Пример #1
1
function search_ac_init(&$a)
{
    if (!local_channel()) {
        killme();
    }
    $start = x($_REQUEST, 'start') ? $_REQUEST['start'] : 0;
    $count = x($_REQUEST, 'count') ? $_REQUEST['count'] : 100;
    $search = x($_REQUEST, 'search') ? $_REQUEST['search'] : "";
    if (x($_REQUEST, 'query') && strlen($_REQUEST['query'])) {
        $search = $_REQUEST['query'];
    }
    // Priority to people searches
    if ($search) {
        $people_sql_extra = protect_sprintf(" AND `xchan_name` LIKE '%" . dbesc($search) . "%' ");
        $tag_sql_extra = protect_sprintf(" AND term LIKE '%" . dbesc($search) . "%' ");
    }
    $r = q("SELECT `abook_id`, `xchan_name`, `xchan_photo_s`, `xchan_url`, `xchan_addr` FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d \n\t\t{$people_sql_extra}\n\t\tORDER BY `xchan_name` ASC ", intval(local_channel()));
    $results = array();
    if ($r) {
        foreach ($r as $g) {
            $results[] = array("photo" => $g['xchan_photo_s'], "name" => '@' . $g['xchan_name'], "id" => $g['abook_id'], "link" => $g['xchan_url'], "label" => '', "nick" => '');
        }
    }
    $r = q("select distinct term, tid, url from term where type in ( %d, %d ) {$tag_sql_extra} group by term order by term asc", intval(TERM_HASHTAG), intval(TERM_COMMUNITYTAG));
    if (count($r)) {
        foreach ($r as $g) {
            $results[] = array("photo" => $a->get_baseurl() . '/images/hashtag.png', "name" => '#' . $g['term'], "id" => $g['tid'], "link" => $g['url'], "label" => '', "nick" => '');
        }
    }
    header("content-type: application/json");
    $o = array('start' => $start, 'count' => $count, 'items' => $results);
    echo json_encode($o);
    logger('search_ac: ' . print_r($x, true));
    killme();
}
Пример #2
0
function regmod_content(&$a)
{
    global $lang;
    $_SESSION['return_url'] = $a->cmd;
    if (!local_user()) {
        info(t('Please login.') . EOL);
        $o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
        return $o;
    }
    if (!is_site_admin()) {
        notice(t('Permission denied.') . EOL);
        return '';
    }
    if ($a->argc != 3) {
        killme();
    }
    $cmd = $a->argv[1];
    $hash = $a->argv[2];
    if ($cmd === 'deny') {
        if (!user_deny($hash)) {
            killme();
        }
    }
    if ($cmd === 'allow') {
        if (!user_allow($hash)) {
            killme();
        }
    }
}
Пример #3
0
function filer_content(&$a)
{
    if (!local_channel()) {
        killme();
    }
    $term = unxmlify(trim($_GET['term']));
    $item_id = $a->argc > 1 ? intval($a->argv[1]) : 0;
    logger('filer: tag ' . $term . ' item ' . $item_id);
    if ($item_id && strlen($term)) {
        // file item
        store_item_tag(local_channel(), $item_id, TERM_OBJ_POST, TERM_FILE, $term, '');
        // protect the entire conversation from periodic expiration
        $r = q("select parent from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_channel()));
        if ($r) {
            $x = q("update item set item_retained = 1 where id = %d and uid = %d", intval($r[0]['parent']), intval(local_channel()));
        }
    } else {
        $filetags = array();
        $r = q("select distinct(term) from term where uid = %d and type = %d order by term asc", intval(local_channel()), intval(TERM_FILE));
        if (count($r)) {
            foreach ($r as $rr) {
                $filetags[] = $rr['term'];
            }
        }
        $tpl = get_markup_template("filer_dialog.tpl");
        $o = replace_macros($tpl, array('$field' => array('term', t("Save to Folder:"), '', '', $filetags, t('- select -')), '$submit' => t('Save')));
        echo $o;
    }
    killme();
}
Пример #4
0
function siteinfo_init(&$a)
{
    if ($a->argv[1] == "json") {
        $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN');
        $sql_extra = '';
        if (x($a->config, 'admin_nickname')) {
            $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname']));
        }
        if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') {
            $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($a->config['admin_email']));
            $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/channel/' . $r[0]['nickname']);
        } else {
            $admin = false;
        }
        $visible_plugins = array();
        if (is_array($a->plugins) && count($a->plugins)) {
            $r = q("select * from addon where hidden = 0");
            if (count($r)) {
                foreach ($r as $rr) {
                    $visible_plugins[] = $rr['name'];
                }
            }
        }
        if (@is_dir('.git') && function_exists('shell_exec')) {
            $commit = @shell_exec('git log -1 --format="%h"');
        }
        if (!isset($commit) || strlen($commit) > 16) {
            $commit = '';
        }
        $data = array('version' => RED_VERSION, 'commit' => $commit, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['system']['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => RED_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : '');
        echo json_encode($data);
        killme();
    }
}
Пример #5
0
function xrd_init(&$a)
{
    $uri = urldecode(notags(trim($_GET['uri'])));
    if (substr($uri, 0, 4) === 'http') {
        $name = basename($uri);
    } else {
        $local = str_replace('acct:', '', $uri);
        if (substr($local, 0, 2) == '//') {
            $local = substr($local, 2);
        }
        $name = substr($local, 0, strpos($local, '@'));
    }
    $r = q("SELECT * FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($name));
    if (!count($r)) {
        killme();
    }
    $salmon_key = salmon_key($r[0]['spubkey']);
    header('Access-Control-Allow-Origin: *');
    header("Content-type: text/xml");
    if (get_config('system', 'diaspora_enabled')) {
        //$tpl = file_get_contents('view/xrd_diaspora.tpl');
        $tpl = get_markup_template('xrd_diaspora.tpl');
        $dspr = replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['pubkey']))));
    } else {
        $dspr = '';
    }
    //$tpl = file_get_contents('view/xrd_person.tpl');
    $tpl = get_markup_template('xrd_person.tpl');
    $o = replace_macros($tpl, array('$nick' => $r[0]['nickname'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['nickname'], '$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['nickname'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['nickname'], '$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg', '$dspr' => $dspr, '$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'], '$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention', '$subscribe' => $a->get_baseurl() . '/follow?url={uri}', '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$bigkey' => salmon_key($r[0]['pubkey'])));
    $arr = array('user' => $r[0], 'xml' => $o);
    call_hooks('personal_xrd', $arr);
    echo $arr['xml'];
    killme();
}
Пример #6
0
function update_public_content(&$a)
{
    $profile_uid = intval($_GET['p']) ? intval($_GET['p']) : -1;
    $load = argc() > 1 && argv(1) == 'load' ? 1 : 0;
    header("Content-type: text/html");
    echo "<!DOCTYPE html><html><body>\r\n";
    echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '<div>' : '<section>';
    $text = public_content($a, $profile_uid, $load);
    $pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
    $replace = "<img\${1} dst=\"\${2}\"";
    //        $text = preg_replace($pattern, $replace, $text);
    /*
    		if(! $load) {
    			$replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
        	    $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
            	$text = preg_replace($pattern, $replace, $text);
    	        $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
        	    $text = preg_replace($pattern, $replace, $text);
            	$pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
    	        $text = preg_replace($pattern, $replace, $text);
        	    $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
            	$text = preg_replace($pattern, $replace, $text);
    		}
    */
    echo str_replace("\t", '       ', $text);
    echo array_key_exists('msie', $_GET) && $_GET['msie'] == 1 ? '</div>' : '</section>';
    echo "</body></html>\r\n";
    killme();
}
Пример #7
0
function retry_basic_auth()
{
    header('WWW-Authenticate: Basic realm="Hubzilla"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'This api requires login';
    killme();
}
Пример #8
0
function starred_init(&$a)
{
    $starred = 0;
    if (!local_user()) {
        killme();
    }
    if ($a->argc > 1) {
        $message_id = intval($a->argv[1]);
    }
    if (!$message_id) {
        killme();
    }
    $r = q("SELECT starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_user()), intval($message_id));
    if (!count($r)) {
        killme();
    }
    if (!intval($r[0]['starred'])) {
        $starred = 1;
    }
    $r = q("UPDATE item SET starred = %d WHERE uid = %d and id = %d LIMIT 1", intval($starred), intval(local_user()), intval($message_id));
    // See if we've been passed a return path to redirect to
    $return_path = x($_REQUEST, 'return') ? $_REQUEST['return'] : '';
    if ($return_path) {
        $rand = '_=' . time();
        if (strpos($return_path, '?')) {
            $rand = "&{$rand}";
        } else {
            $rand = "?{$rand}";
        }
        goaway($a->get_baseurl() . "/" . $return_path . $rand);
    }
    // the json doesn't really matter, it will either be 0 or 1
    echo json_encode($starred);
    killme();
}
Пример #9
0
function feed_init(&$a)
{
    $params = array();
    $params['begin'] = x($_REQUEST, 'date_begin') ? $_REQUEST['date_begin'] : NULL_DATE;
    $params['end'] = x($_REQUEST, 'date_end') ? $_REQUEST['date_end'] : '';
    $params['type'] = stristr(argv(0), 'json') ? 'json' : 'xml';
    $params['pages'] = x($_REQUEST, 'pages') ? intval($_REQUEST['pages']) : 0;
    $params['top'] = x($_REQUEST, 'top') ? intval($_REQUEST['top']) : 0;
    $params['start'] = x($params, 'start') ? intval($params['start']) : 0;
    $params['records'] = x($params, 'records') ? intval($params['records']) : 40;
    $params['direction'] = x($params, 'direction') ? dbesc($params['direction']) : 'desc';
    $params['cat'] = x($_REQUEST, 'cat') ? escape_tags($_REQUEST['cat']) : '';
    $channel = '';
    if (argc() > 1) {
        $r = q("select * from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", dbesc(argv(1)));
        if (!($r && count($r))) {
            killme();
        }
        $channel = $r[0];
        if (intval(get_config('system', 'block_public')) && !get_account_id()) {
            killme();
        }
        logger('mod_feed: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $channel['channel_address']);
        echo get_public_feed($channel, $params);
        killme();
    }
}
Пример #10
0
function wfinger_init(&$a)
{
    $result = array();
    $scheme = '';
    if (x($_SERVER, 'HTTPS') && $_SERVER['HTTPS']) {
        $scheme = 'https';
    } elseif (x($_SERVER, 'SERVER_PORT') && intval($_SERVER['SERVER_PORT']) == 443) {
        $scheme = 'https';
    }
    // Don't complain to me - I'm just implementing the spec.
    if ($scheme !== 'https') {
        header($_SERVER["SERVER_PROTOCOL"] . ' ' . 500 . ' ' . 'Webfinger requires HTTPS');
        killme();
    }
    $resource = $_REQUEST['resource'];
    $r = null;
    if ($resource) {
        if (strpos($resource, 'acct:') === 0) {
            $channel = str_replace('acct:', '', $resource);
            if (strpos($channel, '@') !== false) {
                $host = substr($channel, strpos($channel, '@') + 1);
                if (strcasecmp($host, get_app()->get_hostname())) {
                    goaway('https://' . $host . '/.well-known/webfinger?resource=' . $resource);
                }
                $channel = substr($channel, 0, strpos($channel, '@'));
            }
        }
        if (strpos($resource, 'http') === 0) {
            $channel = str_replace('~', '', basename($resource));
        }
        $r = q("select * from channel left join xchan on channel_hash = xchan_hash \n\t\t\twhere channel_address = '%s' limit 1", dbesc($channel));
    }
    header('Access-Control-Allow-Origin: *');
    header('Content-type: application/jrd+json');
    if ($resource && $r) {
        $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s'", dbesc($r[0]['channel_hash']));
        $result['subject'] = $resource;
        $aliases = array(z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
        if ($h) {
            foreach ($h as $hh) {
                $aliases[] = 'acct:' . $hh['hubloc_addr'];
            }
        }
        $result['aliases'] = array();
        $result['properties'] = array('http://webfinger.net/ns/name' => $r[0]['channel_name']);
        foreach ($aliases as $alias) {
            if ($alias != $resource) {
                $result['aliases'][] = $alias;
            }
        }
        $result['links'] = array(array('rel' => 'http://webfinger.net/rel/avatar', 'type' => $r[0]['xchan_photo_mimetype'], 'href' => $r[0]['xchan_photo_l']), array('rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address']), array('rel' => 'http://webfinger.net/rel/blog', 'href' => z_root() . '/channel/' . $r[0]['channel_address']), array('rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr']));
    } else {
        header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request');
        killme();
    }
    $arr = array('channel' => $r[0], 'request' => $_REQUEST, 'result' => $result);
    call_hooks('webfinger', $arr);
    echo json_encode($arr['result']);
    killme();
}
Пример #11
0
 function get()
 {
     $profile_uid = intval($_GET['p']);
     if (!$profile_uid) {
         $profile_uid = -1;
     }
     $load = argc() > 1 && argv(1) == 'load' ? 1 : 0;
     header("Content-type: text/html");
     echo "<!DOCTYPE html><html><body>\r\n";
     echo $_GET['msie'] == 1 ? '<div>' : '<section>';
     $mod = new Display();
     $text = $mod->get($profile_uid, $load);
     $pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
     $replace = "<img\${1} dst=\"\${2}\"";
     //	$text = preg_replace($pattern, $replace, $text);
     /*
     	if(! $load) {
     		$replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
             $pattern = "/<\s*audio[^>]*>(.*?)<\s*\/\s*audio>/i";
             $text = preg_replace($pattern, $replace, $text);
             $pattern = "/<\s*video[^>]*>(.*?)<\s*\/\s*video>/i";
             $text = preg_replace($pattern, $replace, $text);
             $pattern = "/<\s*embed[^>]*>(.*?)<\s*\/\s*embed>/i";
             $text = preg_replace($pattern, $replace, $text);
             $pattern = "/<\s*iframe[^>]*>(.*?)<\s*\/\s*iframe>/i";
             $text = preg_replace($pattern, $replace, $text);
     	}
     */
     echo str_replace("\t", '       ', $text);
     echo $_GET['msie'] == 1 ? '</div>' : '</section>';
     echo "</body></html>\r\n";
     //	logger('update_display: ' . $text);
     killme();
 }
Пример #12
0
function update_network_content(&$a)
{
    $profile_uid = intval($_GET['p']);
    header("Content-type: text/html");
    echo "<!DOCTYPE html><html><body>\r\n";
    echo "<section>";
    if (!get_pconfig($profile_uid, "system", "no_auto_update") or $_GET['force'] == 1) {
        $text = network_content($a, $profile_uid);
    } else {
        $text = "";
    }
    $pattern = "/<img([^>]*) src=\"([^\"]*)\"/";
    $replace = "<img\${1} dst=\"\${2}\"";
    $text = preg_replace($pattern, $replace, $text);
    $replace = '<br />' . t('[Embedded content - reload page to view]') . '<br />';
    $pattern = "/<\\s*audio[^>]*>(.*?)<\\s*\\/\\s*audio>/i";
    $text = preg_replace($pattern, $replace, $text);
    $pattern = "/<\\s*video[^>]*>(.*?)<\\s*\\/\\s*video>/i";
    $text = preg_replace($pattern, $replace, $text);
    $pattern = "/<\\s*embed[^>]*>(.*?)<\\s*\\/\\s*embed>/i";
    $text = preg_replace($pattern, $replace, $text);
    $pattern = "/<\\s*iframe[^>]*>(.*?)<\\s*\\/\\s*iframe>/i";
    $text = preg_replace($pattern, $replace, $text);
    echo str_replace("\t", '       ', $text);
    echo "</section>";
    echo "</body></html>\r\n";
    killme();
}
Пример #13
0
 function post()
 {
     // logger('file upload: ' . print_r($_REQUEST,true));
     $channel = $_REQUEST['channick'] ? get_channel_by_nick($_REQUEST['channick']) : null;
     if (!$channel) {
         logger('channel not found');
         killme();
     }
     $_REQUEST['source'] = 'file_upload';
     if ($channel['channel_id'] != local_channel()) {
         $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
         $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
         $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
         $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
     }
     if ($_REQUEST['filename']) {
         $_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
         $_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
         $_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
         $_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
         $r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
     } else {
         $r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
     }
     goaway(z_root() . '/' . $_REQUEST['return_url']);
 }
function privacy_image_cache_init()
{
    $urlhash = 'pic:' . sha1($_REQUEST['url']);
    $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' LIMIT 1", $urlhash);
    if (count($r)) {
        $img_str = $r[0]['data'];
        $mime = $r[0]["desc"];
        if ($mime == "") {
            $mime = "image/jpeg";
        }
    } else {
        require_once "Photo.php";
        $img_str = fetch_url($_REQUEST['url'], true);
        if (substr($img_str, 0, 6) == "GIF89a") {
            $mime = "image/gif";
            $image = @imagecreatefromstring($img_str);
            if ($image === FALSE) {
                die;
            }
            q("INSERT INTO `photo`\n\t\t\t( `uid`, `contact-id`, `guid`, `resource-id`, `created`, `edited`, `filename`, `album`, `height`, `width`, `desc`, `data`, `scale`, `profile`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s' )", 0, 0, get_guid(), dbesc($urlhash), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename(dbesc($_REQUEST["url"]))), dbesc(''), intval(imagesy($image)), intval(imagesx($image)), 'image/gif', dbesc($img_str), 100, intval(0), dbesc(''), dbesc(''), dbesc(''), dbesc(''));
        } else {
            $img = new Photo($img_str);
            if ($img->is_valid()) {
                $img->store(0, 0, $urlhash, $_REQUEST['url'], '', 100);
                $img_str = $img->imageString();
            }
            $mime = "image/jpeg";
        }
    }
    header("Content-type: {$mime}");
    header("Expires: " . gmdate("D, d M Y H:i:s", time() + 3600 * 24) . " GMT");
    header("Cache-Control: max-age=" . 3600 * 24);
    echo $img_str;
    killme();
}
Пример #15
0
function friendica_init(&$a)
{
    if ($a->argv[1] == "json") {
        $register_policy = array('REGISTER_CLOSED', 'REGISTER_APPROVE', 'REGISTER_OPEN');
        $sql_extra = '';
        if (x($a->config, 'admin_nickname')) {
            $sql_extra = sprintf(" AND nickname = '%s' ", dbesc($a->config['admin_nickname']));
        }
        if (isset($a->config['admin_email']) && $a->config['admin_email'] != '') {
            $adminlist = explode(",", str_replace(" ", "", $a->config['admin_email']));
            //$r = q("SELECT username, nickname FROM user WHERE email='%s' $sql_extra", dbesc($a->config['admin_email']));
            $r = q("SELECT username, nickname FROM user WHERE email='%s' {$sql_extra}", dbesc($adminlist[0]));
            $admin = array('name' => $r[0]['username'], 'profile' => $a->get_baseurl() . '/profile/' . $r[0]['nickname']);
        } else {
            $admin = false;
        }
        $visible_plugins = array();
        if (is_array($a->plugins) && count($a->plugins)) {
            $r = q("select * from addon where hidden = 0");
            if (count($r)) {
                foreach ($r as $rr) {
                    $visible_plugins[] = $rr['name'];
                }
            }
        }
        $data = array('version' => FRIENDICA_VERSION, 'url' => z_root(), 'plugins' => $visible_plugins, 'register_policy' => $register_policy[$a->config['register_policy']], 'admin' => $admin, 'site_name' => $a->config['sitename'], 'platform' => FRIENDICA_PLATFORM, 'info' => x($a->config, 'info') ? $a->config['info'] : '', 'no_scrape_url' => $a->get_baseurl() . '/noscrape');
        echo json_encode($data);
        killme();
    }
}
Пример #16
0
 public function __construct()
 {
     if (!is_writable('view/smarty3/')) {
         echo "<b>ERROR:</b> folder <tt>view/smarty3/</tt> must be writable by webserver.";
         killme();
     }
 }
Пример #17
0
function xrd_init(&$a)
{
    $uri = urldecode(notags(trim($_GET['uri'])));
    if (substr($uri, 0, 4) === 'http') {
        $name = basename($uri);
    } else {
        $local = str_replace('acct:', '', $uri);
        if (substr($local, 0, 2) == '//') {
            $local = substr($local, 2);
        }
        $name = substr($local, 0, strpos($local, '@'));
    }
    $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
    if (!$r) {
        killme();
    }
    $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => $a->get_baseurl(), '$dspr_guid' => $r[0]['channel_guid'], '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
    $salmon_key = salmon_key($r[0]['channel_pubkey']);
    header('Access-Control-Allow-Origin: *');
    header("Content-type: text/xml");
    $tpl = get_markup_template('view/xrd_person.tpl');
    $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $uri, '$profile_url' => $a->get_baseurl() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => $a->get_baseurl() . '/hcard/' . $r[0]['channel_address'], '$atom' => $a->get_baseurl() . '/feed/' . $r[0]['channel_address'], '$zot_post' => $a->get_baseurl() . '/post/' . $r[0]['channel_address'], '$poco_url' => $a->get_baseurl() . '/poco/' . $r[0]['channel_address'], '$photo' => $a->get_baseurl() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key));
    $arr = array('user' => $r[0], 'xml' => $o);
    call_hooks('personal_xrd', $arr);
    echo $arr['xml'];
    killme();
}
Пример #18
0
function uexport_content(&$a)
{
    if ($a->argc > 1) {
        header("Content-type: application/json");
        header('Content-Disposition: attachment; filename="' . $a->user['nickname'] . '.' . $a->argv[1] . '"');
        switch ($a->argv[1]) {
            case "backup":
                uexport_all($a);
                killme();
                break;
            case "account":
                uexport_account($a);
                killme();
                break;
            default:
                killme();
        }
    }
    /**
     * options shown on "Export personal data" page
     * list of array( 'link url', 'link text', 'help text' )
     */
    $options = array(array('/uexport/account', t('Export account'), t('Export your account info and contacts. Use this to make a backup of your account and/or to move it to another server.')), array('/uexport/backup', t('Export all'), t('Export your accout info, contacts and all your items as json. Could be a very big file, and could take a lot of time. Use this to make a full backup of your account (photos are not exported)')));
    call_hooks('uexport_options', $options);
    $tpl = get_markup_template("uexport.tpl");
    return replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$title' => t('Export personal data'), '$options' => $options));
}
Пример #19
0
 function init()
 {
     $uri = urldecode(notags(trim($_GET['uri'])));
     logger('xrd: ' . $uri, LOGGER_DEBUG);
     $resource = $uri;
     if (substr($uri, 0, 4) === 'http') {
         $uri = str_replace('~', '', $uri);
         $name = basename($uri);
     } else {
         $local = str_replace('acct:', '', $uri);
         if (substr($local, 0, 2) == '//') {
             $local = substr($local, 2);
         }
         $name = substr($local, 0, strpos($local, '@'));
     }
     $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", dbesc($name));
     if (!$r) {
         killme();
     }
     $dspr = replace_macros(get_markup_template('xrd_diaspora.tpl'), array('$baseurl' => z_root(), '$dspr_guid' => $r[0]['channel_guid'] . str_replace('.', '', \App::get_hostname()), '$dspr_key' => base64_encode(pemtorsa($r[0]['channel_pubkey']))));
     $salmon_key = salmon_key($r[0]['channel_pubkey']);
     header('Access-Control-Allow-Origin: *');
     header("Content-type: application/xrd+xml");
     $aliases = array('acct:' . channel_reddress($r[0]), z_root() . '/channel/' . $r[0]['channel_address'], z_root() . '/~' . $r[0]['channel_address']);
     for ($x = 0; $x < count($aliases); $x++) {
         if ($aliases[$x] === $resource) {
             unset($aliases[$x]);
         }
     }
     $o = replace_macros(get_markup_template('xrd_person.tpl'), array('$nick' => $r[0]['channel_address'], '$accturi' => $resource, '$aliases' => $aliases, '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/feed/' . $r[0]['channel_address'], '$zot_post' => z_root() . '/post/' . $r[0]['channel_address'], '$poco_url' => z_root() . '/poco/' . $r[0]['channel_address'], '$photo' => z_root() . '/photo/profile/l/' . $r[0]['channel_id'], '$dspr' => $dspr, '$modexp' => 'data:application/magic-public-key,' . $salmon_key, '$subscribe' => z_root() . '/follow?url={uri}', '$bigkey' => salmon_key($r[0]['channel_pubkey'])));
     $arr = array('user' => $r[0], 'xml' => $o);
     call_hooks('personal_xrd', $arr);
     echo $arr['xml'];
     killme();
 }
Пример #20
0
function viewsrc_content(&$a)
{
    $o = '';
    $sys = get_sys_channel();
    $item_id = argc() > 1 ? intval(argv(1)) : 0;
    $json = argc() > 2 && argv(2) === 'json' ? true : false;
    if (!local_channel()) {
        notice(t('Permission denied.') . EOL);
    }
    if (!$item_id) {
        App::$error = 404;
        notice(t('Item not found.') . EOL);
    }
    $item_normal = item_normal();
    if (local_channel() && $item_id) {
        $r = q("select id, item_flags, item_obscured, body from item where uid in (%d , %d) and id = %d {$item_normal} limit 1", intval(local_channel()), intval($sys['channel_id']), intval($item_id));
        if ($r) {
            if (intval($r[0]['item_obscured'])) {
                $r[0]['body'] = crypto_unencapsulate(json_decode($r[0]['body'], true), get_config('system', 'prvkey'));
            }
            $o = $json ? json_encode($r[0]['body']) : str_replace("\n", '<br />', $r[0]['body']);
        }
    }
    if (is_ajax()) {
        print '<div><i class="icon-pencil"> ' . t('Source of Item') . ' ' . $r[0]['id'] . '</i></div>';
        echo $o;
        killme();
    }
    return $o;
}
Пример #21
0
function uexport_init(&$a)
{
    if (!local_channel()) {
        killme();
    }
    if (argc() > 1) {
        $channel = App::get_channel();
        require_once 'include/identity.php';
        if (argc() > 1 && intval(argv(1)) > 1900) {
            $year = intval(argv(1));
        }
        if (argc() > 2 && intval(argv(2)) > 0 && intval(argv(2)) <= 12) {
            $month = intval(argv(2));
        }
        header('content-type: application/octet_stream');
        header('content-disposition: attachment; filename="' . $channel['channel_address'] . ($year ? '-' . $year : '') . ($month ? '-' . $month : '') . '.json"');
        if ($year) {
            echo json_encode(identity_export_year(local_channel(), $year, $month));
            killme();
        }
        if (argc() > 1 && argv(1) === 'basic') {
            echo json_encode(identity_basic_export(local_channel()));
            killme();
        }
        // FIXME - this basically doesn't work in the wild with a channel more than a few months old due to memory and execution time limits.
        // It probably needs to be built at the CLI and offered to download as a tarball.  Maybe stored in the members dav.
        if (argc() > 1 && argv(1) === 'complete') {
            echo json_encode(identity_basic_export(local_channel(), true));
            killme();
        }
    }
}
Пример #22
0
 function get()
 {
     if (!local_channel()) {
         killme();
     }
     if (argc() > 2 && intval(argv(1)) && argv(2)) {
         $r = q("SELECT abook_xchan from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc(base64url_decode(argv(2))), intval(local_channel()));
         if ($r) {
             $change = $r[0]['abook_xchan'];
         }
     }
     if (argc() > 1 && intval(argv(1))) {
         $r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1", intval(argv(1)), intval(local_channel()));
         if (!$r) {
             killme();
         }
         $group = $r[0];
         $members = group_get_members($group['id']);
         $preselected = array();
         if (count($members)) {
             foreach ($members as $member) {
                 $preselected[] = $member['xchan_hash'];
             }
         }
         if ($change) {
             if (in_array($change, $preselected)) {
                 group_rmv_member(local_channel(), $group['gname'], $change);
             } else {
                 group_add_member(local_channel(), $group['gname'], $change);
             }
         }
     }
     killme();
 }
Пример #23
0
function p_init(&$a)
{
    if (argc() < 2) {
        http_status_exit(401);
    }
    $mid = str_replace('.xml', '', argv(1));
    $r = q("select * from item where mid = '%s' and item_wall = 1 and item_private = 0 limit 1", dbesc($mid));
    if (!$r || !perm_is_allowed($r[0]['uid'], '', 'view_stream')) {
        http_status_exit(404);
    }
    $c = q("select * from channel where channel_id = %d limit 1", intval($r[0]['uid']));
    if (!$c) {
        http_status_exit(404);
    }
    $myaddr = $c[0]['channel_address'] . '@' . App::get_hostname();
    $item = $r[0];
    $title = $item['title'];
    $body = bb2diaspora_itembody($item);
    $created = datetime_convert('UTC', 'UTC', $item['created'], 'Y-m-d H:i:s \\U\\T\\C');
    $tpl = get_markup_template('diaspora_post.tpl', 'addon/diaspora');
    $msg = replace_macros($tpl, array('$body' => xmlify($body), '$guid' => $item['mid'], '$handle' => xmlify($myaddr), '$public' => 'true', '$created' => $created, '$provider' => $item['app'] ? $item['app'] : t('$projectname')));
    header('Content-type: text/xml');
    echo $msg;
    killme();
}
Пример #24
0
 function post()
 {
     $using_api = false;
     if (\App::$data['api_info'] && array_key_exists('media', $_FILES)) {
         $using_api = true;
         $user_info = \App::$data['api_info'];
         $nick = $user_info['screen_name'];
         $channel = get_channel_by_nick($user_info['screen_name']);
     } elseif (argc() > 1) {
         $channel = get_channel_by_nick(argv(1));
     }
     if (!$channel) {
         killme();
     }
     $observer = \App::get_observer();
     $def_album = get_pconfig($channel['channel_id'], 'system', 'photo_path');
     $def_attach = get_pconfig($channel['channel_id'], 'system', 'attach_path');
     $r = attach_store($channel, $observer ? $observer['xchan_hash'] : '', '', array('source' => 'editor', 'visible' => 0, 'album' => $def_album, 'directory' => $def_attach, 'allow_cid' => '<' . $channel['channel_hash'] . '>'));
     if (!$r['success']) {
         notice($r['message'] . EOL);
         killme();
     }
     if (intval($r['data']['is_photo'])) {
         $s = "\n\n" . $r['body'] . "\n\n";
     } else {
         $s = "\n\n" . '[attachment]' . $r['data']['hash'] . ',' . $r['data']['revision'] . '[/attachment]' . "\n";
     }
     if ($using_api) {
         return $s;
     }
     echo $s;
     killme();
 }
Пример #25
0
 public static function run($argc, $argv)
 {
     if ($argc != 2) {
         killme();
     }
     \App::$session->start();
     $_SESSION['authenticated'] = 1;
     $_SESSION['uid'] = $argv[1];
     $x = session_id();
     $f = 'store/[data]/cookie_' . $argv[1];
     $c = 'store/[data]/cookien_' . $argv[1];
     $e = file_exists($f);
     $output = '';
     if ($e) {
         $lines = file($f);
         if ($lines) {
             foreach ($lines as $line) {
                 if (strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) {
                     $tokens = explode("\t", $line);
                     $tokens = array_map('trim', $tokens);
                     if ($tokens[4] > time()) {
                         $output .= $line . "\n";
                     }
                 } else {
                     $output .= $line;
                 }
             }
         }
     }
     $t = time() + 24 * 3600;
     file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t{$t}\tPHPSESSID\t" . $x, $e ? FILE_APPEND : 0);
     file_put_contents($c, $x);
     killme();
 }
Пример #26
0
function attach_init(&$a)
{
    if ($a->argc != 2) {
        notice(t('Item not available.') . EOL);
        return;
    }
    $item_id = intval($a->argv[1]);
    // Check for existence, which will also provide us the owner uid
    $r = q("SELECT * FROM `attach` WHERE `id` = %d LIMIT 1", intval($item_id));
    if (!count($r)) {
        notice(t('Item was not found.') . EOL);
        return;
    }
    $sql_extra = permissions_sql($r[0]['uid']);
    // Now we'll see if we can access the attachment
    $r = q("SELECT * FROM `attach` WHERE `id` = '%d' {$sql_extra} LIMIT 1", dbesc($item_id));
    if (!count($r)) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    // Use quotes around the filename to prevent a "multiple Content-Disposition"
    // error in Chrome for filenames with commas in them
    header('Content-type: ' . $r[0]['filetype']);
    header('Content-length: ' . $r[0]['filesize']);
    if (isset($_GET['attachment']) && $_GET['attachment'] === '0') {
        header('Content-disposition: filename="' . $r[0]['filename'] . '"');
    } else {
        header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
    }
    echo $r[0]['data'];
    killme();
    // NOTREACHED
}
Пример #27
0
function bookmarks_init(&$a)
{
    if (!local_user()) {
        return;
    }
    $item_id = intval($_REQUEST['item']);
    if (!$item_id) {
        return;
    }
    $u = $a->get_channel();
    $i = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval(local_user()));
    if (!$i) {
        return;
    }
    $i = fetch_post_tags($i);
    $item = $i[0];
    $terms = get_terms_oftype($item['term'], TERM_BOOKMARK);
    if ($terms && !$item['item_restrict']) {
        require_once 'include/bookmarks.php';
        $s = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($item['author_xchan']));
        if (!$s) {
            logger('mod_bookmarks: author lookup failed.');
            killme();
        }
        foreach ($terms as $t) {
            bookmark_add($u, $s[0], $t, $item['item_private']);
            info(t('Bookmark added') . EOL);
        }
    }
    killme();
}
Пример #28
0
function regmod_content(&$a)
{
    global $lang;
    $_SESSION['return_url'] = $a->cmd;
    if (!local_user()) {
        info(t('Please login.') . EOL);
        $o .= '<br /><br />' . login($a->config['register_policy'] == REGISTER_CLOSED ? 0 : 1);
        return $o;
    }
    if (!is_site_admin() || x($_SESSION, 'submanage') && intval($_SESSION['submanage'])) {
        notice(t('Permission denied.') . EOL);
        return '';
    }
    if ($a->argc != 3) {
        killme();
    }
    $cmd = $a->argv[1];
    $hash = $a->argv[2];
    if ($cmd === 'deny') {
        user_deny($hash);
        goaway($a->get_baseurl() . "/admin/users/");
        killme();
    }
    if ($cmd === 'allow') {
        user_allow($hash);
        goaway($a->get_baseurl() . "/admin/users/");
        killme();
    }
}
Пример #29
0
function notify_init(&$a)
{
    if (!local_user()) {
        return;
    }
    if ($a->argc > 2 && $a->argv[1] === 'view' && intval($a->argv[2])) {
        $r = q("select * from notify where id = %d and uid = %d limit 1", intval($a->argv[2]), intval(local_user()));
        if (count($r)) {
            q("update notify set seen = 1 where ( link = '%s' or ( parent != 0 and parent = %d and otype = '%s' )) and uid = %d", dbesc($r[0]['link']), intval($r[0]['parent']), dbesc($r[0]['otype']), intval(local_user()));
            // The friendica client has problems with the GUID. this is some workaround
            if ($a->is_friendica_app()) {
                require_once "include/items.php";
                $urldata = parse_url($r[0]['link']);
                $guid = basename($urldata["path"]);
                $itemdata = get_item_id($guid, local_user());
                if ($itemdata["id"] != 0) {
                    $r[0]['link'] = $a->get_baseurl() . '/display/' . $itemdata["nick"] . '/' . $itemdata["id"];
                }
            }
            goaway($r[0]['link']);
        }
        goaway($a->get_baseurl(true));
    }
    if ($a->argc > 2 && $a->argv[1] === 'mark' && $a->argv[2] === 'all') {
        $r = q("update notify set seen = 1 where uid = %d", intval(local_user()));
        $j = json_encode(array('result' => $r ? 'success' : 'fail'));
        echo $j;
        killme();
    }
}
Пример #30
0
function share_init(&$a)
{
    $post_id = $a->argc > 1 ? intval($a->argv[1]) : 0;
    if (!$post_id || !local_user()) {
        killme();
    }
    $r = q("SELECT item.*, contact.network FROM `item` \n\t\tleft join contact on `item`.`contact-id` = `contact`.`id` \n\t\tWHERE `item`.`id` = %d AND `item`.`uid` = %d LIMIT 1", intval($post_id), intval(local_user()));
    if (!count($r) || $r[0]['private'] == 1) {
        killme();
    }
    if (intval(get_config('system', 'new_share'))) {
        if (strpos($r[0]['body'], "[/share]") !== false) {
            $pos = strpos($r[0]['body'], "[share");
            $o = substr($r[0]['body'], $pos);
        } else {
            $o = "[share author='" . str_replace("'", "&#039;", $r[0]['author-name']) . "' profile='" . $r[0]['author-link'] . "' avatar='" . $r[0]['author-avatar'] . "' link='" . $r[0]['plink'] . "' posted='" . $r[0]['created'] . "']\n";
            if ($r[0]['title']) {
                $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n";
            }
            $o .= $r[0]['body'];
            $o .= "[/share]";
        }
    } else {
        $o = '';
        $o .= "♲" . ' [url=' . $r[0]['author-link'] . ']' . $r[0]['author-name'] . '[/url]' . "\n";
        if ($r[0]['title']) {
            $o .= '[b]' . $r[0]['title'] . '[/b]' . "\n";
        }
        $o .= $r[0]['body'] . "\n";
        $o .= $r[0]['plink'] ? '[url=' . $r[0]['plink'] . ']' . t('link') . '[/url]' . "\n" : '';
    }
    echo $o;
    killme();
}