keith/friendica
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

celebrity/group/community pages about 75% implemented

Browse source
This commit is contained in:
Mike Macgirvin 2010-10-17 20:04:17 -07:00
parent f5a8a92df1
commit 0f47ac282c
15 changed files with 133 additions and 62 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
boot.php
View file

@ -22,11 +22,16 @@ define ( 'REL_BUD', 3);
// page/profile types
// PAGE_NORMAL is a typical personal profile account
// PAGE_SOAPBOX automatically approves all friend requests as REL_FAN, (readonly)
// PAGE_COMMUNITY automatically approves all friend requests as REL_FAN, but with
// write access to wall and comments (no email and not included in page owner's ACL lists)
// PAGE_FREELOVE automatically approves all friend requests as full friends (REL_BUD).
define ( 'PAGE_NORMAL', 0 );
define ( 'PAGE_AUTO_FAN', 1 );
define ( 'PAGE_AUTO_FAN_RW', 2 );
define ( 'PAGE_AUTO_BUD', 3 );
define ( 'PAGE_SOAPBOX', 1 );
define ( 'PAGE_COMMUNITY', 2 );
define ( 'PAGE_FREELOVE', 3 );
// Maximum number of "people who like (or don't like) this"
// that we will list by name
@ -102,6 +107,7 @@ class App {
public $pager;
public $strings;
public $path;
public $interactive = true;
private $scheme;
private $hostname;
@ -579,9 +585,9 @@ function remote_user() {
if(! function_exists('notice')) {
function notice($s) {
$_SESSION['sysmsg'] .= $s;
$a = get_app();
if($a->interactive)
$_SESSION['sysmsg'] .= $s;
}}
// wrapper around config to limit the text length of an incoming message

4
include/auth.php
View file

@ -14,6 +14,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
unset($_SESSION['administrator']);
unset($_SESSION['cid']);
unset($_SESSION['theme']);
unset($_SESSION['page_flags']);
notice( t('Logged out.') . EOL);
goaway($a->get_baseurl());
}
@ -34,6 +35,7 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
$a->user = $r[0];
$_SESSION['theme'] = $a->user['theme'];
$_SESSION['page_flags'] = $a->user['page-flags'];
if(strlen($a->user['timezone']))
date_default_timezone_set($a->user['timezone']);
@ -58,6 +60,7 @@ else {
unset($_SESSION['cid']);
unset($_SESSION['theme']);
unset($_SESSION['my_url']);
unset($_SESSION['page_flags']);
$encrypted = hash('whirlpool',trim($_POST['password']));
@ -77,6 +80,7 @@ else {
$_SESSION['uid'] = $r[0]['uid'];
$_SESSION['theme'] = $r[0]['theme'];
$_SESSION['authenticated'] = 1;
$_SESSION['page_flags'] = $r[0]['page-flags'];
$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
notice( t("Welcome back ") . $r[0]['username'] . EOL);

8
include/nav.php
View file

@ -27,8 +27,12 @@ else {
$a->page['nav'] .= '<a id="nav-home-link" class="nav-commlink" href="profile/' . $a->user['nickname'] . '">'
. t('Home') . '</a><span id="home-update" class="nav-ajax-left"></span>' . "\r\n";
$a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications')
. '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
// only show friend requests for normal pages. Other page types have automatic friendship.
if($_SESSION['page_flags'] == PAGE_NORMAL) {
$a->page['nav'] .= '<a id="nav-notify-link" class="nav-commlink" href="notifications">' . t('Notifications')
. '</a><span id="notify-update" class="nav-ajax-left"></span>' . "\r\n";
}
$a->page['nav'] .= '<a id="nav-messages-link" class="nav-commlink" href="message">' . t('Messages')
. '</a><span id="mail-update" class="nav-ajax-left"></span>' . "\r\n";

17
include/security.php
View file

@ -3,15 +3,18 @@
function can_write_wall(&$a,$owner) {
if((! (local_user())) && (! (remote_user())))
return false;
if((local_user()) && ($_SESSION['uid'] == $owner))
$uid = get_uid();
if(($uid) && ($uid === $owner))
return true;
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `id` = %d AND `blocked` = 0 AND `pending` = 0
AND `readonly` = 0 AND `rel` IN ( %d , %d ) LIMIT 1",
intval($owner),
intval($_SESSION['visitor_id']),
intval(REL_VIP),
intval(REL_BUD)
$r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `user`.`uid` = `contact`.`uid`
WHERE `contact`.`uid` = %d AND `contact`.`id` = %d AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `readonly` = 0 AND ( `contact`.`rel` IN ( %d , %d ) OR `user`.`page_flags` = %d ) LIMIT 1",
intval($owner),
intval($_SESSION['visitor_id']),
intval(REL_VIP),
intval(REL_BUD),
intval(PAGE_COMMUNITY)
);
if(count($r))
return true;

1
index.php
View file

@ -88,6 +88,7 @@ if(x($_SESSION,'sysmsg')) {
unset($_SESSION['sysmsg']);
}
// Feel free to comment out this line on production sites.
$a->page['content'] .= $debug_text;

56
mod/dfrn_confirm.php
View file

@ -1,32 +1,60 @@
<?php
// There are two possible entry points. Both are called via POST.
// There are two possible entry points.
function dfrn_confirm_post(&$a) {
function dfrn_confirm_post(&$a,$handsfree = null) {
if($a->argc > 1)
$node = $a->argv[1];
if(is_array($handsfree)) {
// called directly from dfrn_request due to automatic friend acceptance
// any $_POST parameters we might need are supplied in the $handsfree array
$node = $handsfree['node'];
$a->interactive = false; // notice() becomes a no-op since nobody is there to see it
}
else {
if($a->argc > 1)
$node = $a->argv[1];
}
// Main entry point. Our user received a friend request notification (perhaps
// from another site) and clicked 'Accept'. $POST['source_url'] is not set.
// They will perform the following:
// OR we have been called directly from dfrn_request ($handsfree != null) due to
// this being a page type which supports automatic friend acceptance.
if(! x($_POST,'source_url')) {
$uid = get_uid();
$uid = ((is_array($handsfree)) ? $handsfree['uid'] : get_uid());
if(! $uid) {
notice( t('Permission denied.') . EOL );
return;
}
// These come from the friend request notification form.
$user = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
intval($uid)
);
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
$duplex = intval($_POST['duplex']);
if(! $user) {
notice( t('Profile not found.') . EOL );
return;
}
// These come from the friend request notification form or $handsfree reply.
if(is_array($handsfree)) {
$dfrn_id = $handsfree['dfrn_id'];
$intro_id = $handsfree['intro_id'];
$duplex = $handsfre['duplex'];
}
else {
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
$duplex = intval($_POST['duplex']);
}
// The other person will have been issued an ID when they first requested friendship.
// Locate their record. At this time, their record will have both pending and blocked set to 1.
@ -75,7 +103,6 @@ function dfrn_confirm_post(&$a) {
intval($uid)
);
$params = array();
// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our
@ -92,13 +119,13 @@ function dfrn_confirm_post(&$a) {
$src_aes_key = random_string();
$result = '';
openssl_private_encrypt($dfrn_id,$result,$a->user['prvkey']);
openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
$params['dfrn_id'] = bin2hex($result);
$params['public_key'] = $public_key;
$my_url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
$params['source_url'] = bin2hex($params['source_url']);
@ -266,7 +293,8 @@ function dfrn_confirm_post(&$a) {
// Let's send our user to the contact editor in case they want to
// do anything special with this new friend.
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
if($handsfree === null)
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
return; //NOTREACHED
}

39
mod/dfrn_request.php
View file

@ -208,11 +208,16 @@ function dfrn_request_post(&$a) {
notice( t('You have already introduced yourself here.') . EOL );
return;
}
elseif($ret[0]['rel'] == REL_BUD) {
notice( t('Apparently you are already friends with .') . $a->profile['name'] . EOL);
return;
}
else {
$contact_record = $ret[0];
$parms = array('dfrn-request' => $ret[0]['request']);
}
}
$issued_id = random_string();
if(is_array($contact_record)) {
@ -314,8 +319,7 @@ function dfrn_request_post(&$a) {
);
}
// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
if(! $failed)
notice( t('Your introduction has been sent.') . EOL );
@ -417,9 +421,13 @@ function dfrn_request_content(&$a) {
WHERE `contact`.`id` = %d LIMIT 1",
intval($intro[0]['contact-id'])
);
if(count($r)) {
if($r[0]['notify-flags'] & NOTIFY_INTRO) {
$auto_confirm = false;
if(count($r)) {
if($r[0]['page-flags'] != PAGE_NORMAL)
$auto_confirm = true;
if(($r[0]['notify-flags'] & NOTIFY_INTRO) && (! $auto_confirm)) {
$email_tpl = load_view_file('view/request_notify_eml.tpl');
$email = replace_macros($email_tpl, array(
'$requestor' => ((strlen(stripslashes($r[0]['name']))) ? stripslashes($r[0]['name']) : t('[Name Withheld]')),
@ -434,12 +442,29 @@ function dfrn_request_content(&$a) {
'From: ' . t('Administrator') . '@' . $_SERVER[SERVER_NAME] );
// This is a redundant notification - no point throwing errors if it fails.
}
if($auto_confirm) {
require_once('mod/dfrn_confirm.php');
$handsfree = array(
'uid' => $r[0]['uid'],
'node' => $r[0]['nickname'],
'dfrn_id' => $r[0]['issued-id'],
'intro_id' => $intro[0]['id'],
'duplex' => (($r[0]['page-flags'] == PAGE_FREELOVE) ? 1 : 0)
);
dfrn_confirm_post($a,$handsfree);
}
}
$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
dbesc($_GET['confirm_key'])
);
if(! $auto_confirm) {
// If we are auto_confirming, this record will have already been nuked
// in dfrn_confirm_post()
$r = q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s' LIMIT 1",
dbesc($_GET['confirm_key'])
);
}
}
killme();
return; // NOTREACHED

3
mod/lostpass.php
View file

@ -7,7 +7,8 @@ function lostpass_post(&$a) {
if(! $email)
goaway($a->get_baseurl());
$r = q("SELECT * FROM `user` WHERE `email` = '%s' LIMIT 1",
$r = q("SELECT * FROM `user` WHERE ( `email` = '%s' OR `nickname` = '%s' ) LIMIT 1",
dbesc($email),
dbesc($email)
);
if(! count($r))

8
mod/register.php
View file

@ -250,7 +250,13 @@ function register_post(&$a) {
if(! function_exists('register_content')) {
function register_content(&$a) {
if($a->config['register_policy'] == REGISTER_CLOSED) {
// logged in users can register others (people/pages/groups)
// even with closed registrations, unless specifically prohibited by site policy.
// 'block_extended_register' blocks all registrations, period.
$block = get_config('system','block_extended_register');
if((($a->config['register_policy'] == REGISTER_CLOSED) && (! getuid())) || ($block)) {
notice("Permission denied." . EOL);
return;
}

2
mod/settings.php
View file

@ -198,7 +198,7 @@ function settings_content(&$a) {
? true : false);
if($invisible)
notice( t('Profile is not published.') . EOL );
notice( t('Profile is <strong>not published</strong>.') . EOL );
$nickname_block = load_view_file("view/settings_nick_set.tpl");

2
mod/xrd.php
View file

@ -28,7 +28,7 @@ function xrd_content(&$a) {
'$accturi' => $uri,
'$profile_url' => $a->get_baseurl() . '/profile/' . $r[0]['nickname'],
'$atom' => $a->get_baseurl() . '/dfrn_poll/' . $r[0]['nickname'],
'$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'],
'$photo' => $a->get_baseurl() . '/photo/profile/' . $r[0]['uid'] . '.jpg',
'$salmon' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'],
'$salmen' => $a->get_baseurl() . '/salmon/' . $r[0]['nickname'] . '/mention',
'$modexp' => 'data:application/magic-public-key,' . $salmon_key

28
view/intro_complete_eml.tpl
View file

@ -1,27 +1,19 @@
Dear $username,
I've got good news and bad news... first the good news.
'$fn' at '$dfrn_url' has accepted your connection request at
'$sitename'.
'$fn' at '$dfrn_url' has accepted
your connection request at '$sitename'.
The bad news is that '$fn' did not make you a "full friend",
but rather accepted you as a "fan". [Maybe you were expecting this,
maybe not.]
'$fn' has chosen to accept you a "fan", which restricts
some forms of communication - such as private messaging and some profile
interactions. If this is a celebrity or community page, these settings were
applied automatically.
What this means is that '$fn' can communicate with you at any
time and comment on your activities, but your communications to
'$fn' may be restricted. In particular, you do NOT have the
ability to exchange private mail. You are only able to communicate
with '$fn' via your own status updates.
'$fn' may choose to extend this into a two-way or more permissive
relationship in the future.
In the future, '$fn' MAY decide to seek a full connection and make
a reciprocal request. If you approve such a request, you will then be
considered mutual friends with full communication ability.
The network at $sitename allows many types of relationships -
as opposed to older social networks where friendship is either
"yes" or "no" - with nothing in between.
You will start receiving public status updates from '$fn',
which will appear on your 'Network' page at
$siteurl

2
view/login.tpl
View file

@ -2,7 +2,7 @@
<form action="" method="post" >
<input type="hidden" name="auth-params" value="login" />
<div id="login-name-wrapper">
<label for="login-name" id="label-login-name">Username or Email: </label>
<label for="login-name" id="label-login-name">Nickname or Email: </label>
<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
</div>
<div id="login-name-end" ></div>

2
view/lostpass.tpl
View file

@ -6,7 +6,7 @@ Enter your email address and submit to have your password reset. Then check your
<form action="lostpass" method="post" >
<div id="login-name-wrapper">
<label for="login-name" id="label-login-name">Email address: </label>
<label for="login-name" id="label-login-name">Nickname or Email: </label>
<input type="text" maxlength="60" name="login-name" id="login-name" value="" />
</div>
<div id="login-extra-end"></div>

1
view/xrd_person.tpl
View file

@ -17,6 +17,7 @@
type="text/html"
href="$profile_url" />
<Link rel="http://webfinger.net/rel/avatar"
type="image/jpeg"
href="$photo" />
<Link rel="salmon"
href="$salmon" />