function group_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
if ($a->argc == 2 && $a->argv[1] == 'new') {
$name = notags(trim($_POST['groupname']));
$r = group_add($name);
if ($r) {
notice(t('Group created.') . EOL);
$r = group_byname($name);
if ($r) {
goaway($a->get_baseurl() . '/group/' . $r);
}
} else {
notice(t('Could not create group.') . EOL);
}
goaway($a->get_baseurl() . '/group');
return;
// NOTREACHED
}
if ($a->argc == 2 && intval($a->argv[1])) {
$r = q("SELECT * FROM `group` WHERE `id` = %d LIMIT 1", intval($a->argv[1]));
if (!count($r)) {
notice(t('Group not found.') . EOL);
goaway($a->get_baseurl() . '/contacts');
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if (strlen($groupname) && $groupname != $group['name']) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `id` = %d LIMIT 1", dbesc($groupname), intval($group['id']));
if ($r) {
notice(t('Group name changed.') . EOL);
}
}
$members = $_POST['group_members_select'];
array_walk($members, 'validate_members');
$r = q("DELETE FROM `group_member` WHERE `gid` = %d ", intval($a->argv[1]));
$result = true;
if (count($members)) {
foreach ($members as $member) {
$r = q("INSERT INTO `group_member` ( `gid`, `contact-id`)\n\t\t\t\t\tVALUES ( %d, %d )", intval($group['id']), intval($member));
if (!$r) {
$result = false;
}
}
}
if ($result) {
notice(t('Membership list updated.') . EOL);
}
$a->page['aside'] = group_side();
}
}
function group_add_member($name, $member)
{
$gid = group_byname($name);
if (!$gid || !$member) {
return false;
}
$r = q("SELECT * FROM `group_member` WHERE `id` = %d AND `contact-id` = %d LIMIT 1", intval($gid), intval($member));
if (count($r)) {
return true;
}
// You might question this, but
// we indicate success because the group was in fact created
// -- It was just created at another time
if (!count($r)) {
$r = q("INSERT INTO `group_member` (`gid`, `contact-id`)\n\t\t\tVALUES( %d, %d ) ", intval($gid), intval($member));
}
return $r;
}
function group_post(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
return;
}
if ($a->argc == 2 && $a->argv[1] === 'new') {
check_form_security_token_redirectOnErr('/group/new', 'group_edit');
$name = notags(trim($_POST['groupname']));
$r = group_add(local_user(), $name);
if ($r) {
info(t('Group created.') . EOL);
$r = group_byname(local_user(), $name);
if ($r) {
goaway($a->get_baseurl() . '/group/' . $r);
}
} else {
notice(t('Could not create group.') . EOL);
}
goaway($a->get_baseurl() . '/group');
return;
// NOTREACHED
}
if ($a->argc == 2 && intval($a->argv[1])) {
check_form_security_token_redirectOnErr('/group', 'group_edit');
$r = q("SELECT * FROM `group` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user()));
if (!count($r)) {
notice(t('Group not found.') . EOL);
goaway($a->get_baseurl() . '/contacts');
return;
// NOTREACHED
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
if (strlen($groupname) && $groupname != $group['name']) {
$r = q("UPDATE `group` SET `name` = '%s' WHERE `uid` = %d AND `id` = %d LIMIT 1", dbesc($groupname), intval(local_user()), intval($group['id']));
if ($r) {
info(t('Group name changed.') . EOL);
}
}
$a->page['aside'] = group_side();
}
return;
}
function post()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
if (argc() == 2 && argv(1) === 'new') {
check_form_security_token_redirectOnErr('/group/new', 'group_edit');
$name = notags(trim($_POST['groupname']));
$public = intval($_POST['public']);
$r = group_add(local_channel(), $name, $public);
if ($r) {
info(t('Privacy group created.') . EOL);
$r = group_byname(local_channel(), $name);
if ($r) {
goaway(z_root() . '/group/' . $r);
}
} else {
notice(t('Could not create privacy group.') . EOL);
}
goaway(z_root() . '/group');
}
if (argc() == 2 && intval(argv(1))) {
check_form_security_token_redirectOnErr('/group', 'group_edit');
$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(argv(1)), intval(local_channel()));
if (!$r) {
notice(t('Privacy group not found.') . EOL);
goaway(z_root() . '/connections');
}
$group = $r[0];
$groupname = notags(trim($_POST['groupname']));
$public = intval($_POST['public']);
if (strlen($groupname) && ($groupname != $group['gname'] || $public != $group['visible'])) {
$r = q("UPDATE `groups` SET `gname` = '%s', visible = %d WHERE `uid` = %d AND `id` = %d", dbesc($groupname), intval($public), intval(local_channel()), intval($group['id']));
if ($r) {
info(t('Privacy group updated.') . EOL);
}
}
goaway(z_root() . '/group/' . argv(1) . '/' . argv(2));
}
return;
}
/**
* @brief This function removes the tag $tag from the text $body and replaces it
* with the appropiate link.
*
* @param App $a
* @param[in,out] string &$body the text to replace the tag in
* @param[in,out] string &$access_tag used to return tag ACL exclusions e.g. @!foo
* @param[in,out] string &$str_tags string to add the tag to
* @param int $profile_uid
* @param string $tag the tag to replace
* @param boolean $diaspora default false
* @return boolean true if replaced, false if not replaced
*/
function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $diaspora = false)
{
$replaced = false;
$r = null;
$match = array();
$termtype = strpos($tag, '#') === 0 ? TERM_HASHTAG : TERM_UNKNOWN;
$termtype = strpos($tag, '@') === 0 ? TERM_MENTION : $termtype;
$termtype = strpos($tag, '#^[') === 0 ? TERM_BOOKMARK : $termtype;
//is it a hash tag?
if (strpos($tag, '#') === 0) {
if (strpos($tag, '#^[') === 0) {
if (preg_match('/#\\^\\[(url|zrl)(.*?)\\](.*?)\\[\\/(url|zrl)\\]/', $tag, $match)) {
$basetag = $match[3];
$url = substr($match[2], 0, 1) === '=' ? substr($match[2], 1) : $match[3];
$replaced = true;
}
} elseif (strpos($tag, '[zrl=') || strpos($tag, '[url=')) {
//...do nothing
return $replaced;
}
if ($tag == '#getzot') {
$basetag = 'getzot';
$url = 'http://hubzilla.org';
$newtag = '#[zrl=' . $url . ']' . $basetag . '[/zrl]';
$body = str_replace($tag, $newtag, $body);
$replaced = true;
}
if (!$replaced) {
//base tag has the tags name only
if (substr($tag, 0, 7) === '#"' && substr($tag, -6, 6) === '"') {
$basetag = substr($tag, 7);
$basetag = substr($basetag, 0, -6);
} else {
$basetag = str_replace('_', ' ', substr($tag, 1));
}
//create text for link
$url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag);
$newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]';
//replace tag by the link. Make sure to not replace something in the middle of a word
// The '=' is needed to not replace color codes if the code is also used as a tag
// Much better would be to somehow completely avoiding things in e.g. [color]-tags.
// This would allow writing things like "my favourite tag=#foobar".
$body = preg_replace('/(?<![a-zA-Z0-9=])' . preg_quote($tag, '/') . '/', $newtag, $body);
$replaced = true;
}
//is the link already in str_tags?
if (!stristr($str_tags, $newtag)) {
//append or set str_tags
if (strlen($str_tags)) {
$str_tags .= ',';
}
$str_tags .= $newtag;
}
return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $basetag, 'url' => $url, 'contact' => $r[0]);
}
//is it a person tag?
if (strpos($tag, '@') === 0) {
// The @! tag will alter permissions
$exclusive = strpos($tag, '!') === 1 && !$diaspora ? true : false;
//is it already replaced?
if (strpos($tag, '[zrl=')) {
return $replaced;
}
//get the person's name
$name = substr($tag, $exclusive ? 2 : 1);
// The name or name fragment we are going to replace
$newname = $name;
// a copy that we can mess with
$tagcid = 0;
$r = null;
// is it some generated name?
$forum = false;
$trailing_plus_name = false;
// @channel+ is a forum or network delivery tag
if (substr($newname, -1, 1) === '+') {
$forum = true;
$newname = substr($newname, 0, -1);
}
// Here we're looking for an address book entry as provided by the auto-completer
// of the form something+nnn where nnn is an abook_id or the first chars of xchan_hash
// If there's a +nnn in the string make sure there isn't a space preceding it
$t1 = strpos($newname, ' ');
$t2 = strrpos($newname, '+');
if ($t1 && $t2 && $t1 < $t2) {
$t2 = 0;
}
if ($t2 && !$diaspora) {
//get the id
$tagcid = substr($newname, $t2 + 1);
if (strrpos($tagcid, ' ')) {
$tagcid = substr($tagcid, 0, strrpos($tagcid, ' '));
}
if (strlen($tagcid) < 16) {
$abook_id = intval($tagcid);
}
//remove the next word from tag's name
if (strpos($name, ' ')) {
$name = substr($name, 0, strpos($name, ' '));
}
if ($abook_id) {
// if there was an id
// select channel with that id from the logged in user's address book
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE abook_id = %d AND abook_channel = %d LIMIT 1", intval($abook_id), intval($profile_uid));
} else {
$r = q("SELECT * FROM xchan \n\t\t\t\t\tWHERE xchan_hash like '%s%%' LIMIT 1", dbesc($tagcid));
}
}
if (!$r) {
// look for matching names in the address book
// Two ways to deal with spaces - double quote the name or use underscores
// we see this after input filtering so quotes have been html entity encoded
if (substr($name, 0, 6) === '"' && substr($name, -6, 6) === '"') {
$newname = substr($name, 6);
$newname = substr($newname, 0, -6);
} else {
$newname = str_replace('_', ' ', $name);
}
// do this bit over since we started over with $name
if (substr($newname, -1, 1) === '+') {
$forum = true;
$newname = substr($newname, 0, -1);
}
//select someone from this user's contacts by name
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\tWHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval($profile_uid));
if (!$r) {
//select someone by attag or nick and the name passed in
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE xchan_addr like ('%s') AND abook_channel = %d LIMIT 1", dbesc(strpos($newname, '@') ? $newname : $newname . '@%'), intval($profile_uid));
}
if (!$r) {
// it's possible somebody has a name ending with '+', which we stripped off as a forum indicator
// This is very rare but we want to get it right.
$r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash \n\t\t\t\t\tWHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname . '+'), intval($profile_uid));
if ($r) {
$trailing_plus_name = true;
}
}
}
// $r is set if we found something
$channel = get_app()->get_channel();
if ($r) {
$profile = $r[0]['xchan_url'];
$newname = $r[0]['xchan_name'];
// add the channel's xchan_hash to $access_tag if exclusive
if ($exclusive) {
$access_tag .= 'cid:' . $r[0]['xchan_hash'];
}
} else {
// check for a group/collection exclusion tag
// note that we aren't setting $replaced even though we're replacing text.
// This tag isn't going to get a term attached to it. It's only used for
// access control. The link points to out own channel just so it doesn't look
// weird - as all the other tags are linked to something.
if (local_channel() && local_channel() == $profile_uid) {
require_once 'include/group.php';
$grp = group_byname($profile_uid, $name);
if ($grp) {
$g = q("select hash from groups where id = %d and visible = 1 limit 1", intval($grp));
if ($g && $exclusive) {
$access_tag .= 'gid:' . $g[0]['hash'];
}
$channel = get_app()->get_channel();
if ($channel) {
$newtag = '@' . ($exclusive ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]';
$body = str_replace('@' . ($exclusive ? '!' : '') . $name, $newtag, $body);
}
}
}
}
if ($exclusive && !$access_tag) {
$access_tag .= 'cid:' . $channel['channel_hash'];
}
// if there is an url for this channel
if (isset($profile)) {
$replaced = true;
//create profile link
$profile = str_replace(',', '%2c', $profile);
$url = $profile;
$newtag = '@' . ($exclusive ? '!' : '') . '[zrl=' . $profile . ']' . $newname . ($forum && !$trailing_plus_name ? '+' : '') . '[/zrl]';
$body = str_replace('@' . ($exclusive ? '!' : '') . $name, $newtag, $body);
//append tag to str_tags
if (!stristr($str_tags, $newtag)) {
if (strlen($str_tags)) {
$str_tags .= ',';
}
$str_tags .= $newtag;
}
}
}
return array('replaced' => $replaced, 'termtype' => $termtype, 'term' => $newname, 'url' => $url, 'contact' => $r[0]);
}
function group_add_member($uid, $name, $member, $gid = 0)
{
if (!$gid) {
$gid = group_byname($uid, $name);
}
if (!$gid || !$uid || !$member) {
return false;
}
$r = q("SELECT * FROM `group_member` WHERE `uid` = %d AND `gid` = %d AND `xchan` = '%s' LIMIT 1", intval($uid), intval($gid), dbesc($member));
if (count($r)) {
return true;
}
// You might question this, but
// we indicate success because the group member was in fact created
// -- It was just created at another time
if (!count($r)) {
$r = q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\tVALUES( %d, %d, '%s' ) ", intval($uid), intval($gid), dbesc($member));
}
build_sync_packet($uid, null, true);
return $r;
}
