function zotfeed_init(&$a) { $result = array('success' => false); $mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : ''; if (!$mindate) { $mindate = datetime_convert('UTC', 'UTC', 'now - 1 month'); } if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) { $result['message'] = 'Public access denied'; json_return_and_die($result); } $observer = $a->get_observer(); $channel_address = argc() > 1 ? argv(1) : ''; if ($channel_address) { $r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", dbesc(argv(1)), intval(PAGE_REMOVED)); } else { $x = get_sys_channel(); if ($x) { $r = array($x); } } if (!$r) { $result['message'] = 'Channel not found.'; json_return_and_die($result); } logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG); $result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], $mindate); $result['success'] = true; json_return_and_die($result); }
function share_init(&$a) { $post_id = argc() > 1 ? intval(argv(1)) : 0; if (!$post_id) { killme(); } if (!(local_user() || remote_user())) { killme(); } $r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d LIMIT 1", intval($post_id)); if (!$r) { killme(); } if ($r[0]['item_private'] && $r[0]['xchan_network'] !== 'rss') { killme(); } $sql_extra = item_permissions_sql($r[0]['uid']); $r = q("select * from item where id = %d {$sql_extra}", intval($post_id)); if (!$r) { killme(); } // FIXME - we only share bbcode if ($r[0]['mimetype'] !== 'text/bbcode') { killme(); } // FIXME - eventually we want to post remotely via rpost // on your home site. // When that works remove this next bit: if (!local_user()) { killme(); } xchan_query($r); if (strpos($r[0]['body'], "[/share]") !== false) { $pos = strpos($r[0]['body'], "[share"); $o = substr($r[0]['body'], $pos); } else { $o = "[share author='" . urlencode($r[0]['author']['xchan_name']) . "' profile='" . $r[0]['author']['xchan_url'] . "' avatar='" . $r[0]['author']['xchan_photo_s'] . "' link='" . $r[0]['plink'] . "' posted='" . $r[0]['created'] . "' message_id='" . $r[0]['mid'] . "']\n"; if ($r[0]['title']) { $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n"; } $o .= $r[0]['body']; $o .= "[/share]"; } if (local_user()) { echo $o; killme(); } $observer = $a->get_observer(); $parsed = $observer['xchan_url']; if ($parsed) { $post_url = $parsed['scheme'] . ':' . $parsed['host'] . ($parsed['port'] ? ':' . $parsed['port'] : '') . '/rpost'; // FIXME - we were probably called from JS // so we don't know the return page. // in fact we won't be able to load the remote page. // we might need an iframe $x = z_post_url($post_url, array('f' => '', 'body' => $o)); killme(); } }
function auto_redir(&$a, $contact_nick) { // prevent looping if (x($_REQUEST, 'redir') && intval($_REQUEST['redir'])) { return; } if (!$contact_nick || $contact_nick === $a->user['nickname']) { return; } if (local_user()) { // We need to find out if $contact_nick is a user on this hub, and if so, if I // am a contact of that user. However, that user may have other contacts with the // same nickname as me on other hubs or other networks. Exclude these by requiring // that the contact have a local URL. I will be the only person with my nickname at // this URL, so if a result is found, then I am a contact of the $contact_nick user. // // We also have to make sure that I'm a legitimate contact--I'm not blocked or pending. $baseurl = $a->get_baseurl(); $domain_st = strpos($baseurl, "://"); if ($domain_st === false) { return; } $baseurl = substr($baseurl, $domain_st + 3); $nurl = normalise_link($baseurl); $r = q("SELECT id FROM contact WHERE uid = ( SELECT uid FROM user WHERE nickname = '%s' LIMIT 1 )\n\t\t AND nick = '%s' AND self = 0 AND ( url LIKE '%%%s%%' or nurl LIKE '%%%s%%' ) AND blocked = 0 AND pending = 0 LIMIT 1", dbesc($contact_nick), dbesc($a->user['nickname']), dbesc($baseurl), dbesc($nurl)); if (!$r || !count($r) || $r[0]['id'] == remote_user()) { return; } $r = q("SELECT * FROM contact WHERE nick = '%s'\n\t\t AND network = '%s' AND uid = %d AND url LIKE '%%%s%%' LIMIT 1", dbesc($contact_nick), dbesc(NETWORK_DFRN), intval(local_user()), dbesc($baseurl)); if (!($r && count($r))) { return; } $cid = $r[0]['id']; $dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id']; if ($r[0]['duplex'] && $r[0]['issued-id']) { $orig_id = $r[0]['issued-id']; $dfrn_id = '1:' . $orig_id; } if ($r[0]['duplex'] && $r[0]['dfrn-id']) { $orig_id = $r[0]['dfrn-id']; $dfrn_id = '0:' . $orig_id; } // ensure that we've got a valid ID. There may be some edge cases with forums and non-duplex mode // that may have triggered some of the "went to {profile/intro} and got an RSS feed" issues if (strlen($dfrn_id) < 3) { return; } $sec = random_string(); q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(local_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45)); $url = curPageURL(); logger('auto_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = $url ? '&destination_url=' . $url : ''; goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest); } return; }
function community_content(&$a, $update = 0) { $o = ''; if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (get_config('system', 'no_community_page')) { notice(t('Not available.') . EOL); return; } require_once "include/bbcode.php"; require_once 'include/security.php'; require_once 'include/conversation.php'; $o .= '<h3>' . t('Community') . '</h3>'; if (!$update) { nav_set_selected('community'); } if (x($a->data, 'search')) { $search = notags(trim($a->data['search'])); } else { $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : ''; } // Here is the way permissions work in this module... // Only public posts can be shown // OR your own posts if you are a logged in member if (!get_config('alt_pager', 'global') && !get_pconfig(local_user(), 'system', 'alt_pager')) { $r = q("SELECT COUNT(distinct(`item`.`uri`)) AS `total`\n\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' \n\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `user`.`hidewall` = 0 \n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0"); if (count($r)) { $a->set_pager_total($r[0]['total']); } if (!$r[0]['total']) { info(t('No results.') . EOL); return $o; } } //$r = q("SELECT distinct(`item`.`uri`) $r = q("SELECT `item`.`uri`, `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,\n\t\t`user`.`nickname`, `user`.`hidewall`\n\t\tFROM `item` FORCE INDEX (`received`) LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' \n\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1 AND `item`.`id` = `item`.`parent`\n\t\tAND `user`.`hidewall` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 AND `contact`.`self`\n\t\tORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage'])); // group by `item`.`uri` if (!count($r)) { info(t('No results.') . EOL); return $o; } // we behave the same in message lists as the search module $o .= conversation($a, $r, 'community', $update); if (get_config('alt_pager', 'global') || get_pconfig(local_user(), 'system', 'alt_pager')) { $o .= alt_pager($a, count($r)); } else { $o .= paginate($a); } return $o; }
function can_write_wall(&$a, $owner) { if (!local_user() && !remote_user()) { return false; } if (local_user() && $_SESSION['uid'] == $owner) { return true; } $sql_extra = $a->config['rockstar'] ? '' : sprintf(" AND `readonly` = 0 AND `rel` IN ( %d , %d ) ", intval(DIRECTION_OUT), intval(DIRECTION_BOTH)); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `blocked` = 0 AND `pending` = 0 {$sql_extra} LIMIT 1", intval($_SESSION['visitor_id'])); if (count($r)) { return true; } return false; }
function redir_init(&$a) { $url = x($_GET, 'url') ? $_GET['url'] : ''; $quiet = x($_GET, 'quiet') ? '&quiet=1' : ''; $con_url = x($_GET, 'conurl') ? $_GET['conurl'] : ''; // traditional DFRN if ($con_url || local_user() && $a->argc > 1 && intval($a->argv[1])) { if ($con_url) { $con_url = str_replace('https', 'http', $con_url); $r = q("SELECT * FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", dbesc($con_url), intval(local_user())); if (!count($r) || $r[0]['network'] !== NETWORK_DFRN) { goaway(z_root()); } $cid = $r[0]['id']; } else { $cid = $a->argv[1]; $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user())); if (!count($r) || $r[0]['network'] !== NETWORK_DFRN) { goaway(z_root()); } } $dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id']; if ($r[0]['duplex'] && $r[0]['issued-id']) { $orig_id = $r[0]['issued-id']; $dfrn_id = '1:' . $orig_id; } if ($r[0]['duplex'] && $r[0]['dfrn-id']) { $orig_id = $r[0]['dfrn-id']; $dfrn_id = '0:' . $orig_id; } $sec = random_string(); q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(local_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45)); logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG); $dest = $url ? '&destination_url=' . $url : ''; goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet); } if (local_user()) { $handle = $a->user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(), '://') + 3); } if (remote_user()) { $handle = $_SESSION['handle']; } if ($url) { $url = str_replace('{zid}', '&zid=' . $handle, $url); goaway($url); } goaway(z_root()); }
function viewcontacts_content(&$a) { require_once "mod/proxy.php"; if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (!count($a->profile) || $a->profile['hide-friends']) { notice(t('Permission denied.') . EOL); return; } $o = ""; // tabs $o .= profile_tabs($a, $is_owner, $a->data['user']['nickname']); $r = q("SELECT COUNT(*) AS `total` FROM `contact`\n\t\tWHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 AND `archive` = 0\n\t\t\tAND `network` IN ('%s', '%s', '%s')", intval($a->profile['uid']), dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS)); if (count($r)) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT * FROM `contact`\n\t\tWHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 AND `archive` = 0\n\t\t\tAND `network` IN ('%s', '%s', '%s')\n\t\tORDER BY `name` ASC LIMIT %d, %d", intval($a->profile['uid']), dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS), intval($a->pager['start']), intval($a->pager['itemspage'])); if (!count($r)) { info(t('No contacts.') . EOL); return $o; } $contacts = array(); foreach ($r as $rr) { if ($rr['self']) { continue; } $url = $rr['url']; // route DFRN profiles through the redirect $is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false; if ($is_owner && $rr['network'] === NETWORK_DFRN && $rr['rel']) { $url = 'redir/' . $rr['id']; } else { $url = zrl($url); } $contact_details = get_contact_details_by_url($rr['url'], $a->profile['uid']); $contacts[] = array('id' => $rr['id'], 'img_hover' => sprintf(t('Visit %s\'s profile [%s]'), $rr['name'], $rr['url']), 'photo_menu' => contact_photo_menu($rr), 'thumb' => proxy_url($rr['thumb'], false, PROXY_SIZE_THUMB), 'name' => htmlentities(substr($rr['name'], 0, 20)), 'username' => htmlentities($rr['name']), 'details' => $contact_details['location'], 'tags' => $contact_details['keywords'], 'about' => $contact_details['about'], 'account_type' => $contact_details['community'] ? t('Forum') : '', 'url' => $url, 'sparkle' => '', 'itemurl' => $contact_details['addr'] != "" ? $contact_details['addr'] : $rr['url'], 'network' => network_to_name($rr['network'], $rr['url'])); } $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array('$title' => t('Contacts'), '$contacts' => $contacts, '$paginate' => paginate($a))); return $o; }
function oexchange_content(&$a) { if (!local_user()) { if (remote_user()) { $observer = $a->get_observer(); if ($observer && $observer['xchan_url']) { $parsed = @parse_url($observer['xchan_url']); if (!$parsed) { notice(t('Unable to find your hub.') . EOL); return; } $url = $parsed['scheme'] . '://' . $parsed['host'] . ($parsed['port'] ? ':' . $parsed['port'] : ''); $url .= '/oexchange'; $result = z_post_url($url, $_REQUEST); json_return_and_die($result); } } return login(false); } if (argc() > 1 && argv(1) === 'done') { info(t('Post successful.') . EOL); return; } $url = x($_REQUEST, 'url') && strlen($_REQUEST['url']) ? urlencode(notags(trim($_REQUEST['url']))) : ''; $title = x($_REQUEST, 'title') && strlen($_REQUEST['title']) ? '&title=' . urlencode(notags(trim($_REQUEST['title']))) : ''; $description = x($_REQUEST, 'description') && strlen($_REQUEST['description']) ? '&description=' . urlencode(notags(trim($_REQUEST['description']))) : ''; $tags = x($_REQUEST, 'tags') && strlen($_REQUEST['tags']) ? '&tags=' . urlencode(notags(trim($_REQUEST['tags']))) : ''; $ret = z_fetch_url($a->get_baseurl() . '/parse_url?f=&url=' . $url . $title . $description . $tags); if ($ret['success']) { $s = $ret['body']; } if (!strlen($s)) { return; } $post = array(); $post['profile_uid'] = local_user(); $post['return'] = '/oexchange/done'; $post['body'] = $s; $post['type'] = 'wall'; $_REQUEST = $post; require_once 'mod/item.php'; item_post($a); }
function community_content(&$a, $update = 0) { $o = ''; if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (get_config('system', 'no_community_page')) { notice(t('Not available.') . EOL); return; } require_once "include/bbcode.php"; require_once 'include/security.php'; require_once 'include/conversation.php'; $o .= '<h3>' . t('Community') . '</h3>'; if (!$update) { nav_set_selected('community'); $o .= '<div id="live-community"></div>' . "\r\n"; $o .= "<script> var profile_uid = -1; var netargs = '/?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n"; } if (x($a->data, 'search')) { $search = notags(trim($a->data['search'])); } else { $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : ''; } // Here is the way permissions work in this module... // Only public wall posts can be shown // OR your own posts if you are a logged in member $r = q("SELECT COUNT(*) AS `total`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' \n\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 \n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0 "); if (count($r)) { $a->set_pager_total($r[0]['total']); } if (!$r[0]['total']) { info(t('No results.') . EOL); return $o; } $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,\n\t\t`user`.`nickname`, `user`.`hidewall`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' \n\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 \n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tORDER BY `received` DESC LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage'])); // we behave the same in message lists as the search module $o .= conversation($a, $r, 'community', false); $o .= paginate($a); $o .= '<div class="cc-license">' . t('Shared content is covered by the <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution 3.0</a> license.') . '</div>'; return $o; }
function hcard_init(&$a) { $blocked = get_config('system', 'block_public') && !local_user() && !remote_user() ? true : false; if ($a->argc > 1) { $which = $a->argv[1]; } else { notice(t('No profile') . EOL); $a->error = 404; return; } $profile = 0; if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') { $which = $a->user['nickname']; $profile = $a->argv[1]; } profile_load($a, $which, $profile); if (x($a->profile, 'page-flags') && $a->profile['page-flags'] == PAGE_COMMUNITY) { $a->page['htmlhead'] .= '<meta name="friendika.community" content="true" />'; } if (x($a->profile, 'openidserver')) { $a->page['htmlhead'] .= '<link rel="openid.server" href="' . $a->profile['openidserver'] . '" />' . "\r\n"; } if (x($a->profile, 'openid')) { $delegate = strstr($a->profile['openid'], '://') ? $a->profile['openid'] : 'http://' . $a->profile['openid']; $a->page['htmlhead'] .= '<link rel="openid.delegate" href="' . $delegate . '" />' . "\r\n"; } if (!$blocked) { $keywords = x($a->profile, 'pub_keywords') ? $a->profile['pub_keywords'] : ''; $keywords = str_replace(array(',', ' ', ',,'), array(' ', ',', ','), $keywords); if (strlen($keywords)) { $a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n"; } } $a->page['htmlhead'] .= '<meta name="dfrn-global-visibility" content="' . ($a->profile['net-publish'] ? 'true' : 'false') . '" />' . "\r\n"; $a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/dfrn_poll/' . $which . '" />' . "\r\n"; $uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . ($a->path ? '/' . $a->path : '')); $a->page['htmlhead'] .= '<link rel="lrdd" type="application/xrd+xml" href="' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '" />' . "\r\n"; header('Link: <' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '>; rel="lrdd"; type="application/xrd+xml"', false); $dfrn_pages = array('request', 'confirm', 'notify', 'poll'); foreach ($dfrn_pages as $dfrn) { $a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"" . $a->get_baseurl() . "/dfrn_{$dfrn}/{$which}\" />\r\n"; } }
function viewconnections_content(&$a) { if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (!count($a->profile) || $a->profile['hide_friends']) { notice(t('Permission denied.') . EOL); return; } if (!perm_is_allowed($a->profile['uid'], get_observer_hash(), 'view_contacts')) { notice(t('Permission denied.') . EOL); return; } $is_owner = local_user() && local_user() == $a->profile['uid'] ? true : false; $abook_flags = ABOOK_FLAG_PENDING | ABOOK_FLAG_SELF; $xchan_flags = XCHAN_FLAGS_ORPHAN | XCHAN_FLAGS_DELETED; if (!$is_owner) { $abook_flags = $abook_flags | ABOOK_FLAG_HIDDEN; $xchan_flags = $xchan_flags | XCHAN_FLAGS_HIDDEN; } $r = q("SELECT count(*) as total FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not (abook_flags & %d ) and not ( xchan_flags & %d ) ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags)); if ($r) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and not ( abook_flags & %d ) and not ( xchan_flags & %d ) order by xchan_name LIMIT %d , %d ", intval($a->profile['uid']), intval($abook_flags), intval($xchan_flags), intval($a->pager['start']), intval($a->pager['itemspage'])); if (!$r) { info(t('No connections.') . EOL); return $o; } $contacts = array(); foreach ($r as $rr) { $url = chanlink_url($rr['xchan_url']); if ($url) { $contacts[] = array('id' => $rr['abook_id'], 'archived' => $rr['abook_flags'] & ABOOK_FLAG_ARCHIVED ? true : false, 'img_hover' => sprintf(t('Visit %s\'s profile [%s]'), $rr['xchan_name'], $rr['xchan_url']), 'thumb' => $rr['xchan_photo_m'], 'name' => substr($rr['xchan_name'], 0, 20), 'username' => $rr['xchan_addr'], 'link' => $url, 'sparkle' => '', 'itemurl' => $rr['url'], 'network' => ''); } } $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array('$title' => t('View Connnections'), '$contacts' => $contacts, '$paginate' => paginate($a))); return $o; }
function search_content(&$a) { if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } nav_set_selected('search'); require_once "include/bbcode.php"; require_once 'include/security.php'; require_once 'include/conversation.php'; $o = '<div id="live-search"></div>' . "\r\n"; $o .= '<h3>' . t('Search This Site') . '</h3>'; if (x($a->data, 'search')) { $search = notags(trim($a->data['search'])); } else { $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : ''; } $o .= search($search, 'search-box', '/search', local_user() ? true : false); if (!$search) { return $o; } // Here is the way permissions work in the search module... // Only public wall posts can be shown // OR your own posts if you are a logged in member $s_regx = sprintf("AND ( `item`.`body` REGEXP '%s' OR `item`.`tag` REGEXP '%s' )", dbesc(preg_quote($search)), dbesc('\\]' . preg_quote($search) . '\\[')); $search_alg = $s_regx; $r = q("SELECT COUNT(*) AS `total`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id` LEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0) \n\t\t\tOR `item`.`uid` = %d )\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t{$search_alg} ", intval(local_user())); if (count($r)) { $a->set_pager_total($r[0]['total']); } if (!$r[0]['total']) { info(t('No results.') . EOL); return $o; } $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`,\n\t\t`user`.`nickname`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND (( `wall` = 1 AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' AND `user`.`hidewall` = 0 ) \n\t\t\tOR `item`.`uid` = %d )\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t{$search_alg}\n\t\tORDER BY `received` DESC LIMIT %d , %d ", intval(local_user()), intval($a->pager['start']), intval($a->pager['itemspage'])); $o .= '<h2>Search results for: ' . $search . '</h2>'; $o .= conversation($a, $r, 'search', false); $o .= paginate($a); return $o; }
function viewcontacts_content(&$a) { require_once "mod/proxy.php"; if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (!count($a->profile) || $a->profile['hide-friends']) { notice(t('Permission denied.') . EOL); return; } $r = q("SELECT COUNT(*) as `total` FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 AND `archive` = 0 ", intval($a->profile['uid'])); if (count($r)) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 AND `archive` = 0 ORDER BY `name` ASC LIMIT %d , %d ", intval($a->profile['uid']), intval($a->pager['start']), intval($a->pager['itemspage'])); if (!count($r)) { info(t('No contacts.') . EOL); return $o; } $contacts = array(); foreach ($r as $rr) { if ($rr['self']) { continue; } $url = $rr['url']; // route DFRN profiles through the redirect $is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false; if ($is_owner && $rr['network'] === NETWORK_DFRN && $rr['rel']) { $url = 'redir/' . $rr['id']; } else { $url = zrl($url); } $contacts[] = array('id' => $rr['id'], 'img_hover' => sprintf(t('Visit %s\'s profile [%s]'), $rr['name'], $rr['url']), 'thumb' => proxy_url($rr['thumb']), 'name' => substr($rr['name'], 0, 20), 'username' => $rr['name'], 'url' => $url, 'sparkle' => '', 'itemurl' => $rr['url'], 'network' => network_to_name($rr['network'], $rr['url'])); } $tpl = get_markup_template("viewcontact_template.tpl"); $o .= replace_macros($tpl, array('$title' => t('View Contacts'), '$contacts' => $contacts, '$paginate' => paginate($a))); return $o; }
function profile_content(&$a, $update = 0) { if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) { return login(); } $groups = array(); $tab = 'profile'; $o = ''; if (!perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_profile')) { notice(t('Permission denied.') . EOL); return; } $is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false; if ($a->profile['hidewall'] && !$is_owner && !remote_user()) { notice(t('Permission denied.') . EOL); return; } $o .= profile_tabs($a, $is_owner, $a->profile['channel_address']); $o .= advanced_profile($a); call_hooks('profile_advanced', $o); return $o; }
function viewcontacts_content(&$a) { if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (!count($a->profile) || $a->profile['hide-friends']) { notice(t('Permission denied.') . EOL); return; } $o .= '<h3>' . t('View Contacts') . '</h3>'; $r = q("SELECT COUNT(*) as `total` FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 ", intval($a->profile['uid'])); if (count($r)) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `blocked` = 0 AND `pending` = 0 AND `hidden` = 0 ORDER BY `name` ASC LIMIT %d , %d ", intval($a->profile['uid']), intval($a->pager['start']), intval($a->pager['itemspage'])); if (!count($r)) { info(t('No contacts.') . EOL); return $o; } $tpl = get_markup_template("viewcontact_template.tpl"); foreach ($r as $rr) { if ($rr['self']) { continue; } $url = $rr['url']; // route DFRN profiles through the redirect $is_owner = local_user() && $a->profile['profile_uid'] == local_user() ? true : false; if ($is_owner && $rr['network'] === NETWORK_DFRN && $rr['rel']) { $url = 'redir/' . $rr['id']; } $o .= replace_macros($tpl, array('$id' => $rr['id'], '$alt_text' => sprintf(t('Visit %s\'s profile [%s]'), $rr['name'], $rr['url']), '$thumb' => $rr['thumb'], '$name' => substr($rr['name'], 0, 20), '$username' => $rr['name'], '$url' => $url)); } $o .= '<div id="view-contact-end"></div>'; $o .= paginate($a); return $o; }
function permissions_sql($owner_id, $remote_verified = false, $groups = null) { $local_user = local_user(); $remote_user = remote_user(); /** * Construct permissions * * default permissions - anonymous user */ $sql = " AND allow_cid = '' \n\t\t\t AND allow_gid = '' \n\t\t\t AND deny_cid = '' \n\t\t\t AND deny_gid = '' \n\t"; /** * Profile owner - everything is visible */ if ($local_user && $local_user == $owner_id) { $sql = ''; } elseif ($remote_user) { if (!$remote_verified) { $r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", intval($remote_user), intval($owner_id)); if (count($r)) { $remote_verified = true; $groups = init_groups_visitor($remote_user); } } if ($remote_verified) { $gs = '<<>>'; // should be impossible to match if (is_array($groups) && count($groups)) { foreach ($groups as $g) { $gs .= '|<' . intval($g) . '>'; } } $sql = sprintf(" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( allow_gid = '' OR allow_gid REGEXP '%s' )\n\t\t\t\t AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') \n\t\t\t\t", intval($remote_user), intval($remote_user), dbesc($gs), dbesc($gs)); } } return $sql; }
function dfrn_poll_init(&$a) { $dfrn_id = x($_GET, 'dfrn_id') ? $_GET['dfrn_id'] : ''; $type = x($_GET, 'type') ? $_GET['type'] : 'data'; $last_update = x($_GET, 'last_update') ? $_GET['last_update'] : ''; $destination_url = x($_GET, 'destination_url') ? $_GET['destination_url'] : ''; $challenge = x($_GET, 'challenge') ? $_GET['challenge'] : ''; $sec = x($_GET, 'sec') ? $_GET['sec'] : ''; $dfrn_version = x($_GET, 'dfrn_version') ? (double) $_GET['dfrn_version'] : 2.0; $perm = x($_GET, 'perm') ? $_GET['perm'] : 'r'; $direction = -1; if (strpos($dfrn_id, ':') == 1) { $direction = intval(substr($dfrn_id, 0, 1)); $dfrn_id = substr($dfrn_id, 2); } if ($dfrn_id === '' && !x($_POST, 'dfrn_id') && $a->argc > 1) { if (get_config('system', 'block_public') && !local_user() && !remote_user()) { killme(); } $r = q("SELECT `hidewall` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1", dbesc($a->argv[1])); if (count($r) && $r[0]['hidewall']) { killme(); } logger('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR']); header("Content-type: application/atom+xml"); $o = get_feed_for($a, '', $a->argv[1], $last_update); echo $o; killme(); } if ($type === 'profile' && !strlen($sec)) { $sql_extra = ''; switch ($direction) { case -1: $sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", dbesc($dfrn_id), dbesc($dfrn_id)); $my_id = $dfrn_id; break; case 0: $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '1:' . $dfrn_id; break; case 1: $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id)); $my_id = '0:' . $dfrn_id; break; default: goaway(z_root()); break; // NOTREACHED } $r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname` \n\t\t\tFROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`\n\t\t\tWHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0 \n\t\t\tAND `user`.`nickname` = '%s' {$sql_extra} LIMIT 1", dbesc($a->argv[1])); if (count($r)) { $s = fetch_url($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check'); logger("dfrn_poll: old profile returns " . $s, LOGGER_DATA); if (strlen($s)) { $xml = parse_xml_string($s); if ((int) $xml->status == 1) { $_SESSION['authenticated'] = 1; $_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_visiting'] = $r[0]['uid']; info(sprintf(t('%s welcomes %s'), $r[0]['username'], $r[0]['name']) . EOL); // Visitors get 1 day session. $session_id = session_id(); $expire = time() + 86400; q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s' LIMIT 1", dbesc($expire), dbesc($session_id)); } } $profile = $r[0]['nickname']; goaway(strlen($destination_url) ? $destination_url : $a->get_baseurl() . '/profile/' . $profile); } goaway(z_root()); } if ($type === 'profile-check' && $dfrn_version < 2.2) { if (strlen($challenge) && strlen($sec)) { q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1", dbesc($sec)); if (!count($r)) { xml_status(3, 'No ticket'); // NOTREACHED } $orig_id = $r[0]['dfrn_id']; if (strpos($orig_id, ':')) { $orig_id = substr($orig_id, 2); } $c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($r[0]['cid'])); if (!count($c)) { xml_status(3, 'No profile'); } $contact = $c[0]; $sent_dfrn_id = hex2bin($dfrn_id); $challenge = hex2bin($challenge); $final_dfrn_id = ''; if ($contact['duplex'] && strlen($contact['prvkey'])) { openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']); openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']); } else { openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']); openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']); } $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.')); if (strpos($final_dfrn_id, ':') == 1) { $final_dfrn_id = substr($final_dfrn_id, 2); } if ($final_dfrn_id != $orig_id) { logger('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, LOGGER_DEBUG); // did not decode properly - cannot trust this site xml_status(3, 'Bad decryption'); } header("Content-type: text/xml"); echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>{$decoded_challenge}</challenge><sec>{$sec}</sec></dfrn_poll>"; killme(); // NOTREACHED } else { // old protocol switch ($direction) { case 1: $dfrn_id = '0:' . $dfrn_id; break; case 0: $dfrn_id = '1:' . $dfrn_id; break; default: break; } q("DELETE FROM `profile_check` WHERE `expire` < " . intval(time())); $r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC", dbesc($dfrn_id)); if (count($r)) { xml_status(1); return; // NOTREACHED } xml_status(0); return; // NOTREACHED } } }
function profile_content(&$a, $update = 0) { $category = $datequery = $datequery2 = ''; if ($a->argc > 2) { for ($x = 2; $x < $a->argc; $x++) { if (is_a_date_arg($a->argv[$x])) { if ($datequery) { $datequery2 = escape_tags($a->argv[$x]); } else { $datequery = escape_tags($a->argv[$x]); } } else { $category = $a->argv[$x]; } } } if (!x($category)) { $category = x($_GET, 'category') ? $_GET['category'] : ''; } if (get_config('system', 'block_public') && !local_user() && !remote_user()) { return login(); } require_once "include/bbcode.php"; require_once 'include/security.php'; require_once 'include/conversation.php'; require_once 'include/acl_selectors.php'; require_once 'include/items.php'; $groups = array(); $tab = 'posts'; $o = ''; if ($update) { // Ensure we've got a profile owner if updating. $a->profile['profile_uid'] = $update; } else { if ($a->profile['profile_uid'] == local_user()) { nav_set_selected('home'); } } $contact = null; $remote_contact = false; $contact_id = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $a->profile['profile_uid']) { $contact_id = $v['cid']; break; } } } if ($contact_id) { $groups = init_groups_visitor($contact_id); $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['profile_uid'])); if (count($r)) { $contact = $r[0]; $remote_contact = true; } } if (!$remote_contact) { if (local_user()) { $contact_id = $_SESSION['cid']; $contact = $a->contact; } } $is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false; if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) { notice(t('Access to this profile has been restricted.') . EOL); return; } if (!$update) { if (x($_GET, 'tab')) { $tab = notags(trim($_GET['tab'])); } $o .= profile_tabs($a, $is_owner, $a->profile['nickname']); if ($tab === 'profile') { $o .= advanced_profile($a); call_hooks('profile_advanced', $o); return $o; } $o .= common_friends_visitor_widget($a->profile['profile_uid']); if (x($_SESSION, 'new_member') && $_SESSION['new_member'] && $is_owner) { $o .= '<a href="newmember" id="newmember-tips" style="font-size: 1.2em;"><b>' . t('Tips for New Members') . '</b></a>' . EOL; } $commpage = $a->profile['page-flags'] == PAGE_COMMUNITY ? true : false; $commvisitor = $commpage && $remote_contact == true ? true : false; $a->page['aside'] .= posted_date_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'], $a->profile['profile_uid'], true); $a->page['aside'] .= categories_widget($a->get_baseurl(true) . '/profile/' . $a->profile['nickname'], x($category) ? xmlify($category) : ''); if (can_write_wall($a, $a->profile['profile_uid'])) { $x = array('is_owner' => $is_owner, 'allow_location' => ($is_owner || $commvisitor) && $a->profile['allow_location'] ? true : false, 'default_location' => $is_owner ? $a->user['default-location'] : '', 'nickname' => $a->profile['nickname'], 'lockstate' => is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'acl' => $is_owner ? populate_acl($a->user, true) : '', 'bang' => '', 'visitor' => $is_owner || $commvisitor ? 'block' : 'none', 'profile_uid' => $a->profile['profile_uid'], 'acl_data' => $is_owner ? construct_acl_data($a, $a->user) : ''); $o .= status_editor($a, $x); } } /** * Get permissions SQL - if $remote_contact is true, our remote user has been pre-verified and we already have fetched his/her groups */ $sql_extra = item_permissions_sql($a->profile['profile_uid'], $remote_contact, $groups); if ($update) { $r = q("SELECT distinct(parent) AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND\n\t\t\t(`item`.`deleted` = 0 OR item.verb = '" . ACTIVITY_LIKE . "' OR item.verb = '" . ACTIVITY_DISLIKE . "')\n\t\t\tand `item`.`moderated` = 0 and `item`.`unseen` = 1\n\t\t\tAND `item`.`wall` = 1\n\t\t\t{$sql_extra}\n\t\t\tORDER BY `item`.`created` DESC", intval($a->profile['profile_uid'])); } else { $sql_post_table = ""; if (x($category)) { $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($a->profile['profile_uid'])); //$sql_extra .= protect_sprintf(file_tag_file_query('item',$category,'category')); } if ($datequery) { $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery)))); } if ($datequery2) { $sql_extra2 .= protect_sprintf(sprintf(" AND `thread`.`created` >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(), '', $datequery2)))); } if (get_config('system', 'old_pager')) { $r = q("SELECT COUNT(*) AS `total`\n\t\t\t FROM `thread` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`\n\t\t\t {$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`\n\t\t\t AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t WHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0\n\t\t\t and `thread`.`moderated` = 0\n\t\t\t AND `thread`.`wall` = 1\n\t\t\t {$sql_extra} {$sql_extra2} ", intval($a->profile['profile_uid'])); if (count($r)) { $a->set_pager_total($r[0]['total']); } } // check if we serve a mobile device and get the user settings // accordingly if ($a->is_mobile) { $itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_mobile_network'); $itemspage_network = intval($itemspage_network) ? $itemspage_network : 20; } else { $itemspage_network = get_pconfig(local_user(), 'system', 'itemspage_network'); $itemspage_network = intval($itemspage_network) ? $itemspage_network : 40; } // now that we have the user settings, see if the theme forces // a maximum item number which is lower then the user choice if ($a->force_max_items > 0 && $a->force_max_items < $itemspage_network) { $itemspage_network = $a->force_max_items; } $a->set_pager_itemspage($itemspage_network); $pager_sql = sprintf(" LIMIT %d, %d ", intval($a->pager['start']), intval($a->pager['itemspage'])); $r = q("SELECT `thread`.`iid` AS `item_id`, `thread`.`network` AS `item_network`,\n\t\t\t`thread`.`uid` AS `contact-uid`\n\t\t\tFROM `thread` INNER JOIN `item` ON `item`.`id` = `thread`.`iid`\n\t\t\t{$sql_post_table} INNER JOIN `contact` ON `contact`.`id` = `thread`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tWHERE `thread`.`uid` = %d AND `thread`.`visible` = 1 AND `thread`.`deleted` = 0\n\t\t\tand `thread`.`moderated` = 0\n\t\t\tAND `thread`.`wall` = 1\n\t\t\t{$sql_extra} {$sql_extra2}\n\t\t\tORDER BY `thread`.`created` DESC {$pager_sql} ", intval($a->profile['profile_uid'])); } $parents_arr = array(); $parents_str = ''; if (count($r)) { foreach ($r as $rr) { $parents_arr[] = $rr['item_id']; } $parents_str = implode(', ', $parents_arr); $items = q("SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,\n\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`network`, `contact`.`rel`,\n\t\t\t`contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`, `contact`\n\t\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\t\tand `item`.`moderated` = 0\n\t\t\tAND `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tAND `item`.`parent` IN ( %s )\n\t\t\t{$sql_extra} ", intval($a->profile['profile_uid']), dbesc($parents_str)); $items = conv_sort($items, 'created'); } else { $items = array(); } if ($is_owner && !$update && !get_config('theme', 'hide_eventlist')) { $o .= get_birthdays(); $o .= get_events(); } if ($is_owner) { $r = q("UPDATE `item` SET `unseen` = 0\n\t\t\tWHERE `wall` = 1 AND `unseen` = 1 AND `uid` = %d", intval(local_user())); } $o .= conversation($a, $items, 'profile', $update); if (!$update) { if (!get_config('system', 'old_pager')) { $o .= alt_pager($a, count($items)); } else { $o .= paginate($a); } } return $o; }
function item_permissions_sql($owner_id, $remote_verified = false, $groups = null) { if (defined('STATUSNET_PRIVACY_COMPATIBILITY')) { return ''; } $local_user = local_user(); $remote_user = remote_user(); /** * Construct permissions * * default permissions - anonymous user */ $sql = " AND not item_private "; /** * Profile owner - everything is visible */ if ($local_user && $local_user == $owner_id) { $sql = ''; } else { $observer = get_observer_hash(); if ($observer) { $groups = init_groups_visitor($observer); $gs = '<<>>'; // should be impossible to match if (is_array($groups) && count($groups)) { foreach ($groups as $g) { $gs .= '|<' . $g . '>'; } } $sql = sprintf(" AND ( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')\n\t\t\t\t AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )\n\t\t\t\t )\n\t\t\t\t", dbesc(protect_sprintf('%<' . $observer . '>%')), dbesc($gs), dbesc(protect_sprintf('%<' . $observer . '>%')), dbesc($gs)); } } return $sql; }
function tagger_content(&$a) { if (!local_user() && !remote_user()) { return; } $term = notags(trim($_GET['term'])); // no commas allowed $term = str_replace(array(',', ' '), array('', '_'), $term); if (!$term) { return; } $item_id = $a->argc > 1 ? notags(trim($a->argv[1])) : 0; logger('tagger: tag ' . $term . ' item ' . $item_id); $r = q("SELECT * FROM `item` WHERE `id` = '%s' LIMIT 1", dbesc($item_id)); if (!$item_id || !count($r)) { logger('tagger: no item ' . $item_id); return; } $item = $r[0]; $owner_uid = $item['uid']; $r = q("select `nickname`,`blocktags` from user where uid = %d limit 1", intval($owner_uid)); if (count($r)) { $owner_nick = $r[0]['nickname']; $blocktags = $r[0]['blocktags']; } if (local_user() != $owner_uid) { return; } if (remote_user()) { $r = q("select * from contact where id = %d AND `uid` = %d limit 1", intval(remote_user()), intval($item['uid'])); } else { $r = q("select * from contact where self = 1 and uid = %d limit 1", intval(local_user())); } if (count($r)) { $contact = $r[0]; } else { logger('tagger: no contact_id'); return; } $uri = item_new_uri($a->get_hostname(), $owner_uid); $post_type = $item['resource-id'] ? t('photo') : t('status'); $targettype = $item['resource-id'] ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE; $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n"); $body = $item['body']; $target = <<<EOT \t<target> \t\t<type>{$targettype}</type> \t\t<local>1</local> \t\t<id>{$item['uri']}</id> \t\t<link>{$link}</link> \t\t<title></title> \t\t<content>{$body}</content> \t</target> EOT; $tagid = $a->get_baseurl() . '/search?search=' . $term; $objtype = ACTIVITY_OBJ_TAGTERM; $obj = <<<EOT \t<object> \t\t<type>{$objtype}</type> \t\t<local>1</local> \t\t<id>{$tagid}</id> \t\t<link>{$tagid}</link> \t\t<title>{$term}</title> \t\t<content>{$term}</content> \t</object> EOT; $bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s'); if (!isset($bodyverb)) { return; } $termlink = html_entity_decode('⌗') . '[url=' . $a->get_baseurl() . '/search?search=' . urlencode($term) . ']' . $term . '[/url]'; $arr = array(); $arr['uri'] = $uri; $arr['uid'] = $owner_uid; $arr['contact-id'] = $contact['id']; $arr['type'] = 'activity'; $arr['wall'] = $item['wall']; $arr['gravity'] = GRAVITY_COMMENT; $arr['parent'] = $item['id']; $arr['parent-uri'] = $item['uri']; $arr['owner-name'] = $item['author-name']; $arr['owner-link'] = $item['author-link']; $arr['owner-avatar'] = $item['author-avatar']; $arr['author-name'] = $contact['name']; $arr['author-link'] = $contact['url']; $arr['author-avatar'] = $contact['thumb']; $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; $alink = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]'; $plink = '[url=' . $item['plink'] . ']' . $post_type . '[/url]'; $arr['body'] = sprintf($bodyverb, $ulink, $alink, $plink, $termlink); $arr['verb'] = ACTIVITY_TAG; $arr['target-type'] = $targettype; $arr['target'] = $target; $arr['object-type'] = $objtype; $arr['object'] = $obj; $arr['allow_cid'] = $item['allow_cid']; $arr['allow_gid'] = $item['allow_gid']; $arr['deny_cid'] = $item['deny_cid']; $arr['deny_gid'] = $item['deny_gid']; $arr['visible'] = 1; $arr['unseen'] = 1; $arr['last-child'] = 1; $arr['origin'] = 1; $post_id = item_store($arr); q("UPDATE `item` set plink = '%s' where id = %d limit 1", dbesc($a->get_baseurl() . '/display/' . $owner_nick . '/' . $post_id), intval($post_id)); if (!$item['visible']) { $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item['id']), intval($owner_uid)); } if (!$blocktags && !stristr($item['tag'], ']' . $term . '[')) { q("update item set tag = '%s' where id = %d limit 1", dbesc($item['tag'] . (strlen($item['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?search=' . $term . ']' . $term . '[/url]'), intval($item['id'])); } // if the original post is on this site, update it. $r = q("select `tag`,`id`,`uid` from item where `origin` = 1 AND `uri` = '%s' LIMIT 1", dbesc($item['uri'])); if (count($r)) { $x = q("SELECT `blocktags` FROM `user` WHERE `uid` = %d limit 1", intval($r[0]['uid'])); if (count($x) && !$x[0]['blocktags'] && !stristr($r[0]['tag'], ']' . $term . '[')) { q("update item set tag = '%s' where id = %d limit 1", dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $a->get_baseurl() . '/search?search=' . $term . ']' . $term . '[/url]'), intval($r[0]['id'])); } } $arr['id'] = $post_id; call_hooks('post_local_end', $arr); proc_run('php', "include/notifier.php", "tag", "{$post_id}"); killme(); return; // NOTREACHED }
function wall_upload_post(&$a, $desktopmode = true) { logger("wall upload: starting new upload", LOGGER_DEBUG); $r_json = x($_GET, 'response') && $_GET['response'] == 'json'; if ($a->argc > 1) { if (!x($_FILES, 'media')) { $nick = $a->argv[1]; $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick)); if (!count($r)) { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } return; } } else { $user_info = api_get_user($a); $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid` WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name'])); } } else { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } return; } $can_post = false; $visitor = 0; $page_owner_uid = $r[0]['uid']; $default_cid = $r[0]['id']; $page_owner_nick = $r[0]['nickname']; $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $page_owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $cid = 0; if (is_array($_SESSION['remote'])) { foreach ($_SESSION['remote'] as $v) { if ($v['uid'] == $page_owner_uid) { $cid = $v['cid']; break; } } } if ($cid) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid)); if (count($r)) { $can_post = true; $visitor = $cid; } } } } if (!$can_post) { if ($r_json) { echo json_encode(['error' => t('Permission denied.')]); killme(); } notice(t('Permission denied.') . EOL); killme(); } if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } killme(); } $src = ""; if (x($_FILES, 'userfile')) { $src = $_FILES['userfile']['tmp_name']; $filename = basename($_FILES['userfile']['name']); $filesize = intval($_FILES['userfile']['size']); $filetype = $_FILES['userfile']['type']; } elseif (x($_FILES, 'media')) { if (is_array($_FILES['media']['tmp_name'])) { $src = $_FILES['media']['tmp_name'][0]; } else { $src = $_FILES['media']['tmp_name']; } if (is_array($_FILES['media']['name'])) { $filename = basename($_FILES['media']['name'][0]); } else { $filename = basename($_FILES['media']['name']); } if (is_array($_FILES['media']['size'])) { $filesize = intval($_FILES['media']['size'][0]); } else { $filesize = intval($_FILES['media']['size']); } if (is_array($_FILES['media']['type'])) { $filetype = $_FILES['media']['type'][0]; } else { $filetype = $_FILES['media']['type']; } } if ($src == "") { if ($r_json) { echo json_encode(['error' => t('Invalid request.')]); killme(); } notice(t('Invalid request.') . EOL); killme(); } // This is a special treatment for picture upload from Twidere if ($filename == "octet-stream" and $filetype != "") { $filename = $filetype; $filetype = ""; } if ($filetype == "") { $filetype = guess_image_type($filename); } // If there is a temp name, then do a manual check // This is more reliable than the provided value $imagedata = getimagesize($src); if ($imagedata) { $filetype = $imagedata['mime']; } logger("File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG); $maximagesize = get_config('system', 'maximagesize'); if ($maximagesize && $filesize > $maximagesize) { $msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize)); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid)); $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit'); if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) { $msg = upgrade_message(true); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $imagedata = @file_get_contents($src); $ph = new Photo($imagedata, $filetype); if (!$ph->is_valid()) { $msg = t('Unable to process image.'); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } @unlink($src); killme(); } $ph->orient($src); @unlink($src); $max_length = get_config('system', 'max_image_length'); if (!$max_length) { $max_length = MAX_IMAGE_LENGTH; } if ($max_length > 0) { $ph->scaleImage($max_length); logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG); } $width = $ph->getWidth(); $height = $ph->getHeight(); $hash = photo_new_resource(); $smallest = 0; $defperm = '<' . $default_cid . '>'; $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm); if (!$r) { $msg = t('Image upload failed.'); if ($r_json) { echo json_encode(['error' => $msg]); } else { echo $msg . EOL; } killme(); } if ($width > 640 || $height > 640) { $ph->scaleImage(640); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm); if ($r) { $smallest = 1; } } if ($width > 320 || $height > 320) { $ph->scaleImage(320); $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm); if ($r and $smallest == 0) { $smallest = 2; } } $basename = basename($filename); if (!$desktopmode) { $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash); if (!$r) { if ($r_json) { echo json_encode(['error' => '']); killme(); } return false; } $picture = array(); $picture["id"] = $r[0]["id"]; $picture["size"] = $r[0]["datasize"]; $picture["width"] = $r[0]["width"]; $picture["height"] = $r[0]["height"]; $picture["type"] = $r[0]["type"]; $picture["albumpage"] = $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash; $picture["picture"] = $a->get_baseurl() . "/photo/{$hash}-0." . $ph->getExt(); $picture["preview"] = $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt(); if ($r_json) { echo json_encode(['picture' => $picture]); killme(); } return $picture; } if ($r_json) { echo json_encode(['ok' => true]); killme(); } /* mod Waitman Gobble NO WARRANTY */ //if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post) if ($_REQUEST['hush'] != 'yeah') { if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) { echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n"; } else { echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />"; } } else { $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]"; return $m; } /* mod Waitman Gobble NO WARRANTY */ killme(); // NOTREACHED }
function conversation(&$a, $items, $mode, $update, $preview = false) { require_once 'bbcode.php'; $ssl_state = local_user() ? true : false; $profile_owner = 0; $page_writeable = false; $previewing = $preview ? ' preview ' : ''; if ($mode === 'network') { $profile_owner = local_user(); $page_writeable = true; } if ($mode === 'profile') { $profile_owner = $a->profile['profile_uid']; $page_writeable = can_write_wall($a, $profile_owner); } if ($mode === 'notes') { $profile_owner = local_user(); $page_writeable = true; } if ($mode === 'display') { $profile_owner = $a->profile['uid']; $page_writeable = can_write_wall($a, $profile_owner); } if ($mode === 'community') { $profile_owner = 0; $page_writeable = false; } if ($update) { $return_url = $_SESSION['return_url']; } else { $return_url = $_SESSION['return_url'] = $a->query_string; } load_contact_links(local_user()); $cb = array('items' => $items, 'mode' => $mode, 'update' => $update, 'preview' => $preview); call_hooks('conversation_start', $cb); $items = $cb['items']; $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = 'wall_item.tpl'; $wallwall = 'wallwall_item.tpl'; $hide_comments_tpl = get_markup_template('hide_comments.tpl'); $alike = array(); $dlike = array(); // array with html for each thread (parent+comments) $threads = array(); $threadsid = -1; if ($items && count($items)) { if ($mode === 'network-new' || $mode === 'search' || $mode === 'community') { // "New Item View" on network page or search page results // - just loop through the items and format them minimally for display //$tpl = get_markup_template('search_item.tpl'); $tpl = 'search_item.tpl'; foreach ($items as $item) { $threadsid++; $comment = ''; $owner_url = ''; $owner_photo = ''; $owner_name = ''; $sparkle = ''; if ($mode === 'search' || $mode === 'community') { if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $nickname = $item['nickname']; } else { $nickname = $a->user['nickname']; } // prevent private email from leaking. if ($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) { continue; } $profile_name = strlen($item['author-name']) ? $item['author-name'] : $item['name']; if ($item['author-link'] && !$item['author-name']) { $profile_name = $item['author-link']; } $sp = false; $profile_link = best_link_url($item, $sp); if ($profile_link === 'mailbox') { $profile_link = ''; } if ($sp) { $sparkle = ' sparkle'; } else { $profile_link = zrl($profile_link); } $normalised = normalise_link(strlen($item['author-link']) ? $item['author-link'] : $item['url']); if ($normalised != 'mailbox' && x($a->contacts[$normalised])) { $profile_avatar = $a->contacts[$normalised]['thumb']; } else { $profile_avatar = strlen($item['author-avatar']) ? $item['author-avatar'] : $item['thumb']; } $locate = array('location' => $item['location'], 'coord' => $item['coord'], 'html' => ''); call_hooks('render_location', $locate); $location = strlen($locate['html']) ? $locate['html'] : render_location_google($locate); localize_item($item); if ($mode === 'network-new') { $dropping = true; } else { $dropping = false; } $drop = array('dropping' => $dropping, 'select' => t('Select'), 'delete' => t('Delete')); $star = false; $isstarred = "unstarred"; $lock = false; $likebuttons = false; $shareable = false; $body = prepare_body($item, true); //$tmp_item = replace_macros($tpl,array( $tmp_item = array('template' => $tpl, 'id' => $preview ? 'P0' : $item['item_id'], 'linktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['author-link']) ? $item['author-link'] : $item['url']), 'profile_url' => $profile_link, 'item_photo_menu' => item_photo_menu($item), 'name' => template_escape($profile_name), 'sparkle' => $sparkle, 'lock' => $lock, 'thumb' => $profile_avatar, 'title' => template_escape($item['title']), 'body' => template_escape($body), 'text' => strip_tags(template_escape($body)), 'ago' => $item['app'] ? sprintf(t('%s from %s'), relative_date($item['created']), $item['app']) : relative_date($item['created']), 'location' => template_escape($location), 'indent' => '', 'owner_name' => template_escape($owner_name), 'owner_url' => $owner_url, 'owner_photo' => $owner_photo, 'plink' => get_plink($item), 'edpost' => false, 'isstarred' => $isstarred, 'star' => $star, 'drop' => $drop, 'vote' => $likebuttons, 'like' => '', 'dislike' => '', 'comment' => '', 'conv' => $preview ? '' : array('href' => $a->get_baseurl($ssl_state) . '/display/' . $nickname . '/' . $item['id'], 'title' => t('View in context')), 'previewing' => $previewing, 'wait' => t('Please wait')); $arr = array('item' => $item, 'output' => $tmp_item); call_hooks('display_item', $arr); $threads[$threadsid]['id'] = $item['item_id']; $threads[$threadsid]['items'] = array($arr['output']); } } else { // Normal View // Figure out how many comments each parent has // (Comments all have gravity of 6) // Store the result in the $comments array $comments = array(); foreach ($items as $item) { if (intval($item['gravity']) == 6 && $item['id'] != $item['parent']) { if (!x($comments, $item['parent'])) { $comments[$item['parent']] = 1; } else { $comments[$item['parent']] += 1; } } elseif (!x($comments, $item['parent'])) { $comments[$item['parent']] = 0; } // avoid notices later on } // map all the like/dislike activities for each parent item // Store these in the $alike and $dlike arrays foreach ($items as $item) { like_puller($a, $item, $alike, 'like'); like_puller($a, $item, $dlike, 'dislike'); } $comments_collapsed = false; $comments_seen = 0; $comment_lastcollapsed = false; $comment_firstcollapsed = false; $blowhard = 0; $blowhard_count = 0; foreach ($items as $item) { $comment = ''; $template = $tpl; $commentww = ''; $sparkle = ''; $owner_url = $owner_photo = $owner_name = ''; // We've already parsed out like/dislike for special treatment. We can ignore them now if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $toplevelpost = $item['id'] == $item['parent'] ? true : false; $toplevelprivate = false; // Take care of author collapsing and comment collapsing // (author collapsing is currently disabled) // If a single author has more than 3 consecutive top-level posts, squash the remaining ones. // If there are more than two comments, squash all but the last 2. if ($toplevelpost) { $toplevelprivate = $toplevelpost && $item['private'] ? true : false; $item_writeable = $item['writable'] || $item['self'] ? true : false; $comments_seen = 0; $comments_collapsed = false; $comment_lastcollapsed = false; $comment_firstcollapsed = false; $threadsid++; $threads[$threadsid]['id'] = $item['item_id']; $threads[$threadsid]['private'] = $item['private']; $threads[$threadsid]['items'] = array(); } else { // prevent private email reply to public conversation from leaking. if ($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) { continue; } $comments_seen++; $comment_lastcollapsed = false; $comment_firstcollapsed = false; } $override_comment_box = $page_writeable && $item_writeable ? true : false; $show_comment_box = $page_writeable && $item_writeable && $comments_seen == $comments[$item['parent']] ? true : false; if ($comments[$item['parent']] > 2 && $comments_seen <= $comments[$item['parent']] - 2 && $item['gravity'] == 6) { if (!$comments_collapsed) { $threads[$threadsid]['num_comments'] = sprintf(tt('%d comment', '%d comments', $comments[$item['parent']]), $comments[$item['parent']]); $threads[$threadsid]['hide_text'] = t('show more'); $comments_collapsed = true; $comment_firstcollapsed = true; } } if ($comments[$item['parent']] > 2 && $comments_seen == $comments[$item['parent']] - 1) { $comment_lastcollapsed = true; } $redirect_url = $a->get_baseurl($ssl_state) . '/redir/' . $item['cid']; $lock = $item['private'] || $item['uid'] == local_user() && (strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])) ? t('Private Message') : false; // Top-level wall post not written by the wall owner (wall-to-wall) // First figure out who owns it. $osparkle = ''; if ($toplevelpost && !$item['self'] && $mode !== 'profile') { if ($item['wall']) { // On the network page, I am the owner. On the display page it will be the profile owner. // This will have been stored in $a->page_contact by our calling page. // Put this person as the wall owner of the wall-to-wall notice. $owner_url = zrl($a->page_contact['url']); $owner_photo = $a->page_contact['thumb']; $owner_name = $a->page_contact['name']; $template = $wallwall; $commentww = 'ww'; } if (!$item['wall'] && $item['owner-link']) { $owner_linkmatch = $item['owner-link'] && link_compare($item['owner-link'], $item['author-link']); $alias_linkmatch = $item['alias'] && link_compare($item['alias'], $item['author-link']); $owner_namematch = $item['owner-name'] && $item['owner-name'] == $item['author-name']; if (!$owner_linkmatch && !$alias_linkmatch && !$owner_namematch) { // The author url doesn't match the owner (typically the contact) // and also doesn't match the contact alias. // The name match is a hack to catch several weird cases where URLs are // all over the park. It can be tricked, but this prevents you from // seeing "Bob Smith to Bob Smith via Wall-to-wall" and you know darn // well that it's the same Bob Smith. // But it could be somebody else with the same name. It just isn't highly likely. $owner_url = $item['owner-link']; $owner_photo = $item['owner-avatar']; $owner_name = $item['owner-name']; $template = $wallwall; $commentww = 'ww'; // If it is our contact, use a friendly redirect link if (link_compare($item['owner-link'], $item['url']) && $item['network'] === NETWORK_DFRN) { $owner_url = $redirect_url; $osparkle = ' sparkle'; } else { $owner_url = zrl($owner_url); } } } } $likebuttons = ''; $shareable = $profile_owner == local_user() && !$item['private'] ? true : false; //($mode != 'display') && if ($page_writeable) { if ($toplevelpost) { $likebuttons = array('like' => array(t("I like this (toggle)"), t("like")), 'dislike' => array(t("I don't like this (toggle)"), t("dislike"))); if ($shareable) { $likebuttons['share'] = array(t('Share this'), t('share')); } } $qc = $qcomment = null; if (in_array('qcomment', $a->plugins)) { $qc = local_user() ? get_pconfig(local_user(), 'qcomment', 'words') : null; $qcomment = $qc ? explode("\n", $qc) : null; } if ($show_comment_box || $show_comment_box == false && $override_comment_box == false && $item['last-child']) { $comment = replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $mode === 'display' ? $_SESSION['return_url'] : '', '$type' => $mode === 'profile' ? 'wall-comment' : 'net-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$qcomment' => $qcomment, '$profile_uid' => $profile_owner, '$mylink' => $a->contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $a->contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$edbold' => t('Bold'), '$editalic' => t('Italic'), '$eduline' => t('Underline'), '$edquote' => t('Quote'), '$edcode' => t('Code'), '$edimg' => t('Image'), '$edurl' => t('Link'), '$edvideo' => t('Video'), '$preview' => t('Preview'), '$ww' => $mode === 'network' ? $commentww : '')); } } if (local_user() && link_compare($a->contact['url'], $item['author-link'])) { $edpost = array($a->get_baseurl($ssl_state) . "/editpost/" . $item['id'], t("Edit")); } else { $edpost = false; } $drop = ''; $dropping = false; if (intval($item['contact-id']) && $item['contact-id'] == remote_user() || $item['uid'] == local_user()) { $dropping = true; } $drop = array('dropping' => $dropping, 'select' => t('Select'), 'delete' => t('Delete')); $star = false; $filer = false; $isstarred = "unstarred"; if ($profile_owner == local_user()) { if ($toplevelpost) { $isstarred = $item['starred'] ? "starred" : "unstarred"; $star = array('do' => t("add star"), 'undo' => t("remove star"), 'toggle' => t("toggle star status"), 'classdo' => $item['starred'] ? "hidden" : "", 'classundo' => $item['starred'] ? "" : "hidden", 'starred' => t('starred'), 'tagger' => t("add tag"), 'classtagger' => ""); } $filer = t("save to folder"); } $photo = $item['photo']; $thumb = $item['thumb']; // Post was remotely authored. $diff_author = link_compare($item['url'], $item['author-link']) ? false : true; $profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name']; if ($item['author-link'] && !$item['author-name']) { $profile_name = $item['author-link']; } $sp = false; $profile_link = best_link_url($item, $sp); if ($profile_link === 'mailbox') { $profile_link = ''; } if ($sp) { $sparkle = ' sparkle'; } else { $profile_link = zrl($profile_link); } $normalised = normalise_link(strlen($item['author-link']) ? $item['author-link'] : $item['url']); if ($normalised != 'mailbox' && x($a->contacts, $normalised)) { $profile_avatar = $a->contacts[$normalised]['thumb']; } else { $profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $thumb; } $like = x($alike, $item['id']) ? format_like($alike[$item['id']], $alike[$item['id'] . '-l'], 'like', $item['id']) : ''; $dislike = x($dlike, $item['id']) ? format_like($dlike[$item['id']], $dlike[$item['id'] . '-l'], 'dislike', $item['id']) : ''; $locate = array('location' => $item['location'], 'coord' => $item['coord'], 'html' => ''); call_hooks('render_location', $locate); $location = strlen($locate['html']) ? $locate['html'] : render_location_google($locate); $indent = $toplevelpost ? '' : ' comment'; if (strcmp(datetime_convert('UTC', 'UTC', $item['created']), datetime_convert('UTC', 'UTC', 'now - 12 hours')) > 0) { $indent .= ' shiny'; } // localize_item($item); $tags = array(); foreach (explode(',', $item['tag']) as $tag) { $tag = trim($tag); if ($tag != "") { $tags[] = bbcode($tag); } } // Build the HTML $body = prepare_body($item, true); //$tmp_item = replace_macros($template, $tmp_item = array('comment_firstcollapsed' => $comment_firstcollapsed, 'comment_lastcollapsed' => $comment_lastcollapsed, 'template' => $template, 'type' => implode("", array_slice(explode("/", $item['verb']), -1)), 'tags' => $tags, 'body' => template_escape($body), 'text' => strip_tags(template_escape($body)), 'id' => $item['item_id'], 'linktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['author-link']) ? $item['author-link'] : $item['url']), 'olinktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['owner-link']) ? $item['owner-link'] : $item['url']), 'to' => t('to'), 'wall' => t('Wall-to-Wall'), 'vwall' => t('via Wall-To-Wall:'), 'profile_url' => $profile_link, 'item_photo_menu' => item_photo_menu($item), 'name' => template_escape($profile_name), 'thumb' => $profile_avatar, 'osparkle' => $osparkle, 'sparkle' => $sparkle, 'title' => template_escape($item['title']), 'ago' => $item['app'] ? sprintf(t('%s from %s'), relative_date($item['created']), $item['app']) : relative_date($item['created']), 'lock' => $lock, 'location' => template_escape($location), 'indent' => $indent, 'owner_url' => $owner_url, 'owner_photo' => $owner_photo, 'owner_name' => template_escape($owner_name), 'plink' => get_plink($item), 'edpost' => $edpost, 'isstarred' => $isstarred, 'star' => $star, 'filer' => $filer, 'drop' => $drop, 'vote' => $likebuttons, 'like' => $like, 'dislike' => $dislike, 'comment' => $comment, 'previewing' => $previewing, 'wait' => t('Please wait')); $arr = array('item' => $item, 'output' => $tmp_item); call_hooks('display_item', $arr); $threads[$threadsid]['items'][] = $arr['output']; } } } $page_template = get_markup_template("conversation.tpl"); $o = replace_macros($page_template, array('$baseurl' => $a->get_baseurl($ssl_state), '$mode' => $mode, '$user' => $a->user, '$threads' => $threads, '$dropping' => $dropping ? t('Delete Selected Items') : False)); return $o; }
function like_content(&$a) { if (!local_user() && !remote_user()) { return; } $verb = notags(trim($_GET['verb'])); if (!$verb) { $verb = 'like'; } switch ($verb) { case 'like': case 'unlike': $activity = ACTIVITY_LIKE; break; case 'dislike': case 'undislike': $activity = ACTIVITY_DISLIKE; break; case 'attendyes': case 'unattendyes': $activity = ACTIVITY_ATTEND; break; case 'attendno': case 'unattendno': $activity = ACTIVITY_ATTENDNO; break; case 'attendmaybe': case 'unattendmaybe': $activity = ACTIVITY_ATTENDMAYBE; break; default: return; break; } $item_id = $a->argc > 1 ? notags(trim($a->argv[1])) : 0; logger('like: verb ' . $verb . ' item ' . $item_id); $r = q("SELECT * FROM `item` WHERE `id` = '%s' OR `uri` = '%s' LIMIT 1", dbesc($item_id), dbesc($item_id)); if (!$item_id || !count($r)) { logger('like: no item ' . $item_id); return; } $item = $r[0]; $owner_uid = $item['uid']; if (!can_write_wall($a, $owner_uid)) { return; } $remote_owner = null; if (!$item['wall']) { // The top level post may have been written by somebody on another system $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item['contact-id']), intval($item['uid'])); if (!count($r)) { return; } if (!$r[0]['self']) { $remote_owner = $r[0]; } } // this represents the post owner on this system. $r = q("SELECT `contact`.*, `user`.`nickname` FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `contact`.`uid` = %d LIMIT 1", intval($owner_uid)); if (count($r)) { $owner = $r[0]; } if (!$owner) { logger('like: no owner'); return; } if (!$remote_owner) { $remote_owner = $owner; } // This represents the person posting if (local_user() && local_user() == $owner_uid) { $contact = $owner; } else { $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($_SESSION['visitor_id']), intval($owner_uid)); if (count($r)) { $contact = $r[0]; } } if (!$contact) { return; } // See if we've been passed a return path to redirect to $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : ''; $verbs = " '" . dbesc($activity) . "' "; // event participation are essentially radio toggles. If you make a subsequent choice, // we need to eradicate your first choice. if ($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) { $verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' "; } $r = q("SELECT `id`, `guid` FROM `item` WHERE `verb` IN ( {$verbs} ) AND `deleted` = 0\n\t\tAND `contact-id` = %d AND `uid` = %d\n\t\tAND (`parent` = '%s' OR `parent-uri` = '%s' OR `thr-parent` = '%s') LIMIT 1", intval($contact['id']), intval($owner_uid), dbesc($item_id), dbesc($item_id), dbesc($item['uri'])); if (count($r)) { $like_item = $r[0]; // Already voted, undo it $r = q("UPDATE `item` SET `deleted` = 1, `unseen` = 1, `changed` = '%s' WHERE `id` = %d", dbesc(datetime_convert()), intval($like_item['id'])); // Clean up the Diaspora signatures for this like // Go ahead and do it even if Diaspora support is disabled. We still want to clean up // if it had been enabled in the past $r = q("DELETE FROM `sign` WHERE `iid` = %d", intval($like_item['id'])); // Save the author information for the unlike in case we need to relay to Diaspora store_diaspora_like_retract_sig($activity, $item, $like_item, $contact); // proc_run('php',"include/notifier.php","like","$post_id"); // $post_id isn't defined here! $like_item_id = $like_item['id']; proc_run('php', "include/notifier.php", "like", "{$like_item_id}"); like_content_return($a->get_baseurl(), $return_path); return; // NOTREACHED } $uri = item_new_uri($a->get_hostname(), $owner_uid); $post_type = $item['resource-id'] ? t('photo') : t('status'); if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) { $post_type = t('event'); } $objtype = $item['resource-id'] ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE; $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n"); $body = $item['body']; $obj = <<<EOT \t<object> \t\t<type>{$objtype}</type> \t\t<local>1</local> \t\t<id>{$item['uri']}</id> \t\t<link>{$link}</link> \t\t<title></title> \t\t<content>{$body}</content> \t</object> EOT; if ($verb === 'like') { $bodyverb = t('%1$s likes %2$s\'s %3$s'); } if ($verb === 'dislike') { $bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s'); } if ($verb === 'attendyes') { $bodyverb = t('%1$s is attending %2$s\'s %3$s'); } if ($verb === 'attendno') { $bodyverb = t('%1$s is not attending %2$s\'s %3$s'); } if ($verb === 'attendmaybe') { $bodyverb = t('%1$s may attend %2$s\'s %3$s'); } if (!isset($bodyverb)) { return; } $arr = array(); $arr['uri'] = $uri; $arr['uid'] = $owner_uid; $arr['contact-id'] = $contact['id']; $arr['type'] = 'activity'; $arr['wall'] = $item['wall']; $arr['origin'] = 1; $arr['gravity'] = GRAVITY_LIKE; $arr['parent'] = $item['id']; $arr['parent-uri'] = $item['uri']; $arr['thr-parent'] = $item['uri']; $arr['owner-name'] = $remote_owner['name']; $arr['owner-link'] = $remote_owner['url']; $arr['owner-avatar'] = $remote_owner['thumb']; $arr['author-name'] = $contact['name']; $arr['author-link'] = $contact['url']; $arr['author-avatar'] = $contact['thumb']; $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; $alink = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]'; $plink = '[url=' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . ']' . $post_type . '[/url]'; $arr['body'] = sprintf($bodyverb, $ulink, $alink, $plink); $arr['verb'] = $activity; $arr['object-type'] = $objtype; $arr['object'] = $obj; $arr['allow_cid'] = $item['allow_cid']; $arr['allow_gid'] = $item['allow_gid']; $arr['deny_cid'] = $item['deny_cid']; $arr['deny_gid'] = $item['deny_gid']; $arr['visible'] = 1; $arr['unseen'] = 1; $arr['last-child'] = 0; $post_id = item_store($arr); if (!$item['visible']) { $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d", intval($item['id']), intval($owner_uid)); } // Save the author information for the like in case we need to relay to Diaspora store_diaspora_like_sig($activity, $post_type, $contact, $post_id); $arr['id'] = $post_id; call_hooks('post_local_end', $arr); proc_run('php', "include/notifier.php", "like", "{$post_id}"); like_content_return($a->get_baseurl(), $return_path); killme(); // NOTREACHED // return; // NOTREACHED }
/** * "Render" a conversation or list of items for HTML display. * There are two major forms of display: * - Sequential or unthreaded ("New Item View" or search results) * - conversation view * The $mode parameter decides between the various renderings and also * figures out how to determine page owner and other contextual items * that are based on unique features of the calling module. * */ function conversation(&$a, $items, $mode, $update, $preview = false) { require_once 'bbcode.php'; $profile_owner = 0; $page_writeable = false; if ($mode === 'network') { $profile_owner = local_user(); $page_writeable = true; } if ($mode === 'profile') { $profile_owner = $a->profile['profile_uid']; $page_writeable = can_write_wall($a, $profile_owner); } if ($mode === 'notes') { $profile_owner = local_user(); $page_writeable = true; } if ($mode === 'display') { $profile_owner = $a->profile['uid']; $page_writeable = can_write_wall($a, $profile_owner); } if ($mode === 'community') { $profile_owner = 0; $page_writeable = false; } if ($update) { $return_url = $_SESSION['return_url']; } else { $return_url = $_SESSION['return_url'] = $a->cmd; } load_contact_links(local_user()); $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('wall_item.tpl'); $wallwall = get_markup_template('wallwall_item.tpl'); $hide_comments_tpl = get_markup_template('hide_comments.tpl'); $alike = array(); $dlike = array(); // array with html for each thread (parent+comments) $threads = array(); $threadsid = -1; if (count($items)) { if ($mode === 'network-new' || $mode === 'search' || $mode === 'community') { // "New Item View" on network page or search page results // - just loop through the items and format them minimally for display $tpl = get_markup_template('search_item.tpl'); foreach ($items as $item) { $threadsid++; $comment = ''; $owner_url = ''; $owner_photo = ''; $owner_name = ''; $sparkle = ''; if ($mode === 'search' || $mode === 'community') { if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $nickname = $item['nickname']; } else { $nickname = $a->user['nickname']; } $profile_name = strlen($item['author-name']) ? $item['author-name'] : $item['name']; if ($item['author-link'] && !$item['author-name']) { $profile_name = $item['author-link']; } $sp = false; $profile_link = best_link_url($item, $sp); if ($sp) { $sparkle = ' sparkle'; } if ($profile_link === 'mailbox') { $profile_link = ''; } $normalised = normalise_link(strlen($item['author-link']) ? $item['author-link'] : $item['url']); if ($normalised != 'mailbox' && x($a->contacts[$normalised])) { $profile_avatar = $a->contacts[$normalised]['thumb']; } else { $profile_avatar = strlen($item['author-avatar']) ? $item['author-avatar'] : $item['thumb']; } $location = $item['location'] ? '<a target="map" title="' . $item['location'] . '" href="http://maps.google.com/?q=' . urlencode($item['location']) . '">' . $item['location'] . '</a>' : ''; $coord = $item['coord'] ? '<a target="map" title="' . $item['coord'] . '" href="http://maps.google.com/?q=' . urlencode($item['coord']) . '">' . $item['coord'] . '</a>' : ''; if ($coord) { if ($location) { $location .= '<br /><span class="smalltext">(' . $coord . ')</span>'; } else { $location = '<span class="smalltext">' . $coord . '</span>'; } } localize_item($item); if ($mode === 'network-new') { $dropping = true; } else { $dropping = false; } $drop = array('dropping' => $dropping, 'select' => t('Select'), 'delete' => t('Delete')); $star = false; $isstarred = "unstarred"; $lock = false; $likebuttons = false; $shareable = false; $body = prepare_body($item, true); $tmp_item = replace_macros($tpl, array('$id' => $item['item_id'], '$linktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['author-link']) ? $item['author-link'] : $item['url']), '$profile_url' => $profile_link, '$item_photo_menu' => item_photo_menu($item), '$name' => template_escape($profile_name), '$sparkle' => $sparkle, '$lock' => $lock, '$thumb' => $profile_avatar, '$title' => template_escape($item['title']), '$body' => template_escape($body), '$ago' => $item['app'] ? sprintf(t('%s from %s'), relative_date($item['created']), $item['app']) : relative_date($item['created']), '$lock' => $lock, '$location' => template_escape($location), '$indent' => '', '$owner_name' => template_escape($owner_name), '$owner_url' => $owner_url, '$owner_photo' => $owner_photo, '$plink' => get_plink($item), '$edpost' => false, '$isstarred' => $isstarred, '$star' => $star, '$drop' => $drop, '$vote' => $likebuttons, '$like' => '', '$dislike' => '', '$comment' => '', '$conv' => $preview ? '' : array('href' => $a->get_baseurl() . '/display/' . $nickname . '/' . $item['id'], 'title' => t('View in context')), '$wait' => t('Please wait'))); $arr = array('item' => $item, 'output' => $tmp_item); call_hooks('display_item', $arr); $threads[$threadsid]['id'] = $item['item_id']; $threads[$threadsid]['html'] .= $arr['output']; } } else { // Normal View // Figure out how many comments each parent has // (Comments all have gravity of 6) // Store the result in the $comments array $comments = array(); foreach ($items as $item) { if (intval($item['gravity']) == 6 && $item['id'] != $item['parent']) { if (!x($comments, $item['parent'])) { $comments[$item['parent']] = 1; } else { $comments[$item['parent']] += 1; } } } // map all the like/dislike activities for each parent item // Store these in the $alike and $dlike arrays foreach ($items as $item) { like_puller($a, $item, $alike, 'like'); like_puller($a, $item, $dlike, 'dislike'); } $comments_collapsed = false; $blowhard = 0; $blowhard_count = 0; foreach ($items as $item) { $comment = ''; $template = $tpl; $commentww = ''; $sparkle = ''; $owner_url = $owner_photo = $owner_name = ''; // We've already parsed out like/dislike for special treatment. We can ignore them now if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $toplevelpost = $item['id'] == $item['parent'] ? true : false; $toplevelprivate = false; // Take care of author collapsing and comment collapsing // If a single author has more than 3 consecutive top-level posts, squash the remaining ones. // If there are more than two comments, squash all but the last 2. if ($toplevelpost) { $toplevelprivate = $toplevelpost && $item['private'] ? true : false; $item_writeable = $item['writable'] || $item['self'] ? true : false; /*if($blowhard == $item['cid'] && (! $item['self']) && ($mode != 'profile') && ($mode != 'notes')) { $blowhard_count ++; if($blowhard_count == 3) { $o .= '<div class="icollapse-wrapper fakelink" id="icollapse-wrapper-' . $item['parent'] . '" onclick="openClose(' . '\'icollapse-' . $item['parent'] . '\'); $(\'#icollapse-wrapper-' . $item['parent'] . '\').hide();" >' . t('See more posts like this') . '</div>' . '<div class="icollapse" id="icollapse-' . $item['parent'] . '" style="display: none;" >'; } } else { $blowhard = $item['cid']; if($blowhard_count >= 3) $o .= '</div>'; $blowhard_count = 0; }*/ $comments_seen = 0; $comments_collapsed = false; $threadsid++; $threads[$threadsid]['id'] = $item['item_id']; $threads[$threadsid]['html'] = ""; } else { // prevent private email from leaking into public conversation if (!$toplevelpost && !toplevelprivate && $item['private'] && $profile_owner != local_user()) { continue; } $comments_seen++; } $override_comment_box = $page_writeable && $item_writeable ? true : false; $show_comment_box = $page_writeable && $item_writeable && $comments_seen == $comments[$item['parent']] ? true : false; if ($comments[$item['parent']] > 2 && $comments_seen <= $comments[$item['parent']] - 2 && $item['gravity'] == 6) { if (!$comments_collapsed) { // IMPORTANT: the closing </div> in the hide_comments template // is supplied below in code. $threads[$threadsid]['html'] .= replace_macros($hide_comments_tpl, array('$id' => $item['parent'], '$num_comments' => sprintf(tt('%d comment', '%d comments', $comments[$item['parent']]), $comments[$item['parent']]), '$display' => 'none', '$hide_text' => t('show more'))); $comments_collapsed = true; } } if ($comments[$item['parent']] > 2 && $comments_seen == $comments[$item['parent']] - 1) { $threads[$threadsid]['html'] .= '</div>'; } $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid']; $lock = $item['private'] || $item['uid'] == local_user() && (strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])) ? t('Private Message') : false; // Top-level wall post not written by the wall owner (wall-to-wall) // First figure out who owns it. $osparkle = ''; if ($toplevelpost && !$item['self'] && $mode !== 'profile') { if ($item['wall']) { // On the network page, I am the owner. On the display page it will be the profile owner. // This will have been stored in $a->page_contact by our calling page. // Put this person on the left of the wall-to-wall notice. $owner_url = $a->page_contact['url']; $owner_photo = $a->page_contact['thumb']; $owner_name = $a->page_contact['name']; $template = $wallwall; $commentww = 'ww'; } if (!$item['wall'] && strlen($item['owner-link']) && $item['owner-link'] != $item['author-link']) { // Could be anybody. $owner_url = $item['owner-link']; $owner_photo = $item['owner-avatar']; $owner_name = $item['owner-name']; $template = $wallwall; $commentww = 'ww'; // If it is our contact, use a friendly redirect link if (link_compare($item['owner-link'], $item['url']) && $item['network'] === 'dfrn') { $owner_url = $redirect_url; $osparkle = ' sparkle'; } } } $likebuttons = ''; $shareable = $profile_owner == local_user() && $mode != 'display' && !$item['private'] ? true : false; if ($page_writeable) { if ($toplevelpost) { $likebuttons = array('like' => array(t("I like this (toggle)"), t("like")), 'dislike' => array(t("I don't like this (toggle)"), t("dislike"))); if ($shareable) { $likebuttons['share'] = array(t('Share this'), t('share')); } } if ($show_comment_box || $show_comment_box == false && $override_comment_box == false && $item['last-child']) { $comment = replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $mode === 'display' ? $_SESSION['return_url'] : '', '$type' => $mode === 'profile' ? 'wall-comment' : 'net-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $profile_owner, '$mylink' => $a->contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $a->contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => $mode === 'network' ? $commentww : '')); } } $edpost = $profile_owner == local_user() && $toplevelpost && intval($item['wall']) == 1 || $mode === 'notes' ? array($a->get_baseurl() . "/editpost/" . $item['id'], t("Edit")) : False; $drop = ''; $dropping = false; if (intval($item['contact-id']) && $item['contact-id'] == remote_user() || $item['uid'] == local_user()) { $dropping = true; } $drop = array('dropping' => $dropping, 'select' => t('Select'), 'delete' => t('Delete')); $star = false; $isstarred = "unstarred"; if ($profile_owner == local_user() && $toplevelpost) { $isstarred = $item['starred'] ? "starred" : "unstarred"; $star = array('do' => t("add star"), 'undo' => t("remove star"), 'toggle' => t("toggle star status"), 'classdo' => $item['starred'] ? "hidden" : "", 'classundo' => $item['starred'] ? "" : "hidden", 'starred' => t('starred'), 'tagger' => t("add tag"), 'classtagger' => ""); } $photo = $item['photo']; $thumb = $item['thumb']; // Post was remotely authored. $diff_author = link_compare($item['url'], $item['author-link']) ? false : true; $profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name']; if ($item['author-link'] && !$item['author-name']) { $profile_name = $item['author-link']; } $sp = false; $profile_link = best_link_url($item, $sp); if ($sp) { $sparkle = ' sparkle'; } if ($profile_link === 'mailbox') { $profile_link = ''; } $normalised = normalise_link(strlen($item['author-link']) ? $item['author-link'] : $item['url']); if ($normalised != 'mailbox' && x($a->contacts, $normalised)) { $profile_avatar = $a->contacts[$normalised]['thumb']; } else { $profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $thumb; } $like = x($alike, $item['id']) ? format_like($alike[$item['id']], $alike[$item['id'] . '-l'], 'like', $item['id']) : ''; $dislike = x($dlike, $item['id']) ? format_like($dlike[$item['id']], $dlike[$item['id'] . '-l'], 'dislike', $item['id']) : ''; $location = $item['location'] ? '<a target="map" title="' . $item['location'] . '" href="http://maps.google.com/?q=' . urlencode($item['location']) . '">' . $item['location'] . '</a>' : ''; $coord = $item['coord'] ? '<a target="map" title="' . $item['coord'] . '" href="http://maps.google.com/?q=' . urlencode($item['coord']) . '">' . $item['coord'] . '</a>' : ''; if ($coord) { if ($location) { $location .= '<br /><span class="smalltext">(' . $coord . ')</span>'; } else { $location = '<span class="smalltext">' . $coord . '</span>'; } } $indent = $toplevelpost ? '' : ' comment'; if (strcmp(datetime_convert('UTC', 'UTC', $item['created']), datetime_convert('UTC', 'UTC', 'now - 12 hours')) > 0) { $indent .= ' shiny'; } // localize_item($item); $tags = array(); foreach (explode(',', $item['tag']) as $tag) { $tag = trim($tag); if ($tag != "") { $tags[] = bbcode($tag); } } // Build the HTML $body = prepare_body($item, true); $tmp_item = replace_macros($template, array('$type' => implode("", array_slice(split("/", $item['verb']), -1)), '$tags' => $tags, '$body' => template_escape($body), '$id' => $item['item_id'], '$linktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['author-link']) ? $item['author-link'] : $item['url']), '$olinktitle' => sprintf(t('View %s\'s profile @ %s'), $profile_name, strlen($item['owner-link']) ? $item['owner-link'] : $item['url']), '$to' => t('to'), '$wall' => t('Wall-to-Wall'), '$vwall' => t('via Wall-To-Wall:'), '$profile_url' => $profile_link, '$item_photo_menu' => item_photo_menu($item), '$name' => template_escape($profile_name), '$thumb' => $profile_avatar, '$osparkle' => $osparkle, '$sparkle' => $sparkle, '$title' => template_escape($item['title']), '$ago' => $item['app'] ? sprintf(t('%s from %s'), relative_date($item['created']), $item['app']) : relative_date($item['created']), '$lock' => $lock, '$location' => template_escape($location), '$indent' => $indent, '$owner_url' => $owner_url, '$owner_photo' => $owner_photo, '$owner_name' => template_escape($owner_name), '$plink' => get_plink($item), '$edpost' => $edpost, '$isstarred' => $isstarred, '$star' => $star, '$drop' => $drop, '$vote' => $likebuttons, '$like' => $like, '$dislike' => $dislike, '$comment' => $comment, '$wait' => t('Please wait'))); $arr = array('item' => $item, 'output' => $tmp_item); call_hooks('display_item', $arr); $threads[$threadsid]['html'] .= $arr['output']; } } } $page_template = get_markup_template("conversation.tpl"); $o .= replace_macros($page_template, array('$threads' => $threads, '$dropping' => $dropping ? t('Delete Selected Items') : False)); return $o; }
function photos_content(&$a) { // URLs: // photos/name // photos/name/upload // photos/name/upload/xxxxx (xxxxx is album name) // photos/name/album/xxxxx // photos/name/album/xxxxx/edit // photos/name/image/xxxxx // photos/name/image/xxxxx/edit if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } require_once 'include/bbcode.php'; require_once 'include/security.php'; require_once 'include/conversation.php'; if (!x($a->data, 'user')) { notice(t('No photos selected') . EOL); return; } $_SESSION['photo_return'] = $a->cmd; // // Parse arguments // if ($a->argc > 3) { $datatype = $a->argv[2]; $datum = $a->argv[3]; } elseif ($a->argc > 2 && $a->argv[2] === 'upload') { $datatype = 'upload'; } else { $datatype = 'summary'; } if ($a->argc > 4) { $cmd = $a->argv[4]; } else { $cmd = 'view'; } // // Setup permissions structures // $can_post = false; $visitor = 0; $contact = null; $remote_contact = false; $owner_uid = $a->data['user']['uid']; $community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false; if (local_user() && local_user() == $owner_uid) { $can_post = true; } else { if ($community_page && remote_user()) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid)); if (count($r)) { $can_post = true; $contact = $r[0]; $remote_contact = true; $visitor = remote_user(); } } } // perhaps they're visiting - but not a community page, so they wouldn't have write access if (remote_user() && !$visitor) { $contact_id = $_SESSION['visitor_id']; $groups = init_groups_visitor($contact_id); $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid)); if (count($r)) { $contact = $r[0]; $remote_contact = true; } } if (!$remote_contact) { if (local_user()) { $contact_id = $_SESSION['cid']; $contact = $a->contact; } } if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) { notice(t('Access to this item is restricted.') . EOL); return; } $sql_extra = permissions_sql($owner_uid, $remote_contact, $groups); $o = ""; // tabs $_is_owner = local_user() && local_user() == $owner_uid; $o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']); // // dispatch request // if ($datatype === 'upload') { if (!$can_post) { notice(t('Permission denied.')); return; } $selname = $datum ? hex2bin($datum) : ''; $albumselect = '<select id="photos-upload-album-select" name="album" size="4">'; $albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>'; if (count($a->data['albums'])) { foreach ($a->data['albums'] as $album) { if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) { continue; } $selected = $selname === $album['album'] ? ' selected="selected" ' : ''; $albumselect .= '<option value="' . $album['album'] . '"' . $selected . '>' . $album['album'] . '</option>'; } } $celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false; $albumselect .= '</select>'; $uploader = ''; $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'], 'addon_text' => $uploader, 'default_upload' => true); call_hooks('photo_upload_form', $ret); $default_upload = '<input type="file" name="userfile" /> <div class="photos-upload-submit-wrapper" > <input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>'; $tpl = get_markup_template('photos_upload.tpl'); $o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$nickname' => $a->data['user']['nickname'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => template_escape($albumselect), '$permissions' => t('Permissions'), '$aclselect' => $visitor ? '' : template_escape(populate_acl($a->user, $celeb)), '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? $default_upload : '', '$uploadurl' => $ret['post_url'])); return $o; } if ($datatype === 'album') { $album = hex2bin($datum); $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id`", intval($owner_uid), dbesc($album)); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } $r = q("SELECT `resource-id`, `id`, `filename`, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage'])); $o .= '<h3>' . $album . '</h3>'; if ($cmd === 'edit') { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { $edit_tpl = get_markup_template('album_edit.tpl'); $o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => template_escape($album), '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album'))); } } } else { if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) { if ($can_post) { $o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>'; } } } if ($can_post) { $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>'; } $tpl = get_markup_template('photo_album.tpl'); if (count($r)) { $twist = 'rotright'; } foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $o .= replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.jpg', '$imgalt' => template_escape($rr['filename']), '$desc' => template_escape($rr['desc']))); } $o .= '<div id="photo-album-end"></div>'; $o .= paginate($a); return $o; } if ($datatype === 'image') { //$o = ''; // fetch image, item containing image, then comments $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum)); if (!count($ph)) { $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum)); if (count($ph)) { notice(t('Permission denied. Access to this item may be restricted.')); } else { notice(t('Photo not available') . EOL); } return; } $prevlink = ''; $nextlink = ''; $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\t{$sql_extra} ORDER BY `created` DESC ", dbesc($ph[0]['album']), intval($owner_uid)); if (count($prvnxt)) { for ($z = 0; $z < count($prvnxt); $z++) { if ($prvnxt[$z]['resource-id'] == $ph[0]['resource-id']) { $prv = $z - 1; $nxt = $z + 1; if ($prv < 0) { $prv = count($prvnxt) - 1; } if ($nxt >= count($prvnxt)) { $nxt = 0; } break; } } $edit_suffix = $cmd === 'edit' && $can_post ? '/edit' : ''; $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix; $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix; } if (count($ph) == 1) { $hires = $lores = $ph[0]; } if (count($ph) > 1) { if ($ph[1]['scale'] == 2) { // original is 640 or less, we can display it directly $hires = $lores = $ph[0]; } else { $hires = $ph[0]; $lores = $ph[1]; } } $album_link = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']); $tools = Null; $lock = Null; if ($can_post && $ph[0]['uid'] == $owner_uid) { $tools = array('edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . ($cmd === 'edit' ? '' : '/edit'), $cmd === 'edit' ? t('View photo') : t('Edit photo')), 'profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource-id'], t('Use as profile photo'))); // lock $lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null; } if (!$cmd !== 'edit') { $a->page['htmlhead'] .= '<script> $(document).keydown(function(event) {' . "\n"; if ($prevlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n"; } if ($nextlink) { $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n"; } $a->page['htmlhead'] .= '});</script>'; } if ($prevlink) { $prevlink = array($prevlink, '<div class="icon prev"></div>'); } $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.jpg', 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.jpg' . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis')); if ($nextlink) { $nextlink = array($nextlink, '<div class="icon next"></div>'); } // Do we have an item for this photo? $linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' {$sql_extra} LIMIT 1", dbesc($datum)); if (count($linked_items)) { $link_item = $linked_items[0]; $r = q("SELECT COUNT(*) AS `total`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d \n\t\t\t\t{$sql_extra} ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid'])); if (count($r)) { $a->set_pager_total($r[0]['total']); } $r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`, \n\t\t\t\t`contact`.`rel`, `contact`.`thumb`, `contact`.`self`, \n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']), intval($a->pager['start']), intval($a->pager['itemspage'])); if (local_user() && local_user() == $link_item['uid']) { q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d", intval($link_item['parent']), intval(local_user())); } } $tags = Null; if (count($linked_items) && strlen($link_item['tag'])) { $arr = explode(',', $link_item['tag']); // parse tags and add links $tag_str = ''; foreach ($arr as $t) { if (strlen($tag_str)) { $tag_str .= ', '; } $tag_str .= bbcode($t); } $tags = array(t('Tags: '), $tag_str); if ($cmd === 'edit') { $tags[] = $a->get_baseurl() . '/tagrm/' . $link_item['id']; $tags[] = t('[Remove any tag]'); } } $edit = Null; if ($cmd === 'edit' && $can_post) { $edit_tpl = get_markup_template('photo_edit.tpl'); $edit = replace_macros($edit_tpl, array('$id' => $ph[0]['id'], '$rotate' => t('Rotate CW'), '$album' => template_escape($ph[0]['album']), '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], '$resource_id' => $ph[0]['resource-id'], '$capt_label' => t('Caption'), '$caption' => template_escape($ph[0]['desc']), '$tag_label' => t('Add a Tag'), '$tags' => $link_item['tag'], '$permissions' => t('Permissions'), '$aclselect' => template_escape(populate_acl($ph[0])), '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), '$item_id' => count($linked_items) ? $link_item['id'] : 0, '$submit' => t('Submit'), '$delete' => t('Delete Photo'))); } if (count($linked_items)) { $cmnt_tpl = get_markup_template('comment_item.tpl'); $tpl = get_markup_template('photo_item.tpl'); $return_url = $a->cmd; $like_tpl = get_markup_template('like_noshare.tpl'); $likebuttons = ''; if ($can_post || can_write_wall($a, $owner_uid)) { $likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => t("I don't like this (toggle)"), '$share' => t('Share'), '$wait' => t('Please wait'))); } $comments = ''; if (!count($r)) { if ($can_post || can_write_wall($a, $owner_uid)) { if ($link_item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '')); } } } $alike = array(); $dlike = array(); $like = ''; $dislike = ''; // display comments if (count($r)) { foreach ($r as $item) { like_puller($a, $item, $alike, 'like'); like_puller($a, $item, $dlike, 'dislike'); } $like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : ''; $dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : ''; if ($can_post || can_write_wall($a, $owner_uid)) { if ($link_item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => '')); } } foreach ($r as $item) { $comment = ''; $template = $tpl; $sparkle = ''; if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) { continue; } $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid']; if ($can_post || can_write_wall($a, $owner_uid)) { if ($item['last-child']) { $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => '')); } } if (local_user() && $item['contact-uid'] == local_user() && $item['network'] == 'dfrn' && !$item['self']) { $profile_url = $redirect_url; $sparkle = ' sparkle'; } else { $profile_url = $item['url']; $sparkle = ''; } $diff_author = $item['url'] !== $item['author-link'] ? true : false; $profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name']; $profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $item['thumb']; $profile_link = $profile_url; $drop = ''; if ($item['contact-id'] == remote_user() || $item['uid'] == local_user()) { $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete'))); } $comments .= replace_macros($template, array('$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => template_escape($profile_name), '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => template_escape($item['title']), '$body' => template_escape(bbcode($item['body'])), '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment)); } } $paginate = paginate($a); } $photo_tpl = get_markup_template('photo_view.tpl'); $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => array($album_link, template_escape($ph[0]['album'])), '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['desc'], '$tags' => template_escape($tags), '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => template_escape($like), '$dislike' => template_escape($dislike), '$comments' => $comments, '$paginate' => $paginate)); return $o; } // Default - show recent photos with upload link (if applicable) //$o = ''; $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id`", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos'))); if (count($r)) { $a->set_pager_total(count($r)); $a->set_pager_itemspage(20); } $r = q("SELECT `resource-id`, `id`, `filename`, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage'])); $photos = array(); if (count($r)) { $twist = 'rotright'; foreach ($r as $rr) { if ($twist == 'rotright') { $twist = 'rotleft'; } else { $twist = 'rotright'; } $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.jpg', 'alt' => template_escape($rr['filename']), 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']), 'name' => template_escape($rr['album']), 'alt' => t('View Album'))); } } $tpl = get_markup_template('photos_recent.tpl'); $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload'), '$photos' => $photos)); $o .= paginate($a); return $o; }
function search_content(&$a) { if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (get_config('system', 'local_search') and !local_user()) { notice(t('Public access denied.') . EOL); return; //http_status_exit(403); //killme(); } nav_set_selected('search'); $o = '<h3>' . t('Search') . '</h3>'; if (x($a->data, 'search')) { $search = notags(trim($a->data['search'])); } else { $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : ''; } $tag = false; if (x($_GET, 'tag')) { $tag = true; $search = x($_GET, 'tag') ? notags(trim(rawurldecode($_GET['tag']))) : ''; } $o .= search($search, 'search-box', '/search', local_user() ? true : false, false); if (strpos($search, '#') === 0) { $tag = true; $search = substr($search, 1); } if (strpos($search, '@') === 0) { return dirfind_content($a); } if (strpos($search, '!') === 0) { return dirfind_content($a); } if (x($_GET, 'search-option')) { switch ($_GET['search-option']) { case 'fulltext': break; case 'tags': $tag = true; break; case 'contacts': return dirfind_content($a, "@"); break; case 'forums': return dirfind_content($a, "!"); break; } } if (!$search) { return $o; } if (get_config('system', 'only_tag_search')) { $tag = true; } // Here is the way permissions work in the search module... // Only public posts can be shown // OR your own posts if you are a logged in member // No items will be shown if the member has a blocked profile wall. if ($tag) { logger("Start tag search for '" . $search . "'", LOGGER_DEBUG); $r = q("SELECT STRAIGHT_JOIN `item`.`uri`, `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `term`\n\t\t\t\tINNER JOIN `item` ON `item`.`id`=`term`.`oid`\n\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND NOT `contact`.`blocked` AND NOT `contact`.`pending`\n\t\t\tWHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`\n\t\t\t\tAND (`term`.`uid` = 0 OR (`term`.`uid` = %d AND NOT `term`.`global`)) AND `term`.`otype` = %d AND `term`.`type` = %d AND `term`.`term` = '%s'\n\t\t\tORDER BY term.created DESC LIMIT %d , %d ", intval(local_user()), intval(TERM_OBJ_POST), intval(TERM_HASHTAG), dbesc(protect_sprintf($search)), intval($a->pager['start']), intval($a->pager['itemspage'])); } else { logger("Start fulltext search for '" . $search . "'", LOGGER_DEBUG); if (get_config('system', 'use_fulltext_engine')) { $sql_extra = sprintf(" AND MATCH (`item`.`body`, `item`.`title`) AGAINST ('%s' in boolean mode) ", dbesc(protect_sprintf($search))); } else { $sql_extra = sprintf(" AND `item`.`body` REGEXP '%s' ", dbesc(protect_sprintf(preg_quote($search)))); } $r = q("SELECT STRAIGHT_JOIN `item`.`uri`, `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`alias`, `contact`.`rel`,\n\t\t\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\tFROM `item`\n\t\t\t\tINNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND NOT `contact`.`blocked` AND NOT `contact`.`pending`\n\t\t\tWHERE `item`.`visible` AND NOT `item`.`deleted` AND NOT `item`.`moderated`\n\t\t\t\tAND (`item`.`uid` = 0 OR (`item`.`uid` = %s AND (`item`.`private` OR NOT `item`.`network` IN ('%s', '%s', '%s'))))\n\t\t\t\t{$sql_extra}\n\t\t\tGROUP BY `item`.`uri` ORDER BY `item`.`id` DESC LIMIT %d , %d ", intval(local_user()), dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_DIASPORA), intval($a->pager['start']), intval($a->pager['itemspage'])); } if (!count($r)) { info(t('No results.') . EOL); return $o; } if ($tag) { $title = sprintf(t('Items tagged with: %s'), $search); } else { $title = sprintf(t('Search results for: %s'), $search); } $o .= replace_macros(get_markup_template("section_title.tpl"), array('$title' => $title)); logger("Start Conversation for '" . $search . "'", LOGGER_DEBUG); $o .= conversation($a, $r, 'search', false); $o .= alt_pager($a, count($r)); logger("Done '" . $search . "'", LOGGER_DEBUG); return $o; }
function app_render($papp, $mode = 'view') { /** * modes: * view: normal mode for viewing an app via bbcode from a conversation or page * provides install/update button if you're logged in locally * list: normal mode for viewing an app on the app page * no buttons are shown * edit: viewing the app page in editing mode provides a delete button */ $installed = false; if (!$papp['photo']) { $papp['photo'] = z_root() . '/' . get_default_profile_photo(80); } if (!$papp) { return; } $papp['papp'] = papp_encode($papp); foreach ($papp as $k => $v) { if (strpos($v, 'http') === 0 && $k != 'papp') { $papp[$k] = zid($v); } if ($k === 'desc') { $papp['desc'] = str_replace(array('\'', '"'), array(''', '&dquot;'), $papp['desc']); } if ($k === 'requires') { $require = trim(strtolower($v)); switch ($require) { case 'nologin': if (local_user()) { return ''; } break; case 'admin': if (!is_site_admin()) { return ''; } break; case 'local_user': if (!local_user()) { return ''; } break; case 'public_profile': if (!is_public_profile()) { return ''; } break; case 'observer': $observer = get_app()->get_observer(); if (!$observer) { return ''; } break; default: if (!local_user() && feature_enabled(local_user(), $require)) { return ''; } break; } } } $hosturl = ''; if (local_user()) { $installed = app_installed(local_user(), $papp); $hosturl = z_root() . '/'; } elseif (remote_user()) { $observer = get_app()->get_observer(); if ($observer && $observer['xchan_network'] === 'zot') { // some folks might have xchan_url redirected offsite, use the connurl $x = parse_url($observer['xchan_connurl']); if ($x) { $hosturl = $x['scheme'] . '://' . $x['host'] . '/'; } } } $install_action = $installed ? t('Update') : t('Install'); return replace_macros(get_markup_template('app.tpl'), array('$app' => $papp, '$hosturl' => $hosturl, '$purchase' => $papp['page'] && !$installed ? t('Purchase') : '', '$install' => $hosturl && $mode == 'view' ? $install_action : '', '$edit' => local_user() && $installed && $mode == 'edit' ? t('Edit') : '', '$delete' => local_user() && $installed && $mode == 'edit' ? t('Delete') : '')); }
function community_content(&$a, $update = 0) { $o = ''; if (get_config('system', 'block_public') && !local_user() && !remote_user()) { notice(t('Public access denied.') . EOL); return; } if (get_config('system', 'community_page_style') == CP_NO_COMMUNITY_PAGE) { notice(t('Not available.') . EOL); return; } require_once "include/bbcode.php"; require_once 'include/security.php'; require_once 'include/conversation.php'; $o .= '<h3>' . t('Community') . '</h3>'; if (!$update) { nav_set_selected('community'); } if (x($a->data, 'search')) { $search = notags(trim($a->data['search'])); } else { $search = x($_GET, 'search') ? notags(trim(rawurldecode($_GET['search']))) : ''; } // Here is the way permissions work in this module... // Only public posts can be shown // OR your own posts if you are a logged in member if (get_config('system', 'old_pager')) { $r = q("SELECT COUNT(distinct(`item`.`uri`)) AS `total`\n\t\t\tFROM `item` INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\tINNER JOIN `user` ON `user`.`uid` = `item`.`uid` AND `user`.`hidewall` = 0\n\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\tAND `item`.`private` = 0 AND `item`.`wall` = 1"); if (count($r)) { $a->set_pager_total($r[0]['total']); } if (!$r[0]['total']) { info(t('No results.') . EOL); return $o; } } $r = community_getitems($a->pager['start'], $a->pager['itemspage']); if (!count($r)) { info(t('No results.') . EOL); return $o; } $maxpostperauthor = get_config('system', 'max_author_posts_community_page'); if ($maxpostperauthor != 0) { $count = 1; $previousauthor = ""; $numposts = 0; $s = array(); do { foreach ($r as $row => $item) { if ($previousauthor == $item["author-link"]) { ++$numposts; } else { $numposts = 0; } $previousauthor = $item["author-link"]; if ($numposts < $maxpostperauthor and sizeof($s) < $a->pager['itemspage']) { $s[] = $item; } } if (sizeof($s) < $a->pager['itemspage']) { $r = community_getitems($a->pager['start'] + $count * $a->pager['itemspage'], $a->pager['itemspage']); } } while (sizeof($s) < $a->pager['itemspage'] and ++$count < 50 and sizeof($r) > 0); } else { $s = $r; } // we behave the same in message lists as the search module $o .= conversation($a, $s, 'community', $update); if (!get_config('system', 'old_pager')) { $o .= alt_pager($a, count($r)); } else { $o .= paginate($a); } return $o; }
function widget_fullprofile($arr) { $a = get_app(); if (!$a->profile['profile_uid']) { return; } $block = get_config('system', 'block_public') && !local_user() && !remote_user() ? true : false; return profile_sidebar($a->profile, $block); }
function drop_items($items) { $uid = 0; if (!local_user() && !remote_user()) { return; } if (count($items)) { foreach ($items as $item) { $owner = drop_item($item, false); if ($owner && !$uid) { $uid = $owner; } } } // multiple threads may have been deleted, send an expire notification if ($uid) { proc_run('php', "include/notifier.php", "expire", "{$uid}"); } }