function search_ac_init(&$a)
{
if (!local_channel()) {
killme();
}
$start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
$count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
$search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
$search = $_REQUEST['query'];
}
// Priority to people searches
if ($search) {
$people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
$tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
}
$r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel()));
$results = array();
if ($r) {
foreach ($r as $g) {
$results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => '');
}
}
$r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
if (count($r)) {
foreach ($r as $g) {
$results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => '');
}
}
header("content-type: application/json");
$o = array('start' => $start, 'count' => $count, 'items' => $results);
echo json_encode($o);
logger('search_ac: ' . print_r($x, true));
killme();
}
function new_access_token($token, $consumer, $verifier = null)
{
logger(__FUNCTION__ . ":" . $token . ", " . $consumer . ", " . $verifier, LOGGER_DEBUG);
// return a new access token attached to this consumer
// for the user associated with this token if the request token
// is authorized
// should also invalidate the request token
$ret = Null;
// get user for this verifier
$uverifier = get_config("oauth", $verifier);
logger(__FUNCTION__ . ":" . $verifier . "," . $uverifier, LOGGER_DEBUG);
if (is_null($verifier) || $uverifier !== false) {
$key = $this->gen_token();
$sec = $this->gen_token();
$r = q("INSERT INTO tokens (id, secret, client_id, scope, expires, uid) VALUES ('%s','%s','%s','%s', %d, %d)", dbesc($key), dbesc($sec), dbesc($consumer->key), 'access', time() + intval(ACCESS_TOKEN_DURATION), intval($uverifier));
if ($r) {
$ret = new OAuth1Token($key, $sec);
}
}
q("DELETE FROM tokens WHERE id='%s'", $token->key);
if (!is_null($ret) && $uverifier !== false) {
del_config("oauth", $verifier);
// $apps = get_pconfig($uverifier, "oauth", "apps");
// if ($apps===false) $apps=array();
// $apps[] = $consumer->key;
// set_pconfig($uverifier, "oauth", "apps", $apps);
}
return $ret;
}
function post()
{
if (!local_channel()) {
return;
}
if (\App::$argc != 2) {
return;
}
$contact_id = intval(\App::$argv[1]);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval(local_channel()));
if (!count($r)) {
notice(t('Contact not found.') . EOL);
return;
}
$contact = $r[0];
$new_contact = intval($_POST['suggest']);
$hash = random_string();
$note = escape_tags(trim($_POST['note']));
if ($new_contact) {
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($new_contact), intval(local_channel()));
if (count($r)) {
$x = q("INSERT INTO `fsuggest` ( `uid`,`cid`,`name`,`url`,`request`,`photo`,`note`,`created`)\n\t\t\t\t\tVALUES ( %d, %d, '%s','%s','%s','%s','%s','%s')", intval(local_channel()), intval($contact_id), dbesc($r[0]['name']), dbesc($r[0]['url']), dbesc($r[0]['request']), dbesc($r[0]['photo']), dbesc($hash), dbesc(datetime_convert()));
$r = q("SELECT `id` FROM `fsuggest` WHERE `note` = '%s' AND `uid` = %d LIMIT 1", dbesc($hash), intval(local_channel()));
if (count($r)) {
$fsuggest_id = $r[0]['id'];
q("UPDATE `fsuggest` SET `note` = '%s' WHERE `id` = %d AND `uid` = %d", dbesc($note), intval($fsuggest_id), intval(local_channel()));
proc_run('php', 'include/notifier.php', 'suggest', $fsuggest_id);
}
info(t('Friend suggestion sent.') . EOL);
}
}
}
function repair_ostatus_content(&$a)
{
if (!local_user()) {
notice(t('Permission denied.') . EOL);
goaway($_SESSION['return_url']);
// NOTREACHED
}
$o = "<h2>" . t("Resubsribing to OStatus contacts") . "</h2>";
$uid = local_user();
$a = get_app();
$counter = intval($_REQUEST['counter']);
$r = q("SELECT COUNT(*) AS `total` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING));
if (!$r) {
return $o . t("Error");
}
$total = $r[0]["total"];
$r = q("SELECT `url` FROM `contact` WHERE\n `uid` = %d AND `network` = '%s' AND `rel` IN (%d, %d)\n\t\tORDER BY `url`\n\t\tLIMIT %d, 1", intval($uid), dbesc(NETWORK_OSTATUS), intval(CONTACT_IS_FRIEND), intval(CONTACT_IS_SHARING), $counter++);
if (!$r) {
$o .= t("Done");
return $o;
}
$o .= "<p>" . $counter . "/" . $total . ": " . $r[0]["url"] . "</p>";
$o .= "<p>" . t("Keep this window open until done.") . "</p>";
$result = new_contact($uid, $r[0]["url"], true);
$a->page['htmlhead'] = '<meta http-equiv="refresh" content="1; URL=' . $a->get_baseurl() . '/repair_ostatus?counter=' . $counter . '">';
return $o;
}
function bookmarks_init(&$a)
{
if (!local_user()) {
return;
}
$item_id = intval($_REQUEST['item']);
if (!$item_id) {
return;
}
$u = $a->get_channel();
$i = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_user()));
if (!$i) {
return;
}
$i = fetch_post_tags($i);
$item = $i[0];
$terms = get_terms_oftype($item['term'], TERM_BOOKMARK);
if ($terms && !$item['item_restrict']) {
require_once 'include/bookmarks.php';
$s = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']));
if (!$s) {
logger('mod_bookmarks: author lookup failed.');
killme();
}
foreach ($terms as $t) {
bookmark_add($u, $s[0], $t, $item['item_private']);
info(t('Bookmark added') . EOL);
}
}
killme();
}
function siteinfo_init(&$a)
{
if ($a->argv[1] == "json") {
$register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN');
$sql_extra = '';
if (x($a->config, 'admin_nickname')) {
$sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname']));
}
if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') {
$r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email']));
$admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']);
} else {
$admin = false;
}
$visible_plugins = array();
if (is_array($a->plugins) && count($a->plugins)) {
$r = q("select * from addon where hidden = 0");
if (count($r)) {
foreach ($r as $rr) {
$visible_plugins[] = $rr['name'];
}
}
}
if (@is_dir('.git') && function_exists('shell_exec')) {
$commit = @shell_exec('git log -1 --format="%h"');
}
if (!isset($commit) || strlen($commit) > 16) {
$commit = '';
}
$data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : '');
echo json_encode($data);
killme();
}
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name));
if (!count($r)) {
killme();
}
$salmon_key = salmon_key($r[0]['spubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
if (get_config('system', 'diaspora_enabled')) {
//$tpl = file_get_contents('view/xrd_diaspora.tpl');
$tpl = get_markup_template('xrd_diaspora.tpl');
$dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey']))));
} else {
$dspr = '';
}
//$tpl = file_get_contents('view/xrd_person.tpl');
$tpl = get_markup_template('xrd_person.tpl');
$o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
/**
* Updates an addressbook's properties
*
* See Sabre_DAV_IProperties for a description of the mutations array, as
* well as the return value.
*
* @param mixed $addressBookId
* @param array $mutations
* @throws Sabre_DAV_Exception_Forbidden
* @see Sabre_DAV_IProperties::updateProperties
* @return bool|array
*/
public function updateAddressBook($addressBookId, array $mutations)
{
$updates = array();
foreach ($mutations as $property => $newValue) {
switch ($property) {
case '{DAV:}displayname':
$updates['displayname'] = $newValue;
break;
case '{' . Sabre_CardDAV_Plugin::NS_CARDDAV . '}addressbook-description':
$updates['description'] = $newValue;
break;
default:
// If any unsupported values were being updated, we must
// let the entire request fail.
return false;
}
}
// No values are being updated?
if (!$updates) {
return false;
}
$query = 'UPDATE ' . CALDAV_SQL_DB . CALDAV_SQL_PREFIX . 'addressbooks SET ctag = ctag + 1 ';
foreach ($updates as $key => $value) {
$query .= ', `' . dbesc($key) . '` = ' . dbesc($key) . ' ';
}
$query .= ' WHERE id = ' . IntVal($addressBookId);
q($query);
return true;
}
function checksites_run($argv, $argc)
{
cli_startup();
$a = get_app();
logger('checksites: start');
if ($argc > 1 && $argv[1]) {
$site_id = $argv[1];
}
if ($site_id) {
$sql_options = " and site_url = '" . dbesc($argv[1]) . "' ";
}
$days = intval(get_config('system', 'sitecheckdays'));
if ($days < 1) {
$days = 30;
}
$r = q("select * from site where site_dead = 0 and site_update < %s - INTERVAL %s and site_type = %d {$sql_options} ", db_utcnow(), db_quoteinterval($days . ' DAY'), intval(SITE_TYPE_ZOT));
if (!$r) {
return;
}
foreach ($r as $rr) {
if (!strcasecmp($rr['site_url'], z_root())) {
continue;
}
$x = ping_site($rr['site_url']);
if ($x['success']) {
logger('checksites: ' . $rr['site_url']);
q("update site set site_update = '%s' where site_url = '%s' ", dbesc(datetime_convert()), dbesc($rr['site_url']));
} else {
logger('marking dead site: ' . $x['message']);
q("update site set site_dead = 1 where site_url = '%s' ", dbesc($rr['site_url']));
}
}
return;
}
function xrd_init(&$a)
{
$uri = urldecode(notags(trim($_GET['uri'])));
if (substr($uri, 0, 4) === 'http') {
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: text/xml");
$tpl = get_markup_template('view/xrd_person.tpl');
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
function chat_post(&$a)
{
if ($_POST['room_name']) {
$room = strip_tags(trim($_POST['room_name']));
}
if (!$room || !local_channel()) {
return;
}
$channel = $a->get_channel();
if ($_POST['action'] === 'drop') {
logger('delete chatroom');
chatroom_destroy($channel, array('cr_name' => $room));
goaway(z_root() . '/chat/' . $channel['channel_address']);
}
$arr = array('name' => $room);
$arr['allow_gid'] = perms2str($_REQUEST['group_allow']);
$arr['allow_cid'] = perms2str($_REQUEST['contact_allow']);
$arr['deny_gid'] = perms2str($_REQUEST['group_deny']);
$arr['deny_cid'] = perms2str($_REQUEST['contact_deny']);
chatroom_create($channel, $arr);
$x = q("select cr_id from chatroom where cr_name = '%s' and cr_uid = %d limit 1", dbesc($room), intval(local_channel()));
if ($x) {
goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']);
}
// that failed. Try again perhaps?
goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new');
}
function notify_init(&$a)
{
if (!local_user()) {
return;
}
if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) {
$r = q("select * from notify where id = %d and uid = %d limit 1", intval($a->argv[2]), intval(local_user()));
if (count($r)) {
q("update notify set seen = 1 where ( link = '%s' or ( parent != 0 and parent = %d and otype = '%s' )) and uid = %d", dbesc($r[0]['link']), intval($r[0]['parent']), dbesc($r[0]['otype']), intval(local_user()));
// The friendica client has problems with the GUID. this is some workaround
if ($a->is_friendica_app()) {
require_once "include/items.php";
$urldata = parse_url($r[0]['link']);
$guid = basename($urldata["path"]);
$itemdata = get_item_id($guid, local_user());
if ($itemdata["id"] != 0) {
$r[0]['link'] = $a->get_baseurl() . '/display/' . $itemdata["nick"] . '/' . $itemdata["id"];
}
}
goaway($r[0]['link']);
}
goaway($a->get_baseurl(true));
}
if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') {
$r = q("update notify set seen = 1 where uid = %d", intval(local_user()));
$j = json_encode(array('result' => $r ? 'success' : 'fail'));
echo $j;
killme();
}
}
function attach_init(&$a)
{
if ($a->argc != 2) {
notice(t('Item not available.') . EOL);
return;
}
$item_id = intval($a->argv[1]);
// Check for existence, which will also provide us the owner uid
$r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id));
if (!count($r)) {
notice(t('Item was not found.') . EOL);
return;
}
$sql_extra = permissions_sql($r[0]['uid']);
// Now we'll see if we can access the attachment
$r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id));
if (!count($r)) {
notice(t('Permission denied.') . EOL);
return;
}
// Use quotes around the filename to prevent a "multiple Content-Disposition"
// error in Chrome for filenames with commas in them
header('Content-type: ' . $r[0]['filetype']);
header('Content-length: ' . $r[0]['filesize']);
if (isset($_GET['attachment']) && $_GET['attachment'] === '0') {
header('Content-disposition: filename="' . $r[0]['filename'] . '"');
} else {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
}
echo $r[0]['data'];
killme();
// NOTREACHED
}
function pubsub_post(&$a)
{
$xml = file_get_contents('php://input');
logger('pubsub: feed arrived from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $a->cmd);
logger('pubsub: user-agent: ' . $_SERVER['HTTP_USER_AGENT']);
logger('pubsub: data: ' . $xml, LOGGER_DATA);
// if(! stristr($xml,'<?xml')) {
// logger('pubsub_post: bad xml');
// hub_post_return();
// }
$nick = $a->argc > 1 ? notags(trim($a->argv[1])) : '';
$contact_id = $a->argc > 2 ? intval($a->argv[2]) : 0;
$r = q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", dbesc($nick));
if (!count($r)) {
hub_post_return();
}
$importer = $r[0];
$r = q("SELECT * FROM `contact` WHERE `subhub` = 1 AND `id` = %d AND `uid` = %d \n\t\tAND ( `rel` = %d OR `rel` = %d OR network = '%s' ) AND `blocked` = 0 AND `readonly` = 0 LIMIT 1", intval($contact_id), intval($importer['uid']), intval(CONTACT_IS_SHARING), intval(CONTACT_IS_FRIEND), dbesc(NETWORK_FEED));
if (!count($r)) {
logger('pubsub: no contact record for "' . $nick . ' (' . $contact_id . ')" - ignored. ' . $xml);
hub_post_return();
}
$contact = $r[0];
// we have no way to match Diaspora guid's with atom post id's and could get duplicates.
// we'll assume that direct delivery is robust (and this is a bad assumption, but the duplicates are messy).
if ($r[0]['network'] === NETWORK_DIASPORA) {
hub_post_return();
}
$feedhub = '';
require_once 'include/items.php';
consume_feed($xml, $importer, $contact, $feedhub, 1, 1);
// do it a second time so that any children find their parents.
consume_feed($xml, $importer, $contact, $feedhub, 1, 2);
hub_post_return();
}
function get()
{
if (!local_channel()) {
notice(t('Permission denied.') . EOL);
return;
}
$channel = \App::get_channel();
$app = null;
$embed = null;
if ($_REQUEST['appid']) {
$r = q("select * from app where app_id = '%s' and app_channel = %d limit 1", dbesc($_REQUEST['appid']), dbesc(local_channel()));
if ($r) {
$app = $r[0];
$term = q("select * from term where otype = %d and oid = %d", intval(TERM_OBJ_APP), intval($r[0]['id']));
if ($term) {
$app['categories'] = '';
foreach ($term as $t) {
if ($app['categories']) {
$app['categories'] .= ',';
}
$app['categories'] .= $t['term'];
}
}
}
$embed = array('embed', t('Embed code'), app_encode($app, true), '', 'onclick="this.select();"');
}
return replace_macros(get_markup_template('app_create.tpl'), array('$banner' => $app ? t('Edit App') : t('Create App'), '$app' => $app, '$guid' => $app ? $app['app_id'] : '', '$author' => $app ? $app['app_author'] : $channel['channel_hash'], '$addr' => $app ? $app['app_addr'] : $channel['xchan_addr'], '$name' => array('name', t('Name of app'), $app ? $app['app_name'] : '', t('Required')), '$url' => array('url', t('Location (URL) of app'), $app ? $app['app_url'] : '', t('Required')), '$desc' => array('desc', t('Description'), $app ? $app['app_desc'] : '', ''), '$photo' => array('photo', t('Photo icon URL'), $app ? $app['app_photo'] : '', t('80 x 80 pixels - optional')), '$categories' => array('categories', t('Categories (optional, comma separated list)'), $app ? $app['categories'] : '', ''), '$version' => array('version', t('Version ID'), $app ? $app['app_version'] : '', ''), '$price' => array('price', t('Price of app'), $app ? $app['app_price'] : '', ''), '$page' => array('page', t('Location (URL) to purchase app'), $app ? $app['app_page'] : '', ''), '$system' => $app ? intval($app['app_system']) : 0, '$requires' => $app ? $app['app_requires'] : '', '$embed' => $embed, '$submit' => t('Submit')));
}
function init()
{
$result = array('success' => false);
$mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : '';
if (!$mindate) {
$mindate = datetime_convert('UTC', 'UTC', 'now - 14 days');
}
if (observer_prohibited()) {
$result['message'] = 'Public access denied';
json_return_and_die($result);
}
$observer = \App::get_observer();
$channel_address = argc() > 1 ? argv(1) : '';
if ($channel_address) {
$r = q("select channel_id, channel_name from channel where channel_address = '%s' and channel_removed = 0 limit 1", dbesc(argv(1)));
} else {
$x = get_sys_channel();
if ($x) {
$r = array($x);
}
$mindate = datetime_convert('UTC', 'UTC', 'now - 14 days');
}
if (!$r) {
$result['message'] = 'Channel not found.';
json_return_and_die($result);
}
logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG);
$result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], array('mindate' => $mindate));
$result['success'] = true;
json_return_and_die($result);
}
/**
* Display admin settings for this addon
*/
function libravatar_plugin_admin(&$a, &$o)
{
$t = get_markup_template("admin.tpl", "addon/libravatar");
$default_avatar = get_config('libravatar', 'default_img');
// set default values for first configuration
if (!$default_avatar) {
$default_avatar = 'identicon';
}
// pseudo-random geometric pattern based on email hash
// Available options for the select boxes
$default_avatars = array('mm' => t('generic profile image'), 'identicon' => t('random geometric pattern'), 'monsterid' => t('monster face'), 'wavatar' => t('computer generated face'), 'retro' => t('retro arcade style face'));
// Show warning if PHP version is too old
if (!version_compare(PHP_VERSION, '5.3.0', '>=')) {
$o = '<h5>' . t('Warning') . '</h5><p>';
$o .= sprintf(t('Your PHP version %s is lower than the required PHP >= 5.3.'), PHP_VERSION);
$o .= '<br>' . t('This addon is not functional on your server.') . '<p><br>';
return;
}
// Libravatar falls back to gravatar, so show warning about gravatar addon if enabled
$r = q("SELECT * FROM `addon` WHERE `name` = '%s' and `installed` = 1", dbesc('gravatar'));
if (count($r)) {
$o = '<h5>' . t('Information') . '</h5><p>' . t('Gravatar addon is installed. Please disable the Gravatar addon.<br>The Libravatar addon will fall back to Gravatar if nothing was found at Libravatar.') . '</p><br><br>';
}
// output Libravatar settings
$o .= '<input type="hidden" name="form_security_token" value="' . get_form_security_token("libravatarsave") . '">';
$o .= replace_macros($t, array('$submit' => t('Save Settings'), '$default_avatar' => array('avatar', t('Default avatar image'), $default_avatar, t('Select default avatar image if none was found. See README'), $default_avatars)));
}
function zotfeed_init(&$a)
{
$result = array('success' => false);
$mindate = $_REQUEST['mindate'] ? datetime_convert('UTC', 'UTC', $_REQUEST['mindate']) : '';
if (!$mindate) {
$mindate = datetime_convert('UTC', 'UTC', 'now - 1 month');
}
if (get_config('system', 'block_public') && !get_account_id() && !remote_user()) {
$result['message'] = 'Public access denied';
json_return_and_die($result);
}
$observer = $a->get_observer();
$channel_address = argc() > 1 ? argv(1) : '';
if ($channel_address) {
$r = q("select channel_id, channel_name from channel where channel_address = '%s' and not (channel_pageflags & %d) limit 1", dbesc(argv(1)), intval(PAGE_REMOVED));
} else {
$x = get_sys_channel();
if ($x) {
$r = array($x);
}
}
if (!$r) {
$result['message'] = 'Channel not found.';
json_return_and_die($result);
}
logger('zotfeed request: ' . $r[0]['channel_name'], LOGGER_DEBUG);
$result['messages'] = zot_feed($r[0]['channel_id'], $observer['xchan_hash'], $mindate);
$result['success'] = true;
json_return_and_die($result);
}
function p_init(&$a)
{
if (argc() < 2) {
http_status_exit(401);
}
$mid = str_replace('.xml', '', argv(1));
$r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", dbesc($mid));
if (!$r || !perm_is_allowed($r[0]['uid'], '', 'view_stream')) {
http_status_exit(404);
}
$c = q("select * from channel where channel_id = %d limit 1", intval($r[0]['uid']));
if (!$c) {
http_status_exit(404);
}
$myaddr = $c[0]['channel_address'] . '@' . App::get_hostname();
$item = $r[0];
$title = $item['title'];
$body = bb2diaspora_itembody($item);
$created = datetime_convert('UTC', 'UTC', $item['created'], 'Y-m-d H:i:s \\U\\T\\C');
$tpl = get_markup_template('diaspora_post.tpl', 'addon/diaspora');
$msg = replace_macros($tpl, array('$body' => xmlify($body), '$guid' => $item['mid'], '$handle' => xmlify($myaddr), '$public' => 'true', '$created' => $created, '$provider' => $item['app'] ? $item['app'] : t('$projectname')));
header('Content-type: text/xml');
echo $msg;
killme();
}
function onedirsync_run($argv, $argc)
{
cli_startup();
$a = get_app();
logger('onedirsync: start ' . intval($argv[1]));
if ($argc > 1 && intval($argv[1])) {
$update_id = intval($argv[1]);
}
if (!$update_id) {
logger('onedirsync: no update');
return;
}
$r = q("select * from updates where ud_id = %d limit 1", intval($update_id));
if (!$r) {
return;
}
if ($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED || !$r[0]['ud_addr']) {
return;
}
// Have we probed this channel more recently than the other directory server
// (where we received this update from) ?
// If we have, we don't need to do anything except mark any older entries updated
$x = q("select * from updates where ud_addr = '%s' and ud_date > '%s' and ( ud_flags & %d ) order by ud_date desc limit 1", dbesc($r[0]['ud_addr']), dbesc($r[0]['ud_date']), intval(UPDATE_FLAGS_UPDATED));
if ($x) {
$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not ( ud_flags & %d ) and ud_date < '%s' ", intval(UPDATE_FLAGS_UPDATED), dbesc($r[0]['ud_addr']), intval(UPDATE_FLAGS_UPDATED), dbesc($x[0]['ud_date']));
return;
}
update_directory_entry($r[0]);
return;
}
function handle_pubsubhubbub()
{
global $a, $db;
logger('start');
// We'll push to each subscriber that has push > 0,
// i.e. there has been an update (set in notifier.php).
$r = q("SELECT * FROM `push_subscriber` WHERE `push` > 0");
foreach ($r as $rr) {
$params = get_feed_for($a, '', $rr['nickname'], $rr['last_update'], 0, true);
$hmac_sig = hash_hmac("sha1", $params, $rr['secret']);
$headers = array("Content-type: application/atom+xml", sprintf("Link: <%s>;rel=hub," . "<%s>;rel=self", $a->get_baseurl() . '/pubsubhubbub', $rr['topic']), "X-Hub-Signature: sha1=" . $hmac_sig);
logger('POST ' . print_r($headers, true) . "\n" . $params, LOGGER_DEBUG);
post_url($rr['callback_url'], $params, $headers);
$ret = $a->get_curl_code();
if ($ret >= 200 && $ret <= 299) {
logger('successfully pushed to ' . $rr['callback_url']);
// set last_update to "now", and reset push=0
$date_now = datetime_convert('UTC', 'UTC', 'now', 'Y-m-d H:i:s');
q("UPDATE `push_subscriber` SET `push` = 0, last_update = '%s' WHERE id = %d", dbesc($date_now), intval($rr['id']));
} else {
logger('error when pushing to ' . $rr['callback_url'] . ' HTTP: ' . $ret);
// we use the push variable also as a counter, if we failed we
// increment this until some upper limit where we give up
$new_push = intval($rr['push']) + 1;
if ($new_push > 30) {
// OK, let's give up
$new_push = 0;
}
q("UPDATE `push_subscriber` SET `push` = %d WHERE id = %d", $new_push, intval($rr['id']));
}
}
logger('done');
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$hash = hash('whirlpool', $verify);
$r = q("SELECT * FROM `user` WHERE `pwdreset` = '%s' LIMIT 1", dbesc($hash));
if (!count($r)) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$uid = $r[0]['uid'];
$username = $r[0]['username'];
$email = $r[0]['email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$new_password_encoded = hash('whirlpool', $new_password);
$r = q("UPDATE `user` SET `password` = '%s', `pwdreset` = '' WHERE `uid` = %d LIMIT 1", dbesc($new_password_encoded), intval($uid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$email_tpl = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => $username, '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$res = mail($email, "Your password has changed at {$a->config['sitename']}", $email_tpl, 'From: ' . t('Administrator') . '@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Nickname or Email: '), '$submit' => t('Reset')));
return $o;
}
}
function init()
{
if (argc() > 1) {
$which = argv(1);
} else {
notice(t('Requested profile is not available.') . EOL);
\App::$error = 404;
return;
}
$profile = '';
$channel = \App::get_channel();
if (local_channel() && argc() > 2 && argv(2) === 'view') {
$which = $channel['channel_address'];
$profile = argv(1);
$r = q("select profile_guid from profile where id = %d and uid = %d limit 1", intval($profile), intval(local_channel()));
if (!$r) {
$profile = '';
}
$profile = $r[0]['profile_guid'];
}
\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
if (!$profile) {
$x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1", dbesc(argv(1)));
if ($x) {
\App::$profile = $x[0];
}
}
profile_load($a, $which, $profile);
}
function init()
{
$uri = urldecode(notags(trim($_GET['uri'])));
logger('xrd: ' . $uri, LOGGER_DEBUG);
$resource = $uri;
if (substr($uri, 0, 4) === 'http') {
$uri = str_replace('~', '', $uri);
$name = basename($uri);
} else {
$local = str_replace('acct:', '', $uri);
if (substr($local, 0, 2) == '//') {
$local = substr($local, 2);
}
$name = substr($local, 0, strpos($local, '@'));
}
$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
if (!$r) {
killme();
}
$dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
$salmon_key = salmon_key($r[0]['channel_pubkey']);
header('Access-Control-Allow-Origin: *');
header("Content-type: application/xrd+xml");
$aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
for ($x = 0; $x < count($aliases); $x++) {
if ($aliases[$x] === $resource) {
unset($aliases[$x]);
}
}
$o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
$arr = array('user' => $r[0], 'xml' => $o);
call_hooks('personal_xrd', $arr);
echo $arr['xml'];
killme();
}
public static function clear()
{
q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 30 days")), intval(CACHE_MONTH));
q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 7 days")), intval(CACHE_WEEK));
q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 1 days")), intval(CACHE_DAY));
q("DELETE FROM `cache` WHERE `updated` < '%s' AND `expire_mode` = %d", dbesc(datetime_convert('UTC', 'UTC', "now - 1 hours")), intval(CACHE_HOUR));
}
function chat_post(&$a)
{
if ($_POST['room_name']) {
$room = strip_tags(trim($_POST['room_name']));
}
if (!$room || !local_channel()) {
return;
}
$channel = $a->get_channel();
if ($_POST['action'] === 'drop') {
logger('delete chatroom');
chatroom_destroy($channel, array('cr_name' => $room));
goaway(z_root() . '/chat/' . $channel['channel_address']);
}
$acl = new AccessList($channel);
$acl->set_from_array($_REQUEST);
$arr = $acl->get();
$arr['name'] = $room;
$arr['expire'] = intval($_POST['chat_expire']);
if (intval($arr['expire']) < 0) {
$arr['expire'] = 0;
}
chatroom_create($channel, $arr);
$x = q("select * from chatroom where cr_name = '%s' and cr_uid = %d limit 1", dbesc($room), intval(local_channel()));
build_sync_packet(0, array('chatroom' => $x));
if ($x) {
goaway(z_root() . '/chat/' . $channel['channel_address'] . '/' . $x[0]['cr_id']);
}
// that failed. Try again perhaps?
goaway(z_root() . '/chat/' . $channel['channel_address'] . '/new');
}
function get()
{
if (argc() > 2 && argv(2) === 'add') {
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Submit'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), '', t('Name of application')), '$key' => array('key', t('Consumer Key'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$secret' => array('secret', t('Consumer Secret'), random_string(16), t('Automatically generated - change if desired. Max length 20')), '$redirect' => array('redirect', t('Redirect'), '', t('Redirect URI - leave blank unless your application specifically requires this')), '$icon' => array('icon', t('Icon url'), '', t('Optional'))));
return $o;
}
if (argc() > 3 && argv(2) === 'edit') {
$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
if (!count($r)) {
notice(t('Application not found.'));
return;
}
$app = $r[0];
$tpl = get_markup_template("settings_oauth_edit.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$title' => t('Add application'), '$submit' => t('Update'), '$cancel' => t('Cancel'), '$name' => array('name', t('Name'), $app['clname'], ''), '$key' => array('key', t('Consumer Key'), $app['client_id'], ''), '$secret' => array('secret', t('Consumer Secret'), $app['pw'], ''), '$redirect' => array('redirect', t('Redirect'), $app['redirect_uri'], ''), '$icon' => array('icon', t('Icon url'), $app['icon'], '')));
return $o;
}
if (argc() > 3 && argv(2) === 'delete') {
check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d", dbesc(argv(3)), local_channel());
goaway(z_root() . "/settings/oauth/");
return;
}
$r = q("SELECT clients.*, tokens.id as oauth_token, (clients.uid=%d) AS my \n\t\t\t\tFROM clients\n\t\t\t\tLEFT JOIN tokens ON clients.client_id=tokens.client_id\n\t\t\t\tWHERE clients.uid IN (%d,0)", local_channel(), local_channel());
$tpl = get_markup_template("settings_oauth.tpl");
$o .= replace_macros($tpl, array('$form_security_token' => get_form_security_token("settings_oauth"), '$baseurl' => z_root(), '$title' => t('Connected Apps'), '$add' => t('Add application'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$consumerkey' => t('Client key starts with'), '$noname' => t('No name'), '$remove' => t('Remove authorization'), '$apps' => $r));
return $o;
}
function find_diaspora_person_by_handle($handle)
{
$person = false;
$refresh = false;
if (diaspora_is_blacklisted($handle)) {
return false;
}
$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", dbesc($handle));
if ($r) {
$person = $r[0];
logger('find_diaspora_person_by handle: in cache ' . print_r($r, true), LOGGER_DATA, LOG_DEBUG);
if ($person['xchan_name_date'] < datetime_convert('UTC', 'UTC', 'now - 1 month')) {
logger('Updating Diaspora cached record for ' . $handle);
$refresh = true;
}
}
if (!$person || $refresh) {
// try webfinger. Make sure to distinguish between diaspora,
// hubzilla w/diaspora protocol and friendica w/diaspora protocol.
$result = discover_by_webbie($handle);
if ($result) {
$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", dbesc(str_replace('acct:', '', $handle)));
if ($r) {
$person = $r[0];
logger('find_diaspora_person_by handle: discovered ' . print_r($r, true), LOGGER_DATA, LOG_DEBUG);
}
}
}
return $person;
}
function tagrm_post(&$a)
{
if (!local_user()) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
if (x($_POST, 'submit') && $_POST['submit'] === t('Cancel')) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$tag = x($_POST, 'tag') ? hex2bin(notags(trim($_POST['tag']))) : '';
$item = x($_POST, 'item') ? intval($_POST['item']) : 0;
$r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item), intval(local_user()));
if (!count($r)) {
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
}
$arr = explode(',', $r[0]['tag']);
for ($x = 0; $x < count($arr); $x++) {
if ($arr[$x] === $tag) {
unset($arr[$x]);
break;
}
}
$tag_str = implode(',', $arr);
q("UPDATE `item` SET `tag` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1", dbesc($tag_str), intval($item), intval(local_user()));
info(t('Tag removed') . EOL);
goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
// NOTREACHED
}
function lostpass_content(&$a)
{
if (x($_GET, 'verify')) {
$verify = $_GET['verify'];
$r = q("SELECT * FROM account WHERE account_reset = '%s' LIMIT 1", dbesc($verify));
if (!$r) {
notice(t("Request could not be verified. (You may have previously submitted it.) Password reset failed.") . EOL);
goaway(z_root());
return;
}
$aid = $r[0]['account_id'];
$email = $r[0]['account_email'];
$new_password = autoname(6) . mt_rand(100, 9999);
$salt = random_string(32);
$password_encoded = hash('whirlpool', $salt . $new_password);
$r = q("UPDATE account SET account_salt = '%s', account_password = '******', account_reset = '', account_flags = (account_flags & ~%d) where account_id = %d", dbesc($salt), dbesc($password_encoded), intval(ACCOUNT_UNVERIFIED), intval($aid));
if ($r) {
$tpl = get_markup_template('pwdreset.tpl');
$o .= replace_macros($tpl, array('$lbl1' => t('Password Reset'), '$lbl2' => t('Your password has been reset as requested.'), '$lbl3' => t('Your new password is'), '$lbl4' => t('Save or copy your new password - and then'), '$lbl5' => '<a href="' . $a->get_baseurl() . '">' . t('click here to login') . '</a>.', '$lbl6' => t('Your password may be changed from the <em>Settings</em> page after successful login.'), '$newpass' => $new_password, '$baseurl' => $a->get_baseurl()));
info("Your password has been reset." . EOL);
$email_tpl = get_intltext_template("passchanged_eml.tpl");
$message = replace_macros($email_tpl, array('$sitename' => $a->config['sitename'], '$siteurl' => $a->get_baseurl(), '$username' => sprintf(t('Site Member (%s)'), $email), '$email' => $email, '$new_password' => $new_password, '$uid' => $newuid));
$subject = email_header_encode(sprintf(t('Your password has changed at %s'), get_config('system', 'sitename')), 'UTF-8');
$res = mail($email, $subject, $message, 'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n" . 'Content-type: text/plain; charset=UTF-8' . "\n" . 'Content-transfer-encoding: 8bit');
return $o;
}
} else {
$tpl = get_markup_template('lostpass.tpl');
$o .= replace_macros($tpl, array('$title' => t('Forgot your Password?'), '$desc' => t('Enter your email address and submit to have your password reset. Then check your email for further instructions.'), '$name' => t('Email Address'), '$submit' => t('Reset')));
return $o;
}
}
