function appman_post(&$a)
{
if (!local_user()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'sig' => escape_tags($_REQUEST['sig']));
$_REQUEST['appid'] = app_install(local_user(), $arr);
if (app_installed(local_user(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
app_install(local_user(), $papp);
if (app_installed(local_user(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
app_destroy(local_user(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps/personal');
}
function feed_init(&$a)
{
$params = array();
$params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE;
$params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : '';
$params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml';
$params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0;
$params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0;
$params['start'] = x($params, 'start') ? intval($params['start']) : 0;
$params['records'] = x($params, 'records') ? intval($params['records']) : 40;
$params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc';
$params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : '';
$channel = '';
if (argc() > 1) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1)));
if (!($r && count($r))) {
killme();
}
$channel = $r[0];
if (intval(get_config('system', 'block_public')) && !get_account_id()) {
killme();
}
logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
echo get_public_feed($channel, $params);
killme();
}
}
function wallmessage_content(&$a)
{
if (!get_my_url()) {
notice(t('Permission denied.') . EOL);
return;
}
$recipient = $a->argc > 1 ? $a->argv[1] : '';
if (!$recipient) {
notice(t('No recipient.') . EOL);
return;
}
$r = q("select * from user where nickname = '%s' limit 1", dbesc($recipient));
if (!count($r)) {
notice(t('No recipient.') . EOL);
logger('wallmessage: no recipient');
return;
}
$user = $r[0];
if (!intval($user['unkmail'])) {
notice(t('Permission denied.') . EOL);
return;
}
$r = q("select count(*) as total from mail where uid = %d and created > UTC_TIMESTAMP() - INTERVAL 1 day and unknown = 1", intval($user['uid']));
if ($r[0]['total'] > $user['cntunkmail']) {
notice(sprintf(t('Number of daily wall messages for %s exceeded. Message failed.', $user['username'])));
return;
}
$tpl = get_markup_template('wallmsg-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(true), '$editselect' => '/(profile-jot-text|prvmail-text)/', '$nickname' => $user['nickname'], '$linkurl' => t('Please enter a link URL:')));
$tpl = get_markup_template('wallmessage.tpl');
$o .= replace_macros($tpl, array('$header' => t('Send Private Message'), '$subheader' => sprintf(t('If you wish for %s to respond, please check that the privacy settings on your site allow private mail from unknown senders.'), $user['username']), '$to' => t('To:'), '$subject' => t('Subject:'), '$recipname' => $user['username'], '$nickname' => $user['nickname'], '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '', '$text' => x($_REQUEST, 'body') ? escape_tags(htmlspecialchars($_REQUEST['body'])) : '', '$readonly' => '', '$yourmessage' => t('Your message:'), '$select' => $select, '$parent' => '', '$upload' => t('Upload photo'), '$insert' => t('Insert web link'), '$wait' => t('Please wait')));
return $o;
}
/** @file */
function notes_init(&$a)
{
if (!local_channel()) {
return;
}
$ret = array('success' => true);
if (array_key_exists('note_text', $_REQUEST)) {
$body = escape_tags($_REQUEST['note_text']);
// I've had my notes vanish into thin air twice in four years.
// Provide a backup copy if there were contents previously
// and there are none being saved now.
if (!$body) {
$old_text = get_pconfig(local_channel(), 'notes', 'text');
if ($old_text) {
set_pconfig(local_channel(), 'notes', 'text.bak', $old_text);
}
}
set_pconfig(local_channel(), 'notes', 'text', $body);
}
// push updates to channel clones
if (argc() > 1 && argv(1) === 'sync') {
require_once 'include/zot.php';
build_sync_packet();
}
logger('notes saved.', LOGGER_DEBUG);
json_return_and_die($ret);
}
function get()
{
if (argc() == 2 && argv(1) == 'edit') {
$mode = 'edit';
} else {
$mode = 'list';
}
$_SESSION['return_url'] = \App::$cmd;
$apps = array();
if (local_channel()) {
import_system_apps();
$syslist = array();
$list = app_list(local_channel(), false, $_GET['cat']);
if ($list) {
foreach ($list as $x) {
$syslist[] = app_encode($x);
}
}
translate_system_apps($syslist);
} else {
$syslist = get_system_apps(true);
}
usort($syslist, 'app_name_compare');
// logger('apps: ' . print_r($syslist,true));
foreach ($syslist as $app) {
$apps[] = app_render($app, $mode);
}
return replace_macros(get_markup_template('myapps.tpl'), array('$sitename' => get_config('system', 'sitename'), '$cat' => array_key_exists('cat', $_GET) && $_GET['cat'] ? ' - ' . escape_tags($_GET['cat']) : '', '$title' => t('Apps'), '$apps' => $apps));
}
function post()
{
if (!local_channel()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'requires' => escape_tags($_REQUEST['requires']), 'system' => intval($_REQUEST['system']), 'sig' => escape_tags($_REQUEST['sig']), 'categories' => escape_tags($_REQUEST['categories']));
$_REQUEST['appid'] = Zlib\Apps::app_install(local_channel(), $arr);
if (Zlib\Apps::app_installed(local_channel(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = Zlib\Apps::app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
Zlib\Apps::app_install(local_channel(), $papp);
if (Zlib\Apps::app_installed(local_channel(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
Zlib\Apps::app_destroy(local_channel(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps');
}
function message_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$replyto = x($_POST, 'replyto') ? notags(trim($_POST['replyto'])) : '';
$subject = x($_POST, 'subject') ? notags(trim($_POST['subject'])) : '';
$body = x($_POST, 'body') ? escape_tags(trim($_POST['body'])) : '';
$recipient = x($_POST, 'messageto') ? intval($_POST['messageto']) : 0;
$ret = send_message($recipient, $body, $subject, $replyto);
switch ($ret) {
case -1:
notice(t('No recipient selected.') . EOL);
break;
case -2:
notice(t('Unable to locate contact information.') . EOL);
break;
case -3:
notice(t('Message could not be sent.') . EOL);
break;
case -4:
notice(t('Message collection failure.') . EOL);
break;
default:
info(t('Message sent.') . EOL);
}
}
function lsearch_init(&$a)
{
$perpage = $_REQUEST['n'] ? $_REQUEST['n'] : 80;
$page = $_REQUEST['p'] ? intval($_REQUEST['p'] - 1) : 0;
$startrec = ($page + 1) * $perpage - $perpage;
$search = trim($_REQUEST['search']);
if (!strlen($search)) {
killme();
}
if ($search) {
$search = dbesc(escape_tags($search));
}
$sql_extra = strlen($search) ? " AND ( `name` REGEXP '{$search}' OR `homepage` REGEXP '{$search}' OR `tags` REGEXP '{$search}' \n\t\tor `region` REGEXP '{$search}' or `country-name` regexp '{$search}' ) " : "";
$r = q("SELECT COUNT(*) AS `total` FROM `profile` WHERE 1 {$sql_extra} ");
if (count($r)) {
$total = $r[0]['total'];
}
$r = q("SELECT * FROM `profile` WHERE 1 {$sql_extra} ORDER BY `name` ASC LIMIT %d, %d ", intval($startrec), intval($perpage));
$results = array();
if (count($r)) {
foreach ($r as $rr) {
$results[] = array('name' => $rr['name'], 'url' => $rr['homepage'], 'photo' => $a->get_baseurl() . '/photo/' . $rr['id'], 'tags' => $rr['tags']);
}
}
$output = array('total' => $total, 'items_page' => $perpage, 'page' => $page + 1, 'results' => $results);
echo json_encode($output);
killme();
}
/**
* @brief Logs admin page.
*
* @return string
*/
function get()
{
$log_choices = array(LOGGER_NORMAL => 'Normal', LOGGER_TRACE => 'Trace', LOGGER_DEBUG => 'Debug', LOGGER_DATA => 'Data', LOGGER_ALL => 'All');
$t = get_markup_template('admin_logs.tpl');
$f = get_config('system', 'logfile');
$data = '';
if (!file_exists($f)) {
$data = t("Error trying to open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} exist and is \n\treadable.");
} else {
$fp = fopen($f, 'r');
if (!$fp) {
$data = t("Couldn't open <strong>{$f}</strong> log file.\r\n<br/>Check to see if file {$f} is readable.");
} else {
$fstat = fstat($fp);
$size = $fstat['size'];
if ($size != 0) {
if ($size > 5000000 || $size < 0) {
$size = 5000000;
}
$seek = fseek($fp, 0 - $size, SEEK_END);
if ($seek === 0) {
$data = escape_tags(fread($fp, $size));
while (!feof($fp)) {
$data .= escape_tags(fread($fp, 4096));
}
}
}
fclose($fp);
}
}
return replace_macros($t, array('$title' => t('Administration'), '$page' => t('Logs'), '$submit' => t('Submit'), '$clear' => t('Clear'), '$data' => $data, '$baseurl' => z_root(), '$logname' => get_config('system', 'logfile'), '$debugging' => array('debugging', t("Debugging"), get_config('system', 'debugging'), ""), '$logfile' => array('logfile', t("Log file"), get_config('system', 'logfile'), t("Must be writable by web server. Relative to your top-level webserver directory.")), '$loglevel' => array('loglevel', t("Log level"), get_config('system', 'loglevel'), "", $log_choices), '$form_security_token' => get_form_security_token('admin_logs')));
}
function post()
{
if (!local_channel()) {
return;
}
if (\App::$argc != 2) {
return;
}
$contact_id = intval(\App::$argv[1]);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_channel()));
if (!count($r)) {
notice(t('Contact not found.') . EOL);
return;
}
$contact = $r[0];
$new_contact = intval($_POST['suggest']);
$hash = random_string();
$note = escape_tags(trim($_POST['note']));
if ($new_contact) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_channel()));
if (count($r)) {
$x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)\n\t\t\t\t\tVALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_channel()), intval($contact_id), dbesc($r[0]['name']), dbesc($r[0]['url']), dbesc($r[0]['request']), dbesc($r[0]['photo']), dbesc($hash), dbesc(datetime_convert()));
$r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", dbesc($hash), intval(local_channel()));
if (count($r)) {
$fsuggest_id = $r[0]['id'];
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_channel()));
proc_run('php', 'include/notifier.php', 'suggest', $fsuggest_id);
}
info(t('Friend suggestion sent.') . EOL);
}
}
}
/**
* Pre-Ouput content
*
* @access public
* @return string
*/
public function pre_output($input, $params)
{
$parse_tags = !isset($params['allow_tags']) ? 'n' : $params['allow_tags'];
$content_type = !isset($params['content_type']) ? 'html' : $params['content_type'];
// If this is the admin, show only the source
// @TODO This is hacky, there will be times when the admin wants to see a preview or something
if (defined('ADMIN_THEME')) {
return $input;
}
// If this isn't the admin and we want to allow tags,
// let it through. Otherwise we will escape them.
if ($parse_tags == 'y') {
$content = $this->CI->parser->parse_string($input, array(), true);
} else {
$this->CI->load->helper('text');
$content = escape_tags($input);
}
// Not that we know what content is there, what format should we treat is as?
switch ($content_type) {
case 'md':
$this->CI->load->helper('markdown');
return parse_markdown($content);
case 'html':
return $content;
default:
return strip_tags($content);
}
}
/**
* test, that tags are escaped
*/
public function testEscapeTags()
{
$invalidstring = '<submit type="button" onclick="alert(\'failed!\');" />';
$validstring = notags($invalidstring);
$escapedString = escape_tags($invalidstring);
$this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
$this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString);
}
/**
* Process before outputting
*
* @access public
* @param array
* @return string
*/
public function pre_output($input)
{
$this->CI->load->library('encrypt');
$out = $this->CI->encrypt->decode($input);
// No PyroCMS tags in your ouput!
$this->CI->load->helper('text');
return escape_tags($out);
}
/**
* Function to display a comment
*
* Reference is a actually an object reference, a.k.a. categorization of the comments table rows.
* The reference id is a further categorization on this. (For example, for example for
*
* @param int $ref_id The id of the collection of the reference object of the comment (I guess?)
* @param bool $reference A module or other reference to pick comments for
* @return void
*/
function display_comments($ref_id = '', $reference = NULL)
{
if ( ! (Settings::get('enable_comments') && $ref_id))
{
return;
}
$ci =& get_instance();
// Set ref to module if none provided
$reference OR $reference = $ci->router->fetch_module();
$ci->lang->load('comments/comments');
$ci->load->model('comments/comments_m');
$comments = $ci->comments_m->get_by_module_item($reference, $ref_id);
// loop through the comments and escape {pyro} and html tags
foreach ($comments as &$comment)
{
foreach ($comment as &$body)
{
$body = escape_tags($body);
}
}
// set the data to send to the view
$data['comments'] = $comments;
$data['module'] = $reference;
$data['id'] = $ref_id;
$data['comment'] = $ci->session->flashdata('comment');
/**
* The following allows us to load views
* without breaking theme overloading
**/
$view = 'comments';
if (file_exists($ci->template->get_views_path() . 'modules/comments/' . $view . (pathinfo($view, PATHINFO_EXTENSION) ? '' : EXT)))
{
// look in the theme for overloaded views
$path = $ci->template->get_views_path() . 'modules/comments/';
}
else
{
// or look in the module
list($path, $view) = Modules::find($view, 'comments', 'views/');
}
$save_path = $ci->load->_ci_view_path;
$ci->load->_ci_view_path = $path;
// output the comments html
$comment_view = $ci->load->_ci_load(array('_ci_view' => $view, '_ci_vars' => ( $data )));
// Put the path back
$ci->load->_ci_view_path = $save_path;
}
function tasks_post(&$a)
{
// logger('post: ' . print_r($_POST,true));
if (!local_channel()) {
return;
}
$channel = App::get_channel();
if (argc() > 2 && argv(1) === 'complete' && intval(argv(2))) {
$ret = array('success' => false);
$r = q("select * from event where `type` = 'task' and uid = %d and id = %d limit 1", intval(local_channel()), intval(argv(2)));
if ($r) {
$event = $r[0];
if ($event['event_status'] === 'COMPLETED') {
$event['event_status'] = 'IN-PROCESS';
$event['event_status_date'] = NULL_DATE;
$event['event_percent'] = 0;
$event['event_sequence'] = $event['event_sequence'] + 1;
$event['edited'] = datetime_convert();
} else {
$event['event_status'] = 'COMPLETED';
$event['event_status_date'] = datetime_convert();
$event['event_percent'] = 100;
$event['event_sequence'] = $event['event_sequence'] + 1;
$event['edited'] = datetime_convert();
}
$x = event_store_event($event);
if ($x) {
$ret['success'] = true;
}
}
json_return_and_die($ret);
}
if (argc() == 2 && argv(1) === 'new') {
$text = escape_tags(trim($_REQUEST['summary']));
if (!$text) {
return array('success' => false);
}
$event = array();
$event['account'] = $channel['channel_account_id'];
$event['uid'] = $channel['channel_id'];
$event['event_xchan'] = $channel['channel_hash'];
$event['type'] = 'task';
$event['nofinish'] = true;
$event['created'] = $event['edited'] = $event['start'] = datetime_convert();
$event['adjust'] = 1;
$event['allow_cid'] = '<' . $channel['channel_hash'] . '>';
$event['summary'] = escape_tags($_REQUEST['summary']);
$x = event_store_event($event);
if ($x) {
$x['success'] = true;
} else {
$x = array('success' => false);
}
json_return_and_die($x);
}
}
/**
* @param array $row
* @param array $calendar
* @param string $base_path
* @return array
*/
private function jqcal2wdcal($row, $calendar, $base_path)
{
$not = q("SELECT COUNT(*) num FROM %s%snotifications WHERE `calendar_id` = %d AND `calendarobject_id` = %d", CALDAV_SQL_DB, CALDAV_SQL_PREFIX, IntVal($row["calendar_id"]), IntVal($row["calendarobject_id"]));
$editable = $this->getPermissionsItem($calendar["namespace_id"], $row["calendarobject_id"], $row);
$end = wdcal_mySql2PhpTime($row["EndTime"]);
if ($row["IsAllDayEvent"]) {
$end -= 1;
}
return array("jq_id" => $row["id"], "ev_id" => $row["calendarobject_id"], "summary" => escape_tags($row["Summary"]), "start" => wdcal_mySql2PhpTime($row["StartTime"]), "end" => $end, "is_allday" => $row["IsAllDayEvent"], "is_moredays" => 0, "is_recurring" => $row["IsRecurring"], "color" => is_null($row["Color"]) || $row["Color"] == "" ? $calendar["calendarcolor"] : $row["Color"], "is_editable" => $editable ? 1 : 0, "is_editable_quick" => $editable && !$row["IsRecurring"] ? 1 : 0, "location" => "Loc.", "attendees" => '', "has_notification" => $not[0]["num"] > 0 ? 1 : 0, "url_detail" => $base_path . $row["calendarobject_id"] . "/", "url_edit" => $base_path . $row["calendarobject_id"] . "/edit/", "special_type" => "");
}
function bookmark_add($channel, $sender, $taxonomy, $private, $opts = null)
{
$menu_id = 0;
$menu_name = '';
$ischat = false;
if (is_array($opts)) {
$menu_id = x($opts, 'menu_id') ? intval($opts['menu_id']) : 0;
$menu_name = x($opts, 'menu_name') ? escape_tags($opts['menu_name']) : '';
$ischat = x($opts, 'ischat') ? intval($opts['ischat']) : 0;
}
$iarr = array();
$channel_id = $channel['channel_id'];
if ($private) {
$iarr['contact_allow'] = array($channel['channel_hash']);
}
$iarr['mitem_link'] = $taxonomy['url'];
$iarr['mitem_desc'] = $taxonomy['term'];
$iarr['mitem_flags'] = $ischat ? MENU_ITEM_CHATROOM : 0;
require_once 'include/hubloc.php';
$zrl = is_matrix_url($taxonomy['url']);
if ($zrl) {
$iarr['mitem_flags'] |= MENU_ITEM_ZID;
}
$arr = array();
if (!$menu_name) {
$arr['menu_name'] = substr($sender['xchan_hash'], 0, 16) . ' ' . $sender['xchan_name'];
$arr['menu_desc'] = sprintf(t('%1$s\'s bookmarks'), $sender['xchan_name']);
} else {
$arr['menu_name'] = $arr['menu_desc'] = $menu_name;
}
$arr['menu_flags'] = $sender['xchan_hash'] === $channel['channel_hash'] ? MENU_BOOKMARK : MENU_SYSTEM | MENU_BOOKMARK;
$arr['menu_channel_id'] = $channel_id;
if (!$menu_id) {
$x = menu_list($arr['menu_channel_id'], $arr['menu_name'], $arr['menu_flags']);
if ($x) {
$menu_id = $x[0]['menu_id'];
} else {
$menu_id = menu_create($arr);
}
}
if (!$menu_id) {
logger('bookmark_add: unable to create menu ' . $arr['menu_name']);
return;
}
logger('add_bookmark: menu_id ' . $menu_id);
$r = q("select * from menu_item where mitem_link = '%s' and mitem_menu_id = %d and mitem_channel_id = %d limit 1", dbesc($iarr['mitem_link']), intval($menu_id), intval($channel_id));
if ($r) {
logger('add_bookmark: duplicate menu entry', LOGGER_DEBUG);
}
if (!$r) {
$r = menu_add_item($menu_id, $channel_id, $iarr);
}
return $r;
}
/**
* Returns a specific principal, specified by it's path.
* The returned structure should be the exact same as from
* getPrincipalsByPrefix.
*
* @param string $path
* @return array
*/
public function getPrincipalByPath($path)
{
list($prefixPath, $userName) = Sabre_DAV_URLUtil::splitPath($path);
// This backend only support principals in one collection
if ($prefixPath !== $this->prefix) {
return null;
}
$r = q("SELECT `nickname` FROM `user` WHERE `nickname` = '%s'", escape_tags($userName));
if (count($r) == 0) {
return array();
}
return array('uri' => $this->prefix . '/' . strtolower($r[0]['nickname']), '{DAV:}displayname' => $r[0]['nickname']);
}
function post()
{
$channel = \App::get_channel();
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
$token_errs = 0;
if (array_key_exists('token', $_POST)) {
$atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if (!$name || !$token) {
$token_errs++;
}
if (trim($_POST['expires'])) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
} else {
$expires = NULL_DATE;
}
$max_atokens = service_class_fetch(local_channel(), 'access_tokens');
if ($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
if ($r && intval($r[0]['total']) >= $max_tokens) {
notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
return;
}
}
}
if ($token_errs) {
notice(t('Name and Password are required.') . EOL);
return;
}
if ($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' \n\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
} else {
$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
}
$atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $name;
$all_perms = \Zotlabs\Access\Permissions::Perms();
if ($all_perms) {
foreach ($all_perms as $perm => $desc) {
if (array_key_exists('perms_' . $perm, $_POST)) {
set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, intval($_POST['perms_' . $perm]));
} else {
set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, 0);
}
}
}
info(t('Token saved.') . EOL);
return;
}
/**
* Pre-Ouput WYSUWYG content
*
* @access public
* @param string
* @return string
*/
public function pre_output($input, $params)
{
// Legacy. This was a temp fix for a few things
// that I'm sure a few sites are utilizing.
$input = str_replace('{{ url:site }}', site_url() . '/', $input);
$parse_tags = !isset($params['allow_tags']) ? 'n' : $params['allow_tags'];
// If this isn't the admin and we want to allow tags,
// let it through. Otherwise we will escape them.
if (!defined('ADMIN_THEME') and $parse_tags == 'y') {
return $this->CI->parser->parse_string($input, array(), true);
} else {
$this->CI->load->helper('text');
return escape_tags($input);
}
}
function pdledit_post(&$a)
{
if (!local_user()) {
return;
}
if (!$_REQUEST['module']) {
return;
}
if (!trim($_REQUEST['content'])) {
del_pconfig(local_user(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl');
goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
}
set_pconfig(local_user(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl', escape_tags($_REQUEST['content']));
info(t('Layout updated.') . EOL);
goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
}
/**
* Function to display a comment
*
* Reference is a actually an object reference, a.k.a. categorization of the comments table rows.
* The reference id is a further categorization on this. (For example, for example for
*
* @param int $ref_id The id of the collection of the reference object of the comment (I guess?)
* @param bool $reference A module or other reference to pick comments for
* @return void
*/
function display_comments($ref_id = '', $reference = NULL)
{
if (!(Settings::get('enable_comments') && $ref_id)) {
return;
}
$ci =& get_instance();
// Set ref to module if none provided
$reference or $reference = $ci->router->fetch_module();
$ci->lang->load('comments/comments');
$ci->load->model('comments/comments_m');
$comments = $ci->comments_m->get_by_module_item($reference, $ref_id);
// loop through the comments and escape {{ foo }} and html tags
foreach ($comments as &$comment) {
// Override specified website if they are a user
if ($comment->website and $comment->user_id and Settings::get('enable_profiles')) {
$comment->website = 'user/' . $comment->user_id;
}
foreach ($comment as &$body) {
$body = escape_tags($body);
}
}
// set the data to send to the view
$data['comments'] = $comments;
$data['module'] = $reference;
$data['id'] = $ref_id;
$data['comment'] = $ci->session->flashdata('comment');
/**
* The following allows us to load views
* without breaking theme overloading
**/
$view = 'comments';
if (file_exists($ci->template->get_views_path() . 'modules/comments/' . $view . (pathinfo($view, PATHINFO_EXTENSION) ? '' : EXT))) {
// look in the theme for overloaded views
$path = $ci->template->get_views_path() . 'modules/comments/';
} else {
// or look in the module
list($path, $view) = Modules::find($view, 'comments', 'views/');
}
// save the existing view array so we can restore it
$save_path = $ci->load->get_view_paths();
// add this view location to the array
$ci->load->set_view_path($path);
// output the comments html
$comment_view = $ci->load->_ci_load(array('_ci_view' => $view, '_ci_vars' => $data));
// Put the old array back
$ci->load->set_view_path($save_path);
}
function pubsub_post(&$a)
{
$sys_disabled = true;
if (!get_config('system', 'disable_discover_tab')) {
$sys_disabled = get_config('system', 'disable_diaspora_discover_tab');
}
$sys = $sys_disabled ? null : get_sys_channel();
if ($sys) {
$sys['system'] = true;
}
$xml = file_get_contents('php://input');
logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . App::$cmd);
logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
logger('pubsub: data: ' . $xml, LOGGER_DATA);
$nick = argc() > 1 ? escape_tags(trim(argv(1))) : '';
$contact_id = argc() > 2 ? intval(argv(2)) : 0;
$channel = channelx_by_nick($nick);
if (!$channel) {
http_status_exit(200, 'OK');
}
$importer_arr = array($channel);
if ($sys) {
$importer_arr[] = $sys;
}
foreach ($importer_arr as $channel) {
if (!$channel['system']) {
$connections = abook_connections($channel['channel_id'], ' and abook_id = ' . $contact_id);
} else {
$connections = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d", intval($contact_id));
}
if ($connections) {
$xchan = $connections[0];
} else {
logger('connection ' . $contact_id . ' not found.');
continue;
}
if (!perm_is_allowed($channel['channel_id'], $xchan['xchan_hash'], 'send_stream') && !$channel['system']) {
logger('permission denied.');
continue;
}
consume_feed($xml, $channel, $xchan, 1);
consume_feed($xml, $channel, $xchan, 2);
}
http_status_exit(200, 'OK');
}
/** @file */
function notes_init(&$a)
{
if (!local_user()) {
return;
}
$ret = array('success' => true);
if ($_REQUEST['note_text'] || $_REQUEST['note_text'] == '') {
$body = escape_tags($_REQUEST['note_text']);
set_pconfig(local_user(), 'notes', 'text', $body);
}
// push updates to channel clones
if (argc() > 1 && argv(1) === 'sync') {
require_once 'include/zot.php';
build_sync_packet();
}
logger('notes saved.', LOGGER_DEBUG);
json_return_and_die($ret);
}
function contacts_post(&$a)
{
if (!local_user()) {
return;
}
$contact_id = intval($a->argv[1]);
if (!$contact_id) {
return;
}
$orig_record = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_user()));
if (!count($orig_record)) {
notice(t('Could not access contact record.') . EOL);
goaway($a->get_baseurl() . '/contacts');
return;
// NOTREACHED
}
call_hooks('contact_edit_post', $_POST);
$profile_id = intval($_POST['profile-assign']);
if ($profile_id) {
$r = q("SELECT `id` FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($profile_id), intval(local_user()));
if (!count($r)) {
notice(t('Could not locate selected profile.') . EOL);
return;
}
}
$hidden = intval($_POST['hidden']);
$priority = intval($_POST['poll']);
if ($priority > 5 || $priority < 0) {
$priority = 0;
}
$info = escape_tags(trim($_POST['info']));
$r = q("UPDATE `contact` SET `profile-id` = %d, `priority` = %d , `info` = '%s',\n\t\t`hidden` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($profile_id), intval($priority), dbesc($info), intval($hidden), intval($contact_id), intval(local_user()));
if ($r) {
info(t('Contact updated.') . EOL);
} else {
notice(t('Failed to update contact record.') . EOL);
}
$r = q("select * from contact where id = %d and uid = %d limit 1", intval($contact_id), intval(local_user()));
if ($r && count($r)) {
$a->data['contact'] = $r[0];
}
return;
}
function chatsvc_post(&$a)
{
$ret = array('success' => false);
$room_id = $a->data['chat']['room_id'];
$text = escape_tags($_REQUEST['chat_text']);
if (!$text) {
return;
}
$sql_extra = permissions_sql($a->data['chat']['uid']);
$r = q("select * from chatroom where cr_uid = %d and cr_id = %d {$sql_extra}", intval($a->data['chat']['uid']), intval($a->data['chat']['room_id']));
if (!$r) {
json_return_and_die($ret);
}
$arr = array('chat_room' => $a->data['chat']['room_id'], 'chat_xchan' => get_observer_hash(), 'chat_text' => $text);
call_hooks('chat_post', $arr);
$x = q("insert into chat ( chat_room, chat_xchan, created, chat_text )\n\t\tvalues( %d, '%s', '%s', '%s' )", intval($a->data['chat']['room_id']), dbesc(get_observer_hash()), dbesc(datetime_convert()), dbesc($arr['chat_text']));
$ret['success'] = true;
json_return_and_die($ret);
}
function pconfig_form($cat, $k)
{
$o = '<form action="pconfig" method="post" >';
$o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token('pconfig') . '" />';
$v = get_pconfig(local_channel(), $cat, $k);
if (strpos($k, 'password') !== false) {
$v = z_unobscure($v);
}
$o .= '<input type="hidden" name="cat" value="' . $cat . '" />';
$o .= '<input type="hidden" name="k" value="' . $k . '" />';
if (strpos($v, "\n")) {
$o .= '<textarea name="v" >' . escape_tags($v) . '</textarea>';
} else {
$o .= '<input type="text" name="v" value="' . escape_tags($v) . '" />';
}
$o .= EOL . EOL;
$o .= '<input type="submit" name="submit" value="' . t('Submit') . '" />';
$o .= '</form>';
return $o;
}
function post()
{
if (!local_channel()) {
return;
}
if (!$_REQUEST['module']) {
return;
}
if (!feature_enabled(local_channel(), 'advanced_theming')) {
return;
}
if (!trim($_REQUEST['content'])) {
del_pconfig(local_channel(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl');
goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
}
set_pconfig(local_channel(), 'system', 'mod_' . $_REQUEST['module'] . '.pdl', escape_tags($_REQUEST['content']));
build_sync_packet();
info(t('Layout updated.') . EOL);
goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
}
function message_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
$replyto = notags(trim($_POST['replyto']));
$recipient = intval($_POST['messageto']);
$subject = notags(trim($_POST['subject']));
$body = escape_tags(trim($_POST['body']));
if (!$recipient) {
notice(t('No recipient selected.') . EOL);
return;
}
$me = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1");
$contact = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($recipient));
if (!(count($me) && count($contact))) {
notice(t('Unable to locate contact information.') . EOL);
return;
}
$hash = random_string();
$uri = 'urn:X-dfrn:' . $a->get_baseurl() . ':1:' . $hash;
if (!strlen($replyto)) {
$replyto = $uri;
}
$r = q("INSERT INTO `mail` ( `from-name`, `from-photo`, `from-url`, \n\t\t`contact-id`, `title`, `body`, `delivered`, `seen`, `replied`, `uri`, `parent-uri`, `created`)\n\t\tVALUES ( '%s', '%s', '%s', %d, '%s', '%s', %d, %d, %d, '%s', '%s', '%s' )", dbesc($me[0]['name']), dbesc($me[0]['thumb']), dbesc($me[0]['url']), intval($recipient), dbesc($subject), dbesc($body), 0, 1, 0, dbesc($uri), dbesc($replyto), datetime_convert());
$r = q("SELECT * FROM `mail` WHERE `uri` = '%s' LIMIT 1", dbesc($uri));
if (count($r)) {
$post_id = $r[0]['id'];
}
$php_path = strlen($a->config['php_path']) ? $a->config['php_path'] : 'php';
if ($post_id) {
proc_close(proc_open("\"{$php_path}\" \"include/notifier.php\" \"mail\" \"{$post_id}\" &", array(), $foo));
notice(t('Message sent.') . EOL);
} else {
notice(t('Message could not be sent.') . EOL);
}
return;
}
function prate_post(&$a)
{
if (!local_channel()) {
return;
}
$channel = App::get_channel();
$target = trim($_REQUEST['target']);
if (!$target) {
return;
}
if ($target === $channel['channel_hash']) {
return;
}
$rating = intval($_POST['rating']);
if ($rating < -10) {
$rating = -10;
}
if ($rating > 10) {
$rating = 10;
}
$rating_text = trim(escape_tags($_REQUEST['rating_text']));
$signed = $target . '.' . $rating . '.' . $rating_text;
$sig = base64url_encode(rsa_sign($signed, $channel['channel_prvkey']));
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target));
if ($z) {
$record = $z[0]['xlink_id'];
$w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s'\n\t\t\twhere xlink_id = %d", intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()), intval($record));
} else {
$w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($channel['channel_hash']), dbesc($target), intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()));
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan']));
if ($z) {
$record = $z[0]['xlink_id'];
}
}
if ($record) {
proc_run('php', 'include/ratenotif.php', 'rating', $record);
}
json_return_and_die(array('result' => true));
}
