/** * API Login via basic-auth or OAuth */ function api_login(&$a) { $record = null; require_once 'include/oauth.php'; // login with oauth try { $oauth = new ZotOAuth1(); $req = OAuth1Request::from_request(); list($consumer, $token) = $oauth->verify_request($req); if (!is_null($token)) { $oauth->loginUser($token->uid); App::set_oauth_key($consumer->key); call_hooks('logged_in', App::$user); return; } killme(); } catch (Exception $e) { logger($e->getMessage()); } // workarounds for HTTP-auth in CGI mode if (x($_SERVER, 'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } if (x($_SERVER, 'HTTP_AUTHORIZATION')) { $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); if (strlen($userpass)) { list($name, $password) = explode(':', $userpass); $_SERVER['PHP_AUTH_USER'] = $name; $_SERVER['PHP_AUTH_PW'] = $password; } } require_once 'include/auth.php'; require_once 'include/security.php'; // process normal login request if (isset($_SERVER['PHP_AUTH_USER'])) { $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); if ($record && $record['channel']) { $channel_login = $record['channel']['channel_id']; } } if ($record['account']) { authenticate_success($record['account']); if ($channel_login) { change_channel($channel_login); } $_SESSION['allow_api'] = true; return true; } else { $_SERVER['PHP_AUTH_PW'] = '*****'; logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG); log_failed_login('API login failure'); retry_basic_auth(); } }
/** * Send a multipart/alternative message with Text and HTML versions * * @param fromName name of the sender * @param fromEmail email fo the sender * @param replyTo replyTo address to direct responses * @param toEmail destination email address * @param messageSubject subject of the message * @param htmlVersion html version of the message * @param textVersion text only version of the message * @param additionalMailHeader additions to the smtp mail header * @param optional uid user id of the destination user */ public static function send($params) { call_hooks('emailer_send_prepare', $params); $email_textonly = False; if (x($params, "uid")) { $email_textonly = get_pconfig($params['uid'], "system", "email_textonly"); } $fromName = email_header_encode(html_entity_decode($params['fromName'], ENT_QUOTES, 'UTF-8'), 'UTF-8'); $messageSubject = email_header_encode(html_entity_decode($params['messageSubject'], ENT_QUOTES, 'UTF-8'), 'UTF-8'); // generate a mime boundary $mimeBoundary = rand(0, 9) . "-" . rand(10000000000, 99999999999) . "-" . rand(10000000000, 99999999999) . "=:" . rand(10000, 99999); // generate a multipart/alternative message header $messageHeader = $params['additionalMailHeader'] . "From: {$fromName} <{$params['fromEmail']}>\n" . "Reply-To: {$fromName} <{$params['replyTo']}>\n" . "MIME-Version: 1.0\n" . "Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\""; // assemble the final multipart message body with the text and html types included $textBody = chunk_split(base64_encode($params['textVersion'])); $htmlBody = chunk_split(base64_encode($params['htmlVersion'])); $multipartMessageBody = "--" . $mimeBoundary . "\n" . "Content-Type: text/plain; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $textBody . "\n"; if (!$email_textonly && !is_null($params['htmlVersion'])) { $multipartMessageBody .= "--" . $mimeBoundary . "\n" . "Content-Type: text/html; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $htmlBody . "\n"; } $multipartMessageBody .= "--" . $mimeBoundary . "--\n"; // message ending // send the message $hookdata = array('to' => $params['toEmail'], 'subject' => $messageSubject, 'body' => $multipartMessageBody, 'headers' => $messageHeader); //echo "<pre>"; var_dump($hookdata); killme(); call_hooks("emailer_send", $hookdata); $res = mail($hookdata['to'], $hookdata['subject'], $hookdata['body'], $hookdata['headers']); logger("header " . 'To: ' . $params['toEmail'] . "\n" . $messageHeader, LOGGER_DEBUG); logger("return value " . ($res ? "true" : "false"), LOGGER_DEBUG); return $res; }
function search_ac_init(&$a) { if (!local_channel()) { killme(); } $start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0; $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100; $search = x($_REQUEST, 'search') ? $_REQUEST['search'] : ""; if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) { $search = $_REQUEST['query']; } // Priority to people searches if ($search) { $people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' "); $tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' "); } $r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel())); $results = array(); if ($r) { foreach ($r as $g) { $results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => ''); } } $r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG)); if (count($r)) { foreach ($r as $g) { $results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => ''); } } header("content-type: application/json"); $o = array('start' => $start, 'count' => $count, 'items' => $results); echo json_encode($o); logger('search_ac: ' . print_r($x, true)); killme(); }
function tagrm_post(&$a) { if (!local_user()) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : ''; $item = x($_POST, 'item') ? intval($_POST['item']) : 0; $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user())); if (!count($r)) { goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); } $arr = explode(',', $r[0]['tag']); for ($x = 0; $x < count($arr); $x++) { if ($arr[$x] === $tag) { unset($arr[$x]); break; } } $tag_str = implode(',', $arr); q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user())); info(t('Tag removed') . EOL); goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']); // NOTREACHED }
/** * @brief Return timezones grouped (primarily) by continent. * * @return array */ function get_timezones() { $timezone_identifiers = DateTimeZone::listIdentifiers(); usort($timezone_identifiers, 'timezone_cmp'); $continent = ''; $continents = array(); foreach ($timezone_identifiers as $value) { $ex = explode("/", $value); if (count($ex) > 1) { $continent = t($ex[0]); if (count($ex) > 2) { $city = substr($value, strpos($value, '/') + 1); } else { $city = $ex[1]; } } else { $city = $ex[0]; $continent = t('Miscellaneous'); } $city = str_replace('_', ' ', t($city)); if (!x($continents, $ex[0])) { $continents[$ex[0]] = array(); } $continents[$continent][$value] = $city; } return $continents; }
function post() { if (!local_channel()) { return; } if ($_SESSION['delegate']) { return; } if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) { return; } if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) { return; } if ($_POST['verify'] !== $_SESSION['remove_account_verify']) { return; } $account = \App::get_account(); $account_id = get_account_id(); if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) { return; } if ($account['account_password_changed'] != NULL_DATE) { $d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours'); if ($account['account_password_changed'] > d1) { notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL); return; } } $global_remove = intval($_POST['global']); account_remove($account_id, 1 - $global_remove); }
function get() { $o .= '<h3>Probe Diagnostic</h3>'; $o .= '<form action="probe" method="get">'; $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />'; $o .= '<input type="submit" name="submit" value="Submit" /></form>'; $o .= '<br /><br />'; if (x($_GET, 'addr')) { $channel = \App::get_channel(); $addr = trim($_GET['addr']); $do_import = intval($_GET['import']) && is_site_admin() ? true : false; $j = \Zotlabs\Zot\Finger::run($addr, $channel, false); // $res = zot_finger($addr,$channel,false); $o .= '<pre>'; if (!$j['success']) { $o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n"); $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; $j = \Zotlabs\Zot\Finger::run($addr, $channel, true); if (!$j['success']) { $o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n"); } } if ($do_import && $j) { $x = import_xchan($j); } if ($j && $j['permissions'] && $j['permissions']['iv']) { $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'], $channel['channel_prvkey']), true); } $o .= str_replace("\n", '<br />', print_r($j, true)); $o .= '</pre>'; } return $o; }
function siteinfo_init(&$a) { if ($a->argv[1] == "json") { $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); $sql_extra = ''; if (x($a->config, 'admin_nickname')) { $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname'])); } if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') { $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email'])); $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']); } else { $admin = false; } $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if (count($r)) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } if (@is_dir('.git') && function_exists('shell_exec')) { $commit = @shell_exec('git log -1 --format="%h"'); } if (!isset($commit) || strlen($commit) > 16) { $commit = ''; } $data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : ''); echo json_encode($data); killme(); } }
function libertree_post_local(&$a, &$b) { // This can probably be changed to allow editing by pointing to a different API endpoint if ($b['edit']) { return; } if (!local_channel() || local_channel() != $b['uid']) { return; } if ($b['item_private'] || $b['mid'] != $b['parent_mid']) { return; } $ltree_post = intval(get_pconfig(local_channel(), 'libertree', 'post')); $ltree_enable = $ltree_post && x($_REQUEST, 'libertree_enable') ? intval($_REQUEST['libertree_enable']) : 0; if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'libertree', 'post_by_default'))) { $ltree_enable = 1; } if (!$ltree_enable) { return; } if (strlen($b['postopts'])) { $b['postopts'] .= ','; } $b['postopts'] .= 'libertree'; }
function regmod_content(&$a) { global $lang; $_SESSION['return_url'] = $a->cmd; if (!local_user()) { info(t('Please login.') . EOL); $o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1); return $o; } if (!is_site_admin() || x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { notice(t('Permission denied.') . EOL); return ''; } if ($a->argc != 3) { killme(); } $cmd = $a->argv[1]; $hash = $a->argv[2]; if ($cmd === 'deny') { user_deny($hash); goaway($a->get_baseurl() . "/admin/users/"); killme(); } if ($cmd === 'allow') { user_allow($hash); goaway($a->get_baseurl() . "/admin/users/"); killme(); } }
function post() { check_form_security_token_redirectOnErr('/admin/security', 'admin_security'); $allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : ''; $not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : ''; set_config('system', 'allowed_email', $allowed_email); set_config('system', 'not_allowed_email', $not_allowed_email); $block_public = x($_POST, 'block_public') ? True : False; set_config('system', 'block_public', $block_public); $ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites'])); set_config('system', 'whitelisted_sites', $ws); $bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites'])); set_config('system', 'blacklisted_sites', $bs); $wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels'])); set_config('system', 'whitelisted_channels', $wc); $bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels'])); set_config('system', 'blacklisted_channels', $bc); $embed_sslonly = x($_POST, 'embed_sslonly') ? True : False; set_config('system', 'embed_sslonly', $embed_sslonly); $we = $this->trim_array_elems(explode("\n", $_POST['embed_allow'])); set_config('system', 'embed_allow', $we); $be = $this->trim_array_elems(explode("\n", $_POST['embed_deny'])); set_config('system', 'embed_deny', $be); $ts = x($_POST, 'transport_security') ? True : False; set_config('system', 'transport_security_header', $ts); $cs = x($_POST, 'content_security') ? True : False; set_config('system', 'content_security_policy', $cs); goaway(z_root() . '/admin/security'); }
function irc_content(&$a) { $baseurl = z_root() . '/addon/irc'; $o = ''; /* set the list of popular channels */ $sitechats = get_config('irc', 'sitechats'); if ($sitechats) { $chats = explode(',', $sitechats); } else { $chats = array('hubzilla', 'friendica', 'chat', 'chatback', 'hottub', 'ircbar', 'dateroom', 'debian'); } App::$page['aside'] .= '<div class="widget"><h3>' . t('Popular Channels') . '</h3><ul>'; foreach ($chats as $chat) { App::$page['aside'] .= '<li><a href="' . z_root() . '/irc?channels=' . $chat . '" >' . '#' . $chat . '</a></li>'; } App::$page['aside'] .= '</ul></div>'; /* setting the channel(s) to auto connect */ $autochans = get_config('irc', 'autochans'); if ($autochans) { $channels = $autochans; } else { $channels = x($_GET, 'channels') ? $_GET['channels'] : 'hubzilla'; } /* add the chatroom frame and some html */ $o .= <<<EOT <h2>IRC chat</h2> <p><a href="http://tldp.org/HOWTO/IRC/beginners.html" target="_blank">A beginner's guide to using IRC. [en]</a></p> <iframe src="//webchat.freenode.net?channels={$channels}" width="100%" height="600"></iframe> EOT; return $o; }
function redText($text, $color = "red") { if (is_object($text)) { $text = $text->name(); } return x("span style='color:" . $color . "'", trim($text)); }
function removeaccount_post(&$a) { if (!local_user()) { return; } if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { return; } if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) { return; } if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) { return; } if ($_POST['verify'] !== $_SESSION['remove_account_verify']) { return; } $account = $a->get_account(); $account_id = get_account_id(); if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) { return; } if ($account['account_password_changed'] != NULL_DATE) { $d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours'); if ($account['account_password_changed'] > d1) { notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL); return; } } require_once 'include/Contact.php'; $global_remove = intval($_POST['global']); account_remove($account_id, true); }
function lostpass_content(&$a) { if (x($_GET, 'verify')) { $verify = $_GET['verify']; $r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify)); if (!$r) { notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); goaway(z_root()); return; } $aid = $r[0]['account_id']; $email = $r[0]['account_email']; $new_password = autoname(6) . mt_rand(100, 9999); $salt = random_string(32); $password_encoded = hash('whirlpool', $salt . $new_password); $r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid)); if ($r) { $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl())); info("Your password has been reset." . EOL); $email_tpl = get_intltext_template("passchanged_eml.tpl"); $message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid)); $subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8'); $res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit'); return $o; } } else { $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset'))); return $o; } }
function webfinger_content(&$a) { $o .= '<h3>Webfinger Diagnostic</h3>'; $o .= '<form action="webfinger" method="get">'; $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />'; $o .= '<input type="submit" name="submit" value="Submit" /></form>'; $o .= '<br /><br />'; if (x($_GET, 'addr')) { $addr = trim($_GET['addr']); if (strpos($addr, '@') !== false) { $res = webfinger_rfc7033($addr, true); if (!$res) { $res = old_webfinger($addr); } } else { if (function_exists('lrdd')) { $res = lrdd($addr); } } $o .= '<pre>'; $o .= str_replace("\n", '<br />', print_r($res, true)); $o .= '</pre>'; } return $o; }
function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false) { global $a; $o = ''; // When used for private messages, we limit correspondence to mutual friends and the selector // to one recipient. By default our selector allows multiple selects amongst all contacts. if ($privmail) { $sql_extra = sprintf(" AND `rel` = %d ", intval(DIRECTION_BOTH)); $o .= "<select name=\"{$selname}\" class=\"{$selclass}\" size=\"{$size}\" />\r\n"; } else { $sql_extra = ''; $o .= "<select name=\"{$selname}[]\" class=\"{$selclass}\" multiple=\"multiple\" size=\"{$size}\" />\r\n"; } // ignore readonly contacts when operating in celebrity mode - // the selector HTML could grow quite large and affect a lot of pages if (x($a->config, 'rockstar')) { $sql_extra .= " AND `readonly` = 0 "; } $r = q("SELECT `id`, `name`, `url` FROM `contact` \n\t\tWHERE `self` = 0 AND `blocked` = 0 AND `pending` = 0 \n\t\t{$sql_extra} ORDER BY `name` ASC "); if (count($r)) { foreach ($r as $rr) { if (is_array($preselected) && in_array($rr['id'], $preselected)) { $selected = " selected=\"selected\" "; } else { $selected = ''; } $o .= "<option value=\"{$rr['id']}\" {$selected} title=\"{$rr['url']}\" >{$rr['name']}</option>\r\n"; } } $o .= "</select>\r\n"; return $o; }
function probe_content(&$a) { $o .= '<h3>Probe Diagnostic</h3>'; $o .= '<form action="probe" method="get">'; $o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />'; $o .= '<input type="submit" name="submit" value="Submit" /></form>'; $o .= '<br /><br />'; if (x($_GET, 'addr')) { $channel = $a->get_channel(); $addr = trim($_GET['addr']); $res = zot_finger($addr, $channel, false); $o .= '<pre>'; if ($res['success']) { $j = json_decode($res['body'], true); } else { $o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n"); $o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n"; $res = zot_finger($addr, $channel, true); if ($res['success']) { $j = json_decode($res['body'], true); } else { $o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n"); } } if ($j && $j['permissions'] && $j['permissions']['iv']) { $j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'], $channel['channel_prvkey']), true); } $o .= str_replace("\n", '<br />', print_r($j, true)); $o .= '</pre>'; } return $o; }
function notifications_content(&$a) { if (!local_user()) { notice(t('Permission denied') . EOL); goaway($a->get_baseurl()); } $o = ''; if ($a->argc > 1 && $a->argv[1] == 'all') { $sql_extra = ''; } else { $sql_extra = " AND `ignore` = 0 "; } $tpl = file_get_contents('view/intros-top.tpl'); $o .= replace_macros($tpl, array('$hide_url' => strlen($sql_extra) ? 'notifications/all' : 'notifications', '$hide_text' => strlen($sql_extra) ? t('Show Ignored Requests') : t('Hide Ignored Requests'))); $r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.* \n\t\tFROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`\n\t\tWHERE `intro`.`blocked` = 0 {$sql_extra} "); if ($r !== false && count($r)) { $tpl = file_get_contents("view/intros.tpl"); foreach ($r as $rr) { $o .= replace_macros($tpl, array('$intro_id' => $rr['intro-id'], '$dfrn-id' => $rr['issued-id'], '$uid' => $_SESSION['uid'], '$contact-id' => $rr['contact-id'], '$photo' => x($rr, 'photo') ? $rr['photo'] : "images/default-profile.jpg", '$fullname' => $rr['name'], '$knowyou' => $rr['knowyou'] ? t('yes') : t('no'), '$url' => $rr['url'], '$note' => $rr['note'])); } } else { notice(t('No notifications.') . EOL); } return $o; }
/** * * @param object &$a */ function filestorage_post(&$a) { $channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0; if (!$channel_id || !local_channel() || $channel_id != local_channel()) { notice(t('Permission denied.') . EOL); return; } $recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0; $resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : ''; $notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0; if (!$resource) { notice(t('Item not found.') . EOL); return; } $str_group_allow = perms2str($_REQUEST['group_allow']); $str_contact_allow = perms2str($_REQUEST['contact_allow']); $str_group_deny = perms2str($_REQUEST['group_deny']); $str_contact_deny = perms2str($_REQUEST['contact_deny']); $channel = $a->get_channel(); $cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource); //get the object before permissions change so we can catch eventual former allowed members $object = get_file_activity_object($channel_id, $resource, $cloudPath); attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse); file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify); goaway($cloudPath); }
function &foo() { $x = 2; $z = x(); $y =& ${$z}; return $y; }
function suggest_init(&$a) { if (!local_user()) { return; } if (x($_GET, 'ignore') && intval($_GET['ignore'])) { // Check if we should do HTML-based delete confirmation if ($_REQUEST['confirm']) { // <form> can't take arguments in its "action" parameter // so add any arguments as hidden inputs $query = explode_querystring($a->query_string); $inputs = array(); foreach ($query['args'] as $arg) { if (strpos($arg, 'confirm=') === false) { $arg_parts = explode('=', $arg); $inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]); } } $a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array('$method' => 'get', '$message' => t('Do you really want to delete this suggestion?'), '$extra_inputs' => $inputs, '$confirm' => t('Yes'), '$confirm_url' => $query['base'], '$confirm_name' => 'confirmed', '$cancel' => t('Cancel'))); $a->error = 1; // Set $a->error so the other module functions don't execute return; } // Now check how the user responded to the confirmation query if (!$_REQUEST['canceled']) { q("INSERT INTO `gcign` ( `uid`, `gcid` ) VALUES ( %d, %d ) ", intval(local_user()), intval($_GET['ignore'])); } } }
function starred_init(&$a) { $starred = 0; if (!local_user()) { killme(); } if ($a->argc > 1) { $message_id = intval($a->argv[1]); } if (!$message_id) { killme(); } $r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id)); if (!count($r)) { killme(); } if (!intval($r[0]['starred'])) { $starred = 1; } $r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", intval($starred), intval(local_user()), intval($message_id)); // See if we've been passed a return path to redirect to $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : ''; if ($return_path) { $rand = '_=' . time(); if (strpos($return_path, '?')) { $rand = "&{$rand}"; } else { $rand = "?{$rand}"; } goaway($a->get_baseurl() . "/" . $return_path . $rand); } // the json doesn't really matter, it will either be 0 or 1 echo json_encode($starred); killme(); }
function langfilter_addon_settings_post(&$a, &$b) { if (!local_user()) { return; } if ($_POST['langfilter-settings-submit']) { set_pconfig(local_user(), 'langfilter', 'languages', trim($_POST['langfilter_languages'])); $enable = x($_POST, 'langfilter_enable') ? intval($_POST['langfilter_enable']) : 0; $disable = 1 - $enable; set_pconfig(local_user(), 'langfilter', 'disable', $disable); $minconfidence = 0 + $_POST['langfilter_minconfidence']; if (!$minconfidence) { $minconfidence = 0; } else { if ($minconfidence < 0) { $minconfidence = 0; } else { if ($minconfidence > 100) { $minconfidence = 100; } } } set_pconfig(local_user(), 'langfilter', 'minconfidence', $minconfidence / 100.0); info(t('Language Filter Settings saved.') . EOL); } }
function __construct() { $this->config = array(); $this->page = array(); $this->pager = array(); $this->scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? 'https' : 'http'; $this->hostname = str_replace('www.', '', $_SERVER['SERVER_NAME']); set_include_path("include/{$this->hostname}" . PATH_SEPARATOR . 'include' . PATH_SEPARATOR . '.'); if (substr($_SERVER['QUERY_STRING'], 0, 2) == "q=") { $_SERVER['QUERY_STRING'] = substr($_SERVER['QUERY_STRING'], 2); } $this->cmd = trim($_GET['q'], '/'); $this->argv = explode('/', $this->cmd); $this->argc = count($this->argv); if (array_key_exists('0', $this->argv) && strlen($this->argv[0])) { $this->module = $this->argv[0]; } else { $this->module = 'home'; } if ($this->cmd == '.well-known/host-meta') { require_once 'include/hostxrd.php'; } $this->pager['page'] = x($_GET, 'page') ? $_GET['page'] : 1; $this->pager['itemspage'] = 50; $this->pager['start'] = $this->pager['page'] * $this->pager['itemspage'] - $this->pager['itemspage']; $this->pager['total'] = 0; }
function lostpass_content(&$a) { if (x($_GET, 'verify')) { $verify = $_GET['verify']; $hash = hash('whirlpool', $verify); $r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash)); if (!count($r)) { notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL); goaway(z_root()); return; } $uid = $r[0]['uid']; $username = $r[0]['username']; $email = $r[0]['email']; $new_password = autoname(6) . mt_rand(100, 9999); $new_password_encoded = hash('whirlpool', $new_password); $r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid)); if ($r) { $tpl = get_markup_template('pwdreset.tpl'); $o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl())); info("Your password has been reset." . EOL); $email_tpl = get_intltext_template("passchanged_eml.tpl"); $email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid)); $res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit'); return $o; } } else { $tpl = get_markup_template('lostpass.tpl'); $o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset'))); return $o; } }
function dwpost_post_local(&$a, &$b) { // This can probably be changed to allow editing by pointing to a different API endpoint if ($b['edit']) { return; } if (!local_channel() || local_channel() != $b['uid']) { return; } if ($b['item_private'] || $b['parent']) { return; } logger('Dreamwidth xpost invoked'); $dw_post = intval(get_pconfig(local_channel(), 'dwpost', 'post')); $dw_enable = $dw_post && x($_REQUEST, 'dwpost_enable') ? intval($_REQUEST['dwpost_enable']) : 0; if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'dwpost', 'post_by_default'))) { $dw_enable = 1; } if (!$dw_enable) { return; } if (strlen($b['postopts'])) { $b['postopts'] .= ','; } $b['postopts'] .= 'dwpost'; }
function post() { if (!local_channel()) { goaway(z_root() . '/' . $_SESSION['photo_return']); } if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) { goaway(z_root() . '/' . $_SESSION['photo_return']); } $tag = x($_POST, 'tag') ? trim($_POST['tag']) : ''; $item = x($_POST, 'item') ? intval($_POST['item']) : 0; $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel())); if (!$r) { goaway(z_root() . '/' . $_SESSION['photo_return']); } $r = fetch_post_tags($r, true); $item = $r[0]; $new_tags = array(); if ($item['term']) { for ($x = 0; $x < count($item['term']); $x++) { if ($item['term'][$x]['term'] !== hex2bin($tag)) { $new_tags[] = $item['term'][$x]; } } } if ($new_tags) { $item['term'] = $new_tags; } else { unset($item['term']); } item_store_update($item); info(t('Tag removed') . EOL); goaway(z_root() . '/' . $_SESSION['photo_return']); // NOTREACHED }
function nofed_post_local(&$a, &$b) { if ($b['created'] != $b['edited']) { return; } if ($b['mid'] !== $b['parent_mid']) { return; } if (local_channel() && local_channel() == $b['uid']) { if ($b['allow_cid'] || $b['allow_gid'] || $b['deny_cid'] || $b['deny_gid']) { return; } $nofed_post = get_pconfig(local_channel(), 'nofed', 'post'); if (!$nofed_post) { return; } $nofed_enable = $nofed_post && x($_REQUEST, 'nofed_enable') ? intval($_REQUEST['nofed_enable']) : 0; // if API is used, default to the chosen settings if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'nofed', 'post_by_default'))) { $nofed_enable = 1; } if ($nofed_enable) { return; } if (strlen($b['postopts'])) { $b['postopts'] .= ','; } $b['postopts'] .= 'nodeliver'; } }
function feed_init(&$a) { $params = array(); $params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE; $params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : ''; $params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml'; $params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0; $params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0; $params['start'] = x($params, 'start') ? intval($params['start']) : 0; $params['records'] = x($params, 'records') ? intval($params['records']) : 40; $params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc'; $params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : ''; $channel = ''; if (argc() > 1) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1))); if (!($r && count($r))) { killme(); } $channel = $r[0]; if (intval(get_config('system', 'block_public')) && !get_account_id()) { killme(); } logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); echo get_public_feed($channel, $params); killme(); } }