); return $o; } }
function init() { if (argc() > 1) { $which = argv(1); } else { notice(t('Requested profile is not available.') . EOL); \App::$error = 404; return; } $profile = ''; $channel = \App::get_channel(); if (local_channel() && argc() > 2 && argv(2) === 'view') { $which = $channel['channel_address']; $profile = argv(1); $r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel())); if (!$r) { $profile = ''; } $profile = $r[0]['profile_guid']; } \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n"; if (!$profile) { $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1))); if ($x) { \App::$profile = $x[0]; } } profile_load($a, $which, $profile); }
function init() { $uri = urldecode(notags(trim($_GET['uri']))); logger('xrd: ' . $uri, LOGGER_DEBUG); $resource = $uri; if (substr($uri, 0, 4) === 'http') { $uri = str_replace('~', '', $uri); $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name)); if (!$r) { killme(); } $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])))); $salmon_key = salmon_key($r[0]['channel_pubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: application/xrd+xml"); $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']); for ($x = 0; $x < count($aliases); $x++) { if ($aliases[$x] === $resource) { unset($aliases[$x]); } } $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey']))); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
public static function clear() { q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 30 days")), intval(CACHE_MONTH)); q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 7 days")), intval(CACHE_WEEK)); q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 1 days")), intval(CACHE_DAY)); q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 1 hours")), intval(CACHE_HOUR)); }
function chat_post(&$a) { if ($_POST['room_name']) { $room = strip_tags(trim($_POST['room_name'])); } if (!$room || !local_channel()) { return; } $channel = $a->get_channel(); if ($_POST['action'] === 'drop') { logger('delete chatroom'); chatroom_destroy($channel, array('cr_name' => $room)); goaway(z_root() . '/chat/' . $channel['channel_address']); } $acl = new AccessList($channel); $acl->set_from_array($_REQUEST); $arr = $acl->get(); $arr['name'] = $room; $arr['expire'] = intval($_POST['chat_expire']); if (intval($arr['expire']) < 0) { $arr['expire'] = 0; } chatroom_create($channel, $arr); $x = q("select * from chatroom where cr_name = '%s' and cr_uid = %d limit 1", dbesc($room), intval(local_channel())); build_sync_packet(0, array('chatroom' => $x)); if ($x) { goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']); } // that failed. Try again perhaps? goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new'); }
function get() { if (argc() > 2 && argv(2) === 'add') { $tpl = get_markup_template("settings_oauth_edit.tpl"); $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional')))); return $o; } if (argc() > 3 && argv(2) === 'edit') { $r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel()); if (!count($r)) { notice(t('Application not found.')); return; } $app = $r[0]; $tpl = get_markup_template("settings_oauth_edit.tpl"); $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], ''))); return $o; } if (argc() > 3 && argv(2) === 'delete') { check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't'); $r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel()); goaway(z_root() . "/settings/oauth/"); return; } $r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel()); $tpl = get_markup_template("settings_oauth.tpl"); $o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r)); return $o; }
function find_diaspora_person_by_handle($handle) { $person = false; $refresh = false; if (diaspora_is_blacklisted($handle)) { return false; } $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", dbesc($handle)); if ($r) { $person = $r[0]; logger('find_diaspora_person_by handle: in cache ' . print_r($r, true), LOGGER_DATA, LOG_DEBUG); if ($person['xchan_name_date'] < datetime_convert('UTC', 'UTC', 'now - 1 month')) { logger('Updating Diaspora cached record for ' . $handle); $refresh = true; } } if (!$person || $refresh) { // try webfinger. Make sure to distinguish between diaspora, // hubzilla w/diaspora protocol and friendica w/diaspora protocol. $result = discover_by_webbie($handle); if ($result) { $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", dbesc(str_replace('acct:', '', $handle))); if ($r) { $person = $r[0]; logger('find_diaspora_person_by handle: discovered ' . print_r($r, true), LOGGER_DATA, LOG_DEBUG); } } } return $person; }
function tagrm_post(&$a) { if (!local_user()) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : ''; $item = x($_POST, 'item') ? intval($_POST['item']) : 0; $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user())); if (!count($r)) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $arr = explode(',', $r[0]['tag']); for ($x = 0; $x < count($arr); $x++) { if ($arr[$x] === $tag) { unset($arr[$x]); break; } } $tag_str = implode(',', $arr); q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user())); info(t('Tag removed') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); // NOTREACHED }
function lostpass_content(&$a) { if (x($_GET, 'verify')) { $verify = $_GET['verify']; $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify)); if (!$r) { notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); goaway(z_root()); return; } $aid = $r[0]['account_id']; $email = $r[0]['account_email']; $new_password = autoname(6) . mt_rand(100, 9999); $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); $r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid)); if ($r) { $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl())); info("Your password has been reset." . EOL); $email_tpl = get_intltext_template("passchanged_eml.tpl"); $message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid)); $subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8'); $res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit'); return $o; } } else { $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset'))); return $o; } }