function search_ac_init(&$a) { if (!local_channel()) { killme(); } $start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0; $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100; $search = x($_REQUEST, 'search') ? $_REQUEST['search'] : ""; if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) { $search = $_REQUEST['query']; } // Priority to people searches if ($search) { $people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' "); $tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' "); } $r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel())); $results = array(); if ($r) { foreach ($r as $g) { $results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => ''); } } $r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG)); if (count($r)) { foreach ($r as $g) { $results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => ''); } } header("content-type: application/json"); $o = array('start' => $start, 'count' => $count, 'items' => $results); echo json_encode($o); logger('search_ac: ' . print_r($x, true)); killme(); }
function regmod_content(&$a) { global $lang; $_SESSION['return_url'] = $a->cmd; if (!local_user()) { info(t('Please login.') . EOL); $o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1); return $o; } if (!is_site_admin()) { notice(t('Permission denied.') . EOL); return ''; } if ($a->argc != 3) { killme(); } $cmd = $a->argv[1]; $hash = $a->argv[2]; if ($cmd === 'deny') { if (!user_deny($hash)) { killme(); } } if ($cmd === 'allow') { if (!user_allow($hash)) { killme(); } } }
function filer_content(&$a) { if (!local_channel()) { killme(); } $term = unxmlify(trim($_GET['term'])); $item_id = $a->argc > 1 ? intval($a->argv[1]) : 0; logger('filer: tag ' . $term . ' item ' . $item_id); if ($item_id && strlen($term)) { // file item store_item_tag(local_channel(), $item_id, TERM_OBJ_POST, TERM_FILE, $term, ''); // protect the entire conversation from periodic expiration $r = q("select parent from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_channel())); if ($r) { $x = q("update item set item_retained = 1 where id = %d and uid = %d", intval($r[0]['parent']), intval(local_channel())); } } else { $filetags = array(); $r = q("select distinct(term) from term where uid = %d and type = %d order by term asc", intval(local_channel()), intval(TERM_FILE)); if (count($r)) { foreach ($r as $rr) { $filetags[] = $rr['term']; } } $tpl = get_markup_template("filer_dialog.tpl"); $o = replace_macros($tpl, array('$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')), '$submit' => t('Save'))); echo $o; } killme(); }
function siteinfo_init(&$a) { if ($a->argv[1] == "json") { $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); $sql_extra = ''; if (x($a->config, 'admin_nickname')) { $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname'])); } if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') { $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email'])); $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']); } else { $admin = false; } $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if (count($r)) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } if (@is_dir('.git') && function_exists('shell_exec')) { $commit = @shell_exec('git log -1 --format="%h"'); } if (!isset($commit) || strlen($commit) > 16) { $commit = ''; } $data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : ''); echo json_encode($data); killme(); } }
function xrd_init(&$a) { $uri = urldecode(notags(trim($_GET['uri']))); if (substr($uri, 0, 4) === 'http') { $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name)); if (!count($r)) { killme(); } $salmon_key = salmon_key($r[0]['spubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); if (get_config('system', 'diaspora_enabled')) { //$tpl = file_get_contents('view/xrd_diaspora.tpl'); $tpl = get_markup_template('xrd_diaspora.tpl'); $dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey'])))); } else { $dspr = ''; } //$tpl = file_get_contents('view/xrd_person.tpl'); $tpl = get_markup_template('xrd_person.tpl'); $o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey']))); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
function update_public_content(&$a) { $profile_uid = intval($_GET['p']) ? intval($_GET['p']) : -1; $load = argc() > 1 && argv(1) == 'load' ? 1 : 0; header("Content-type: text/html"); echo "<!DOCTYPE html><html><body>\r\n"; echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '<div>' : '<section>'; $text = public_content($a, $profile_uid, $load); $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; $replace = "<img\${1} dst=\"\${2}\""; // $text = preg_replace($pattern, $replace, $text); /* if(! $load) { $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; $text = preg_replace($pattern, $replace, $text); } */ echo str_replace("\t", ' ', $text); echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '</div>' : '</section>'; echo "</body></html>\r\n"; killme(); }
function retry_basic_auth() { header('WWW-Authenticate: Basic realm="Hubzilla"'); header('HTTP/1.0 401 Unauthorized'); echo 'This api requires login'; killme(); }
function starred_init(&$a) { $starred = 0; if (!local_user()) { killme(); } if ($a->argc > 1) { $message_id = intval($a->argv[1]); } if (!$message_id) { killme(); } $r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id)); if (!count($r)) { killme(); } if (!intval($r[0]['starred'])) { $starred = 1; } $r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", intval($starred), intval(local_user()), intval($message_id)); // See if we've been passed a return path to redirect to $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : ''; if ($return_path) { $rand = '_=' . time(); if (strpos($return_path, '?')) { $rand = "&{$rand}"; } else { $rand = "?{$rand}"; } goaway($a->get_baseurl() . "/" . $return_path . $rand); } // the json doesn't really matter, it will either be 0 or 1 echo json_encode($starred); killme(); }
function feed_init(&$a) { $params = array(); $params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE; $params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : ''; $params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml'; $params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0; $params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0; $params['start'] = x($params, 'start') ? intval($params['start']) : 0; $params['records'] = x($params, 'records') ? intval($params['records']) : 40; $params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc'; $params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : ''; $channel = ''; if (argc() > 1) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1))); if (!($r && count($r))) { killme(); } $channel = $r[0]; if (intval(get_config('system', 'block_public')) && !get_account_id()) { killme(); } logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']); echo get_public_feed($channel, $params); killme(); } }
function wfinger_init(&$a) { $result = array(); $scheme = ''; if (x($_SERVER, 'HTTPS') && $_SERVER['HTTPS']) { $scheme = 'https'; } elseif (x($_SERVER, 'SERVER_PORT') && intval($_SERVER['SERVER_PORT']) == 443) { $scheme = 'https'; } // Don't complain to me - I'm just implementing the spec. if ($scheme !== 'https') { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS'); killme(); } $resource = $_REQUEST['resource']; $r = null; if ($resource) { if (strpos($resource, 'acct:') === 0) { $channel = str_replace('acct:', '', $resource); if (strpos($channel, '@') !== false) { $host = substr($channel, strpos($channel, '@') + 1); if (strcasecmp($host, get_app()->get_hostname())) { goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource); } $channel = substr($channel, 0, strpos($channel, '@')); } } if (strpos($resource, 'http') === 0) { $channel = str_replace('~', '', basename($resource)); } $r = q("select * from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_address = '%s' limit 1", dbesc($channel)); } header('Access-Control-Allow-Origin: *'); header('Content-type: application/jrd+json'); if ($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", dbesc($r[0]['channel_hash'])); $result['subject'] = $resource; $aliases = array(z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']); if ($h) { foreach ($h as $hh) { $aliases[] = 'acct:' . $hh['hubloc_addr']; } } $result['aliases'] = array(); $result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']); foreach ($aliases as $alias) { if ($alias != $resource) { $result['aliases'][] = $alias; } } $result['links'] = array(array('rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l']), array('rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address']), array('rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address']), array('rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'])); } else { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } $arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result); call_hooks('webfinger', $arr); echo json_encode($arr['result']); killme(); }
function get() { $profile_uid = intval($_GET['p']); if (!$profile_uid) { $profile_uid = -1; } $load = argc() > 1 && argv(1) == 'load' ? 1 : 0; header("Content-type: text/html"); echo "<!DOCTYPE html><html><body>\r\n"; echo $_GET['msie'] == 1 ? '<div>' : '<section>'; $mod = new Display(); $text = $mod->get($profile_uid, $load); $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; $replace = "<img\${1} dst=\"\${2}\""; // $text = preg_replace($pattern, $replace, $text); /* if(! $load) { $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i"; $text = preg_replace($pattern, $replace, $text); } */ echo str_replace("\t", ' ', $text); echo $_GET['msie'] == 1 ? '</div>' : '</section>'; echo "</body></html>\r\n"; // logger('update_display: ' . $text); killme(); }
function update_network_content(&$a) { $profile_uid = intval($_GET['p']); header("Content-type: text/html"); echo "<!DOCTYPE html><html><body>\r\n"; echo "<section>"; if (!get_pconfig($profile_uid, "system", "no_auto_update") or $_GET['force'] == 1) { $text = network_content($a, $profile_uid); } else { $text = ""; } $pattern = "/<img([^>]*) src=\"([^\"]*)\"/"; $replace = "<img\${1} dst=\"\${2}\""; $text = preg_replace($pattern, $replace, $text); $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />'; $pattern = "/<\\s*audio[^>]*>(.*?)<\\s*\\/\\s*audio>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\\s*video[^>]*>(.*?)<\\s*\\/\\s*video>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\\s*embed[^>]*>(.*?)<\\s*\\/\\s*embed>/i"; $text = preg_replace($pattern, $replace, $text); $pattern = "/<\\s*iframe[^>]*>(.*?)<\\s*\\/\\s*iframe>/i"; $text = preg_replace($pattern, $replace, $text); echo str_replace("\t", ' ', $text); echo "</section>"; echo "</body></html>\r\n"; killme(); }
function post() { // logger('file upload: ' . print_r($_REQUEST,true)); $channel = $_REQUEST['channick'] ? get_channel_by_nick($_REQUEST['channick']) : null; if (!$channel) { logger('channel not found'); killme(); } $_REQUEST['source'] = 'file_upload'; if ($channel['channel_id'] != local_channel()) { $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']); $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']); $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']); $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']); } if ($_REQUEST['filename']) { $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']); $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']); $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']); $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']); $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST); } else { $r = attach_store($channel, get_observer_hash(), '', $_REQUEST); } goaway(z_root() . '/' . $_REQUEST['return_url']); }
function privacy_image_cache_init() { $urlhash = 'pic:' . sha1($_REQUEST['url']); $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash); if (count($r)) { $img_str = $r[0]['data']; $mime = $r[0]["desc"]; if ($mime == "") { $mime = "image/jpeg"; } } else { require_once "Photo.php"; $img_str = fetch_url($_REQUEST['url'], true); if (substr($img_str, 0, 6) == "GIF89a") { $mime = "image/gif"; $image = @imagecreatefromstring($img_str); if ($image === FALSE) { die; } q("INSERT INTO `photo`\n\t\t\t( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' )", 0, 0, get_guid(), dbesc($urlhash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename(dbesc($_REQUEST["url"]))), dbesc(''), intval(imagesy($image)), intval(imagesx($image)), 'image/gif', dbesc($img_str), 100, intval(0), dbesc(''), dbesc(''), dbesc(''), dbesc('')); } else { $img = new Photo($img_str); if ($img->is_valid()) { $img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100); $img_str = $img->imageString(); } $mime = "image/jpeg"; } } header("Content-type: {$mime}"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT"); header("Cache-Control: max-age=" . 3600 * 24); echo $img_str; killme(); }
function friendica_init(&$a) { if ($a->argv[1] == "json") { $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN'); $sql_extra = ''; if (x($a->config, 'admin_nickname')) { $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname'])); } if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') { $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email'])); //$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email'])); $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($adminlist[0])); $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/profile/' . $r[0]['nickname']); } else { $admin = false; } $visible_plugins = array(); if (is_array($a->plugins) && count($a->plugins)) { $r = q("select * from addon where hidden = 0"); if (count($r)) { foreach ($r as $rr) { $visible_plugins[] = $rr['name']; } } } $data = array('version' => FRIENDICA_VERSION, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => FRIENDICA_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : '', 'no_scrape_url' => $a->get_baseurl() . '/noscrape'); echo json_encode($data); killme(); } }
public function __construct() { if (!is_writable('view/smarty3/')) { echo "<b>ERROR:</b> folder <tt>view/smarty3/</tt> must be writable by webserver."; killme(); } }
function xrd_init(&$a) { $uri = urldecode(notags(trim($_GET['uri']))); if (substr($uri, 0, 4) === 'http') { $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name)); if (!$r) { killme(); } $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])))); $salmon_key = salmon_key($r[0]['channel_pubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: text/xml"); $tpl = get_markup_template('view/xrd_person.tpl'); $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key)); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
function uexport_content(&$a) { if ($a->argc > 1) { header("Content-type: application/json"); header('Content-Disposition: attachment; filename="' . $a->user['nickname'] . '.' . $a->argv[1] . '"'); switch ($a->argv[1]) { case "backup": uexport_all($a); killme(); break; case "account": uexport_account($a); killme(); break; default: killme(); } } /** * options shown on "Export personal data" page * list of array( 'link url', 'link text', 'help text' ) */ $options = array(array('/uexport/account', t('Export account'), t('Export your account info and contacts. Use this to make a backup of your account and/or to move it to another server.')), array('/uexport/backup', t('Export all'), t('Export your accout info, contacts and all your items as json. Could be a very big file, and could take a lot of time. Use this to make a full backup of your account (photos are not exported)'))); call_hooks('uexport_options', $options); $tpl = get_markup_template("uexport.tpl"); return replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$title' => t('Export personal data'), '$options' => $options)); }
function init() { $uri = urldecode(notags(trim($_GET['uri']))); logger('xrd: ' . $uri, LOGGER_DEBUG); $resource = $uri; if (substr($uri, 0, 4) === 'http') { $uri = str_replace('~', '', $uri); $name = basename($uri); } else { $local = str_replace('acct:', '', $uri); if (substr($local, 0, 2) == '//') { $local = substr($local, 2); } $name = substr($local, 0, strpos($local, '@')); } $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name)); if (!$r) { killme(); } $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey'])))); $salmon_key = salmon_key($r[0]['channel_pubkey']); header('Access-Control-Allow-Origin: *'); header("Content-type: application/xrd+xml"); $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']); for ($x = 0; $x < count($aliases); $x++) { if ($aliases[$x] === $resource) { unset($aliases[$x]); } } $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey']))); $arr = array('user' => $r[0], 'xml' => $o); call_hooks('personal_xrd', $arr); echo $arr['xml']; killme(); }
function viewsrc_content(&$a) { $o = ''; $sys = get_sys_channel(); $item_id = argc() > 1 ? intval(argv(1)) : 0; $json = argc() > 2 && argv(2) === 'json' ? true : false; if (!local_channel()) { notice(t('Permission denied.') . EOL); } if (!$item_id) { App::$error = 404; notice(t('Item not found.') . EOL); } $item_normal = item_normal(); if (local_channel() && $item_id) { $r = q("select id, item_flags, item_obscured, body from item where uid in (%d , %d) and id = %d {$item_normal} limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id)); if ($r) { if (intval($r[0]['item_obscured'])) { $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'], true), get_config('system', 'prvkey')); } $o = $json ? json_encode($r[0]['body']) : str_replace("\n", '<br />', $r[0]['body']); } } if (is_ajax()) { print '<div><i class="icon-pencil"> ' . t('Source of Item') . ' ' . $r[0]['id'] . '</i></div>'; echo $o; killme(); } return $o; }
function uexport_init(&$a) { if (!local_channel()) { killme(); } if (argc() > 1) { $channel = App::get_channel(); require_once 'include/identity.php'; if (argc() > 1 && intval(argv(1)) > 1900) { $year = intval(argv(1)); } if (argc() > 2 && intval(argv(2)) > 0 && intval(argv(2)) <= 12) { $month = intval(argv(2)); } header('content-type: application/octet_stream'); header('content-disposition: attachment; filename="' . $channel['channel_address'] . ($year ? '-' . $year : '') . ($month ? '-' . $month : '') . '.json"'); if ($year) { echo json_encode(identity_export_year(local_channel(), $year, $month)); killme(); } if (argc() > 1 && argv(1) === 'basic') { echo json_encode(identity_basic_export(local_channel())); killme(); } // FIXME - this basically doesn't work in the wild with a channel more than a few months old due to memory and execution time limits. // It probably needs to be built at the CLI and offered to download as a tarball. Maybe stored in the members dav. if (argc() > 1 && argv(1) === 'complete') { echo json_encode(identity_basic_export(local_channel(), true)); killme(); } } }
function get() { if (!local_channel()) { killme(); } if (argc() > 2 && intval(argv(1)) && argv(2)) { $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_channel())); if ($r) { $change = $r[0]['abook_xchan']; } } if (argc() > 1 && intval(argv(1))) { $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_channel())); if (!$r) { killme(); } $group = $r[0]; $members = group_get_members($group['id']); $preselected = array(); if (count($members)) { foreach ($members as $member) { $preselected[] = $member['xchan_hash']; } } if ($change) { if (in_array($change, $preselected)) { group_rmv_member(local_channel(), $group['gname'], $change); } else { group_add_member(local_channel(), $group['gname'], $change); } } } killme(); }
function p_init(&$a) { if (argc() < 2) { http_status_exit(401); } $mid = str_replace('.xml', '', argv(1)); $r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", dbesc($mid)); if (!$r || !perm_is_allowed($r[0]['uid'], '', 'view_stream')) { http_status_exit(404); } $c = q("select * from channel where channel_id = %d limit 1", intval($r[0]['uid'])); if (!$c) { http_status_exit(404); } $myaddr = $c[0]['channel_address'] . '@' . App::get_hostname(); $item = $r[0]; $title = $item['title']; $body = bb2diaspora_itembody($item); $created = datetime_convert('UTC', 'UTC', $item['created'], 'Y-m-d H:i:s \\U\\T\\C'); $tpl = get_markup_template('diaspora_post.tpl', 'addon/diaspora'); $msg = replace_macros($tpl, array('$body' => xmlify($body), '$guid' => $item['mid'], '$handle' => xmlify($myaddr), '$public' => 'true', '$created' => $created, '$provider' => $item['app'] ? $item['app'] : t('$projectname'))); header('Content-type: text/xml'); echo $msg; killme(); }
function post() { $using_api = false; if (\App::$data['api_info'] && array_key_exists('media', $_FILES)) { $using_api = true; $user_info = \App::$data['api_info']; $nick = $user_info['screen_name']; $channel = get_channel_by_nick($user_info['screen_name']); } elseif (argc() > 1) { $channel = get_channel_by_nick(argv(1)); } if (!$channel) { killme(); } $observer = \App::get_observer(); $def_album = get_pconfig($channel['channel_id'], 'system', 'photo_path'); $def_attach = get_pconfig($channel['channel_id'], 'system', 'attach_path'); $r = attach_store($channel, $observer ? $observer['xchan_hash'] : '', '', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'allow_cid' => '<' . $channel['channel_hash'] . '>')); if (!$r['success']) { notice($r['message'] . EOL); killme(); } if (intval($r['data']['is_photo'])) { $s = "\n\n" . $r['body'] . "\n\n"; } else { $s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n"; } if ($using_api) { return $s; } echo $s; killme(); }
public static function run($argc, $argv) { if ($argc != 2) { killme(); } \App::$session->start(); $_SESSION['authenticated'] = 1; $_SESSION['uid'] = $argv[1]; $x = session_id(); $f = 'store/[data]/cookie_' . $argv[1]; $c = 'store/[data]/cookien_' . $argv[1]; $e = file_exists($f); $output = ''; if ($e) { $lines = file($f); if ($lines) { foreach ($lines as $line) { if (strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) { $tokens = explode("\t", $line); $tokens = array_map('trim', $tokens); if ($tokens[4] > time()) { $output .= $line . "\n"; } } else { $output .= $line; } } } } $t = time() + 24 * 3600; file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t{$t}\tPHPSESSID\t" . $x, $e ? FILE_APPEND : 0); file_put_contents($c, $x); killme(); }
function attach_init(&$a) { if ($a->argc != 2) { notice(t('Item not available.') . EOL); return; } $item_id = intval($a->argv[1]); // Check for existence, which will also provide us the owner uid $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id)); if (!count($r)) { notice(t('Item was not found.') . EOL); return; } $sql_extra = permissions_sql($r[0]['uid']); // Now we'll see if we can access the attachment $r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id)); if (!count($r)) { notice(t('Permission denied.') . EOL); return; } // Use quotes around the filename to prevent a "multiple Content-Disposition" // error in Chrome for filenames with commas in them header('Content-type: ' . $r[0]['filetype']); header('Content-length: ' . $r[0]['filesize']); if (isset($_GET['attachment']) && $_GET['attachment'] === '0') { header('Content-disposition: filename="' . $r[0]['filename'] . '"'); } else { header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); } echo $r[0]['data']; killme(); // NOTREACHED }
function bookmarks_init(&$a) { if (!local_user()) { return; } $item_id = intval($_REQUEST['item']); if (!$item_id) { return; } $u = $a->get_channel(); $i = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_user())); if (!$i) { return; } $i = fetch_post_tags($i); $item = $i[0]; $terms = get_terms_oftype($item['term'], TERM_BOOKMARK); if ($terms && !$item['item_restrict']) { require_once 'include/bookmarks.php'; $s = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan'])); if (!$s) { logger('mod_bookmarks: author lookup failed.'); killme(); } foreach ($terms as $t) { bookmark_add($u, $s[0], $t, $item['item_private']); info(t('Bookmark added') . EOL); } } killme(); }
function regmod_content(&$a) { global $lang; $_SESSION['return_url'] = $a->cmd; if (!local_user()) { info(t('Please login.') . EOL); $o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1); return $o; } if (!is_site_admin() || x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) { notice(t('Permission denied.') . EOL); return ''; } if ($a->argc != 3) { killme(); } $cmd = $a->argv[1]; $hash = $a->argv[2]; if ($cmd === 'deny') { user_deny($hash); goaway($a->get_baseurl() . "/admin/users/"); killme(); } if ($cmd === 'allow') { user_allow($hash); goaway($a->get_baseurl() . "/admin/users/"); killme(); } }
function notify_init(&$a) { if (!local_user()) { return; } if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) { $r = q("select * from notify where id = %d and uid = %d limit 1", intval($a->argv[2]), intval(local_user())); if (count($r)) { q("update notify set seen = 1 where ( link = '%s' or ( parent != 0 and parent = %d and otype = '%s' )) and uid = %d", dbesc($r[0]['link']), intval($r[0]['parent']), dbesc($r[0]['otype']), intval(local_user())); // The friendica client has problems with the GUID. this is some workaround if ($a->is_friendica_app()) { require_once "include/items.php"; $urldata = parse_url($r[0]['link']); $guid = basename($urldata["path"]); $itemdata = get_item_id($guid, local_user()); if ($itemdata["id"] != 0) { $r[0]['link'] = $a->get_baseurl() . '/display/' . $itemdata["nick"] . '/' . $itemdata["id"]; } } goaway($r[0]['link']); } goaway($a->get_baseurl(true)); } if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') { $r = q("update notify set seen = 1 where uid = %d", intval(local_user())); $j = json_encode(array('result' => $r ? 'success' : 'fail')); echo $j; killme(); } }
function share_init(&$a) { $post_id = $a->argc > 1 ? intval($a->argv[1]) : 0; if (!$post_id || !local_user()) { killme(); } $r = q("SELECT item.*, contact.network FROM `item` \n\t\tleft join contact on `item`.`contact-id` = `contact`.`id` \n\t\tWHERE `item`.`id` = %d AND `item`.`uid` = %d LIMIT 1", intval($post_id), intval(local_user())); if (!count($r) || $r[0]['private'] == 1) { killme(); } if (intval(get_config('system', 'new_share'))) { if (strpos($r[0]['body'], "[/share]") !== false) { $pos = strpos($r[0]['body'], "[share"); $o = substr($r[0]['body'], $pos); } else { $o = "[share author='" . str_replace("'", "'", $r[0]['author-name']) . "' profile='" . $r[0]['author-link'] . "' avatar='" . $r[0]['author-avatar'] . "' link='" . $r[0]['plink'] . "' posted='" . $r[0]['created'] . "']\n"; if ($r[0]['title']) { $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n"; } $o .= $r[0]['body']; $o .= "[/share]"; } } else { $o = ''; $o .= "♲" . ' [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]' . "\n"; if ($r[0]['title']) { $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n"; } $o .= $r[0]['body'] . "\n"; $o .= $r[0]['plink'] ? '[url=' . $r[0]['plink'] . ']' . t('link') . '[/url]' . "\n" : ''; } echo $o; killme(); }