function post() { if (!local_channel()) { notice(t('Permission denied.') . EOL); return; } require_once 'include/activities.php'; $namechanged = false; // import from json export file. // Only import fields that are allowed on this hub if (x($_FILES, 'userfile')) { $src = $_FILES['userfile']['tmp_name']; $filesize = intval($_FILES['userfile']['size']); if ($filesize) { $j = @json_decode(@file_get_contents($src), true); @unlink($src); if ($j) { $fields = get_profile_fields_advanced(); if ($fields) { foreach ($j as $jj => $v) { foreach ($fields as $f => $n) { if ($jj == $f) { $_POST[$f] = $v; break; } } } } } } } call_hooks('profile_post', $_POST); if (argc() > 1 && argv(1) !== "new" && intval(argv(1))) { $orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(\App::$argv[1]), intval(local_channel())); if (!count($orig)) { notice(t('Profile not found.') . EOL); return; } check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); $is_default = $orig[0]['is_default'] ? 1 : 0; $profile_name = notags(trim($_POST['profile_name'])); if (!strlen($profile_name)) { notice(t('Profile Name is required.') . EOL); return; } $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? $y = substr($dob, 0, 4); if (!ctype_digit($y) || $y < 1900) { $ignore_year = true; } else { $ignore_year = false; } if ($dob != '0000-00-00') { if (strpos($dob, '0000-') === 0) { $ignore_year = true; $dob = substr($dob, 5); } $dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d'); if ($ignore_year) { $dob = '0000-' . $dob; } } $name = escape_tags(trim($_POST['name'])); if ($orig[0]['fullname'] != $name) { $namechanged = true; $v = validate_channelname($name); if ($v) { notice($v); $namechanged = false; $name = $orig[0]['fullname']; } } $pdesc = escape_tags(trim($_POST['pdesc'])); $gender = escape_tags(trim($_POST['gender'])); $address = escape_tags(trim($_POST['address'])); $locality = escape_tags(trim($_POST['locality'])); $region = escape_tags(trim($_POST['region'])); $postal_code = escape_tags(trim($_POST['postal_code'])); $country_name = escape_tags(trim($_POST['country_name'])); $keywords = escape_tags(trim($_POST['keywords'])); $marital = escape_tags(trim($_POST['marital'])); $howlong = escape_tags(trim($_POST['howlong'])); $sexual = escape_tags(trim($_POST['sexual'])); $homepage = escape_tags(trim($_POST['homepage'])); $hometown = escape_tags(trim($_POST['hometown'])); $politic = escape_tags(trim($_POST['politic'])); $religion = escape_tags(trim($_POST['religion'])); $likes = fix_mce_lf(escape_tags(trim($_POST['likes']))); $dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes']))); $about = fix_mce_lf(escape_tags(trim($_POST['about']))); $interest = fix_mce_lf(escape_tags(trim($_POST['interest']))); $contact = fix_mce_lf(escape_tags(trim($_POST['contact']))); $channels = fix_mce_lf(escape_tags(trim($_POST['channels']))); $music = fix_mce_lf(escape_tags(trim($_POST['music']))); $book = fix_mce_lf(escape_tags(trim($_POST['book']))); $tv = fix_mce_lf(escape_tags(trim($_POST['tv']))); $film = fix_mce_lf(escape_tags(trim($_POST['film']))); $romance = fix_mce_lf(escape_tags(trim($_POST['romance']))); $work = fix_mce_lf(escape_tags(trim($_POST['work']))); $education = fix_mce_lf(escape_tags(trim($_POST['education']))); $hide_friends = intval($_POST['hide_friends']) ? 1 : 0; require_once 'include/text.php'; linkify_tags($a, $likes, local_channel()); linkify_tags($a, $dislikes, local_channel()); linkify_tags($a, $about, local_channel()); linkify_tags($a, $interest, local_channel()); linkify_tags($a, $interest, local_channel()); linkify_tags($a, $contact, local_channel()); linkify_tags($a, $channels, local_channel()); linkify_tags($a, $music, local_channel()); linkify_tags($a, $book, local_channel()); linkify_tags($a, $tv, local_channel()); linkify_tags($a, $film, local_channel()); linkify_tags($a, $romance, local_channel()); linkify_tags($a, $work, local_channel()); linkify_tags($a, $education, local_channel()); $with = x($_POST, 'with') ? escape_tags(trim($_POST['with'])) : ''; if (!strlen($howlong)) { $howlong = NULL_DATE; } else { $howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong); } // linkify the relationship target if applicable $withchanged = false; if (strlen($with)) { if ($with != strip_tags($orig[0]['partner'])) { $withchanged = true; $prf = ''; $lookup = $with; if (strpos($lookup, '@') === 0) { $lookup = substr($lookup, 1); } $lookup = str_replace('_', ' ', $lookup); $newname = $lookup; $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_name = '%s' AND abook_channel = %d LIMIT 1", dbesc($newname), intval(local_channel())); if (!$r) { $r = q("SELECT * FROM abook left join xchan on abook_xchan = xchan_hash WHERE xchan_addr = '%s' AND abook_channel = %d LIMIT 1", dbesc($lookup . '@%'), intval(local_channel())); } if ($r) { $prf = $r[0]['xchan_url']; $newname = $r[0]['xchan_name']; } if ($prf) { $with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with); if (strpos($with, '@') === 0) { $with = substr($with, 1); } } } else { $with = $orig[0]['partner']; } } $profile_fields_basic = get_profile_fields_basic(); $profile_fields_advanced = get_profile_fields_advanced(); $advanced = feature_enabled(local_channel(), 'advanced_profiles') ? true : false; if ($advanced) { $fields = $profile_fields_advanced; } else { $fields = $profile_fields_basic; } $z = q("select * from profdef where true"); if ($z) { foreach ($z as $zz) { if (array_key_exists($zz['field_name'], $fields)) { $w = q("select * from profext where channel_id = %d and hash = '%s' and k = '%s' limit 1", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name'])); if ($w) { q("update profext set v = '%s' where id = %d", dbesc(escape_tags(trim($_POST[$zz['field_name']]))), intval($w[0]['id'])); } else { q("insert into profext ( channel_id, hash, k, v ) values ( %d, '%s', '%s', '%s') ", intval(local_channel()), dbesc($orig[0]['profile_guid']), dbesc($zz['field_name']), dbesc(escape_tags(trim($_POST[$zz['field_name']])))); } } } } $changes = array(); $value = ''; if ($is_default) { if ($marital != $orig[0]['marital']) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status'); $value = $marital; } if ($withchanged) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); $value = strip_tags($with); } if ($likes != $orig[0]['likes']) { $changes[] = t('Likes'); $value = $likes; } if ($dislikes != $orig[0]['dislikes']) { $changes[] = t('Dislikes'); $value = $dislikes; } if ($work != $orig[0]['employment']) { $changes[] = t('Work/Employment'); } if ($religion != $orig[0]['religion']) { $changes[] = t('Religion'); $value = $religion; } if ($politic != $orig[0]['politic']) { $changes[] = t('Political Views'); $value = $politic; } if ($gender != $orig[0]['gender']) { $changes[] = t('Gender'); $value = $gender; } if ($sexual != $orig[0]['sexual']) { $changes[] = t('Sexual Preference'); $value = $sexual; } if ($homepage != $orig[0]['homepage']) { $changes[] = t('Homepage'); $value = $homepage; } if ($interest != $orig[0]['interest']) { $changes[] = t('Interests'); $value = $interest; } if ($address != $orig[0]['address']) { $changes[] = t('Address'); // New address not sent in notifications, potential privacy issues // in case this leaks to unintended recipients. Yes, it's in the public // profile but that doesn't mean we have to broadcast it to everybody. } if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country_name']) { $changes[] = t('Location'); $comma1 = $locality && ($region || $country_name) ? ', ' : ' '; $comma2 = $region && $country_name ? ', ' : ''; $value = $locality . $comma1 . $region . $comma2 . $country_name; } profile_activity($changes, $value); } $r = q("UPDATE `profile` \n\t\t\t\tSET `profile_name` = '%s',\n\t\t\t\t`fullname` = '%s',\n\t\t\t\t`pdesc` = '%s',\n\t\t\t\t`gender` = '%s',\n\t\t\t\t`dob` = '%s',\n\t\t\t\t`address` = '%s',\n\t\t\t\t`locality` = '%s',\n\t\t\t\t`region` = '%s',\n\t\t\t\t`postal_code` = '%s',\n\t\t\t\t`country_name` = '%s',\n\t\t\t\t`marital` = '%s',\n\t\t\t\t`partner` = '%s',\n\t\t\t\t`howlong` = '%s',\n\t\t\t\t`sexual` = '%s',\n\t\t\t\t`homepage` = '%s',\n\t\t\t\t`hometown` = '%s',\n\t\t\t\t`politic` = '%s',\n\t\t\t\t`religion` = '%s',\n\t\t\t\t`keywords` = '%s',\n\t\t\t\t`likes` = '%s',\n\t\t\t\t`dislikes` = '%s',\n\t\t\t\t`about` = '%s',\n\t\t\t\t`interest` = '%s',\n\t\t\t\t`contact` = '%s',\n\t\t\t\t`channels` = '%s',\n\t\t\t\t`music` = '%s',\n\t\t\t\t`book` = '%s',\n\t\t\t\t`tv` = '%s',\n\t\t\t\t`film` = '%s',\n\t\t\t\t`romance` = '%s',\n\t\t\t\t`employment` = '%s',\n\t\t\t\t`education` = '%s',\n\t\t\t\t`hide_friends` = %d\n\t\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($channels), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval(argv(1)), intval(local_channel())); if ($r) { info(t('Profile updated.') . EOL); } $r = q("select * from profile where id = %d and uid = %d limit 1", intval(argv(1)), intval(local_channel())); if ($r) { require_once 'include/zot.php'; build_sync_packet(local_channel(), array('profile' => $r)); } $channel = \App::get_channel(); if ($namechanged && $is_default) { $r = q("UPDATE xchan SET xchan_name = '%s', xchan_name_date = '%s' WHERE xchan_hash = '%s'", dbesc($name), dbesc(datetime_convert()), dbesc($channel['xchan_hash'])); $r = q("UPDATE channel SET channel_name = '%s' WHERE channel_hash = '%s'", dbesc($name), dbesc($channel['xchan_hash'])); } if ($is_default) { // reload the info for the sidebar widget - why does this not work? profile_load($channel['channel_address']); \Zotlabs\Daemon\Master::Summon(array('Directory', local_channel())); } } }
function profiles_post(&$a) { if (!local_user()) { notice(t('Permission denied.') . EOL); return; } $namechanged = false; call_hooks('profile_post', $_POST); if ($a->argc > 1 && $a->argv[1] !== "new" && intval($a->argv[1])) { $orig = q("SELECT * FROM `profile` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($a->argv[1]), intval(local_user())); if (!count($orig)) { notice(t('Profile not found.') . EOL); return; } check_form_security_token_redirectOnErr('/profiles', 'profile_edit'); $is_default = $orig[0]['is-default'] ? 1 : 0; $profile_name = notags(trim($_POST['profile_name'])); if (!strlen($profile_name)) { notice(t('Profile Name is required.') . EOL); return; } $dob = $_POST['dob'] ? escape_tags(trim($_POST['dob'])) : '0000-00-00'; // FIXME: Needs to be validated? $y = substr($dob, 0, 4); if (!ctype_digit($y) || $y < 1900) { $ignore_year = true; } else { $ignore_year = false; } if ($dob != '0000-00-00') { if (strpos($dob, '0000-') === 0) { $ignore_year = true; $dob = substr($dob, 5); } $dob = datetime_convert('UTC', 'UTC', $ignore_year ? '1900-' . $dob : $dob, $ignore_year ? 'm-d' : 'Y-m-d'); if ($ignore_year) { $dob = '0000-' . $dob; } } $name = notags(trim($_POST['name'])); if (!strlen($name)) { $name = '[No Name]'; } if ($orig[0]['name'] != $name) { $namechanged = true; } $pdesc = notags(trim($_POST['pdesc'])); $gender = notags(trim($_POST['gender'])); $address = notags(trim($_POST['address'])); $locality = notags(trim($_POST['locality'])); $region = notags(trim($_POST['region'])); $postal_code = notags(trim($_POST['postal_code'])); $country_name = notags(trim($_POST['country_name'])); $pub_keywords = profile_clean_keywords(notags(trim($_POST['pub_keywords']))); $prv_keywords = profile_clean_keywords(notags(trim($_POST['prv_keywords']))); $marital = notags(trim($_POST['marital'])); $howlong = notags(trim($_POST['howlong'])); $with = x($_POST, 'with') ? notags(trim($_POST['with'])) : ''; if (!strlen($howlong)) { $howlong = '0000-00-00 00:00:00'; } else { $howlong = datetime_convert(date_default_timezone_get(), 'UTC', $howlong); } // linkify the relationship target if applicable $withchanged = false; if (strlen($with)) { if ($with != strip_tags($orig[0]['with'])) { $withchanged = true; $prf = ''; $lookup = $with; if (strpos($lookup, '@') === 0) { $lookup = substr($lookup, 1); } $lookup = str_replace('_', ' ', $lookup); if (strpos($lookup, '@') || strpos($lookup, 'http://')) { $newname = $lookup; $links = @lrdd($lookup); if (count($links)) { foreach ($links as $link) { if ($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page') { $prf = $link['@attributes']['href']; } } } } else { $newname = $lookup; /* if(strstr($lookup,' ')) { $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user()) ); } else { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user()) ); }*/ $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1", dbesc($newname), intval(local_user())); if (!$r) { $r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1", dbesc($lookup), intval(local_user())); } if (count($r)) { $prf = $r[0]['url']; $newname = $r[0]['name']; } } if ($prf) { $with = str_replace($lookup, '<a href="' . $prf . '">' . $newname . '</a>', $with); if (strpos($with, '@') === 0) { $with = substr($with, 1); } } } else { $with = $orig[0]['with']; } } $sexual = notags(trim($_POST['sexual'])); $homepage = notags(trim($_POST['homepage'])); if (strpos($homepage, 'http') !== 0 && strlen($homepage)) { // neither http nor https in URL, add them $homepage = 'http://' . $homepage; } $hometown = notags(trim($_POST['hometown'])); $politic = notags(trim($_POST['politic'])); $religion = notags(trim($_POST['religion'])); $likes = fix_mce_lf(escape_tags(trim($_POST['likes']))); $dislikes = fix_mce_lf(escape_tags(trim($_POST['dislikes']))); $about = fix_mce_lf(escape_tags(trim($_POST['about']))); $interest = fix_mce_lf(escape_tags(trim($_POST['interest']))); $contact = fix_mce_lf(escape_tags(trim($_POST['contact']))); $music = fix_mce_lf(escape_tags(trim($_POST['music']))); $book = fix_mce_lf(escape_tags(trim($_POST['book']))); $tv = fix_mce_lf(escape_tags(trim($_POST['tv']))); $film = fix_mce_lf(escape_tags(trim($_POST['film']))); $romance = fix_mce_lf(escape_tags(trim($_POST['romance']))); $work = fix_mce_lf(escape_tags(trim($_POST['work']))); $education = fix_mce_lf(escape_tags(trim($_POST['education']))); $hide_friends = $_POST['hide-friends'] == 1 ? 1 : 0; $changes = array(); $value = ''; if ($is_default) { if ($marital != $orig[0]['marital']) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Marital Status'); $value = $marital; } if ($withchanged) { $changes[] = '[color=#ff0000]♥[/color] ' . t('Romantic Partner'); $value = strip_tags($with); } if ($likes != $orig[0]['likes']) { $changes[] = t('Likes'); $value = $likes; } if ($dislikes != $orig[0]['dislikes']) { $changes[] = t('Dislikes'); $value = $dislikes; } if ($work != $orig[0]['work']) { $changes[] = t('Work/Employment'); } if ($religion != $orig[0]['religion']) { $changes[] = t('Religion'); $value = $religion; } if ($politic != $orig[0]['politic']) { $changes[] = t('Political Views'); $value = $politic; } if ($gender != $orig[0]['gender']) { $changes[] = t('Gender'); $value = $gender; } if ($sexual != $orig[0]['sexual']) { $changes[] = t('Sexual Preference'); $value = $sexual; } if ($homepage != $orig[0]['homepage']) { $changes[] = t('Homepage'); $value = $homepage; } if ($interest != $orig[0]['interest']) { $changes[] = t('Interests'); $value = $interest; } if ($address != $orig[0]['address']) { $changes[] = t('Address'); // New address not sent in notifications, potential privacy issues // in case this leaks to unintended recipients. Yes, it's in the public // profile but that doesn't mean we have to broadcast it to everybody. } if ($locality != $orig[0]['locality'] || $region != $orig[0]['region'] || $country_name != $orig[0]['country-name']) { $changes[] = t('Location'); $comma1 = $locality && ($region || $country_name) ? ', ' : ' '; $comma2 = $region && $country_name ? ', ' : ''; $value = $locality . $comma1 . $region . $comma2 . $country_name; } profile_activity($changes, $value); } $r = q("UPDATE `profile`\n\t\t\tSET `profile-name` = '%s',\n\t\t\t`name` = '%s',\n\t\t\t`pdesc` = '%s',\n\t\t\t`gender` = '%s',\n\t\t\t`dob` = '%s',\n\t\t\t`address` = '%s',\n\t\t\t`locality` = '%s',\n\t\t\t`region` = '%s',\n\t\t\t`postal-code` = '%s',\n\t\t\t`country-name` = '%s',\n\t\t\t`marital` = '%s',\n\t\t\t`with` = '%s',\n\t\t\t`howlong` = '%s',\n\t\t\t`sexual` = '%s',\n\t\t\t`homepage` = '%s',\n\t\t\t`hometown` = '%s',\n\t\t\t`politic` = '%s',\n\t\t\t`religion` = '%s',\n\t\t\t`pub_keywords` = '%s',\n\t\t\t`prv_keywords` = '%s',\n\t\t\t`likes` = '%s',\n\t\t\t`dislikes` = '%s',\n\t\t\t`about` = '%s',\n\t\t\t`interest` = '%s',\n\t\t\t`contact` = '%s',\n\t\t\t`music` = '%s',\n\t\t\t`book` = '%s',\n\t\t\t`tv` = '%s',\n\t\t\t`film` = '%s',\n\t\t\t`romance` = '%s',\n\t\t\t`work` = '%s',\n\t\t\t`education` = '%s',\n\t\t\t`hide-friends` = %d\n\t\t\tWHERE `id` = %d AND `uid` = %d", dbesc($profile_name), dbesc($name), dbesc($pdesc), dbesc($gender), dbesc($dob), dbesc($address), dbesc($locality), dbesc($region), dbesc($postal_code), dbesc($country_name), dbesc($marital), dbesc($with), dbesc($howlong), dbesc($sexual), dbesc($homepage), dbesc($hometown), dbesc($politic), dbesc($religion), dbesc($pub_keywords), dbesc($prv_keywords), dbesc($likes), dbesc($dislikes), dbesc($about), dbesc($interest), dbesc($contact), dbesc($music), dbesc($book), dbesc($tv), dbesc($film), dbesc($romance), dbesc($work), dbesc($education), intval($hide_friends), intval($a->argv[1]), intval(local_user())); if ($r) { info(t('Profile updated.') . EOL); } if ($namechanged && $is_default) { $r = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($name), dbesc(datetime_convert()), intval(local_user())); $r = q("UPDATE `user` set `username` = '%s' where `uid` = %d", dbesc($name), intval(local_user())); } if ($is_default) { $location = $locality; if ($region != "") { if ($location != "") { $location .= ", "; } $location .= $region; } if ($country_name != "") { if ($location != "") { $location .= ", "; } $location .= $country_name; } $r = q("UPDATE `contact` SET `about` = '%s', `location` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `self` = 1 AND `uid` = %d", dbesc($about), dbesc($location), dbesc($pub_keywords), dbesc($gender), intval(local_user())); // Update global directory in background $url = $_SESSION['my_url']; if ($url && strlen(get_config('system', 'directory'))) { proc_run('php', "include/directory.php", "{$url}"); } require_once 'include/profile_update.php'; profile_change(); } } }