function follow_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
goaway($_SESSION['return_url']);
// NOTREACHED
}
if ($_REQUEST['cancel']) {
goaway($_SESSION['return_url']);
}
$uid = local_user();
$url = notags(trim($_REQUEST['url']));
$return_url = $_SESSION['return_url'];
// Makes the connection request for friendica contacts easier
// This is just a precaution if maybe this page is called somewhere directly via POST
$_SESSION["fastlane"] = $url;
$result = new_contact($uid, $url, true);
if ($result['success'] == false) {
if ($result['message']) {
notice($result['message']);
}
goaway($return_url);
} elseif ($result['cid']) {
goaway($a->get_baseurl() . '/contacts/' . $result['cid']);
}
info(t('Contact added') . EOL);
if (strstr($return_url, 'contacts')) {
goaway($a->get_baseurl() . '/contacts/' . $contact_id);
}
goaway($return_url);
// NOTREACHED
}
function wfinger_init(&$a)
{
$result = array();
$scheme = '';
if (x($_SERVER, 'HTTPS') && $_SERVER['HTTPS']) {
$scheme = 'https';
} elseif (x($_SERVER, 'SERVER_PORT') && intval($_SERVER['SERVER_PORT']) == 443) {
$scheme = 'https';
}
// Don't complain to me - I'm just implementing the spec.
if ($scheme !== 'https') {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS');
killme();
}
$resource = $_REQUEST['resource'];
$r = null;
if ($resource) {
if (strpos($resource, 'acct:') === 0) {
$channel = str_replace('acct:', '', $resource);
if (strpos($channel, '@') !== false) {
$host = substr($channel, strpos($channel, '@') + 1);
if (strcasecmp($host, get_app()->get_hostname())) {
goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource);
}
$channel = substr($channel, 0, strpos($channel, '@'));
}
}
if (strpos($resource, 'http') === 0) {
$channel = str_replace('~', '', basename($resource));
}
$r = q("select * from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_address = '%s' limit 1", dbesc($channel));
}
header('Access-Control-Allow-Origin: *');
header('Content-type: application/jrd+json');
if ($resource && $r) {
$h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", dbesc($r[0]['channel_hash']));
$result['subject'] = $resource;
$aliases = array(z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
if ($h) {
foreach ($h as $hh) {
$aliases[] = 'acct:' . $hh['hubloc_addr'];
}
}
$result['aliases'] = array();
$result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']);
foreach ($aliases as $alias) {
if ($alias != $resource) {
$result['aliases'][] = $alias;
}
}
$result['links'] = array(array('rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l']), array('rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address']), array('rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address']), array('rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr']));
} else {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request');
killme();
}
$arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result);
call_hooks('webfinger', $arr);
echo json_encode($arr['result']);
killme();
}
function redir_init(&$a)
{
if (!local_user() || !($a->argc == 2) || !intval($a->argv[1])) {
goaway(z_root());
}
$cid = $a->argv[1];
$url = x($_GET, 'url') ? $_GET['url'] : '';
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval(local_user()));
if (!count($r) || $r[0]['network'] !== 'dfrn') {
goaway(z_root());
}
$dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id'];
if ($r[0]['duplex'] && $r[0]['issued-id']) {
$orig_id = $r[0]['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
$sec = random_string();
q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(local_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45));
logger('mod_redir: ' . $r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
$dest = $url ? '&destination_url=' . $url : '';
goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest);
}
function post()
{
// logger('file upload: ' . print_r($_REQUEST,true));
$channel = $_REQUEST['channick'] ? get_channel_by_nick($_REQUEST['channick']) : null;
if (!$channel) {
logger('channel not found');
killme();
}
$_REQUEST['source'] = 'file_upload';
if ($channel['channel_id'] != local_channel()) {
$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
$_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
$_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
$_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
}
if ($_REQUEST['filename']) {
$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
} else {
$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
}
goaway(z_root() . '/' . $_REQUEST['return_url']);
}
function post()
{
$address = trim($_REQUEST['address']);
if (strpos($address, '@') === false) {
$arr = array('address' => $address);
call_hooks('reverse_magic_auth', $arr);
// if they're still here...
notice(t('Authentication failed.') . EOL);
return;
} else {
// Presumed Red identity. Perform reverse magic auth
if (strpos($address, '@') === false) {
notice('Invalid address.');
return;
}
$r = null;
if ($address) {
$r = q("select hubloc_url from hubloc where hubloc_addr = '%s' limit 1", dbesc($address));
}
if ($r) {
$url = $r[0]['hubloc_url'];
} else {
$url = 'https://' . substr($address, strpos($address, '@') + 1);
}
if ($url) {
if ($_SESSION['return_url']) {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', $_SESSION['return_url']));
} else {
$dest = urlencode(z_root() . '/' . str_replace('zid=', 'zid_=', \App::$query_string));
}
goaway($url . '/magic' . '?f=&dest=' . $dest);
}
}
}
function get()
{
if (local_channel()) {
goaway(z_root());
}
return login(\App::$config['system']['register_policy'] == REGISTER_CLOSED ? false : true);
}
function post()
{
if (!local_channel()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'requires' => escape_tags($_REQUEST['requires']), 'system' => intval($_REQUEST['system']), 'sig' => escape_tags($_REQUEST['sig']), 'categories' => escape_tags($_REQUEST['categories']));
$_REQUEST['appid'] = Zlib\Apps::app_install(local_channel(), $arr);
if (Zlib\Apps::app_installed(local_channel(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = Zlib\Apps::app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
Zlib\Apps::app_install(local_channel(), $papp);
if (Zlib\Apps::app_installed(local_channel(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
Zlib\Apps::app_destroy(local_channel(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps');
}
function login_init(&$a)
{
if (local_user()) {
notice("Logged in");
goaway($a->get_baseurl());
}
}
function init()
{
if (argc() != 3 || !in_array(argv(1), ['post', 'status_message', 'reshare'])) {
http_status_exit(404, 'Not found');
}
$guid = argv(2);
// Fetch the item
$item = q("SELECT * from item where mid = '%s' and item_private = 0 and mid = parent_mid limit 1", dbesc($guid));
if (!$item) {
http_status_exit(404, 'Not found');
}
xchan_query($item);
$item = fetch_post_tags($item, true);
$channel = channelx_by_hash($item[0]['author_xchan']);
if (!$channel) {
$r = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item[0]['author_xchan']));
if ($r) {
$url = $r[0]['xchan_url'];
if (strpos($url, z_root()) === false) {
$m = parse_url($url);
goaway($m['scheme'] . '://' . $m['host'] . ($m['port'] ? ':' . $m['port'] : '') . '/fetch/' . argv(1) . '/' . argv(2));
}
}
http_status_exit(404, 'Not found');
}
$status = diaspora_build_status($item[0], $channel);
header("Content-type: application/magic-envelope+xml; charset=utf-8");
echo diaspora_magic_env($channel, $status);
killme();
}
function user_remove($uid)
{
if (!$uid) {
return;
}
$a = get_app();
logger('Removing user: '******'authenticated']);
unset($_SESSION['uid']);
goaway($a->get_baseurl());
}
}
function regmod_content(&$a)
{
global $lang;
$_SESSION['return_url'] = $a->cmd;
if (!local_user()) {
info(t('Please login.') . EOL);
$o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
return $o;
}
if (!is_site_admin() || x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
notice(t('Permission denied.') . EOL);
return '';
}
if ($a->argc != 3) {
killme();
}
$cmd = $a->argv[1];
$hash = $a->argv[2];
if ($cmd === 'deny') {
user_deny($hash);
goaway($a->get_baseurl() . "/admin/users/");
killme();
}
if ($cmd === 'allow') {
user_allow($hash);
goaway($a->get_baseurl() . "/admin/users/");
killme();
}
}
function nojs_init(&$a)
{
setcookie('jsdisabled', 1, 0);
$p = $_GET['query'];
$hasq = strpos($p, '?');
goaway(z_root() . ($p ? '/' . $p : '') . ($hasq ? '' : '?f=') . '&jsdisabled=1');
}
function repair_ostatus_content(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
goaway($_SESSION['return_url']);
// NOTREACHED
}
$o = "<h2>" . t("Resubsribing to OStatus contacts") . "</h2>";
$uid = local_user();
$a = get_app();
$counter = intval($_REQUEST['counter']);
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING));
if (!$r) {
return $o . t("Error");
}
$total = $r[0]["total"];
$r = q("SELECT `url` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)\n\t\tORDER BY `url`\n\t\tLIMIT %d, 1", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING), $counter++);
if (!$r) {
$o .= t("Done");
return $o;
}
$o .= "<p>" . $counter . "/" . $total . ": " . $r[0]["url"] . "</p>";
$o .= "<p>" . t("Keep this window open until done.") . "</p>";
$result = new_contact($uid, $r[0]["url"], true);
$a->page['htmlhead'] = '<meta http-equiv="refresh" content="1; URL=' . $a->get_baseurl() . '/repair_ostatus?counter=' . $counter . '">';
return $o;
}
function post()
{
check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
$allowed_email = x($_POST, 'allowed_email') ? notags(trim($_POST['allowed_email'])) : '';
$not_allowed_email = x($_POST, 'not_allowed_email') ? notags(trim($_POST['not_allowed_email'])) : '';
set_config('system', 'allowed_email', $allowed_email);
set_config('system', 'not_allowed_email', $not_allowed_email);
$block_public = x($_POST, 'block_public') ? True : False;
set_config('system', 'block_public', $block_public);
$ws = $this->trim_array_elems(explode("\n", $_POST['whitelisted_sites']));
set_config('system', 'whitelisted_sites', $ws);
$bs = $this->trim_array_elems(explode("\n", $_POST['blacklisted_sites']));
set_config('system', 'blacklisted_sites', $bs);
$wc = $this->trim_array_elems(explode("\n", $_POST['whitelisted_channels']));
set_config('system', 'whitelisted_channels', $wc);
$bc = $this->trim_array_elems(explode("\n", $_POST['blacklisted_channels']));
set_config('system', 'blacklisted_channels', $bc);
$embed_sslonly = x($_POST, 'embed_sslonly') ? True : False;
set_config('system', 'embed_sslonly', $embed_sslonly);
$we = $this->trim_array_elems(explode("\n", $_POST['embed_allow']));
set_config('system', 'embed_allow', $we);
$be = $this->trim_array_elems(explode("\n", $_POST['embed_deny']));
set_config('system', 'embed_deny', $be);
$ts = x($_POST, 'transport_security') ? True : False;
set_config('system', 'transport_security_header', $ts);
$cs = x($_POST, 'content_security') ? True : False;
set_config('system', 'content_security_policy', $cs);
goaway(z_root() . '/admin/security');
}
function blackout_redirect($a, $b)
{
// if we have a logged in user, don't throw her out
if (local_user()) {
return true;
}
if (!(version_compare(PHP_VERSION, '5.3.0') >= 0)) {
return true;
}
// else...
$mystart = get_config('blackout', 'begindate');
$myend = get_config('blackout', 'enddate');
$myurl = get_config('blackout', 'url');
$now = time();
$date1 = DateTime::createFromFormat('Y-m-d G:i', $mystart);
$date2 = DateTime::createFromFormat('Y-m-d G:i', $myend);
if ($date1 && $date2) {
$date1 = DateTime::createFromFormat('Y-m-d G:i', $mystart)->format('U');
$date2 = DateTime::createFromFormat('Y-m-d G:i', $myend)->format('U');
} else {
$date1 = 0;
$date2 = 0;
}
if ($date1 <= $now && $now <= $date2) {
logger('redirecting user to blackout page');
goaway($myurl);
}
}
function flag_content(&$a)
{
if ($a->argc > 1) {
$id = intval($a->argv[1]);
}
if (!id) {
goaway($a->get_baseurl());
}
$o = '<h3>Flag Directory Listing</h3>';
$o .= <<<EOT
<p>
You may flag profile listings for one of two reasons: inappropriate (adult) content, or if the link destination and therefore the profile entry is no longer valid. If you selected this form by mistake, please use your browser "Back" button to return to the Friendika directory.
</p>
<p>
Your request will be verified and if it is deemed to be valid, the entry will be flagged/removed. Please allow 24-36 hours for this action to take place.
</p>
<form action="flag" method="post" ><br /><br />
<input type="hidden" name="id" value="{$id}" >
<p>
Reason for flagging profile:
</p>
<input type="radio" name="reason" value="censor" >Adult content<br /><br />
<input type="radio" name="reason" value="dead" >Dead link<br /><br />
<input type="submit" name="submit" value="Submit" ><br />
</form>
EOT;
return $o;
}
function notifications_content(&$a)
{
if (!local_user()) {
notice(t('Permission denied') . EOL);
goaway($a->get_baseurl());
}
$o = '';
if ($a->argc > 1 && $a->argv[1] == 'all') {
$sql_extra = '';
} else {
$sql_extra = " AND `ignore` = 0 ";
}
$tpl = file_get_contents('view/intros-top.tpl');
$o .= replace_macros($tpl, array('$hide_url' => strlen($sql_extra) ? 'notifications/all' : 'notifications', '$hide_text' => strlen($sql_extra) ? t('Show Ignored Requests') : t('Hide Ignored Requests')));
$r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.* \n\t\tFROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`\n\t\tWHERE `intro`.`blocked` = 0 {$sql_extra} ");
if ($r !== false && count($r)) {
$tpl = file_get_contents("view/intros.tpl");
foreach ($r as $rr) {
$o .= replace_macros($tpl, array('$intro_id' => $rr['intro-id'], '$dfrn-id' => $rr['issued-id'], '$uid' => $_SESSION['uid'], '$contact-id' => $rr['contact-id'], '$photo' => x($rr, 'photo') ? $rr['photo'] : "images/default-profile.jpg", '$fullname' => $rr['name'], '$knowyou' => $rr['knowyou'] ? t('yes') : t('no'), '$url' => $rr['url'], '$note' => $rr['note']));
}
} else {
notice(t('No notifications.') . EOL);
}
return $o;
}
function login_content(&$a)
{
if (local_channel()) {
goaway(z_root());
}
return login($a->config['system']['register_policy'] == REGISTER_CLOSED ? false : true);
}
function tagrm_content(&$a)
{
$o = '';
if (!local_user()) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
$item = $a->argc > 1 ? intval($a->argv[1]) : 0;
if (!$item) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user()));
if (!count($r)) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$arr = explode(',', $r[0]['tag']);
if (!count($arr)) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$o .= '<h3>' . t('Remove Item Tag') . '</h3>';
$o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>';
$o .= '<form id="tagrm" action="tagrm" method="post" >';
$o .= '<input type="hidden" name="item" value="' . $item . '" />';
$o .= '<ul>';
foreach ($arr as $x) {
$o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x) . '" >' . bbcode($x) . '</input></li>';
}
$o .= '</ul>';
$o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') . '" />';
$o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') . '" />';
$o .= '</form>';
return $o;
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash));
if (!count($r)) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset')));
return $o;
}
}
function get()
{
if (!local_channel()) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
// remove tag on the fly if item and tag are provided
if (argc() == 4 && argv(1) === 'drop' && intval(argv(2))) {
$item = intval(argv(2));
$tag = argv(3);
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
$item = $r[0];
$new_tags = array();
if ($item['term']) {
for ($x = 0; $x < count($item['term']); $x++) {
if ($item['term'][$x]['term'] !== hex2bin($tag)) {
$new_tags[] = $item['term'][$x];
}
}
}
if ($new_tags) {
$item['term'] = $new_tags;
} else {
unset($item['term']);
}
item_store_update($item);
info(t('Tag removed') . EOL);
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
//if we got only the item print a list of tags to select
if (argc() == 3 && argv(1) === 'drop' && intval(argv(2))) {
$o = '';
$item = intval(argv(2));
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_channel()));
if (!$r) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$r = fetch_post_tags($r, true);
if (!count($r[0]['term'])) {
goaway(z_root() . '/' . $_SESSION['photo_return']);
}
$o .= '<h3>' . t('Remove Item Tag') . '</h3>';
$o .= '<p id="tag-remove-desc">' . t('Select a tag to remove: ') . '</p>';
$o .= '<form id="tagrm" action="tagrm" method="post" >';
$o .= '<input type="hidden" name="item" value="' . $item . '" />';
$o .= '<ul>';
foreach ($r[0]['term'] as $x) {
$o .= '<li><input type="checkbox" name="tag" value="' . bin2hex($x['term']) . '" >' . bbcode($x['term']) . '</input></li>';
}
$o .= '</ul>';
$o .= '<input id="tagrm-submit" type="submit" name="submit" value="' . t('Remove') . '" />';
$o .= '<input id="tagrm-cancel" type="submit" name="submit" value="' . t('Cancel') . '" />';
$o .= '</form>';
return $o;
}
}
function notify_init(&$a)
{
if (!local_user()) {
return;
}
if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) {
$r = q("select * from notify where id = %d and uid = %d limit 1", intval($a->argv[2]), intval(local_user()));
if (count($r)) {
q("update notify set seen = 1 where ( link = '%s' or ( parent != 0 and parent = %d and otype = '%s' )) and uid = %d", dbesc($r[0]['link']), intval($r[0]['parent']), dbesc($r[0]['otype']), intval(local_user()));
// The friendica client has problems with the GUID. this is some workaround
if ($a->is_friendica_app()) {
require_once "include/items.php";
$urldata = parse_url($r[0]['link']);
$guid = basename($urldata["path"]);
$itemdata = get_item_id($guid, local_user());
if ($itemdata["id"] != 0) {
$r[0]['link'] = $a->get_baseurl() . '/display/' . $itemdata["nick"] . '/' . $itemdata["id"];
}
}
goaway($r[0]['link']);
}
goaway($a->get_baseurl(true));
}
if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') {
$r = q("update notify set seen = 1 where uid = %d", intval(local_user()));
$j = json_encode(array('result' => $r ? 'success' : 'fail'));
echo $j;
killme();
}
}
function starred_init(&$a)
{
$starred = 0;
if (!local_user()) {
killme();
}
if ($a->argc > 1) {
$message_id = intval($a->argv[1]);
}
if (!$message_id) {
killme();
}
$r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id));
if (!count($r)) {
killme();
}
if (!intval($r[0]['starred'])) {
$starred = 1;
}
$r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", intval($starred), intval(local_user()), intval($message_id));
// See if we've been passed a return path to redirect to
$return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
if ($return_path) {
$rand = '_=' . time();
if (strpos($return_path, '?')) {
$rand = "&{$rand}";
} else {
$rand = "?{$rand}";
}
goaway($a->get_baseurl() . "/" . $return_path . $rand);
}
// the json doesn't really matter, it will either be 0 or 1
echo json_encode($starred);
killme();
}
function notifications_post(&$a)
{
if (!local_user()) {
goaway(z_root());
}
$request_id = $a->argc > 1 ? $a->argv[1] : 0;
if ($request_id === "all") {
return;
}
if ($request_id) {
$r = q("SELECT * FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($request_id), intval(local_user()));
if (count($r)) {
$intro_id = $r[0]['id'];
$contact_id = $r[0]['contact-id'];
} else {
notice(t('Invalid request identifier.') . EOL);
return;
}
// If it is a friend suggestion, the contact is not a new friend but an existing friend
// that should not be deleted.
$fid = $r[0]['fid'];
if ($_POST['submit'] == t('Discard')) {
$r = q("DELETE FROM `intro` WHERE `id` = %d LIMIT 1", intval($intro_id));
if (!$fid) {
$r = q("DELETE FROM `contact` WHERE `id` = %d AND `uid` = %d AND `self` = 0 LIMIT 1", intval($contact_id), intval(local_user()));
}
return;
}
if ($_POST['submit'] == t('Ignore')) {
$r = q("UPDATE `intro` SET `ignore` = 1 WHERE `id` = %d LIMIT 1", intval($intro_id));
return;
}
}
}
function follow_init(&$a)
{
if (!local_channel()) {
return;
}
$uid = local_channel();
$url = notags(trim($_REQUEST['url']));
$return_url = $_SESSION['return_url'];
$confirm = intval($_REQUEST['confirm']);
$result = new_contact($uid, $url, $a->get_channel(), true, $confirm);
if ($result['success'] == false) {
if ($result['message']) {
notice($result['message']);
}
goaway($return_url);
}
info(t('Channel added.') . EOL);
$clone = array();
foreach ($result['abook'] as $k => $v) {
if (strpos($k, 'abook_') === 0) {
$clone[$k] = $v;
}
}
unset($clone['abook_id']);
unset($clone['abook_account']);
unset($clone['abook_channel']);
build_sync_packet(0, array('abook' => array($clone)));
// If we can view their stream, pull in some posts
if ($result['abook']['abook_their_perms'] & PERMS_R_STREAM || $result['abook']['xchan_network'] === 'rss') {
proc_run('php', 'include/onepoll.php', $result['abook']['abook_id']);
}
goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
if (!$r) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$aid = $r[0]['account_id'];
$email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8');
$res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
return $o;
}
}
function get()
{
if (argc() > 2 && argv(2) === 'add') {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional'))));
return $o;
}
if (argc() > 3 && argv(2) === 'edit') {
$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
if (!count($r)) {
notice(t('Application not found.'));
return;
}
$app = $r[0];
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], '')));
return $o;
}
if (argc() > 3 && argv(2) === 'delete') {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel());
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r));
return $o;
}
function appman_post(&$a)
{
if (!local_user()) {
return;
}
if ($_POST['url']) {
$arr = array('uid' => intval($_REQUEST['uid']), 'url' => escape_tags($_REQUEST['url']), 'guid' => escape_tags($_REQUEST['guid']), 'author' => escape_tags($_REQUEST['author']), 'addr' => escape_tags($_REQUEST['addr']), 'name' => escape_tags($_REQUEST['name']), 'desc' => escape_tags($_REQUEST['desc']), 'photo' => escape_tags($_REQUEST['photo']), 'version' => escape_tags($_REQUEST['version']), 'price' => escape_tags($_REQUEST['price']), 'sig' => escape_tags($_REQUEST['sig']));
$_REQUEST['appid'] = app_install(local_user(), $arr);
if (app_installed(local_user(), $arr)) {
info(t('App installed.') . EOL);
}
return;
}
$papp = app_decode($_POST['papp']);
if (!is_array($papp)) {
notice(t('Malformed app.') . EOL);
return;
}
if ($_POST['install']) {
app_install(local_user(), $papp);
if (app_installed(local_user(), $papp)) {
info(t('App installed.') . EOL);
}
}
if ($_POST['delete']) {
app_destroy(local_user(), $papp);
}
if ($_POST['edit']) {
return;
}
if ($_SESSION['return_url']) {
goaway(z_root() . '/' . $_SESSION['return_url']);
}
goaway(z_root() . '/apps/personal');
}
function init()
{
$n = argc() > 1 ? intval(argv(1)) : 1;
setcookie('jsdisabled', $n, 0, '/');
$p = $_GET['redir'];
$hasq = strpos($p, '?');
goaway(z_root() . ($p ? '/' . $p : '') . ($hasq ? '' : '?f=') . '&jsdisabled=' . $n);
}
function profile_init(&$a)
{
if (!x($a->page, 'aside')) {
$a->page['aside'] = '';
}
if ($a->argc > 1) {
$which = $a->argv[1];
} else {
$r = q("select nickname from user where blocked = 0 and account_expired = 0 and account_removed = 0 and verified = 1 order by rand() limit 1");
if (count($r)) {
goaway($a->get_baseurl() . '/profile/' . $r[0]['nickname']);
} else {
logger('profile error: mod_profile ' . $a->query_string, LOGGER_DEBUG);
notice(t('Requested profile is not available.') . EOL);
$a->error = 404;
return;
}
}
$profile = 0;
if (local_user() && $a->argc > 2 && $a->argv[2] === 'view') {
$which = $a->user['nickname'];
$profile = $a->argv[1];
} else {
auto_redir($a, $which);
}
profile_load($a, $which, $profile);
$blocked = get_config('system', 'block_public') && !local_user() && !remote_user() ? true : false;
$userblock = $a->profile['hidewall'] && !local_user() && !remote_user() ? true : false;
if (x($a->profile, 'page-flags') && $a->profile['page-flags'] == PAGE_COMMUNITY) {
$a->page['htmlhead'] .= '<meta name="friendica.community" content="true" />';
}
if (x($a->profile, 'openidserver')) {
$a->page['htmlhead'] .= '<link rel="openid.server" href="' . $a->profile['openidserver'] . '" />' . "\r\n";
}
if (x($a->profile, 'openid')) {
$delegate = strstr($a->profile['openid'], '://') ? $a->profile['openid'] : 'https://' . $a->profile['openid'];
$a->page['htmlhead'] .= '<link rel="openid.delegate" href="' . $delegate . '" />' . "\r\n";
}
// site block
if (!$blocked && !$userblock) {
$keywords = x($a->profile, 'pub_keywords') ? $a->profile['pub_keywords'] : '';
$keywords = str_replace(array('#', ',', ' ', ',,'), array('', ' ', ',', ','), $keywords);
if (strlen($keywords)) {
$a->page['htmlhead'] .= '<meta name="keywords" content="' . $keywords . '" />' . "\r\n";
}
}
$a->page['htmlhead'] .= '<meta name="dfrn-global-visibility" content="' . ($a->profile['net-publish'] ? 'true' : 'false') . '" />' . "\r\n";
$a->page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . $a->get_baseurl() . '/dfrn_poll/' . $which . '" />' . "\r\n";
$uri = urlencode('acct:' . $a->profile['nickname'] . '@' . $a->get_hostname() . ($a->path ? '/' . $a->path : ''));
$a->page['htmlhead'] .= '<link rel="lrdd" type="application/xrd+xml" href="' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '" />' . "\r\n";
header('Link: <' . $a->get_baseurl() . '/xrd/?uri=' . $uri . '>; rel="lrdd"; type="application/xrd+xml"', false);
$dfrn_pages = array('request', 'confirm', 'notify', 'poll');
foreach ($dfrn_pages as $dfrn) {
$a->page['htmlhead'] .= "<link rel=\"dfrn-{$dfrn}\" href=\"" . $a->get_baseurl() . "/dfrn_{$dfrn}/{$which}\" />\r\n";
}
$a->page['htmlhead'] .= "<link rel=\"dfrn-poco\" href=\"" . $a->get_baseurl() . "/poco/{$which}\" />\r\n";
}
