/**
* API Login via basic-auth or OAuth
*/
function api_login(&$a)
{
$record = null;
require_once 'include/oauth.php';
// login with oauth
try {
$oauth = new ZotOAuth1();
$req = OAuth1Request::from_request();
list($consumer, $token) = $oauth->verify_request($req);
if (!is_null($token)) {
$oauth->loginUser($token->uid);
App::set_oauth_key($consumer->key);
call_hooks('logged_in', App::$user);
return;
}
killme();
} catch (Exception $e) {
logger($e->getMessage());
}
// workarounds for HTTP-auth in CGI mode
if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6));
if (strlen($userpass)) {
list($name, $password) = explode(':', $userpass);
$_SERVER['PHP_AUTH_USER'] = $name;
$_SERVER['PHP_AUTH_PW'] = $password;
}
}
require_once 'include/auth.php';
require_once 'include/security.php';
// process normal login request
if (isset($_SERVER['PHP_AUTH_USER'])) {
$channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if ($record && $record['channel']) {
$channel_login = $record['channel']['channel_id'];
}
}
if ($record['account']) {
authenticate_success($record['account']);
if ($channel_login) {
change_channel($channel_login);
}
$_SESSION['allow_api'] = true;
return true;
} else {
$_SERVER['PHP_AUTH_PW'] = '*****';
logger('API_login failure: ' . print_r($_SERVER, true), LOGGER_DEBUG);
log_failed_login('API login failure');
retry_basic_auth();
}
}
/**
* Send a multipart/alternative message with Text and HTML versions
*
* @param fromName name of the sender
* @param fromEmail email fo the sender
* @param replyTo replyTo address to direct responses
* @param toEmail destination email address
* @param messageSubject subject of the message
* @param htmlVersion html version of the message
* @param textVersion text only version of the message
* @param additionalMailHeader additions to the smtp mail header
* @param optional uid user id of the destination user
*/
public static function send($params)
{
call_hooks('emailer_send_prepare', $params);
$email_textonly = False;
if (x($params, "uid")) {
$email_textonly = get_pconfig($params['uid'], "system", "email_textonly");
}
$fromName = email_header_encode(html_entity_decode($params['fromName'], ENT_QUOTES, 'UTF-8'), 'UTF-8');
$messageSubject = email_header_encode(html_entity_decode($params['messageSubject'], ENT_QUOTES, 'UTF-8'), 'UTF-8');
// generate a mime boundary
$mimeBoundary = rand(0, 9) . "-" . rand(10000000000, 99999999999) . "-" . rand(10000000000, 99999999999) . "=:" . rand(10000, 99999);
// generate a multipart/alternative message header
$messageHeader = $params['additionalMailHeader'] . "From: {$fromName} <{$params['fromEmail']}>\n" . "Reply-To: {$fromName} <{$params['replyTo']}>\n" . "MIME-Version: 1.0\n" . "Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\"";
// assemble the final multipart message body with the text and html types included
$textBody = chunk_split(base64_encode($params['textVersion']));
$htmlBody = chunk_split(base64_encode($params['htmlVersion']));
$multipartMessageBody = "--" . $mimeBoundary . "\n" . "Content-Type: text/plain; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $textBody . "\n";
if (!$email_textonly && !is_null($params['htmlVersion'])) {
$multipartMessageBody .= "--" . $mimeBoundary . "\n" . "Content-Type: text/html; charset=UTF-8\n" . "Content-Transfer-Encoding: base64\n\n" . $htmlBody . "\n";
}
$multipartMessageBody .= "--" . $mimeBoundary . "--\n";
// message ending
// send the message
$hookdata = array('to' => $params['toEmail'], 'subject' => $messageSubject, 'body' => $multipartMessageBody, 'headers' => $messageHeader);
//echo "<pre>"; var_dump($hookdata); killme();
call_hooks("emailer_send", $hookdata);
$res = mail($hookdata['to'], $hookdata['subject'], $hookdata['body'], $hookdata['headers']);
logger("header " . 'To: ' . $params['toEmail'] . "\n" . $messageHeader, LOGGER_DEBUG);
logger("return value " . ($res ? "true" : "false"), LOGGER_DEBUG);
return $res;
}
function search_ac_init(&$a)
{
if (!local_channel()) {
killme();
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel()));
$results = array();
if ($r) {
foreach ($r as $g) {
$results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => '');
}
}
$r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
if (count($r)) {
foreach ($r as $g) {
$results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => '');
}
}
header("content-type: application/json");
$o = array('start' => $start, 'count' => $count, 'items' => $results);
echo json_encode($o);
logger('search_ac: ' . print_r($x, true));
killme();
}
function tagrm_post(&$a)
{
if (!local_user()) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : '';
$item = x($_POST, 'item') ? intval($_POST['item']) : 0;
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user()));
if (!count($r)) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$arr = explode(',', $r[0]['tag']);
for ($x = 0; $x < count($arr); $x++) {
if ($arr[$x] === $tag) {
unset($arr[$x]);
break;
}
}
$tag_str = implode(',', $arr);
q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user()));
info(t('Tag removed') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
/**
* @brief Return timezones grouped (primarily) by continent.
*
* @return array
*/
function get_timezones()
{
$timezone_identifiers = DateTimeZone::listIdentifiers();
usort($timezone_identifiers, 'timezone_cmp');
$continent = '';
$continents = array();
foreach ($timezone_identifiers as $value) {
$ex = explode("/", $value);
if (count($ex) > 1) {
$continent = t($ex[0]);
if (count($ex) > 2) {
$city = substr($value, strpos($value, '/') + 1);
} else {
$city = $ex[1];
}
} else {
$city = $ex[0];
$continent = t('Miscellaneous');
}
$city = str_replace('_', ' ', t($city));
if (!x($continents, $ex[0])) {
$continents[$ex[0]] = array();
}
$continents[$continent][$value] = $city;
}
return $continents;
}
function post()
{
if (!local_channel()) {
return;
}
if ($_SESSION['delegate']) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$account = \App::get_account();
$account_id = get_account_id();
if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) {
return;
}
if ($account['account_password_changed'] != NULL_DATE) {
$d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours');
if ($account['account_password_changed'] > d1) {
notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL);
return;
}
}
$global_remove = intval($_POST['global']);
account_remove($account_id, 1 - $global_remove);
}
function get()
{
$o .= '<h3>Probe Diagnostic</h3>';
$o .= '<form action="probe" method="get">';
$o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />';
$o .= '<input type="submit" name="submit" value="Submit" /></form>';
$o .= '<br /><br />';
if (x($_GET, 'addr')) {
$channel = \App::get_channel();
$addr = trim($_GET['addr']);
$do_import = intval($_GET['import']) && is_site_admin() ? true : false;
$j = \Zotlabs\Zot\Finger::run($addr, $channel, false);
// $res = zot_finger($addr,$channel,false);
$o .= '<pre>';
if (!$j['success']) {
$o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n");
$o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n";
$j = \Zotlabs\Zot\Finger::run($addr, $channel, true);
if (!$j['success']) {
$o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n");
}
}
if ($do_import && $j) {
$x = import_xchan($j);
}
if ($j && $j['permissions'] && $j['permissions']['iv']) {
$j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'], $channel['channel_prvkey']), true);
}
$o .= str_replace("\n", '<br />', print_r($j, true));
$o .= '</pre>';
}
return $o;
}
function siteinfo_init(&$a)
{
if ($a->argv[1] == "json") {
$register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN');
$sql_extra = '';
if (x($a->config, 'admin_nickname')) {
$sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname']));
}
if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') {
$r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email']));
$admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']);
} else {
$admin = false;
}
$visible_plugins = array();
if (is_array($a->plugins) && count($a->plugins)) {
$r = q("select * from addon where hidden = 0");
if (count($r)) {
foreach ($r as $rr) {
$visible_plugins[] = $rr['name'];
}
}
}
if (@is_dir('.git') && function_exists('shell_exec')) {
$commit = @shell_exec('git log -1 --format="%h"');
}
if (!isset($commit) || strlen($commit) > 16) {
$commit = '';
}
$data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : '');
echo json_encode($data);
killme();
}
}
function libertree_post_local(&$a, &$b)
{
// This can probably be changed to allow editing by pointing to a different API endpoint
if ($b['edit']) {
return;
}
if (!local_channel() || local_channel() != $b['uid']) {
return;
}
if ($b['item_private'] || $b['mid'] != $b['parent_mid']) {
return;
}
$ltree_post = intval(get_pconfig(local_channel(), 'libertree', 'post'));
$ltree_enable = $ltree_post && x($_REQUEST, 'libertree_enable') ? intval($_REQUEST['libertree_enable']) : 0;
if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'libertree', 'post_by_default'))) {
$ltree_enable = 1;
}
if (!$ltree_enable) {
return;
}
if (strlen($b['postopts'])) {
$b['postopts'] .= ',';
}
$b['postopts'] .= 'libertree';
}
function regmod_content(&$a)
{
global $lang;
$_SESSION['return_url'] = $a->cmd;
if (!local_user()) {
info(t('Please login.') . EOL);
$o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
return $o;
}
if (!is_site_admin() || x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
notice(t('Permission denied.') . EOL);
return '';
}
if ($a->argc != 3) {
killme();
}
$cmd = $a->argv[1];
$hash = $a->argv[2];
if ($cmd === 'deny') {
user_deny($hash);
goaway($a->get_baseurl() . "/admin/users/");
killme();
}
if ($cmd === 'allow') {
user_allow($hash);
goaway($a->get_baseurl() . "/admin/users/");
killme();
}
}
function post()
{
check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
$allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : '';
$not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : '';
set_config('system', 'allowed_email', $allowed_email);
set_config('system', 'not_allowed_email', $not_allowed_email);
$block_public = x($_POST, 'block_public') ? True : False;
set_config('system', 'block_public', $block_public);
$ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites']));
set_config('system', 'whitelisted_sites', $ws);
$bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites']));
set_config('system', 'blacklisted_sites', $bs);
$wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels']));
set_config('system', 'whitelisted_channels', $wc);
$bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels']));
set_config('system', 'blacklisted_channels', $bc);
$embed_sslonly = x($_POST, 'embed_sslonly') ? True : False;
set_config('system', 'embed_sslonly', $embed_sslonly);
$we = $this->trim_array_elems(explode("\n", $_POST['embed_allow']));
set_config('system', 'embed_allow', $we);
$be = $this->trim_array_elems(explode("\n", $_POST['embed_deny']));
set_config('system', 'embed_deny', $be);
$ts = x($_POST, 'transport_security') ? True : False;
set_config('system', 'transport_security_header', $ts);
$cs = x($_POST, 'content_security') ? True : False;
set_config('system', 'content_security_policy', $cs);
goaway(z_root() . '/admin/security');
}
function irc_content(&$a)
{
$baseurl = z_root() . '/addon/irc';
$o = '';
/* set the list of popular channels */
$sitechats = get_config('irc', 'sitechats');
if ($sitechats) {
$chats = explode(',', $sitechats);
} else {
$chats = array('hubzilla', 'friendica', 'chat', 'chatback', 'hottub', 'ircbar', 'dateroom', 'debian');
}
App::$page['aside'] .= '<div class="widget"><h3>' . t('Popular Channels') . '</h3><ul>';
foreach ($chats as $chat) {
App::$page['aside'] .= '<li><a href="' . z_root() . '/irc?channels=' . $chat . '" >' . '#' . $chat . '</a></li>';
}
App::$page['aside'] .= '</ul></div>';
/* setting the channel(s) to auto connect */
$autochans = get_config('irc', 'autochans');
if ($autochans) {
$channels = $autochans;
} else {
$channels = x($_GET, 'channels') ? $_GET['channels'] : 'hubzilla';
}
/* add the chatroom frame and some html */
$o .= <<<EOT
<h2>IRC chat</h2>
<p><a href="http://tldp.org/HOWTO/IRC/beginners.html" target="_blank">A beginner's guide to using IRC. [en]</a></p>
<iframe src="//webchat.freenode.net?channels={$channels}" width="100%" height="600"></iframe>
EOT;
return $o;
}
function redText($text, $color = "red")
{
if (is_object($text)) {
$text = $text->name();
}
return x("span style='color:" . $color . "'", trim($text));
}
function removeaccount_post(&$a)
{
if (!local_user()) {
return;
}
if (x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
return;
}
if (!x($_POST, 'qxz_password') || !strlen(trim($_POST['qxz_password']))) {
return;
}
if (!x($_POST, 'verify') || !strlen(trim($_POST['verify']))) {
return;
}
if ($_POST['verify'] !== $_SESSION['remove_account_verify']) {
return;
}
$account = $a->get_account();
$account_id = get_account_id();
if (!account_verify_password($account['account_email'], $_POST['qxz_password'])) {
return;
}
if ($account['account_password_changed'] != NULL_DATE) {
$d1 = datetime_convert('UTC', 'UTC', 'now - 48 hours');
if ($account['account_password_changed'] > d1) {
notice(t('Account removals are not allowed within 48 hours of changing the account password.') . EOL);
return;
}
}
require_once 'include/Contact.php';
$global_remove = intval($_POST['global']);
account_remove($account_id, true);
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
if (!$r) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$aid = $r[0]['account_id'];
$email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8');
$res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
return $o;
}
}
function webfinger_content(&$a)
{
$o .= '<h3>Webfinger Diagnostic</h3>';
$o .= '<form action="webfinger" method="get">';
$o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />';
$o .= '<input type="submit" name="submit" value="Submit" /></form>';
$o .= '<br /><br />';
if (x($_GET, 'addr')) {
$addr = trim($_GET['addr']);
if (strpos($addr, '@') !== false) {
$res = webfinger_rfc7033($addr, true);
if (!$res) {
$res = old_webfinger($addr);
}
} else {
if (function_exists('lrdd')) {
$res = lrdd($addr);
}
}
$o .= '<pre>';
$o .= str_replace("\n", '<br />', print_r($res, true));
$o .= '</pre>';
}
return $o;
}
function contact_select($selname, $selclass, $preselected = false, $size = 4, $privmail = false)
{
global $a;
$o = '';
// When used for private messages, we limit correspondence to mutual friends and the selector
// to one recipient. By default our selector allows multiple selects amongst all contacts.
if ($privmail) {
$sql_extra = sprintf(" AND `rel` = %d ", intval(DIRECTION_BOTH));
$o .= "<select name=\"{$selname}\" class=\"{$selclass}\" size=\"{$size}\" />\r\n";
} else {
$sql_extra = '';
$o .= "<select name=\"{$selname}[]\" class=\"{$selclass}\" multiple=\"multiple\" size=\"{$size}\" />\r\n";
}
// ignore readonly contacts when operating in celebrity mode -
// the selector HTML could grow quite large and affect a lot of pages
if (x($a->config, 'rockstar')) {
$sql_extra .= " AND `readonly` = 0 ";
}
$r = q("SELECT `id`, `name`, `url` FROM `contact` \n\t\tWHERE `self` = 0 AND `blocked` = 0 AND `pending` = 0 \n\t\t{$sql_extra} ORDER BY `name` ASC ");
if (count($r)) {
foreach ($r as $rr) {
if (is_array($preselected) && in_array($rr['id'], $preselected)) {
$selected = " selected=\"selected\" ";
} else {
$selected = '';
}
$o .= "<option value=\"{$rr['id']}\" {$selected} title=\"{$rr['url']}\" >{$rr['name']}</option>\r\n";
}
}
$o .= "</select>\r\n";
return $o;
}
function probe_content(&$a)
{
$o .= '<h3>Probe Diagnostic</h3>';
$o .= '<form action="probe" method="get">';
$o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] . '" />';
$o .= '<input type="submit" name="submit" value="Submit" /></form>';
$o .= '<br /><br />';
if (x($_GET, 'addr')) {
$channel = $a->get_channel();
$addr = trim($_GET['addr']);
$res = zot_finger($addr, $channel, false);
$o .= '<pre>';
if ($res['success']) {
$j = json_decode($res['body'], true);
} else {
$o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n");
$o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n";
$res = zot_finger($addr, $channel, true);
if ($res['success']) {
$j = json_decode($res['body'], true);
} else {
$o .= sprintf(t('Fetching URL returns error: %1$s'), $res['error'] . "\r\n\r\n");
}
}
if ($j && $j['permissions'] && $j['permissions']['iv']) {
$j['permissions'] = json_decode(crypto_unencapsulate($j['permissions'], $channel['channel_prvkey']), true);
}
$o .= str_replace("\n", '<br />', print_r($j, true));
$o .= '</pre>';
}
return $o;
}
function notifications_content(&$a)
{
if (!local_user()) {
notice(t('Permission denied') . EOL);
goaway($a->get_baseurl());
}
$o = '';
if ($a->argc > 1 && $a->argv[1] == 'all') {
$sql_extra = '';
} else {
$sql_extra = " AND `ignore` = 0 ";
}
$tpl = file_get_contents('view/intros-top.tpl');
$o .= replace_macros($tpl, array('$hide_url' => strlen($sql_extra) ? 'notifications/all' : 'notifications', '$hide_text' => strlen($sql_extra) ? t('Show Ignored Requests') : t('Hide Ignored Requests')));
$r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.* \n\t\tFROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`\n\t\tWHERE `intro`.`blocked` = 0 {$sql_extra} ");
if ($r !== false && count($r)) {
$tpl = file_get_contents("view/intros.tpl");
foreach ($r as $rr) {
$o .= replace_macros($tpl, array('$intro_id' => $rr['intro-id'], '$dfrn-id' => $rr['issued-id'], '$uid' => $_SESSION['uid'], '$contact-id' => $rr['contact-id'], '$photo' => x($rr, 'photo') ? $rr['photo'] : "images/default-profile.jpg", '$fullname' => $rr['name'], '$knowyou' => $rr['knowyou'] ? t('yes') : t('no'), '$url' => $rr['url'], '$note' => $rr['note']));
}
} else {
notice(t('No notifications.') . EOL);
}
return $o;
}
/**
*
* @param object &$a
*/
function filestorage_post(&$a)
{
$channel_id = x($_POST, 'uid') ? intval($_POST['uid']) : 0;
if (!$channel_id || !local_channel() || $channel_id != local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$recurse = x($_POST, 'recurse') ? intval($_POST['recurse']) : 0;
$resource = x($_POST, 'filehash') ? notags($_POST['filehash']) : '';
$notify = x($_POST, 'notify') ? intval($_POST['notify']) : 0;
if (!$resource) {
notice(t('Item not found.') . EOL);
return;
}
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
$channel = $a->get_channel();
$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
//get the object before permissions change so we can catch eventual former allowed members
$object = get_file_activity_object($channel_id, $resource, $cloudPath);
attach_change_permissions($channel_id, $resource, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, $recurse);
file_activity($channel_id, $object, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny, 'post', $notify);
goaway($cloudPath);
}
function &foo()
{
$x = 2;
$z = x();
$y =& ${$z};
return $y;
}
function suggest_init(&$a)
{
if (!local_user()) {
return;
}
if (x($_GET, 'ignore') && intval($_GET['ignore'])) {
// Check if we should do HTML-based delete confirmation
if ($_REQUEST['confirm']) {
// <form> can't take arguments in its "action" parameter
// so add any arguments as hidden inputs
$query = explode_querystring($a->query_string);
$inputs = array();
foreach ($query['args'] as $arg) {
if (strpos($arg, 'confirm=') === false) {
$arg_parts = explode('=', $arg);
$inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
}
}
$a->page['content'] = replace_macros(get_markup_template('confirm.tpl'), array('$method' => 'get', '$message' => t('Do you really want to delete this suggestion?'), '$extra_inputs' => $inputs, '$confirm' => t('Yes'), '$confirm_url' => $query['base'], '$confirm_name' => 'confirmed', '$cancel' => t('Cancel')));
$a->error = 1;
// Set $a->error so the other module functions don't execute
return;
}
// Now check how the user responded to the confirmation query
if (!$_REQUEST['canceled']) {
q("INSERT INTO `gcign` ( `uid`, `gcid` ) VALUES ( %d, %d ) ", intval(local_user()), intval($_GET['ignore']));
}
}
}
function starred_init(&$a)
{
$starred = 0;
if (!local_user()) {
killme();
}
if ($a->argc > 1) {
$message_id = intval($a->argv[1]);
}
if (!$message_id) {
killme();
}
$r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id));
if (!count($r)) {
killme();
}
if (!intval($r[0]['starred'])) {
$starred = 1;
}
$r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", intval($starred), intval(local_user()), intval($message_id));
// See if we've been passed a return path to redirect to
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
if ($return_path) {
$rand = '_=' . time();
if (strpos($return_path, '?')) {
$rand = "&{$rand}";
} else {
$rand = "?{$rand}";
}
goaway($a->get_baseurl() . "/" . $return_path . $rand);
}
// the json doesn't really matter, it will either be 0 or 1
echo json_encode($starred);
killme();
}
function langfilter_addon_settings_post(&$a, &$b)
{
if (!local_user()) {
return;
}
if ($_POST['langfilter-settings-submit']) {
set_pconfig(local_user(), 'langfilter', 'languages', trim($_POST['langfilter_languages']));
$enable = x($_POST, 'langfilter_enable') ? intval($_POST['langfilter_enable']) : 0;
$disable = 1 - $enable;
set_pconfig(local_user(), 'langfilter', 'disable', $disable);
$minconfidence = 0 + $_POST['langfilter_minconfidence'];
if (!$minconfidence) {
$minconfidence = 0;
} else {
if ($minconfidence < 0) {
$minconfidence = 0;
} else {
if ($minconfidence > 100) {
$minconfidence = 100;
}
}
}
set_pconfig(local_user(), 'langfilter', 'minconfidence', $minconfidence / 100.0);
info(t('Language Filter Settings saved.') . EOL);
}
}
function __construct()
{
$this->config = array();
$this->page = array();
$this->pager = array();
$this->scheme = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? 'https' : 'http';
$this->hostname = str_replace('www.', '', $_SERVER['SERVER_NAME']);
set_include_path("include/{$this->hostname}" . PATH_SEPARATOR . 'include' . PATH_SEPARATOR . '.');
if (substr($_SERVER['QUERY_STRING'], 0, 2) == "q=") {
$_SERVER['QUERY_STRING'] = substr($_SERVER['QUERY_STRING'], 2);
}
$this->cmd = trim($_GET['q'], '/');
$this->argv = explode('/', $this->cmd);
$this->argc = count($this->argv);
if (array_key_exists('0', $this->argv) && strlen($this->argv[0])) {
$this->module = $this->argv[0];
} else {
$this->module = 'home';
}
if ($this->cmd == '.well-known/host-meta') {
require_once 'include/hostxrd.php';
}
$this->pager['page'] = x($_GET, 'page') ? $_GET['page'] : 1;
$this->pager['itemspage'] = 50;
$this->pager['start'] = $this->pager['page'] * $this->pager['itemspage'] - $this->pager['itemspage'];
$this->pager['total'] = 0;
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash));
if (!count($r)) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset')));
return $o;
}
}
function dwpost_post_local(&$a, &$b)
{
// This can probably be changed to allow editing by pointing to a different API endpoint
if ($b['edit']) {
return;
}
if (!local_channel() || local_channel() != $b['uid']) {
return;
}
if ($b['item_private'] || $b['parent']) {
return;
}
logger('Dreamwidth xpost invoked');
$dw_post = intval(get_pconfig(local_channel(), 'dwpost', 'post'));
$dw_enable = $dw_post && x($_REQUEST, 'dwpost_enable') ? intval($_REQUEST['dwpost_enable']) : 0;
if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'dwpost', 'post_by_default'))) {
$dw_enable = 1;
}
if (!$dw_enable) {
return;
}
if (strlen($b['postopts'])) {
$b['postopts'] .= ',';
}
$b['postopts'] .= 'dwpost';
}
function post()
{
if (!local_channel()) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$tag = x($_POST, 'tag') ? trim($_POST['tag']) : '';
$item = x($_POST, 'item') ? intval($_POST['item']) : 0;
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
$item = $r[0];
$new_tags = array();
if ($item['term']) {
for ($x = 0; $x < count($item['term']); $x++) {
if ($item['term'][$x]['term'] !== hex2bin($tag)) {
$new_tags[] = $item['term'][$x];
}
}
}
if ($new_tags) {
$item['term'] = $new_tags;
} else {
unset($item['term']);
}
item_store_update($item);
info(t('Tag removed') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
function nofed_post_local(&$a, &$b)
{
if ($b['created'] != $b['edited']) {
return;
}
if ($b['mid'] !== $b['parent_mid']) {
return;
}
if (local_channel() && local_channel() == $b['uid']) {
if ($b['allow_cid'] || $b['allow_gid'] || $b['deny_cid'] || $b['deny_gid']) {
return;
}
$nofed_post = get_pconfig(local_channel(), 'nofed', 'post');
if (!$nofed_post) {
return;
}
$nofed_enable = $nofed_post && x($_REQUEST, 'nofed_enable') ? intval($_REQUEST['nofed_enable']) : 0;
// if API is used, default to the chosen settings
if ($_REQUEST['api_source'] && intval(get_pconfig(local_channel(), 'nofed', 'post_by_default'))) {
$nofed_enable = 1;
}
if ($nofed_enable) {
return;
}
if (strlen($b['postopts'])) {
$b['postopts'] .= ',';
}
$b['postopts'] .= 'nodeliver';
}
}
function feed_init(&$a)
{
$params = array();
$params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE;
$params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : '';
$params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml';
$params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0;
$params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0;
$params['start'] = x($params, 'start') ? intval($params['start']) : 0;
$params['records'] = x($params, 'records') ? intval($params['records']) : 40;
$params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc';
$params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : '';
$channel = '';
if (argc() > 1) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1)));
if (!($r && count($r))) {
killme();
}
$channel = $r[0];
if (intval(get_config('system', 'block_public')) && !get_account_id()) {
killme();
}
logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
echo get_public_feed($channel, $params);
killme();
}
}
