]> git.mxchange.org Git - friendica.git/blob - include/items.php
Break out list of acceptable protocols in "src" attribute into separate variable...
[friendica.git] / include / items.php
1 <?php
2
3 /**
4  * @file include/items.php
5  */
6
7 use \Friendica\ParseUrl;
8
9 require_once('include/bbcode.php');
10 require_once('include/oembed.php');
11 require_once('include/salmon.php');
12 require_once('include/crypto.php');
13 require_once('include/Photo.php');
14 require_once('include/tags.php');
15 require_once('include/files.php');
16 require_once('include/text.php');
17 require_once('include/email.php');
18 require_once('include/threads.php');
19 require_once('include/socgraph.php');
20 require_once('include/plaintext.php');
21 require_once('include/ostatus.php');
22 require_once('include/feed.php');
23 require_once('include/Contact.php');
24 require_once('mod/share.php');
25 require_once('include/enotify.php');
26 require_once('include/dfrn.php');
27 require_once('include/group.php');
28
29 require_once('library/defuse/php-encryption-1.2.1/Crypto.php');
30
31 function construct_verb($item) {
32         if ($item['verb'])
33                 return $item['verb'];
34         return ACTIVITY_POST;
35 }
36
37 /* limit_body_size()
38  *
39  *              The purpose of this function is to apply system message length limits to
40  *              imported messages without including any embedded photos in the length
41  */
42 if (! function_exists('limit_body_size')) {
43 function limit_body_size($body) {
44
45 //      logger('limit_body_size: start', LOGGER_DEBUG);
46
47         $maxlen = get_max_import_size();
48
49         // If the length of the body, including the embedded images, is smaller
50         // than the maximum, then don't waste time looking for the images
51         if ($maxlen && (strlen($body) > $maxlen)) {
52
53                 logger('limit_body_size: the total body length exceeds the limit', LOGGER_DEBUG);
54
55                 $orig_body = $body;
56                 $new_body = '';
57                 $textlen = 0;
58                 $max_found = false;
59
60                 $img_start = strpos($orig_body, '[img');
61                 $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
62                 $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false);
63                 while(($img_st_close !== false) && ($img_end !== false)) {
64
65                         $img_st_close++; // make it point to AFTER the closing bracket
66                         $img_end += $img_start;
67                         $img_end += strlen('[/img]');
68
69                         if (! strcmp(substr($orig_body, $img_start + $img_st_close, 5), 'data:')) {
70                                 // This is an embedded image
71
72                                 if ( ($textlen + $img_start) > $maxlen ) {
73                                         if ($textlen < $maxlen) {
74                                                 logger('limit_body_size: the limit happens before an embedded image', LOGGER_DEBUG);
75                                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
76                                                 $textlen = $maxlen;
77                                         }
78                                 } else {
79                                         $new_body = $new_body . substr($orig_body, 0, $img_start);
80                                         $textlen += $img_start;
81                                 }
82
83                                 $new_body = $new_body . substr($orig_body, $img_start, $img_end - $img_start);
84                         } else {
85
86                                 if ( ($textlen + $img_end) > $maxlen ) {
87                                         if ($textlen < $maxlen) {
88                                                 logger('limit_body_size: the limit happens before the end of a non-embedded image', LOGGER_DEBUG);
89                                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
90                                                 $textlen = $maxlen;
91                                         }
92                                 } else {
93                                         $new_body = $new_body . substr($orig_body, 0, $img_end);
94                                         $textlen += $img_end;
95                                 }
96                         }
97                         $orig_body = substr($orig_body, $img_end);
98
99                         if ($orig_body === false) // in case the body ends on a closing image tag
100                                 $orig_body = '';
101
102                         $img_start = strpos($orig_body, '[img');
103                         $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
104                         $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false);
105                 }
106
107                 if ( ($textlen + strlen($orig_body)) > $maxlen) {
108                         if ($textlen < $maxlen) {
109                                 logger('limit_body_size: the limit happens after the end of the last image', LOGGER_DEBUG);
110                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
111                                 $textlen = $maxlen;
112                         }
113                 } else {
114                         logger('limit_body_size: the text size with embedded images extracted did not violate the limit', LOGGER_DEBUG);
115                         $new_body = $new_body . $orig_body;
116                         $textlen += strlen($orig_body);
117                 }
118
119                 return $new_body;
120         } else
121                 return $body;
122 }}
123
124 function title_is_body($title, $body) {
125
126         $title = strip_tags($title);
127         $title = trim($title);
128         $title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
129         $title = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $title);
130
131         $body = strip_tags($body);
132         $body = trim($body);
133         $body = html_entity_decode($body, ENT_QUOTES, 'UTF-8');
134         $body = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $body);
135
136         if (strlen($title) < strlen($body))
137                 $body = substr($body, 0, strlen($title));
138
139         if (($title != $body) and (substr($title, -3) == "...")) {
140                 $pos = strrpos($title, "...");
141                 if ($pos > 0) {
142                         $title = substr($title, 0, $pos);
143                         $body = substr($body, 0, $pos);
144                 }
145         }
146
147         return($title == $body);
148 }
149
150 function add_page_info_data($data) {
151         call_hooks('page_info_data', $data);
152
153         // It maybe is a rich content, but if it does have everything that a link has,
154         // then treat it that way
155         if (($data["type"] == "rich") AND is_string($data["title"]) AND
156                 is_string($data["text"]) AND (sizeof($data["images"]) > 0)) {
157                 $data["type"] = "link";
158         }
159
160         if ((($data["type"] != "link") AND ($data["type"] != "video") AND ($data["type"] != "photo")) OR ($data["title"] == $data["url"])) {
161                 return "";
162         }
163
164         if ($no_photos AND ($data["type"] == "photo")) {
165                 return "";
166         }
167
168         if (sizeof($data["images"]) > 0) {
169                 $preview = $data["images"][0];
170         } else {
171                 $preview = "";
172         }
173
174         // Escape some bad characters
175         $data["url"] = str_replace(array("[", "]"), array("&#91;", "&#93;"), htmlentities($data["url"], ENT_QUOTES, 'UTF-8', false));
176         $data["title"] = str_replace(array("[", "]"), array("&#91;", "&#93;"), htmlentities($data["title"], ENT_QUOTES, 'UTF-8', false));
177
178         $text = "[attachment type='".$data["type"]."'";
179
180         if ($data["text"] == "") {
181                 $data["text"] = $data["title"];
182         }
183
184         if ($data["text"] == "") {
185                 $data["text"] = $data["url"];
186         }
187
188         if ($data["url"] != "") {
189                 $text .= " url='".$data["url"]."'";
190         }
191
192         if ($data["title"] != "") {
193                 $text .= " title='".$data["title"]."'";
194         }
195
196         if (sizeof($data["images"]) > 0) {
197                 $preview = str_replace(array("[", "]"), array("&#91;", "&#93;"), htmlentities($data["images"][0]["src"], ENT_QUOTES, 'UTF-8', false));
198                 // if the preview picture is larger than 500 pixels then show it in a larger mode
199                 // But only, if the picture isn't higher than large (To prevent huge posts)
200                 if (($data["images"][0]["width"] >= 500) AND ($data["images"][0]["width"] >= $data["images"][0]["height"])) {
201                         $text .= " image='".$preview."'";
202                 } else {
203                         $text .= " preview='".$preview."'";
204                 }
205         }
206
207         $text .= "]".$data["text"]."[/attachment]";
208
209         $hashtags = "";
210         if (isset($data["keywords"]) AND count($data["keywords"])) {
211                 $hashtags = "\n";
212                 foreach ($data["keywords"] AS $keyword) {
213                         /// @todo make a positive list of allowed characters
214                         $hashtag = str_replace(array(" ", "+", "/", ".", "#", "'", "’", "`", "(", ")", "„", "“"),
215                                                 array("","", "", "", "", "", "", "", "", "", "", ""), $keyword);
216                         $hashtags .= "#[url=".App::get_baseurl()."/search?tag=".rawurlencode($hashtag)."]".$hashtag."[/url] ";
217                 }
218         }
219
220         return "\n".$text.$hashtags;
221 }
222
223 function query_page_info($url, $no_photos = false, $photo = "", $keywords = false, $keyword_blacklist = "") {
224
225         $data = ParseUrl::getSiteinfoCached($url, true);
226
227         if ($photo != "")
228                 $data["images"][0]["src"] = $photo;
229
230         logger('fetch page info for '.$url.' '.print_r($data, true), LOGGER_DEBUG);
231
232         if (!$keywords AND isset($data["keywords"]))
233                 unset($data["keywords"]);
234
235         if (($keyword_blacklist != "") AND isset($data["keywords"])) {
236                 $list = explode(",", $keyword_blacklist);
237                 foreach ($list AS $keyword) {
238                         $keyword = trim($keyword);
239                         $index = array_search($keyword, $data["keywords"]);
240                         if ($index !== false)
241                                 unset($data["keywords"][$index]);
242                 }
243         }
244
245         return($data);
246 }
247
248 function add_page_keywords($url, $no_photos = false, $photo = "", $keywords = false, $keyword_blacklist = "") {
249         $data = query_page_info($url, $no_photos, $photo, $keywords, $keyword_blacklist);
250
251         $tags = "";
252         if (isset($data["keywords"]) AND count($data["keywords"])) {
253                 foreach ($data["keywords"] AS $keyword) {
254                         $hashtag = str_replace(array(" ", "+", "/", ".", "#", "'"),
255                                                 array("","", "", "", "", ""), $keyword);
256
257                         if ($tags != "")
258                                 $tags .= ",";
259
260                         $tags .= "#[url=".App::get_baseurl()."/search?tag=".rawurlencode($hashtag)."]".$hashtag."[/url]";
261                 }
262         }
263
264         return($tags);
265 }
266
267 function add_page_info($url, $no_photos = false, $photo = "", $keywords = false, $keyword_blacklist = "") {
268         $data = query_page_info($url, $no_photos, $photo, $keywords, $keyword_blacklist);
269
270         $text = add_page_info_data($data);
271
272         return($text);
273 }
274
275 function add_page_info_to_body($body, $texturl = false, $no_photos = false) {
276
277         logger('add_page_info_to_body: fetch page info for body '.$body, LOGGER_DEBUG);
278
279         $URLSearchString = "^\[\]";
280
281         // Fix for Mastodon where the mentions are in a different format
282         $body = preg_replace("/\[url\=([$URLSearchString]*)\]([#!@])(.*?)\[\/url\]/ism",
283                                 '$2[url=$1]$3[/url]', $body);
284
285         // Adding these spaces is a quick hack due to my problems with regular expressions :)
286         preg_match("/[^!#@]\[url\]([$URLSearchString]*)\[\/url\]/ism", " ".$body, $matches);
287
288         if (!$matches)
289                 preg_match("/[^!#@]\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", " ".$body, $matches);
290
291         // Convert urls without bbcode elements
292         if (!$matches AND $texturl) {
293                 preg_match("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", " ".$body, $matches);
294
295                 // Yeah, a hack. I really hate regular expressions :)
296                 if ($matches)
297                         $matches[1] = $matches[2];
298         }
299
300         if ($matches)
301                 $footer = add_page_info($matches[1], $no_photos);
302
303         // Remove the link from the body if the link is attached at the end of the post
304         if (isset($footer) AND (trim($footer) != "") AND (strpos($footer, $matches[1]))) {
305                 $removedlink = trim(str_replace($matches[1], "", $body));
306                 if (($removedlink == "") OR strstr($body, $removedlink))
307                         $body = $removedlink;
308
309                 $url = str_replace(array('/', '.'), array('\/', '\.'), $matches[1]);
310                 $removedlink = preg_replace("/\[url\=".$url."\](.*?)\[\/url\]/ism", '', $body);
311                 if (($removedlink == "") OR strstr($body, $removedlink))
312                         $body = $removedlink;
313         }
314
315         // Add the page information to the bottom
316         if (isset($footer) AND (trim($footer) != ""))
317                 $body .= $footer;
318
319         return $body;
320 }
321
322 /**
323  * Adds a "lang" specification in a "postopts" element of given $arr,
324  * if possible and not already present.
325  * Expects "body" element to exist in $arr.
326  * 
327  * @todo Add a parameter to request forcing override
328  */
329 function item_add_language_opt(&$arr) {
330
331         if (version_compare(PHP_VERSION, '5.3.0', '<')) return; // LanguageDetect.php not available ?
332
333         if ( x($arr, 'postopts') )
334         {
335                 if ( strstr($arr['postopts'], 'lang=') )
336                 {
337                         // do not override
338                         /// @TODO Add parameter to request overriding
339                         return;
340                 }
341                 $postopts = $arr['postopts'];
342         } else {
343                 $postopts = "";
344         }
345
346         require_once('library/langdet/Text/LanguageDetect.php');
347         $naked_body = preg_replace('/\[(.+?)\]/','',$arr['body']);
348         $l = new Text_LanguageDetect;
349         //$lng = $l->detectConfidence($naked_body);
350         //$arr['postopts'] = (($lng['language']) ? 'lang=' . $lng['language'] . ';' . $lng['confidence'] : '');
351         $lng = $l->detect($naked_body, 3);
352
353         if (sizeof($lng) > 0) {
354                 if ($postopts != "") $postopts .= '&'; // arbitrary separator, to be reviewed
355                 $postopts .= 'lang=';
356                 $sep = "";
357                 foreach ($lng as $language => $score) {
358                         $postopts .= $sep . $language.";".$score;
359                         $sep = ':';
360                 }
361                 $arr['postopts'] = $postopts;
362         }
363 }
364
365 /**
366  * @brief Creates an unique guid out of a given uri
367  *
368  * @param string $uri uri of an item entry
369  * @param string $host (Optional) hostname for the GUID prefix
370  * @return string unique guid
371  */
372 function uri_to_guid($uri, $host = "") {
373
374         // Our regular guid routine is using this kind of prefix as well
375         // We have to avoid that different routines could accidentally create the same value
376         $parsed = parse_url($uri);
377
378         if ($host == "") {
379                 $host = $parsed["host"];
380         }
381
382         $guid_prefix = hash("crc32", $host);
383
384         // Remove the scheme to make sure that "https" and "http" doesn't make a difference
385         unset($parsed["scheme"]);
386
387         $host_id = implode("/", $parsed);
388
389         // We could use any hash algorithm since it isn't a security issue
390         $host_hash = hash("ripemd128", $host_id);
391
392         return $guid_prefix.$host_hash;
393 }
394
395 function item_store($arr,$force_parent = false, $notify = false, $dontcache = false) {
396
397         $a = get_app();
398
399         // If it is a posting where users should get notifications, then define it as wall posting
400         if ($notify) {
401                 $arr['wall'] = 1;
402                 $arr['type'] = 'wall';
403                 $arr['origin'] = 1;
404                 $arr['last-child'] = 1;
405                 $arr['network'] = NETWORK_DFRN;
406
407                 // We have to avoid duplicates. So we create the GUID in form of a hash of the plink or uri.
408                 // In difference to the call to "uri_to_guid" several lines below we add the hash of our own host.
409                 // This is done because our host is the original creator of the post.
410                 if (isset($arr['plink'])) {
411                         $arr['guid'] = uri_to_guid($arr['plink'], $a->get_hostname());
412                 } elseif (isset($arr['uri'])) {
413                         $arr['guid'] = uri_to_guid($arr['uri'], $a->get_hostname());
414                 }
415         }
416
417         // If a Diaspora signature structure was passed in, pull it out of the
418         // item array and set it aside for later storage.
419
420         $dsprsig = null;
421         if (x($arr,'dsprsig')) {
422                 $encoded_signature = $arr['dsprsig'];
423                 $dsprsig = json_decode(base64_decode($arr['dsprsig']));
424                 unset($arr['dsprsig']);
425         }
426
427         // Converting the plink
428         if ($arr['network'] == NETWORK_OSTATUS) {
429                 if (isset($arr['plink']))
430                         $arr['plink'] = ostatus::convert_href($arr['plink']);
431                 elseif (isset($arr['uri']))
432                         $arr['plink'] = ostatus::convert_href($arr['uri']);
433         }
434
435         if (x($arr, 'gravity'))
436                 $arr['gravity'] = intval($arr['gravity']);
437         elseif ($arr['parent-uri'] === $arr['uri'])
438                 $arr['gravity'] = 0;
439         elseif (activity_match($arr['verb'],ACTIVITY_POST))
440                 $arr['gravity'] = 6;
441         else
442                 $arr['gravity'] = 6;   // extensible catchall
443
444         if (! x($arr,'type'))
445                 $arr['type']      = 'remote';
446
447
448
449         /* check for create  date and expire time */
450         $uid = intval($arr['uid']);
451         $r = q("SELECT expire FROM user WHERE uid = %d", intval($uid));
452         if (dbm::is_result($r)) {
453                 $expire_interval = $r[0]['expire'];
454                 if ($expire_interval>0) {
455                         $expire_date =  new DateTime( '- '.$expire_interval.' days', new DateTimeZone('UTC'));
456                         $created_date = new DateTime($arr['created'], new DateTimeZone('UTC'));
457                         if ($created_date < $expire_date) {
458                                 logger('item-store: item created ('.$arr['created'].') before expiration time ('.$expire_date->format(DateTime::W3C).'). ignored. ' . print_r($arr,true), LOGGER_DEBUG);
459                                 return 0;
460                         }
461                 }
462         }
463
464         // Do we already have this item?
465         // We have to check several networks since Friendica posts could be repeated via OStatus (maybe Diasporsa as well)
466         if (in_array(trim($arr['network']), array(NETWORK_DIASPORA, NETWORK_DFRN, NETWORK_OSTATUS, ""))) {
467                 $r = q("SELECT `id`, `network` FROM `item` WHERE `uri` = '%s' AND `uid` = %d AND `network` IN ('%s', '%s', '%s')  LIMIT 1",
468                                 dbesc(trim($arr['uri'])),
469                                 intval($uid),
470                                 dbesc(NETWORK_DIASPORA),
471                                 dbesc(NETWORK_DFRN),
472                                 dbesc(NETWORK_OSTATUS)
473                         );
474                 if ($r) {
475                         // We only log the entries with a different user id than 0. Otherwise we would have too many false positives
476                         if ($uid != 0)
477                                 logger("Item with uri ".$arr['uri']." already existed for user ".$uid." with id ".$r[0]["id"]." target network ".$r[0]["network"]." - new network: ".$arr['network']);
478                         return($r[0]["id"]);
479                 }
480         }
481
482         // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
483         // Deactivated, since the bbcode parser can handle with it - and it destroys posts with some smileys that contain "<"
484         //if ((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
485         //      $arr['body'] = strip_tags($arr['body']);
486
487         item_add_language_opt($arr);
488
489         if ($notify)
490                 $guid_prefix = "";
491         elseif ((trim($arr['guid']) == "") AND (trim($arr['plink']) != ""))
492                 $arr['guid'] = uri_to_guid($arr['plink']);
493         elseif ((trim($arr['guid']) == "") AND (trim($arr['uri']) != ""))
494                 $arr['guid'] = uri_to_guid($arr['uri']);
495         else {
496                 $parsed = parse_url($arr["author-link"]);
497                 $guid_prefix = hash("crc32", $parsed["host"]);
498         }
499
500         $arr['wall']          = ((x($arr,'wall'))          ? intval($arr['wall'])                : 0);
501         $arr['guid']          = ((x($arr,'guid'))          ? notags(trim($arr['guid']))          : get_guid(32, $guid_prefix));
502         $arr['uri']           = ((x($arr,'uri'))           ? notags(trim($arr['uri']))           : item_new_uri($a->get_hostname(), $uid, $arr['guid']));
503         $arr['extid']         = ((x($arr,'extid'))         ? notags(trim($arr['extid']))         : '');
504         $arr['author-name']   = ((x($arr,'author-name'))   ? trim($arr['author-name'])   : '');
505         $arr['author-link']   = ((x($arr,'author-link'))   ? notags(trim($arr['author-link']))   : '');
506         $arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : '');
507         $arr['owner-name']    = ((x($arr,'owner-name'))    ? trim($arr['owner-name'])    : '');
508         $arr['owner-link']    = ((x($arr,'owner-link'))    ? notags(trim($arr['owner-link']))    : '');
509         $arr['owner-avatar']  = ((x($arr,'owner-avatar'))  ? notags(trim($arr['owner-avatar']))  : '');
510         $arr['created']       = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
511         $arr['edited']        = ((x($arr,'edited')  !== false) ? datetime_convert('UTC','UTC',$arr['edited'])  : datetime_convert());
512         $arr['commented']     = ((x($arr,'commented')  !== false) ? datetime_convert('UTC','UTC',$arr['commented'])  : datetime_convert());
513         $arr['received']      = ((x($arr,'received')  !== false) ? datetime_convert('UTC','UTC',$arr['received'])  : datetime_convert());
514         $arr['changed']       = ((x($arr,'changed')  !== false) ? datetime_convert('UTC','UTC',$arr['changed'])  : datetime_convert());
515         $arr['title']         = ((x($arr,'title'))         ? trim($arr['title'])         : '');
516         $arr['location']      = ((x($arr,'location'))      ? trim($arr['location'])      : '');
517         $arr['coord']         = ((x($arr,'coord'))         ? notags(trim($arr['coord']))         : '');
518         $arr['last-child']    = ((x($arr,'last-child'))    ? intval($arr['last-child'])          : 0 );
519         $arr['visible']       = ((x($arr,'visible') !== false) ? intval($arr['visible'])         : 1 );
520         $arr['deleted']       = 0;
521         $arr['parent-uri']    = ((x($arr,'parent-uri'))    ? notags(trim($arr['parent-uri']))    : $arr['uri']);
522         $arr['verb']          = ((x($arr,'verb'))          ? notags(trim($arr['verb']))          : '');
523         $arr['object-type']   = ((x($arr,'object-type'))   ? notags(trim($arr['object-type']))   : '');
524         $arr['object']        = ((x($arr,'object'))        ? trim($arr['object'])                : '');
525         $arr['target-type']   = ((x($arr,'target-type'))   ? notags(trim($arr['target-type']))   : '');
526         $arr['target']        = ((x($arr,'target'))        ? trim($arr['target'])                : '');
527         $arr['plink']         = ((x($arr,'plink'))         ? notags(trim($arr['plink']))         : '');
528         $arr['allow_cid']     = ((x($arr,'allow_cid'))     ? trim($arr['allow_cid'])             : '');
529         $arr['allow_gid']     = ((x($arr,'allow_gid'))     ? trim($arr['allow_gid'])             : '');
530         $arr['deny_cid']      = ((x($arr,'deny_cid'))      ? trim($arr['deny_cid'])              : '');
531         $arr['deny_gid']      = ((x($arr,'deny_gid'))      ? trim($arr['deny_gid'])              : '');
532         $arr['private']       = ((x($arr,'private'))       ? intval($arr['private'])             : 0 );
533         $arr['bookmark']      = ((x($arr,'bookmark'))      ? intval($arr['bookmark'])            : 0 );
534         $arr['body']          = ((x($arr,'body'))          ? trim($arr['body'])                  : '');
535         $arr['tag']           = ((x($arr,'tag'))           ? notags(trim($arr['tag']))           : '');
536         $arr['attach']        = ((x($arr,'attach'))        ? notags(trim($arr['attach']))        : '');
537         $arr['app']           = ((x($arr,'app'))           ? notags(trim($arr['app']))           : '');
538         $arr['origin']        = ((x($arr,'origin'))        ? intval($arr['origin'])              : 0 );
539         $arr['network']       = ((x($arr,'network'))       ? trim($arr['network'])               : '');
540         $arr['postopts']      = ((x($arr,'postopts'))      ? trim($arr['postopts'])              : '');
541         $arr['resource-id']   = ((x($arr,'resource-id'))   ? trim($arr['resource-id'])           : '');
542         $arr['event-id']      = ((x($arr,'event-id'))      ? intval($arr['event-id'])            : 0 );
543         $arr['inform']        = ((x($arr,'inform'))        ? trim($arr['inform'])                : '');
544         $arr['file']          = ((x($arr,'file'))          ? trim($arr['file'])                  : '');
545
546         // Items cannot be stored before they happen ...
547         if ($arr['created'] > datetime_convert())
548                 $arr['created'] = datetime_convert();
549
550         // We haven't invented time travel by now.
551         if ($arr['edited'] > datetime_convert())
552                 $arr['edited'] = datetime_convert();
553
554         if (($arr['author-link'] == "") AND ($arr['owner-link'] == ""))
555                 logger("Both author-link and owner-link are empty. Called by: ".App::callstack(), LOGGER_DEBUG);
556
557         if ($arr['plink'] == "") {
558                 $arr['plink'] = App::get_baseurl().'/display/'.urlencode($arr['guid']);
559         }
560
561         if ($arr['network'] == "") {
562                 $r = q("SELECT `network` FROM `contact` WHERE `network` IN ('%s', '%s', '%s') AND `nurl` = '%s' AND `uid` = %d LIMIT 1",
563                         dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS),
564                         dbesc(normalise_link($arr['author-link'])),
565                         intval($arr['uid'])
566                 );
567
568                 if (!dbm::is_result($r))
569                         $r = q("SELECT `network` FROM `gcontact` WHERE `network` IN ('%s', '%s', '%s') AND `nurl` = '%s' LIMIT 1",
570                                 dbesc(NETWORK_DFRN), dbesc(NETWORK_DIASPORA), dbesc(NETWORK_OSTATUS),
571                                 dbesc(normalise_link($arr['author-link']))
572                         );
573
574                 if (!dbm::is_result($r))
575                         $r = q("SELECT `network` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
576                                 intval($arr['contact-id']),
577                                 intval($arr['uid'])
578                         );
579
580                 if (dbm::is_result($r))
581                         $arr['network'] = $r[0]["network"];
582
583                 // Fallback to friendica (why is it empty in some cases?)
584                 if ($arr['network'] == "")
585                         $arr['network'] = NETWORK_DFRN;
586
587                 logger("item_store: Set network to ".$arr["network"]." for ".$arr["uri"], LOGGER_DEBUG);
588         }
589
590         // The contact-id should be set before "item_store" was called - but there seems to be some issues
591         if ($arr["contact-id"] == 0) {
592                 // First we are looking for a suitable contact that matches with the author of the post
593                 // This is done only for comments (See below explanation at "gcontact-id")
594                 if ($arr['parent-uri'] != $arr['uri'])
595                         $arr["contact-id"] = get_contact($arr['author-link'], $uid);
596
597                 // If not present then maybe the owner was found
598                 if ($arr["contact-id"] == 0)
599                         $arr["contact-id"] = get_contact($arr['owner-link'], $uid);
600
601                 // Still missing? Then use the "self" contact of the current user
602                 if ($arr["contact-id"] == 0) {
603                         $r = q("SELECT `id` FROM `contact` WHERE `self` AND `uid` = %d", intval($uid));
604                         if ($r)
605                                 $arr["contact-id"] = $r[0]["id"];
606                 }
607                 logger("Contact-id was missing for post ".$arr["guid"]." from user id ".$uid." - now set to ".$arr["contact-id"], LOGGER_DEBUG);
608         }
609
610         if ($arr["gcontact-id"] == 0) {
611                 // The gcontact should mostly behave like the contact. But is is supposed to be global for the system.
612                 // This means that wall posts, repeated posts, etc. should have the gcontact id of the owner.
613                 // On comments the author is the better choice.
614                 if ($arr['parent-uri'] === $arr['uri'])
615                         $arr["gcontact-id"] = get_gcontact_id(array("url" => $arr['owner-link'], "network" => $arr['network'],
616                                                                  "photo" => $arr['owner-avatar'], "name" => $arr['owner-name']));
617                 else
618                         $arr["gcontact-id"] = get_gcontact_id(array("url" => $arr['author-link'], "network" => $arr['network'],
619                                                                  "photo" => $arr['author-avatar'], "name" => $arr['author-name']));
620         }
621
622         if ($arr["author-id"] == 0)
623                 $arr["author-id"] = get_contact($arr["author-link"], 0);
624
625         if ($arr["owner-id"] == 0)
626                 $arr["owner-id"] = get_contact($arr["owner-link"], 0);
627
628         if ($arr['guid'] != "") {
629                 // Checking if there is already an item with the same guid
630                 logger('checking for an item for user '.$arr['uid'].' on network '.$arr['network'].' with the guid '.$arr['guid'], LOGGER_DEBUG);
631                 $r = q("SELECT `guid` FROM `item` WHERE `guid` = '%s' AND `network` = '%s' AND `uid` = '%d' LIMIT 1",
632                         dbesc($arr['guid']), dbesc($arr['network']), intval($arr['uid']));
633
634                 if (dbm::is_result($r)) {
635                         logger('found item with guid '.$arr['guid'].' for user '.$arr['uid'].' on network '.$arr['network'], LOGGER_DEBUG);
636                         return 0;
637                 }
638         }
639
640         // Check for hashtags in the body and repair or add hashtag links
641         item_body_set_hashtags($arr);
642
643         $arr['thr-parent'] = $arr['parent-uri'];
644         if ($arr['parent-uri'] === $arr['uri']) {
645                 $parent_id = 0;
646                 $parent_deleted = 0;
647                 $allow_cid = $arr['allow_cid'];
648                 $allow_gid = $arr['allow_gid'];
649                 $deny_cid  = $arr['deny_cid'];
650                 $deny_gid  = $arr['deny_gid'];
651                 $notify_type = 'wall-new';
652         } else {
653
654                 // find the parent and snarf the item id and ACLs
655                 // and anything else we need to inherit
656
657                 $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d ORDER BY `id` ASC LIMIT 1",
658                         dbesc($arr['parent-uri']),
659                         intval($arr['uid'])
660                 );
661
662                 if (dbm::is_result($r)) {
663
664                         // is the new message multi-level threaded?
665                         // even though we don't support it now, preserve the info
666                         // and re-attach to the conversation parent.
667
668                         if ($r[0]['uri'] != $r[0]['parent-uri']) {
669                                 $arr['parent-uri'] = $r[0]['parent-uri'];
670                                 $z = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `parent-uri` = '%s' AND `uid` = %d
671                                         ORDER BY `id` ASC LIMIT 1",
672                                         dbesc($r[0]['parent-uri']),
673                                         dbesc($r[0]['parent-uri']),
674                                         intval($arr['uid'])
675                                 );
676                                 if ($z && count($z))
677                                         $r = $z;
678                         }
679
680                         $parent_id      = $r[0]['id'];
681                         $parent_deleted = $r[0]['deleted'];
682                         $allow_cid      = $r[0]['allow_cid'];
683                         $allow_gid      = $r[0]['allow_gid'];
684                         $deny_cid       = $r[0]['deny_cid'];
685                         $deny_gid       = $r[0]['deny_gid'];
686                         $arr['wall']    = $r[0]['wall'];
687                         $notify_type    = 'comment-new';
688
689                         // if the parent is private, force privacy for the entire conversation
690                         // This differs from the above settings as it subtly allows comments from
691                         // email correspondents to be private even if the overall thread is not.
692
693                         if ($r[0]['private'])
694                                 $arr['private'] = $r[0]['private'];
695
696                         // Edge case. We host a public forum that was originally posted to privately.
697                         // The original author commented, but as this is a comment, the permissions
698                         // weren't fixed up so it will still show the comment as private unless we fix it here.
699
700                         if ((intval($r[0]['forum_mode']) == 1) && (! $r[0]['private']))
701                                 $arr['private'] = 0;
702
703
704                         // If its a post from myself then tag the thread as "mention"
705                         logger("item_store: Checking if parent ".$parent_id." has to be tagged as mention for user ".$arr['uid'], LOGGER_DEBUG);
706                         $u = q("SELECT `nickname` FROM `user` WHERE `uid` = %d", intval($arr['uid']));
707                         if (dbm::is_result($u)) {
708                                 $a = get_app();
709                                 $self = normalise_link(App::get_baseurl() . '/profile/' . $u[0]['nickname']);
710                                 logger("item_store: 'myself' is ".$self." for parent ".$parent_id." checking against ".$arr['author-link']." and ".$arr['owner-link'], LOGGER_DEBUG);
711                                 if ((normalise_link($arr['author-link']) == $self) OR (normalise_link($arr['owner-link']) == $self)) {
712                                         q("UPDATE `thread` SET `mention` = 1 WHERE `iid` = %d", intval($parent_id));
713                                         logger("item_store: tagged thread ".$parent_id." as mention for user ".$self, LOGGER_DEBUG);
714                                 }
715                         }
716                 } else {
717
718                         // Allow one to see reply tweets from status.net even when
719                         // we don't have or can't see the original post.
720
721                         if ($force_parent) {
722                                 logger('item_store: $force_parent=true, reply converted to top-level post.');
723                                 $parent_id = 0;
724                                 $arr['parent-uri'] = $arr['uri'];
725                                 $arr['gravity'] = 0;
726                         } else {
727                                 logger('item_store: item parent '.$arr['parent-uri'].' for '.$arr['uid'].' was not found - ignoring item');
728                                 return 0;
729                         }
730
731                         $parent_deleted = 0;
732                 }
733         }
734
735         $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `network` IN ('%s', '%s') AND `uid` = %d LIMIT 1",
736                 dbesc($arr['uri']),
737                 dbesc($arr['network']),
738                 dbesc(NETWORK_DFRN),
739                 intval($arr['uid'])
740         );
741         if (dbm::is_result($r)) {
742                 logger('duplicated item with the same uri found. '.print_r($arr,true));
743                 return 0;
744         }
745
746         // On Friendica and Diaspora the GUID is unique
747         if (in_array($arr['network'], array(NETWORK_DFRN, NETWORK_DIASPORA))) {
748                 $r = q("SELECT `id` FROM `item` WHERE `guid` = '%s' AND `uid` = %d LIMIT 1",
749                         dbesc($arr['guid']),
750                         intval($arr['uid'])
751                 );
752                 if (dbm::is_result($r)) {
753                         logger('duplicated item with the same guid found. '.print_r($arr,true));
754                         return 0;
755                 }
756         } else {
757                 // Check for an existing post with the same content. There seems to be a problem with OStatus.
758                 $r = q("SELECT `id` FROM `item` WHERE `body` = '%s' AND `network` = '%s' AND `created` = '%s' AND `contact-id` = %d AND `uid` = %d LIMIT 1",
759                         dbesc($arr['body']),
760                         dbesc($arr['network']),
761                         dbesc($arr['created']),
762                         intval($arr['contact-id']),
763                         intval($arr['uid'])
764                 );
765                 if (dbm::is_result($r)) {
766                         logger('duplicated item with the same body found. '.print_r($arr,true));
767                         return 0;
768                 }
769         }
770
771         // Is this item available in the global items (with uid=0)?
772         if ($arr["uid"] == 0) {
773                 $arr["global"] = true;
774
775                 // Set the global flag on all items if this was a global item entry
776                 q("UPDATE `item` SET `global` = 1 WHERE `uri` = '%s'", dbesc($arr["uri"]));
777         } else {
778                 $isglobal = q("SELECT `global` FROM `item` WHERE `uid` = 0 AND `uri` = '%s'", dbesc($arr["uri"]));
779
780                 $arr["global"] = (count($isglobal) > 0);
781         }
782
783         // ACL settings
784         if (strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
785                 $private = 1;
786         else
787                 $private = $arr['private'];
788
789         $arr["allow_cid"] = $allow_cid;
790         $arr["allow_gid"] = $allow_gid;
791         $arr["deny_cid"] = $deny_cid;
792         $arr["deny_gid"] = $deny_gid;
793         $arr["private"] = $private;
794         $arr["deleted"] = $parent_deleted;
795
796         // Fill the cache field
797         put_item_in_cache($arr);
798
799         if ($notify)
800                 call_hooks('post_local',$arr);
801         else
802                 call_hooks('post_remote',$arr);
803
804         if (x($arr,'cancel')) {
805                 logger('item_store: post cancelled by plugin.');
806                 return 0;
807         }
808
809         // Check for already added items.
810         // There is a timing issue here that sometimes creates double postings.
811         // An unique index would help - but the limitations of MySQL (maximum size of index values) prevent this.
812         if ($arr["uid"] == 0) {
813                 $r = qu("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = 0 LIMIT 1", dbesc(trim($arr['uri'])));
814                 if (dbm::is_result($r)) {
815                         logger('Global item already stored. URI: '.$arr['uri'].' on network '.$arr['network'], LOGGER_DEBUG);
816                         return 0;
817                 }
818         }
819
820         // Store the unescaped version
821         $unescaped = $arr;
822
823         dbm::esc_array($arr, true);
824
825         logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
826
827         q("COMMIT");
828         q("START TRANSACTION;");
829
830         $r = dbq("INSERT INTO `item` (`"
831                         . implode("`, `", array_keys($arr))
832                         . "`) VALUES ("
833                         . implode(", ", array_values($arr))
834                         . ")");
835
836         // And restore it
837         $arr = $unescaped;
838
839         // When the item was successfully stored we fetch the ID of the item.
840         if (dbm::is_result($r)) {
841                 $r = q("SELECT LAST_INSERT_ID() AS `item-id`");
842                 if (dbm::is_result($r)) {
843                         $current_post = $r[0]['item-id'];
844                 } else {
845                         // This shouldn't happen
846                         $current_post = 0;
847                 }
848         } else {
849                 // This can happen - for example - if there are locking timeouts.
850                 q("ROLLBACK");
851
852                 // Store the data into a spool file so that we can try again later.
853
854                 // At first we restore the Diaspora signature that we removed above.
855                 if (isset($encoded_signature)) {
856                         $arr['dsprsig'] = $encoded_signature;
857                 }
858
859                 // Now we store the data in the spool directory
860                 $file = 'item-'.round(microtime(true) * 10000).".msg";
861                 $spool = get_spoolpath().'/'.$file;
862                 file_put_contents($spool, json_encode($arr));
863                 logger("Item wasn't stored - Item was spooled into file ".$file, LOGGER_DEBUG);
864                 return 0;
865         }
866
867         if ($current_post == 0) {
868                 // This is one of these error messages that never should occur.
869                 logger("couldn't find created item - we better quit now.");
870                 q("ROLLBACK");
871                 return 0;
872         }
873
874         // How much entries have we created?
875         // We wouldn't need this query when we could use an unique index - but MySQL has length problems with them.
876         $r = q("SELECT COUNT(*) AS `entries` FROM `item` WHERE `uri` = '%s' AND `uid` = %d AND `network` = '%s'",
877                 dbesc($arr['uri']),
878                 intval($arr['uid']),
879                 dbesc($arr['network'])
880         );
881
882         if (!dbm::is_result($r)) {
883                 // This shouldn't happen, since COUNT always works when the database connection is there.
884                 logger("We couldn't count the stored entries. Very strange ...");
885                 q("ROLLBACK");
886                 return 0;
887         }
888
889         if ($r[0]["entries"] > 1) {
890                 // There are duplicates. We delete our just created entry.
891                 logger('Duplicated post occurred. uri = '.$arr['uri'].' uid = '.$arr['uid']);
892
893                 // Yes, we could do a rollback here - but we are having many users with MyISAM.
894                 q("DELETE FROM `item` WHERE `id` = %d", intval($current_post));
895                 q("COMMIT");
896                 return 0;
897         } elseif ($r[0]["entries"] == 0) {
898                 // This really should never happen since we quit earlier if there were problems.
899                 logger("Something is terribly wrong. We haven't found our created entry.");
900                 q("ROLLBACK");
901                 return 0;
902         }
903
904         logger('item_store: created item '.$current_post);
905         item_set_last_item($arr);
906
907         if (!$parent_id || ($arr['parent-uri'] === $arr['uri']))
908                 $parent_id = $current_post;
909
910         // Set parent id
911         $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d",
912                 intval($parent_id),
913                 intval($current_post)
914         );
915
916         $arr['id'] = $current_post;
917         $arr['parent'] = $parent_id;
918
919         // update the commented timestamp on the parent
920         // Only update "commented" if it is really a comment
921         if (($arr['verb'] == ACTIVITY_POST) OR !get_config("system", "like_no_comment"))
922                 q("UPDATE `item` SET `commented` = '%s', `changed` = '%s' WHERE `id` = %d",
923                         dbesc(datetime_convert()),
924                         dbesc(datetime_convert()),
925                         intval($parent_id)
926                 );
927         else
928                 q("UPDATE `item` SET `changed` = '%s' WHERE `id` = %d",
929                         dbesc(datetime_convert()),
930                         intval($parent_id)
931                 );
932
933         if ($dsprsig) {
934
935                 // Friendica servers lower than 3.4.3-2 had double encoded the signature ...
936                 // We can check for this condition when we decode and encode the stuff again.
937                 if (base64_encode(base64_decode(base64_decode($dsprsig->signature))) == base64_decode($dsprsig->signature)) {
938                         $dsprsig->signature = base64_decode($dsprsig->signature);
939                         logger("Repaired double encoded signature from handle ".$dsprsig->signer, LOGGER_DEBUG);
940                 }
941
942                 q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
943                         intval($current_post),
944                         dbesc($dsprsig->signed_text),
945                         dbesc($dsprsig->signature),
946                         dbesc($dsprsig->signer)
947                 );
948         }
949
950         $deleted = tag_deliver($arr['uid'],$current_post);
951
952         // current post can be deleted if is for a community page and no mention are
953         // in it.
954         if (!$deleted AND !$dontcache) {
955
956                 $r = q('SELECT * FROM `item` WHERE `id` = %d', intval($current_post));
957                 if ((dbm::is_result($r)) && (count($r) == 1)) {
958                         if ($notify) {
959                                 call_hooks('post_local_end', $r[0]);
960                         } else {
961                                 call_hooks('post_remote_end', $r[0]);
962                         }
963                 } else {
964                         logger('item_store: new item not found in DB, id ' . $current_post);
965                 }
966         }
967
968         if ($arr['parent-uri'] === $arr['uri']) {
969                 add_thread($current_post);
970         } else {
971                 update_thread($parent_id);
972         }
973
974         q("COMMIT");
975
976         // Due to deadlock issues with the "term" table we are doing these steps after the commit.
977         // This is not perfect - but a workable solution until we found the reason for the problem.
978         create_tags_from_item($current_post);
979         create_files_from_item($current_post);
980
981         // If this is now the last-child, force all _other_ children of this parent to *not* be last-child
982         // It is done after the transaction to avoid dead locks.
983         if ($arr['last-child']) {
984                 $r = q("UPDATE `item` SET `last-child` = 0 WHERE `parent-uri` = '%s' AND `uid` = %d AND `id` != %d",
985                         dbesc($arr['uri']),
986                         intval($arr['uid']),
987                         intval($current_post)
988                 );
989         }
990
991         if ($arr['parent-uri'] === $arr['uri']) {
992                 add_shadow_thread($current_post);
993         } else {
994                 add_shadow_entry($current_post);
995         }
996
997         check_item_notification($current_post, $uid);
998
999         if ($notify) {
1000                 proc_run(PRIORITY_HIGH, "include/notifier.php", $notify_type, $current_post);
1001         }
1002
1003         return $current_post;
1004 }
1005
1006 /**
1007  * @brief Set "success_update" and "last-item" to the date of the last time we heard from this contact
1008  *
1009  * This can be used to filter for inactive contacts.
1010  * Only do this for public postings to avoid privacy problems, since poco data is public.
1011  * Don't set this value if it isn't from the owner (could be an author that we don't know)
1012  *
1013  * @param array $arr Contains the just posted item record
1014  */
1015 function item_set_last_item($arr) {
1016
1017         $update = (!$arr['private'] AND (($arr["author-link"] === $arr["owner-link"]) OR ($arr["parent-uri"] === $arr["uri"])));
1018
1019         // Is it a forum? Then we don't care about the rules from above
1020         if (!$update AND ($arr["network"] == NETWORK_DFRN) AND ($arr["parent-uri"] === $arr["uri"])) {
1021                 $isforum = q("SELECT `forum` FROM `contact` WHERE `id` = %d AND `forum`",
1022                                 intval($arr['contact-id']));
1023                 if ($isforum) {
1024                         $update = true;
1025                 }
1026         }
1027
1028         if ($update) {
1029                 q("UPDATE `contact` SET `success_update` = '%s', `last-item` = '%s' WHERE `id` = %d",
1030                         dbesc($arr['received']),
1031                         dbesc($arr['received']),
1032                         intval($arr['contact-id'])
1033                 );
1034         }
1035         // Now do the same for the system wide contacts with uid=0
1036         if (!$arr['private']) {
1037                 q("UPDATE `contact` SET `success_update` = '%s', `last-item` = '%s' WHERE `id` = %d",
1038                         dbesc($arr['received']),
1039                         dbesc($arr['received']),
1040                         intval($arr['owner-id'])
1041                 );
1042
1043                 if ($arr['owner-id'] != $arr['author-id']) {
1044                         q("UPDATE `contact` SET `success_update` = '%s', `last-item` = '%s' WHERE `id` = %d",
1045                                 dbesc($arr['received']),
1046                                 dbesc($arr['received']),
1047                                 intval($arr['author-id'])
1048                         );
1049                 }
1050         }
1051 }
1052
1053 function item_body_set_hashtags(&$item) {
1054
1055         $tags = get_tags($item["body"]);
1056
1057         // No hashtags?
1058         if (!count($tags))
1059                 return(false);
1060
1061         // This sorting is important when there are hashtags that are part of other hashtags
1062         // Otherwise there could be problems with hashtags like #test and #test2
1063         rsort($tags);
1064
1065         $a = get_app();
1066
1067         $URLSearchString = "^\[\]";
1068
1069         // All hashtags should point to the home server
1070         //$item["body"] = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
1071         //              "#[url=".App::get_baseurl()."/search?tag=$2]$2[/url]", $item["body"]);
1072
1073         //$item["tag"] = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
1074         //              "#[url=".App::get_baseurl()."/search?tag=$2]$2[/url]", $item["tag"]);
1075
1076         // mask hashtags inside of url, bookmarks and attachments to avoid urls in urls
1077         $item["body"] = preg_replace_callback("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
1078                 function ($match){
1079                         return("[url=".str_replace("#", "&num;", $match[1])."]".str_replace("#", "&num;", $match[2])."[/url]");
1080                 },$item["body"]);
1081
1082         $item["body"] = preg_replace_callback("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism",
1083                 function ($match){
1084                         return("[bookmark=".str_replace("#", "&num;", $match[1])."]".str_replace("#", "&num;", $match[2])."[/bookmark]");
1085                 },$item["body"]);
1086
1087         $item["body"] = preg_replace_callback("/\[attachment (.*)\](.*?)\[\/attachment\]/ism",
1088                 function ($match){
1089                         return("[attachment ".str_replace("#", "&num;", $match[1])."]".$match[2]."[/attachment]");
1090                 },$item["body"]);
1091
1092         // Repair recursive urls
1093         $item["body"] = preg_replace("/&num;\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism",
1094                         "&num;$2", $item["body"]);
1095
1096
1097         foreach($tags as $tag) {
1098                 if (strpos($tag,'#') !== 0)
1099                         continue;
1100
1101                 if (strpos($tag,'[url='))
1102                         continue;
1103
1104                 $basetag = str_replace('_',' ',substr($tag,1));
1105
1106                 $newtag = '#[url='.App::get_baseurl().'/search?tag='.rawurlencode($basetag).']'.$basetag.'[/url]';
1107
1108                 $item["body"] = str_replace($tag, $newtag, $item["body"]);
1109
1110                 if (!stristr($item["tag"],"/search?tag=".$basetag."]".$basetag."[/url]")) {
1111                         if (strlen($item["tag"]))
1112                                 $item["tag"] = ','.$item["tag"];
1113                         $item["tag"] = $newtag.$item["tag"];
1114                 }
1115         }
1116
1117         // Convert back the masked hashtags
1118         $item["body"] = str_replace("&num;", "#", $item["body"]);
1119 }
1120
1121 function get_item_guid($id) {
1122         $r = q("SELECT `guid` FROM `item` WHERE `id` = %d LIMIT 1", intval($id));
1123         if (dbm::is_result($r))
1124                 return($r[0]["guid"]);
1125         else
1126                 return("");
1127 }
1128
1129 function get_item_id($guid, $uid = 0) {
1130
1131         $nick = "";
1132         $id = 0;
1133
1134         if ($uid == 0)
1135                 $uid == local_user();
1136
1137         // Does the given user have this item?
1138         if ($uid) {
1139                 $r = q("SELECT `item`.`id`, `user`.`nickname` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
1140                         WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
1141                                 AND `item`.`guid` = '%s' AND `item`.`uid` = %d", dbesc($guid), intval($uid));
1142                 if (dbm::is_result($r)) {
1143                         $id = $r[0]["id"];
1144                         $nick = $r[0]["nickname"];
1145                 }
1146         }
1147
1148         // Or is it anywhere on the server?
1149         if ($nick == "") {
1150                 $r = q("SELECT `item`.`id`, `user`.`nickname` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
1151                         WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
1152                                 AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''
1153                                 AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''
1154                                 AND `item`.`private` = 0 AND `item`.`wall` = 1
1155                                 AND `item`.`guid` = '%s'", dbesc($guid));
1156                 if (dbm::is_result($r)) {
1157                         $id = $r[0]["id"];
1158                         $nick = $r[0]["nickname"];
1159                 }
1160         }
1161         return(array("nick" => $nick, "id" => $id));
1162 }
1163
1164 // return - test
1165 function get_item_contact($item,$contacts) {
1166         if (! count($contacts) || (! is_array($item)))
1167                 return false;
1168         foreach($contacts as $contact) {
1169                 if ($contact['id'] == $item['contact-id']) {
1170                         return $contact;
1171                         break; // NOTREACHED
1172                 }
1173         }
1174         return false;
1175 }
1176
1177 /**
1178  * look for mention tags and setup a second delivery chain for forum/community posts if appropriate
1179  * @param int $uid
1180  * @param int $item_id
1181  * @return bool true if item was deleted, else false
1182  */
1183 function tag_deliver($uid,$item_id) {
1184
1185         //
1186
1187         $a = get_app();
1188
1189         $mention = false;
1190
1191         $u = q("select * from user where uid = %d limit 1",
1192                 intval($uid)
1193         );
1194
1195         if (! dbm::is_result($u)) {
1196                 return;
1197         }
1198
1199         $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
1200         $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
1201
1202
1203         $i = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
1204                 intval($item_id),
1205                 intval($uid)
1206         );
1207         if (! dbm::is_result($i)) {
1208                 return;
1209         }
1210
1211         $item = $i[0];
1212
1213         $link = normalise_link(App::get_baseurl() . '/profile/' . $u[0]['nickname']);
1214
1215         // Diaspora uses their own hardwired link URL in @-tags
1216         // instead of the one we supply with webfinger
1217
1218         $dlink = normalise_link(App::get_baseurl() . '/u/' . $u[0]['nickname']);
1219
1220         $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
1221         if ($cnt) {
1222                 foreach($matches as $mtch) {
1223                         if (link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
1224                                 $mention = true;
1225                                 logger('tag_deliver: mention found: ' . $mtch[2]);
1226                         }
1227                 }
1228         }
1229
1230         if (! $mention){
1231                 if ( ($community_page || $prvgroup) &&
1232                           (!$item['wall']) && (!$item['origin']) && ($item['id'] == $item['parent'])){
1233                         // mmh.. no mention.. community page or private group... no wall.. no origin.. top-post (not a comment)
1234                         // delete it!
1235                         logger("tag_deliver: no-mention top-level post to communuty or private group. delete.");
1236                         q("DELETE FROM item WHERE id = %d and uid = %d",
1237                                 intval($item_id),
1238                                 intval($uid)
1239                         );
1240                         return true;
1241                 }
1242                 return;
1243         }
1244
1245         $arr = array('item' => $item, 'user' => $u[0], 'contact' => $r[0]);
1246
1247         call_hooks('tagged', $arr);
1248
1249         if ((! $community_page) && (! $prvgroup))
1250                 return;
1251
1252
1253         // tgroup delivery - setup a second delivery chain
1254         // prevent delivery looping - only proceed
1255         // if the message originated elsewhere and is a top-level post
1256
1257         if (($item['wall']) || ($item['origin']) || ($item['id'] != $item['parent']))
1258                 return;
1259
1260         // now change this copy of the post to a forum head message and deliver to all the tgroup members
1261
1262
1263         $c = q("select name, url, thumb from contact where self = 1 and uid = %d limit 1",
1264                 intval($u[0]['uid'])
1265         );
1266         if (! dbm::is_result($c)) {
1267                 return;
1268         }
1269
1270         // also reset all the privacy bits to the forum default permissions
1271
1272         $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
1273
1274         $forum_mode = (($prvgroup) ? 2 : 1);
1275
1276         q("UPDATE `item` SET `wall` = 1, `origin` = 1, `forum_mode` = %d, `owner-name` = '%s', `owner-link` = '%s', `owner-avatar` = '%s',
1277                 `private` = %d, `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'  WHERE `id` = %d",
1278                 intval($forum_mode),
1279                 dbesc($c[0]['name']),
1280                 dbesc($c[0]['url']),
1281                 dbesc($c[0]['thumb']),
1282                 intval($private),
1283                 dbesc($u[0]['allow_cid']),
1284                 dbesc($u[0]['allow_gid']),
1285                 dbesc($u[0]['deny_cid']),
1286                 dbesc($u[0]['deny_gid']),
1287                 intval($item_id)
1288         );
1289         update_thread($item_id);
1290
1291         proc_run(PRIORITY_HIGH,'include/notifier.php', 'tgroup', $item_id);
1292
1293 }
1294
1295
1296
1297 function tgroup_check($uid,$item) {
1298
1299         $mention = false;
1300
1301         // check that the message originated elsewhere and is a top-level post
1302
1303         if (($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
1304                 return false;
1305
1306         /// @TODO Encapsulate this or find it encapsulated and replace all occurrances
1307         $u = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
1308                 intval($uid)
1309         );
1310         if (! dbm::is_result($u)) {
1311                 return false;
1312         }
1313
1314         $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
1315         $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
1316
1317
1318         $link = normalise_link(App::get_baseurl() . '/profile/' . $u[0]['nickname']);
1319
1320         // Diaspora uses their own hardwired link URL in @-tags
1321         // instead of the one we supply with webfinger
1322
1323         $dlink = normalise_link(App::get_baseurl() . '/u/' . $u[0]['nickname']);
1324
1325         $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
1326         if ($cnt) {
1327                 foreach ($matches as $mtch) {
1328                         if (link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
1329                                 $mention = true;
1330                                 logger('tgroup_check: mention found: ' . $mtch[2]);
1331                         }
1332                 }
1333         }
1334
1335         if (! $mention) {
1336                 return false;
1337         }
1338
1339         /// @TODO Combines both return statements into one
1340         return (($community_page) || ($prvgroup));
1341 }
1342
1343 /*
1344   This function returns true if $update has an edited timestamp newer
1345   than $existing, i.e. $update contains new data which should override
1346   what's already there.  If there is no timestamp yet, the update is
1347   assumed to be newer.  If the update has no timestamp, the existing
1348   item is assumed to be up-to-date.  If the timestamps are equal it
1349   assumes the update has been seen before and should be ignored.
1350   */
1351 function edited_timestamp_is_newer($existing, $update) {
1352         if (!x($existing,'edited') || !$existing['edited']) {
1353                 return true;
1354         }
1355         if (!x($update,'edited') || !$update['edited']) {
1356                 return false;
1357         }
1358
1359         $existing_edited = datetime_convert('UTC', 'UTC', $existing['edited']);
1360         $update_edited = datetime_convert('UTC', 'UTC', $update['edited']);
1361         return (strcmp($existing_edited, $update_edited) < 0);
1362 }
1363
1364 /**
1365  *
1366  * consume_feed - process atom feed and update anything/everything we might need to update
1367  *
1368  * $xml = the (atom) feed to consume - RSS isn't as fully supported but may work for simple feeds.
1369  *
1370  * $importer = the contact_record (joined to user_record) of the local user who owns this relationship.
1371  *             It is this person's stuff that is going to be updated.
1372  * $contact =  the person who is sending us stuff. If not set, we MAY be processing a "follow" activity
1373  *             from an external network and MAY create an appropriate contact record. Otherwise, we MUST
1374  *             have a contact record.
1375  * $hub = should we find a hub declation in the feed, pass it back to our calling process, who might (or
1376  *        might not) try and subscribe to it.
1377  * $datedir sorts in reverse order
1378  * $pass - by default ($pass = 0) we cannot guarantee that a parent item has been
1379  *      imported prior to its children being seen in the stream unless we are certain
1380  *      of how the feed is arranged/ordered.
1381  * With $pass = 1, we only pull parent items out of the stream.
1382  * With $pass = 2, we only pull children (comments/likes).
1383  *
1384  * So running this twice, first with pass 1 and then with pass 2 will do the right
1385  * thing regardless of feed ordering. This won't be adequate in a fully-threaded
1386  * model where comments can have sub-threads. That would require some massive sorting
1387  * to get all the feed items into a mostly linear ordering, and might still require
1388  * recursion.
1389  */
1390
1391 function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) {
1392         if ($contact['network'] === NETWORK_OSTATUS) {
1393                 if ($pass < 2) {
1394                         // Test - remove before flight
1395                         //$tempfile = tempnam(get_temppath(), "ostatus2");
1396                         //file_put_contents($tempfile, $xml);
1397                         logger("Consume OStatus messages ", LOGGER_DEBUG);
1398                         ostatus::import($xml,$importer,$contact, $hub);
1399                 }
1400                 return;
1401         }
1402
1403         if ($contact['network'] === NETWORK_FEED) {
1404                 if ($pass < 2) {
1405                         logger("Consume feeds", LOGGER_DEBUG);
1406                         feed_import($xml,$importer,$contact, $hub);
1407                 }
1408                 return;
1409         }
1410
1411         if ($contact['network'] === NETWORK_DFRN) {
1412                 logger("Consume DFRN messages", LOGGER_DEBUG);
1413
1414                 $r = q("SELECT  `contact`.*, `contact`.`uid` AS `importer_uid`,
1415                                         `contact`.`pubkey` AS `cpubkey`,
1416                                         `contact`.`prvkey` AS `cprvkey`,
1417                                         `contact`.`thumb` AS `thumb`,
1418                                         `contact`.`url` as `url`,
1419                                         `contact`.`name` as `senderName`,
1420                                         `user`.*
1421                         FROM `contact`
1422                         LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
1423                         WHERE `contact`.`id` = %d AND `user`.`uid` = %d",
1424                         dbesc($contact["id"]), dbesc($importer["uid"])
1425                 );
1426                 if ($r) {
1427                         logger("Now import the DFRN feed");
1428                         dfrn::import($xml,$r[0], true);
1429                         return;
1430                 }
1431         }
1432 }
1433
1434 function item_is_remote_self($contact, &$datarray) {
1435         $a = get_app();
1436
1437         if (!$contact['remote_self'])
1438                 return false;
1439
1440         // Prevent the forwarding of posts that are forwarded
1441         if ($datarray["extid"] == NETWORK_DFRN)
1442                 return false;
1443
1444         // Prevent to forward already forwarded posts
1445         if ($datarray["app"] == $a->get_hostname())
1446                 return false;
1447
1448         // Only forward posts
1449         if ($datarray["verb"] != ACTIVITY_POST)
1450                 return false;
1451
1452         if (($contact['network'] != NETWORK_FEED) AND $datarray['private'])
1453                 return false;
1454
1455         $datarray2 = $datarray;
1456         logger('remote-self start - Contact '.$contact['url'].' - '.$contact['remote_self'].' Item '.print_r($datarray, true), LOGGER_DEBUG);
1457         if ($contact['remote_self'] == 2) {
1458                 $r = q("SELECT `id`,`url`,`name`,`thumb` FROM `contact` WHERE `uid` = %d AND `self`",
1459                         intval($contact['uid']));
1460                 if (dbm::is_result($r)) {
1461                         $datarray['contact-id'] = $r[0]["id"];
1462
1463                         $datarray['owner-name'] = $r[0]["name"];
1464                         $datarray['owner-link'] = $r[0]["url"];
1465                         $datarray['owner-avatar'] = $r[0]["thumb"];
1466
1467                         $datarray['author-name']   = $datarray['owner-name'];
1468                         $datarray['author-link']   = $datarray['owner-link'];
1469                         $datarray['author-avatar'] = $datarray['owner-avatar'];
1470                 }
1471
1472                 if ($contact['network'] != NETWORK_FEED) {
1473                         $datarray["guid"] = get_guid(32);
1474                         unset($datarray["plink"]);
1475                         $datarray["uri"] = item_new_uri($a->get_hostname(),$contact['uid'], $datarray["guid"]);
1476                         $datarray["parent-uri"] = $datarray["uri"];
1477                         $datarray["extid"] = $contact['network'];
1478                         $urlpart = parse_url($datarray2['author-link']);
1479                         $datarray["app"] = $urlpart["host"];
1480                 } else
1481                         $datarray['private'] = 0;
1482         }
1483
1484         if ($contact['network'] != NETWORK_FEED) {
1485                 // Store the original post
1486                 $r = item_store($datarray2, false, false);
1487                 logger('remote-self post original item - Contact '.$contact['url'].' return '.$r.' Item '.print_r($datarray2, true), LOGGER_DEBUG);
1488         } else
1489                 $datarray["app"] = "Feed";
1490
1491         return true;
1492 }
1493
1494 function new_follower($importer,$contact,$datarray,$item,$sharing = false) {
1495         $url = notags(trim($datarray['author-link']));
1496         $name = notags(trim($datarray['author-name']));
1497         $photo = notags(trim($datarray['author-avatar']));
1498
1499         if (is_object($item)) {
1500                 $rawtag = $item->get_item_tags(NAMESPACE_ACTIVITY,'actor');
1501                 if ($rawtag && $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'])
1502                         $nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'];
1503         } else
1504                 $nick = $item;
1505
1506         if (is_array($contact)) {
1507                 if (($contact['network'] == NETWORK_OSTATUS && $contact['rel'] == CONTACT_IS_SHARING)
1508                         || ($sharing && $contact['rel'] == CONTACT_IS_FOLLOWER)) {
1509                         $r = q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d",
1510                                 intval(CONTACT_IS_FRIEND),
1511                                 intval($contact['id']),
1512                                 intval($importer['uid'])
1513                         );
1514                 }
1515                 // send email notification to owner?
1516         } else {
1517
1518                 // create contact record
1519
1520                 $r = q("INSERT INTO `contact` (`uid`, `created`, `url`, `nurl`, `name`, `nick`, `photo`, `network`, `rel`,
1521                         `blocked`, `readonly`, `pending`, `writable`)
1522                         VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1)",
1523                         intval($importer['uid']),
1524                         dbesc(datetime_convert()),
1525                         dbesc($url),
1526                         dbesc(normalise_link($url)),
1527                         dbesc($name),
1528                         dbesc($nick),
1529                         dbesc($photo),
1530                         dbesc(($sharing) ? NETWORK_ZOT : NETWORK_OSTATUS),
1531                         intval(($sharing) ? CONTACT_IS_SHARING : CONTACT_IS_FOLLOWER)
1532                 );
1533                 $r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 LIMIT 1",
1534                                 intval($importer['uid']),
1535                                 dbesc($url)
1536                 );
1537                 if (dbm::is_result($r)) {
1538                         $contact_record = $r[0];
1539                         update_contact_avatar($photo, $importer["uid"], $contact_record["id"], true);
1540                 }
1541
1542
1543                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
1544                         intval($importer['uid'])
1545                 );
1546                 $a = get_app();
1547
1548                 if (dbm::is_result($r) AND !in_array($r[0]['page-flags'], array(PAGE_SOAPBOX, PAGE_FREELOVE))) {
1549
1550                         // create notification
1551                         $hash = random_string();
1552
1553                         if (is_array($contact_record)) {
1554                                 $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `hash`, `datetime`)
1555                                         VALUES ( %d, %d, 0, 0, '%s', '%s' )",
1556                                         intval($importer['uid']),
1557                                         intval($contact_record['id']),
1558                                         dbesc($hash),
1559                                         dbesc(datetime_convert())
1560                                 );
1561                         }
1562
1563                         $def_gid = get_default_group($importer['uid'], $contact_record["network"]);
1564
1565                         if (intval($def_gid))
1566                                 group_add_member($importer['uid'],'',$contact_record['id'],$def_gid);
1567
1568                         if (($r[0]['notify-flags'] & NOTIFY_INTRO) &&
1569                                 in_array($r[0]['page-flags'], array(PAGE_NORMAL))) {
1570
1571                                 notification(array(
1572                                         'type'         => NOTIFY_INTRO,
1573                                         'notify_flags' => $r[0]['notify-flags'],
1574                                         'language'     => $r[0]['language'],
1575                                         'to_name'      => $r[0]['username'],
1576                                         'to_email'     => $r[0]['email'],
1577                                         'uid'          => $r[0]['uid'],
1578                                         'link'             => App::get_baseurl() . '/notifications/intro',
1579                                         'source_name'  => ((strlen(stripslashes($contact_record['name']))) ? stripslashes($contact_record['name']) : t('[Name Withheld]')),
1580                                         'source_link'  => $contact_record['url'],
1581                                         'source_photo' => $contact_record['photo'],
1582                                         'verb'         => ($sharing ? ACTIVITY_FRIEND : ACTIVITY_FOLLOW),
1583                                         'otype'        => 'intro'
1584                                 ));
1585
1586                         }
1587                 } elseif (dbm::is_result($r) AND in_array($r[0]['page-flags'], array(PAGE_SOAPBOX, PAGE_FREELOVE))) {
1588                         $r = q("UPDATE `contact` SET `pending` = 0 WHERE `uid` = %d AND `url` = '%s' AND `pending` LIMIT 1",
1589                                         intval($importer['uid']),
1590                                         dbesc($url)
1591                         );
1592                 }
1593
1594         }
1595 }
1596
1597 function lose_follower($importer,$contact,$datarray = array(),$item = "") {
1598
1599         if (($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_SHARING)) {
1600                 q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d",
1601                         intval(CONTACT_IS_SHARING),
1602                         intval($contact['id'])
1603                 );
1604         } else {
1605                 contact_remove($contact['id']);
1606         }
1607 }
1608
1609 function lose_sharer($importer,$contact,$datarray = array(),$item = "") {
1610
1611         if (($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_FOLLOWER)) {
1612                 q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d",
1613                         intval(CONTACT_IS_FOLLOWER),
1614                         intval($contact['id'])
1615                 );
1616         } else {
1617                 contact_remove($contact['id']);
1618         }
1619 }
1620
1621 function subscribe_to_hub($url,$importer,$contact,$hubmode = 'subscribe') {
1622
1623         $a = get_app();
1624
1625         if (is_array($importer)) {
1626                 $r = q("SELECT `nickname` FROM `user` WHERE `uid` = %d LIMIT 1",
1627                         intval($importer['uid'])
1628                 );
1629         }
1630
1631         // Diaspora has different message-ids in feeds than they do
1632         // through the direct Diaspora protocol. If we try and use
1633         // the feed, we'll get duplicates. So don't.
1634
1635         if ((! dbm::is_result($r)) || $contact['network'] === NETWORK_DIASPORA)
1636                 return;
1637
1638         $push_url = get_config('system','url') . '/pubsub/' . $r[0]['nickname'] . '/' . $contact['id'];
1639
1640         // Use a single verify token, even if multiple hubs
1641
1642         $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string());
1643
1644         $params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token;
1645
1646         logger('subscribe_to_hub: ' . $hubmode . ' ' . $contact['name'] . ' to hub ' . $url . ' endpoint: '  . $push_url . ' with verifier ' . $verify_token);
1647
1648         if (!strlen($contact['hub-verify']) OR ($contact['hub-verify'] != $verify_token)) {
1649                 $r = q("UPDATE `contact` SET `hub-verify` = '%s' WHERE `id` = %d",
1650                         dbesc($verify_token),
1651                         intval($contact['id'])
1652                 );
1653         }
1654
1655         post_url($url,$params);
1656
1657         logger('subscribe_to_hub: returns: ' . $a->get_curl_code(), LOGGER_DEBUG);
1658
1659         return;
1660
1661 }
1662
1663 function fix_private_photos($s, $uid, $item = null, $cid = 0) {
1664
1665         if (get_config('system','disable_embedded'))
1666                 return $s;
1667
1668         $a = get_app();
1669
1670         logger('fix_private_photos: check for photos', LOGGER_DEBUG);
1671         $site = substr(App::get_baseurl(),strpos(App::get_baseurl(),'://'));
1672
1673         $orig_body = $s;
1674         $new_body = '';
1675
1676         $img_start = strpos($orig_body, '[img');
1677         $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
1678         $img_len = ($img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false);
1679         while( ($img_st_close !== false) && ($img_len !== false) ) {
1680
1681                 $img_st_close++; // make it point to AFTER the closing bracket
1682                 $image = substr($orig_body, $img_start + $img_st_close, $img_len);
1683
1684                 logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
1685
1686
1687                 if (stristr($image , $site . '/photo/')) {
1688                         // Only embed locally hosted photos
1689                         $replace = false;
1690                         $i = basename($image);
1691                         $i = str_replace(array('.jpg','.png','.gif'),array('','',''),$i);
1692                         $x = strpos($i,'-');
1693
1694                         if ($x) {
1695                                 $res = substr($i,$x+1);
1696                                 $i = substr($i,0,$x);
1697                                 $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d AND `uid` = %d",
1698                                         dbesc($i),
1699                                         intval($res),
1700                                         intval($uid)
1701                                 );
1702                                 if ($r) {
1703
1704                                         // Check to see if we should replace this photo link with an embedded image
1705                                         // 1. No need to do so if the photo is public
1706                                         // 2. If there's a contact-id provided, see if they're in the access list
1707                                         //    for the photo. If so, embed it.
1708                                         // 3. Otherwise, if we have an item, see if the item permissions match the photo
1709                                         //    permissions, regardless of order but first check to see if they're an exact
1710                                         //    match to save some processing overhead.
1711
1712                                         if (has_permissions($r[0])) {
1713                                                 if ($cid) {
1714                                                         $recips = enumerate_permissions($r[0]);
1715                                                         if (in_array($cid, $recips)) {
1716                                                                 $replace = true;
1717                                                         }
1718                                                 } elseif ($item) {
1719                                                         if (compare_permissions($item,$r[0]))
1720                                                                 $replace = true;
1721                                                 }
1722                                         }
1723                                         if ($replace) {
1724                                                 $data = $r[0]['data'];
1725                                                 $type = $r[0]['type'];
1726
1727                                                 // If a custom width and height were specified, apply before embedding
1728                                                 if (preg_match("/\[img\=([0-9]*)x([0-9]*)\]/is", substr($orig_body, $img_start, $img_st_close), $match)) {
1729                                                         logger('fix_private_photos: scaling photo', LOGGER_DEBUG);
1730
1731                                                         $width = intval($match[1]);
1732                                                         $height = intval($match[2]);
1733
1734                                                         $ph = new Photo($data, $type);
1735                                                         if ($ph->is_valid()) {
1736                                                                 $ph->scaleImage(max($width, $height));
1737                                                                 $data = $ph->imageString();
1738                                                                 $type = $ph->getType();
1739                                                         }
1740                                                 }
1741
1742                                                 logger('fix_private_photos: replacing photo', LOGGER_DEBUG);
1743                                                 $image = 'data:' . $type . ';base64,' . base64_encode($data);
1744                                                 logger('fix_private_photos: replaced: ' . $image, LOGGER_DATA);
1745                                         }
1746                                 }
1747                         }
1748                 }
1749
1750                 $new_body = $new_body . substr($orig_body, 0, $img_start + $img_st_close) . $image . '[/img]';
1751                 $orig_body = substr($orig_body, $img_start + $img_st_close + $img_len + strlen('[/img]'));
1752                 if ($orig_body === false)
1753                         $orig_body = '';
1754
1755                 $img_start = strpos($orig_body, '[img');
1756                 $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
1757                 $img_len = ($img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false);
1758         }
1759
1760         $new_body = $new_body . $orig_body;
1761
1762         return($new_body);
1763 }
1764
1765 function has_permissions($obj) {
1766         if (($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != ''))
1767                 return true;
1768         return false;
1769 }
1770
1771 function compare_permissions($obj1,$obj2) {
1772         // first part is easy. Check that these are exactly the same.
1773         if (($obj1['allow_cid'] == $obj2['allow_cid'])
1774                 && ($obj1['allow_gid'] == $obj2['allow_gid'])
1775                 && ($obj1['deny_cid'] == $obj2['deny_cid'])
1776                 && ($obj1['deny_gid'] == $obj2['deny_gid']))
1777                 return true;
1778
1779         // This is harder. Parse all the permissions and compare the resulting set.
1780
1781         $recipients1 = enumerate_permissions($obj1);
1782         $recipients2 = enumerate_permissions($obj2);
1783         sort($recipients1);
1784         sort($recipients2);
1785         if ($recipients1 == $recipients2)
1786                 return true;
1787         return false;
1788 }
1789
1790 // returns an array of contact-ids that are allowed to see this object
1791
1792 function enumerate_permissions($obj) {
1793         $allow_people = expand_acl($obj['allow_cid']);
1794         $allow_groups = expand_groups(expand_acl($obj['allow_gid']));
1795         $deny_people  = expand_acl($obj['deny_cid']);
1796         $deny_groups  = expand_groups(expand_acl($obj['deny_gid']));
1797         $recipients   = array_unique(array_merge($allow_people,$allow_groups));
1798         $deny         = array_unique(array_merge($deny_people,$deny_groups));
1799         $recipients   = array_diff($recipients,$deny);
1800         return $recipients;
1801 }
1802
1803 function item_getfeedtags($item) {
1804         $ret = array();
1805         $matches = false;
1806         $cnt = preg_match_all('|\#\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches);
1807         if ($cnt) {
1808                 for($x = 0; $x < $cnt; $x ++) {
1809                         if ($matches[1][$x])
1810                                 $ret[$matches[2][$x]] = array('#',$matches[1][$x], $matches[2][$x]);
1811                 }
1812         }
1813         $matches = false;
1814         $cnt = preg_match_all('|\@\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches);
1815         if ($cnt) {
1816                 for($x = 0; $x < $cnt; $x ++) {
1817                         if ($matches[1][$x])
1818                                 $ret[] = array('@',$matches[1][$x], $matches[2][$x]);
1819                 }
1820         }
1821         return $ret;
1822 }
1823
1824 function item_expire($uid, $days, $network = "", $force = false) {
1825
1826         if ((! $uid) || ($days < 1))
1827                 return;
1828
1829         // $expire_network_only = save your own wall posts
1830         // and just expire conversations started by others
1831
1832         $expire_network_only = get_pconfig($uid,'expire','network_only');
1833         $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : "");
1834
1835         if ($network != "") {
1836                 $sql_extra .= sprintf(" AND network = '%s' ", dbesc($network));
1837                 // There is an index "uid_network_received" but not "uid_network_created"
1838                 // This avoids the creation of another index just for one purpose.
1839                 // And it doesn't really matter wether to look at "received" or "created"
1840                 $range = "AND `received` < UTC_TIMESTAMP() - INTERVAL %d DAY ";
1841         } else
1842                 $range = "AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY ";
1843
1844         $r = q("SELECT `file`, `resource-id`, `starred`, `type`, `id` FROM `item`
1845                 WHERE `uid` = %d $range
1846                 AND `id` = `parent`
1847                 $sql_extra
1848                 AND `deleted` = 0",
1849                 intval($uid),
1850                 intval($days)
1851         );
1852
1853         if (! dbm::is_result($r))
1854                 return;
1855
1856         $expire_items = get_pconfig($uid, 'expire','items');
1857         $expire_items = (($expire_items===false)?1:intval($expire_items)); // default if not set: 1
1858
1859         // Forcing expiring of items - but not notes and marked items
1860         if ($force)
1861                 $expire_items = true;
1862
1863         $expire_notes = get_pconfig($uid, 'expire','notes');
1864         $expire_notes = (($expire_notes===false)?1:intval($expire_notes)); // default if not set: 1
1865
1866         $expire_starred = get_pconfig($uid, 'expire','starred');
1867         $expire_starred = (($expire_starred===false)?1:intval($expire_starred)); // default if not set: 1
1868
1869         $expire_photos = get_pconfig($uid, 'expire','photos');
1870         $expire_photos = (($expire_photos===false)?0:intval($expire_photos)); // default if not set: 0
1871
1872         logger('expire: # items=' . count($r). "; expire items: $expire_items, expire notes: $expire_notes, expire starred: $expire_starred, expire photos: $expire_photos");
1873
1874         foreach($r as $item) {
1875
1876                 // don't expire filed items
1877
1878                 if (strpos($item['file'],'[') !== false)
1879                         continue;
1880
1881                 // Only expire posts, not photos and photo comments
1882
1883                 if ($expire_photos==0 && strlen($item['resource-id']))
1884                         continue;
1885                 if ($expire_starred==0 && intval($item['starred']))
1886                         continue;
1887                 if ($expire_notes==0 && $item['type']=='note')
1888                         continue;
1889                 if ($expire_items==0 && $item['type']!='note')
1890                         continue;
1891
1892                 drop_item($item['id'],false);
1893         }
1894
1895         proc_run(PRIORITY_HIGH,"include/notifier.php", "expire", $uid);
1896
1897 }
1898
1899
1900 function drop_items($items) {
1901         $uid = 0;
1902
1903         if (! local_user() && ! remote_user())
1904                 return;
1905
1906         if (count($items)) {
1907                 foreach($items as $item) {
1908                         $owner = drop_item($item,false);
1909                         if ($owner && ! $uid)
1910                                 $uid = $owner;
1911                 }
1912         }
1913
1914         // multiple threads may have been deleted, send an expire notification
1915
1916         if ($uid)
1917                 proc_run(PRIORITY_HIGH,"include/notifier.php", "expire", $uid);
1918 }
1919
1920
1921 function drop_item($id,$interactive = true) {
1922
1923         $a = get_app();
1924
1925         // locate item to be deleted
1926
1927         $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
1928                 intval($id)
1929         );
1930
1931         if (! dbm::is_result($r)) {
1932                 if (! $interactive)
1933                         return 0;
1934                 notice( t('Item not found.') . EOL);
1935                 goaway(App::get_baseurl() . '/' . $_SESSION['return_url']);
1936         }
1937
1938         $item = $r[0];
1939
1940         $owner = $item['uid'];
1941
1942         $contact_id = 0;
1943
1944         // check if logged in user is either the author or owner of this item
1945
1946         if (is_array($_SESSION['remote'])) {
1947                 foreach($_SESSION['remote'] as $visitor) {
1948                         if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
1949                                 $contact_id = $visitor['cid'];
1950                                 break;
1951                         }
1952                 }
1953         }
1954
1955
1956         if ((local_user() == $item['uid']) || ($contact_id) || (! $interactive)) {
1957
1958                 // Check if we should do HTML-based delete confirmation
1959                 if ($_REQUEST['confirm']) {
1960                         // <form> can't take arguments in its "action" parameter
1961                         // so add any arguments as hidden inputs
1962                         $query = explode_querystring($a->query_string);
1963                         $inputs = array();
1964                         foreach($query['args'] as $arg) {
1965                                 if (strpos($arg, 'confirm=') === false) {
1966                                         $arg_parts = explode('=', $arg);
1967                                         $inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
1968                                 }
1969                         }
1970
1971                         return replace_macros(get_markup_template('confirm.tpl'), array(
1972                                 '$method' => 'get',
1973                                 '$message' => t('Do you really want to delete this item?'),
1974                                 '$extra_inputs' => $inputs,
1975                                 '$confirm' => t('Yes'),
1976                                 '$confirm_url' => $query['base'],
1977                                 '$confirm_name' => 'confirmed',
1978                                 '$cancel' => t('Cancel'),
1979                         ));
1980                 }
1981                 // Now check how the user responded to the confirmation query
1982                 if ($_REQUEST['canceled']) {
1983                         goaway(App::get_baseurl() . '/' . $_SESSION['return_url']);
1984                 }
1985
1986                 logger('delete item: ' . $item['id'], LOGGER_DEBUG);
1987                 // delete the item
1988
1989                 $r = q("UPDATE `item` SET `deleted` = 1, `title` = '', `body` = '', `edited` = '%s', `changed` = '%s' WHERE `id` = %d",
1990                         dbesc(datetime_convert()),
1991                         dbesc(datetime_convert()),
1992                         intval($item['id'])
1993                 );
1994                 create_tags_from_item($item['id']);
1995                 create_files_from_item($item['id']);
1996                 delete_thread($item['id'], $item['parent-uri']);
1997
1998                 // clean up categories and tags so they don't end up as orphans
1999
2000                 $matches = false;
2001                 $cnt = preg_match_all('/<(.*?)>/',$item['file'],$matches,PREG_SET_ORDER);
2002                 if ($cnt) {
2003                         foreach($matches as $mtch) {
2004                                 file_tag_unsave_file($item['uid'],$item['id'],$mtch[1],true);
2005                         }
2006                 }
2007
2008                 $matches = false;
2009
2010                 $cnt = preg_match_all('/\[(.*?)\]/',$item['file'],$matches,PREG_SET_ORDER);
2011                 if ($cnt) {
2012                         foreach($matches as $mtch) {
2013                                 file_tag_unsave_file($item['uid'],$item['id'],$mtch[1],false);
2014                         }
2015                 }
2016
2017                 // If item is a link to a photo resource, nuke all the associated photos
2018                 // (visitors will not have photo resources)
2019                 // This only applies to photos uploaded from the photos page. Photos inserted into a post do not
2020                 // generate a resource-id and therefore aren't intimately linked to the item.
2021
2022                 if (strlen($item['resource-id'])) {
2023                         q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
2024                                 dbesc($item['resource-id']),
2025                                 intval($item['uid'])
2026                         );
2027                         // ignore the result
2028                 }
2029
2030                 // If item is a link to an event, nuke the event record.
2031
2032                 if (intval($item['event-id'])) {
2033                         q("DELETE FROM `event` WHERE `id` = %d AND `uid` = %d",
2034                                 intval($item['event-id']),
2035                                 intval($item['uid'])
2036                         );
2037                         // ignore the result
2038                 }
2039
2040                 // If item has attachments, drop them
2041
2042                 foreach(explode(",",$item['attach']) as $attach){
2043                         preg_match("|attach/(\d+)|", $attach, $matches);
2044                         q("DELETE FROM `attach` WHERE `id` = %d AND `uid` = %d",
2045                                 intval($matches[1]),
2046                                 local_user()
2047                         );
2048                         // ignore the result
2049                 }
2050
2051
2052                 // clean up item_id and sign meta-data tables
2053
2054                 /*
2055                 // Old code - caused very long queries and warning entries in the mysql logfiles:
2056
2057                 $r = q("DELETE FROM item_id where iid in (select id from item where parent = %d and uid = %d)",
2058                         intval($item['id']),
2059                         intval($item['uid'])
2060                 );
2061
2062                 $r = q("DELETE FROM sign where iid in (select id from item where parent = %d and uid = %d)",
2063                         intval($item['id']),
2064                         intval($item['uid'])
2065                 );
2066                 */
2067
2068                 // The new code splits the queries since the mysql optimizer really has bad problems with subqueries
2069
2070                 // Creating list of parents
2071                 $r = q("select id from item where parent = %d and uid = %d",
2072                         intval($item['id']),
2073                         intval($item['uid'])
2074                 );
2075
2076                 $parentid = "";
2077
2078                 foreach ($r AS $row) {
2079                         if ($parentid != "")
2080                                 $parentid .= ", ";
2081
2082                         $parentid .= $row["id"];
2083                 }
2084
2085                 // Now delete them
2086                 if ($parentid != "") {
2087                         $r = q("DELETE FROM item_id where iid in (%s)", dbesc($parentid));
2088
2089                         $r = q("DELETE FROM sign where iid in (%s)", dbesc($parentid));
2090                 }
2091
2092                 // If it's the parent of a comment thread, kill all the kids
2093
2094                 if ($item['uri'] == $item['parent-uri']) {
2095                         $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = ''
2096                                 WHERE `parent-uri` = '%s' AND `uid` = %d ",
2097                                 dbesc(datetime_convert()),
2098                                 dbesc(datetime_convert()),
2099                                 dbesc($item['parent-uri']),
2100                                 intval($item['uid'])
2101                         );
2102                         create_tags_from_itemuri($item['parent-uri'], $item['uid']);
2103                         create_files_from_itemuri($item['parent-uri'], $item['uid']);
2104                         delete_thread_uri($item['parent-uri'], $item['uid']);
2105                         // ignore the result
2106                 } else {
2107                         // ensure that last-child is set in case the comment that had it just got wiped.
2108                         q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ",
2109                                 dbesc(datetime_convert()),
2110                                 dbesc($item['parent-uri']),
2111                                 intval($item['uid'])
2112                         );
2113                         // who is the last child now?
2114                         $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d ORDER BY `edited` DESC LIMIT 1",
2115                                 dbesc($item['parent-uri']),
2116                                 intval($item['uid'])
2117                         );
2118                         if (dbm::is_result($r)) {
2119                                 q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d",
2120                                         intval($r[0]['id'])
2121                                 );
2122                         }
2123                 }
2124
2125                 $drop_id = intval($item['id']);
2126
2127                 // send the notification upstream/downstream as the case may be
2128
2129                 proc_run(PRIORITY_HIGH,"include/notifier.php", "drop", $drop_id);
2130
2131                 if (! $interactive)
2132                         return $owner;
2133                 goaway(App::get_baseurl() . '/' . $_SESSION['return_url']);
2134                 //NOTREACHED
2135         } else {
2136                 if (! $interactive)
2137                         return 0;
2138                 notice( t('Permission denied.') . EOL);
2139                 goaway(App::get_baseurl() . '/' . $_SESSION['return_url']);
2140                 //NOTREACHED
2141         }
2142
2143 }
2144
2145
2146 function first_post_date($uid,$wall = false) {
2147         $r = q("select id, created from item
2148                 where uid = %d and wall = %d and deleted = 0 and visible = 1 AND moderated = 0
2149                 and id = parent
2150                 order by created asc limit 1",
2151                 intval($uid),
2152                 intval($wall ? 1 : 0)
2153         );
2154         if (dbm::is_result($r)) {
2155 //              logger('first_post_date: ' . $r[0]['id'] . ' ' . $r[0]['created'], LOGGER_DATA);
2156                 return substr(datetime_convert('',date_default_timezone_get(),$r[0]['created']),0,10);
2157         }
2158         return false;
2159 }
2160
2161 /* modified posted_dates() {below} to arrange the list in years */
2162 function list_post_dates($uid, $wall) {
2163         $dnow = datetime_convert('',date_default_timezone_get(),'now','Y-m-d');
2164
2165         $dthen = first_post_date($uid, $wall);
2166         if (! $dthen)
2167                 return array();
2168
2169         // Set the start and end date to the beginning of the month
2170         $dnow = substr($dnow,0,8).'01';
2171         $dthen = substr($dthen,0,8).'01';
2172
2173         $ret = array();
2174
2175         // Starting with the current month, get the first and last days of every
2176         // month down to and including the month of the first post
2177         while(substr($dnow, 0, 7) >= substr($dthen, 0, 7)) {
2178                 $dyear = intval(substr($dnow,0,4));
2179                 $dstart = substr($dnow,0,8) . '01';
2180                 $dend = substr($dnow,0,8) . get_dim(intval($dnow),intval(substr($dnow,5)));
2181                 $start_month = datetime_convert('','',$dstart,'Y-m-d');
2182                 $end_month = datetime_convert('','',$dend,'Y-m-d');
2183                 $str = day_translate(datetime_convert('','',$dnow,'F'));
2184                 if (! $ret[$dyear])
2185                         $ret[$dyear] = array();
2186                 $ret[$dyear][] = array($str,$end_month,$start_month);
2187                 $dnow = datetime_convert('','',$dnow . ' -1 month', 'Y-m-d');
2188         }
2189         return $ret;
2190 }
2191
2192 function posted_dates($uid,$wall) {
2193         $dnow = datetime_convert('',date_default_timezone_get(),'now','Y-m-d');
2194
2195         $dthen = first_post_date($uid,$wall);
2196         if (! $dthen)
2197                 return array();
2198
2199         // Set the start and end date to the beginning of the month
2200         $dnow = substr($dnow,0,8).'01';
2201         $dthen = substr($dthen,0,8).'01';
2202
2203         $ret = array();
2204         // Starting with the current month, get the first and last days of every
2205         // month down to and including the month of the first post
2206         while(substr($dnow, 0, 7) >= substr($dthen, 0, 7)) {
2207                 $dstart = substr($dnow,0,8) . '01';
2208                 $dend = substr($dnow,0,8) . get_dim(intval($dnow),intval(substr($dnow,5)));
2209                 $start_month = datetime_convert('','',$dstart,'Y-m-d');
2210                 $end_month = datetime_convert('','',$dend,'Y-m-d');
2211                 $str = day_translate(datetime_convert('','',$dnow,'F Y'));
2212                 $ret[] = array($str,$end_month,$start_month);
2213                 $dnow = datetime_convert('','',$dnow . ' -1 month', 'Y-m-d');
2214         }
2215         return $ret;
2216 }
2217
2218
2219 function posted_date_widget($url,$uid,$wall) {
2220         $o = '';
2221
2222         if (! feature_enabled($uid,'archives'))
2223                 return $o;
2224
2225         // For former Facebook folks that left because of "timeline"
2226
2227 /*      if ($wall && intval(get_pconfig($uid,'system','no_wall_archive_widget')))
2228                 return $o;*/
2229
2230         $visible_years = get_pconfig($uid,'system','archive_visible_years');
2231         if (! $visible_years)
2232                 $visible_years = 5;
2233
2234         $ret = list_post_dates($uid,$wall);
2235
2236         if (! dbm::is_result($ret))
2237                 return $o;
2238
2239         $cutoff_year = intval(datetime_convert('',date_default_timezone_get(),'now','Y')) - $visible_years;
2240         $cutoff = ((array_key_exists($cutoff_year,$ret))? true : false);
2241
2242         $o = replace_macros(get_markup_template('posted_date_widget.tpl'),array(
2243                 '$title' => t('Archives'),
2244                 '$size' => $visible_years,
2245                 '$cutoff_year' => $cutoff_year,
2246                 '$cutoff' => $cutoff,
2247                 '$url' => $url,
2248                 '$dates' => $ret,
2249                 '$showmore' => t('show more')
2250
2251         ));
2252         return $o;
2253 }