/**
* API Login via basic-auth or OAuth
*/
function api_login(&$a)
{
$record = null;
require_once 'include/oauth.php';
// login with oauth
try {
$oauth = new ZotOAuth1();
$req = OAuth1Request::from_request();
list($consumer, $token) = $oauth->verify_request($req);
if (!is_null($token)) {
$oauth->loginUser($token->uid);
App::set_oauth_key($consumer->key);
call_hooks('logged_in', App::$user);
return;
}
killme();
} catch (Exception $e) {
logger($e->getMessage());
}
// workarounds for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
require_once 'include/auth.php';
require_once 'include/security.php';
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER'])) {
$channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($record && $record['channel']) {
$channel_login = $record['channel']['channel_id'];
}
}
if ($record['account']) {
authenticate_success($record['account']);
if ($channel_login) {
change_channel($channel_login);
}
$_SESSION['allow_api'] = true;
return true;
} else {
$_SERVER['PHP_AUTH_PW'] = '*****';
logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
log_failed_login('API login failure');
retry_basic_auth();
}
}
function directory_run(&$argv, &$argc)
{
global $a, $db;
if (is_null($a)) {
$a = new App();
}
if (is_null($db)) {
@(include ".htconfig.php");
require_once "include/dba.php";
$db = new dba($db_host, $db_user, $db_pass, $db_data);
unset($db_host, $db_user, $db_pass, $db_data);
}
load_config('config');
load_config('system');
if ($argc != 2) {
return;
}
load_config('system');
load_hooks();
$a->set_baseurl(get_config('system', 'url'));
$dir = get_config('system', 'directory_submit_url');
if (!strlen($dir)) {
return;
}
$arr = array('url' => $argv[1]);
call_hooks('globaldir_update', $arr);
logger('Updating directory: ' . $arr['url'], LOGGER_DEBUG);
if (strlen($arr['url'])) {
fetch_url($dir . '?url=' . bin2hex($arr['url']));
}
return;
}
/**
* Send a multipart/alternative message with Text and HTML versions
*
* @param fromName name of the sender
* @param fromEmail email fo the sender
* @param replyTo replyTo address to direct responses
* @param toEmail destination email address
* @param messageSubject subject of the message
* @param htmlVersion html version of the message
* @param textVersion text only version of the message
* @param additionalMailHeader additions to the smtp mail header
* @param optional uid user id of the destination user
*/
public static function send($params)
{
call_hooks('emailer_send_prepare', $params);
$email_textonly = False;
if (x($params, "uid")) {
$email_textonly = get_pconfig($params['uid'], "system", "email_textonly");
}
$fromName = email_header_encode(html_entity_decode($params['fromName'], ENT_QUOTES, 'UTF-8'), 'UTF-8');
$messageSubject = email_header_encode(html_entity_decode($params['messageSubject'], ENT_QUOTES, 'UTF-8'), 'UTF-8');
// generate a mime boundary
$mimeBoundary = rand(0, 9) . "-" . rand(10000000000, 99999999999) . "-" . rand(10000000000, 99999999999) . "=:" . rand(10000, 99999);
// generate a multipart/alternative message header
$messageHeader = $params['additionalMailHeader'] . "From: {$fromName} <{$params['fromEmail']}>\n" . "Reply-To: {$fromName} <{$params['replyTo']}>\n" . "MIME-Version: 1.0\n" . "Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\"";
// assemble the final multipart message body with the text and html types included
$textBody = chunk_split(base64_encode($params['textVersion']));
$htmlBody = chunk_split(base64_encode($params['htmlVersion']));
$multipartMessageBody = "--" . $mimeBoundary . "\n" . "Content-Type: text/plain; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $textBody . "\n";
if (!$email_textonly && !is_null($params['htmlVersion'])) {
$multipartMessageBody .= "--" . $mimeBoundary . "\n" . "Content-Type: text/html; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $htmlBody . "\n";
}
$multipartMessageBody .= "--" . $mimeBoundary . "--\n";
// message ending
// send the message
$hookdata = array('to' => $params['toEmail'], 'subject' => $messageSubject, 'body' => $multipartMessageBody, 'headers' => $messageHeader);
//echo "<pre>"; var_dump($hookdata); killme();
call_hooks("emailer_send", $hookdata);
$res = mail($hookdata['to'], $hookdata['subject'], $hookdata['body'], $hookdata['headers']);
logger("header " . 'To: ' . $params['toEmail'] . "\n" . $messageHeader, LOGGER_DEBUG);
logger("return value " . ($res ? "true" : "false"), LOGGER_DEBUG);
return $res;
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = get_markup_template('view/xrd_person.tpl');
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function probe_well_known($addr)
{
$ret = array();
$ret['src'] = $addr;
if (strpos($addr, '@') !== false) {
$ret['address'] = $addr;
} else {
$ret['url'] = $addr;
}
if (stristr($addr, 'facebook.com')) {
$ret['network'] = 'facebook';
}
if (stristr($addr, 'google.com')) {
$ret['network'] = 'google';
}
if (stristr($addr, 'linkedin.com')) {
$ret['network'] = 'linkedin';
}
call_hooks('probe_well_known', $ret);
if (array_key_exists('network', $ret) && net_have_driver($ret['network'])) {
$fn = 'net_discover_' . $ret['network'];
$ret = $fn($ret);
}
return $ret;
}
function init()
{
$uri = urldecode(notags(trim($_GET['uri'])));
logger('xrd: ' . $uri, LOGGER_DEBUG);
$resource = $uri;
if (substr($uri, 0, 4) === 'http') {
$uri = str_replace('~', '', $uri);
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: application/xrd+xml");
$aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
for ($x = 0; $x < count($aliases); $x++) {
if ($aliases[$x] === $resource) {
unset($aliases[$x]);
}
}
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function friendica_content(&$a)
{
$o = '';
$o .= '<h3>Friendica</h3>';
$o .= '<p></p><p>';
$o .= t('This is Friendica, version') . ' ' . FRIENDICA_VERSION . ' ';
$o .= t('running at web location') . ' ' . z_root() . '</p><p>';
$o .= t('Please visit <a href="http://friendica.com">Friendica.com</a> to learn more about the Friendica project.') . '</p><p>';
$o .= t('Bug reports and issues: please visit') . ' ' . '<a href="http://bugs.friendica.com">Bugs.Friendica.com</a></p><p>';
$o .= t('Suggestions, praise, donations, etc. - please email "Info" at Friendica - dot com') . '</p>';
$o .= '<p></p>';
if (count($a->plugins)) {
$o .= '<p>' . t('Installed plugins/addons/apps') . '</p>';
$o .= '<ul>';
foreach ($a->plugins as $p) {
if (strlen($p)) {
$o .= '<li>' . $p . '</li>';
}
}
$o .= '</ul>';
} else {
$o .= '<p>' . t('No installed plugins/addons/apps');
}
call_hooks('about_hook', $o);
return $o;
}
public static function run($argc, $argv)
{
/**
* Cron Weekly
*
* Actions in the following block are executed once per day only on Sunday (once per week).
*
*/
call_hooks('cron_weekly', datetime_convert());
z_check_cert();
require_once 'include/hubloc.php';
prune_hub_reinstalls();
mark_orphan_hubsxchans();
// get rid of really old poco records
q("delete from xlink where xlink_updated < %s - INTERVAL %s and xlink_static = 0 ", db_utcnow(), db_quoteinterval('14 DAY'));
$dirmode = intval(get_config('system', 'directory_mode'));
if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true));
}
// Check for dead sites
Master::Summon(array('Checksites'));
// update searchable doc indexes
Master::Summon(array('Importdoc'));
/**
* End Cron Weekly
*/
}
public static function run($argc, $argv)
{
logger('cronhooks: start');
$d = datetime_convert();
call_hooks('cron', $d);
return;
}
function get()
{
if (!get_config('system', 'hidden_version_siteinfo')) {
$version = sprintf(t('Version %s'), \Zotlabs\Lib\System::get_project_version());
if (@is_dir('.git') && function_exists('shell_exec')) {
$commit = @shell_exec('git log -1 --format="%h"');
$tag = \Zotlabs\Lib\System::get_std_version();
// @shell_exec('git describe --tags --abbrev=0');
}
if (!isset($commit) || strlen($commit) > 16) {
$commit = '';
}
} else {
$version = $commit = '';
}
$plugins_list = implode(', ', visible_plugin_list());
if ($plugins_list) {
$plugins_text = t('Installed plugins/addons/apps:');
} else {
$plugins_text = t('No installed plugins/addons/apps');
}
$txt = get_config('system', 'admininfo');
$admininfo = bbcode($txt);
if (file_exists('doc/site_donate.html')) {
$donate .= file_get_contents('doc/site_donate.html');
}
if (function_exists('sys_getloadavg')) {
$loadavg = sys_getloadavg();
}
$o = replace_macros(get_markup_template('siteinfo.tpl'), array('$title' => t('$Projectname'), '$description' => t('This is a hub of $Projectname - a global cooperative network of decentralized privacy enhanced websites.'), '$version' => $version, '$tag_txt' => t('Tag: '), '$tag' => $tag, '$polled' => t('Last background fetch: '), '$lastpoll' => get_poller_runtime(), '$load_average' => t('Current load average: '), '$loadavg_all' => $loadavg[0] . ', ' . $loadavg[1] . ', ' . $loadavg[2], '$commit' => $commit, '$web_location' => t('Running at web location') . ' ' . z_root(), '$visit' => t('Please visit <a href="http://hubzilla.org">hubzilla.org</a> to learn more about $Projectname.'), '$bug_text' => t('Bug reports and issues: please visit'), '$bug_link_url' => 'https://github.com/redmatrix/hubzilla/issues', '$bug_link_text' => t('$projectname issues'), '$contact' => t('Suggestions, praise, etc. - please email "redmatrix" at librelist - dot com'), '$donate' => $donate, '$adminlabel' => t('Site Administrators'), '$admininfo' => $admininfo, '$plugins_text' => $plugins_text, '$plugins_list' => $plugins_list));
call_hooks('about_hook', $o);
return $o;
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name));
if (!count($r)) {
killme();
}
$salmon_key = salmon_key($r[0]['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
if (get_config('system', 'diaspora_enabled')) {
//$tpl = file_get_contents('view/xrd_diaspora.tpl');
$tpl = get_markup_template('xrd_diaspora.tpl');
$dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey']))));
} else {
$dspr = '';
}
//$tpl = file_get_contents('view/xrd_person.tpl');
$tpl = get_markup_template('xrd_person.tpl');
$o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function oembed_fetch_url($embedurl)
{
$a = get_app();
$txt = Cache::get($a->videowidth . $embedurl);
if (strstr($txt, 'youtu')) {
$txt = str_replace('http:', 'https:', $txt);
}
// These media files should now be caught in bbcode.php
// left here as a fallback in case this is called from another source
$noexts = array("mp3", "mp4", "ogg", "ogv", "oga", "ogm", "webm");
$ext = pathinfo(strtolower($embedurl), PATHINFO_EXTENSION);
if (is_null($txt)) {
$txt = "";
if (in_array($ext, $noexts)) {
require_once 'include/hubloc.php';
$zrl = is_matrix_url($embedurl);
if ($zrl) {
$embedurl = zid($embedurl);
}
} else {
// try oembed autodiscovery
$redirects = 0;
$result = z_fetch_url($embedurl, false, $redirects, array('timeout' => 15, 'accept_content' => "text/*", 'novalidate' => true));
if ($result['success']) {
$html_text = $result['body'];
}
if ($html_text) {
$dom = @DOMDocument::loadHTML($html_text);
if ($dom) {
$xpath = new DOMXPath($dom);
$attr = "oembed";
$xattr = oe_build_xpath("class", "oembed");
$entries = $xpath->query("//link[@type='application/json+oembed']");
foreach ($entries as $e) {
$href = $e->getAttributeNode("href")->nodeValue;
$x = z_fetch_url($href . '&maxwidth=' . $a->videowidth);
$txt = $x['body'];
break;
}
}
}
}
if ($txt == false || $txt == "") {
$x = array('url' => $embedurl, 'videowidth' => $a->videowidth);
call_hooks('oembed_probe', $x);
if (array_key_exists('embed', $x)) {
$txt = $x['embed'];
}
}
$txt = trim($txt);
if ($txt[0] != "{") {
$txt = '{"type":"error"}';
}
//save in cache
Cache::set($a->videowidth . $embedurl, $txt);
}
$j = json_decode($txt);
$j->embedurl = $embedurl;
return $j;
}
function ajax_recent_changes_load($param) {
$list=array();
call_hooks("recent_changes_load", &$list, $param);
return $list;
}
function _well_known_init(&$a)
{
if (argc() > 1) {
$arr = array('server' => $_SERVER, 'request' => $_REQUEST);
call_hooks('well_known', $arr);
switch (argv(1)) {
case 'zot-info':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'zfinger';
require_once 'mod/zfinger.php';
zfinger_init($a);
break;
case 'webfinger':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'wfinger';
require_once 'mod/wfinger.php';
wfinger_init($a);
break;
case 'host-meta':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'hostxrd';
require_once 'mod/hostxrd.php';
hostxrd_init($a);
break;
default:
break;
}
}
http_status_exit(404);
}
function ajax_map_key($param) {
$list=array();
call_hooks("map_key", &$list, $param);
foreach($list as $i=>$l) {
$list[$i]=array($l[0], $l[1]->show_info($param), get_class($l[1]));
}
return array("param"=>$param, "list"=>$list);
/* $mapkey=new map_key();
$ret=$mapkey->show_info($param);
$text=$xml->createTextNode($ret);
$ret=$xml->createElement("result");
$value=$xml->createElement("text");
$value->appendChild($text);
$ret->appendChild($value);
$xml->appendChild($ret);
$value=$xml->createElement("zoom");
$ret->appendChild($value);
$value->setAttribute("value", $param[zoom]);
if($param[overlays])
foreach($param[overlays] as $p=>$dummy) {
$value=$xml->createElement("overlay");
$ret->appendChild($value);
$value->setAttribute("value", $p);
} */
}
function post()
{
$address = trim($_REQUEST['address']);
if (strpos($address, '@') === false) {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
// if they're still here...
notice(t('Authentication failed.') . EOL);
return;
} else {
// Presumed Red identity. Perform reverse magic auth
if (strpos($address, '@') === false) {
notice('Invalid address.');
return;
}
$r = null;
if ($address) {
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($address));
}
if ($r) {
$url = $r[0]['hubloc_url'];
} else {
$url = 'https://' . substr($address, strpos($address, '@') + 1);
}
if ($url) {
if ($_SESSION['return_url']) {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', $_SESSION['return_url']));
} else {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', \App::$query_string));
}
goaway($url . '/magic' . '?f=&dest=' . $dest);
}
}
}
function wfinger_init(&$a)
{
$result = array();
$scheme = '';
if (x($_SERVER, 'HTTPS') && $_SERVER['HTTPS']) {
$scheme = 'https';
} elseif (x($_SERVER, 'SERVER_PORT') && intval($_SERVER['SERVER_PORT']) == 443) {
$scheme = 'https';
}
// Don't complain to me - I'm just implementing the spec.
if ($scheme !== 'https') {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS');
killme();
}
$resource = $_REQUEST['resource'];
$r = null;
if ($resource) {
if (strpos($resource, 'acct:') === 0) {
$channel = str_replace('acct:', '', $resource);
if (strpos($channel, '@') !== false) {
$host = substr($channel, strpos($channel, '@') + 1);
if (strcasecmp($host, get_app()->get_hostname())) {
goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource);
}
$channel = substr($channel, 0, strpos($channel, '@'));
}
}
if (strpos($resource, 'http') === 0) {
$channel = str_replace('~', '', basename($resource));
}
$r = q("select * from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_address = '%s' limit 1", dbesc($channel));
}
header('Access-Control-Allow-Origin: *');
header('Content-type: application/jrd+json');
if ($resource && $r) {
$h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", dbesc($r[0]['channel_hash']));
$result['subject'] = $resource;
$aliases = array(z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
if ($h) {
foreach ($h as $hh) {
$aliases[] = 'acct:' . $hh['hubloc_addr'];
}
}
$result['aliases'] = array();
$result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']);
foreach ($aliases as $alias) {
if ($alias != $resource) {
$result['aliases'][] = $alias;
}
}
$result['links'] = array(array('rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l']), array('rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address']), array('rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address']), array('rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr']));
} else {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request');
killme();
}
$arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result);
call_hooks('webfinger', $arr);
echo json_encode($arr['result']);
killme();
}
function get_features($filtered = true)
{
if (UNO && $filtered) {
return array();
}
$arr = array('general' => array(t('General Features'), array('content_expire', t('Content Expiration'), t('Remove posts/comments and/or private messages at a future time'), false, get_config('feature_lock', 'content_expire')), array('multi_profiles', t('Multiple Profiles'), t('Ability to create multiple profiles'), false, get_config('feature_lock', 'multi_profiles')), array('advanced_profiles', t('Advanced Profiles'), t('Additional profile sections and selections'), false, get_config('feature_lock', 'advanced_profiles')), array('profile_export', t('Profile Import/Export'), t('Save and load profile details across sites/channels'), false, get_config('feature_lock', 'profile_export')), array('webpages', t('Web Pages'), t('Provide managed web pages on your channel'), false, get_config('feature_lock', 'webpages')), array('hide_rating', t('Hide Rating'), t('Hide the rating buttons on your channel and profile pages. Note: People can still rate you somewhere else.'), false, get_config('feature_lock', 'hide_rating')), array('private_notes', t('Private Notes'), t('Enables a tool to store notes and reminders (note: not encrypted)'), false, get_config('feature_lock', 'private_notes')), array('nav_channel_select', t('Navigation Channel Select'), t('Change channels directly from within the navigation dropdown menu'), false, get_config('feature_lock', 'nav_channel_select')), array('photo_location', t('Photo Location'), t('If location data is available on uploaded photos, link this to a map.'), false, get_config('feature_lock', 'photo_location')), array('ajaxchat', t('Access Controlled Chatrooms'), t('Provide chatrooms and chat services with access control.'), true, get_config('feature_lock', 'ajaxchat')), array('smart_birthdays', t('Smart Birthdays'), t('Make birthday events timezone aware in case your friends are scattered across the planet.'), true, get_config('feature_lock', 'smart_birthdays')), array('expert', t('Expert Mode'), t('Enable Expert Mode to provide advanced configuration options'), false, get_config('feature_lock', 'expert')), array('premium_channel', t('Premium Channel'), t('Allows you to set restrictions and terms on those that connect with your channel'), false, get_config('feature_lock', 'premium_channel'))), 'composition' => array(t('Post Composition Features'), array('large_photos', t('Large Photos'), t('Include large (1024px) photo thumbnails in posts. If not enabled, use small (640px) photo thumbnails'), false, get_config('feature_lock', 'large_photos')), array('channel_sources', t('Channel Sources'), t('Automatically import channel content from other channels or feeds'), false, get_config('feature_lock', 'channel_sources')), array('content_encrypt', t('Even More Encryption'), t('Allow optional encryption of content end-to-end with a shared secret key'), false, get_config('feature_lock', 'content_encrypt')), array('consensus_tools', t('Enable Voting Tools'), t('Provide a class of post which others can vote on'), false, get_config('feature_lock', 'consensus_tools')), array('delayed_posting', t('Delayed Posting'), t('Allow posts to be published at a later date'), false, get_config('feature_lock', 'delayed_posting')), array('suppress_duplicates', t('Suppress Duplicate Posts/Comments'), t('Prevent posts with identical content to be published with less than two minutes in between submissions.'), true, get_config('feature_lock', 'suppress_duplicates'))), 'net_module' => array(t('Network and Stream Filtering'), array('archives', t('Search by Date'), t('Ability to select posts by date ranges'), false, get_config('feature_lock', 'archives')), array('groups', t('Privacy Groups'), t('Enable management and selection of privacy groups'), true, get_config('feature_lock', 'groups')), array('savedsearch', t('Saved Searches'), t('Save search terms for re-use'), false, get_config('feature_lock', 'savedsearch')), array('personal_tab', t('Network Personal Tab'), t('Enable tab to display only Network posts that you\'ve interacted on'), false, get_config('feature_lock', 'personal_tab')), array('new_tab', t('Network New Tab'), t('Enable tab to display all new Network activity'), false, get_config('feature_lock', 'new_tab')), array('affinity', t('Affinity Tool'), t('Filter stream activity by depth of relationships'), false, get_config('feature_lock', 'affinity')), array('connfilter', t('Connection Filtering'), t('Filter incoming posts from connections based on keywords/content'), false, get_config('feature_lock', 'connfilter')), array('suggest', t('Suggest Channels'), t('Show channel suggestions'), false, get_config('feature_lock', 'suggest'))), 'tools' => array(t('Post/Comment Tools'), array('commtag', t('Community Tagging'), t('Ability to tag existing posts'), false, get_config('feature_lock', 'commtag')), array('categories', t('Post Categories'), t('Add categories to your posts'), false, get_config('feature_lock', 'categories')), array('emojis', t('Emoji Reactions'), t('Add emoji reaction ability to posts'), true, get_config('feature_lock', 'emojis')), array('filing', t('Saved Folders'), t('Ability to file posts under folders'), false, get_config('feature_lock', 'filing')), array('dislike', t('Dislike Posts'), t('Ability to dislike posts/comments'), false, get_config('feature_lock', 'dislike')), array('star_posts', t('Star Posts'), t('Ability to mark special posts with a star indicator'), false, get_config('feature_lock', 'star_posts')), array('tagadelic', t('Tag Cloud'), t('Provide a personal tag cloud on your channel page'), false, get_config('feature_lock', 'tagedelic'))));
// removed any locked features and remove the entire category if this makes it empty
if ($filtered) {
foreach ($arr as $k => $x) {
$has_items = false;
for ($y = 0; $y < count($arr[$k]); $y++) {
if (is_array($arr[$k][$y])) {
if ($arr[$k][$y][4] === false) {
$has_items = true;
} else {
unset($arr[$k][$y]);
}
}
}
if (!$has_items) {
unset($arr[$k]);
}
}
}
call_hooks('get_features', $arr);
return $arr;
}
function uexport_content(&$a)
{
if ($a->argc > 1) {
header("Content-type: application/json");
header('Content-Disposition: attachment; filename="' . $a->user['nickname'] . '.' . $a->argv[1] . '"');
switch ($a->argv[1]) {
case "backup":
uexport_all($a);
killme();
break;
case "account":
uexport_account($a);
killme();
break;
default:
killme();
}
}
/**
* options shown on "Export personal data" page
* list of array( 'link url', 'link text', 'help text' )
*/
$options = array(array('/uexport/account', t('Export account'), t('Export your account info and contacts. Use this to make a backup of your account and/or to move it to another server.')), array('/uexport/backup', t('Export all'), t('Export your accout info, contacts and all your items as json. Could be a very big file, and could take a lot of time. Use this to make a full backup of your account (photos are not exported)')));
call_hooks('uexport_options', $options);
$tpl = get_markup_template("uexport.tpl");
return replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$title' => t('Export personal data'), '$options' => $options));
}
function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false, $celeb = false, $privatenet = false, $tabindex = null)
{
$o = '';
// When used for private messages, we limit correspondence to mutual DFRN/Friendica friends and the selector
// to one recipient. By default our selector allows multiple selects amongst all contacts.
$sql_extra = '';
$tabindex = $tabindex > 0 ? "tabindex=\"{$tabindex}\"" : "";
if ($privmail) {
$o .= "<select name=\"{$selname}\" id=\"{$selclass}\" class=\"{$selclass}\" size=\"{$size}\" {$tabindex} >\r\n";
} else {
$o .= "<select name=\"{$selname}[]\" id=\"{$selclass}\" class=\"{$selclass}\" multiple=\"multiple\" size=\"{$size}\" {$tabindex} >\r\n";
}
$r = q("SELECT abook_id, xchan_name, xchan_url, xchan_photo_s from abook left join xchan on abook_xchan = xchan_hash\n\t\twhere abook_self = 0 and abook_channel = %d\n\t\t{$sql_extra}\n\t\tORDER BY xchan_name ASC ", intval(local_channel()));
$arr = array('contact' => $r, 'entry' => $o);
// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
call_hooks(App::$module . '_pre_' . $selname, $arr);
if ($r) {
foreach ($r as $rr) {
if (is_array($preselected) && in_array($rr['id'], $preselected)) {
$selected = " selected=\"selected\" ";
} else {
$selected = '';
}
$trimmed = mb_substr($rr['xchan_name'], 0, 20);
$o .= "<option value=\"{$rr['abook_id']}\" {$selected} title=\"{$rr['xchan_name']}|{$rr['xchan_url']}\" >{$trimmed}</option>\r\n";
}
}
$o .= "</select>\r\n";
call_hooks(App::$module . '_post_' . $selname, $o);
return $o;
}
function cronhooks_run($argv, $argc)
{
cli_startup();
logger('cronhooks: start');
$d = datetime_convert();
call_hooks('cron', $d);
return;
}
function network_to_name($s)
{
$nets = array(NETWORK_DFRN => t('Friendica'), NETWORK_OSTATUS => t('OStatus'), NETWORK_FEED => t('RSS/Atom'), NETWORK_MAIL => t('Email'), NETWORK_DIASPORA => t('Diaspora'), NETWORK_FACEBOOK => t('Facebook'), NETWORK_ZOT => t('Zot!'), NETWORK_LINKEDIN => t('LinkedIn'), NETWORK_XMPP => t('XMPP/IM'), NETWORK_MYSPACE => t('MySpace'));
call_hooks('network_to_name', $nets);
$search = array_keys($nets);
$replace = array_values($nets);
return str_replace($search, $replace, $s);
}
function network_to_name($s)
{
$nets = array(NETWORK_DFRN => t('Friendica'), NETWORK_OSTATUS => t('OStatus'), NETWORK_FEED => t('RSS/Atom'), NETWORK_MAIL => t('Email'), NETWORK_DIASPORA => t('Diaspora'), NETWORK_FACEBOOK => t('Facebook'), NETWORK_ZOT => t('Zot!'), NETWORK_LINKEDIN => t('LinkedIn'), NETWORK_XMPP => t('XMPP/IM'), NETWORK_MYSPACE => t('MySpace'), NETWORK_MAIL2 => t('Email'), NETWORK_GPLUS => t('Google+'), NETWORK_PUMPIO => t('pump.io'), NETWORK_TWITTER => t('Twitter'), NETWORK_DIASPORA2 => t('Diaspora Connector'), NETWORK_STATUSNET => t('Statusnet'), NETWORK_APPNET => t('App.net'));
call_hooks('network_to_name', $nets);
$search = array_keys($nets);
$replace = array_values($nets);
return str_replace($search, $replace, $s);
}
function sql_query($qry, &$conn = 0)
{
global $db;
// If no database connection is supplied use default
if (!$conn) {
$conn =& $db;
}
if (!$conn) {
print "NO DATABASE\n";
exit;
}
// check if connection was opened too long
if (isset($conn['date']) && time() - $conn['date'] > 3600) {
debug("connection {$conn['connection']} opened too long, closing", "sql");
$conn['date'] = null;
pg_close($conn['connection']);
unset($conn['connection']);
}
// check for database connection
sql_connect($conn);
// Rewrite SQL query
call_hooks("pg_sql_query", $qry, $conn);
// Do we want debug information?
if (isset($conn['debug']) && $conn['debug']) {
debug("CONN {$conn['title']}: " . $qry, "sql");
}
// Query
$res = pg_query($conn['connection'], $qry);
// There was an error - call hooks to inform about error
if ($res === false) {
// if postgresql connection died ...
if (pg_connection_status($conn['connection']) == PGSQL_CONNECTION_BAD) {
debug("sql connection died", "sql");
pg_close($conn['connection']);
unset($conn['connection']);
call_hooks("sql_connection_failed", $conn);
// if connection is back, retry query
if (isset($conn['connection']) && pg_connection_status($conn['connection']) == PGSQL_CONNECTION_OK) {
$res = pg_query($conn['connection'], $qry);
if ($res !== false) {
debug("sql retry successful", "sql");
return $res;
}
} else {
print "sql connection died\n";
exit;
}
}
$error = pg_last_error();
call_hooks("sql_error", $db, $qry, $error);
// If we want debug information AND we have an error, tell about it
if (isset($conn['debug']) && $conn['debug']) {
debug("CONN {$conn['title']}: " . pg_last_error(), "sql");
}
}
return $res;
}
function editlayout_content(&$a)
{
// We first need to figure out who owns the webpage, grab it from an argument
$which = argv(1);
// $a->get_channel() and stuff don't work here, so we've got to find the owner for ourselves.
$r = q("select channel_id from channel where channel_address = '%s'", dbesc($which));
if ($r) {
$owner = intval($r[0]['channel_id']);
//logger('owner: ' . print_r($owner,true));
}
if (local_user() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
}
$o = '';
// Figure out which post we're editing
$post_id = argc() > 2 ? intval(argv(2)) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
// Now we've got a post and an owner, let's find out if we're allowed to edit it
$observer = $a->get_observer();
$ob_hash = $observer ? $observer['xchan_hash'] : '';
$perms = get_all_perms($owner, $ob_hash);
if (!$perms['write_pages']) {
notice(t('Permission denied.') . EOL);
return;
}
// We've already figured out which item we want and whose copy we need, so we don't need anything fancy here
$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1", intval($post_id), intval($owner));
$item_id = q("select * from item_id where service = 'PDL' and iid = %d limit 1", $itm[0]['id']);
if ($item_id) {
$layout_title = $item_id[0]['sid'];
}
$plaintext = true;
// You may or may not be a local user. This won't work,
// if(feature_enabled(local_user(),'richtext'))
// $plaintext = false;
$o .= replace_macros(get_markup_template('edpost_head.tpl'), array('$title' => t('Edit Layout')));
$a->page['htmlhead'] .= replace_macros(get_markup_template('jot-header.tpl'), array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $a->user['nickname'], '$confirmdelete' => t('Delete layout?')));
$tpl = get_markup_template("jot.tpl");
$jotplugins = '';
$jotnets = '';
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
$channel = $a->get_channel();
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
//FIXME A return path with $_SESSION doesn't always work for observer - it may WSoD instead of loading a sensible page. So, send folk to the webpage list.
$rp = '/layouts/' . $which;
$o .= replace_macros($tpl, array('$return_path' => $rp, '$action' => 'item', '$webpage' => ITEM_PDL, '$share' => t('Edit'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $channel['channel_location'], '$visitor' => false, '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => htmlspecialchars($itm[0]['title'], ENT_COMPAT, 'UTF-8'), '$placeholdertitle' => t('Set title'), '$pagetitle' => $layout_title, '$category' => '', '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => '', '$profile_uid' => intval($owner), '$preview' => feature_enabled(local_user(), 'preview') ? t('Preview') : '', '$jotplugins' => $jotplugins, '$sourceapp' => t($a->sourcename), '$defexpire' => '', '$feature_expire' => false, '$expires' => t('Set expiration date')));
$ob = get_observer_hash();
if ($itm[0]['author_xchan'] === $ob || $itm[0]['owner_xchan'] === $ob) {
$o .= '<br /><br /><a class="layout-delete-link" href="item/drop/' . $itm[0]['id'] . '" >' . t('Delete Layout') . '</a><br />';
}
return $o;
}
function commit()
{
global $db;
if (isset($this->foreign_key_checks_disabled)) {
$db->enableForeignKeyChecks();
}
$this->status = false;
$db->commit();
call_hooks("changeset_commit", $this);
}
function extend_cookie()
{
// if there's a long-term cookie, extend it
$xtime = $_SESSION['remember_me'] ? 60 * 60 * 24 * 365 : 0;
if ($xtime) {
setcookie(session_name(), session_id(), time() + $xtime);
}
$arr = array('expire' => $xtime);
call_hooks('extend_cookie', $arr);
}
public static function run($argc, $argv)
{
if ($argc < 2) {
return;
}
$r = q("select * from item where id = '%d'", intval($argv[1]));
if ($r) {
call_hooks('notifier_normal', $r[0]);
}
}
function _well_known_init(&$a)
{
if (argc() > 1) {
$arr = array('server' => $_SERVER, 'request' => $_REQUEST);
call_hooks('well_known', $arr);
if (!check_siteallowed($_SERVER['REMOTE_ADDR'])) {
logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']);
killme();
}
// from php.net re: REMOTE_HOST:
// Note: Your web server must be configured to create this variable. For example in Apache
// you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().
if (get_config('system', 'siteallowed_remote_host') && !check_siteallowed($_SERVER['REMOTE_HOST'])) {
logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']);
killme();
}
switch (argv(1)) {
case 'zot-info':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'zfinger';
require_once 'mod/zfinger.php';
zfinger_init($a);
break;
case 'webfinger':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'wfinger';
require_once 'mod/wfinger.php';
wfinger_init($a);
break;
case 'host-meta':
$a->argc -= 1;
array_shift($a->argv);
$a->argv[0] = 'hostxrd';
require_once 'mod/hostxrd.php';
hostxrd_init($a);
break;
default:
// look in $WEBROOT/well_known for the requested file in case it is
// something a site requires and for which we do not have a module
// @fixme - we may need to determine the content-type and stick it in the header
// for now this can be done with a php script masquerading as the requested file
$wk_file = str_replace('.well-known', 'well_known', $a->cmd);
if (file_exists($wk_file)) {
echo file_get_contents($wk_file);
killme();
} elseif (file_exists($wk_file . '.php')) {
require_once $wk_file . '.php';
}
break;
}
}
http_status_exit(404);
}
function editpost_content(&$a)
{
$o = '';
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$post_id = $a->argc > 1 ? intval($a->argv[1]) : 0;
if (!$post_id) {
notice(t('Item not found') . EOL);
return;
}
$itm = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($post_id), intval(local_user()));
if (!count($itm)) {
notice(t('Item not found') . EOL);
return;
}
$plaintext = false;
if (local_user() && intval(get_pconfig(local_user(), 'system', 'plaintext'))) {
$plaintext = true;
}
$o .= '<h2>' . t('Edit post') . '</h2>';
$tpl = get_markup_template('jot-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$ispublic' => ' ', '$geotag' => $geotag, '$nickname' => $a->user['nickname']));
$tpl = get_markup_template("jot.tpl");
if ($group || is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid']))) {
$lockstate = 'lock';
} else {
$lockstate = 'unlock';
}
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
$jotplugins = '';
$jotnets = '';
$mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1;
$mail_enabled = false;
$pubmail_enabled = false;
if (!$mail_disabled) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", intval(local_user()));
if (count($r)) {
$mail_enabled = true;
if (intval($r[0]['pubmail'])) {
$pubmail_enabled = true;
}
}
}
if ($mail_enabled) {
$selected = $pubmail_enabled ? ' checked="checked" ' : '';
$jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . t("Post to Email") . '</div>';
}
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
//$tpl = replace_macros($tpl,array('$jotplugins' => $jotplugins));
$o .= replace_macros($tpl, array('$return_path' => $_SESSION['return_url'], '$action' => 'item', '$share' => t('Edit'), '$upload' => t('Upload photo'), '$attach' => t('Attach file'), '$weblink' => t('Insert web link'), '$youtube' => t('Insert YouTube video'), '$video' => t('Insert Vorbis [.ogg] video'), '$audio' => t('Insert Vorbis [.ogg] audio'), '$setloc' => t('Set your location'), '$noloc' => t('Clear browser location'), '$wait' => t('Please wait'), '$permset' => t('Permission settings'), '$ptyp' => $itm[0]['type'], '$content' => undo_post_tagging($itm[0]['body']), '$post_id' => $post_id, '$baseurl' => $a->get_baseurl(), '$defloc' => $a->user['default-location'], '$visitor' => 'none', '$pvisit' => 'none', '$emailcc' => t('CC: email addresses'), '$public' => t('Public post'), '$jotnets' => $jotnets, '$title' => $itm[0]['title'], '$placeholdertitle' => t('Set title'), '$category' => file_tag_file_to_list($itm[0]['file'], 'category'), '$placeholdercategory' => t('Categories (comma-separated list)'), '$emtitle' => t('Example: bob@example.com, mary@example.com'), '$lockstate' => $lockstate, '$acl' => '', '$bang' => $group ? '!' : '', '$profile_uid' => $_SESSION['uid'], '$preview' => t('Preview'), '$jotplugins' => $jotplugins));
return $o;
}
