function get()
{
if (!local_channel()) {
return;
}
$postid = $_REQUEST['postid'];
if (!$postid) {
return;
}
$emoji = $_REQUEST['emoji'];
if ($_REQUEST['emoji']) {
$i = q("select * from item where id = %d and uid = %d", intval($postid), intval(local_channel()));
if (!$i) {
return;
}
$channel = \App::get_channel();
$n = array();
$n['aid'] = $channel['channel_account_id'];
$n['uid'] = $channel['channel_id'];
$n['item_origin'] = true;
$n['parent'] = $postid;
$n['parent_mid'] = $i[0]['mid'];
$n['mid'] = item_message_id();
$n['verb'] = ACTIVITY_REACT . '#' . $emoji;
$n['body'] = "\n\n[zmg=32x32]" . z_root() . '/images/emoji/' . $emoji . '.png[/zmg]' . "\n\n";
$n['author_xchan'] = $channel['channel_hash'];
$x = item_store($n);
if ($x['success']) {
$nid = $x['item_id'];
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'like', $nid));
}
}
}
function init()
{
if (!local_channel()) {
return;
}
$uid = local_channel();
$url = notags(trim($_REQUEST['url']));
$return_url = $_SESSION['return_url'];
$confirm = intval($_REQUEST['confirm']);
$channel = \App::get_channel();
// Warning: Do not edit the following line. The first symbol is UTF-8 @
$url = str_replace('@', '@', $url);
$result = new_contact($uid, $url, $channel, true, $confirm);
if ($result['success'] == false) {
if ($result['message']) {
notice($result['message']);
}
goaway($return_url);
}
info(t('Channel added.') . EOL);
$clone = array();
foreach ($result['abook'] as $k => $v) {
if (strpos($k, 'abook_') === 0) {
$clone[$k] = $v;
}
}
unset($clone['abook_id']);
unset($clone['abook_account']);
unset($clone['abook_channel']);
$abconfig = load_abconfig($channel['channel_id'], $clone['abook_xchan']);
if ($abconfig) {
$clone['abconfig'] = $abconfig;
}
build_sync_packet(0, array('abook' => array($clone)), true);
$can_view_stream = intval(get_abconfig($channel['channel_id'], $clone['abook_xchan'], 'their_perms', 'view_stream'));
// If we can view their stream, pull in some posts
if ($can_view_stream || $result['abook']['xchan_network'] === 'rss') {
\Zotlabs\Daemon\Master::Summon(array('Onepoll', $result['abook']['abook_id']));
}
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
}
function post()
{
if (!local_channel()) {
return;
}
$channel = \App::get_channel();
$target = trim($_REQUEST['target']);
if (!$target) {
return;
}
if ($target === $channel['channel_hash']) {
return;
}
$rating = intval($_POST['rating']);
if ($rating < -10) {
$rating = -10;
}
if ($rating > 10) {
$rating = 10;
}
$rating_text = trim(escape_tags($_REQUEST['rating_text']));
$signed = $target . '.' . $rating . '.' . $rating_text;
$sig = base64url_encode(rsa_sign($signed, $channel['channel_prvkey']));
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($target));
if ($z) {
$record = $z[0]['xlink_id'];
$w = q("update xlink set xlink_rating = '%d', xlink_rating_text = '%s', xlink_sig = '%s', xlink_updated = '%s'\n\t\t\t\twhere xlink_id = %d", intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()), intval($record));
} else {
$w = q("insert into xlink ( xlink_xchan, xlink_link, xlink_rating, xlink_rating_text, xlink_sig, xlink_updated, xlink_static ) values ( '%s', '%s', %d, '%s', '%s', '%s', 1 ) ", dbesc($channel['channel_hash']), dbesc($target), intval($rating), dbesc($rating_text), dbesc($sig), dbesc(datetime_convert()));
$z = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1 limit 1", dbesc($channel['channel_hash']), dbesc($orig_record[0]['abook_xchan']));
if ($z) {
$record = $z[0]['xlink_id'];
}
}
if ($record) {
\Zotlabs\Daemon\Master::Summon(array('Ratenotif', 'rating', $record));
}
json_return_and_die(array('result' => true));
}
private function set($opts = array())
{
if ($opts) {
foreach ($opts as $k => $v) {
switch ($k) {
case 'http_auth':
$this->auth = $v;
break;
case 'magicauth':
// currently experimental
$this->magicauth = $v;
\Zotlabs\Daemon\Master::Summon(['CurlAuth', $v]);
break;
case 'custom':
$this->request_method = $v;
break;
case 'url':
$this->url = $v;
break;
case 'data':
$this->set_data($v);
if ($v) {
$this->upload = true;
} else {
$this->upload = false;
}
break;
case 'headers':
$this->headers = $v;
break;
default:
$this->curlopts[$k] = $v;
break;
}
}
}
}
function post()
{
if (!array_key_exists('channel', \App::$data)) {
return;
}
$edit = local_channel() && local_channel() == \App::$data['channel']['channel_id'] ? true : false;
if ($edit) {
$has_premium = \App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM ? 1 : 0;
$premium = $_POST['premium'] ? intval($_POST['premium']) : 0;
$text = escape_tags($_POST['text']);
if ($has_premium != $premium) {
$r = q("update channel set channel_pageflags = ( channel_pageflags %s %d ) where channel_id = %d", db_getfunc('^'), intval(PAGE_PREMIUM), intval(local_channel()));
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'refresh_all', \App::$data['channel']['channel_id']));
}
set_pconfig(\App::$data['channel']['channel_id'], 'system', 'selltext', $text);
// reload the page completely to get fresh data
goaway(z_root() . '/' . \App::$query_string);
}
$url = '';
$observer = \App::get_observer();
if ($observer && $_POST['submit'] === t('Continue')) {
if ($observer['xchan_follow']) {
$url = sprintf($observer['xchan_follow'], urlencode(channel_reddress(\App::$data['channel'])));
}
if (!$url) {
$r = q("select * from hubloc where hubloc_hash = '%s' order by hubloc_id desc limit 1", dbesc($observer['xchan_hash']));
if ($r) {
$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(\App::$data['channel']));
}
}
}
if ($url) {
goaway($url . '&confirm=1');
} else {
notice('Unable to connect to your home hub location.');
}
}
function get()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = \App::get_channel();
if ($_REQUEST['sync']) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'location', $channel['channel_id']));
info(t('Syncing locations') . EOL);
goaway(z_root() . '/locs');
}
$r = q("select * from hubloc where hubloc_hash = '%s'", dbesc($channel['channel_hash']));
if (!$r) {
notice(t('No locations found.') . EOL);
return;
}
for ($x = 0; $x < count($r); $x++) {
$r[$x]['primary'] = intval($r[$x]['hubloc_primary']) ? true : false;
$r[$x]['deleted'] = intval($r[$x]['hubloc_deleted']) ? true : false;
}
$o = replace_macros(get_markup_template('locmanage.tpl'), array('$header' => t('Manage Channel Locations'), '$loc' => t('Location'), '$addr' => t('Address'), '$mkprm' => t('Primary'), '$drop' => t('Drop'), '$submit' => t('Submit'), '$sync' => t('Sync Now'), '$sync_text' => t('Please wait several minutes between consecutive operations.'), '$drop_text' => t('When possible, drop a location by logging into that website/hub and removing your channel.'), '$last_resort' => t('Use this form to drop the location if the hub is no longer operating.'), '$hubs' => $r));
return $o;
}
function get()
{
$o = '';
$observer = \App::get_observer();
$interactive = $_REQUEST['interactive'];
if ($interactive) {
$o .= '<h1>' . t('Like/Dislike') . '</h1>';
$o .= EOL . EOL;
if (!$observer) {
$_SESSION['return_url'] = \App::$query_string;
$o .= t('This action is restricted to members.') . EOL;
$o .= t('Please <a href="rmagic">login with your $Projectname ID</a> or <a href="register">register as a new $Projectname member</a> to continue.') . EOL;
return $o;
}
}
$verb = notags(trim($_GET['verb']));
if (!$verb) {
$verb = 'like';
}
switch ($verb) {
case 'like':
case 'unlike':
$activity = ACTIVITY_LIKE;
break;
case 'dislike':
case 'undislike':
$activity = ACTIVITY_DISLIKE;
break;
case 'agree':
case 'unagree':
$activity = ACTIVITY_AGREE;
break;
case 'disagree':
case 'undisagree':
$activity = ACTIVITY_DISAGREE;
break;
case 'abstain':
case 'unabstain':
$activity = ACTIVITY_ABSTAIN;
break;
case 'attendyes':
case 'unattendyes':
$activity = ACTIVITY_ATTEND;
break;
case 'attendno':
case 'unattendno':
$activity = ACTIVITY_ATTENDNO;
break;
case 'attendmaybe':
case 'unattendmaybe':
$activity = ACTIVITY_ATTENDMAYBE;
break;
default:
return;
break;
}
$extended_like = false;
$object = $target = null;
$post_type = '';
$objtype = '';
if (argc() == 3) {
if (!$observer) {
killme();
}
$extended_like = true;
$obj_type = argv(1);
$obj_id = argv(2);
$public = true;
if ($obj_type == 'profile') {
$r = q("select * from profile where profile_guid = '%s' limit 1", dbesc(argv(2)));
if (!$r) {
killme();
}
$owner_uid = $r[0]['uid'];
if ($r[0]['is_default']) {
$public = true;
}
if (!$public) {
$d = q("select abook_xchan from abook where abook_profile = '%s' and abook_channel = %d", dbesc($r[0]['profile_guid']), intval($owner_uid));
if (!$d) {
// forgery - illegal
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
// $d now contains a list of those who can see this profile - only send the status notification
// to them.
$allow_cid = $allow_gid = $deny_cid = $deny_gid = '';
foreach ($d as $dd) {
$allow_cid .= '<' . $dd['abook_xchan'] . '>';
}
}
$post_type = t('channel');
$objtype = ACTIVITY_OBJ_PROFILE;
$profile = $r[0];
} elseif ($obj_type == 'thing') {
$r = q("select * from obj where obj_type = %d and obj_obj = '%s' limit 1", intval(TERM_OBJ_THING), dbesc(argv(2)));
if (!$r) {
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
$owner_uid = $r[0]['obj_channel'];
$allow_cid = $r[0]['allow_cid'];
$allow_gid = $r[0]['allow_gid'];
$deny_cid = $r[0]['deny_cid'];
$deny_gid = $r[0]['deny_gid'];
if ($allow_cid || $allow_gid || $deny_cid || $deny_gid) {
$public = false;
}
$post_type = t('thing');
$objtype = ACTIVITY_OBJ_PROFILE;
$tgttype = ACTIVITY_OBJ_THING;
$links = array();
$links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/thing/' . $r[0]['obj_obj']);
if ($r[0]['imgurl']) {
$links[] = array('rel' => 'photo', 'href' => $r[0]['obj_imgurl']);
}
$target = json_encode(array('type' => $tgttype, 'title' => $r[0]['obj_term'], 'id' => z_root() . '/thing/' . $r[0]['obj_obj'], 'link' => $links));
$plink = '[zrl=' . z_root() . '/thing/' . $r[0]['obj_obj'] . ']' . $r[0]['obj_term'] . '[/zrl]';
}
if (!($owner_uid && $r)) {
if ($interactive) {
notice(t('Invalid request.') . EOL);
return $o;
}
killme();
}
// The resultant activity is going to be a wall-to-wall post, so make sure this is allowed
$perms = get_all_perms($owner_uid, $observer['xchan_hash']);
if (!($perms['post_like'] && $perms['view_profile'])) {
if ($interactive) {
notice(t('Permission denied.') . EOL);
return $o;
}
killme();
}
$ch = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1", intval($owner_uid));
if (!$ch) {
if ($interactive) {
notice(t('Channel unavailable.') . EOL);
return $o;
}
killme();
}
if (!$plink) {
$plink = '[zrl=' . z_root() . '/profile/' . $ch[0]['channel_address'] . ']' . $post_type . '[/zrl]';
}
$links = array();
$links[] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/profile/' . $ch[0]['channel_address']);
$links[] = array('rel' => 'photo', 'type' => $ch[0]['xchan_photo_mimetype'], 'href' => $ch[0]['xchan_photo_l']);
$object = json_encode(array('type' => ACTIVITY_OBJ_PROFILE, 'title' => $ch[0]['channel_name'], 'id' => $ch[0]['xchan_url'] . '/' . $ch[0]['xchan_hash'], 'link' => $links));
// second like of the same thing is "undo" for the first like
$z = q("select * from likes where channel_id = %d and liker = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' limit 1", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id));
if ($z) {
$z[0]['deleted'] = 1;
build_sync_packet($ch[0]['channel_id'], array('likes' => $z));
q("delete from likes where id = %d limit 1", intval($z[0]['id']));
if ($z[0]['i_mid']) {
$r = q("select id from item where mid = '%s' and uid = %d limit 1", dbesc($z[0]['i_mid']), intval($ch[0]['channel_id']));
if ($r) {
drop_item($r[0]['id'], false);
}
if ($interactive) {
notice(t('Previous action reversed.') . EOL);
return $o;
}
}
killme();
}
} else {
// this is used to like an item or comment
$item_id = argc() == 2 ? notags(trim(argv(1))) : 0;
logger('like: verb ' . $verb . ' item ' . $item_id, LOGGER_DEBUG);
// get the item. Allow linked photos (which are normally hidden) to be liked
$r = q("SELECT * FROM item WHERE id = %d \n\t\t\t\tand item_type = 0 and item_deleted = 0 and item_unpublished = 0 \n\t\t\t\tand item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1", intval($item_id));
if (!$item_id || !$r) {
logger('like: no item ' . $item_id);
killme();
}
$item = $r[0];
$owner_uid = $item['uid'];
$owner_aid = $item['aid'];
$sys = get_sys_channel();
// if this is a "discover" item, (item['uid'] is the sys channel),
// fallback to the item comment policy, which should've been
// respected when generating the conversation thread.
// Even if the activity is rejected by the item owner, it should still get attached
// to the local discover conversation on this site.
if ($owner_uid != $sys['channel_id'] && !perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_comments')) {
notice(t('Permission denied') . EOL);
killme();
}
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['owner_xchan']));
if ($r) {
$thread_owner = $r[0];
} else {
killme();
}
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']));
if ($r) {
$item_author = $r[0];
} else {
killme();
}
$verbs = " '" . dbesc($activity) . "' ";
$multi_undo = false;
// event participation and consensus items are essentially radio toggles. If you make a subsequent choice,
// we need to eradicate your first choice.
if ($activity === ACTIVITY_ATTEND || $activity === ACTIVITY_ATTENDNO || $activity === ACTIVITY_ATTENDMAYBE) {
$verbs = " '" . dbesc(ACTIVITY_ATTEND) . "','" . dbesc(ACTIVITY_ATTENDNO) . "','" . dbesc(ACTIVITY_ATTENDMAYBE) . "' ";
$multi_undo = 1;
}
if ($activity === ACTIVITY_AGREE || $activity === ACTIVITY_DISAGREE || $activity === ACTIVITY_ABSTAIN) {
$verbs = " '" . dbesc(ACTIVITY_AGREE) . "','" . dbesc(ACTIVITY_DISAGREE) . "','" . dbesc(ACTIVITY_ABSTAIN) . "' ";
$multi_undo = true;
}
$item_normal = item_normal();
$r = q("SELECT id, parent, uid, verb FROM item WHERE verb in ( {$verbs} ) {$item_normal}\n\t\t\t\tAND author_xchan = '%s' AND thr_parent = '%s' and uid = %d ", dbesc($observer['xchan_hash']), dbesc($item['mid']), intval($owner_uid));
if ($r) {
// already liked it. Drop that item.
require_once 'include/items.php';
foreach ($r as $rr) {
drop_item($rr['id'], false, DROPITEM_PHASE1);
// set the changed timestamp on the parent so we'll see the update without a page reload
$z = q("update item set changed = '%s' where id = %d and uid = %d", dbesc(datetime_convert()), intval($rr['parent']), intval($rr['uid']));
// Prior activity was a duplicate of the one we're submitting, just undo it;
// don't fall through and create another
if (activity_match($rr['verb'], $activity)) {
$multi_undo = false;
}
// drop_item was not done interactively, so we need to invoke the notifier
// in order to push the changes to connections
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'drop', $rr['id']));
}
if ($interactive) {
return;
}
if (!$multi_undo) {
killme();
}
}
}
$mid = item_message_id();
$arr = array();
if ($extended_like) {
$arr['item_thread_top'] = 1;
$arr['item_origin'] = 1;
$arr['item_wall'] = 1;
} else {
$post_type = $item['resource_type'] === 'photo' ? t('photo') : t('status');
if ($item['obj_type'] === ACTIVITY_OBJ_EVENT) {
$post_type = t('event');
}
$links = array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item['plink']));
$objtype = $item['resource_type'] === 'photo' ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE;
$body = $item['body'];
$object = json_encode(array('type' => $objtype, 'id' => $item['mid'], 'parent' => $item['thr_parent'] ? $item['thr_parent'] : $item['parent_mid'], 'link' => $links, 'title' => $item['title'], 'content' => $item['body'], 'created' => $item['created'], 'edited' => $item['edited'], 'author' => array('name' => $item_author['xchan_name'], 'address' => $item_author['xchan_addr'], 'guid' => $item_author['xchan_guid'], 'guid_sig' => $item_author['xchan_guid_sig'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item_author['xchan_url']), array('rel' => 'photo', 'type' => $item_author['xchan_photo_mimetype'], 'href' => $item_author['xchan_photo_m'])))));
if (!intval($item['item_thread_top'])) {
$post_type = 'comment';
}
$arr['item_origin'] = 1;
$arr['item_notshown'] = 1;
if (intval($item['item_wall'])) {
$arr['item_wall'] = 1;
}
// if this was a linked photo and was hidden, unhide it.
if (intval($item['item_hidden'])) {
$r = q("update item set item_hidden = 0 where id = %d", intval($item['id']));
}
}
if ($verb === 'like') {
$bodyverb = t('%1$s likes %2$s\'s %3$s');
}
if ($verb === 'dislike') {
$bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s');
}
if ($verb === 'agree') {
$bodyverb = t('%1$s agrees with %2$s\'s %3$s');
}
if ($verb === 'disagree') {
$bodyverb = t('%1$s doesn\'t agree with %2$s\'s %3$s');
}
if ($verb === 'abstain') {
$bodyverb = t('%1$s abstains from a decision on %2$s\'s %3$s');
}
if ($verb === 'attendyes') {
$bodyverb = t('%1$s is attending %2$s\'s %3$s');
}
if ($verb === 'attendno') {
$bodyverb = t('%1$s is not attending %2$s\'s %3$s');
}
if ($verb === 'attendmaybe') {
$bodyverb = t('%1$s may attend %2$s\'s %3$s');
}
if (!isset($bodyverb)) {
killme();
}
if ($extended_like) {
$ulink = '[zrl=' . $ch[0]['xchan_url'] . ']' . $ch[0]['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$private = $public ? 0 : 1;
} else {
$arr['parent'] = $item['id'];
$arr['thr_parent'] = $item['mid'];
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
$plink = '[zrl=' . z_root() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]';
$allow_cid = $item['allow_cid'];
$allow_gid = $item['allow_gid'];
$deny_cid = $item['deny_cid'];
$deny_gid = $item['deny_gid'];
$private = $item['private'];
}
$arr['mid'] = $mid;
$arr['aid'] = $extended_like ? $ch[0]['channel_account_id'] : $owner_aid;
$arr['uid'] = $owner_uid;
$arr['item_flags'] = $item_flags;
$arr['item_wall'] = $item_wall;
$arr['parent_mid'] = $extended_like ? $mid : $item['mid'];
$arr['owner_xchan'] = $extended_like ? $ch[0]['xchan_hash'] : $thread_owner['xchan_hash'];
$arr['author_xchan'] = $observer['xchan_hash'];
$arr['body'] = sprintf($bodyverb, $alink, $ulink, $plink);
if ($obj_type === 'thing' && $r[0]['imgurl']) {
$arr['body'] .= "\n\n[zmg=80x80]" . $r[0]['imgurl'] . '[/zmg]';
}
if ($obj_type === 'profile') {
if ($public) {
$arr['body'] .= "\n\n" . '[embed]' . z_root() . '/profile/' . $ch[0]['channel_address'] . '[/embed]';
} else {
$arr['body'] .= "\n\n[zmg=80x80]" . $profile['thumb'] . '[/zmg]';
}
}
$arr['verb'] = $activity;
$arr['obj_type'] = $objtype;
$arr['obj'] = $object;
if ($target) {
$arr['tgt_type'] = $tgttype;
$arr['target'] = $target;
}
$arr['allow_cid'] = $allow_cid;
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
$arr['item_private'] = $private;
$post = item_store($arr);
$post_id = $post['item_id'];
$arr['id'] = $post_id;
call_hooks('post_local_end', $arr);
if ($extended_like) {
$r = q("insert into likes (channel_id,liker,likee,iid,i_mid,verb,target_type,target_id,target) values (%d,'%s','%s',%d,'%s','%s','%s','%s','%s')", intval($ch[0]['channel_id']), dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), intval($post_id), dbesc($mid), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id), dbesc($target ? $target : $object));
$r = q("select * from likes where liker = '%s' and likee = '%s' and i_mid = '%s' and verb = '%s' and target_type = '%s' and target_id = '%s' ", dbesc($observer['xchan_hash']), dbesc($ch[0]['channel_hash']), dbesc($mid), dbesc($activity), dbesc($tgttype ? $tgttype : $objtype), dbesc($obj_id));
if ($r) {
build_sync_packet($ch[0]['channel_id'], array('likes' => $r));
}
}
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'like', $post_id));
if ($interactive) {
notice(t('Action completed.') . EOL);
$o .= t('Thank you.');
return $o;
}
killme();
}
function post()
{
$channel = \App::get_channel();
check_form_security_token_redirectOnErr('/settings', 'settings');
call_hooks('settings_post', $_POST);
$set_perms = '';
$role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : '';
$oldrole = get_pconfig(local_channel(), 'system', 'permissions_role');
if ($role != $oldrole || $role === 'custom') {
if ($role === 'custom') {
$hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0;
$publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0;
$def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : '';
$r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel()));
$global_perms = \Zotlabs\Access\Permissions::Perms();
foreach ($global_perms as $k => $v) {
\Zotlabs\Access\PermissionLimits::Set(local_channel(), $k, intval($_POST[$k]));
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
$x = $acl->get();
$r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', \n\t\t\t\t\tchannel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d", dbesc($x['allow_cid']), dbesc($x['allow_gid']), dbesc($x['deny_cid']), dbesc($x['deny_gid']), intval(local_channel()));
} else {
$role_permissions = \Zotlabs\Access\PermissionRoles::role_perms($_POST['permissions_role']);
if (!$role_permissions) {
notice('Permissions category could not be found.');
return;
}
$hide_presence = 1 - intval($role_permissions['online']);
if ($role_permissions['default_collection']) {
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
if (!$r) {
require_once 'include/group.php';
group_add(local_channel(), t('Friends'));
group_add_member(local_channel(), t('Friends'), $channel['channel_hash']);
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
}
if ($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel()));
} else {
notice(sprintf('Default privacy group \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL);
return;
}
} else {
q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel()));
}
$x = \Zotlabs\Access\Permissions::FilledPerms($role_permissions['perms_connect']);
foreach ($x as $k => $v) {
set_abconfig(local_channel(), $channel['channel_hash'], 'my_perms', $k, $v);
if ($role_permissions['perms_auto']) {
set_pconfig(local_channel(), 'autoperms', $k, $v);
} else {
del_pconfig(local_channel(), 'autoperms', $k);
}
}
if ($role_permissions['limits']) {
foreach ($role_permissions['limits'] as $k => $v) {
\Zotlabs\Access\PermissionLimits::Set(local_channel(), $k, $v);
}
}
if (array_key_exists('directory_publish', $role_permissions)) {
$publish = intval($role_permissions['directory_publish']);
}
}
set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence);
set_pconfig(local_channel(), 'system', 'permissions_role', $role);
}
$username = x($_POST, 'username') ? notags(trim($_POST['username'])) : '';
$timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : '';
$defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : '';
$openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : '';
$maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0;
$expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0;
$evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3;
$photo_path = x($_POST, 'photo_path') ? escape_tags(trim($_POST['photo_path'])) : '';
$attach_path = x($_POST, 'attach_path') ? escape_tags(trim($_POST['attach_path'])) : '';
$channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '';
$expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0;
$expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0;
$expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0;
$expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0;
$allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0;
$blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1;
// this setting is inverted!
$unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0;
$cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0;
$suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0;
$post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0;
$post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0;
$post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0;
$adult = $_POST['adult'] == 1 ? 1 : 0;
$cal_first_day = x($_POST, 'first_day') && intval($_POST['first_day']) == 1 ? 1 : 0;
$pageflags = $channel['channel_pageflags'];
$existing_adult = $pageflags & PAGE_ADULT ? 1 : 0;
if ($adult != $existing_adult) {
$pageflags = $pageflags ^ PAGE_ADULT;
}
$notify = 0;
if (x($_POST, 'notify1')) {
$notify += intval($_POST['notify1']);
}
if (x($_POST, 'notify2')) {
$notify += intval($_POST['notify2']);
}
if (x($_POST, 'notify3')) {
$notify += intval($_POST['notify3']);
}
if (x($_POST, 'notify4')) {
$notify += intval($_POST['notify4']);
}
if (x($_POST, 'notify5')) {
$notify += intval($_POST['notify5']);
}
if (x($_POST, 'notify6')) {
$notify += intval($_POST['notify6']);
}
if (x($_POST, 'notify7')) {
$notify += intval($_POST['notify7']);
}
if (x($_POST, 'notify8')) {
$notify += intval($_POST['notify8']);
}
$vnotify = 0;
if (x($_POST, 'vnotify1')) {
$vnotify += intval($_POST['vnotify1']);
}
if (x($_POST, 'vnotify2')) {
$vnotify += intval($_POST['vnotify2']);
}
if (x($_POST, 'vnotify3')) {
$vnotify += intval($_POST['vnotify3']);
}
if (x($_POST, 'vnotify4')) {
$vnotify += intval($_POST['vnotify4']);
}
if (x($_POST, 'vnotify5')) {
$vnotify += intval($_POST['vnotify5']);
}
if (x($_POST, 'vnotify6')) {
$vnotify += intval($_POST['vnotify6']);
}
if (x($_POST, 'vnotify7')) {
$vnotify += intval($_POST['vnotify7']);
}
if (x($_POST, 'vnotify8')) {
$vnotify += intval($_POST['vnotify8']);
}
if (x($_POST, 'vnotify9')) {
$vnotify += intval($_POST['vnotify9']);
}
if (x($_POST, 'vnotify10')) {
$vnotify += intval($_POST['vnotify10']);
}
if (x($_POST, 'vnotify11')) {
$vnotify += intval($_POST['vnotify11']);
}
$always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0;
$err = '';
$name_change = false;
if ($username != $channel['channel_name']) {
$name_change = true;
require_once 'include/channel.php';
$err = validate_channelname($username);
if ($err) {
notice($err);
return;
}
}
if ($timezone != $channel['channel_timezone']) {
if (strlen($timezone)) {
date_default_timezone_set($timezone);
}
}
set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location);
set_pconfig(local_channel(), 'system', 'suggestme', $suggestme);
set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend);
set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup);
set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange);
set_pconfig(local_channel(), 'system', 'blocktags', $blocktags);
set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu);
set_pconfig(local_channel(), 'system', 'vnotify', $vnotify);
set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices);
set_pconfig(local_channel(), 'system', 'evdays', $evdays);
set_pconfig(local_channel(), 'system', 'photo_path', $photo_path);
set_pconfig(local_channel(), 'system', 'attach_path', $attach_path);
set_pconfig(local_channel(), 'system', 'cal_first_day', $cal_first_day);
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel()));
if ($r) {
info(t('Settings updated.') . EOL);
}
if (!is_null($publish)) {
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel()));
}
if ($name_change) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']));
$r = q("update profile set fullname = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id']));
}
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
build_sync_packet();
if ($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
// Why? Are we verifying people or email addresses?
}
goaway(z_root() . '/settings');
return;
// NOTREACHED
}
function init()
{
if (!local_channel()) {
return;
}
$uid = local_channel();
$channel = \App::get_channel();
$verb = notags(trim($_GET['verb']));
if (!$verb) {
return;
}
$verbs = get_mood_verbs();
if (!array_key_exists($verb, $verbs)) {
return;
}
$activity = ACTIVITY_MOOD . '#' . urlencode($verb);
$parent = x($_GET, 'parent') ? intval($_GET['parent']) : 0;
logger('mood: verb ' . $verb, LOGGER_DEBUG);
if ($parent) {
$r = q("select mid, owner_xchan, private, allow_cid, allow_gid, deny_cid, deny_gid \n\t\t\t\tfrom item where id = %d and parent = %d and uid = %d limit 1", intval($parent), intval($parent), intval($uid));
if (count($r)) {
$parent_mid = $r[0]['mid'];
$private = $r[0]['item_private'];
$allow_cid = $r[0]['allow_cid'];
$allow_gid = $r[0]['allow_gid'];
$deny_cid = $r[0]['deny_cid'];
$deny_gid = $r[0]['deny_gid'];
}
} else {
$private = 0;
$allow_cid = $channel['channel_allow_cid'];
$allow_gid = $channel['channel_allow_gid'];
$deny_cid = $channel['channel_deny_cid'];
$deny_gid = $channel['channel_deny_gid'];
}
$poster = \App::get_observer();
$mid = item_message_id();
$action = sprintf(t('%1$s is %2$s', 'mood'), '[zrl=' . $poster['xchan_url'] . ']' . $poster['xchan_name'] . '[/zrl]', $verbs[$verb]);
$arr = array();
$arr['aid'] = get_account_id();
$arr['uid'] = $uid;
$arr['mid'] = $mid;
$arr['parent_mid'] = $parent_mid ? $parent_mid : $mid;
$arr['author_xchan'] = $poster['xchan_hash'];
$arr['owner_xchan'] = $parent_mid ? $r[0]['owner_xchan'] : $poster['xchan_hash'];
$arr['title'] = '';
$arr['allow_cid'] = $allow_cid;
$arr['allow_gid'] = $allow_gid;
$arr['deny_cid'] = $deny_cid;
$arr['deny_gid'] = $deny_gid;
$arr['item_private'] = $private;
$arr['verb'] = $activity;
$arr['body'] = $action;
$arr['item_origin'] = 1;
$arr['item_wall'] = 1;
$arr['item_unseen'] = 1;
if (!$parent_mid) {
$item['item_thread_top'] = 1;
}
if (!$arr['plink'] && intval($arr['item_thread_top'])) {
$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
}
$post = item_store($arr);
$item_id = $post['item_id'];
if ($item_id) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id));
}
call_hooks('post_local_end', $arr);
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
return;
}
/**
*
* Wrap calls to proc_close(proc_open()) and call hook
* so plugins can take part in process :)
*
* args:
* $cmd program to run
* next args are passed as $cmd command line
*
* e.g.: proc_run("ls","-la","/tmp");
*
* $cmd and string args are surrounded with ""
*/
function proc_run()
{
$args = func_get_args();
$newargs = array();
if (!count($args)) {
return;
}
$args = flatten_array_recursive($args);
$arr = array('args' => $args, 'run_cmd' => true);
call_hooks('proc_run', $arr);
if (!$arr['run_cmd']) {
return;
}
if (count($args) && $args[0] === 'php') {
$args[0] = x(App::$config, 'system') && x(App::$config['system'], 'php_path') && strlen(App::$config['system']['php_path']) ? App::$config['system']['php_path'] : 'php';
}
// redirect proc_run statements of legacy daemon processes to the newer Daemon Master object class
// We will keep this interface until everybody has transitioned. (2016-05-20)
if (strstr($args[1], 'include/')) {
// convert 'include/foo.php' to 'Foo'
$orig = substr(ucfirst(substr($args[1], 8)), 0, -4);
logger('proc_run_redirect: ' . $orig);
if (file_exists('Zotlabs/Daemon/' . $orig . '.php')) {
array_shift($args);
// daemons are all run by php, pop it off the top of the array
$args[0] = $orig;
// replace with the new daemon name
logger('Redirecting old proc_run interface: ' . print_r($args, true), LOGGER_DEBUG, LOG_DEBUG);
\Zotlabs\Daemon\Master::Summon($args);
// summon the daemon
return;
}
}
$args = array_map('escapeshellarg', $args);
$cmdline = implode($args, " ");
if (is_windows()) {
$cwd = getcwd();
$cmd = "cmd /c start \"title\" /D \"{$cwd}\" /b {$cmdline}";
proc_close(proc_open($cmd, array(), $foo));
} else {
if (get_config('system', 'use_proc_open')) {
proc_close(proc_open($cmdline . " &", array(), $foo));
} else {
exec($cmdline . ' > /dev/null &');
}
}
}
function post()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
require_once 'include/activities.php';
$namechanged = false;
// import from json export file.
// Only import fields that are allowed on this hub
if (x($_FILES, 'userfile')) {
$src = $_FILES['userfile']['tmp_name'];
$filesize = intval($_FILES['userfile']['size']);
if ($filesize) {
$j = @json_decode(@file_get_contents($src), true);
@unlink($src);
if ($j) {
$fields = get_profile_fields_advanced();
if ($fields) {
foreach ($j as $jj => $v) {
foreach ($fields as $f => $n) {
if ($jj == $f) {
$_POST[$f] = $v;
break;
}
}
}
}
}
}
}
call_hooks('profile_post', $_POST);
if (argc() > 1 && argv(1) !== "new" && intval(argv(1))) {
$orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(\App::$argv[1]), intval(local_channel()));
if (!count($orig)) {
notice(t('Profile not found.') . EOL);
return;
}
check_form_security_token_redirectOnErr('/profiles', 'profile_edit');
$is_default = $orig[0]['is_default'] ? 1 : 0;
$profile_name = notags(trim($_POST['profile_name']));
if (!strlen($profile_name)) {
notice(t('Profile Name is required.') . EOL);
return;
}
$dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00';
// FIXME: Needs to be validated?
$y = substr($dob, 0, 4);
if (!ctype_digit($y) || $y < 1900) {
$ignore_year = true;
} else {
$ignore_year = false;
}
if ($dob != '0000-00-00') {
if (strpos($dob, '0000-') === 0) {
$ignore_year = true;
$dob = substr($dob, 5);
}
$dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d');
if ($ignore_year) {
$dob = '0000-' . $dob;
}
}
$name = escape_tags(trim($_POST['name']));
if ($orig[0]['fullname'] != $name) {
$namechanged = true;
$v = validate_channelname($name);
if ($v) {
notice($v);
$namechanged = false;
$name = $orig[0]['fullname'];
}
}
$pdesc = escape_tags(trim($_POST['pdesc']));
$gender = escape_tags(trim($_POST['gender']));
$address = escape_tags(trim($_POST['address']));
$locality = escape_tags(trim($_POST['locality']));
$region = escape_tags(trim($_POST['region']));
$postal_code = escape_tags(trim($_POST['postal_code']));
$country_name = escape_tags(trim($_POST['country_name']));
$keywords = escape_tags(trim($_POST['keywords']));
$marital = escape_tags(trim($_POST['marital']));
$howlong = escape_tags(trim($_POST['howlong']));
$sexual = escape_tags(trim($_POST['sexual']));
$homepage = escape_tags(trim($_POST['homepage']));
$hometown = escape_tags(trim($_POST['hometown']));
$politic = escape_tags(trim($_POST['politic']));
$religion = escape_tags(trim($_POST['religion']));
$likes = fix_mce_lf(escape_tags(trim($_POST['likes'])));
$dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes'])));
$about = fix_mce_lf(escape_tags(trim($_POST['about'])));
$interest = fix_mce_lf(escape_tags(trim($_POST['interest'])));
$contact = fix_mce_lf(escape_tags(trim($_POST['contact'])));
$channels = fix_mce_lf(escape_tags(trim($_POST['channels'])));
$music = fix_mce_lf(escape_tags(trim($_POST['music'])));
$book = fix_mce_lf(escape_tags(trim($_POST['book'])));
$tv = fix_mce_lf(escape_tags(trim($_POST['tv'])));
$film = fix_mce_lf(escape_tags(trim($_POST['film'])));
$romance = fix_mce_lf(escape_tags(trim($_POST['romance'])));
$work = fix_mce_lf(escape_tags(trim($_POST['work'])));
$education = fix_mce_lf(escape_tags(trim($_POST['education'])));
$hide_friends = intval($_POST['hide_friends']) ? 1 : 0;
require_once 'include/text.php';
linkify_tags($a, $likes, local_channel());
linkify_tags($a, $dislikes, local_channel());
linkify_tags($a, $about, local_channel());
linkify_tags($a, $interest, local_channel());
linkify_tags($a, $interest, local_channel());
linkify_tags($a, $contact, local_channel());
linkify_tags($a, $channels, local_channel());
linkify_tags($a, $music, local_channel());
linkify_tags($a, $book, local_channel());
linkify_tags($a, $tv, local_channel());
linkify_tags($a, $film, local_channel());
linkify_tags($a, $romance, local_channel());
linkify_tags($a, $work, local_channel());
linkify_tags($a, $education, local_channel());
$with = x($_POST, 'with') ? escape_tags(trim($_POST['with'])) : '';
if (!strlen($howlong)) {
$howlong = NULL_DATE;
} else {
$howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong);
}
// linkify the relationship target if applicable
$withchanged = false;
if (strlen($with)) {
if ($with != strip_tags($orig[0]['partner'])) {
$withchanged = true;
$prf = '';
$lookup = $with;
if (strpos($lookup, '@') === 0) {
$lookup = substr($lookup, 1);
}
$lookup = str_replace('_', ' ', $lookup);
$newname = $lookup;
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval(local_channel()));
if (!$r) {
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_addr = '%s' AND abook_channel = %d LIMIT 1", dbesc($lookup . '@%'), intval(local_channel()));
}
if ($r) {
$prf = $r[0]['xchan_url'];
$newname = $r[0]['xchan_name'];
}
if ($prf) {
$with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with);
if (strpos($with, '@') === 0) {
$with = substr($with, 1);
}
}
} else {
$with = $orig[0]['partner'];
}
}
$profile_fields_basic = get_profile_fields_basic();
$profile_fields_advanced = get_profile_fields_advanced();
$advanced = feature_enabled(local_channel(), 'advanced_profiles') ? true : false;
if ($advanced) {
$fields = $profile_fields_advanced;
} else {
$fields = $profile_fields_basic;
}
$z = q("select * from profdef where true");
if ($z) {
foreach ($z as $zz) {
if (array_key_exists($zz['field_name'], $fields)) {
$w = q("select * from profext where channel_id = %d and hash = '%s' and k = '%s' limit 1", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name']));
if ($w) {
q("update profext set v = '%s' where id = %d", dbesc(escape_tags(trim($_POST[$zz['field_name']]))), intval($w[0]['id']));
} else {
q("insert into profext ( channel_id, hash, k, v ) values ( %d, '%s', '%s', '%s') ", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name']), dbesc(escape_tags(trim($_POST[$zz['field_name']]))));
}
}
}
}
$changes = array();
$value = '';
if ($is_default) {
if ($marital != $orig[0]['marital']) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status');
$value = $marital;
}
if ($withchanged) {
$changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner');
$value = strip_tags($with);
}
if ($likes != $orig[0]['likes']) {
$changes[] = t('Likes');
$value = $likes;
}
if ($dislikes != $orig[0]['dislikes']) {
$changes[] = t('Dislikes');
$value = $dislikes;
}
if ($work != $orig[0]['employment']) {
$changes[] = t('Work/Employment');
}
if ($religion != $orig[0]['religion']) {
$changes[] = t('Religion');
$value = $religion;
}
if ($politic != $orig[0]['politic']) {
$changes[] = t('Political Views');
$value = $politic;
}
if ($gender != $orig[0]['gender']) {
$changes[] = t('Gender');
$value = $gender;
}
if ($sexual != $orig[0]['sexual']) {
$changes[] = t('Sexual Preference');
$value = $sexual;
}
if ($homepage != $orig[0]['homepage']) {
$changes[] = t('Homepage');
$value = $homepage;
}
if ($interest != $orig[0]['interest']) {
$changes[] = t('Interests');
$value = $interest;
}
if ($address != $orig[0]['address']) {
$changes[] = t('Address');
// New address not sent in notifications, potential privacy issues
// in case this leaks to unintended recipients. Yes, it's in the public
// profile but that doesn't mean we have to broadcast it to everybody.
}
if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country_name']) {
$changes[] = t('Location');
$comma1 = $locality && ($region || $country_name) ? ', ' : ' ';
$comma2 = $region && $country_name ? ', ' : '';
$value = $locality . $comma1 . $region . $comma2 . $country_name;
}
profile_activity($changes, $value);
}
$r = q("UPDATE `profile` \n\t\t\t\tSET `profile_name` = '%s',\n\t\t\t\t`fullname` = '%s',\n\t\t\t\t`pdesc` = '%s',\n\t\t\t\t`gender` = '%s',\n\t\t\t\t`dob` = '%s',\n\t\t\t\t`address` = '%s',\n\t\t\t\t`locality` = '%s',\n\t\t\t\t`region` = '%s',\n\t\t\t\t`postal_code` = '%s',\n\t\t\t\t`country_name` = '%s',\n\t\t\t\t`marital` = '%s',\n\t\t\t\t`partner` = '%s',\n\t\t\t\t`howlong` = '%s',\n\t\t\t\t`sexual` = '%s',\n\t\t\t\t`homepage` = '%s',\n\t\t\t\t`hometown` = '%s',\n\t\t\t\t`politic` = '%s',\n\t\t\t\t`religion` = '%s',\n\t\t\t\t`keywords` = '%s',\n\t\t\t\t`likes` = '%s',\n\t\t\t\t`dislikes` = '%s',\n\t\t\t\t`about` = '%s',\n\t\t\t\t`interest` = '%s',\n\t\t\t\t`contact` = '%s',\n\t\t\t\t`channels` = '%s',\n\t\t\t\t`music` = '%s',\n\t\t\t\t`book` = '%s',\n\t\t\t\t`tv` = '%s',\n\t\t\t\t`film` = '%s',\n\t\t\t\t`romance` = '%s',\n\t\t\t\t`employment` = '%s',\n\t\t\t\t`education` = '%s',\n\t\t\t\t`hide_friends` = %d\n\t\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($channels), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval(argv(1)), intval(local_channel()));
if ($r) {
info(t('Profile updated.') . EOL);
}
$r = q("select * from profile where id = %d and uid = %d limit 1", intval(argv(1)), intval(local_channel()));
if ($r) {
require_once 'include/zot.php';
build_sync_packet(local_channel(), array('profile' => $r));
}
$channel = \App::get_channel();
if ($namechanged && $is_default) {
$r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", dbesc($name), dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
$r = q("UPDATE channel SET channel_name = '%s' WHERE channel_hash = '%s'", dbesc($name), dbesc($channel['xchan_hash']));
}
if ($is_default) {
// reload the info for the sidebar widget - why does this not work?
profile_load($channel['channel_address']);
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
}
}
}
function post()
{
if (!local_channel()) {
return;
}
if ($_SESSION['delegate']) {
return;
}
$channel = \App::get_channel();
logger('mod_settings: ' . print_r($_REQUEST, true));
if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$key = $_POST['remove'];
q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
$name = x($_POST, 'name') ? $_POST['name'] : '';
$key = x($_POST, 'key') ? $_POST['key'] : '';
$secret = x($_POST, 'secret') ? $_POST['secret'] : '';
$redirect = x($_POST, 'redirect') ? $_POST['redirect'] : '';
$icon = x($_POST, 'icon') ? $_POST['icon'] : '';
$ok = true;
if ($name == '') {
$ok = false;
notice(t('Name is required') . EOL);
}
if ($key == '' || $secret == '') {
$ok = false;
notice(t('Key and Secret are required') . EOL);
}
if ($ok) {
if ($_POST['submit'] == t("Update")) {
$r = q("UPDATE clients SET\n\t\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\t\tclname='%s',\n\t\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()), dbesc($key));
} else {
$r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()));
$r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), intval(local_channel()), dbesc('all'));
}
}
goaway(z_root() . "/settings/oauth/");
return;
}
if (argc() > 1 && argv(1) == 'featured') {
check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured');
call_hooks('feature_settings_post', $_POST);
build_sync_packet();
return;
}
if (argc() > 1 && argv(1) == 'tokens') {
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
$token_errs = 0;
if (array_key_exists('token', $_POST)) {
$atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
$name = trim(escape_tags($_POST['name']));
$token = trim($_POST['token']);
if (!$name || !$token) {
$token_errs++;
}
if (trim($_POST['expires'])) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
} else {
$expires = NULL_DATE;
}
$max_atokens = service_class_fetch(local_channel(), 'access_tokens');
if ($max_atokens) {
$r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
if ($r && intval($r[0]['total']) >= $max_tokens) {
notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
return;
}
}
}
if ($token_errs) {
notice(t('Name and Password are required.') . EOL);
return;
}
if ($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' \n\t\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
} else {
$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
}
info(t('Token saved.') . EOL);
return;
}
if (argc() > 1 && argv(1) === 'features') {
check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
// Build list of features and check which are set
$features = get_features();
$all_features = array();
foreach ($features as $k => $v) {
foreach ($v as $f) {
$all_features[] = $f[0];
}
}
foreach ($all_features as $k) {
if (x($_POST, "feature_{$k}")) {
set_pconfig(local_channel(), 'feature', $k, 1);
} else {
set_pconfig(local_channel(), 'feature', $k, 0);
}
}
build_sync_packet();
return;
}
if (argc() > 1 && argv(1) == 'display') {
check_form_security_token_redirectOnErr('/settings/display', 'settings_display');
$theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : \App::$channel['channel_theme'];
$mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : '';
$preload_images = x($_POST, 'preload_images') ? intval($_POST['preload_images']) : 0;
$user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0;
$nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0;
$title_tosource = x($_POST, 'title_tosource') ? intval($_POST['title_tosource']) : 0;
$channel_list_mode = x($_POST, 'channel_list_mode') ? intval($_POST['channel_list_mode']) : 0;
$network_list_mode = x($_POST, 'network_list_mode') ? intval($_POST['network_list_mode']) : 0;
$channel_divmore_height = x($_POST, 'channel_divmore_height') ? intval($_POST['channel_divmore_height']) : 400;
if ($channel_divmore_height < 50) {
$channel_divmore_height = 50;
}
$network_divmore_height = x($_POST, 'network_divmore_height') ? intval($_POST['network_divmore_height']) : 400;
if ($network_divmore_height < 50) {
$network_divmore_height = 50;
}
$browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0;
$browser_update = $browser_update * 1000;
if ($browser_update < 10000) {
$browser_update = 10000;
}
$itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20;
if ($itemspage > 100) {
$itemspage = 100;
}
if ($mobile_theme == "---") {
del_pconfig(local_channel(), 'system', 'mobile_theme');
} else {
set_pconfig(local_channel(), 'system', 'mobile_theme', $mobile_theme);
}
set_pconfig(local_channel(), 'system', 'preload_images', $preload_images);
set_pconfig(local_channel(), 'system', 'user_scalable', $user_scalable);
set_pconfig(local_channel(), 'system', 'update_interval', $browser_update);
set_pconfig(local_channel(), 'system', 'itemspage', $itemspage);
set_pconfig(local_channel(), 'system', 'no_smilies', 1 - intval($nosmile));
set_pconfig(local_channel(), 'system', 'title_tosource', $title_tosource);
set_pconfig(local_channel(), 'system', 'channel_list_mode', $channel_list_mode);
set_pconfig(local_channel(), 'system', 'network_list_mode', $network_list_mode);
set_pconfig(local_channel(), 'system', 'channel_divmore_height', $channel_divmore_height);
set_pconfig(local_channel(), 'system', 'network_divmore_height', $network_divmore_height);
if ($theme == \App::$channel['channel_theme']) {
// call theme_post only if theme has not been changed
if (($themeconfigfile = $this->get_theme_config_file($theme)) != null) {
require_once $themeconfigfile;
theme_post($a);
}
}
$r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_channel()));
call_hooks('display_settings_post', $_POST);
build_sync_packet();
goaway(z_root() . '/settings/display');
return;
// NOTREACHED
}
if (argc() > 1 && argv(1) === 'account') {
check_form_security_token_redirectOnErr('/settings/account', 'settings_account');
call_hooks('account_settings_post', $_POST);
// call_hooks('settings_account', $_POST);
$errs = array();
$email = x($_POST, 'email') ? trim(notags($_POST['email'])) : '';
$account = \App::get_account();
if ($email != $account['account_email']) {
if (!valid_email($email)) {
$errs[] = t('Not valid email.');
}
$adm = trim(get_config('system', 'admin_email'));
if ($adm && strcasecmp($email, $adm) == 0) {
$errs[] = t('Protected email address. Cannot change to that email.');
$email = \App::$user['email'];
}
if (!$errs) {
$r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']));
if (!$r) {
$errs[] = t('System failure storing new email. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
$errs = array();
}
if (x($_POST, 'npassword') || x($_POST, 'confirm')) {
$origpass = trim($_POST['origpass']);
require_once 'include/auth.php';
if (!account_verify_password($email, $origpass)) {
$errs[] = t('Password verification failed.');
}
$newpass = trim($_POST['npassword']);
$confirm = trim($_POST['confirm']);
if ($newpass != $confirm) {
$errs[] = t('Passwords do not match. Password unchanged.');
}
if (!x($newpass) || !x($confirm)) {
$errs[] = t('Empty passwords are not allowed. Password unchanged.');
}
if (!$errs) {
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $newpass);
$r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id()));
if ($r) {
info(t('Password changed.') . EOL);
} else {
$errs[] = t('Password update failed. Please try again.');
}
}
}
if ($errs) {
foreach ($errs as $err) {
notice($err . EOL);
}
}
goaway(z_root() . '/settings/account');
}
check_form_security_token_redirectOnErr('/settings', 'settings');
call_hooks('settings_post', $_POST);
$set_perms = '';
$role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : '';
$oldrole = get_pconfig(local_channel(), 'system', 'permissions_role');
if ($role != $oldrole || $role === 'custom') {
if ($role === 'custom') {
$hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0;
$publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0;
$def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : '';
$r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel()));
$global_perms = get_perms();
foreach ($global_perms as $k => $v) {
$set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
}
$acl = new \Zotlabs\Access\AccessList($channel);
$acl->set_from_array($_POST);
$x = $acl->get();
$r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', \n\t\t\t\t\tchannel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d", dbesc($x['allow_cid']), dbesc($x['allow_gid']), dbesc($x['deny_cid']), dbesc($x['deny_gid']), intval(local_channel()));
} else {
$role_permissions = get_role_perms($_POST['permissions_role']);
if (!$role_permissions) {
notice('Permissions category could not be found.');
return;
}
$hide_presence = 1 - intval($role_permissions['online']);
if ($role_permissions['default_collection']) {
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
if (!$r) {
require_once 'include/group.php';
group_add(local_channel(), t('Friends'));
group_add_member(local_channel(), t('Friends'), $channel['channel_hash']);
$r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
}
if ($r) {
q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel()));
} else {
notice(sprintf('Default privacy group \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL);
return;
}
} else {
q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel()));
}
$r = q("update abook set abook_my_perms = %d where abook_channel = %d and abook_self = 1", intval(array_key_exists('perms_accept', $role_permissions) ? $role_permissions['perms_accept'] : 0), intval(local_channel()));
set_pconfig(local_channel(), 'system', 'autoperms', $role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0);
foreach ($role_permissions as $p => $v) {
if (strpos($p, 'channel_') !== false) {
$set_perms .= ', ' . $p . ' = ' . intval($v) . ' ';
}
if ($p === 'directory_publish') {
$publish = intval($v);
}
}
}
set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence);
set_pconfig(local_channel(), 'system', 'permissions_role', $role);
}
$username = x($_POST, 'username') ? notags(trim($_POST['username'])) : '';
$timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : '';
$defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : '';
$openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : '';
$maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0;
$expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0;
$evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3;
$photo_path = x($_POST, 'photo_path') ? escape_tags(trim($_POST['photo_path'])) : '';
$attach_path = x($_POST, 'attach_path') ? escape_tags(trim($_POST['attach_path'])) : '';
$channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '';
$expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0;
$expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0;
$expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0;
$expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0;
$allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0;
$blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1;
// this setting is inverted!
$unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0;
$cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0;
$suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0;
$post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0;
$post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0;
$post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0;
$adult = $_POST['adult'] == 1 ? 1 : 0;
$cal_first_day = x($_POST, 'first_day') && intval($_POST['first_day']) == 1 ? 1 : 0;
$channel = \App::get_channel();
$pageflags = $channel['channel_pageflags'];
$existing_adult = $pageflags & PAGE_ADULT ? 1 : 0;
if ($adult != $existing_adult) {
$pageflags = $pageflags ^ PAGE_ADULT;
}
$notify = 0;
if (x($_POST, 'notify1')) {
$notify += intval($_POST['notify1']);
}
if (x($_POST, 'notify2')) {
$notify += intval($_POST['notify2']);
}
if (x($_POST, 'notify3')) {
$notify += intval($_POST['notify3']);
}
if (x($_POST, 'notify4')) {
$notify += intval($_POST['notify4']);
}
if (x($_POST, 'notify5')) {
$notify += intval($_POST['notify5']);
}
if (x($_POST, 'notify6')) {
$notify += intval($_POST['notify6']);
}
if (x($_POST, 'notify7')) {
$notify += intval($_POST['notify7']);
}
if (x($_POST, 'notify8')) {
$notify += intval($_POST['notify8']);
}
$vnotify = 0;
if (x($_POST, 'vnotify1')) {
$vnotify += intval($_POST['vnotify1']);
}
if (x($_POST, 'vnotify2')) {
$vnotify += intval($_POST['vnotify2']);
}
if (x($_POST, 'vnotify3')) {
$vnotify += intval($_POST['vnotify3']);
}
if (x($_POST, 'vnotify4')) {
$vnotify += intval($_POST['vnotify4']);
}
if (x($_POST, 'vnotify5')) {
$vnotify += intval($_POST['vnotify5']);
}
if (x($_POST, 'vnotify6')) {
$vnotify += intval($_POST['vnotify6']);
}
if (x($_POST, 'vnotify7')) {
$vnotify += intval($_POST['vnotify7']);
}
if (x($_POST, 'vnotify8')) {
$vnotify += intval($_POST['vnotify8']);
}
if (x($_POST, 'vnotify9')) {
$vnotify += intval($_POST['vnotify9']);
}
if (x($_POST, 'vnotify10')) {
$vnotify += intval($_POST['vnotify10']);
}
if (x($_POST, 'vnotify11')) {
$vnotify += intval($_POST['vnotify11']);
}
$always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0;
$channel = \App::get_channel();
$err = '';
$name_change = false;
if ($username != $channel['channel_name']) {
$name_change = true;
require_once 'include/channel.php';
$err = validate_channelname($username);
if ($err) {
notice($err);
return;
}
}
if ($timezone != $channel['channel_timezone']) {
if (strlen($timezone)) {
date_default_timezone_set($timezone);
}
}
set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location);
set_pconfig(local_channel(), 'system', 'suggestme', $suggestme);
set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend);
set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup);
set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange);
set_pconfig(local_channel(), 'system', 'blocktags', $blocktags);
set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu);
set_pconfig(local_channel(), 'system', 'vnotify', $vnotify);
set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices);
set_pconfig(local_channel(), 'system', 'evdays', $evdays);
set_pconfig(local_channel(), 'system', 'photo_path', $photo_path);
set_pconfig(local_channel(), 'system', 'attach_path', $attach_path);
set_pconfig(local_channel(), 'system', 'cal_first_day', $cal_first_day);
$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel()));
if ($r) {
info(t('Settings updated.') . EOL);
}
if (!is_null($publish)) {
$r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel()));
}
if ($name_change) {
$r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']));
$r = q("update profile set fullname = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id']));
}
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
build_sync_packet();
//$_SESSION['theme'] = $theme;
if ($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) {
// FIXME - set to un-verified, blocked and redirect to logout
// Why? Are we verifying people or email addresses?
}
goaway(z_root() . '/settings');
return;
// NOTREACHED
}
function post()
{
logger('post: ' . print_r($_REQUEST, true), LOGGER_DATA);
if (!local_channel()) {
return;
}
if ($_FILES && array_key_exists('userfile', $_FILES) && intval($_FILES['userfile']['size'])) {
$src = $_FILES['userfile']['tmp_name'];
if ($src) {
$result = parse_ical_file($src, local_channel());
if ($result) {
info(t('Calendar entries imported.') . EOL);
} else {
notice(t('No calendar entries found.') . EOL);
}
@unlink($src);
}
goaway(z_root() . '/events');
}
$event_id = x($_POST, 'event_id') ? intval($_POST['event_id']) : 0;
$event_hash = x($_POST, 'event_hash') ? $_POST['event_hash'] : '';
$xchan = x($_POST, 'xchan') ? dbesc($_POST['xchan']) : '';
$uid = local_channel();
$start_text = escape_tags($_REQUEST['start_text']);
$finish_text = escape_tags($_REQUEST['finish_text']);
$adjust = intval($_POST['adjust']);
$nofinish = intval($_POST['nofinish']);
$categories = escape_tags(trim($_POST['category']));
// only allow editing your own events.
if ($xchan && $xchan !== get_observer_hash()) {
return;
}
if ($start_text) {
$start = $start_text;
} else {
$start = sprintf('%d-%d-%d %d:%d:0', $startyear, $startmonth, $startday, $starthour, $startminute);
}
if ($nofinish) {
$finish = NULL_DATE;
}
if ($finish_text) {
$finish = $finish_text;
} else {
$finish = sprintf('%d-%d-%d %d:%d:0', $finishyear, $finishmonth, $finishday, $finishhour, $finishminute);
}
if ($adjust) {
$start = datetime_convert(date_default_timezone_get(), 'UTC', $start);
if (!$nofinish) {
$finish = datetime_convert(date_default_timezone_get(), 'UTC', $finish);
}
} else {
$start = datetime_convert('UTC', 'UTC', $start);
if (!$nofinish) {
$finish = datetime_convert('UTC', 'UTC', $finish);
}
}
// Don't allow the event to finish before it begins.
// It won't hurt anything, but somebody will file a bug report
// and we'll waste a bunch of time responding to it. Time that
// could've been spent doing something else.
$summary = escape_tags(trim($_POST['summary']));
$desc = escape_tags(trim($_POST['desc']));
$location = escape_tags(trim($_POST['location']));
$type = escape_tags(trim($_POST['type']));
require_once 'include/text.php';
linkify_tags($a, $desc, local_channel());
linkify_tags($a, $location, local_channel());
//$action = ($event_hash == '') ? 'new' : "event/" . $event_hash;
//fixme: this url gives a wsod if there is a linebreak detected in one of the variables ($desc or $location)
//$onerror_url = z_root() . "/events/" . $action . "?summary=$summary&description=$desc&location=$location&start=$start_text&finish=$finish_text&adjust=$adjust&nofinish=$nofinish&type=$type";
$onerror_url = z_root() . "/events";
if (strcmp($finish, $start) < 0 && !$nofinish) {
notice(t('Event can not end before it has started.') . EOL);
if (intval($_REQUEST['preview'])) {
echo t('Unable to generate preview.');
killme();
}
goaway($onerror_url);
}
if (!$summary || !$start) {
notice(t('Event title and start time are required.') . EOL);
if (intval($_REQUEST['preview'])) {
echo t('Unable to generate preview.');
killme();
}
goaway($onerror_url);
}
$share = intval($_POST['share']) ? intval($_POST['share']) : 0;
$channel = \App::get_channel();
$acl = new \Zotlabs\Access\AccessList(false);
if ($event_id) {
$x = q("select * from event where id = %d and uid = %d limit 1", intval($event_id), intval(local_channel()));
if (!$x) {
notice(t('Event not found.') . EOL);
if (intval($_REQUEST['preview'])) {
echo t('Unable to generate preview.');
killme();
}
return;
}
$acl->set($x[0]);
$created = $x[0]['created'];
$edited = datetime_convert();
if ($x[0]['allow_cid'] === '<' . $channel['channel_hash'] . '>' && $x[0]['allow_gid'] === '' && $x[0]['deny_cid'] === '' && $x[0]['deny_gid'] === '') {
$share = false;
} else {
$share = true;
}
} else {
$created = $edited = datetime_convert();
if ($share) {
$acl->set_from_array($_POST);
} else {
$acl->set(array('allow_cid' => '<' . $channel['channel_hash'] . '>', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''));
}
}
$post_tags = array();
$channel = \App::get_channel();
$ac = $acl->get();
if (strlen($categories)) {
$cats = explode(',', $categories);
foreach ($cats as $cat) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $channel['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)));
}
}
$datarray = array();
$datarray['dtstart'] = $start;
$datarray['dtend'] = $finish;
$datarray['summary'] = $summary;
$datarray['description'] = $desc;
$datarray['location'] = $location;
$datarray['etype'] = $type;
$datarray['adjust'] = $adjust;
$datarray['nofinish'] = $nofinish;
$datarray['uid'] = local_channel();
$datarray['account'] = get_account_id();
$datarray['event_xchan'] = $channel['channel_hash'];
$datarray['allow_cid'] = $ac['allow_cid'];
$datarray['allow_gid'] = $ac['allow_gid'];
$datarray['deny_cid'] = $ac['deny_cid'];
$datarray['deny_gid'] = $ac['deny_gid'];
$datarray['private'] = $acl->is_private() ? 1 : 0;
$datarray['id'] = $event_id;
$datarray['created'] = $created;
$datarray['edited'] = $edited;
if (intval($_REQUEST['preview'])) {
$html = format_event_html($datarray);
echo $html;
killme();
}
$event = event_store_event($datarray);
if ($post_tags) {
$datarray['term'] = $post_tags;
}
$item_id = event_store_item($datarray, $event);
if ($item_id) {
$r = q("select * from item where id = %d", intval($item_id));
if ($r) {
xchan_query($r);
$sync_item = fetch_post_tags($r);
$z = q("select * from event where event_hash = '%s' and uid = %d limit 1", dbesc($r[0]['resource_id']), intval($channel['channel_id']));
if ($z) {
build_sync_packet($channel['channel_id'], array('event_item' => array(encode_item($sync_item[0], true)), 'event' => $z));
}
}
}
if ($share) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'event', $item_id));
}
}
function get()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = \App::get_channel();
$newuser = false;
if (argc() == 2 && argv(1) === 'new') {
$newuser = true;
}
if (argv(1) === 'use') {
if (argc() < 3) {
notice(t('Permission denied.') . EOL);
return;
}
$resource_id = argv(2);
// When using an existing photo, we don't have a dialogue to offer a choice of profiles,
// so it gets attached to the default
$p = q("select id from profile where is_default = 1 and uid = %d", intval(local_channel()));
if ($p) {
$_REQUEST['profile'] = $p[0]['id'];
}
$r = q("SELECT id, album, imgscale FROM photo WHERE uid = %d AND resource_id = '%s' ORDER BY imgscale ASC", intval(local_channel()), dbesc($resource_id));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
$havescale = false;
foreach ($r as $rr) {
if ($rr['imgscale'] == PHOTO_RES_PROFILE_80) {
$havescale = true;
}
}
// set an already loaded and cropped photo as profile photo
if ($r[0]['album'] == t('Profile Photos') && $havescale) {
// unset any existing profile photos
$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d AND uid = %d", intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval(local_channel()));
$r = q("UPDATE photo SET photo_usage = %d WHERE uid = %d AND resource_id = '%s'", intval(PHOTO_PROFILE), intval(local_channel()), dbesc($resource_id));
$r = q("UPDATE xchan set xchan_photo_date = '%s' \n\t\t\t\t\twhere xchan_hash = '%s'", dbesc(datetime_convert()), dbesc($channel['xchan_hash']));
profile_photo_set_profile_perms(local_channel());
// Reset default photo permissions to public
\Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
goaway(z_root() . '/profiles');
}
$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1", intval($r[0]['id']), intval(local_channel()));
if (!$r) {
notice(t('Photo not available.') . EOL);
return;
}
if (intval($r[0]['os_storage'])) {
$data = @file_get_contents($r[0]['content']);
} else {
$data = dbunescbin($r[0]['content']);
}
$ph = photo_factory($data, $r[0]['mimetype']);
$smallest = 0;
if ($ph->is_valid()) {
// go ahead as if we have just uploaded a new photo to crop
$i = q("select resource_id, imgscale from photo where resource_id = '%s' and uid = %d order by imgscale", dbesc($r[0]['resource_id']), intval(local_channel()));
if ($i) {
$hash = $i[0]['resource_id'];
foreach ($i as $ii) {
if (intval($ii['imgscale']) < PHOTO_RES_640) {
$smallest = intval($ii['imgscale']);
}
}
}
}
$this->profile_photo_crop_ui_head($a, $ph, $hash, $smallest);
// falls through with App::$data['imagecrop'] set so we go straight to the cropping section
}
// present an upload form
$profiles = q("select id, profile_name as name, is_default from profile where uid = %d order by id asc", intval(local_channel()));
if (!x(\App::$data, 'imagecrop')) {
$tpl = get_markup_template('profile_photo.tpl');
$o .= replace_macros($tpl, array('$user' => \App::$channel['channel_address'], '$lbl_upfile' => t('Upload File:'), '$lbl_profiles' => t('Select a profile:'), '$title' => t('Upload Profile Photo'), '$submit' => t('Upload'), '$profiles' => $profiles, '$single' => count($profiles) == 1 ? true : false, '$profile0' => $profiles[0], '$form_security_token' => get_form_security_token("profile_photo"), '$select' => sprintf('%s %s', t('or'), $newuser ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="' . z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')));
call_hooks('profile_photo_content_end', $o);
return $o;
} else {
// present a cropping form
$filename = \App::$data['imagecrop'] . '-' . \App::$data['imagecrop_resolution'];
$resolution = \App::$data['imagecrop_resolution'];
$tpl = get_markup_template("cropbody.tpl");
$o .= replace_macros($tpl, array('$filename' => $filename, '$profile' => intval($_REQUEST['profile']), '$resource' => \App::$data['imagecrop'] . '-' . \App::$data['imagecrop_resolution'], '$image_url' => z_root() . '/photo/' . $filename, '$title' => t('Crop Image'), '$desc' => t('Please adjust the image cropping for optimum viewing.'), '$form_security_token' => get_form_security_token("profile_photo"), '$done' => t('Done Editing')));
return $o;
}
return;
// NOTREACHED
}
function import_account($account_id)
{
if (!$account_id) {
logger("import_account: No account ID supplied");
return;
}
$max_identities = account_service_class_fetch($account_id, 'total_identities');
$max_friends = account_service_class_fetch($account_id, 'total_channels');
$max_feeds = account_service_class_fetch($account_id, 'total_feeds');
if ($max_identities !== false) {
$r = q("select channel_id from channel where channel_account_id = %d", intval($account_id));
if ($r && count($r) > $max_identities) {
notice(sprintf(t('Your service plan only allows %d channels.'), $max_identities) . EOL);
return;
}
}
$data = null;
$seize = x($_REQUEST, 'make_primary') ? intval($_REQUEST['make_primary']) : 0;
$import_posts = x($_REQUEST, 'import_posts') ? intval($_REQUEST['import_posts']) : 0;
$src = $_FILES['filename']['tmp_name'];
$filename = basename($_FILES['filename']['name']);
$filesize = intval($_FILES['filename']['size']);
$filetype = $_FILES['filename']['type'];
$completed = array_key_exists('import_step', $_SESSION) ? intval($_SESSION['import_step']) : 0;
if ($completed) {
logger('saved import step: ' . $_SESSION['import_step']);
}
if ($src) {
// This is OS specific and could also fail if your tmpdir isn't very large
// mostly used for Diaspora which exports gzipped files.
if (strpos($filename, '.gz')) {
@rename($src, $src . '.gz');
@system('gunzip ' . escapeshellarg($src . '.gz'));
}
if ($filesize) {
$data = @file_get_contents($src);
}
unlink($src);
}
if (!$src) {
$old_address = x($_REQUEST, 'old_address') ? $_REQUEST['old_address'] : '';
if (!$old_address) {
logger('mod_import: nothing to import.');
notice(t('Nothing to import.') . EOL);
return;
}
$email = x($_REQUEST, 'email') ? $_REQUEST['email'] : '';
$password = x($_REQUEST, 'password') ? $_REQUEST['password'] : '';
$channelname = substr($old_address, 0, strpos($old_address, '@'));
$servername = substr($old_address, strpos($old_address, '@') + 1);
$scheme = 'https://';
$api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname;
if ($import_posts) {
$api_path .= '&posts=1';
}
$binary = false;
$redirects = 0;
$opts = array('http_auth' => $email . ':' . $password);
$url = $scheme . $servername . $api_path;
$ret = z_fetch_url($url, $binary, $redirects, $opts);
if (!$ret['success']) {
$ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts);
}
if ($ret['success']) {
$data = $ret['body'];
} else {
notice(t('Unable to download data from old server') . EOL);
}
}
if (!$data) {
logger('mod_import: empty file.');
notice(t('Imported file is empty.') . EOL);
return;
}
$data = json_decode($data, true);
// logger('import: data: ' . print_r($data,true));
// print_r($data);
if (array_key_exists('user', $data) && array_key_exists('version', $data)) {
require_once 'include/Import/import_diaspora.php';
import_diaspora($data);
return;
}
$moving = false;
if (array_key_exists('compatibility', $data) && array_key_exists('database', $data['compatibility'])) {
$v1 = substr($data['compatibility']['database'], -4);
$v2 = substr(DB_UPDATE_VERSION, -4);
if ($v2 > $v1) {
$t = sprintf(t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1);
notice($t);
}
if (array_key_exists('server_role', $data['compatibility']) && $data['compatibility']['server_role'] == 'basic') {
$moving = true;
}
}
if ($moving) {
$seize = 1;
}
// import channel
$relocate = array_key_exists('relocate', $data) ? $data['relocate'] : null;
if (array_key_exists('channel', $data)) {
if ($completed < 1) {
$channel = import_channel($data['channel'], $account_id, $seize);
} else {
$r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1", intval($account_id), dbesc($channel['channel_guid']));
if ($r) {
$channel = $r[0];
}
}
if (!$channel) {
logger('mod_import: channel not found. ', print_r($channel, true));
notice(t('Cloned channel not found. Import failed.') . EOL);
return;
}
}
if (!$channel) {
$channel = \App::get_channel();
}
if (!$channel) {
logger('mod_import: channel not found. ', print_r($channel, true));
notice(t('No channel. Import failed.') . EOL);
return;
}
if ($completed < 2) {
if (is_array($data['config'])) {
import_config($channel, $data['config']);
}
logger('import step 2');
$_SESSION['import_step'] = 2;
}
if ($completed < 3) {
if ($data['photo']) {
require_once 'include/photo/photo_driver.php';
import_channel_photo(base64url_decode($data['photo']['data']), $data['photo']['type'], $account_id, $channel['channel_id']);
}
if (is_array($data['profile'])) {
import_profiles($channel, $data['profile']);
}
logger('import step 3');
$_SESSION['import_step'] = 3;
}
if ($completed < 4) {
if (is_array($data['hubloc']) && !$moving) {
import_hublocs($channel, $data['hubloc'], $seize);
}
logger('import step 4');
$_SESSION['import_step'] = 4;
}
if ($completed < 5) {
// create new hubloc for the new channel at this site
$r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_network, hubloc_primary, \n\t\t\t\thubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey )\n\t\t\t\tvalues ( '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )", dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), dbesc($channel['channel_hash']), dbesc(channel_reddress($channel)), dbesc('zot'), intval($seize ? 1 : 0), dbesc(z_root()), dbesc(base64url_encode(rsa_sign(z_root(), $channel['channel_prvkey']))), dbesc(\App::get_hostname()), dbesc(z_root() . '/post'), dbesc(get_config('system', 'pubkey')));
// reset the original primary hubloc if it is being seized
if ($seize) {
$r = q("update hubloc set hubloc_primary = 0 where hubloc_primary = 1 and hubloc_hash = '%s' and hubloc_url != '%s' ", dbesc($channel['channel_hash']), dbesc(z_root()));
}
logger('import step 5');
$_SESSION['import_step'] = 5;
}
if ($completed < 6) {
// import xchans and contact photos
if ($seize) {
// replace any existing xchan we may have on this site if we're seizing control
$r = q("delete from xchan where xchan_hash = '%s'", dbesc($channel['channel_hash']));
$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d )", dbesc($channel['channel_hash']), dbesc($channel['channel_guid']), dbesc($channel['channel_guid_sig']), dbesc($channel['channel_pubkey']), dbesc(z_root() . "/photo/profile/l/" . $channel['channel_id']), dbesc(z_root() . "/photo/profile/m/" . $channel['channel_id']), dbesc(z_root() . "/photo/profile/s/" . $channel['channel_id']), dbesc(channel_reddress($channel)), dbesc(z_root() . '/channel/' . $channel['channel_address']), dbesc(z_root() . '/follow?f=&url=%s'), dbesc(z_root() . '/poco/' . $channel['channel_address']), dbesc($channel['channel_name']), dbesc('zot'), dbesc(datetime_convert()), dbesc(datetime_convert()), 0, 0, 0, 0, 0, 0, 0);
}
logger('import step 6');
$_SESSION['import_step'] = 6;
}
if ($completed < 7) {
$xchans = $data['xchan'];
if ($xchans) {
foreach ($xchans as $xchan) {
$hash = make_xchan_hash($xchan['xchan_guid'], $xchan['xchan_guid_sig']);
if ($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) {
logger('forged xchan: ' . print_r($xchan, true));
continue;
}
if (!array_key_exists('xchan_hidden', $xchan)) {
$xchan['xchan_hidden'] = $xchan['xchan_flags'] & 0x1 ? 1 : 0;
$xchan['xchan_orphan'] = $xchan['xchan_flags'] & 0x2 ? 1 : 0;
$xchan['xchan_censored'] = $xchan['xchan_flags'] & 0x4 ? 1 : 0;
$xchan['xchan_selfcensored'] = $xchan['xchan_flags'] & 0x8 ? 1 : 0;
$xchan['xchan_system'] = $xchan['xchan_flags'] & 0x10 ? 1 : 0;
$xchan['xchan_pubforum'] = $xchan['xchan_flags'] & 0x20 ? 1 : 0;
$xchan['xchan_deleted'] = $xchan['xchan_flags'] & 0x1000 ? 1 : 0;
}
$r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1", dbesc($xchan['xchan_hash']));
if ($r) {
continue;
}
dbesc_array($xchan);
$r = dbq("INSERT INTO xchan (`" . implode("`, `", array_keys($xchan)) . "`) VALUES ('" . implode("', '", array_values($xchan)) . "')");
require_once 'include/photo/photo_driver.php';
$photos = import_xchan_photo($xchan['xchan_photo_l'], $xchan['xchan_hash']);
if ($photos[4]) {
$photodate = NULL_DATE;
} else {
$photodate = $xchan['xchan_photo_date'];
}
$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'\n\t\t\t\t\t\twhere xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($photodate), dbesc($xchan['xchan_hash']));
}
}
logger('import step 7');
$_SESSION['import_step'] = 7;
}
// FIXME - ensure we have an xchan if somebody is trying to pull a fast one
if ($completed < 8) {
$friends = 0;
$feeds = 0;
// import contacts
$abooks = $data['abook'];
if ($abooks) {
foreach ($abooks as $abook) {
$abook_copy = $abook;
$abconfig = null;
if (array_key_exists('abconfig', $abook) && is_array($abook['abconfig']) && count($abook['abconfig'])) {
$abconfig = $abook['abconfig'];
}
unset($abook['abook_id']);
unset($abook['abook_rating']);
unset($abook['abook_rating_text']);
unset($abook['abconfig']);
unset($abook['abook_their_perms']);
unset($abook['abook_my_perms']);
$abook['abook_account'] = $account_id;
$abook['abook_channel'] = $channel['channel_id'];
if (!array_key_exists('abook_blocked', $abook)) {
$abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0;
$abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0;
$abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0;
$abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0;
$abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0;
$abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0;
$abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0;
$abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0;
}
if ($abook['abook_self']) {
$role = get_pconfig($channel['channel_id'], 'system', 'permissions_role');
if ($role === 'forum' || $abook['abook_my_perms'] & PERMS_W_TAGWALL) {
q("update xchan set xchan_pubforum = 1 where xchan_hash = '%s' ", dbesc($abook['abook_xchan']));
}
} else {
if ($max_friends !== false && $friends > $max_friends) {
continue;
}
if ($max_feeds !== false && intval($abook['abook_feed']) && $feeds > $max_feeds) {
continue;
}
}
dbesc_array($abook);
$r = dbq("INSERT INTO abook (`" . implode("`, `", array_keys($abook)) . "`) VALUES ('" . implode("', '", array_values($abook)) . "')");
$friends++;
if (intval($abook['abook_feed'])) {
$feeds++;
}
translate_abook_perms_inbound($channel, $abook_copy);
if ($abconfig) {
// @fixme does not handle sync of del_abconfig
foreach ($abconfig as $abc) {
set_abconfig($channel['channel_id'], $abc['xchan'], $abc['cat'], $abc['k'], $abc['v']);
}
}
}
}
logger('import step 8');
$_SESSION['import_step'] = 8;
}
if ($completed < 9) {
$groups = $data['group'];
if ($groups) {
$saved = array();
foreach ($groups as $group) {
$saved[$group['hash']] = array('old' => $group['id']);
if (array_key_exists('name', $group)) {
$group['gname'] = $group['name'];
unset($group['name']);
}
unset($group['id']);
$group['uid'] = $channel['channel_id'];
dbesc_array($group);
$r = dbq("INSERT INTO groups (`" . implode("`, `", array_keys($group)) . "`) VALUES ('" . implode("', '", array_values($group)) . "')");
}
$r = q("select * from `groups` where uid = %d", intval($channel['channel_id']));
if ($r) {
foreach ($r as $rr) {
$saved[$rr['hash']]['new'] = $rr['id'];
}
}
}
$group_members = $data['group_member'];
if ($group_members) {
foreach ($group_members as $group_member) {
unset($group_member['id']);
$group_member['uid'] = $channel['channel_id'];
foreach ($saved as $x) {
if ($x['old'] == $group_member['gid']) {
$group_member['gid'] = $x['new'];
}
}
dbesc_array($group_member);
$r = dbq("INSERT INTO group_member (`" . implode("`, `", array_keys($group_member)) . "`) VALUES ('" . implode("', '", array_values($group_member)) . "')");
}
}
logger('import step 9');
$_SESSION['import_step'] = 9;
}
if (is_array($data['obj'])) {
import_objs($channel, $data['obj']);
}
if (is_array($data['likes'])) {
import_likes($channel, $data['likes']);
}
if (is_array($data['app'])) {
import_apps($channel, $data['app']);
}
if (is_array($data['chatroom'])) {
import_chatrooms($channel, $data['chatroom']);
}
if (is_array($data['conv'])) {
import_conv($channel, $data['conv']);
}
if (is_array($data['mail'])) {
import_mail($channel, $data['mail']);
}
if (is_array($data['event'])) {
import_events($channel, $data['event']);
}
if (is_array($data['event_item'])) {
import_items($channel, $data['event_item'], false, $relocate);
}
if (is_array($data['menu'])) {
import_menus($channel, $data['menu']);
}
$addon = array('channel' => $channel, 'data' => $data);
call_hooks('import_channel', $addon);
$saved_notification_flags = notifications_off($channel['channel_id']);
if ($import_posts && array_key_exists('item', $data) && $data['item']) {
import_items($channel, $data['item'], false, $relocate);
}
notifications_on($channel['channel_id'], $saved_notification_flags);
if (array_key_exists('item_id', $data) && $data['item_id']) {
import_item_ids($channel, $data['item_id']);
}
// FIXME - ensure we have a self entry if somebody is trying to pull a fast one
// send out refresh requests
// notify old server that it may no longer be primary.
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'location', $channel['channel_id']));
// This will indirectly perform a refresh_all *and* update the directory
\Zotlabs\Daemon\Master::Summon(array('Directory', $channel['channel_id']));
notice(t('Import completed.') . EOL);
change_channel($channel['channel_id']);
unset($_SESSION['import_step']);
goaway(z_root() . '/network');
}
function poller_run($argc, $argv)
{
cli_startup();
\Zotlabs\Daemon\Master::Summon(array('Cron'));
}
function post()
{
// This will change. Figure out who the observer is and whether or not
// they have permission to post here. Else ignore the post.
if (!local_channel() && !remote_channel() && !x($_REQUEST, 'commenter')) {
return;
}
require_once 'include/security.php';
$uid = local_channel();
$channel = null;
$observer = null;
/**
* Is this a reply to something?
*/
$parent = x($_REQUEST, 'parent') ? intval($_REQUEST['parent']) : 0;
$parent_mid = x($_REQUEST, 'parent_mid') ? trim($_REQUEST['parent_mid']) : '';
$remote_xchan = x($_REQUEST, 'remote_xchan') ? trim($_REQUEST['remote_xchan']) : false;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($remote_xchan));
if ($r) {
$remote_observer = $r[0];
} else {
$remote_xchan = $remote_observer = false;
}
$profile_uid = x($_REQUEST, 'profile_uid') ? intval($_REQUEST['profile_uid']) : 0;
require_once 'include/channel.php';
$sys = get_sys_channel();
if ($sys && $profile_uid && $sys['channel_id'] == $profile_uid && is_site_admin()) {
$uid = intval($sys['channel_id']);
$channel = $sys;
$observer = $sys;
}
if (x($_REQUEST, 'dropitems')) {
require_once 'include/items.php';
$arr_drop = explode(',', $_REQUEST['dropitems']);
drop_items($arr_drop);
$json = array('success' => 1);
echo json_encode($json);
killme();
}
call_hooks('post_local_start', $_REQUEST);
// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
$api_source = x($_REQUEST, 'api_source') && $_REQUEST['api_source'] ? true : false;
$consensus = intval($_REQUEST['consensus']);
// 'origin' (if non-zero) indicates that this network is where the message originated,
// for the purpose of relaying comments to other conversation members.
// If using the API from a device (leaf node) you must set origin to 1 (default) or leave unset.
// If the API is used from another network with its own distribution
// and deliveries, you may wish to set origin to 0 or false and allow the other
// network to relay comments.
// If you are unsure, it is prudent (and important) to leave it unset.
$origin = $api_source && array_key_exists('origin', $_REQUEST) ? intval($_REQUEST['origin']) : 1;
// To represent message-ids on other networks - this will create an iconfig record
$namespace = $api_source && array_key_exists('namespace', $_REQUEST) ? strip_tags($_REQUEST['namespace']) : '';
$remote_id = $api_source && array_key_exists('remote_id', $_REQUEST) ? strip_tags($_REQUEST['remote_id']) : '';
$owner_hash = null;
$message_id = x($_REQUEST, 'message_id') && $api_source ? strip_tags($_REQUEST['message_id']) : '';
$created = x($_REQUEST, 'created') ? datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['created']) : datetime_convert();
$post_id = x($_REQUEST, 'post_id') ? intval($_REQUEST['post_id']) : 0;
$app = x($_REQUEST, 'source') ? strip_tags($_REQUEST['source']) : '';
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
$preview = x($_REQUEST, 'preview') ? intval($_REQUEST['preview']) : 0;
$categories = x($_REQUEST, 'category') ? escape_tags($_REQUEST['category']) : '';
$webpage = x($_REQUEST, 'webpage') ? intval($_REQUEST['webpage']) : 0;
$pagetitle = x($_REQUEST, 'pagetitle') ? escape_tags(urlencode($_REQUEST['pagetitle'])) : '';
$layout_mid = x($_REQUEST, 'layout_mid') ? escape_tags($_REQUEST['layout_mid']) : '';
$plink = x($_REQUEST, 'permalink') ? escape_tags($_REQUEST['permalink']) : '';
$obj_type = x($_REQUEST, 'obj_type') ? escape_tags($_REQUEST['obj_type']) : ACTIVITY_OBJ_NOTE;
// allow API to bulk load a bunch of imported items with sending out a bunch of posts.
$nopush = x($_REQUEST, 'nopush') ? intval($_REQUEST['nopush']) : 0;
/*
* Check service class limits
*/
if ($uid && !x($_REQUEST, 'parent') && !x($_REQUEST, 'post_id')) {
$ret = $this->item_check_service_class($uid, $_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE ? true : false);
if (!$ret['success']) {
notice(t($ret['message']) . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
}
if ($pagetitle) {
require_once 'library/urlify/URLify.php';
$pagetitle = strtolower(\URLify::transliterate($pagetitle));
}
$item_flags = $item_restrict = 0;
$route = '';
$parent_item = null;
$parent_contact = null;
$thr_parent = '';
$parid = 0;
$r = false;
if ($parent || $parent_mid) {
if (!x($_REQUEST, 'type')) {
$_REQUEST['type'] = 'net-comment';
}
if ($obj_type == ACTIVITY_OBJ_POST) {
$obj_type = ACTIVITY_OBJ_COMMENT;
}
if ($parent) {
$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", intval($parent));
} elseif ($parent_mid && $uid) {
// This is coming from an API source, and we are logged in
$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1", dbesc($parent_mid), intval($uid));
}
// if this isn't the real parent of the conversation, find it
if ($r !== false && count($r)) {
$parid = $r[0]['parent'];
$parent_mid = $r[0]['mid'];
if ($r[0]['id'] != $r[0]['parent']) {
$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1", intval($parid));
}
}
if ($r === false || !count($r)) {
notice(t('Unable to locate original post.') . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
// can_comment_on_post() needs info from the following xchan_query
// This may be from the discover tab which means we need to correct the effective uid
xchan_query($r, true, $r[0]['uid'] == local_channel() ? 0 : local_channel());
$parent_item = $r[0];
$parent = $r[0]['id'];
// multi-level threading - preserve the info but re-parent to our single level threading
$thr_parent = $parent_mid;
$route = $parent_item['route'];
}
if (!$observer) {
$observer = \App::get_observer();
}
if ($parent) {
logger('mod_item: item_post parent=' . $parent);
$can_comment = false;
if (array_key_exists('owner', $parent_item) && intval($parent_item['owner']['abook_self'])) {
$can_comment = perm_is_allowed($profile_uid, $observer['xchan_hash'], 'post_comments');
} else {
$can_comment = can_comment_on_post($observer['xchan_hash'], $parent_item);
}
if (!$can_comment) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
} else {
if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], $webpage ? 'write_pages' : 'post_wall')) {
notice(t('Permission denied.') . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
}
// is this an edited post?
$orig_post = null;
if ($namespace && $remote_id) {
// It wasn't an internally generated post - see if we've got an item matching this remote service id
$i = q("select iid from iconfig where cat = 'system' and k = '%s' and v = '%s' limit 1", dbesc($namespace), dbesc($remote_id));
if ($i) {
$post_id = $i[0]['iid'];
}
}
$iconfig = null;
if ($post_id) {
$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1", intval($profile_uid), intval($post_id));
if (!count($i)) {
killme();
}
$orig_post = $i[0];
$iconfig = q("select * from iconfig where iid = %d", intval($post_id));
}
if (!$channel) {
if ($uid && $uid == $profile_uid) {
$channel = \App::get_channel();
} else {
// posting as yourself but not necessarily to a channel you control
$r = q("select * from channel left join account on channel_account_id = account_id where channel_id = %d LIMIT 1", intval($profile_uid));
if ($r) {
$channel = $r[0];
}
}
}
if (!$channel) {
logger("mod_item: no channel.");
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
$owner_xchan = null;
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($channel['channel_hash']));
if ($r && count($r)) {
$owner_xchan = $r[0];
} else {
logger("mod_item: no owner.");
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
$walltowall = false;
$walltowall_comment = false;
if ($remote_xchan) {
$observer = $remote_observer;
}
if ($observer) {
logger('mod_item: post accepted from ' . $observer['xchan_name'] . ' for ' . $owner_xchan['xchan_name'], LOGGER_DEBUG);
// wall-to-wall detection.
// For top-level posts, if the author and owner are different it's a wall-to-wall
// For comments, We need to additionally look at the parent and see if it's a wall post that originated locally.
if ($observer['xchan_name'] != $owner_xchan['xchan_name']) {
if ($parent_item && ($parent_item['item_wall'] && $parent_item['item_origin'])) {
$walltowall_comment = true;
$walltowall = true;
}
if (!$parent) {
$walltowall = true;
}
}
}
$acl = new \Zotlabs\Access\AccessList($channel);
$public_policy = x($_REQUEST, 'public_policy') ? escape_tags($_REQUEST['public_policy']) : map_scope($channel['channel_r_stream'], true);
if ($webpage) {
$public_policy = '';
}
if ($public_policy) {
$private = 1;
}
if ($orig_post) {
$private = 0;
// webpages are allowed to change ACLs after the fact. Normal conversation items aren't.
if ($webpage) {
$acl->set_from_array($_REQUEST);
} else {
$acl->set($orig_post);
$public_policy = $orig_post['public_policy'];
$private = $orig_post['item_private'];
}
if ($private || $public_policy || $acl->is_private()) {
$private = 1;
}
$location = $orig_post['location'];
$coord = $orig_post['coord'];
$verb = $orig_post['verb'];
$app = $orig_post['app'];
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$item_flags = $orig_post['item_flags'];
$item_origin = $orig_post['item_origin'];
$item_unseen = $orig_post['item_unseen'];
$item_starred = $orig_post['item_starred'];
$item_uplink = $orig_post['item_uplink'];
$item_consensus = $orig_post['item_consensus'];
$item_wall = $orig_post['item_wall'];
$item_thread_top = $orig_post['item_thread_top'];
$item_notshown = $orig_post['item_notshown'];
$item_nsfw = $orig_post['item_nsfw'];
$item_relay = $orig_post['item_relay'];
$item_mentionsme = $orig_post['item_mentionsme'];
$item_nocomment = $orig_post['item_nocomment'];
$item_obscured = $orig_post['item_obscured'];
$item_verified = $orig_post['item_verified'];
$item_retained = $orig_post['item_retained'];
$item_rss = $orig_post['item_rss'];
$item_deleted = $orig_post['item_deleted'];
$item_type = $orig_post['item_type'];
$item_hidden = $orig_post['item_hidden'];
$item_unpublished = $orig_post['item_unpublished'];
$item_delayed = $orig_post['item_delayed'];
$item_pending_remove = $orig_post['item_pending_remove'];
$item_blocked = $orig_post['item_blocked'];
$postopts = $orig_post['postopts'];
$created = $orig_post['created'];
$mid = $orig_post['mid'];
$parent_mid = $orig_post['parent_mid'];
$plink = $orig_post['plink'];
} else {
if (!$walltowall) {
if (array_key_exists('contact_allow', $_REQUEST) || array_key_exists('group_allow', $_REQUEST) || array_key_exists('contact_deny', $_REQUEST) || array_key_exists('group_deny', $_REQUEST)) {
$acl->set_from_array($_REQUEST);
} elseif (!$api_source) {
// if no ACL has been defined and we aren't using the API, the form
// didn't send us any parameters. This means there's no ACL or it has
// been reset to the default audience.
// If $api_source is set and there are no ACL parameters, we default
// to the channel permissions which were set in the ACL contructor.
$acl->set(array('allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => ''));
}
}
$location = notags(trim($_REQUEST['location']));
$coord = notags(trim($_REQUEST['coord']));
$verb = notags(trim($_REQUEST['verb']));
$title = escape_tags(trim($_REQUEST['title']));
$body = trim($_REQUEST['body']);
$body .= trim($_REQUEST['attachment']);
$postopts = '';
$private = intval($acl->is_private() || $public_policy);
// If this is a comment, set the permissions from the parent.
if ($parent_item) {
$private = 0;
$acl->set($parent_item);
$private = intval($acl->is_private() || $parent_item['item_private']);
$public_policy = $parent_item['public_policy'];
$owner_hash = $parent_item['owner_xchan'];
}
if (!strlen($body)) {
if ($preview) {
killme();
}
info(t('Empty post discarded.') . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
}
$expires = NULL_DATE;
if (feature_enabled($profile_uid, 'content_expire')) {
if (x($_REQUEST, 'expire')) {
$expires = datetime_convert(date_default_timezone_get(), 'UTC', $_REQUEST['expire']);
if ($expires <= datetime_convert()) {
$expires = NULL_DATE;
}
}
}
$mimetype = notags(trim($_REQUEST['mimetype']));
if (!$mimetype) {
$mimetype = 'text/bbcode';
}
if ($preview) {
$body = z_input_filter($profile_uid, $body, $mimetype);
}
// Verify ability to use html or php!!!
$execflag = false;
if ($mimetype !== 'text/bbcode') {
$z = q("select account_id, account_roles, channel_pageflags from account left join channel on channel_account_id = account_id where channel_id = %d limit 1", intval($profile_uid));
if ($z && ($z[0]['account_roles'] & ACCOUNT_ROLE_ALLOWCODE || $z[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
if ($uid && get_account_id() == $z[0]['account_id']) {
$execflag = true;
} else {
notice(t('Executable content type not permitted to this channel.') . EOL);
if (x($_REQUEST, 'return')) {
goaway(z_root() . "/" . $return_path);
}
killme();
}
}
}
$gacl = $acl->get();
$str_contact_allow = $gacl['allow_cid'];
$str_group_allow = $gacl['allow_gid'];
$str_contact_deny = $gacl['deny_cid'];
$str_group_deny = $gacl['deny_gid'];
if ($mimetype === 'text/bbcode') {
require_once 'include/text.php';
// Markdown doesn't work correctly. Do not re-enable unless you're willing to fix it and support it.
// Sample that will probably give you grief - you must preserve the linebreaks
// and provide the correct markdown interpretation and you cannot allow unfiltered HTML
// Markdown
// ========
//
// **bold** abcde
// fghijkl
// *italic*
// <img src="javascript:alert('hacked');" />
// if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
// require_once('include/bb2diaspora.php');
// $body = escape_tags(trim($body));
// $body = str_replace("\n",'<br />', $body);
// $body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);
// $body = diaspora2bb($body,true);
// $body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
// }
// BBCODE alert: the following functions assume bbcode input
// and will require alternatives for alternative content-types (text/html, text/markdown, text/plain, etc.)
// we may need virtual or template classes to implement the possible alternatives
// Work around doubled linefeeds in Tinymce 3.5b2
// First figure out if it's a status post that would've been
// created using tinymce. Otherwise leave it alone.
$plaintext = true;
// $plaintext = ((feature_enabled($profile_uid,'richtext')) ? false : true);
// if((! $parent) && (! $api_source) && (! $plaintext)) {
// $body = fix_mce_lf($body);
// }
// If we're sending a private top-level message with a single @-taggable channel as a recipient, @-tag it, if our pconfig is set.
if (!$parent && get_pconfig($profile_uid, 'system', 'tagifonlyrecip') && substr_count($str_contact_allow, '<') == 1 && $str_group_allow == '' && $str_contact_deny == '' && $str_group_deny == '') {
$x = q("select abook_id, abook_their_perms from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc(str_replace(array('<', '>'), array('', ''), $str_contact_allow)), intval($profile_uid));
if ($x && $x[0]['abook_their_perms'] & PERMS_W_TAGWALL) {
$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
}
}
/**
* fix naked links by passing through a callback to see if this is a hubzilla site
* (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both.
* First protect any url inside certain bbcode tags so we don't double link it.
*/
$body = preg_replace_callback('/\\[code(.*?)\\[\\/(code)\\]/ism', '\\red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[url(.*?)\\[\\/(url)\\]/ism', '\\red_escape_codeblock', $body);
$body = preg_replace_callback('/\\[zrl(.*?)\\[\\/(zrl)\\]/ism', '\\red_escape_codeblock', $body);
$body = preg_replace_callback("/([^\\]\\='" . '"' . "\\/]|^|\\#\\^)(https?\\:\\/\\/[a-zA-Z0-9\\:\\/\\-\\?\\&\\;\\.\\=\\@\\_\\~\\#\\%\$\\!\\+\\,]+)/ism", '\\red_zrl_callback', $body);
$body = preg_replace_callback('/\\[\\$b64zrl(.*?)\\[\\/(zrl)\\]/ism', '\\red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64url(.*?)\\[\\/(url)\\]/ism', '\\red_unescape_codeblock', $body);
$body = preg_replace_callback('/\\[\\$b64code(.*?)\\[\\/(code)\\]/ism', '\\red_unescape_codeblock', $body);
// fix any img tags that should be zmg
$body = preg_replace_callback('/\\[img(.*?)\\](.*?)\\[\\/img\\]/ism', '\\red_zrlify_img_callback', $body);
$body = bb_translate_video($body);
/**
* Fold multi-line [code] sequences
*/
$body = preg_replace('/\\[\\/code\\]\\s*\\[code\\]/ism', "\n", $body);
$body = scale_external_images($body, false);
// Look for tags and linkify them
$results = linkify_tags($a, $body, $uid ? $uid : $profile_uid);
if ($results) {
// Set permissions based on tag replacements
set_linkified_perms($results, $str_contact_allow, $str_group_allow, $profile_uid, $parent_item, $private);
$post_tags = array();
foreach ($results as $result) {
$success = $result['success'];
if ($success['replaced']) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
}
}
}
/**
*
* When a photo was uploaded into the message using the (profile wall) ajax
* uploader, The permissions are initially set to disallow anybody but the
* owner from seeing it. This is because the permissions may not yet have been
* set for the post. If it's private, the photo permissions should be set
* appropriately. But we didn't know the final permissions on the post until
* now. So now we'll look for links of uploaded photos and attachments that are in the
* post and set them to the same permissions as the post itself.
*
* If the post was end-to-end encrypted we can't find images and attachments in the body,
* use our media_str input instead which only contains these elements - but only do this
* when encrypted content exists because the photo/attachment may have been removed from
* the post and we should keep it private. If it's encrypted we have no way of knowing
* so we'll set the permissions regardless and realise that the media may not be
* referenced in the post.
*
* What is preventing us from being able to upload photos into comments is dealing with
* the photo and attachment permissions, since we don't always know who was in the
* distribution for the top level post.
*
* We might be able to provide this functionality with a lot of fiddling:
* - if the top level post is public (make the photo public)
* - if the top level post was written by us or a wall post that belongs to us (match the top level post)
* - if the top level post has privacy mentions, add those to the permissions.
* - otherwise disallow the photo *or* make the photo public. This is the part that gets messy.
*/
if (!$preview) {
$this->fix_attached_photo_permissions($profile_uid, $owner_xchan['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
$this->fix_attached_file_permissions($channel, $observer['xchan_hash'], strpos($body, '[/crypt]') ? $_POST['media_str'] : $body, $str_contact_allow, $str_group_allow, $str_contact_deny, $str_group_deny);
}
$attachments = '';
$match = false;
if (preg_match_all('/(\\[attachment\\](.*?)\\[\\/attachment\\])/', $body, $match)) {
$attachments = array();
$i = 0;
foreach ($match[2] as $mtch) {
$attach_link = '';
$hash = substr($mtch, 0, strpos($mtch, ','));
$rev = intval(substr($mtch, strpos($mtch, ',')));
$r = attach_by_hash_nodata($hash, $rev);
if ($r['success']) {
$attachments[] = array('href' => z_root() . '/attach/' . $r['data']['hash'], 'length' => $r['data']['filesize'], 'type' => $r['data']['filetype'], 'title' => urlencode($r['data']['filename']), 'revision' => $r['data']['revision']);
}
$ext = substr($r['data']['filename'], strrpos($r['data']['filename'], '.'));
if (strpos($r['data']['filetype'], 'audio/') !== false) {
$attach_link = '[audio]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . ($ext ? $ext : '') . '[/audio]';
} elseif (strpos($r['data']['filetype'], 'video/') !== false) {
$attach_link = '[video]' . z_root() . '/attach/' . $r['data']['hash'] . '/' . $r['data']['revision'] . ($ext ? $ext : '') . '[/video]';
}
$body = str_replace($match[1][$i], $attach_link, $body);
$i++;
}
}
}
// BBCODE end alert
if (strlen($categories)) {
$cats = explode(',', $categories);
foreach ($cats as $cat) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => TERM_CATEGORY, 'otype' => TERM_OBJ_POST, 'term' => trim($cat), 'url' => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat)));
}
}
if ($orig_post) {
// preserve original tags
$t = q("select * from term where oid = %d and otype = %d and uid = %d and ttype in ( %d, %d, %d )", intval($orig_post['id']), intval(TERM_OBJ_POST), intval($profile_uid), intval(TERM_UNKNOWN), intval(TERM_FILE), intval(TERM_COMMUNITYTAG));
if ($t) {
foreach ($t as $t1) {
$post_tags[] = array('uid' => $profile_uid, 'ttype' => $t1['type'], 'otype' => TERM_OBJ_POST, 'term' => $t1['term'], 'url' => $t1['url']);
}
}
}
$item_unseen = local_channel() != $profile_uid ? 1 : 0;
$item_wall = $post_type === 'wall' || $post_type === 'wall-comment' ? 1 : 0;
$item_origin = $origin ? 1 : 0;
$item_consensus = $consensus ? 1 : 0;
// determine if this is a wall post
if ($parent) {
$item_wall = $parent_item['item_wall'];
} else {
if (!$webpage) {
$item_wall = 1;
}
}
if ($moderated) {
$item_blocked = ITEM_MODERATED;
}
if (!strlen($verb)) {
$verb = ACTIVITY_POST;
}
$notify_type = $parent ? 'comment-new' : 'wall-new';
if (!$mid) {
$mid = $message_id ? $message_id : item_message_id();
}
if (!$parent_mid) {
$parent_mid = $mid;
}
if ($parent_item) {
$parent_mid = $parent_item['mid'];
}
// Fallback so that we alway have a thr_parent
if (!$thr_parent) {
$thr_parent = $mid;
}
$datarray = array();
$item_thread_top = !$parent ? 1 : 0;
if (!$plink && $item_thread_top) {
$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
}
$datarray['aid'] = $channel['channel_account_id'];
$datarray['uid'] = $profile_uid;
$datarray['owner_xchan'] = $owner_hash ? $owner_hash : $owner_xchan['xchan_hash'];
$datarray['author_xchan'] = $observer['xchan_hash'];
$datarray['created'] = $created;
$datarray['edited'] = $orig_post ? datetime_convert() : $created;
$datarray['expires'] = $expires;
$datarray['commented'] = $orig_post ? datetime_convert() : $created;
$datarray['received'] = $orig_post ? datetime_convert() : $created;
$datarray['changed'] = $orig_post ? datetime_convert() : $created;
$datarray['mid'] = $mid;
$datarray['parent_mid'] = $parent_mid;
$datarray['mimetype'] = $mimetype;
$datarray['title'] = $title;
$datarray['body'] = $body;
$datarray['app'] = $app;
$datarray['location'] = $location;
$datarray['coord'] = $coord;
$datarray['verb'] = $verb;
$datarray['obj_type'] = $obj_type;
$datarray['allow_cid'] = $str_contact_allow;
$datarray['allow_gid'] = $str_group_allow;
$datarray['deny_cid'] = $str_contact_deny;
$datarray['deny_gid'] = $str_group_deny;
$datarray['item_private'] = $private;
$datarray['item_wall'] = $item_wall;
$datarray['attach'] = $attachments;
$datarray['thr_parent'] = $thr_parent;
$datarray['postopts'] = $postopts;
$datarray['item_unseen'] = $item_unseen;
$datarray['item_wall'] = $item_wall;
$datarray['item_origin'] = $item_origin;
$datarray['item_type'] = $webpage;
$datarray['item_thread_top'] = $item_thread_top;
$datarray['item_unseen'] = $item_unseen;
$datarray['item_starred'] = $item_starred;
$datarray['item_uplink'] = $item_uplink;
$datarray['item_consensus'] = $item_consensus;
$datarray['item_notshown'] = $item_notshown;
$datarray['item_nsfw'] = $item_nsfw;
$datarray['item_relay'] = $item_relay;
$datarray['item_mentionsme'] = $item_mentionsme;
$datarray['item_nocomment'] = $item_nocomment;
$datarray['item_obscured'] = $item_obscured;
$datarray['item_verified'] = $item_verified;
$datarray['item_retained'] = $item_retained;
$datarray['item_rss'] = $item_rss;
$datarray['item_deleted'] = $item_deleted;
$datarray['item_hidden'] = $item_hidden;
$datarray['item_unpublished'] = $item_unpublished;
$datarray['item_delayed'] = $item_delayed;
$datarray['item_pending_remove'] = $item_pending_remove;
$datarray['item_blocked'] = $item_blocked;
$datarray['layout_mid'] = $layout_mid;
$datarray['public_policy'] = $public_policy;
$datarray['comment_policy'] = map_scope($channel['channel_w_comment']);
$datarray['term'] = $post_tags;
$datarray['plink'] = $plink;
$datarray['route'] = $route;
if ($iconfig) {
$datarray['iconfig'] = $iconfig;
}
// preview mode - prepare the body for display and send it via json
if ($preview) {
require_once 'include/conversation.php';
$datarray['owner'] = $owner_xchan;
$datarray['author'] = $observer;
$datarray['attach'] = json_encode($datarray['attach']);
$o = conversation($a, array($datarray), 'search', false, 'preview');
// logger('preview: ' . $o, LOGGER_DEBUG);
echo json_encode(array('preview' => $o));
killme();
}
if ($orig_post) {
$datarray['edit'] = true;
}
// suppress duplicates, *unless* you're editing an existing post. This could get picked up
// as a duplicate if you're editing it very soon after posting it initially and you edited
// some attribute besides the content, such as title or categories.
if (feature_enabled($profile_uid, 'suppress_duplicates') && !$orig_post) {
$z = q("select created from item where uid = %d and created > %s - INTERVAL %s and body = '%s' limit 1", intval($profile_uid), db_utcnow(), db_quoteinterval('2 MINUTE'), dbesc($body));
if ($z) {
$datarray['cancel'] = 1;
notice(t('Duplicate post suppressed.') . EOL);
logger('Duplicate post. Faking plugin cancel.');
}
}
call_hooks('post_local', $datarray);
if (x($datarray, 'cancel')) {
logger('mod_item: post cancelled by plugin or duplicate suppressed.');
if ($return_path) {
goaway(z_root() . "/" . $return_path);
}
$json = array('cancel' => 1);
$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
echo json_encode($json);
killme();
}
if (mb_strlen($datarray['title']) > 255) {
$datarray['title'] = mb_substr($datarray['title'], 0, 255);
}
if (array_key_exists('item_private', $datarray) && $datarray['item_private']) {
$datarray['body'] = trim(z_input_filter($datarray['uid'], $datarray['body'], $datarray['mimetype']));
if ($uid) {
if ($channel['channel_hash'] === $datarray['author_xchan']) {
$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'], $channel['channel_prvkey']));
$datarray['item_verified'] = 1;
}
}
}
if ($webpage) {
Zlib\IConfig::Set($datarray, 'system', webpage_to_namespace($webpage), $pagetitle ? $pagetitle : substr($datarray['mid'], 0, 16), true);
} elseif ($namespace) {
Zlib\IConfig::Set($datarray, 'system', $namespace, $remote_id ? $remote_id : substr($datarray['mid'], 0, 16), true);
}
if ($orig_post) {
$datarray['id'] = $post_id;
$x = item_store_update($datarray, $execflag);
if (!$parent) {
$r = q("select * from item where id = %d", intval($post_id));
if ($r) {
xchan_query($r);
$sync_item = fetch_post_tags($r);
build_sync_packet($profile_uid, array('item' => array(encode_item($sync_item[0], true))));
}
}
if (!$nopush) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'edit_post', $post_id));
}
if (x($_REQUEST, 'return') && strlen($return_path)) {
logger('return: ' . $return_path);
goaway(z_root() . "/" . $return_path);
}
killme();
} else {
$post_id = 0;
}
$post = item_store($datarray, $execflag);
$post_id = $post['item_id'];
if ($post_id) {
logger('mod_item: saved item ' . $post_id);
if ($parent) {
// only send comment notification if this is a wall-to-wall comment,
// otherwise it will happen during delivery
if ($datarray['owner_xchan'] != $datarray['author_xchan'] && intval($parent_item['item_wall'])) {
Zlib\Enotify::submit(array('type' => NOTIFY_COMMENT, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => z_root() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, 'parent_mid' => $parent_item['mid']));
}
} else {
$parent = $post_id;
if ($datarray['owner_xchan'] != $datarray['author_xchan'] && $datarray['item_type'] == ITEM_TYPE_POST) {
Zlib\Enotify::submit(array('type' => NOTIFY_WALL, 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, 'link' => z_root() . '/display/' . $datarray['mid'], 'verb' => ACTIVITY_POST, 'otype' => 'item'));
}
if ($uid && $uid == $profile_uid && is_item_normal($datarray)) {
q("update channel set channel_lastpost = '%s' where channel_id = %d", dbesc(datetime_convert()), intval($uid));
}
}
// photo comments turn the corresponding item visible to the profile wall
// This way we don't see every picture in your new photo album posted to your wall at once.
// They will show up as people comment on them.
if (intval($parent_item['item_hidden'])) {
$r = q("UPDATE item SET item_hidden = 0 WHERE id = %d", intval($parent_item['id']));
}
} else {
logger('mod_item: unable to retrieve post that was just stored.');
notice(t('System error. Post not saved.') . EOL);
goaway(z_root() . "/" . $return_path);
// NOTREACHED
}
if ($parent && $parent != $post_id) {
// Store the comment signature information in case we need to relay to Diaspora
//$ditem = $datarray;
//$ditem['author'] = $observer;
//store_diaspora_comment_sig($ditem,$channel,$parent_item, $post_id, (($walltowall_comment) ? 1 : 0));
} else {
$r = q("select * from item where id = %d", intval($post_id));
if ($r) {
xchan_query($r);
$sync_item = fetch_post_tags($r);
build_sync_packet($profile_uid, array('item' => array(encode_item($sync_item[0], true))));
}
}
$datarray['id'] = $post_id;
$datarray['llink'] = z_root() . '/display/' . $channel['channel_address'] . '/' . $post_id;
call_hooks('post_local_end', $datarray);
if (!$nopush) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id));
}
logger('post_complete');
// figure out how to return, depending on from whence we came
if ($api_source) {
return $post;
}
if ($return_path) {
goaway(z_root() . "/" . $return_path);
}
$json = array('success' => 1);
if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
}
logger('post_json: ' . print_r($json, true), LOGGER_DEBUG);
echo json_encode($json);
killme();
// NOTREACHED
}
/**
* @brief
*
* @param App &$a
* @return string
*/
function admin_page_channels(&$a)
{
if (argc() > 2) {
$uid = argv(3);
$channel = q("SELECT * FROM channel WHERE channel_id = %d", intval($uid));
if (!$channel) {
notice(t('Channel not found') . EOL);
goaway(z_root() . '/admin/channels');
}
switch (argv(2)) {
case "delete":
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
// delete channel
channel_remove($uid, true);
notice(sprintf(t("Channel '%s' deleted"), $channel[0]['channel_name']) . EOL);
break;
case "block":
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_CENSORED;
q("UPDATE channel SET channel_pageflags = %d where channel_id = %d", intval($pflags), intval($uid));
\Zotlabs\Daemon\Master::Summon(array('Directory', $uid, 'nopush'));
notice(sprintf($pflags & PAGE_CENSORED ? t("Channel '%s' censored") : t("Channel '%s' uncensored"), $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')') . EOL);
break;
case "code":
check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
$pflags = $channel[0]['channel_pageflags'] ^ PAGE_ALLOWCODE;
q("UPDATE channel SET channel_pageflags = %d where channel_id = %d", intval($pflags), intval($uid));
notice(sprintf($pflags & PAGE_ALLOWCODE ? t("Channel '%s' code allowed") : t("Channel '%s' code disallowed"), $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')') . EOL);
break;
default:
break;
}
goaway(z_root() . '/admin/channels');
}
$key = $_REQUEST['key'] ? dbesc($_REQUEST['key']) : 'channel_id';
$dir = 'asc';
if (array_key_exists('dir', $_REQUEST)) {
$dir = intval($_REQUEST['dir']) ? 'asc' : 'desc';
}
$base = z_root() . '/admin/channels?f=';
$odir = $dir === 'asc' ? '0' : '1';
/* get channels */
$total = q("SELECT count(*) as total FROM channel where channel_removed = 0 and channel_system = 0");
if ($total) {
\App::set_pager_total($total[0]['total']);
\App::set_pager_itemspage(100);
}
$channels = q("SELECT * from channel where channel_removed = 0 and channel_system = 0 order by {$key} {$dir} limit %d offset %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
if ($channels) {
for ($x = 0; $x < count($channels); $x++) {
if ($channels[$x]['channel_pageflags'] & PAGE_CENSORED) {
$channels[$x]['blocked'] = true;
} else {
$channels[$x]['blocked'] = false;
}
if ($channels[$x]['channel_pageflags'] & PAGE_ALLOWCODE) {
$channels[$x]['allowcode'] = true;
} else {
$channels[$x]['allowcode'] = false;
}
}
}
$t = get_markup_template("admin_channels.tpl");
$o = replace_macros($t, array('$title' => t('Administration'), '$page' => t('Channels'), '$submit' => t('Submit'), '$select_all' => t('select all'), '$delete' => t('Delete'), '$block' => t('Censor'), '$unblock' => t('Uncensor'), '$code' => t('Allow Code'), '$uncode' => t('Disallow Code'), '$h_channels' => t('Channel'), '$base' => $base, '$odir' => $odir, '$th_channels' => array([t('UID'), 'channel_id'], [t('Name'), 'channel_name'], [t('Address'), 'channel_address']), '$confirm_delete_multi' => t('Selected channels will be deleted!\\n\\nEverything that was posted in these channels on this site will be permanently deleted!\\n\\nAre you sure?'), '$confirm_delete' => t('The channel {0} will be deleted!\\n\\nEverything that was posted in this channel on this site will be permanently deleted!\\n\\nAre you sure?'), '$form_security_token' => get_form_security_token("admin_channels"), '$baseurl' => z_root(), '$channels' => $channels));
$o .= paginate($a);
return $o;
}
function get()
{
if (!local_channel()) {
notice(t('Permission denied') . EOL);
return;
}
$table = 'item';
$channel = \App::get_channel();
$mid = argc() > 1 ? argv(1) : '';
if ($mid === 'push') {
$table = 'push';
$mid = argc() > 2 ? argv(2) : '';
if ($mid) {
$i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d", dbesc($mid), dbesc($channel['channel_hash']), intval($channel['channel_id']));
if ($i) {
\Zotlabs\Daemon\Master::Summon(['Notifier', 'edit_post', $i[0]['id']]);
}
}
sleep(3);
goaway(z_root() . '/dreport/' . urlencode($mid));
}
if ($mid === 'mail') {
$table = 'mail';
$mid = argc() > 2 ? argv(2) : '';
}
if (!$mid) {
notice(t('Invalid message') . EOL);
return;
}
switch ($table) {
case 'item':
$i = q("select id from item where mid = '%s' and author_xchan = '%s' ", dbesc($mid), dbesc($channel['channel_hash']));
break;
case 'mail':
$i = q("select id from mail where mid = '%s' and from_xchan = '%s'", dbesc($mid), dbesc($channel['channel_hash']));
break;
default:
break;
}
if (!$i) {
notice(t('Permission denied') . EOL);
return;
}
$r = q("select * from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", dbesc($channel['channel_hash']), dbesc($mid));
if (!$r) {
notice(t('no results') . EOL);
// return;
}
for ($x = 0; $x < count($r); $x++) {
$r[$x]['name'] = escape_tags(substr($r[$x]['dreport_recip'], strpos($r[$x]['dreport_recip'], ' ')));
// This has two purposes: 1. make the delivery report strings translateable, and
// 2. assign an ordering to item delivery results so we can group them and provide
// a readable report with more interesting events listed toward the top and lesser
// interesting items towards the bottom
switch ($r[$x]['dreport_result']) {
case 'channel sync processed':
$r[$x]['gravity'] = 0;
$r[$x]['dreport_result'] = t('channel sync processed');
break;
case 'queued':
$r[$x]['gravity'] = 2;
$r[$x]['dreport_result'] = t('queued');
break;
case 'posted':
$r[$x]['gravity'] = 3;
$r[$x]['dreport_result'] = t('posted');
break;
case 'accepted for delivery':
$r[$x]['gravity'] = 4;
$r[$x]['dreport_result'] = t('accepted for delivery');
break;
case 'updated':
$r[$x]['gravity'] = 5;
$r[$x]['dreport_result'] = t('updated');
case 'update ignored':
$r[$x]['gravity'] = 6;
$r[$x]['dreport_result'] = t('update ignored');
break;
case 'permission denied':
$r[$x]['dreport_result'] = t('permission denied');
$r[$x]['gravity'] = 6;
break;
case 'recipient not found':
$r[$x]['dreport_result'] = t('recipient not found');
break;
case 'mail recalled':
$r[$x]['dreport_result'] = t('mail recalled');
break;
case 'duplicate mail received':
$r[$x]['dreport_result'] = t('duplicate mail received');
break;
case 'mail delivered':
$r[$x]['dreport_result'] = t('mail delivered');
break;
default:
$r[$x]['gravity'] = 1;
break;
}
}
usort($r, 'self::dreport_gravity_sort');
$entries = array();
foreach ($r as $rr) {
$entries[] = ['name' => $rr['name'], 'result' => escape_tags($rr['dreport_result']), 'time' => escape_tags(datetime_convert('UTC', date_default_timezone_get(), $rr['dreport_time']))];
}
$o = replace_macros(get_markup_template('dreport.tpl'), array('$title' => sprintf(t('Delivery report for %1$s'), substr($mid, 0, 32)) . '...', '$table' => $table, '$mid' => urlencode($mid), '$options' => t('Options'), '$push' => t('Redeliver'), '$entries' => $entries));
return $o;
}
function get()
{
$sort_type = 0;
$o = '';
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return login();
}
$channel = \App::get_channel();
$my_perms = get_channel_default_perms(local_channel());
$role = get_pconfig(local_channel(), 'system', 'permissions_role');
if ($role) {
$x = get_role_perms($role);
if ($x['perms_accept']) {
$my_perms = $x['perms_accept'];
}
}
$yes_no = array(t('No'), t('Yes'));
if ($my_perms) {
$o .= "<script>function connectDefaultShare() {\n\t\t\t\$('.abook-edit-me').each(function() {\n\t\t\t\tif(! \$(this).is(':disabled'))\n\t\t\t\t\t\$(this).prop('checked', false);\n\t\t\t});\n\n";
$perms = get_perms();
foreach ($perms as $p => $v) {
if ($my_perms & $v[1]) {
$o .= "\$('#me_id_perms_" . $p . "').prop('checked', true); \n";
}
}
$o .= " }\n</script>\n";
}
if (argc() == 3) {
$contact_id = intval(argv(1));
if (!$contact_id) {
return;
}
$cmd = argv(2);
$orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\tWHERE abook_id = %d AND abook_channel = %d AND abook_self = 0 LIMIT 1", intval($contact_id), intval(local_channel()));
if (!count($orig_record)) {
notice(t('Could not access address book record.') . EOL);
goaway(z_root() . '/connections');
}
if ($cmd === 'update') {
// pull feed and consume it, which should subscribe to the hub.
\Zotlabs\Daemon\Master::Summon(array('Poller', $contact_id));
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'refresh') {
if ($orig_record[0]['xchan_network'] === 'zot') {
if (!zot_refresh($orig_record[0], \App::get_channel())) {
notice(t('Refresh failed - channel is currently unavailable.'));
}
} else {
// if you are on a different network we'll force a refresh of the connection basic info
Zotlabs\Daemon\Master::Summon(array('Notifier', 'permission_update', $contact_id));
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'block') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_BLOCKED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'ignore') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_IGNORED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'archive') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_ARCHIVED)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'hide') {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_HIDDEN)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
goaway(z_root() . '/connedit/' . $contact_id);
}
// We'll prevent somebody from unapproving an already approved contact.
// Though maybe somebody will want this eventually (??)
if ($cmd === 'approve') {
if (intval($orig_record[0]['abook_pending'])) {
if (abook_toggle_flag($orig_record[0], ABOOK_FLAG_PENDING)) {
$this->connedit_clone($a);
} else {
notice(t('Unable to set address book parameters.') . EOL);
}
}
goaway(z_root() . '/connedit/' . $contact_id);
}
if ($cmd === 'drop') {
// FIXME
// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
// in the background there could be a race condition preventing this packet from being sent in all cases.
// PLACEHOLDER
contact_remove(local_channel(), $orig_record[0]['abook_id']);
build_sync_packet(0, array('abook' => array(array('abook_xchan' => $orig_record[0]['abook_xchan'], 'entry_deleted' => true))));
info(t('Connection has been removed.') . EOL);
if (x($_SESSION, 'return_url')) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/contacts');
}
}
if (\App::$poi) {
$contact_id = \App::$poi['abook_id'];
$contact = \App::$poi;
$tools = array('view' => array('label' => t('View Profile'), 'url' => chanlink_cid($contact['abook_id']), 'sel' => '', 'title' => sprintf(t('View %s\'s profile'), $contact['xchan_name'])), 'refresh' => array('label' => t('Refresh Permissions'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/refresh', 'sel' => '', 'title' => t('Fetch updated permissions')), 'recent' => array('label' => t('Recent Activity'), 'url' => z_root() . '/network/?f=&cid=' . $contact['abook_id'], 'sel' => '', 'title' => t('View recent posts and comments')), 'block' => array('label' => intval($contact['abook_blocked']) ? t('Unblock') : t('Block'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/block', 'sel' => intval($contact['abook_blocked']) ? 'active' : '', 'title' => t('Block (or Unblock) all communications with this connection'), 'info' => intval($contact['abook_blocked']) ? t('This connection is blocked!') : ''), 'ignore' => array('label' => intval($contact['abook_ignored']) ? t('Unignore') : t('Ignore'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/ignore', 'sel' => intval($contact['abook_ignored']) ? 'active' : '', 'title' => t('Ignore (or Unignore) all inbound communications from this connection'), 'info' => intval($contact['abook_ignored']) ? t('This connection is ignored!') : ''), 'archive' => array('label' => intval($contact['abook_archived']) ? t('Unarchive') : t('Archive'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/archive', 'sel' => intval($contact['abook_archived']) ? 'active' : '', 'title' => t('Archive (or Unarchive) this connection - mark channel dead but keep content'), 'info' => intval($contact['abook_archived']) ? t('This connection is archived!') : ''), 'hide' => array('label' => intval($contact['abook_hidden']) ? t('Unhide') : t('Hide'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/hide', 'sel' => intval($contact['abook_hidden']) ? 'active' : '', 'title' => t('Hide or Unhide this connection from your other connections'), 'info' => intval($contact['abook_hidden']) ? t('This connection is hidden!') : ''), 'delete' => array('label' => t('Delete'), 'url' => z_root() . '/connedit/' . $contact['abook_id'] . '/drop', 'sel' => '', 'title' => t('Delete this connection')));
$self = false;
if (intval($contact['abook_self'])) {
$self = true;
}
$tpl = get_markup_template("abook_edit.tpl");
if (feature_enabled(local_channel(), 'affinity')) {
$labels = array(t('Me'), t('Family'), t('Friends'), t('Acquaintances'), t('All'));
call_hooks('affinity_labels', $labels);
$label_str = '';
if ($labels) {
foreach ($labels as $l) {
if ($label_str) {
$label_str .= ", '|'";
$label_str .= ", '" . $l . "'";
} else {
$label_str .= "'" . $l . "'";
}
}
}
$slider_tpl = get_markup_template('contact_slider.tpl');
$slide = replace_macros($slider_tpl, array('$min' => 1, '$val' => $contact['abook_closeness'] ? $contact['abook_closeness'] : 99, '$labels' => $label_str));
}
$rating_val = 0;
$rating_text = '';
$xl = q("select * from xlink where xlink_xchan = '%s' and xlink_link = '%s' and xlink_static = 1", dbesc($channel['channel_hash']), dbesc($contact['xchan_hash']));
if ($xl) {
$rating_val = intval($xl[0]['xlink_rating']);
$rating_text = $xl[0]['xlink_rating_text'];
}
$poco_rating = get_config('system', 'poco_rating_enable');
// if unset default to enabled
if ($poco_rating === false) {
$poco_rating = true;
}
if ($poco_rating) {
$rating = replace_macros(get_markup_template('rating_slider.tpl'), array('$min' => -10, '$val' => $rating_val));
} else {
$rating = false;
}
$perms = array();
$channel = \App::get_channel();
$global_perms = get_perms();
$existing = get_all_perms(local_channel(), $contact['abook_xchan']);
$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'), 'Yes'));
$multiprofs = feature_enabled(local_channel(), 'multi_profiles') ? true : false;
if ($slide && !$multiprofs) {
$affinity = t('Set Affinity');
}
if (!$slide && $multiprofs) {
$affinity = t('Set Profile');
}
if ($slide && $multiprofs) {
$affinity = t('Set Affinity & Profile');
}
foreach ($global_perms as $k => $v) {
$thisperm = $contact['abook_my_perms'] & $v[1] ? "1" : '';
$checkinherited = $channel[$v[0]] && $channel[$v[0]] != PERMS_SPECIFIC ? "1" : '';
// For auto permissions (when $self is true) we don't want to look at existing
// permissions because they are enabled for the channel owner
if (!$self && $existing[$k]) {
$thisperm = "1";
}
$perms[] = array('perms_' . $k, $v[3], $contact['abook_their_perms'] & $v[1] ? "1" : "", $thisperm, $v[1], $channel[$v[0]] == PERMS_SPECIFIC ? '' : '1', $v[4], $checkinherited);
}
$locstr = '';
$locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'\n\t\t\t\tand hubloc_deleted = 0 and site_dead = 0", dbesc($contact['xchan_hash']));
if ($locs) {
foreach ($locs as $l) {
if (!$l['location']) {
continue;
}
if (strpos($locstr, $l['location']) !== false) {
continue;
}
if (strlen($locstr)) {
$locstr .= ', ';
}
$locstr .= $l['location'];
}
} else {
$locstr = t('none');
}
$o .= replace_macros($tpl, array('$header' => $self ? t('Connection Default Permissions') : sprintf(t('Connection: %s'), $contact['xchan_name']), '$autoperms' => array('autoperms', t('Apply these permissions automatically'), get_pconfig(local_channel(), 'system', 'autoperms') ? 1 : 0, t('Connection requests will be approved without your interaction'), $yes_no), '$addr' => $contact['xchan_addr'], '$addr_text' => t('This connection\'s primary address is'), '$loc_text' => t('Available locations:'), '$locstr' => $locstr, '$notself' => $self ? '' : '1', '$self' => $self ? '1' : '', '$autolbl' => t('The permissions indicated on this page will be applied to all new connections.'), '$tools_label' => t('Connection Tools'), '$tools' => $self ? '' : $tools, '$lbl_slider' => t('Slide to adjust your degree of friendship'), '$lbl_rating' => t('Rating'), '$lbl_rating_label' => t('Slide to adjust your rating'), '$lbl_rating_txt' => t('Optionally explain your rating'), '$connfilter' => feature_enabled(local_channel(), 'connfilter'), '$connfilter_label' => t('Custom Filter'), '$incl' => array('abook_incl', t('Only import posts with this text'), $contact['abook_incl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$excl' => array('abook_excl', t('Do not import posts with this text'), $contact['abook_excl'], t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')), '$rating_text' => array('rating_text', t('Optionally explain your rating'), $rating_text, ''), '$rating_info' => t('This information is public!'), '$rating' => $rating, '$rating_val' => $rating_val, '$slide' => $slide, '$affinity' => $affinity, '$pending_label' => t('Connection Pending Approval'), '$is_pending' => intval($contact['abook_pending']) ? 1 : '', '$unapproved' => $unapproved, '$inherited' => t('inherited'), '$submit' => t('Submit'), '$lbl_vis2' => sprintf(t('Please choose the profile you would like to display to %s when viewing your profile securely.'), $contact['xchan_name']), '$close' => $contact['abook_closeness'], '$them' => t('Their Settings'), '$me' => t('My Settings'), '$perms' => $perms, '$permlbl' => t('Individual Permissions'), '$permnote' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can <strong>not</strong> change those settings here.'), '$permnote_self' => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'), '$lastupdtext' => t('Last update:'), '$last_update' => relative_date($contact['abook_connected']), '$profile_select' => contact_profile_assign($contact['abook_profile']), '$multiprofs' => $multiprofs, '$contact_id' => $contact['abook_id'], '$name' => $contact['xchan_name']));
$arr = array('contact' => $contact, 'output' => $o);
call_hooks('contact_edit', $arr);
return $arr['output'];
}
}
function get()
{
$o = '';
nav_set_selected('messages');
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return login();
}
$channel = \App::get_channel();
head_set_icon($channel['xchan_photo_s']);
$cipher = get_pconfig(local_channel(), 'system', 'default_cipher');
if (!$cipher) {
$cipher = 'aes256';
}
$tpl = get_markup_template('mail_head.tpl');
$header = replace_macros($tpl, array('$header' => t('Messages')));
if (argc() == 4 && argv(2) === 'drop') {
if (!intval(argv(3))) {
return;
}
$cmd = argv(2);
$mailbox = argv(1);
$r = private_messages_drop(local_channel(), argv(3));
if ($r) {
//info( t('Message deleted.') . EOL );
}
goaway(z_root() . '/mail/' . $mailbox);
}
if (argc() == 4 && argv(2) === 'recall') {
if (!intval(argv(3))) {
return;
}
$cmd = argv(2);
$mailbox = argv(1);
$r = q("update mail set mail_recalled = 1 where id = %d and channel_id = %d", intval(argv(3)), intval(local_channel()));
$x = q("select * from mail where id = %d and channel_id = %d", intval(argv(3)), intval(local_channel()));
if ($x) {
build_sync_packet(local_channel(), array('mail' => encode_mail($x[0], true)));
}
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'mail', intval(argv(3))));
if ($r) {
info(t('Message recalled.') . EOL);
}
goaway(z_root() . '/mail/' . $mailbox . '/' . argv(3));
}
if (argc() == 4 && argv(2) === 'dropconv') {
if (!intval(argv(3))) {
return;
}
$cmd = argv(2);
$mailbox = argv(1);
$r = private_messages_drop(local_channel(), argv(3), true);
if ($r) {
info(t('Conversation removed.') . EOL);
}
goaway(z_root() . '/mail/' . $mailbox);
}
if (argc() > 1 && argv(1) === 'new') {
$plaintext = true;
$tpl = get_markup_template('msg-header.tpl');
$header = replace_macros($tpl, array('$baseurl' => z_root(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$nickname' => $channel['channel_address'], '$linkurl' => t('Please enter a link URL:'), '$expireswhen' => t('Expires YYYY-MM-DD HH:MM')));
\App::$page['htmlhead'] .= $header;
$prename = '';
$preid = '';
if (x($_REQUEST, 'hash')) {
$r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash\n\t\t\t\t\twhere abook_channel = %d and abook_xchan = '%s' limit 1", intval(local_channel()), dbesc($_REQUEST['hash']));
if (!$r) {
$r = q("select * from xchan where xchan_hash = '%s' and xchan_network = 'zot' limit 1", dbesc($_REQUEST['hash']));
}
if ($r) {
$prename = $r[0]['abook_id'] ? $r[0]['xchan_name'] : $r[0]['xchan_addr'];
$preurl = $r[0]['xchan_url'];
$preid = $r[0]['abook_id'] ? $r[0]['xchan_hash'] : '';
} else {
notice(t('Requested channel is not in this network') . EOL);
}
}
$tpl = get_markup_template('prv_message.tpl');
$o .= replace_macros($tpl, array('$new' => true, '$header' => t('Send Private Message'), '$to' => t('To:'), '$prefill' => $prename, '$preid' => $preid, '$subject' => t('Subject:'), '$subjtxt' => x($_REQUEST, 'subject') ? strip_tags($_REQUEST['subject']) : '', '$text' => x($_REQUEST, 'body') ? htmlspecialchars($_REQUEST['body'], ENT_COMPAT, 'UTF-8') : '', '$yourmessage' => t('Your message:'), '$parent' => '', '$attach' => t('Attach file'), '$insert' => t('Insert web link'), '$submit' => t('Send'), '$defexpire' => '', '$feature_expire' => feature_enabled(local_channel(), 'content_expire') ? true : false, '$expires' => t('Set expiration date'), '$feature_encrypt' => feature_enabled(local_channel(), 'content_encrypt') ? true : false, '$encrypt' => t('Encrypt text'), '$cipher' => $cipher));
return $o;
}
switch (argv(1)) {
case 'combined':
$mailbox = 'combined';
break;
case 'inbox':
$mailbox = 'inbox';
break;
case 'outbox':
$mailbox = 'outbox';
break;
default:
$mailbox = 'combined';
break;
}
$last_message = private_messages_list(local_channel(), $mailbox, 0, 1);
$mid = argc() > 2 && intval(argv(2)) ? argv(2) : $last_message[0]['id'];
$plaintext = true;
// if( local_channel() && feature_enabled(local_channel(),'richtext') )
// $plaintext = false;
if ($mailbox == 'combined') {
$messages = private_messages_fetch_conversation(local_channel(), $mid, true);
} else {
$messages = private_messages_fetch_message(local_channel(), $mid, true);
}
if (!$messages) {
//info( t('Message not found.') . EOL);
return;
}
if ($messages[0]['to_xchan'] === $channel['channel_hash']) {
\App::$poi = $messages[0]['from'];
} else {
\App::$poi = $messages[0]['to'];
}
$tpl = get_markup_template('msg-header.tpl');
\App::$page['htmlhead'] .= replace_macros($tpl, array('$nickname' => $channel['channel_address'], '$baseurl' => z_root(), '$editselect' => $plaintext ? 'none' : '/(profile-jot-text|prvmail-text)/', '$linkurl' => t('Please enter a link URL:'), '$expireswhen' => t('Expires YYYY-MM-DD HH:MM')));
$mails = array();
$seen = 0;
$unknown = false;
foreach ($messages as $message) {
$s = theme_attachments($message);
$mails[] = array('mailbox' => $mailbox, 'id' => $message['id'], 'mid' => $message['mid'], 'from_name' => $message['from']['xchan_name'], 'from_url' => chanlink_hash($message['from_xchan']), 'from_photo' => $message['from']['xchan_photo_s'], 'to_name' => $message['to']['xchan_name'], 'to_url' => chanlink_hash($message['to_xchan']), 'to_photo' => $message['to']['xchan_photo_s'], 'subject' => $message['title'], 'body' => smilies(bbcode($message['body'])), 'attachments' => $s, 'delete' => t('Delete message'), 'dreport' => t('Delivery report'), 'recall' => t('Recall message'), 'can_recall' => $channel['channel_hash'] == $message['from_xchan'] ? true : false, 'is_recalled' => intval($message['mail_recalled']) ? t('Message has been recalled.') : '', 'date' => datetime_convert('UTC', date_default_timezone_get(), $message['created'], 'c'));
$seen = $message['seen'];
}
$recp = $message['from_xchan'] === $channel['channel_hash'] ? 'to' : 'from';
$tpl = get_markup_template('mail_display.tpl');
$o = replace_macros($tpl, array('$mailbox' => $mailbox, '$prvmsg_header' => $message['title'], '$thread_id' => $mid, '$thread_subject' => $message['title'], '$thread_seen' => $seen, '$delete' => t('Delete Conversation'), '$canreply' => $unknown ? false : '1', '$unknown_text' => t("No secure communications available. You <strong>may</strong> be able to respond from the sender's profile page."), '$mails' => $mails, '$header' => t('Send Reply'), '$to' => t('To:'), '$reply' => true, '$subject' => t('Subject:'), '$subjtxt' => $message['title'], '$yourmessage' => sprintf(t('Your message for %s (%s):'), $message[$recp]['xchan_name'], $message[$recp]['xchan_addr']), '$text' => '', '$parent' => $message['parent_mid'], '$recphash' => $message[$recp]['xchan_hash'], '$attach' => t('Attach file'), '$insert' => t('Insert web link'), '$submit' => t('Submit'), '$defexpire' => '', '$feature_expire' => feature_enabled(local_channel(), 'content_expire') ? true : false, '$expires' => t('Set expiration date'), '$feature_encrypt' => feature_enabled(local_channel(), 'content_encrypt') ? true : false, '$encrypt' => t('Encrypt text'), '$cipher' => $cipher));
return $o;
}
function get()
{
if (!local_channel() && !remote_channel()) {
return;
}
$observer_hash = get_observer_hash();
//strip html-tags
$term = notags(trim($_GET['term']));
//check if empty
if (!$term) {
return;
}
$item_id = argc() > 1 ? notags(trim(argv(1))) : 0;
logger('tagger: tag ' . $term . ' item ' . $item_id);
$r = q("SELECT * FROM item left join xchan on xchan_hash = author_xchan WHERE id = '%s' and uid = %d LIMIT 1", dbesc($item_id), intval(local_channel()));
if (!$item_id || !$r) {
logger('tagger: no item ' . $item_id);
return;
}
$item = $r[0];
$owner_uid = $item['uid'];
switch ($item['resource_type']) {
case 'photo':
$targettype = ACTIVITY_OBJ_PHOTO;
$post_type = t('photo');
break;
case 'event':
$targgettype = ACTIVITY_OBJ_EVENT;
$post_type = t('event');
break;
default:
$targettype = ACTIVITY_OBJ_NOTE;
$post_type = t('post');
if ($item['mid'] != $item['parent_mid']) {
$post_type = t('comment');
}
break;
}
$links = array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/display/' . $item['mid']));
$target = json_encode(array('type' => $targettype, 'id' => $item['mid'], 'link' => $links, 'title' => $item['title'], 'content' => $item['body'], 'created' => $item['created'], 'edited' => $item['edited'], 'author' => array('name' => $item['xchan_name'], 'address' => $item['xchan_addr'], 'guid' => $item['xchan_guid'], 'guid_sig' => $item['xchan_guid_sig'], 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $item['xchan_url']), array('rel' => 'photo', 'type' => $item['xchan_photo_mimetype'], 'href' => $item['xchan_photo_m'])))));
$link = xmlify('<link rel="alternate" type="text/html" href="' . z_root() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n");
$tagid = z_root() . '/search?tag=' . $term;
$objtype = ACTIVITY_OBJ_TAGTERM;
$obj = json_encode(array('type' => $objtype, 'id' => $tagid, 'link' => array(array('rel' => 'alternate', 'type' => 'text/html', 'href' => $tagid)), 'title' => $term, 'content' => $term));
$bodyverb = t('%1$s tagged %2$s\'s %3$s with %4$s');
// saving here for reference
// also check out x22d5 and x2317 and x0d6b and x0db8 and x24d0 and xff20 !!!
$termlink = html_entity_decode('⋕') . '[zrl=' . z_root() . '/search?tag=' . urlencode($term) . ']' . $term . '[/zrl]';
$channel = \App::get_channel();
$arr = array();
$arr['owner_xchan'] = $item['owner_xchan'];
$arr['author_xchan'] = $channel['channel_hash'];
$arr['item_origin'] = 1;
$arr['item_wall'] = intval($item['item_wall']) ? 1 : 0;
$ulink = '[zrl=' . $channel['xchan_url'] . ']' . $channel['channel_name'] . '[/zrl]';
$alink = '[zrl=' . $item['xchan_url'] . ']' . $item['xchan_name'] . '[/zrl]';
$plink = '[zrl=' . $item['plink'] . ']' . $post_type . '[/zrl]';
$arr['body'] = sprintf($bodyverb, $ulink, $alink, $plink, $termlink);
$arr['verb'] = ACTIVITY_TAG;
$arr['tgt_type'] = $targettype;
$arr['target'] = $target;
$arr['obj_type'] = $objtype;
$arr['obj'] = $obj;
$arr['parent_mid'] = $item['mid'];
store_item_tag($item['uid'], $item['id'], TERM_OBJ_POST, TERM_COMMUNITYTAG, $term, $tagid);
$ret = post_activity_item($arr);
if ($ret['success']) {
\Zotlabs\Daemon\Master::Summon(array('Notifier', 'tag', $ret['activity']['id']));
}
killme();
}
