function update_thread_uri($itemuri, $uid)
{
$messages = q("SELECT `id` FROM `item` WHERE uri ='%s' AND uid=%d", dbesc($itemuri), intval($uid));
if (count($messages)) {
foreach ($messages as $message) {
update_thread($message["id"]);
}
}
}
function starred_init(&$a)
{
require_once "include/threads.php";
$starred = 0;
if (!local_user()) {
killme();
}
if ($a->argc > 1) {
$message_id = intval($a->argv[1]);
}
if (!$message_id) {
killme();
}
$r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id));
if (!count($r)) {
killme();
}
if (!intval($r[0]['starred'])) {
$starred = 1;
}
$r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d", intval($starred), intval(local_user()), intval($message_id));
update_thread($message_id);
// See if we've been passed a return path to redirect to
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
if ($return_path) {
$rand = '_=' . time();
if (strpos($return_path, '?')) {
$rand = "&{$rand}";
} else {
$rand = "?{$rand}";
}
goaway($a->get_baseurl() . "/" . $return_path . $rand);
}
// the json doesn't really matter, it will either be 0 or 1
echo json_encode($starred);
killme();
}
function diaspora_photo($importer, $xml, $msg, $attempt = 1)
{
$a = get_app();
logger('diaspora_photo: init', LOGGER_DEBUG);
$remote_photo_path = notags(unxmlify($xml->remote_photo_path));
$remote_photo_name = notags(unxmlify($xml->remote_photo_name));
$status_message_guid = notags(unxmlify($xml->status_message_guid));
$guid = notags(unxmlify($xml->guid));
$diaspora_handle = notags(unxmlify($xml->diaspora_handle));
$public = notags(unxmlify($xml->public));
$created_at = notags(unxmlify($xml_created_at));
logger('diaspora_photo: status_message_guid: ' . $status_message_guid, LOGGER_DEBUG);
$contact = diaspora_get_contact_by_handle($importer['uid'], $msg['author']);
if (!$contact) {
logger('diaspora_photo: contact record not found: ' . $msg['author'] . ' handle: ' . $diaspora_handle);
return;
}
if (!diaspora_post_allow($importer, $contact, false)) {
logger('diaspora_photo: Ignoring this author.');
return 202;
}
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), dbesc($status_message_guid));
/* deactivated by now since it can lead to multiplicated pictures in posts.
if(!count($r)) {
$result = diaspora_store_by_guid($status_message_guid, $contact['url'], $importer['uid']);
if (!$result) {
$person = find_diaspora_person_by_handle($diaspora_handle);
$result = diaspora_store_by_guid($status_message_guid, $person['url'], $importer['uid']);
}
if ($result) {
logger("Fetched missing item ".$status_message_guid." - result: ".$result, LOGGER_DEBUG);
$r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1",
intval($importer['uid']),
dbesc($status_message_guid)
);
}
}
*/
if (!count($r)) {
if ($attempt <= 3) {
q("INSERT INTO dsprphotoq (uid, msg, attempt) VALUES (%d, '%s', %d)", intval($importer['uid']), dbesc(serialize($msg)), intval($attempt + 1));
}
logger('diaspora_photo: attempt = ' . $attempt . '; status message not found: ' . $status_message_guid . ' for photo: ' . $guid);
return;
}
$parent_item = $r[0];
$link_text = '[img]' . $remote_photo_path . $remote_photo_name . '[/img]' . "\n";
$link_text = scale_external_images($link_text, true, array($remote_photo_name, 'scaled_full_' . $remote_photo_name));
if (strpos($parent_item['body'], $link_text) === false) {
$r = q("UPDATE `item` SET `body` = '%s', `visible` = 1 WHERE `id` = %d AND `uid` = %d", dbesc($link_text . $parent_item['body']), intval($parent_item['id']), intval($parent_item['uid']));
update_thread($parent_item['id']);
}
return;
}
/**
* look for mention tags and setup a second delivery chain for forum/community posts if appropriate
* @param int $uid
* @param int $item_id
* @return bool true if item was deleted, else false
*/
function tag_deliver($uid, $item_id)
{
//
$a = get_app();
$mention = false;
$u = q("select * from user where uid = %d limit 1", intval($uid));
if (!count($u)) {
return;
}
$community_page = $u[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
$prvgroup = $u[0]['page-flags'] == PAGE_PRVGROUP ? true : false;
$i = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($uid));
if (!count($i)) {
return;
}
$item = $i[0];
$link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
// Diaspora uses their own hardwired link URL in @-tags
// instead of the one we supply with webfinger
$dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
$cnt = preg_match_all('/[\\@\\!]\\[url\\=(.*?)\\](.*?)\\[\\/url\\]/ism', $item['body'], $matches, PREG_SET_ORDER);
if ($cnt) {
foreach ($matches as $mtch) {
if (link_compare($link, $mtch[1]) || link_compare($dlink, $mtch[1])) {
$mention = true;
logger('tag_deliver: mention found: ' . $mtch[2]);
}
}
}
if (!$mention) {
if (($community_page || $prvgroup) && !$item['wall'] && !$item['origin'] && $item['id'] == $item['parent']) {
// mmh.. no mention.. community page or private group... no wall.. no origin.. top-post (not a comment)
// delete it!
logger("tag_deliver: no-mention top-level post to communuty or private group. delete.");
q("DELETE FROM item WHERE id = %d and uid = %d", intval($item_id), intval($uid));
return true;
}
return;
}
// send a notification
// use a local photo if we have one
$r = q("select * from contact where uid = %d and nurl = '%s' limit 1", intval($u[0]['uid']), dbesc(normalise_link($item['author-link'])));
$photo = $r && count($r) ? $r[0]['thumb'] : $item['author-avatar'];
require_once 'include/enotify.php';
notification(array('type' => NOTIFY_TAGSELF, 'notify_flags' => $u[0]['notify-flags'], 'language' => $u[0]['language'], 'to_name' => $u[0]['username'], 'to_email' => $u[0]['email'], 'uid' => $u[0]['uid'], 'item' => $item, 'link' => $a->get_baseurl() . '/display/' . urlencode(get_item_guid($item['id'])), 'source_name' => $item['author-name'], 'source_link' => $item['author-link'], 'source_photo' => $photo, 'verb' => ACTIVITY_TAG, 'otype' => 'item', 'parent' => $item['parent']));
$arr = array('item' => $item, 'user' => $u[0], 'contact' => $r[0]);
call_hooks('tagged', $arr);
if (!$community_page && !$prvgroup) {
return;
}
// tgroup delivery - setup a second delivery chain
// prevent delivery looping - only proceed
// if the message originated elsewhere and is a top-level post
if ($item['wall'] || $item['origin'] || $item['id'] != $item['parent']) {
return;
}
// now change this copy of the post to a forum head message and deliver to all the tgroup members
$c = q("select name, url, thumb from contact where self = 1 and uid = %d limit 1", intval($u[0]['uid']));
if (!count($c)) {
return;
}
// also reset all the privacy bits to the forum default permissions
$private = $u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid'] ? 1 : 0;
$forum_mode = $prvgroup ? 2 : 1;
q("update item set wall = 1, origin = 1, forum_mode = %d, `owner-name` = '%s', `owner-link` = '%s', `owner-avatar` = '%s',\n\t\t`private` = %d, `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' where id = %d", intval($forum_mode), dbesc($c[0]['name']), dbesc($c[0]['url']), dbesc($c[0]['thumb']), intval($private), dbesc($u[0]['allow_cid']), dbesc($u[0]['allow_gid']), dbesc($u[0]['deny_cid']), dbesc($u[0]['deny_gid']), intval($item_id));
update_thread($item_id);
proc_run('php', 'include/notifier.php', 'tgroup', $item_id);
}
function item_post(&$a)
{
if (!local_user() && !remote_user() && !x($_REQUEST, 'commenter')) {
return;
}
require_once 'include/security.php';
$uid = local_user();
if (x($_REQUEST, 'dropitems')) {
$arr_drop = explode(',', $_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postinput ' . file_get_contents('php://input'));
logger('postvars ' . print_r($_REQUEST, true), LOGGER_DATA);
$api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false;
$message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : '';
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
$preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0;
// Check for doubly-submitted posts, and reject duplicates
// Note that we have to ignore previews, otherwise nothing will post
// after it's been previewed
if (!$preview && x($_REQUEST['post_id_random'])) {
if (x($_SESSION['post-random']) && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
logger("item post: duplicate post", LOGGER_DEBUG);
item_post_return($a->get_baseurl(), $api_source, $return_path);
} else {
$_SESSION['post-random'] = $_REQUEST['post_id_random'];
}
}
/**
* Is this a reply to something?
*/
$parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0;
$parent_uri = x($_REQUEST, 'parent_uri') ? trim($_REQUEST['parent_uri']) : '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
$objecttype = null;
if ($parent || $parent_uri) {
$objecttype = ACTIVITY_OBJ_COMMENT;
if (!x($_REQUEST, 'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent));
} elseif ($parent_uri && local_user()) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_uri), intval(local_user()));
}
// if this isn't the real parent of the conversation, find it
if ($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_uri = $r[0]['uri'];
if ($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid));
}
}
if ($r === false || !count($r)) {
notice(t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
//if(($parid) && ($parid != $parent))
$thr_parent = $parent_uri;
if ($parent_item['contact-id'] && $uid) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($parent_item['contact-id']), intval($uid));
if (count($r)) {
$parent_contact = $r[0];
// If the contact id doesn't fit with the contact, then set the contact to null
$thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent));
if (count($thrparent) and $thrparent[0]["network"] === NETWORK_OSTATUS and normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"])) {
$parent_contact = null;
require_once "include/Scrape.php";
$probed_contact = probe_url($thrparent[0]["author-link"]);
if ($probed_contact["network"] != NETWORK_FEED) {
$parent_contact = $probed_contact;
$parent_contact["nurl"] = normalise_link($probed_contact["url"]);
$parent_contact["thumb"] = $probed_contact["photo"];
$parent_contact["micro"] = $probed_contact["photo"];
}
logger('parent contact: ' . print_r($parent_contact, true), LOGGER_DEBUG);
} else {
logger('no contact found: ' . print_r($thrparent, true), LOGGER_DEBUG);
}
}
}
}
if ($parent) {
logger('mod_item: item_post parent=' . $parent);
}
$profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0;
$post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0;
$app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : '';
$extid = x($_REQUEST, 'extid') ? strip_tags($_REQUEST['extid']) : '';
$allow_moderated = false;
// here is where we are going to check for permission to post a moderated comment.
// First check that the parent exists and it is a wall item.
if (x($_REQUEST, 'commenter') && (!$parent || !$parent_item['wall'])) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// Now check that it is a page_type of PAGE_BLOG, and that valid personal details
// have been provided, and run any anti-spam plugins
// TODO
if (!can_write_wall($a, $profile_uid) && !$allow_moderated) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
// is this an edited post?
$orig_post = null;
if ($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id));
if (!count($i)) {
killme();
}
$orig_post = $i[0];
}
$user = null;
$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($profile_uid));
if (count($r)) {
$user = $r[0];
}
if ($orig_post) {
$str_group_allow = $orig_post['allow_gid'];
$str_contact_allow = $orig_post['allow_cid'];
$str_group_deny = $orig_post['deny_gid'];
$str_contact_deny = $orig_post['deny_cid'];
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$objecttype = $orig_post['object-type'];
$emailcc = $orig_post['emailcc'];
$app = $orig_post['app'];
$categories = $orig_post['file'];
$title = notags(trim($_REQUEST['title']));
$body = escape_tags(trim($_REQUEST['body']));
$private = $orig_post['private'];
$pubmail_enable = $orig_post['pubmail'];
$network = $orig_post['network'];
$guid = $orig_post['guid'];
$extid = $orig_post['extid'];
} else {
// if coming from the API and no privacy settings are set,
// use the user default permissions - as they won't have
// been supplied via a form.
if ($api_source && !array_key_exists('contact_allow', $_REQUEST) && !array_key_exists('group_allow', $_REQUEST) && !array_key_exists('contact_deny', $_REQUEST) && !array_key_exists('group_deny', $_REQUEST)) {
$str_group_allow = $user['allow_gid'];
$str_contact_allow = $user['allow_cid'];
$str_group_deny = $user['deny_gid'];
$str_contact_deny = $user['deny_cid'];
} else {
// use the posted permissions
$str_group_allow = perms2str($_REQUEST['group_allow']);
$str_contact_allow = perms2str($_REQUEST['contact_allow']);
$str_group_deny = perms2str($_REQUEST['group_deny']);
$str_contact_deny = perms2str($_REQUEST['contact_deny']);
}
$title = notags(trim($_REQUEST['title']));
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$emailcc = notags(trim($_REQUEST['emailcc']));
$body = escape_tags(trim($_REQUEST['body']));
$network = notags(trim($_REQUEST['network']));
$guid = get_guid(32);
$naked_body = preg_replace('/\\[(.+?)\\]/', '', $body);
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
$l = new Text_LanguageDetect();
//$lng = $l->detectConfidence($naked_body);
//$postopts = (($lng['language']) ? 'lang=' . $lng['language'] . ';' . $lng['confidence'] : '');
$lng = $l->detect($naked_body, 3);
if (sizeof($lng) > 0) {
$postopts = "";
foreach ($lng as $language => $score) {
if ($postopts == "") {
$postopts = "lang=";
} else {
$postopts .= ":";
}
$postopts .= $language . ";" . $score;
}
}
logger('mod_item: detect language' . print_r($lng, true) . $naked_body, LOGGER_DATA);
} else {
$postopts = '';
}
$private = strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny) ? 1 : 0;
if ($user['hidewall']) {
$private = 2;
}
// If this is a comment, set the permissions from the parent.
if ($parent_item) {
$private = 0;
// for non native networks use the network of the original post as network of the item
if ($parent_item['network'] != NETWORK_DIASPORA and $parent_item['network'] != NETWORK_OSTATUS and $network == "") {
$network = $parent_item['network'];
}
if ($parent_item['private'] || strlen($parent_item['allow_cid']) || strlen($parent_item['allow_gid']) || strlen($parent_item['deny_cid']) || strlen($parent_item['deny_gid'])) {
$private = $parent_item['private'] ? $parent_item['private'] : 1;
}
$str_contact_allow = $parent_item['allow_cid'];
$str_group_allow = $parent_item['allow_gid'];
$str_contact_deny = $parent_item['deny_cid'];
$str_group_deny = $parent_item['deny_gid'];
}
$pubmail_enable = x($_REQUEST, 'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && !$private ? 1 : 0;
// if using the API, we won't see pubmail_enable - figure out if it should be set
if ($api_source && $profile_uid && $profile_uid == local_user() && !$private) {
$mail_disabled = function_exists('imap_open') && !get_config('system', 'imap_disabled') ? 0 : 1;
if (!$mail_disabled) {
$r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1", intval(local_user()));
if (count($r) && intval($r[0]['pubmail'])) {
$pubmail_enabled = true;
}
}
}
if (!strlen($body)) {
if ($preview) {
killme();
}
info(t('Empty post discarded.') . EOL);
if (x($_REQUEST, 'return')) {
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
}
}
if (strlen($categories)) {
// get the "fileas" tags for this post
$filedas = file_tag_file_to_list($categories, 'file');
}
// save old and new categories, so we can determine what needs to be deleted from pconfig
$categories_old = $categories;
$categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
$categories_new = $categories;
if (strlen($filedas)) {
// append the fileas stuff to the new categories list
$categories .= file_tag_list_to_file($filedas, 'file');
}
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
/* $plaintext = (local_user() ? intval(get_pconfig(local_user(),'system','plaintext')) || !feature_enabled($profile_uid,'richtext') : 0);
if((! $parent) && (! $api_source) && (! $plaintext)) {
$body = fix_mce_lf($body);
}*/
$plaintext = local_user() ? !feature_enabled($profile_uid, 'richtext') : 0;
if (!$parent && !$api_source && !$plaintext) {
$body = fix_mce_lf($body);
}
// get contact info for poster
$author = null;
$self = false;
$contact_id = 0;
if (local_user() && local_user() == $profile_uid) {
$self = true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid']));
} elseif (remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id));
}
}
if (count($r)) {
$author = $r[0];
$contact_id = $author['id'];
}
// get contact info for owner
if ($profile_uid == local_user()) {
$contact_record = $author;
} else {
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($profile_uid));
if (count($r)) {
$contact_record = $r[0];
}
}
$post_type = notags(trim($_REQUEST['type']));
if ($post_type === 'net-comment') {
if ($parent_item !== null) {
if ($parent_item['wall'] == 1) {
$post_type = 'wall-comment';
} else {
$post_type = 'remote-comment';
}
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded messages that are in the
* post and set them to the same permissions as the post itself.
*
*/
$match = null;
if (!$preview && preg_match_all("/\\[img([\\=0-9x]*?)\\](.*?)\\[\\/img\\]/", $body, $match)) {
$images = $match[2];
if (count($images)) {
$objecttype = ACTIVITY_OBJ_IMAGE;
foreach ($images as $image) {
if (!stristr($image, $a->get_baseurl() . '/photo/')) {
continue;
}
$image_uri = substr($image, strrpos($image, '/') + 1);
$image_uri = substr($image_uri, 0, strpos($image_uri, '-'));
if (!strlen($image_uri)) {
continue;
}
$srch = '<' . intval($contact_id) . '>';
$r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''\n\t\t\t\t\tAND `resource-id` = '%s' AND `uid` = %d LIMIT 1", dbesc($srch), dbesc($image_uri), intval($profile_uid));
if (!count($r)) {
continue;
}
$r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\tWHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), dbesc($image_uri), intval($profile_uid), dbesc(t('Wall Photos')));
}
}
}
/**
* Next link in any attachment references we find in the post.
*/
$match = false;
if (!$preview && preg_match_all("/\\[attachment\\](.*?)\\[\\/attachment\\]/", $body, $match)) {
$attaches = $match[1];
if (count($attaches)) {
foreach ($attaches as $attach) {
$r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($attach));
if (count($r)) {
$r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'\n\t\t\t\t\t\tWHERE `uid` = %d AND `id` = %d", dbesc($str_contact_allow), dbesc($str_group_allow), dbesc($str_contact_deny), dbesc($str_group_deny), intval($profile_uid), intval($attach));
}
}
}
}
// embedded bookmark in post? set bookmark flag
$bookmark = 0;
if (preg_match_all("/\\[bookmark\\=([^\\]]*)\\](.*?)\\[\\/bookmark\\]/ism", $body, $match, PREG_SET_ORDER)) {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
$bookmark = 1;
}
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body);
$body = scale_external_images($body, false);
// Setting the object type if not defined before
if (!$objecttype) {
$objecttype = ACTIVITY_OBJ_NOTE;
// Default value
require_once "include/plaintext.php";
$objectdata = get_attached_data($body);
if ($post["type"] == "link") {
$objecttype = ACTIVITY_OBJ_BOOKMARK;
} elseif ($post["type"] == "video") {
$objecttype = ACTIVITY_OBJ_VIDEO;
} elseif ($post["type"] == "photo") {
$objecttype = ACTIVITY_OBJ_IMAGE;
}
}
/**
* Look for any tags and linkify them
*/
$str_tags = '';
$inform = '';
$tags = get_tags($body);
/**
* add a statusnet style reply tag if the original post was from there
* and we are replying, and there isn't one already
*/
if ($parent_contact && $parent_contact['network'] === NETWORK_OSTATUS && $parent_contact['nick'] && !in_array('@' . $parent_contact['nick'], $tags)) {
$body = '@' . $parent_contact['nick'] . ' ' . $body;
$tags[] = '@' . $parent_contact['nick'];
}
$tagged = array();
$private_forum = false;
if (count($tags)) {
foreach ($tags as $tag) {
if (strpos($tag, '#') === 0) {
continue;
}
// If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
// Robert Johnson should be first in the $tags array
$fullnametagged = false;
for ($x = 0; $x < count($tagged); $x++) {
if (stristr($tagged[$x], $tag . ' ')) {
$fullnametagged = true;
break;
}
}
if ($fullnametagged) {
continue;
}
$success = handle_tag($a, $body, $inform, $str_tags, local_user() ? local_user() : $profile_uid, $tag, $network);
if ($success['replaced']) {
$tagged[] = $tag;
}
if (is_array($success['contact']) && intval($success['contact']['prv'])) {
$private_forum = true;
$private_id = $success['contact']['id'];
}
}
}
if ($private_forum && !$parent && !$private) {
// we tagged a private forum in a top level post and the message was public.
// Restrict it.
$private = 1;
$str_contact_allow = '<' . $private_id . '>';
}
$attachments = '';
$match = false;
if (preg_match_all('/(\\[attachment\\]([0-9]+)\\[\\/attachment\\])/', $body, $match)) {
foreach ($match[2] as $mtch) {
$r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($mtch));
if (count($r)) {
if (strlen($attachments)) {
$attachments .= ',';
}
$attachments .= '[attach]href="' . $a->get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . ($r[0]['filename'] ? $r[0]['filename'] : '') . '"[/attach]';
}
$body = str_replace($match[1], '', $body);
}
}
$wall = 0;
if ($post_type === 'wall' || $post_type === 'wall-comment') {
$wall = 1;
}
if (!strlen($verb)) {
$verb = ACTIVITY_POST;
}
if ($network == "") {
$network = NETWORK_DFRN;
}
$gravity = $parent ? 6 : 0;
// even if the post arrived via API we are considering that it
// originated on this site by default for determining relayability.
$origin = x($_REQUEST, 'origin') ? intval($_REQUEST['origin']) : 1;
$notify_type = $parent ? 'comment-new' : 'wall-new';
$uri = $message_id ? $message_id : item_new_uri($a->get_hostname(), $profile_uid);
// Fallback so that we alway have a thr-parent
if (!$thr_parent) {
$thr_parent = $uri;
}
$datarray = array();
$datarray['uid'] = $profile_uid;
$datarray['type'] = $post_type;
$datarray['wall'] = $wall;
$datarray['gravity'] = $gravity;
$datarray['network'] = $network;
$datarray['contact-id'] = $contact_id;
$datarray['owner-name'] = $contact_record['name'];
$datarray['owner-link'] = $contact_record['url'];
$datarray['owner-avatar'] = $contact_record['thumb'];
$datarray['author-name'] = $author['name'];
$datarray['author-link'] = $author['url'];
$datarray['author-avatar'] = $author['thumb'];
$datarray['created'] = datetime_convert();
$datarray['edited'] = datetime_convert();
$datarray['commented'] = datetime_convert();
$datarray['received'] = datetime_convert();
$datarray['changed'] = datetime_convert();
$datarray['extid'] = $extid;
$datarray['guid'] = $guid;
$datarray['uri'] = $uri;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['tag'] = $str_tags;
$datarray['file'] = $categories;
$datarray['inform'] = $inform;
$datarray['verb'] = $verb;
$datarray['object-type'] = $objecttype;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['private'] = $private;
$datarray['pubmail'] = $pubmail_enable;
$datarray['attach'] = $attachments;
$datarray['bookmark'] = intval($bookmark);
$datarray['thr-parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['origin'] = $origin;
$datarray['moderated'] = $allow_moderated;
/**
* These fields are for the convenience of plugins...
* 'self' if true indicates the owner is posting on their own wall
* If parent is 0 it is a top-level post.
*/
$datarray['parent'] = $parent;
$datarray['self'] = $self;
// $datarray['prvnets'] = $user['prvnets'];
if ($orig_post) {
$datarray['edit'] = true;
}
// Search for hashtags
item_body_set_hashtags($datarray);
// preview mode - prepare the body for display and send it via json
if ($preview) {
require_once 'include/conversation.php';
$o = conversation($a, array(array_merge($contact_record, $datarray)), 'search', false, true);
logger('preview: ' . $o);
echo json_encode(array('preview' => $o));
killme();
}
call_hooks('post_local', $datarray);
if (x($datarray, 'cancel')) {
logger('mod_item: post cancelled by plugin.');
if ($return_path) {
goaway($a->get_baseurl() . "/" . $return_path);
}
$json = array('cancel' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = $a->get_baseurl() . '/' . $_REQUEST['jsreload'];
}
echo json_encode($json);
killme();
}
// Fill the cache field
put_item_in_cache($datarray);
if ($orig_post) {
$r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `rendered-html` = '%s', `rendered-hash` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['tag']), dbesc($datarray['attach']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash']), dbesc(datetime_convert()), dbesc(datetime_convert()), intval($post_id), intval($profile_uid));
create_tags_from_item($post_id);
create_files_from_item($post_id);
update_thread($post_id);
// update filetags in pconfig
file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category');
proc_run('php', "include/notifier.php", 'edit_post', "{$post_id}");
if (x($_REQUEST, 'return') && strlen($return_path)) {
logger('return: ' . $return_path);
goaway($a->get_baseurl() . "/" . $return_path);
}
killme();
} else {
$post_id = 0;
}
$r = q("INSERT INTO `item` (`guid`, `extid`, `uid`,`type`,`wall`,`gravity`, `network`, `contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `author-name`, `author-link`, `author-avatar`,\n\t\t`created`, `edited`, `commented`, `received`, `changed`, `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`, `tag`, `inform`, `verb`, `object-type`, `postopts`,\n\t\t`allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`, `pubmail`, `attach`, `bookmark`,`origin`, `moderated`, `file`, `rendered-html`, `rendered-hash`)\n\t\tVALUES( '%s', '%s', %d, '%s', %d, %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s')", dbesc($datarray['guid']), dbesc($datarray['extid']), intval($datarray['uid']), dbesc($datarray['type']), intval($datarray['wall']), intval($datarray['gravity']), dbesc($datarray['network']), intval($datarray['contact-id']), dbesc($datarray['owner-name']), dbesc($datarray['owner-link']), dbesc($datarray['owner-avatar']), dbesc($datarray['author-name']), dbesc($datarray['author-link']), dbesc($datarray['author-avatar']), dbesc($datarray['created']), dbesc($datarray['edited']), dbesc($datarray['commented']), dbesc($datarray['received']), dbesc($datarray['changed']), dbesc($datarray['uri']), dbesc($datarray['thr-parent']), dbesc($datarray['title']), dbesc($datarray['body']), dbesc($datarray['app']), dbesc($datarray['location']), dbesc($datarray['coord']), dbesc($datarray['tag']), dbesc($datarray['inform']), dbesc($datarray['verb']), dbesc($datarray['object-type']), dbesc($datarray['postopts']), dbesc($datarray['allow_cid']), dbesc($datarray['allow_gid']), dbesc($datarray['deny_cid']), dbesc($datarray['deny_gid']), intval($datarray['private']), intval($datarray['pubmail']), dbesc($datarray['attach']), intval($datarray['bookmark']), intval($datarray['origin']), intval($datarray['moderated']), dbesc($datarray['file']), dbesc($datarray['rendered-html']), dbesc($datarray['rendered-hash']));
$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($datarray['uri']));
if (!count($r)) {
logger('mod_item: unable to retrieve post that was just stored.');
notice(t('System error. Post not saved.') . EOL);
goaway($a->get_baseurl() . "/" . $return_path);
// NOTREACHED
}
$post_id = $r[0]['id'];
logger('mod_item: saved item ' . $post_id);
$datarray["id"] = $post_id;
$datarray["plink"] = $a->get_baseurl() . '/display/' . urlencode($datarray["guid"]);
// update filetags in pconfig
file_tag_update_pconfig($uid, $categories_old, $categories_new, 'category');
if ($parent) {
// This item is the last leaf and gets the comment box, clear any ancestors
$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ", dbesc(datetime_convert()), intval($parent));
update_thread($parent, true);
// Inherit ACLs from the parent item.
$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d\n\t\t\tWHERE `id` = %d", dbesc($parent_item['allow_cid']), dbesc($parent_item['allow_gid']), dbesc($parent_item['deny_cid']), dbesc($parent_item['deny_gid']), intval($parent_item['private']), intval($post_id));
if ($contact_record != $author) {
notification(array('type' => NOTIFY_COMMENT, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_uri' => $parent_item['uri']));
}
// Store the comment signature information in case we need to relay to Diaspora
store_diaspora_comment_sig($datarray, $author, $self ? $a->user['prvkey'] : false, $parent_item, $post_id);
} else {
$parent = $post_id;
if ($contact_record != $author) {
notification(array('type' => NOTIFY_WALL, 'notify_flags' => $user['notify-flags'], 'language' => $user['language'], 'to_name' => $user['username'], 'to_email' => $user['email'], 'uid' => $user['uid'], 'item' => $datarray, 'link' => $a->get_baseurl() . '/display/' . urlencode($datarray['guid']), 'source_name' => $datarray['author-name'], 'source_link' => $datarray['author-link'], 'source_photo' => $datarray['author-avatar'], 'verb' => ACTIVITY_POST, 'otype' => 'item'));
}
}
// fallback so that parent always gets set to non-zero.
if (!$parent) {
$parent = $post_id;
}
$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `plink` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1\n\t\tWHERE `id` = %d", intval($parent), dbesc($parent == $post_id ? $uri : $parent_item['uri']), dbesc($a->get_baseurl() . '/display/' . urlencode($datarray['guid'])), dbesc(datetime_convert()), intval($post_id));
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if (!$parent_item['visible']) {
$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d", intval($parent_item['id']));
update_thread($parent_item['id']);
}
// update the commented timestamp on the parent
q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d", dbesc(datetime_convert()), dbesc(datetime_convert()), intval($parent));
if ($post_id != $parent) {
update_thread($parent);
}
call_hooks('post_local_end', $datarray);
if (strlen($emailcc) && $profile_uid == local_user()) {
$erecips = explode(',', $emailcc);
if (count($erecips)) {
foreach ($erecips as $recip) {
$addr = trim($recip);
if (!strlen($addr)) {
continue;
}
$disclaimer = '<hr />' . sprintf(t('This message was sent to you by %s, a member of the Friendica social network.'), $a->user['username']) . '<br />';
$disclaimer .= sprintf(t('You may visit them online at %s'), $a->get_baseurl() . '/profile/' . $a->user['nickname']) . EOL;
$disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL;
if (!$datarray['title'] == '') {
$subject = email_header_encode($datarray['title'], 'UTF-8');
} else {
$subject = email_header_encode('[Friendica]' . ' ' . sprintf(t('%s posted an update.'), $a->user['username']), 'UTF-8');
}
$link = '<a href="' . $a->get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
$html = prepare_body($datarray);
$message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
include_once 'include/html2plain.php';
$params = array('fromName' => $a->user['username'], 'fromEmail' => $a->user['email'], 'toEmail' => $addr, 'replyTo' => $a->user['email'], 'messageSubject' => $subject, 'htmlVersion' => $message, 'textVersion' => html2plain($html . $disclaimer));
Emailer::send($params);
}
}
}
create_tags_from_item($post_id);
create_files_from_item($post_id);
if ($post_id == $parent) {
add_thread($post_id);
}
// This is a real juggling act on shared hosting services which kill your processes
// e.g. dreamhost. We used to start delivery to our native delivery agents in the background
// and then run our plugin delivery from the foreground. We're now doing plugin delivery first,
// because as soon as you start loading up a bunch of remote delivey processes, *this* page is
// likely to get killed off. If you end up looking at an /item URL and a blank page,
// it's very likely the delivery got killed before all your friends could be notified.
// Currently the only realistic fixes are to use a reliable server - which precludes shared hosting,
// or cut back on plugins which do remote deliveries.
proc_run('php', "include/notifier.php", $notify_type, "{$post_id}");
logger('post_complete');
item_post_return($a->get_baseurl(), $api_source, $return_path);
// NOTREACHED
}
/**
* This function stores a reply in the forum_post table.
* It also updates the forum_threads table (thread_replies +1 , thread_last_post, thread_date)
* @param array $current_forum
* @param array $values
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function store_reply($current_forum, $values)
{
$_course = api_get_course_info();
$table_posts = Database::get_course_table(TABLE_FORUM_POST);
$post_date = api_get_utc_datetime();
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$visible = 0;
} else {
$visible = 1;
}
$upload_ok = 1;
$return = array();
if ($upload_ok) {
// We first store an entry in the forum_post table.
$new_post_id = Database::insert($table_posts, ['c_id' => api_get_course_int_id(), 'post_title' => $values['post_title'], 'post_text' => isset($values['post_text']) ? $values['post_text'] : null, 'thread_id' => $values['thread_id'], 'forum_id' => $values['forum_id'], 'poster_id' => api_get_user_id(), 'post_date' => $post_date, 'post_notification' => isset($values['post_notification']) ? $values['post_notification'] : null, 'post_parent_id' => isset($values['post_parent_id']) ? $values['post_parent_id'] : null, 'visible' => $visible]);
if ($new_post_id) {
$sql = "UPDATE {$table_posts} SET post_id = iid WHERE iid = {$new_post_id}";
Database::query($sql);
$values['new_post_id'] = $new_post_id;
$message = get_lang('ReplyAdded');
if (!empty($_POST['file_ids']) && is_array($_POST['file_ids'])) {
foreach ($_POST['file_ids'] as $key => $id) {
editAttachedFile(array('comment' => $_POST['file_comments'][$key], 'post_id' => $new_post_id), $id);
}
}
// Update the thread.
update_thread($values['thread_id'], $new_post_id, $post_date);
// Update the forum.
api_item_property_update($_course, TOOL_FORUM, $values['forum_id'], 'NewMessageInForum', api_get_user_id());
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$message .= '<br />' . get_lang('MessageHasToBeApproved') . '<br />';
}
// Setting the notification correctly.
$my_post_notification = isset($values['post_notification']) ? $values['post_notification'] : null;
if ($my_post_notification == 1) {
set_notification('thread', $values['thread_id'], true);
}
send_notification_mails($values['thread_id'], $values);
add_forum_attachment_file('', $new_post_id);
}
Session::erase('formelements');
Session::erase('origin');
Session::erase('breadcrumbs');
Session::erase('addedresource');
Session::erase('addedresourceid');
$return['msg'] = $message;
$return['type'] = 'confirmation';
} else {
$return['msg'] = get_lang('UplNoFileUploaded') . ' ' . get_lang('UplSelectFileFirst');
$return['type'] = 'error';
}
return $return;
}
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$phototypes = Photo::supportedTypes();
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
$contact_id = 0;
$owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
if (count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = $cid;
}
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
//
// dispatch request
//
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
continue;
}
$selected = $selname === $album['album'] ? ' selected="selected" ' : '';
$albumselect .= '<option value="' . $album['album'] . '"' . $selected . '>' . $album['album'] . '</option>';
}
}
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
$uploader = '';
$ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'], 'addon_text' => $uploader, 'default_upload' => true);
call_hooks('photo_upload_form', $ret);
$default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), array());
$default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), array('$submit' => t('Submit')));
$usage_message = '';
$limit = service_class_fetch($a->data['user']['uid'], 'photo_upload_limit');
if ($limit !== false) {
$r = q("select sum(datasize) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($a->data['user']['uid']));
$usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
}
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
// I think $a->query_string may never have ? in it, but I could be wrong
// It looks like it's from the index.php?q=[etc] rewrite that the web
// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
$tpl = get_markup_template('photos_upload.tpl');
if ($a->theme['template_engine'] === 'internal') {
$albumselect_e = template_escape($albumselect);
$aclselect_e = $visitor ? '' : template_escape(populate_acl($a->user, $celeb));
} else {
$albumselect_e = $albumselect;
$aclselect_e = $visitor ? '' : populate_acl($a->user, $celeb);
}
$o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['user']['nickname'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$alt_uploader' => $ret['addon_text'], '$default_upload_box' => $ret['default_upload'] ? $default_upload_box : '', '$default_upload_submit' => $ret['default_upload'] ? $default_upload_submit : '', '$uploadurl' => $ret['post_url'], '$acl_data' => construct_acl_data($a, $a->user), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private Photo'), '$public' => t('Public Photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
return $o;
}
if ($datatype === 'album') {
$album = hex2bin($datum);
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id`", intval($owner_uid), dbesc($album));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(20);
}
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$r = q("SELECT `resource-id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage']));
$o .= '<h3 id="photo-album-title">' . $album . '</h3>';
if ($cmd === 'edit') {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
$edit_tpl = get_markup_template('album_edit.tpl');
if ($a->theme['template_engine'] === 'internal') {
$album_e = template_escape($album);
} else {
$album_e = $album;
}
$o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
}
}
} else {
if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
if ($can_post) {
$o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
}
}
}
if ($_GET['order'] === 'posted') {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>';
} else {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>';
}
if ($can_post) {
$o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>';
}
$tpl = get_markup_template('photo_album.tpl');
if (count($r)) {
$twist = 'rotright';
}
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->theme['template_engine'] === 'internal') {
$imgalt_e = template_escape($rr['filename']);
$desc_e = template_escape($rr['desc']);
} else {
$imgalt_e = $rr['filename'];
$desc_e = $rr['desc'];
}
$o .= replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''), '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e));
}
$o .= '<div id="photo-album-end"></div>';
$o .= paginate($a);
return $o;
}
if ($datatype === 'image') {
//$o = '';
// fetch image, item containing image, then comments
$ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum));
if (!count($ph)) {
$ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum));
if (count($ph)) {
notice(t('Permission denied. Access to this item may be restricted.'));
} else {
notice(t('Photo not available') . EOL);
}
return;
}
$prevlink = '';
$nextlink = '';
if ($_GET['order'] === 'posted') {
$order = 'ASC';
} else {
$order = 'DESC';
}
$prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0\n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid));
if (count($prvnxt)) {
for ($z = 0; $z < count($prvnxt); $z++) {
if ($prvnxt[$z]['resource-id'] == $ph[0]['resource-id']) {
$prv = $z - 1;
$nxt = $z + 1;
if ($prv < 0) {
$prv = count($prvnxt) - 1;
}
if ($nxt >= count($prvnxt)) {
$nxt = 0;
}
break;
}
}
$edit_suffix = $cmd === 'edit' && $can_post ? '/edit' : '';
$prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
$nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
}
if (count($ph) == 1) {
$hires = $lores = $ph[0];
}
if (count($ph) > 1) {
if ($ph[1]['scale'] == 2) {
// original is 640 or less, we can display it directly
$hires = $lores = $ph[0];
} else {
$hires = $ph[0];
$lores = $ph[1];
}
}
$album_link = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']);
$tools = Null;
$lock = Null;
if ($can_post && $ph[0]['uid'] == $owner_uid) {
$tools = array('edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . ($cmd === 'edit' ? '' : '/edit'), $cmd === 'edit' ? t('View photo') : t('Edit photo')), 'profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource-id'], t('Use as profile photo')));
// lock
$lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null;
}
if ($cmd === 'edit') {
$tpl = get_markup_template('photo_edit_head.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$prevlink' => $prevlink, '$nextlink' => $nextlink));
}
if ($prevlink) {
$prevlink = array($prevlink, '<div class="icon prev"></div>');
}
$photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'), 'height' => $hires['height'], 'width' => $hires['width'], 'album' => $hires['album'], 'filename' => $hires['filename']);
if ($nextlink) {
$nextlink = array($nextlink, '<div class="icon next"></div>');
}
// Do we have an item for this photo?
// FIXME! - replace following code to display the conversation with our normal
// conversation functions so that it works correctly and tracks changes
// in the evolving conversation code.
// The difference is that we won't be displaying the conversation head item
// as a "post" but displaying instead the photo it is linked to
$linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' {$sql_extra} LIMIT 1", dbesc($datum));
if (count($linked_items)) {
$link_item = $linked_items[0];
$r = q("SELECT COUNT(*) AS `total`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra} ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']));
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`,\n\t\t\t\t`contact`.`rel`, `contact`.`thumb`, `contact`.`self`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']), intval($a->pager['start']), intval($a->pager['itemspage']));
if (local_user() && local_user() == $link_item['uid']) {
q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d", intval($link_item['parent']), intval(local_user()));
update_thread($link_item['parent']);
}
}
$tags = Null;
if (count($linked_items) && strlen($link_item['tag'])) {
$arr = explode(',', $link_item['tag']);
// parse tags and add links
$tag_str = '';
foreach ($arr as $t) {
if (strlen($tag_str)) {
$tag_str .= ', ';
}
$tag_str .= bbcode($t);
}
$tags = array(t('Tags: '), $tag_str);
if ($cmd === 'edit') {
$tags[] = $a->get_baseurl() . '/tagrm/' . $link_item['id'];
$tags[] = t('[Remove any tag]');
}
}
$edit = Null;
if ($cmd === 'edit' && $can_post) {
$edit_tpl = get_markup_template('photo_edit.tpl');
// Private/public post links for the non-JS ACL form
$private_post = 1;
if ($_REQUEST['public']) {
$private_post = 0;
}
$query_str = $a->query_string;
if (strpos($query_str, 'public=1') !== false) {
$query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
}
// I think $a->query_string may never have ? in it, but I could be wrong
// It looks like it's from the index.php?q=[etc] rewrite that the web
// server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
if (strpos($query_str, '?') === false) {
$public_post_link = '?public=1';
} else {
$public_post_link = '&public=1';
}
if ($a->theme['template_engine'] === 'internal') {
$album_e = template_escape($ph[0]['album']);
$caption_e = template_escape($ph[0]['desc']);
$aclselect_e = template_escape(populate_acl($ph[0]));
} else {
$album_e = $ph[0]['album'];
$caption_e = $ph[0]['desc'];
$aclselect_e = populate_acl($ph[0]);
}
$edit = replace_macros($edit_tpl, array('$id' => $ph[0]['id'], '$rotatecw' => t('Rotate CW (right)'), '$rotateccw' => t('Rotate CCW (left)'), '$album' => $album_e, '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], '$resource_id' => $ph[0]['resource-id'], '$capt_label' => t('Caption'), '$caption' => $caption_e, '$tag_label' => t('Add a Tag'), '$tags' => $link_item['tag'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), '$item_id' => count($linked_items) ? $link_item['id'] : 0, '$submit' => t('Submit'), '$delete' => t('Delete Photo'), '$acl_data' => construct_acl_data($a, $ph[0]), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private photo'), '$public' => t('Public photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
}
if (count($linked_items)) {
$cmnt_tpl = get_markup_template('comment_item.tpl');
$tpl = get_markup_template('photo_item.tpl');
$return_url = $a->cmd;
$like_tpl = get_markup_template('like_noshare.tpl');
$likebuttons = '';
if ($can_post || can_write_wall($a, $owner_uid)) {
$likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => feature_enabled(local_user(), 'dislike') ? t("I don't like this (toggle)") : '', '$share' => t('Share'), '$wait' => t('Please wait'), '$return_path' => $a->query_string));
}
$comments = '';
if (!count($r)) {
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
}
$alike = array();
$dlike = array();
$like = '';
$dislike = '';
// display comments
if (count($r)) {
foreach ($r as $item) {
like_puller($a, $item, $alike, 'like');
like_puller($a, $item, $dlike, 'dislike');
}
$like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : '';
$dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : '';
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($link_item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$sparkle = '';
if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
continue;
}
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
if (local_user() && $item['contact-uid'] == local_user() && $item['network'] == 'dfrn' && !$item['self']) {
$profile_url = $redirect_url;
$sparkle = ' sparkle';
} else {
$profile_url = $item['url'];
$sparkle = '';
}
$diff_author = $item['url'] !== $item['author-link'] ? true : false;
$profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name'];
$profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $item['thumb'];
$profile_link = $profile_url;
$dropping = $item['contact-id'] == $contact_id || $item['uid'] == local_user();
$drop = array('dropping' => $dropping, 'pagedrop' => false, 'select' => t('Select'), 'delete' => t('Delete'));
if ($a->theme['template_engine'] === 'internal') {
$name_e = template_escape($profile_name);
$title_e = template_escape($item['title']);
$body_e = template_escape(bbcode($item['body']));
} else {
$name_e = $profile_name;
$title_e = $item['title'];
$body_e = bbcode($item['body']);
}
$comments .= replace_macros($template, array('$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
if ($can_post || can_write_wall($a, $owner_uid)) {
if ($item['last-child']) {
$comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
}
}
}
}
$paginate = paginate($a);
}
$photo_tpl = get_markup_template('photo_view.tpl');
if ($a->theme['template_engine'] === 'internal') {
$album_e = array($album_link, template_escape($ph[0]['album']));
$tags_e = template_escape($tags);
$like_e = template_escape($like);
$dislike_e = template_escape($dislike);
} else {
$album_e = array($album_link, $ph[0]['album']);
$tags_e = $tags;
$like_e = $like;
$dislike_e = $dislike;
}
$o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['desc'], '$tags' => $tags_e, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dikslike_e, '$comments' => $comments, '$paginate' => $paginate));
$a->page['htmlhead'] .= "\n" . '<meta name="twitter:card" content="photo" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
$a->page['htmlhead'] .= '<meta name="twitter:image:height" content="' . $photo["height"] . '" />' . "\n";
return $o;
}
// Default - show recent photos with upload link (if applicable)
//$o = '';
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id`", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')));
if (count($r)) {
$a->set_pager_total(count($r));
$a->set_pager_itemspage(20);
}
$r = q("SELECT `resource-id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage']));
$photos = array();
if (count($r)) {
$twist = 'rotright';
foreach ($r as $rr) {
if ($twist == 'rotright') {
$twist = 'rotleft';
} else {
$twist = 'rotright';
}
$ext = $phototypes[$rr['type']];
if ($a->theme['template_engine'] === 'internal') {
$alt_e = template_escape($rr['filename']);
$name_e = template_escape($rr['album']);
} else {
$alt_e = $rr['filename'];
$name_e = $rr['album'];
}
$photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
}
}
$tpl = get_markup_template('photos_recent.tpl');
$o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload'), '$photos' => $photos));
$o .= paginate($a);
return $o;
}
/**
* This function stores a reply in the forum_post table.
* It also updates the forum_threads table (thread_replies +1 , thread_last_post, thread_date)
* @param array
* @param array
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function store_reply($current_forum, $values)
{
$_course = api_get_course_info();
$table_posts = Database::get_course_table(TABLE_FORUM_POST);
$post_date = api_get_utc_datetime();
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$visible = 0;
} else {
$visible = 1;
}
$upload_ok = 1;
$return = array();
if ($upload_ok) {
// We first store an entry in the forum_post table.
$sql = "INSERT INTO {$table_posts} (c_id, post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible)\n VALUES (\n " . api_get_course_int_id() . ",\n '" . Database::escape_string($values['post_title']) . "',\n '" . Database::escape_string(isset($values['post_text']) ? $values['post_text'] : null) . "',\n '" . Database::escape_string($values['thread_id']) . "',\n '" . Database::escape_string($values['forum_id']) . "',\n '" . api_get_user_id() . "',\n '" . $post_date . "',\n '" . Database::escape_string(isset($values['post_notification']) ? $values['post_notification'] : null) . "',\n '" . Database::escape_string(isset($values['post_parent_id']) ? $values['post_parent_id'] : null) . "',\n '" . Database::escape_string($visible) . "')";
Database::query($sql);
$new_post_id = Database::insert_id();
$values['new_post_id'] = $new_post_id;
$message = get_lang('ReplyAdded');
if (!empty($_POST['file_ids']) && is_array($_POST['file_ids'])) {
foreach ($_POST['file_ids'] as $key => $id) {
editAttachedFile(array('comment' => $_POST['file_comments'][$key], 'post_id' => $new_post_id), $id);
}
}
// Update the thread.
update_thread($values['thread_id'], $new_post_id, $post_date);
// Update the forum.
api_item_property_update($_course, TOOL_FORUM, $values['forum_id'], 'NewMessageInForum', api_get_user_id());
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$message .= '<br />' . get_lang('MessageHasToBeApproved') . '<br />';
}
//$message .= '<br />'.get_lang('ReturnTo').' <a href="viewforum.php?'.api_get_cidreq().'&forum='.$values['forum_id'].'&gidReq='.$_SESSION['toolgroup'].'&origin='.$origin.'">'.get_lang('Forum').'</a><br />';
//$message .= get_lang('ReturnTo').' <a href="viewthread.php?'.api_get_cidreq().'&forum='.$values['forum_id'].'&thread='.$values['thread_id'].'&gidReq='.$_SESSION['toolgroup'].'&origin='.$origin.'&gradebook='.$gradebook.'">'.get_lang('Message').'</a>';
// Setting the notification correctly.
$my_post_notification = isset($values['post_notification']) ? $values['post_notification'] : null;
if ($my_post_notification == 1) {
set_notification('thread', $values['thread_id'], true);
}
send_notification_mails($values['thread_id'], $values);
Session::erase('formelements');
Session::erase('origin');
Session::erase('breadcrumbs');
Session::erase('addedresource');
Session::erase('addedresourceid');
$return['msg'] = $message;
$return['type'] = 'confirmation';
} else {
$return['msg'] = get_lang('UplNoFileUploaded') . ' ' . get_lang('UplSelectFileFirst');
$return['type'] = 'error';
}
return $return;
}
/**
* This function stores a reply in the forum_post table.
* It also updates the forum_threads table (thread_replies +1 , thread_last_post, thread_date)
*
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function store_reply($values)
{
$_course = api_get_course_info();
global $current_forum;
global $origin;
$table_threads = Database::get_course_table(TABLE_FORUM_THREAD);
$forum_table_attachment = Database::get_course_table(TABLE_FORUM_ATTACHMENT);
$table_posts = Database::get_course_table(TABLE_FORUM_POST);
$gradebook = Security::remove_XSS($_GET['gradebook']);
$post_date = api_get_utc_datetime();
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$visible = 0;
// The post has not been approved yet.
} else {
$visible = 1;
}
$upload_ok = 1;
$has_attachment = false;
if (!empty($_FILES['user_upload']['name'])) {
$upload_ok = FileManager::process_uploaded_file($_FILES['user_upload']);
$has_attachment = true;
}
$return = array();
if ($upload_ok) {
// We first store an entry in the forum_post table.
$sql = "INSERT INTO {$table_posts} (c_id, post_title, post_text, thread_id, forum_id, poster_id, post_date, post_notification, post_parent_id, visible)\n VALUES (\n \t\t" . api_get_course_int_id() . ",\n \t\t'" . Database::escape_string($values['post_title']) . "',\n '" . Database::escape_string(isset($values['post_text']) ? $values['post_text'] : null) . "',\n '" . Database::escape_string($values['thread_id']) . "',\n '" . Database::escape_string($values['forum_id']) . "',\n '" . api_get_user_id() . "',\n '" . $post_date . "',\n '" . Database::escape_string(isset($values['post_notification']) ? $values['post_notification'] : null) . "',\n '" . Database::escape_string(isset($values['post_parent_id']) ? $values['post_parent_id'] : null) . "',\n '" . Database::escape_string($visible) . "')";
$result = Database::query($sql);
$new_post_id = Database::insert_id();
$values['new_post_id'] = $new_post_id;
$message = get_lang('ReplyAdded');
if ($has_attachment) {
$course_dir = $_course['path'] . '/upload/forum';
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path . $course_dir;
// Try to add an extension to the file if it hasn't one.
$new_file_name = FileManager::add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']);
// User's file name
$file_name = $_FILES['user_upload']['name'];
if (!FileManager::filter_extension($new_file_name)) {
$return['msg'] = get_lang('UplUnableToSaveFileFilteredExtension');
$return['type'] = 'error';
} else {
$new_file_name = uniqid('');
$new_path = $updir . '/' . $new_file_name;
$result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
$comment = $values['file_comment'];
// Storing the attachments if any.
if ($result) {
$sql = 'INSERT INTO ' . $forum_table_attachment . '(c_id, filename,comment, path, post_id,size) ' . "VALUES (" . api_get_course_int_id() . ", '" . Database::escape_string($file_name) . "', '" . Database::escape_string($comment) . "', '" . Database::escape_string($new_file_name) . "' , '" . $new_post_id . "', '" . intval($_FILES['user_upload']['size']) . "' )";
$result = Database::query($sql);
$message .= ' / ' . get_lang('FileUploadSucces');
$last_id = Database::insert_id();
api_item_property_update($_course, TOOL_FORUM_ATTACH, $last_id, 'ForumAttachmentAdded', api_get_user_id());
}
}
}
// Update the thread.
update_thread($values['thread_id'], $new_post_id, $post_date);
// Update the forum.
api_item_property_update($_course, TOOL_FORUM, $values['forum_id'], 'NewMessageInForum', api_get_user_id());
if ($current_forum['approval_direct_post'] == '1' && !api_is_allowed_to_edit(null, true)) {
$message .= '<br />' . get_lang('MessageHasToBeApproved') . '<br />';
}
//$message .= '<br />'.get_lang('ReturnTo').' <a href="viewforum.php?'.api_get_cidreq().'&forum='.$values['forum_id'].'&gidReq='.$_SESSION['toolgroup'].'&origin='.$origin.'">'.get_lang('Forum').'</a><br />';
//$message .= get_lang('ReturnTo').' <a href="viewthread.php?'.api_get_cidreq().'&forum='.$values['forum_id'].'&thread='.$values['thread_id'].'&gidReq='.$_SESSION['toolgroup'].'&origin='.$origin.'&gradebook='.$gradebook.'">'.get_lang('Message').'</a>';
// Setting the notification correctly.
$my_post_notification = isset($values['post_notification']) ? $values['post_notification'] : null;
if ($my_post_notification == 1) {
set_notification('thread', $values['thread_id'], true);
}
send_notification_mails($values['thread_id'], $values);
Session::erase('formelements');
Session::erase('origin');
Session::erase('breadcrumbs');
Session::erase('addedresource');
Session::erase('addedresourceid');
$return['msg'] = $message;
$return['type'] = 'confirmation';
} else {
$return['msg'] = get_lang('UplNoFileUploaded') . ' ' . get_lang('UplSelectFileFirst');
$return['type'] = 'error';
}
return $return;
}
$tr = $db->get_thread($vars['thread_id']);
$db->delete_thread($vars['thread_id']);
$t->assign('msg', "Thread deleted");
$t->assign('link', 'newsletter_threads.php');
$t->display("admin/newsletter_thread_saved.html");
}
//////////////////// main ////////////////////////////////////////
$vars = get_input_vars();
if ($vars['thread_id']) {
$t->assign('thread_id', $vars['thread_id']);
}
switch ($vars['action']) {
case 'new':
display_form();
break;
case 'create':
create_thread($vars);
break;
case 'edit':
display_edit_form();
break;
case 'update':
update_thread($vars);
break;
case 'delete':
delete_thread();
break;
default:
display_threads_list();
break;
}
