]> git.mxchange.org Git - friendica.git/blob - include/items.php
Remote self is now working for diaspora contacts as well.
[friendica.git] / include / items.php
1 <?php
2
3 require_once('include/bbcode.php');
4 require_once('include/oembed.php');
5 require_once('include/salmon.php');
6 require_once('include/crypto.php');
7 require_once('include/Photo.php');
8 require_once('include/tags.php');
9 require_once('include/files.php');
10 require_once('include/text.php');
11 require_once('include/email.php');
12 require_once('include/ostatus_conversation.php');
13 require_once('include/threads.php');
14
15 function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0) {
16
17
18         $sitefeed    = ((strlen($owner_nick)) ? false : true); // not yet implemented, need to rewrite huge chunks of following logic
19         $public_feed = (($dfrn_id) ? false : true);
20         $starred     = false;   // not yet implemented, possible security issues
21         $converse    = false;
22
23         if($public_feed && $a->argc > 2) {
24                 for($x = 2; $x < $a->argc; $x++) {
25                         if($a->argv[$x] == 'converse')
26                                 $converse = true;
27                         if($a->argv[$x] == 'starred')
28                                 $starred = true;
29                         if($a->argv[$x] === 'category' && $a->argc > ($x + 1) && strlen($a->argv[$x+1]))
30                                 $category = $a->argv[$x+1];
31                 }
32         }
33
34
35
36         // default permissions - anonymous user
37
38         $sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid`  = '' AND `deny_gid`  = '' ";
39
40         $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
41                 FROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`
42                 WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
43                 dbesc($owner_nick)
44         );
45
46         if(! count($r))
47                 killme();
48
49         $owner = $r[0];
50         $owner_id = $owner['user_uid'];
51         $owner_nick = $owner['nickname'];
52
53         $birthday = feed_birthday($owner_id,$owner['timezone']);
54
55         $sql_post_table = "";
56
57         if(! $public_feed) {
58
59                 $sql_extra = '';
60                 switch($direction) {
61                         case (-1):
62                                 $sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
63                                 $my_id = $dfrn_id;
64                                 break;
65                         case 0:
66                                 $sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
67                                 $my_id = '1:' . $dfrn_id;
68                                 break;
69                         case 1:
70                                 $sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
71                                 $my_id = '0:' . $dfrn_id;
72                                 break;
73                         default:
74                                 return false;
75                                 break; // NOTREACHED
76                 }
77
78                 $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d $sql_extra LIMIT 1",
79                         intval($owner_id)
80                 );
81
82                 if(! count($r))
83                         killme();
84
85                 $contact = $r[0];
86                 require_once('include/security.php');
87                 $groups = init_groups_visitor($contact['id']);
88
89                 if(count($groups)) {
90                         for($x = 0; $x < count($groups); $x ++)
91                                 $groups[$x] = '<' . intval($groups[$x]) . '>' ;
92                         $gs = implode('|', $groups);
93                 }
94                 else
95                         $gs = '<<>>' ; // Impossible to match
96
97                 $sql_extra = sprintf("
98                         AND ( `allow_cid` = '' OR     `allow_cid` REGEXP '<%d>' )
99                         AND ( `deny_cid`  = '' OR NOT `deny_cid`  REGEXP '<%d>' )
100                         AND ( `allow_gid` = '' OR     `allow_gid` REGEXP '%s' )
101                         AND ( `deny_gid`  = '' OR NOT `deny_gid`  REGEXP '%s')
102                 ",
103                         intval($contact['id']),
104                         intval($contact['id']),
105                         dbesc($gs),
106                         dbesc($gs)
107                 );
108         }
109
110         if($public_feed)
111                 $sort = 'DESC';
112         else
113                 $sort = 'ASC';
114
115         if(! strlen($last_update))
116                 $last_update = 'now -30 days';
117
118         if(isset($category)) {
119                 $sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ",
120                                 dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id));
121                 //$sql_extra .= file_tag_file_query('item',$category,'category');
122         }
123
124         if($public_feed) {
125                 if(! $converse)
126                         $sql_extra .= " AND `contact`.`self` = 1 ";
127         }
128
129         $check_date = datetime_convert('UTC','UTC',$last_update,'Y-m-d H:i:s');
130
131         //      AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
132         //      dbesc($check_date),
133
134         $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,
135                 `contact`.`name`, `contact`.`network`, `contact`.`photo`, `contact`.`url`,
136                 `contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,
137                 `contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`,
138                 `contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,
139                 `sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`
140                 FROM `item` $sql_post_table
141                 INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
142                 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0
143                 LEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`
144                 WHERE `item`.`uid` = %d AND `item`.`visible` = 1 and `item`.`moderated` = 0 AND `item`.`parent` != 0
145                 AND `item`.`wall` = 1 AND `item`.`changed` > '%s'
146                 $sql_extra
147                 ORDER BY `parent` %s, `created` ASC LIMIT 0, 300",
148                 intval($owner_id),
149                 dbesc($check_date),
150                 dbesc($sort)
151         );
152
153         // Will check further below if this actually returned results.
154         // We will provide an empty feed if that is the case.
155
156         $items = $r;
157
158         $feed_template = get_markup_template(($dfrn_id) ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
159
160         $atom = '';
161
162         $hubxml = feed_hublinks();
163
164         $salmon = feed_salmonlinks($owner_nick);
165
166         $alternatelink = $owner['url'];
167
168         if(isset($category))
169                 $alternatelink .= "/category/".$category;
170
171         $atom .= replace_macros($feed_template, array(
172                 '$version'      => xmlify(FRIENDICA_VERSION),
173                 '$feed_id'      => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),
174                 '$feed_title'   => xmlify($owner['name']),
175                 '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now' , ATOM_TIME)) ,
176                 '$hub'          => $hubxml,
177                 '$salmon'       => $salmon,
178                 '$alternatelink' => xmlify($alternatelink),
179                 '$name'         => xmlify($owner['name']),
180                 '$profile_page' => xmlify($owner['url']),
181                 '$photo'        => xmlify($owner['photo']),
182                 '$thumb'        => xmlify($owner['thumb']),
183                 '$picdate'      => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
184                 '$uridate'      => xmlify(datetime_convert('UTC','UTC',$owner['uri-date']    . '+00:00' , ATOM_TIME)) ,
185                 '$namdate'      => xmlify(datetime_convert('UTC','UTC',$owner['name-date']   . '+00:00' , ATOM_TIME)) ,
186                 '$birthday'     => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
187                 '$community'    => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
188         ));
189
190         call_hooks('atom_feed', $atom);
191
192         if(! count($items)) {
193
194                 call_hooks('atom_feed_end', $atom);
195
196                 $atom .= '</feed>' . "\r\n";
197                 return $atom;
198         }
199
200         foreach($items as $item) {
201
202                 // prevent private email from leaking.
203                 if($item['network'] === NETWORK_MAIL)
204                         continue;
205
206                 // public feeds get html, our own nodes use bbcode
207
208                 if($public_feed) {
209                         $type = 'html';
210                         // catch any email that's in a public conversation and make sure it doesn't leak
211                         if($item['private'])
212                                 continue;
213                 }
214                 else {
215                         $type = 'text';
216                 }
217
218                 $atom .= atom_entry($item,$type,null,$owner,true);
219         }
220
221         call_hooks('atom_feed_end', $atom);
222
223         $atom .= '</feed>' . "\r\n";
224
225         return $atom;
226 }
227
228
229 function construct_verb($item) {
230         if($item['verb'])
231                 return $item['verb'];
232         return ACTIVITY_POST;
233 }
234
235 function construct_activity_object($item) {
236
237         if($item['object']) {
238                 $o = '<as:object>' . "\r\n";
239                 $r = parse_xml_string($item['object'],false);
240
241
242                 if(! $r)
243                         return '';
244                 if($r->type)
245                         $o .= '<as:object-type>' . xmlify($r->type) . '</as:object-type>' . "\r\n";
246                 if($r->id)
247                         $o .= '<id>' . xmlify($r->id) . '</id>' . "\r\n";
248                 if($r->title)
249                         $o .= '<title>' . xmlify($r->title) . '</title>' . "\r\n";
250                 if($r->link) {
251                         if(substr($r->link,0,1) === '<') {
252                                 // patch up some facebook "like" activity objects that got stored incorrectly
253                                 // for a couple of months prior to 9-Jun-2011 and generated bad XML.
254                                 // we can probably remove this hack here and in the following function in a few months time.
255                                 if(strstr($r->link,'&') && (! strstr($r->link,'&amp;')))
256                                         $r->link = str_replace('&','&amp;', $r->link);
257                                 $r->link = preg_replace('/\<link(.*?)\"\>/','<link$1"/>',$r->link);
258                                 $o .= $r->link;
259                         }
260                         else
261                                 $o .= '<link rel="alternate" type="text/html" href="' . xmlify($r->link) . '" />' . "\r\n";
262                 }
263                 if($r->content)
264                         $o .= '<content type="html" >' . xmlify(bbcode($r->content)) . '</content>' . "\r\n";
265                 $o .= '</as:object>' . "\r\n";
266                 return $o;
267         }
268
269         return '';
270 }
271
272 function construct_activity_target($item) {
273
274         if($item['target']) {
275                 $o = '<as:target>' . "\r\n";
276                 $r = parse_xml_string($item['target'],false);
277                 if(! $r)
278                         return '';
279                 if($r->type)
280                         $o .= '<as:object-type>' . xmlify($r->type) . '</as:object-type>' . "\r\n";
281                 if($r->id)
282                         $o .= '<id>' . xmlify($r->id) . '</id>' . "\r\n";
283                 if($r->title)
284                         $o .= '<title>' . xmlify($r->title) . '</title>' . "\r\n";
285                 if($r->link) {
286                         if(substr($r->link,0,1) === '<') {
287                                 if(strstr($r->link,'&') && (! strstr($r->link,'&amp;')))
288                                         $r->link = str_replace('&','&amp;', $r->link);
289                                 $r->link = preg_replace('/\<link(.*?)\"\>/','<link$1"/>',$r->link);
290                                 $o .= $r->link;
291                         }
292                         else
293                                 $o .= '<link rel="alternate" type="text/html" href="' . xmlify($r->link) . '" />' . "\r\n";
294                 }
295                 if($r->content)
296                         $o .= '<content type="html" >' . xmlify(bbcode($r->content)) . '</content>' . "\r\n";
297                 $o .= '</as:target>' . "\r\n";
298                 return $o;
299         }
300
301         return '';
302 }
303
304 /* limit_body_size()
305  *
306  *              The purpose of this function is to apply system message length limits to
307  *              imported messages without including any embedded photos in the length
308  */
309 if(! function_exists('limit_body_size')) {
310 function limit_body_size($body) {
311
312 //      logger('limit_body_size: start', LOGGER_DEBUG);
313
314         $maxlen = get_max_import_size();
315
316         // If the length of the body, including the embedded images, is smaller
317         // than the maximum, then don't waste time looking for the images
318         if($maxlen && (strlen($body) > $maxlen)) {
319
320                 logger('limit_body_size: the total body length exceeds the limit', LOGGER_DEBUG);
321
322                 $orig_body = $body;
323                 $new_body = '';
324                 $textlen = 0;
325                 $max_found = false;
326
327                 $img_start = strpos($orig_body, '[img');
328                 $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
329                 $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false);
330                 while(($img_st_close !== false) && ($img_end !== false)) {
331
332                         $img_st_close++; // make it point to AFTER the closing bracket
333                         $img_end += $img_start;
334                         $img_end += strlen('[/img]');
335
336                         if(! strcmp(substr($orig_body, $img_start + $img_st_close, 5), 'data:')) {
337                                 // This is an embedded image
338
339                                 if( ($textlen + $img_start) > $maxlen ) {
340                                         if($textlen < $maxlen) {
341                                                 logger('limit_body_size: the limit happens before an embedded image', LOGGER_DEBUG);
342                                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
343                                                 $textlen = $maxlen;
344                                         }
345                                 }
346                                 else {
347                                         $new_body = $new_body . substr($orig_body, 0, $img_start);
348                                         $textlen += $img_start;
349                                 }
350
351                                 $new_body = $new_body . substr($orig_body, $img_start, $img_end - $img_start);
352                         }
353                         else {
354
355                                 if( ($textlen + $img_end) > $maxlen ) {
356                                         if($textlen < $maxlen) {
357                                                 logger('limit_body_size: the limit happens before the end of a non-embedded image', LOGGER_DEBUG);
358                                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
359                                                 $textlen = $maxlen;
360                                         }
361                                 }
362                                 else {
363                                         $new_body = $new_body . substr($orig_body, 0, $img_end);
364                                         $textlen += $img_end;
365                                 }
366                         }
367                         $orig_body = substr($orig_body, $img_end);
368
369                         if($orig_body === false) // in case the body ends on a closing image tag
370                                 $orig_body = '';
371
372                         $img_start = strpos($orig_body, '[img');
373                         $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
374                         $img_end = ($img_start !== false ? strpos(substr($orig_body, $img_start), '[/img]') : false);
375                 }
376
377                 if( ($textlen + strlen($orig_body)) > $maxlen) {
378                         if($textlen < $maxlen) {
379                                 logger('limit_body_size: the limit happens after the end of the last image', LOGGER_DEBUG);
380                                 $new_body = $new_body . substr($orig_body, 0, $maxlen - $textlen);
381                                 $textlen = $maxlen;
382                         }
383                 }
384                 else {
385                         logger('limit_body_size: the text size with embedded images extracted did not violate the limit', LOGGER_DEBUG);
386                         $new_body = $new_body . $orig_body;
387                         $textlen += strlen($orig_body);
388                 }
389
390                 return $new_body;
391         }
392         else
393                 return $body;
394 }}
395
396 function title_is_body($title, $body) {
397
398         $title = strip_tags($title);
399         $title = trim($title);
400         $title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
401         $title = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $title);
402
403         $body = strip_tags($body);
404         $body = trim($body);
405         $body = html_entity_decode($body, ENT_QUOTES, 'UTF-8');
406         $body = str_replace(array("\n", "\r", "\t", " "), array("","","",""), $body);
407
408         if (strlen($title) < strlen($body))
409                 $body = substr($body, 0, strlen($title));
410
411         if (($title != $body) and (substr($title, -3) == "...")) {
412                 $pos = strrpos($title, "...");
413                 if ($pos > 0) {
414                         $title = substr($title, 0, $pos);
415                         $body = substr($body, 0, $pos);
416                 }
417         }
418
419         return($title == $body);
420 }
421
422
423
424 function get_atom_elements($feed, $item, $contact = array()) {
425
426         require_once('library/HTMLPurifier.auto.php');
427         require_once('include/html2bbcode.php');
428
429         $best_photo = array();
430
431         $res = array();
432
433         $author = $item->get_author();
434         if($author) {
435                 $res['author-name'] = unxmlify($author->get_name());
436                 $res['author-link'] = unxmlify($author->get_link());
437         }
438         else {
439                 $res['author-name'] = unxmlify($feed->get_title());
440                 $res['author-link'] = unxmlify($feed->get_permalink());
441         }
442         $res['uri'] = unxmlify($item->get_id());
443         $res['title'] = unxmlify($item->get_title());
444         $res['body'] = unxmlify($item->get_content());
445         $res['plink'] = unxmlify($item->get_link(0));
446
447         if (isset($contact["network"]) AND ($contact["network"] == NETWORK_FEED) AND strstr($res['plink'], ".app.net/")) {
448                 logger("get_atom_elements: detected app.net posting: ".print_r($res, true), LOGGER_DEBUG);
449                 $res['title'] = "";
450                 $res['body'] = nl2br($res['body']);
451         }
452
453         // removing the content of the title if its identically to the body
454         // This helps with auto generated titles e.g. from tumblr
455         if (title_is_body($res["title"], $res["body"]))
456                 $res['title'] = "";
457
458         if($res['plink'])
459                 $base_url = implode('/', array_slice(explode('/',$res['plink']),0,3));
460         else
461                 $base_url = '';
462
463         // look for a photo. We should check media size and find the best one,
464         // but for now let's just find any author photo
465
466         $rawauthor = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
467
468         if($rawauthor && $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) {
469                 $base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
470                 foreach($base as $link) {
471                         if(!x($res, 'author-avatar') || !$res['author-avatar']) {
472                                 if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar')
473                                         $res['author-avatar'] = unxmlify($link['attribs']['']['href']);
474                         }
475                 }
476         }
477
478         $rawactor = $item->get_item_tags(NAMESPACE_ACTIVITY, 'actor');
479
480         if($rawactor && activity_match($rawactor[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'],ACTIVITY_OBJ_PERSON)) {
481                 $base = $rawactor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
482                 if($base && count($base)) {
483                         foreach($base as $link) {
484                                 if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link']))
485                                         $res['author-link'] = unxmlify($link['attribs']['']['href']);
486                                 if(!x($res, 'author-avatar') || !$res['author-avatar']) {
487                                         if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo')
488                                                 $res['author-avatar'] = unxmlify($link['attribs']['']['href']);
489                                 }
490                         }
491                 }
492         }
493
494         // No photo/profile-link on the item - look at the feed level
495
496         if((! (x($res,'author-link'))) || (! (x($res,'author-avatar')))) {
497                 $rawauthor = $feed->get_feed_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
498                 if($rawauthor && $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) {
499                         $base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
500                         foreach($base as $link) {
501                                 if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link']))
502                                         $res['author-link'] = unxmlify($link['attribs']['']['href']);
503                                 if(! $res['author-avatar']) {
504                                         if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar')
505                                                 $res['author-avatar'] = unxmlify($link['attribs']['']['href']);
506                                 }
507                         }
508                 }
509
510                 $rawactor = $feed->get_feed_tags(NAMESPACE_ACTIVITY, 'subject');
511
512                 if($rawactor && activity_match($rawactor[0]['child'][NAMESPACE_ACTIVITY]['object-type'][0]['data'],ACTIVITY_OBJ_PERSON)) {
513                         $base = $rawactor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
514
515                         if($base && count($base)) {
516                                 foreach($base as $link) {
517                                         if($link['attribs']['']['rel'] === 'alternate' && (! $res['author-link']))
518                                                 $res['author-link'] = unxmlify($link['attribs']['']['href']);
519                                         if(! (x($res,'author-avatar'))) {
520                                                 if($link['attribs']['']['rel'] === 'avatar' || $link['attribs']['']['rel'] === 'photo')
521                                                         $res['author-avatar'] = unxmlify($link['attribs']['']['href']);
522                                         }
523                                 }
524                         }
525                 }
526         }
527
528         $apps = $item->get_item_tags(NAMESPACE_STATUSNET,'notice_info');
529         if($apps && $apps[0]['attribs']['']['source']) {
530                 $res['app'] = strip_tags(unxmlify($apps[0]['attribs']['']['source']));
531                 if($res['app'] === 'web')
532                         $res['app'] = 'OStatus';
533         }
534
535         // base64 encoded json structure representing Diaspora signature
536
537         $dsig = $item->get_item_tags(NAMESPACE_DFRN,'diaspora_signature');
538         if($dsig) {
539                 $res['dsprsig'] = unxmlify($dsig[0]['data']);
540         }
541
542         $dguid = $item->get_item_tags(NAMESPACE_DFRN,'diaspora_guid');
543         if($dguid)
544                 $res['guid'] = unxmlify($dguid[0]['data']);
545
546         $bm = $item->get_item_tags(NAMESPACE_DFRN,'bookmark');
547         if($bm)
548                 $res['bookmark'] = ((unxmlify($bm[0]['data']) === 'true') ? 1 : 0);
549
550
551         /**
552          * If there's a copy of the body content which is guaranteed to have survived mangling in transit, use it.
553          */
554
555         $have_real_body = false;
556
557         $rawenv = $item->get_item_tags(NAMESPACE_DFRN, 'env');
558         if($rawenv) {
559                 $have_real_body = true;
560                 $res['body'] = $rawenv[0]['data'];
561                 $res['body'] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$res['body']);
562                 // make sure nobody is trying to sneak some html tags by us
563                 $res['body'] = notags(base64url_decode($res['body']));
564         }
565
566
567         $res['body'] = limit_body_size($res['body']);
568
569         // It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust
570         // the content type. Our own network only emits text normally, though it might have been converted to
571         // html if we used a pubsubhubbub transport. But if we see even one html tag in our text, we will
572         // have to assume it is all html and needs to be purified.
573
574         // It doesn't matter all that much security wise - because before this content is used anywhere, we are
575         // going to escape any tags we find regardless, but this lets us import a limited subset of html from
576         // the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining
577         // html.
578
579         if((strpos($res['body'],'<') !== false) && (strpos($res['body'],'>') !== false)) {
580
581                 $res['body'] = reltoabs($res['body'],$base_url);
582
583                 $res['body'] = html2bb_video($res['body']);
584
585                 $res['body'] = oembed_html2bbcode($res['body']);
586
587                 $config = HTMLPurifier_Config::createDefault();
588                 $config->set('Cache.DefinitionImpl', null);
589
590                 // we shouldn't need a whitelist, because the bbcode converter
591                 // will strip out any unsupported tags.
592
593                 $purifier = new HTMLPurifier($config);
594                 $res['body'] = $purifier->purify($res['body']);
595
596                 $res['body'] = @html2bbcode($res['body']);
597
598
599         }
600         elseif(! $have_real_body) {
601
602                 // it's not one of our messages and it has no tags
603                 // so it's probably just text. We'll escape it just to be safe.
604
605                 $res['body'] = escape_tags($res['body']);
606         }
607
608
609         // this tag is obsolete but we keep it for really old sites
610
611         $allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
612         if($allow && $allow[0]['data'] == 1)
613                 $res['last-child'] = 1;
614         else
615                 $res['last-child'] = 0;
616
617         $private = $item->get_item_tags(NAMESPACE_DFRN,'private');
618         if($private && intval($private[0]['data']) > 0)
619                 $res['private'] = intval($private[0]['data']);
620         else
621                 $res['private'] = 0;
622
623         $extid = $item->get_item_tags(NAMESPACE_DFRN,'extid');
624         if($extid && $extid[0]['data'])
625                 $res['extid'] = $extid[0]['data'];
626
627         $rawlocation = $item->get_item_tags(NAMESPACE_DFRN, 'location');
628         if($rawlocation)
629                 $res['location'] = unxmlify($rawlocation[0]['data']);
630
631
632         $rawcreated = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'published');
633         if($rawcreated)
634                 $res['created'] = unxmlify($rawcreated[0]['data']);
635
636
637         $rawedited = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'updated');
638         if($rawedited)
639                 $res['edited'] = unxmlify($rawedited[0]['data']);
640
641         if((x($res,'edited')) && (! (x($res,'created'))))
642                 $res['created'] = $res['edited'];
643
644         if(! $res['created'])
645                 $res['created'] = $item->get_date('c');
646
647         if(! $res['edited'])
648                 $res['edited'] = $item->get_date('c');
649
650
651         // Disallow time travelling posts
652
653         $d1 = strtotime($res['created']);
654         $d2 = strtotime($res['edited']);
655         $d3 = strtotime('now');
656
657         if($d1 > $d3)
658                 $res['created'] = datetime_convert();
659         if($d2 > $d3)
660                 $res['edited'] = datetime_convert();
661
662         $rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner');
663         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data'])
664                 $res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']);
665         elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
666                 $res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']);
667         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data'])
668                 $res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']);
669         elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
670                 $res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']);
671
672         if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) {
673                 $base = $rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
674
675                 foreach($base as $link) {
676                         if(!x($res, 'owner-avatar') || !$res['owner-avatar']) {
677                                 if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar')
678                                         $res['owner-avatar'] = unxmlify($link['attribs']['']['href']);
679                         }
680                 }
681         }
682
683         $rawgeo = $item->get_item_tags(NAMESPACE_GEORSS,'point');
684         if($rawgeo)
685                 $res['coord'] = unxmlify($rawgeo[0]['data']);
686
687         if ($contact["network"] == NETWORK_FEED) {
688                 $res['verb'] = ACTIVITY_POST;
689                 $res['object-type'] = ACTIVITY_OBJ_NOTE;
690         }
691
692         $rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb');
693
694         // select between supported verbs
695
696         if($rawverb) {
697                 $res['verb'] = unxmlify($rawverb[0]['data']);
698         }
699
700         // translate OStatus unfollow to activity streams if it happened to get selected
701
702         if((x($res,'verb')) && ($res['verb'] === 'http://ostatus.org/schema/1.0/unfollow'))
703                 $res['verb'] = ACTIVITY_UNFOLLOW;
704
705         $cats = $item->get_categories();
706         if($cats) {
707                 $tag_arr = array();
708                 foreach($cats as $cat) {
709                         $term = $cat->get_term();
710                         if(! $term)
711                                 $term = $cat->get_label();
712                         $scheme = $cat->get_scheme();
713                         if($scheme && $term && stristr($scheme,'X-DFRN:'))
714                                 $tag_arr[] = substr($scheme,7,1) . '[url=' . unxmlify(substr($scheme,9)) . ']' . unxmlify($term) . '[/url]';
715                         elseif($term)
716                                 $tag_arr[] = notags(trim($term));
717                 }
718                 $res['tag'] =  implode(',', $tag_arr);
719         }
720
721         $attach = $item->get_enclosures();
722         if($attach) {
723                 $att_arr = array();
724                 foreach($attach as $att) {
725                         $len   = intval($att->get_length());
726                         $link  = str_replace(array(',','"'),array('%2D','%22'),notags(trim(unxmlify($att->get_link()))));
727                         $title = str_replace(array(',','"'),array('%2D','%22'),notags(trim(unxmlify($att->get_title()))));
728                         $type  = str_replace(array(',','"'),array('%2D','%22'),notags(trim(unxmlify($att->get_type()))));
729                         if(strpos($type,';'))
730                                 $type = substr($type,0,strpos($type,';'));
731                         if((! $link) || (strpos($link,'http') !== 0))
732                                 continue;
733
734                         if(! $title)
735                                 $title = ' ';
736                         if(! $type)
737                                 $type = 'application/octet-stream';
738
739                         $att_arr[] = '[attach]href="' . $link . '" length="' . $len . '" type="' . $type . '" title="' . $title . '"[/attach]';
740                 }
741                 $res['attach'] = implode(',', $att_arr);
742         }
743
744         $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object');
745
746         if($rawobj) {
747                 $res['object'] = '<object>' . "\n";
748                 $child = $rawobj[0]['child'];
749                 if($child[NAMESPACE_ACTIVITY]['object-type'][0]['data']) {
750                         $res['object-type'] = $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'];
751                         $res['object'] .= '<type>' . $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'] . '</type>' . "\n";
752                 }
753                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'id') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'])
754                         $res['object'] .= '<id>' . $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'] . '</id>' . "\n";
755                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'link') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['link'])
756                         $res['object'] .= '<link>' . encode_rel_links($child[SIMPLEPIE_NAMESPACE_ATOM_10]['link']) . '</link>' . "\n";
757                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'title') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'])
758                         $res['object'] .= '<title>' . $child[SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'] . '</title>' . "\n";
759                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'content') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']) {
760                         $body = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data'];
761                         if(! $body)
762                                 $body = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data'];
763                         // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events
764                         $res['object'] .= '<orig>' . xmlify($body) . '</orig>' . "\n";
765                         if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
766
767                                 $body = html2bb_video($body);
768
769                                 $config = HTMLPurifier_Config::createDefault();
770                                 $config->set('Cache.DefinitionImpl', null);
771
772                                 $purifier = new HTMLPurifier($config);
773                                 $body = $purifier->purify($body);
774                                 $body = html2bbcode($body);
775                         }
776
777                         $res['object'] .= '<content>' . $body . '</content>' . "\n";
778                 }
779
780                 $res['object'] .= '</object>' . "\n";
781         }
782
783         $rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'target');
784
785         if($rawobj) {
786                 $res['target'] = '<target>' . "\n";
787                 $child = $rawobj[0]['child'];
788                 if($child[NAMESPACE_ACTIVITY]['object-type'][0]['data']) {
789                         $res['target'] .= '<type>' . $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'] . '</type>' . "\n";
790                 }
791                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'id') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'])
792                         $res['target'] .= '<id>' . $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'] . '</id>' . "\n";
793                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'link') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['link'])
794                         $res['target'] .= '<link>' . encode_rel_links($child[SIMPLEPIE_NAMESPACE_ATOM_10]['link']) . '</link>' . "\n";
795                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'data') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'])
796                         $res['target'] .= '<title>' . $child[SIMPLEPIE_NAMESPACE_ATOM_10]['title'][0]['data'] . '</title>' . "\n";
797                 if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'data') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data']) {
798                         $body = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['content'][0]['data'];
799                         if(! $body)
800                                 $body = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['summary'][0]['data'];
801                         // preserve a copy of the original body content in case we later need to parse out any microformat information, e.g. events
802                         $res['target'] .= '<orig>' . xmlify($body) . '</orig>' . "\n";
803                         if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) {
804
805                                 $body = html2bb_video($body);
806
807                                 $config = HTMLPurifier_Config::createDefault();
808                                 $config->set('Cache.DefinitionImpl', null);
809
810                                 $purifier = new HTMLPurifier($config);
811                                 $body = $purifier->purify($body);
812                                 $body = html2bbcode($body);
813                         }
814
815                         $res['target'] .= '<content>' . $body . '</content>' . "\n";
816                 }
817
818                 $res['target'] .= '</target>' . "\n";
819         }
820
821         // This is some experimental stuff. By now retweets are shown with "RT:"
822         // But: There is data so that the message could be shown similar to native retweets
823         // There is some better way to parse this array - but it didn't worked for me.
824         $child = $item->feed->data["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["feed"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["entry"][0]["child"]["http://activitystrea.ms/spec/1.0/"][object][0]["child"];
825         if (is_array($child)) {
826                 logger('get_atom_elements: Looking for status.net repeated message');
827
828                 $message = $child["http://activitystrea.ms/spec/1.0/"]["object"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["content"][0]["data"];
829                 $orig_uri = $child["http://activitystrea.ms/spec/1.0/"]["object"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["id"][0]["data"];
830                 $author = $child[SIMPLEPIE_NAMESPACE_ATOM_10]["author"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10];
831                 $uri = $author["uri"][0]["data"];
832                 $name = $author["name"][0]["data"];
833                 $avatar = @array_shift($author["link"][2]["attribs"]);
834                 $avatar = $avatar["href"];
835
836                 if (($name != "") and ($uri != "") and ($avatar != "") and ($message != "")) {
837                         logger('get_atom_elements: fixing sender of repeated message.');
838
839                         if (!intval(get_config('system','wall-to-wall_share'))) {
840                                 $prefix = "[share author='".str_replace("'", "&#039;",$name).
841                                                 "' profile='".$uri.
842                                                 "' avatar='".$avatar.
843                                                 "' link='".$orig_uri."']";
844
845                                 $res["body"] = $prefix.html2bbcode($message)."[/share]";
846                         } else {
847                                 $res["owner-name"] = $res["author-name"];
848                                 $res["owner-link"] = $res["author-link"];
849                                 $res["owner-avatar"] = $res["author-avatar"];
850
851                                 $res["author-name"] = $name;
852                                 $res["author-link"] = $uri;
853                                 $res["author-avatar"] = $avatar;
854
855                                 $res["body"] = html2bbcode($message);
856                         }
857                 }
858         }
859
860         // Search for ostatus conversation url
861         $links = $item->feed->data["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["feed"][0]["child"][SIMPLEPIE_NAMESPACE_ATOM_10]["entry"][0]["child"]["http://www.w3.org/2005/Atom"]["link"];
862
863         if (is_array($links)) {
864                 foreach ($links as $link) {
865                         $conversation = array_shift($link["attribs"]);
866
867                         if ($conversation["rel"] == "ostatus:conversation") {
868                                 $res["ostatus_conversation"] = $conversation["href"];
869                                 logger('get_atom_elements: found conversation url '.$res["ostatus_conversation"]);
870                         }
871                 };
872         }
873
874         if (isset($contact["network"]) AND ($contact["network"] == NETWORK_FEED) AND $contact['fetch_further_information']) {
875                 $res["body"] = $res["title"].add_page_info($res['plink'], false, "", ($contact['fetch_further_information'] == 2));
876                 $res["title"] = "";
877                 $res["object-type"] = ACTIVITY_OBJ_BOOKMARK;
878         } elseif (isset($contact["network"]) AND ($contact["network"] == NETWORK_OSTATUS))
879                 $res["body"] = add_page_info_to_body($res["body"]);
880         elseif (isset($contact["network"]) AND ($contact["network"] == NETWORK_FEED) AND strstr($res['plink'], ".app.net/")) {
881                 $res["body"] = add_page_info_to_body($res["body"]);
882         }
883
884         $arr = array('feed' => $feed, 'item' => $item, 'result' => $res);
885
886         call_hooks('parse_atom', $arr);
887
888         return $res;
889 }
890
891 function add_page_info_data($data) {
892         call_hooks('page_info_data', $data);
893
894         // It maybe is a rich content, but if it does have everything that a link has,
895         // then treat it that way
896         if (($data["type"] == "rich") AND is_string($data["title"]) AND
897                 is_string($data["text"]) AND (sizeof($data["images"]) > 0))
898                 $data["type"] = "link";
899
900         if ((($data["type"] != "link") AND ($data["type"] != "video") AND ($data["type"] != "photo")) OR ($data["title"] == $url))
901                 return("");
902
903         if ($no_photos AND ($data["type"] == "photo"))
904                 return("");
905
906         if (($data["type"] != "photo") AND is_string($data["title"]))
907                 $text .= "[bookmark=".$data["url"]."]".trim($data["title"])."[/bookmark]";
908
909         if (($data["type"] != "video") AND ($photo != ""))
910                 $text .= '[img]'.$photo.'[/img]';
911         elseif (($data["type"] != "video") AND (sizeof($data["images"]) > 0)) {
912                 $imagedata = $data["images"][0];
913                 $text .= '[img]'.$imagedata["src"].'[/img]';
914         }
915
916         if (($data["type"] != "photo") AND is_string($data["text"]))
917                 $text .= "[quote]".$data["text"]."[/quote]";
918
919         $hashtags = "";
920         if (isset($data["keywords"]) AND count($data["keywords"])) {
921                 $a = get_app();
922                 $hashtags = "\n";
923                 foreach ($data["keywords"] AS $keyword) {
924                         $hashtag = str_replace(" ", "", $keyword);
925                         $hashtags .= "#[url=".$a->get_baseurl()."/search?tag=".rawurlencode($hashtag)."]".$hashtag."[/url] ";
926                 }
927         }
928
929         return("\n[class=type-".$data["type"]."]".$text."[/class]".$hashtags);
930 }
931
932 function add_page_info($url, $no_photos = false, $photo = "", $keywords = false) {
933         require_once("mod/parse_url.php");
934
935         $data = parseurl_getsiteinfo($url, true);
936
937         logger('add_page_info: fetch page info for '.$url.' '.print_r($data, true), LOGGER_DEBUG);
938
939         if (!$keywords AND isset($data["keywords"]))
940                 unset($data["keywords"]);
941
942         $text = add_page_info_data($data);
943
944         return($text);
945 }
946
947 function add_page_info_to_body($body, $texturl = false, $no_photos = false) {
948
949         logger('add_page_info_to_body: fetch page info for body '.$body, LOGGER_DEBUG);
950
951         $URLSearchString = "^\[\]";
952
953         // Adding these spaces is a quick hack due to my problems with regular expressions :)
954         preg_match("/[^!#@]\[url\]([$URLSearchString]*)\[\/url\]/ism", " ".$body, $matches);
955
956         if (!$matches)
957                 preg_match("/[^!#@]\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", " ".$body, $matches);
958
959         // Convert urls without bbcode elements
960         if (!$matches AND $texturl) {
961                 preg_match("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", " ".$body, $matches);
962
963                 // Yeah, a hack. I really hate regular expressions :)
964                 if ($matches)
965                         $matches[1] = $matches[2];
966         }
967
968         if ($matches)
969                 $footer = add_page_info($matches[1], $no_photos);
970
971         // Remove the link from the body if the link is attached at the end of the post
972         if (isset($footer) AND (trim($footer) != "") AND (strpos($footer, $matches[1]))) {
973                 $removedlink = trim(str_replace($matches[1], "", $body));
974                 if (($removedlink == "") OR strstr($body, $removedlink))
975                         $body = $removedlink;
976
977                 $url = str_replace(array('/', '.'), array('\/', '\.'), $matches[1]);
978                 $removedlink = preg_replace("/\[url\=".$url."\](.*?)\[\/url\]/ism", '', $body);
979                 if (($removedlink == "") OR strstr($body, $removedlink))
980                         $body = $removedlink;
981         }
982
983         // Add the page information to the bottom
984         if (isset($footer) AND (trim($footer) != ""))
985                 $body .= $footer;
986
987         return $body;
988 }
989
990 function encode_rel_links($links) {
991         $o = '';
992         if(! ((is_array($links)) && (count($links))))
993                 return $o;
994         foreach($links as $link) {
995                 $o .= '<link ';
996                 if($link['attribs']['']['rel'])
997                         $o .= 'rel="' . $link['attribs']['']['rel'] . '" ';
998                 if($link['attribs']['']['type'])
999                         $o .= 'type="' . $link['attribs']['']['type'] . '" ';
1000                 if($link['attribs']['']['href'])
1001                         $o .= 'href="' . $link['attribs']['']['href'] . '" ';
1002                 if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width'])
1003                         $o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" ';
1004                 if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height'])
1005                         $o .= 'media:height="' . $link['attribs'][NAMESPACE_MEDIA]['height'] . '" ';
1006                 $o .= ' />' . "\n" ;
1007         }
1008         return xmlify($o);
1009 }
1010
1011
1012
1013 function item_store($arr,$force_parent = false, $notify = false) {
1014
1015         // If it is a posting where users should get notifications, then define it as wall posting
1016         if ($notify) {
1017                 $arr['wall'] = 1;
1018                 $arr['type'] = 'wall';
1019                 $arr['origin'] = 1;
1020                 $arr['last-child'] = 1;
1021                 $arr['network'] = NETWORK_DFRN;
1022         }
1023
1024         // If a Diaspora signature structure was passed in, pull it out of the
1025         // item array and set it aside for later storage.
1026
1027         $dsprsig = null;
1028         if(x($arr,'dsprsig')) {
1029                 $dsprsig = json_decode(base64_decode($arr['dsprsig']));
1030                 unset($arr['dsprsig']);
1031         }
1032
1033         // if an OStatus conversation url was passed in, it is stored and then
1034         // removed from the array.
1035         $ostatus_conversation = null;
1036
1037         if (isset($arr["ostatus_conversation"])) {
1038                 $ostatus_conversation = $arr["ostatus_conversation"];
1039                 unset($arr["ostatus_conversation"]);
1040         }
1041
1042         if(x($arr, 'gravity'))
1043                 $arr['gravity'] = intval($arr['gravity']);
1044         elseif($arr['parent-uri'] === $arr['uri'])
1045                 $arr['gravity'] = 0;
1046         elseif(activity_match($arr['verb'],ACTIVITY_POST))
1047                 $arr['gravity'] = 6;
1048         else
1049                 $arr['gravity'] = 6;   // extensible catchall
1050
1051         if(! x($arr,'type'))
1052                 $arr['type']      = 'remote';
1053
1054
1055
1056         /* check for create  date and expire time */
1057         $uid = intval($arr['uid']);
1058         $r = q("SELECT expire FROM user WHERE uid = %d", $uid);
1059         if(count($r)) {
1060                 $expire_interval = $r[0]['expire'];
1061                 if ($expire_interval>0) {
1062                         $expire_date =  new DateTime( '- '.$expire_interval.' days', new DateTimeZone('UTC'));
1063                         $created_date = new DateTime($arr['created'], new DateTimeZone('UTC'));
1064                         if ($created_date < $expire_date) {
1065                                 logger('item-store: item created ('.$arr['created'].') before expiration time ('.$expire_date->format(DateTime::W3C).'). ignored. ' . print_r($arr,true), LOGGER_DEBUG);
1066                                 return 0;
1067                         }
1068                 }
1069         }
1070
1071         // If there is no guid then take the same guid that was taken before for the same uri
1072         if ((trim($arr['guid']) == "") AND (trim($arr['uri']) != "")) {
1073                 logger('item_store: checking for an existing guid for uri '.$arr['uri'], LOGGER_DEBUG);
1074                 $r = q("SELECT `guid` FROM `item` WHERE `uri` = '%s' AND `guid` != '' LIMIT 1",
1075                         dbesc(trim($arr['uri']))
1076                 );
1077
1078                 if(count($r)) {
1079                         $arr['guid'] = $r[0]["guid"];
1080                         logger('item_store: found guid '.$arr['guid'].' for uri '.$arr['uri'], LOGGER_DEBUG);
1081                 }
1082         }
1083
1084         // Shouldn't happen but we want to make absolutely sure it doesn't leak from a plugin.
1085         // Deactivated, since the bbcode parser can handle with it - and it destroys posts with some smileys that contain "<"
1086         //if((strpos($arr['body'],'<') !== false) || (strpos($arr['body'],'>') !== false))
1087         //      $arr['body'] = strip_tags($arr['body']);
1088
1089
1090         if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
1091                 require_once('library/langdet/Text/LanguageDetect.php');
1092                 $naked_body = preg_replace('/\[(.+?)\]/','',$arr['body']);
1093                 $l = new Text_LanguageDetect;
1094                 //$lng = $l->detectConfidence($naked_body);
1095                 //$arr['postopts'] = (($lng['language']) ? 'lang=' . $lng['language'] . ';' . $lng['confidence'] : '');
1096                 $lng = $l->detect($naked_body, 3);
1097
1098                 if (sizeof($lng) > 0) {
1099                         $postopts = "";
1100
1101                         foreach ($lng as $language => $score) {
1102                                 if ($postopts == "")
1103                                         $postopts = "lang=";
1104                                 else
1105                                         $postopts .= ":";
1106
1107                                 $postopts .= $language.";".$score;
1108                         }
1109                         $arr['postopts'] = $postopts;
1110                 }
1111         }
1112
1113         $arr['wall']          = ((x($arr,'wall'))          ? intval($arr['wall'])                : 0);
1114         $arr['uri']           = ((x($arr,'uri'))           ? notags(trim($arr['uri']))           : random_string());
1115         $arr['extid']         = ((x($arr,'extid'))         ? notags(trim($arr['extid']))         : '');
1116         $arr['author-name']   = ((x($arr,'author-name'))   ? notags(trim($arr['author-name']))   : '');
1117         $arr['author-link']   = ((x($arr,'author-link'))   ? notags(trim($arr['author-link']))   : '');
1118         $arr['author-avatar'] = ((x($arr,'author-avatar')) ? notags(trim($arr['author-avatar'])) : '');
1119         $arr['owner-name']    = ((x($arr,'owner-name'))    ? notags(trim($arr['owner-name']))    : '');
1120         $arr['owner-link']    = ((x($arr,'owner-link'))    ? notags(trim($arr['owner-link']))    : '');
1121         $arr['owner-avatar']  = ((x($arr,'owner-avatar'))  ? notags(trim($arr['owner-avatar']))  : '');
1122         $arr['created']       = ((x($arr,'created') !== false) ? datetime_convert('UTC','UTC',$arr['created']) : datetime_convert());
1123         $arr['edited']        = ((x($arr,'edited')  !== false) ? datetime_convert('UTC','UTC',$arr['edited'])  : datetime_convert());
1124         $arr['commented']     = datetime_convert();
1125         $arr['received']      = datetime_convert();
1126         $arr['changed']       = datetime_convert();
1127         $arr['title']         = ((x($arr,'title'))         ? notags(trim($arr['title']))         : '');
1128         $arr['location']      = ((x($arr,'location'))      ? notags(trim($arr['location']))      : '');
1129         $arr['coord']         = ((x($arr,'coord'))         ? notags(trim($arr['coord']))         : '');
1130         $arr['last-child']    = ((x($arr,'last-child'))    ? intval($arr['last-child'])          : 0 );
1131         $arr['visible']       = ((x($arr,'visible') !== false) ? intval($arr['visible'])         : 1 );
1132         $arr['deleted']       = 0;
1133         $arr['parent-uri']    = ((x($arr,'parent-uri'))    ? notags(trim($arr['parent-uri']))    : '');
1134         $arr['verb']          = ((x($arr,'verb'))          ? notags(trim($arr['verb']))          : '');
1135         $arr['object-type']   = ((x($arr,'object-type'))   ? notags(trim($arr['object-type']))   : '');
1136         $arr['object']        = ((x($arr,'object'))        ? trim($arr['object'])                : '');
1137         $arr['target-type']   = ((x($arr,'target-type'))   ? notags(trim($arr['target-type']))   : '');
1138         $arr['target']        = ((x($arr,'target'))        ? trim($arr['target'])                : '');
1139         $arr['plink']         = ((x($arr,'plink'))         ? notags(trim($arr['plink']))         : '');
1140         $arr['allow_cid']     = ((x($arr,'allow_cid'))     ? trim($arr['allow_cid'])             : '');
1141         $arr['allow_gid']     = ((x($arr,'allow_gid'))     ? trim($arr['allow_gid'])             : '');
1142         $arr['deny_cid']      = ((x($arr,'deny_cid'))      ? trim($arr['deny_cid'])              : '');
1143         $arr['deny_gid']      = ((x($arr,'deny_gid'))      ? trim($arr['deny_gid'])              : '');
1144         $arr['private']       = ((x($arr,'private'))       ? intval($arr['private'])             : 0 );
1145         $arr['bookmark']      = ((x($arr,'bookmark'))      ? intval($arr['bookmark'])            : 0 );
1146         $arr['body']          = ((x($arr,'body'))          ? trim($arr['body'])                  : '');
1147         $arr['tag']           = ((x($arr,'tag'))           ? notags(trim($arr['tag']))           : '');
1148         $arr['attach']        = ((x($arr,'attach'))        ? notags(trim($arr['attach']))        : '');
1149         $arr['app']           = ((x($arr,'app'))           ? notags(trim($arr['app']))           : '');
1150         $arr['origin']        = ((x($arr,'origin'))        ? intval($arr['origin'])              : 0 );
1151         $arr['guid']          = ((x($arr,'guid'))          ? notags(trim($arr['guid']))          : get_guid(30));
1152         $arr['network']       = ((x($arr,'network'))       ? trim($arr['network'])               : '');
1153
1154         if ($arr['plink'] == "") {
1155                 $a = get_app();
1156                 $arr['plink'] = $a->get_baseurl().'/display/'.urlencode($arr['guid']);
1157         }
1158
1159         if ($arr['network'] == "") {
1160                 $r = q("SELECT `network` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
1161                         intval($arr['contact-id']),
1162                         intval($arr['uid'])
1163                 );
1164
1165                 if(count($r))
1166                         $arr['network'] = $r[0]["network"];
1167
1168                 // Fallback to friendica (why is it empty in some cases?)
1169                 if ($arr['network'] == "")
1170                         $arr['network'] = NETWORK_DFRN;
1171
1172                 logger("item_store: Set network to ".$arr["network"]." for ".$arr["uri"], LOGGER_DEBUG);
1173         }
1174
1175         $arr['thr-parent'] = $arr['parent-uri'];
1176         if($arr['parent-uri'] === $arr['uri']) {
1177                 $parent_id = 0;
1178                 $parent_deleted = 0;
1179                 $allow_cid = $arr['allow_cid'];
1180                 $allow_gid = $arr['allow_gid'];
1181                 $deny_cid  = $arr['deny_cid'];
1182                 $deny_gid  = $arr['deny_gid'];
1183                 $notify_type = 'wall-new';
1184         }
1185         else {
1186
1187                 // find the parent and snarf the item id and ACLs
1188                 // and anything else we need to inherit
1189
1190                 $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d ORDER BY `id` ASC LIMIT 1",
1191                         dbesc($arr['parent-uri']),
1192                         intval($arr['uid'])
1193                 );
1194
1195                 if(count($r)) {
1196
1197                         // is the new message multi-level threaded?
1198                         // even though we don't support it now, preserve the info
1199                         // and re-attach to the conversation parent.
1200
1201                         if($r[0]['uri'] != $r[0]['parent-uri']) {
1202                                 $arr['parent-uri'] = $r[0]['parent-uri'];
1203                                 $z = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `parent-uri` = '%s' AND `uid` = %d
1204                                         ORDER BY `id` ASC LIMIT 1",
1205                                         dbesc($r[0]['parent-uri']),
1206                                         dbesc($r[0]['parent-uri']),
1207                                         intval($arr['uid'])
1208                                 );
1209                                 if($z && count($z))
1210                                         $r = $z;
1211                         }
1212
1213                         $parent_id      = $r[0]['id'];
1214                         $parent_deleted = $r[0]['deleted'];
1215                         $allow_cid      = $r[0]['allow_cid'];
1216                         $allow_gid      = $r[0]['allow_gid'];
1217                         $deny_cid       = $r[0]['deny_cid'];
1218                         $deny_gid       = $r[0]['deny_gid'];
1219                         $arr['wall']    = $r[0]['wall'];
1220                         $notify_type    = 'comment-new';
1221
1222                         // if the parent is private, force privacy for the entire conversation
1223                         // This differs from the above settings as it subtly allows comments from
1224                         // email correspondents to be private even if the overall thread is not.
1225
1226                         if($r[0]['private'])
1227                                 $arr['private'] = $r[0]['private'];
1228
1229                         // Edge case. We host a public forum that was originally posted to privately.
1230                         // The original author commented, but as this is a comment, the permissions
1231                         // weren't fixed up so it will still show the comment as private unless we fix it here.
1232
1233                         if((intval($r[0]['forum_mode']) == 1) && (! $r[0]['private']))
1234                                 $arr['private'] = 0;
1235
1236
1237                         // If its a post from myself then tag the thread as "mention"
1238                         logger("item_store: Checking if parent ".$parent_id." has to be tagged as mention for user ".$arr['uid'], LOGGER_DEBUG);
1239                         $u = q("select * from user where uid = %d limit 1", intval($arr['uid']));
1240                         if(count($u)) {
1241                                 $a = get_app();
1242                                 $self = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
1243                                 logger("item_store: 'myself' is ".$self." for parent ".$parent_id." checking against ".$arr['author-link']." and ".$arr['owner-link'], LOGGER_DEBUG);
1244                                 if ((normalise_link($arr['author-link']) == $self) OR (normalise_link($arr['owner-link']) == $self)) {
1245                                         q("UPDATE `thread` SET `mention` = 1 WHERE `iid` = %d", intval($parent_id));
1246                                         logger("item_store: tagged thread ".$parent_id." as mention for user ".$self, LOGGER_DEBUG);
1247                                 }
1248                         }
1249                 }
1250                 else {
1251
1252                         // Allow one to see reply tweets from status.net even when
1253                         // we don't have or can't see the original post.
1254
1255                         if($force_parent) {
1256                                 logger('item_store: $force_parent=true, reply converted to top-level post.');
1257                                 $parent_id = 0;
1258                                 $arr['parent-uri'] = $arr['uri'];
1259                                 $arr['gravity'] = 0;
1260                         }
1261                         else {
1262                                 logger('item_store: item parent was not found - ignoring item');
1263                                 return 0;
1264                         }
1265
1266                         $parent_deleted = 0;
1267                 }
1268         }
1269
1270         $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
1271                 dbesc($arr['uri']),
1272                 intval($arr['uid'])
1273         );
1274         if($r && count($r)) {
1275                 logger('item-store: duplicate item ignored. ' . print_r($arr,true));
1276                 return 0;
1277         }
1278
1279         call_hooks('post_remote',$arr);
1280
1281         if(x($arr,'cancel')) {
1282                 logger('item_store: post cancelled by plugin.');
1283                 return 0;
1284         }
1285
1286         dbesc_array($arr);
1287
1288         logger('item_store: ' . print_r($arr,true), LOGGER_DATA);
1289
1290         $r = dbq("INSERT INTO `item` (`"
1291                         . implode("`, `", array_keys($arr))
1292                         . "`) VALUES ('"
1293                         . implode("', '", array_values($arr))
1294                         . "')" );
1295
1296         // find the item we just created
1297
1298         $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d ORDER BY `id` ASC ",
1299                 $arr['uri'],           // already dbesc'd
1300                 intval($arr['uid'])
1301         );
1302
1303         if(count($r)) {
1304                 $current_post = $r[0]['id'];
1305                 logger('item_store: created item ' . $current_post);
1306
1307                 // Only check for notifications on start posts
1308                 if ($arr['parent-uri'] === $arr['uri']) {
1309                         add_thread($r[0]['id']);
1310                         logger('item_store: Check notification for contact '.$arr['contact-id'].' and post '.$current_post, LOGGER_DEBUG);
1311
1312                         // Send a notification for every new post?
1313                         $r = q("SELECT `notify_new_posts` FROM `contact` WHERE `id` = %d AND `uid` = %d AND `notify_new_posts` LIMIT 1",
1314                                 intval($arr['contact-id']),
1315                                 intval($arr['uid'])
1316                         );
1317
1318                         if(count($r)) {
1319                                 logger('item_store: Send notification for contact '.$arr['contact-id'].' and post '.$current_post, LOGGER_DEBUG);
1320                                 $u = q("SELECT * FROM user WHERE uid = %d LIMIT 1",
1321                                         intval($arr['uid']));
1322
1323                                 $item = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d",
1324                                         intval($current_post),
1325                                         intval($arr['uid'])
1326                                 );
1327
1328                                 $a = get_app();
1329
1330                                 require_once('include/enotify.php');
1331                                 notification(array(
1332                                         'type'         => NOTIFY_SHARE,
1333                                         'notify_flags' => $u[0]['notify-flags'],
1334                                         'language'     => $u[0]['language'],
1335                                         'to_name'      => $u[0]['username'],
1336                                         'to_email'     => $u[0]['email'],
1337                                         'uid'          => $u[0]['uid'],
1338                                         'item'         => $item[0],
1339                                         'link'         => $a->get_baseurl().'/display/'.urlencode($arr['guid']),
1340                                         'source_name'  => $item[0]['author-name'],
1341                                         'source_link'  => $item[0]['author-link'],
1342                                         'source_photo' => $item[0]['author-avatar'],
1343                                         'verb'         => ACTIVITY_TAG,
1344                                         'otype'        => 'item'
1345                                 ));
1346                                 logger('item_store: Notification sent for contact '.$arr['contact-id'].' and post '.$current_post, LOGGER_DEBUG);
1347                         }
1348                 }
1349
1350         } else {
1351                 logger('item_store: could not locate created item');
1352                 return 0;
1353         }
1354         if(count($r) > 1) {
1355                 logger('item_store: duplicated post occurred. Removing duplicates.');
1356                 q("DELETE FROM `item` WHERE `uri` = '%s' AND `uid` = %d AND `id` != %d ",
1357                         $arr['uri'],
1358                         intval($arr['uid']),
1359                         intval($current_post)
1360                 );
1361         }
1362
1363         if((! $parent_id) || ($arr['parent-uri'] === $arr['uri']))
1364                 $parent_id = $current_post;
1365
1366         if(strlen($allow_cid) || strlen($allow_gid) || strlen($deny_cid) || strlen($deny_gid))
1367                 $private = 1;
1368         else
1369                 $private = $arr['private'];
1370
1371         // Set parent id - and also make sure to inherit the parent's ACLs.
1372
1373         $r = q("UPDATE `item` SET `parent` = %d, `allow_cid` = '%s', `allow_gid` = '%s',
1374                 `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d, `deleted` = %d WHERE `id` = %d",
1375                 intval($parent_id),
1376                 dbesc($allow_cid),
1377                 dbesc($allow_gid),
1378                 dbesc($deny_cid),
1379                 dbesc($deny_gid),
1380                 intval($private),
1381                 intval($parent_deleted),
1382                 intval($current_post)
1383         );
1384
1385         // Complete ostatus threads
1386         if ($ostatus_conversation)
1387                 complete_conversation($current_post, $ostatus_conversation);
1388
1389         $arr['id'] = $current_post;
1390         $arr['parent'] = $parent_id;
1391         $arr['allow_cid'] = $allow_cid;
1392         $arr['allow_gid'] = $allow_gid;
1393         $arr['deny_cid'] = $deny_cid;
1394         $arr['deny_gid'] = $deny_gid;
1395         $arr['private'] = $private;
1396         $arr['deleted'] = $parent_deleted;
1397
1398         // update the commented timestamp on the parent
1399
1400         q("UPDATE `item` set `commented` = '%s', `changed` = '%s' WHERE `id` = %d",
1401                 dbesc(datetime_convert()),
1402                 dbesc(datetime_convert()),
1403                 intval($parent_id)
1404         );
1405         update_thread($parent_id);
1406
1407         if($dsprsig) {
1408                 q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
1409                         intval($current_post),
1410                         dbesc($dsprsig->signed_text),
1411                         dbesc($dsprsig->signature),
1412                         dbesc($dsprsig->signer)
1413                 );
1414         }
1415
1416
1417         /**
1418          * If this is now the last-child, force all _other_ children of this parent to *not* be last-child
1419          */
1420
1421         if($arr['last-child']) {
1422                 $r = q("UPDATE `item` SET `last-child` = 0 WHERE `parent-uri` = '%s' AND `uid` = %d AND `id` != %d",
1423                         dbesc($arr['uri']),
1424                         intval($arr['uid']),
1425                         intval($current_post)
1426                 );
1427         }
1428
1429         $deleted = tag_deliver($arr['uid'],$current_post);
1430
1431         // current post can be deleted if is for a communuty page and no mention are
1432         // in it.
1433         if (!$deleted) {
1434
1435                 // Store the fresh generated item into the cache
1436                 $cachefile = get_cachefile(urlencode($arr["guid"])."-".hash("md5", $arr['body']));
1437
1438                 if (($cachefile != '') AND !file_exists($cachefile)) {
1439                         $s = prepare_text($arr['body']);
1440                         $a = get_app();
1441                         $stamp1 = microtime(true);
1442                         file_put_contents($cachefile, $s);
1443                         $a->save_timestamp($stamp1, "file");
1444                         logger('item_store: put item '.$current_post.' into cachefile '.$cachefile);
1445                 }
1446
1447                 $r = q('SELECT * FROM `item` WHERE id = %d', intval($current_post));
1448                 if (count($r) == 1) {
1449                         call_hooks('post_remote_end', $r[0]);
1450                 } else {
1451                         logger('item_store: new item not found in DB, id ' . $current_post);
1452                 }
1453         }
1454
1455         create_tags_from_item($current_post);
1456         create_files_from_item($current_post);
1457
1458         if ($notify)
1459                 proc_run('php', "include/notifier.php", $notify_type, $current_post);
1460
1461         return $current_post;
1462 }
1463
1464 function get_item_guid($id) {
1465         $r = q("SELECT `guid` FROM `item` WHERE `id` = %d LIMIT 1", intval($id));
1466         if (count($r))
1467                 return($r[0]["guid"]);
1468         else
1469                 return("");
1470 }
1471
1472 function get_item_id($guid, $uid = 0) {
1473
1474         $nick = "";
1475         $id = 0;
1476
1477         if ($uid == 0)
1478                 $uid == local_user();
1479
1480         // Does the given user have this item?
1481         if ($uid) {
1482                 $r = q("SELECT `item`.`id`, `user`.`nickname` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
1483                         WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
1484                                 AND `item`.`guid` = '%s' AND `item`.`uid` = %d", dbesc($guid), intval($uid));
1485                 if (count($r)) {
1486                         $id = $r[0]["id"];
1487                         $nick = $r[0]["nickname"];
1488                 }
1489         }
1490
1491         // Or is it anywhere on the server?
1492         if ($nick == "") {
1493                 $r = q("SELECT `item`.`id`, `user`.`nickname` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`
1494                         WHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0
1495                                 AND `item`.`allow_cid` = ''  AND `item`.`allow_gid` = ''
1496                                 AND `item`.`deny_cid`  = '' AND `item`.`deny_gid`  = ''
1497                                 AND `item`.`private` = 0 AND `item`.`wall` = 1
1498                                 AND `item`.`guid` = '%s'", dbesc($guid));
1499                 if (count($r)) {
1500                         $id = $r[0]["id"];
1501                         $nick = $r[0]["nickname"];
1502                 }
1503         }
1504         return(array("nick" => $nick, "id" => $id));
1505 }
1506
1507 // return - test
1508 function get_item_contact($item,$contacts) {
1509         if(! count($contacts) || (! is_array($item)))
1510                 return false;
1511         foreach($contacts as $contact) {
1512                 if($contact['id'] == $item['contact-id']) {
1513                         return $contact;
1514                         break; // NOTREACHED
1515                 }
1516         }
1517         return false;
1518 }
1519
1520 /**
1521  * look for mention tags and setup a second delivery chain for forum/community posts if appropriate
1522  * @param int $uid
1523  * @param int $item_id
1524  * @return bool true if item was deleted, else false
1525  */
1526 function tag_deliver($uid,$item_id) {
1527
1528         //
1529
1530         $a = get_app();
1531
1532         $mention = false;
1533
1534         $u = q("select * from user where uid = %d limit 1",
1535                 intval($uid)
1536         );
1537         if(! count($u))
1538                 return;
1539
1540         $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
1541         $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
1542
1543
1544         $i = q("select * from item where id = %d and uid = %d limit 1",
1545                 intval($item_id),
1546                 intval($uid)
1547         );
1548         if(! count($i))
1549                 return;
1550
1551         $item = $i[0];
1552
1553         $link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
1554
1555         // Diaspora uses their own hardwired link URL in @-tags
1556         // instead of the one we supply with webfinger
1557
1558         $dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
1559
1560         $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
1561         if($cnt) {
1562                 foreach($matches as $mtch) {
1563                         if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
1564                                 $mention = true;
1565                                 logger('tag_deliver: mention found: ' . $mtch[2]);
1566                         }
1567                 }
1568         }
1569
1570         if(! $mention){
1571                 if ( ($community_page || $prvgroup) &&
1572                           (!$item['wall']) && (!$item['origin']) && ($item['id'] == $item['parent'])){
1573                         // mmh.. no mention.. community page or private group... no wall.. no origin.. top-post (not a comment)
1574                         // delete it!
1575                         logger("tag_deliver: no-mention top-level post to communuty or private group. delete.");
1576                         q("DELETE FROM item WHERE id = %d and uid = %d",
1577                                 intval($item_id),
1578                                 intval($uid)
1579                         );
1580                         return true;
1581                 }
1582                 return;
1583         }
1584
1585
1586         // send a notification
1587
1588         // use a local photo if we have one
1589
1590         $r = q("select * from contact where uid = %d and nurl = '%s' limit 1",
1591                 intval($u[0]['uid']),
1592                 dbesc(normalise_link($item['author-link']))
1593         );
1594         $photo = (($r && count($r)) ? $r[0]['thumb'] : $item['author-avatar']);
1595
1596
1597         require_once('include/enotify.php');
1598         notification(array(
1599                 'type'         => NOTIFY_TAGSELF,
1600                 'notify_flags' => $u[0]['notify-flags'],
1601                 'language'     => $u[0]['language'],
1602                 'to_name'      => $u[0]['username'],
1603                 'to_email'     => $u[0]['email'],
1604                 'uid'          => $u[0]['uid'],
1605                 'item'         => $item,
1606                 'link'         => $a->get_baseurl() . '/display/'.urlencode(get_item_guid($item['id'])),
1607                 'source_name'  => $item['author-name'],
1608                 'source_link'  => $item['author-link'],
1609                 'source_photo' => $photo,
1610                 'verb'         => ACTIVITY_TAG,
1611                 'otype'        => 'item',
1612                 'parent'       => $item['parent']
1613         ));
1614
1615
1616         $arr = array('item' => $item, 'user' => $u[0], 'contact' => $r[0]);
1617
1618         call_hooks('tagged', $arr);
1619
1620         if((! $community_page) && (! $prvgroup))
1621                 return;
1622
1623
1624         // tgroup delivery - setup a second delivery chain
1625         // prevent delivery looping - only proceed
1626         // if the message originated elsewhere and is a top-level post
1627
1628         if(($item['wall']) || ($item['origin']) || ($item['id'] != $item['parent']))
1629                 return;
1630
1631         // now change this copy of the post to a forum head message and deliver to all the tgroup members
1632
1633
1634         $c = q("select name, url, thumb from contact where self = 1 and uid = %d limit 1",
1635                 intval($u[0]['uid'])
1636         );
1637         if(! count($c))
1638                 return;
1639
1640         // also reset all the privacy bits to the forum default permissions
1641
1642         $private = ($u[0]['allow_cid'] || $u[0]['allow_gid'] || $u[0]['deny_cid'] || $u[0]['deny_gid']) ? 1 : 0;
1643
1644         $forum_mode = (($prvgroup) ? 2 : 1);
1645
1646         q("update item set wall = 1, origin = 1, forum_mode = %d, `owner-name` = '%s', `owner-link` = '%s', `owner-avatar` = '%s',
1647                 `private` = %d, `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'  where id = %d",
1648                 intval($forum_mode),
1649                 dbesc($c[0]['name']),
1650                 dbesc($c[0]['url']),
1651                 dbesc($c[0]['thumb']),
1652                 intval($private),
1653                 dbesc($u[0]['allow_cid']),
1654                 dbesc($u[0]['allow_gid']),
1655                 dbesc($u[0]['deny_cid']),
1656                 dbesc($u[0]['deny_gid']),
1657                 intval($item_id)
1658         );
1659         update_thread($item_id);
1660
1661         proc_run('php','include/notifier.php','tgroup',$item_id);
1662
1663 }
1664
1665
1666
1667 function tgroup_check($uid,$item) {
1668
1669         $a = get_app();
1670
1671         $mention = false;
1672
1673         // check that the message originated elsewhere and is a top-level post
1674
1675         if(($item['wall']) || ($item['origin']) || ($item['uri'] != $item['parent-uri']))
1676                 return false;
1677
1678
1679         $u = q("select * from user where uid = %d limit 1",
1680                 intval($uid)
1681         );
1682         if(! count($u))
1683                 return false;
1684
1685         $community_page = (($u[0]['page-flags'] == PAGE_COMMUNITY) ? true : false);
1686         $prvgroup = (($u[0]['page-flags'] == PAGE_PRVGROUP) ? true : false);
1687
1688
1689         $link = normalise_link($a->get_baseurl() . '/profile/' . $u[0]['nickname']);
1690
1691         // Diaspora uses their own hardwired link URL in @-tags
1692         // instead of the one we supply with webfinger
1693
1694         $dlink = normalise_link($a->get_baseurl() . '/u/' . $u[0]['nickname']);
1695
1696         $cnt = preg_match_all('/[\@\!]\[url\=(.*?)\](.*?)\[\/url\]/ism',$item['body'],$matches,PREG_SET_ORDER);
1697         if($cnt) {
1698                 foreach($matches as $mtch) {
1699                         if(link_compare($link,$mtch[1]) || link_compare($dlink,$mtch[1])) {
1700                                 $mention = true;
1701                                 logger('tgroup_check: mention found: ' . $mtch[2]);
1702                         }
1703                 }
1704         }
1705
1706         if(! $mention)
1707                 return false;
1708
1709         if((! $community_page) && (! $prvgroup))
1710                 return false;
1711
1712
1713
1714         return true;
1715
1716 }
1717
1718
1719
1720
1721
1722
1723 function dfrn_deliver($owner,$contact,$atom, $dissolve = false) {
1724
1725         $a = get_app();
1726
1727         $idtosend = $orig_id = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
1728
1729         if($contact['duplex'] && $contact['dfrn-id'])
1730                 $idtosend = '0:' . $orig_id;
1731         if($contact['duplex'] && $contact['issued-id'])
1732                 $idtosend = '1:' . $orig_id;
1733
1734         $rino = ((function_exists('mcrypt_encrypt')) ? 1 : 0);
1735
1736         $rino_enable = get_config('system','rino_encrypt');
1737
1738         if(! $rino_enable)
1739                 $rino = 0;
1740
1741         $ssl_val = intval(get_config('system','ssl_policy'));
1742         $ssl_policy = '';
1743
1744         switch($ssl_val){
1745                 case SSL_POLICY_FULL:
1746                         $ssl_policy = 'full';
1747                         break;
1748                 case SSL_POLICY_SELFSIGN:
1749                         $ssl_policy = 'self';
1750                         break;
1751                 case SSL_POLICY_NONE:
1752                 default:
1753                         $ssl_policy = 'none';
1754                         break;
1755         }
1756
1757         $url = $contact['notify'] . '&dfrn_id=' . $idtosend . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . (($rino) ? '&rino=1' : '');
1758
1759         logger('dfrn_deliver: ' . $url);
1760
1761         $xml = fetch_url($url);
1762
1763         $curl_stat = $a->get_curl_code();
1764         if(! $curl_stat)
1765                 return(-1); // timed out
1766
1767         logger('dfrn_deliver: ' . $xml, LOGGER_DATA);
1768
1769         if(! $xml)
1770                 return 3;
1771
1772         if(strpos($xml,'<?xml') === false) {
1773                 logger('dfrn_deliver: no valid XML returned');
1774                 logger('dfrn_deliver: returned XML: ' . $xml, LOGGER_DATA);
1775                 return 3;
1776         }
1777
1778         $res = parse_xml_string($xml);
1779
1780         if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id)))
1781                 return (($res->status) ? $res->status : 3);
1782
1783         $postvars     = array();
1784         $sent_dfrn_id = hex2bin((string) $res->dfrn_id);
1785         $challenge    = hex2bin((string) $res->challenge);
1786         $perm         = (($res->perm) ? $res->perm : null);
1787         $dfrn_version = (float) (($res->dfrn_version) ? $res->dfrn_version : 2.0);
1788         $rino_allowed = ((intval($res->rino) === 1) ? 1 : 0);
1789         $page         = (($owner['page-flags'] == PAGE_COMMUNITY) ? 1 : 0);
1790
1791         if($owner['page-flags'] == PAGE_PRVGROUP)
1792                 $page = 2;
1793
1794         $final_dfrn_id = '';
1795
1796         if($perm) {
1797                 if((($perm == 'rw') && (! intval($contact['writable'])))
1798                 || (($perm == 'r') && (intval($contact['writable'])))) {
1799                         q("update contact set writable = %d where id = %d",
1800                                 intval(($perm == 'rw') ? 1 : 0),
1801                                 intval($contact['id'])
1802                         );
1803                         $contact['writable'] = (string) 1 - intval($contact['writable']);
1804                 }
1805         }
1806
1807         if(($contact['duplex'] && strlen($contact['pubkey']))
1808                 || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
1809                 || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) {
1810                 openssl_public_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['pubkey']);
1811                 openssl_public_decrypt($challenge,$postvars['challenge'],$contact['pubkey']);
1812         }
1813         else {
1814                 openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
1815                 openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']);
1816         }
1817
1818         $final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
1819
1820         if(strpos($final_dfrn_id,':') == 1)
1821                 $final_dfrn_id = substr($final_dfrn_id,2);
1822
1823         if($final_dfrn_id != $orig_id) {
1824                 logger('dfrn_deliver: wrong dfrn_id.');
1825                 // did not decode properly - cannot trust this site
1826                 return 3;
1827         }
1828
1829         $postvars['dfrn_id']      = $idtosend;
1830         $postvars['dfrn_version'] = DFRN_PROTOCOL_VERSION;
1831         if($dissolve)
1832                 $postvars['dissolve'] = '1';
1833
1834
1835         if((($contact['rel']) && ($contact['rel'] != CONTACT_IS_SHARING) && (! $contact['blocked'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
1836                 $postvars['data'] = $atom;
1837                 $postvars['perm'] = 'rw';
1838         }
1839         else {
1840                 $postvars['data'] = str_replace('<dfrn:comment-allow>1','<dfrn:comment-allow>0',$atom);
1841                 $postvars['perm'] = 'r';
1842         }
1843
1844         $postvars['ssl_policy'] = $ssl_policy;
1845
1846         if($page)
1847                 $postvars['page'] = $page;
1848
1849         if($rino && $rino_allowed && (! $dissolve)) {
1850                 $key = substr(random_string(),0,16);
1851                 $data = bin2hex(aes_encrypt($postvars['data'],$key));
1852                 $postvars['data'] = $data;
1853                 logger('rino: sent key = ' . $key, LOGGER_DEBUG);
1854
1855
1856                 if($dfrn_version >= 2.1) {
1857                         if(($contact['duplex'] && strlen($contact['pubkey']))
1858                                 || ($owner['page-flags'] == PAGE_COMMUNITY && strlen($contact['pubkey']))
1859                                 || ($contact['rel'] == CONTACT_IS_SHARING && strlen($contact['pubkey']))) {
1860
1861                                 openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']);
1862                         }
1863                         else {
1864                                 openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']);
1865                         }
1866                 }
1867                 else {
1868                         if(($contact['duplex'] && strlen($contact['prvkey'])) || ($owner['page-flags'] == PAGE_COMMUNITY)) {
1869                                 openssl_private_encrypt($key,$postvars['key'],$contact['prvkey']);
1870                         }
1871                         else {
1872                                 openssl_public_encrypt($key,$postvars['key'],$contact['pubkey']);
1873                         }
1874                 }
1875
1876                 logger('md5 rawkey ' . md5($postvars['key']));
1877
1878                 $postvars['key'] = bin2hex($postvars['key']);
1879         }
1880
1881         logger('dfrn_deliver: ' . "SENDING: " . print_r($postvars,true), LOGGER_DATA);
1882
1883         $xml = post_url($contact['notify'],$postvars);
1884
1885         logger('dfrn_deliver: ' . "RECEIVED: " . $xml, LOGGER_DATA);
1886
1887         $curl_stat = $a->get_curl_code();
1888         if((! $curl_stat) || (! strlen($xml)))
1889                 return(-1); // timed out
1890
1891         if(($curl_stat == 503) && (stristr($a->get_curl_headers(),'retry-after')))
1892                 return(-1);
1893
1894         if(strpos($xml,'<?xml') === false) {
1895                 logger('dfrn_deliver: phase 2: no valid XML returned');
1896                 logger('dfrn_deliver: phase 2: returned XML: ' . $xml, LOGGER_DATA);
1897                 return 3;
1898         }
1899
1900         if($contact['term-date'] != '0000-00-00 00:00:00') {
1901                 logger("dfrn_deliver: $url back from the dead - removing mark for death");
1902                 require_once('include/Contact.php');
1903                 unmark_for_death($contact);
1904         }
1905
1906         $res = parse_xml_string($xml);
1907
1908         return $res->status;
1909 }
1910
1911
1912 /*
1913   This function returns true if $update has an edited timestamp newer
1914   than $existing, i.e. $update contains new data which should override
1915   what's already there.  If there is no timestamp yet, the update is
1916   assumed to be newer.  If the update has no timestamp, the existing
1917   item is assumed to be up-to-date.  If the timestamps are equal it
1918   assumes the update has been seen before and should be ignored.
1919   */
1920 function edited_timestamp_is_newer($existing, $update) {
1921     if (!x($existing,'edited') || !$existing['edited']) {
1922         return true;
1923     }
1924     if (!x($update,'edited') || !$update['edited']) {
1925         return false;
1926     }
1927     $existing_edited = datetime_convert('UTC', 'UTC', $existing['edited']);
1928     $update_edited = datetime_convert('UTC', 'UTC', $update['edited']);
1929     return (strcmp($existing_edited, $update_edited) < 0);
1930 }
1931
1932 /**
1933  *
1934  * consume_feed - process atom feed and update anything/everything we might need to update
1935  *
1936  * $xml = the (atom) feed to consume - RSS isn't as fully supported but may work for simple feeds.
1937  *
1938  * $importer = the contact_record (joined to user_record) of the local user who owns this relationship.
1939  *             It is this person's stuff that is going to be updated.
1940  * $contact =  the person who is sending us stuff. If not set, we MAY be processing a "follow" activity
1941  *             from an external network and MAY create an appropriate contact record. Otherwise, we MUST
1942  *             have a contact record.
1943  * $hub = should we find a hub declation in the feed, pass it back to our calling process, who might (or
1944  *        might not) try and subscribe to it.
1945  * $datedir sorts in reverse order
1946  * $pass - by default ($pass = 0) we cannot guarantee that a parent item has been
1947  *      imported prior to its children being seen in the stream unless we are certain
1948  *      of how the feed is arranged/ordered.
1949  * With $pass = 1, we only pull parent items out of the stream.
1950  * With $pass = 2, we only pull children (comments/likes).
1951  *
1952  * So running this twice, first with pass 1 and then with pass 2 will do the right
1953  * thing regardless of feed ordering. This won't be adequate in a fully-threaded
1954  * model where comments can have sub-threads. That would require some massive sorting
1955  * to get all the feed items into a mostly linear ordering, and might still require
1956  * recursion.
1957  */
1958
1959 function consume_feed($xml,$importer,&$contact, &$hub, $datedir = 0, $pass = 0) {
1960
1961         require_once('library/simplepie/simplepie.inc');
1962         require_once('include/contact_selectors.php');
1963
1964         if(! strlen($xml)) {
1965                 logger('consume_feed: empty input');
1966                 return;
1967         }
1968
1969         $feed = new SimplePie();
1970         $feed->set_raw_data($xml);
1971         if($datedir)
1972                 $feed->enable_order_by_date(true);
1973         else
1974                 $feed->enable_order_by_date(false);
1975         $feed->init();
1976
1977         if($feed->error())
1978                 logger('consume_feed: Error parsing XML: ' . $feed->error());
1979
1980         $permalink = $feed->get_permalink();
1981
1982         // Check at the feed level for updated contact name and/or photo
1983
1984         $name_updated  = '';
1985         $new_name = '';
1986         $photo_timestamp = '';
1987         $photo_url = '';
1988         $birthday = '';
1989
1990         $hubs = $feed->get_links('hub');
1991         logger('consume_feed: hubs: ' . print_r($hubs,true), LOGGER_DATA);
1992
1993         if(count($hubs))
1994                 $hub = implode(',', $hubs);
1995
1996         $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner');
1997         if(! $rawtags)
1998                 $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
1999         if($rawtags) {
2000                 $elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
2001                 if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
2002                         $name_updated = $elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated'];
2003                         $new_name = $elems['name'][0]['data'];
2004                 }
2005                 if((x($elems,'link')) && ($elems['link'][0]['attribs']['']['rel'] === 'photo') && ($elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated'])) {
2006                         $photo_timestamp = datetime_convert('UTC','UTC',$elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']);
2007                         $photo_url = $elems['link'][0]['attribs']['']['href'];
2008                 }
2009
2010                 if((x($rawtags[0]['child'], NAMESPACE_DFRN)) && (x($rawtags[0]['child'][NAMESPACE_DFRN],'birthday'))) {
2011                         $birthday = datetime_convert('UTC','UTC', $rawtags[0]['child'][NAMESPACE_DFRN]['birthday'][0]['data']);
2012                 }
2013         }
2014
2015         if((is_array($contact)) && ($photo_timestamp) && (strlen($photo_url)) && ($photo_timestamp > $contact['avatar-date'])) {
2016                 logger('consume_feed: Updating photo for '.$contact['name'].' from '.$photo_url.' uid: '.$contact['uid']);
2017                 require_once("include/Photo.php");
2018                 $photo_failure = false;
2019                 $have_photo = false;
2020
2021                 $r = q("SELECT `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d LIMIT 1",
2022                         intval($contact['id']),
2023                         intval($contact['uid'])
2024                 );
2025                 if(count($r)) {
2026                         $resource_id = $r[0]['resource-id'];
2027                         $have_photo = true;
2028                 }
2029                 else {
2030                         $resource_id = photo_new_resource();
2031                 }
2032
2033                 $img_str = fetch_url($photo_url,true);
2034                 // guess mimetype from headers or filename
2035                 $type = guess_image_type($photo_url,true);
2036
2037
2038                 $img = new Photo($img_str, $type);
2039                 if($img->is_valid()) {
2040                         if($have_photo) {
2041                                 q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `contact-id` = %d AND `uid` = %d",
2042                                         dbesc($resource_id),
2043                                         intval($contact['id']),
2044                                         intval($contact['uid'])
2045                                 );
2046                         }
2047
2048                         $img->scaleImageSquare(175);
2049
2050                         $hash = $resource_id;
2051                         $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 4);
2052
2053                         $img->scaleImage(80);
2054                         $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 5);
2055
2056                         $img->scaleImage(48);
2057                         $r = $img->store($contact['uid'], $contact['id'], $hash, basename($photo_url), 'Contact Photos', 6);
2058
2059                         $a = get_app();
2060
2061                         q("UPDATE `contact` SET `avatar-date` = '%s', `photo` = '%s', `thumb` = '%s', `micro` = '%s'
2062                                 WHERE `uid` = %d AND `id` = %d",
2063                                 dbesc(datetime_convert()),
2064                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-4.'.$img->getExt()),
2065                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-5.'.$img->getExt()),
2066                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-6.'.$img->getExt()),
2067                                 intval($contact['uid']),
2068                                 intval($contact['id'])
2069                         );
2070                 }
2071         }
2072
2073         if((is_array($contact)) && ($name_updated) && (strlen($new_name)) && ($name_updated > $contact['name-date'])) {
2074                 $r = q("select * from contact where uid = %d and id = %d limit 1",
2075                         intval($contact['uid']),
2076                         intval($contact['id'])
2077                 );
2078
2079                 $x = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `id` = %d",
2080                         dbesc(notags(trim($new_name))),
2081                         dbesc(datetime_convert()),
2082                         intval($contact['uid']),
2083                         intval($contact['id'])
2084                 );
2085
2086                 // do our best to update the name on content items
2087
2088                 if(count($r)) {
2089                         q("update item set `author-name` = '%s' where `author-name` = '%s' and `author-link` = '%s' and uid = %d",
2090                                 dbesc(notags(trim($new_name))),
2091                                 dbesc($r[0]['name']),
2092                                 dbesc($r[0]['url']),
2093                                 intval($contact['uid'])
2094                         );
2095                 }
2096         }
2097
2098         if(strlen($birthday)) {
2099                 if(substr($birthday,0,4) != $contact['bdyear']) {
2100                         logger('consume_feed: updating birthday: ' . $birthday);
2101
2102                         /**
2103                          *
2104                          * Add new birthday event for this person
2105                          *
2106                          * $bdtext is just a readable placeholder in case the event is shared
2107                          * with others. We will replace it during presentation to our $importer
2108                          * to contain a sparkle link and perhaps a photo.
2109                          *
2110                          */
2111
2112                         $bdtext = sprintf( t('%s\'s birthday'), $contact['name']);
2113                         $bdtext2 = sprintf( t('Happy Birthday %s'), ' [url=' . $contact['url'] . ']' . $contact['name'] . '[/url]' ) ;
2114
2115
2116                         $r = q("INSERT INTO `event` (`uid`,`cid`,`created`,`edited`,`start`,`finish`,`summary`,`desc`,`type`)
2117                                 VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
2118                                 intval($contact['uid']),
2119                                 intval($contact['id']),
2120                                 dbesc(datetime_convert()),
2121                                 dbesc(datetime_convert()),
2122                                 dbesc(datetime_convert('UTC','UTC', $birthday)),
2123                                 dbesc(datetime_convert('UTC','UTC', $birthday . ' + 1 day ')),
2124                                 dbesc($bdtext),
2125                                 dbesc($bdtext2),
2126                                 dbesc('birthday')
2127                         );
2128
2129
2130                         // update bdyear
2131
2132                         q("UPDATE `contact` SET `bdyear` = '%s' WHERE `uid` = %d AND `id` = %d",
2133                                 dbesc(substr($birthday,0,4)),
2134                                 intval($contact['uid']),
2135                                 intval($contact['id'])
2136                         );
2137
2138                         // This function is called twice without reloading the contact
2139                         // Make sure we only create one event. This is why &$contact
2140                         // is a reference var in this function
2141
2142                         $contact['bdyear'] = substr($birthday,0,4);
2143                 }
2144
2145         }
2146
2147         $community_page = 0;
2148         $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
2149         if($rawtags) {
2150                 $community_page = intval($rawtags[0]['data']);
2151         }
2152         if(is_array($contact) && intval($contact['forum']) != $community_page) {
2153                 q("update contact set forum = %d where id = %d",
2154                         intval($community_page),
2155                         intval($contact['id'])
2156                 );
2157                 $contact['forum'] = (string) $community_page;
2158         }
2159
2160
2161         // process any deleted entries
2162
2163         $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry');
2164         if(is_array($del_entries) && count($del_entries) && $pass != 2) {
2165                 foreach($del_entries as $dentry) {
2166                         $deleted = false;
2167                         if(isset($dentry['attribs']['']['ref'])) {
2168                                 $uri = $dentry['attribs']['']['ref'];
2169                                 $deleted = true;
2170                                 if(isset($dentry['attribs']['']['when'])) {
2171                                         $when = $dentry['attribs']['']['when'];
2172                                         $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s');
2173                                 }
2174                                 else
2175                                         $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s');
2176                         }
2177                         if($deleted && is_array($contact)) {
2178                                 $r = q("SELECT `item`.*, `contact`.`self` FROM `item` INNER JOIN `contact` on `item`.`contact-id` = `contact`.`id`
2179                                         WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
2180                                         dbesc($uri),
2181                                         intval($importer['uid']),
2182                                         intval($contact['id'])
2183                                 );
2184                                 if(count($r)) {
2185                                         $item = $r[0];
2186
2187                                         if(! $item['deleted'])
2188                                                 logger('consume_feed: deleting item ' . $item['id'] . ' uri=' . $item['uri'], LOGGER_DEBUG);
2189
2190                                         if(($item['verb'] === ACTIVITY_TAG) && ($item['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
2191                                                 $xo = parse_xml_string($item['object'],false);
2192                                                 $xt = parse_xml_string($item['target'],false);
2193                                                 if($xt->type === ACTIVITY_OBJ_NOTE) {
2194                                                         $i = q("select * from `item` where uri = '%s' and uid = %d limit 1",
2195                                                                 dbesc($xt->id),
2196                                                                 intval($importer['importer_uid'])
2197                                                         );
2198                                                         if(count($i)) {
2199
2200                                                                 // For tags, the owner cannot remove the tag on the author's copy of the post.
2201
2202                                                                 $owner_remove = (($item['contact-id'] == $i[0]['contact-id']) ? true: false);
2203                                                                 $author_remove = (($item['origin'] && $item['self']) ? true : false);
2204                                                                 $author_copy = (($item['origin']) ? true : false);
2205
2206                                                                 if($owner_remove && $author_copy)
2207                                                                         continue;
2208                                                                 if($author_remove || $owner_remove) {
2209                                                                         $tags = explode(',',$i[0]['tag']);
2210                                                                         $newtags = array();
2211                                                                         if(count($tags)) {
2212                                                                                 foreach($tags as $tag)
2213                                                                                         if(trim($tag) !== trim($xo->body))
2214                                                                                                 $newtags[] = trim($tag);
2215                                                                         }
2216                                                                         q("update item set tag = '%s' where id = %d",
2217                                                                                 dbesc(implode(',',$newtags)),
2218                                                                                 intval($i[0]['id'])
2219                                                                         );
2220                                                                         create_tags_from_item($i[0]['id']);
2221                                                                 }
2222                                                         }
2223                                                 }
2224                                         }
2225
2226                                         if($item['uri'] == $item['parent-uri']) {
2227                                                 $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',
2228                                                         `body` = '', `title` = ''
2229                                                         WHERE `parent-uri` = '%s' AND `uid` = %d",
2230                                                         dbesc($when),
2231                                                         dbesc(datetime_convert()),
2232                                                         dbesc($item['uri']),
2233                                                         intval($importer['uid'])
2234                                                 );
2235                                                 create_tags_from_itemuri($item['uri'], $importer['uid']);
2236                                                 create_files_from_itemuri($item['uri'], $importer['uid']);
2237                                                 update_thread_uri($item['uri'], $importer['uid']);
2238                                         }
2239                                         else {
2240                                                 $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',
2241                                                         `body` = '', `title` = ''
2242                                                         WHERE `uri` = '%s' AND `uid` = %d",
2243                                                         dbesc($when),
2244                                                         dbesc(datetime_convert()),
2245                                                         dbesc($uri),
2246                                                         intval($importer['uid'])
2247                                                 );
2248                                                 create_tags_from_itemuri($uri, $importer['uid']);
2249                                                 create_files_from_itemuri($uri, $importer['uid']);
2250                                                 if($item['last-child']) {
2251                                                         // ensure that last-child is set in case the comment that had it just got wiped.
2252                                                         q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ",
2253                                                                 dbesc(datetime_convert()),
2254                                                                 dbesc($item['parent-uri']),
2255                                                                 intval($item['uid'])
2256                                                         );
2257                                                         // who is the last child now?
2258                                                         $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `moderated` = 0 AND `uid` = %d
2259                                                                 ORDER BY `created` DESC LIMIT 1",
2260                                                                         dbesc($item['parent-uri']),
2261                                                                         intval($importer['uid'])
2262                                                         );
2263                                                         if(count($r)) {
2264                                                                 q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d",
2265                                                                         intval($r[0]['id'])
2266                                                                 );
2267                                                         }
2268                                                 }
2269                                         }
2270                                 }
2271                         }
2272                 }
2273         }
2274
2275         // Now process the feed
2276
2277         if($feed->get_item_quantity()) {
2278
2279                 logger('consume_feed: feed item count = ' . $feed->get_item_quantity());
2280
2281         // in inverse date order
2282                 if ($datedir)
2283                         $items = array_reverse($feed->get_items());
2284                 else
2285                         $items = $feed->get_items();
2286
2287
2288                 foreach($items as $item) {
2289
2290                         $is_reply = false;
2291                         $item_id = $item->get_id();
2292                         $rawthread = $item->get_item_tags( NAMESPACE_THREAD,'in-reply-to');
2293                         if(isset($rawthread[0]['attribs']['']['ref'])) {
2294                                 $is_reply = true;
2295                                 $parent_uri = $rawthread[0]['attribs']['']['ref'];
2296                         }
2297
2298                         if(($is_reply) && is_array($contact)) {
2299
2300                                 if($pass == 1)
2301                                         continue;
2302
2303                                 // not allowed to post
2304
2305                                 if($contact['rel'] == CONTACT_IS_FOLLOWER)
2306                                         continue;
2307
2308
2309                                 // Have we seen it? If not, import it.
2310
2311                                 $item_id  = $item->get_id();
2312                                 $datarray = get_atom_elements($feed, $item, $contact);
2313
2314                                 if((! x($datarray,'author-name')) && ($contact['network'] != NETWORK_DFRN))
2315                                         $datarray['author-name'] = $contact['name'];
2316                                 if((! x($datarray,'author-link')) && ($contact['network'] != NETWORK_DFRN))
2317                                         $datarray['author-link'] = $contact['url'];
2318                                 if((! x($datarray,'author-avatar')) && ($contact['network'] != NETWORK_DFRN))
2319                                         $datarray['author-avatar'] = $contact['thumb'];
2320
2321                                 if((! x($datarray,'author-name')) || (! x($datarray,'author-link'))) {
2322                                         logger('consume_feed: no author information! ' . print_r($datarray,true));
2323                                         continue;
2324                                 }
2325
2326                                 $force_parent = false;
2327                                 if($contact['network'] === NETWORK_OSTATUS || stristr($contact['url'],'twitter.com')) {
2328                                         if($contact['network'] === NETWORK_OSTATUS)
2329                                                 $force_parent = true;
2330                                         if(strlen($datarray['title']))
2331                                                 unset($datarray['title']);
2332                                         $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
2333                                                 dbesc(datetime_convert()),
2334                                                 dbesc($parent_uri),
2335                                                 intval($importer['uid'])
2336                                         );
2337                                         $datarray['last-child'] = 1;
2338                                         update_thread_uri($parent_uri, $importer['uid']);
2339                                 }
2340
2341
2342                                 $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
2343                                         dbesc($item_id),
2344                                         intval($importer['uid'])
2345                                 );
2346
2347                                 // Update content if 'updated' changes
2348
2349                                 if(count($r)) {
2350                                         if (edited_timestamp_is_newer($r[0], $datarray)) {
2351
2352                                                 // do not accept (ignore) an earlier edit than one we currently have.
2353                                                 if(datetime_convert('UTC','UTC',$datarray['edited']) < $r[0]['edited'])
2354                                                         continue;
2355
2356                                                 $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
2357                                                         dbesc($datarray['title']),
2358                                                         dbesc($datarray['body']),
2359                                                         dbesc($datarray['tag']),
2360                                                         dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
2361                                                         dbesc(datetime_convert()),
2362                                                         dbesc($item_id),
2363                                                         intval($importer['uid'])
2364                                                 );
2365                                                 create_tags_from_itemuri($item_id, $importer['uid']);
2366                                                 update_thread_uri($item_id, $importer['uid']);
2367                                         }
2368
2369                                         // update last-child if it changes
2370
2371                                         $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow');
2372                                         if(($allow) && ($allow[0]['data'] != $r[0]['last-child'])) {
2373                                                 $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
2374                                                         dbesc(datetime_convert()),
2375                                                         dbesc($parent_uri),
2376                                                         intval($importer['uid'])
2377                                                 );
2378                                                 $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s'  WHERE `uri` = '%s' AND `uid` = %d",
2379                                                         intval($allow[0]['data']),
2380                                                         dbesc(datetime_convert()),
2381                                                         dbesc($item_id),
2382                                                         intval($importer['uid'])
2383                                                 );
2384                                                 update_thread_uri($item_id, $importer['uid']);
2385                                         }
2386                                         continue;
2387                                 }
2388
2389
2390                                 if(($contact['network'] === NETWORK_FEED) || (! strlen($contact['notify']))) {
2391                                         // one way feed - no remote comment ability
2392                                         $datarray['last-child'] = 0;
2393                                 }
2394                                 $datarray['parent-uri'] = $parent_uri;
2395                                 $datarray['uid'] = $importer['uid'];
2396                                 $datarray['contact-id'] = $contact['id'];
2397                                 if((activity_match($datarray['verb'],ACTIVITY_LIKE)) || (activity_match($datarray['verb'],ACTIVITY_DISLIKE))) {
2398                                         $datarray['type'] = 'activity';
2399                                         $datarray['gravity'] = GRAVITY_LIKE;
2400                                         // only one like or dislike per person
2401                                         // splitted into two queries for performance issues
2402                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`parent-uri` = '%s') limit 1",
2403                                                 intval($datarray['uid']),
2404                                                 intval($datarray['contact-id']),
2405                                                 dbesc($datarray['verb']),
2406                                                 dbesc($parent_uri)
2407                                         );
2408                                         if($r && count($r))
2409                                                 continue;
2410
2411                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`thr-parent` = '%s') limit 1",
2412                                                 intval($datarray['uid']),
2413                                                 intval($datarray['contact-id']),
2414                                                 dbesc($datarray['verb']),
2415                                                 dbesc($parent_uri)
2416                                         );
2417                                         if($r && count($r))
2418                                                 continue;
2419                                 }
2420
2421                                 if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
2422                                         $xo = parse_xml_string($datarray['object'],false);
2423                                         $xt = parse_xml_string($datarray['target'],false);
2424
2425                                         if($xt->type == ACTIVITY_OBJ_NOTE) {
2426                                                 $r = q("select * from item where `uri` = '%s' AND `uid` = %d limit 1",
2427                                                         dbesc($xt->id),
2428                                                         intval($importer['importer_uid'])
2429                                                 );
2430                                                 if(! count($r))
2431                                                         continue;
2432
2433                                                 // extract tag, if not duplicate, add to parent item
2434                                                 if($xo->id && $xo->content) {
2435                                                         $newtag = '#[url=' . $xo->id . ']'. $xo->content . '[/url]';
2436                                                         if(! (stristr($r[0]['tag'],$newtag))) {
2437                                                                 q("UPDATE item SET tag = '%s' WHERE id = %d",
2438                                                                         dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . $newtag),
2439                                                                         intval($r[0]['id'])
2440                                                                 );
2441                                                                 create_tags_from_item($r[0]['id']);
2442                                                         }
2443                                                 }
2444                                         }
2445                                 }
2446
2447                                 $r = item_store($datarray,$force_parent);
2448                                 continue;
2449                         }
2450
2451                         else {
2452
2453                                 // Head post of a conversation. Have we seen it? If not, import it.
2454
2455                                 $item_id  = $item->get_id();
2456
2457                                 $datarray = get_atom_elements($feed, $item, $contact);
2458
2459                                 if(is_array($contact)) {
2460                                         if((! x($datarray,'author-name')) && ($contact['network'] != NETWORK_DFRN))
2461                                                 $datarray['author-name'] = $contact['name'];
2462                                         if((! x($datarray,'author-link')) && ($contact['network'] != NETWORK_DFRN))
2463                                                 $datarray['author-link'] = $contact['url'];
2464                                         if((! x($datarray,'author-avatar')) && ($contact['network'] != NETWORK_DFRN))
2465                                                 $datarray['author-avatar'] = $contact['thumb'];
2466                                 }
2467
2468                                 if((! x($datarray,'author-name')) || (! x($datarray,'author-link'))) {
2469                                         logger('consume_feed: no author information! ' . print_r($datarray,true));
2470                                         continue;
2471                                 }
2472
2473                                 // special handling for events
2474
2475                                 if((x($datarray,'object-type')) && ($datarray['object-type'] === ACTIVITY_OBJ_EVENT)) {
2476                                         $ev = bbtoevent($datarray['body']);
2477                                         if(x($ev,'desc') && x($ev,'start')) {
2478                                                 $ev['uid'] = $importer['uid'];
2479                                                 $ev['uri'] = $item_id;
2480                                                 $ev['edited'] = $datarray['edited'];
2481                                                 $ev['private'] = $datarray['private'];
2482
2483                                                 if(is_array($contact))
2484                                                         $ev['cid'] = $contact['id'];
2485                                                 $r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
2486                                                         dbesc($item_id),
2487                                                         intval($importer['uid'])
2488                                                 );
2489                                                 if(count($r))
2490                                                         $ev['id'] = $r[0]['id'];
2491                                                 $xyz = event_store($ev);
2492                                                 continue;
2493                                         }
2494                                 }
2495
2496                                 if($contact['network'] === NETWORK_OSTATUS || stristr($contact['url'],'twitter.com')) {
2497                                         if(strlen($datarray['title']))
2498                                                 unset($datarray['title']);
2499                                         $datarray['last-child'] = 1;
2500                                 }
2501
2502
2503                                 $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
2504                                         dbesc($item_id),
2505                                         intval($importer['uid'])
2506                                 );
2507
2508                                 // Update content if 'updated' changes
2509
2510                                 if(count($r)) {
2511                                         if (edited_timestamp_is_newer($r[0], $datarray)) {
2512
2513                                                 // do not accept (ignore) an earlier edit than one we currently have.
2514                                                 if(datetime_convert('UTC','UTC',$datarray['edited']) < $r[0]['edited'])
2515                                                         continue;
2516
2517                                                 $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
2518                                                         dbesc($datarray['title']),
2519                                                         dbesc($datarray['body']),
2520                                                         dbesc($datarray['tag']),
2521                                                         dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
2522                                                         dbesc(datetime_convert()),
2523                                                         dbesc($item_id),
2524                                                         intval($importer['uid'])
2525                                                 );
2526                                                 create_tags_from_itemuri($item_id, $importer['uid']);
2527                                                 update_thread_uri($item_id, $importer['uid']);
2528                                         }
2529
2530                                         // update last-child if it changes
2531
2532                                         $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow');
2533                                         if($allow && $allow[0]['data'] != $r[0]['last-child']) {
2534                                                 $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
2535                                                         intval($allow[0]['data']),
2536                                                         dbesc(datetime_convert()),
2537                                                         dbesc($item_id),
2538                                                         intval($importer['uid'])
2539                                                 );
2540                                                 update_thread_uri($item_id, $importer['uid']);
2541                                         }
2542                                         continue;
2543                                 }
2544
2545                                 if(activity_match($datarray['verb'],ACTIVITY_FOLLOW)) {
2546                                         logger('consume-feed: New follower');
2547                                         new_follower($importer,$contact,$datarray,$item);
2548                                         return;
2549                                 }
2550                                 if(activity_match($datarray['verb'],ACTIVITY_UNFOLLOW))  {
2551                                         lose_follower($importer,$contact,$datarray,$item);
2552                                         return;
2553                                 }
2554
2555                                 if(activity_match($datarray['verb'],ACTIVITY_REQ_FRIEND)) {
2556                                         logger('consume-feed: New friend request');
2557                                         new_follower($importer,$contact,$datarray,$item,true);
2558                                         return;
2559                                 }
2560                                 if(activity_match($datarray['verb'],ACTIVITY_UNFRIEND))  {
2561                                         lose_sharer($importer,$contact,$datarray,$item);
2562                                         return;
2563                                 }
2564
2565
2566                                 if(! is_array($contact))
2567                                         return;
2568
2569
2570                                 if(($contact['network'] === NETWORK_FEED) || (! strlen($contact['notify']))) {
2571                                                 // one way feed - no remote comment ability
2572                                                 $datarray['last-child'] = 0;
2573                                 }
2574                                 if($contact['network'] === NETWORK_FEED)
2575                                         $datarray['private'] = 2;
2576
2577                                 $datarray['parent-uri'] = $item_id;
2578                                 $datarray['uid'] = $importer['uid'];
2579                                 $datarray['contact-id'] = $contact['id'];
2580
2581                                 if(! link_compare($datarray['owner-link'],$contact['url'])) {
2582                                         // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
2583                                         // but otherwise there's a possible data mixup on the sender's system.
2584                                         // the tgroup delivery code called from item_store will correct it if it's a forum,
2585                                         // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
2586                                         logger('consume_feed: Correcting item owner.', LOGGER_DEBUG);
2587                                         $datarray['owner-name']   = $contact['name'];
2588                                         $datarray['owner-link']   = $contact['url'];
2589                                         $datarray['owner-avatar'] = $contact['thumb'];
2590                                 }
2591
2592                                 // We've allowed "followers" to reach this point so we can decide if they are
2593                                 // posting an @-tag delivery, which followers are allowed to do for certain
2594                                 // page types. Now that we've parsed the post, let's check if it is legit. Otherwise ignore it.
2595
2596                                 if(($contact['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['uid'],$datarray)))
2597                                         continue;
2598
2599                                 // This is my contact on another system, but it's really me.
2600                                 // Turn this into a wall post.
2601                                 $notify = item_is_remote_self($contact, $datarray);
2602
2603                                 $r = item_store($datarray, false, $notify);
2604                                 logger('Stored - Contact '.$contact['url'].' Notify '.$notify.' return '.$r.' Item '.print_r($datarray, true), LOGGER_DEBUG);
2605                                 continue;
2606
2607                         }
2608                 }
2609         }
2610 }
2611
2612 function item_is_remote_self($contact, &$datarray) {
2613         $a = get_app();
2614
2615         if (!$contact['remote_self'])
2616                 return false;
2617
2618         // Prevent the forwarding of posts that are forwarded
2619         if (in_array($datarray["extid"], array(NETWORK_DFRN, NETWORK_DIASPORA)))
2620                 return false;
2621
2622         // Prevent to forward already forwarded posts
2623         if ($datarray["app"] == $a->get_hostname())
2624                 return false;
2625
2626         if (($contact['network'] != NETWORK_FEED) AND $datarray['private'])
2627                 return false;
2628
2629         $datarray2 = $datarray;
2630         logger('remote-self start - Contact '.$contact['url'].' - '.$contact['remote_self'].' Item '.print_r($datarray, true), LOGGER_DEBUG);
2631         if ($contact['remote_self'] == 2) {
2632                 $r = q("SELECT `id`,`url`,`name`,`photo`,`network` FROM `contact` WHERE `uid` = %d AND `self`",
2633                         intval($contact['uid']));
2634                 if (count($r)) {
2635                         $datarray['contact-id'] = $r[0]["id"];
2636
2637                         $datarray['owner-name'] = $r[0]["name"];
2638                         $datarray['owner-link'] = $r[0]["url"];
2639                         $datarray['owner-avatar'] = $r[0]["avatar"];
2640
2641                         $datarray['author-name']   = $datarray['owner-name'];
2642                         $datarray['author-link']   = $datarray['owner-link'];
2643                         $datarray['author-avatar'] = $datarray['owner-avatar'];
2644                 }
2645
2646                 if ($contact['network'] != NETWORK_FEED) {
2647                         $datarray["guid"] = get_guid(32);
2648                         unset($datarray["plink"]);
2649                         $datarray["uri"] = item_new_uri($a->get_hostname(),$contact['uid']);
2650                         $datarray["parent-uri"] = $datarray["uri"];
2651                         $datarray["extid"] = $contact['network'];
2652                         $urlpart = parse_url($datarray2['author-link']);
2653                         $datarray["app"] = $urlpart["host"];
2654                 } else
2655                         $datarray['private'] = 0;
2656         }
2657
2658         //if (!isset($datarray["app"]) OR ($datarray["app"] == ""))
2659         //      $datarray["app"] = network_to_name($contact['network']);
2660
2661         if ($contact['network'] != NETWORK_FEED) {
2662                 // Store the original post
2663                 $r = item_store($datarray2, false, false);
2664                 logger('remote-self post original item - Contact '.$contact['url'].' return '.$r.' Item '.print_r($datarray2, true), LOGGER_DEBUG);
2665         } else
2666                 $datarray["app"] = "Feed";
2667
2668         return true;
2669 }
2670
2671 function local_delivery($importer,$data) {
2672         $a = get_app();
2673
2674         logger(__function__, LOGGER_TRACE);
2675
2676         if($importer['readonly']) {
2677                 // We aren't receiving stuff from this person. But we will quietly ignore them
2678                 // rather than a blatant "go away" message.
2679                 logger('local_delivery: ignoring');
2680                 return 0;
2681                 //NOTREACHED
2682         }
2683
2684         // Consume notification feed. This may differ from consuming a public feed in several ways
2685         // - might contain email or friend suggestions
2686         // - might contain remote followup to our message
2687         //              - in which case we need to accept it and then notify other conversants
2688         // - we may need to send various email notifications
2689
2690         $feed = new SimplePie();
2691         $feed->set_raw_data($data);
2692         $feed->enable_order_by_date(false);
2693         $feed->init();
2694
2695
2696         if($feed->error())
2697                 logger('local_delivery: Error parsing XML: ' . $feed->error());
2698
2699
2700         // Check at the feed level for updated contact name and/or photo
2701
2702         $name_updated  = '';
2703         $new_name = '';
2704         $photo_timestamp = '';
2705         $photo_url = '';
2706
2707
2708         $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'owner');
2709
2710 // Fallback should not be needed here. If it isn't DFRN it won't have DFRN updated tags
2711 //      if(! $rawtags)
2712 //              $rawtags = $feed->get_feed_tags( SIMPLEPIE_NAMESPACE_ATOM_10, 'author');
2713
2714         if($rawtags) {
2715                 $elems = $rawtags[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10];
2716                 if($elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated']) {
2717                         $name_updated = $elems['name'][0]['attribs'][NAMESPACE_DFRN]['updated'];
2718                         $new_name = $elems['name'][0]['data'];
2719                 }
2720                 if((x($elems,'link')) && ($elems['link'][0]['attribs']['']['rel'] === 'photo') && ($elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated'])) {
2721                         $photo_timestamp = datetime_convert('UTC','UTC',$elems['link'][0]['attribs'][NAMESPACE_DFRN]['updated']);
2722                         $photo_url = $elems['link'][0]['attribs']['']['href'];
2723                 }
2724         }
2725
2726         if(($photo_timestamp) && (strlen($photo_url)) && ($photo_timestamp > $importer['avatar-date'])) {
2727                 logger('local_delivery: Updating photo for ' . $importer['name']);
2728                 require_once("include/Photo.php");
2729                 $photo_failure = false;
2730                 $have_photo = false;
2731
2732                 $r = q("SELECT `resource-id` FROM `photo` WHERE `contact-id` = %d AND `uid` = %d LIMIT 1",
2733                         intval($importer['id']),
2734                         intval($importer['importer_uid'])
2735                 );
2736                 if(count($r)) {
2737                         $resource_id = $r[0]['resource-id'];
2738                         $have_photo = true;
2739                 }
2740                 else {
2741                         $resource_id = photo_new_resource();
2742                 }
2743
2744                 $img_str = fetch_url($photo_url,true);
2745                 // guess mimetype from headers or filename
2746                 $type = guess_image_type($photo_url,true);
2747
2748
2749                 $img = new Photo($img_str, $type);
2750                 if($img->is_valid()) {
2751                         if($have_photo) {
2752                                 q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `contact-id` = %d AND `uid` = %d",
2753                                         dbesc($resource_id),
2754                                         intval($importer['id']),
2755                                         intval($importer['importer_uid'])
2756                                 );
2757                         }
2758
2759                         $img->scaleImageSquare(175);
2760
2761                         $hash = $resource_id;
2762                         $r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 4);
2763
2764                         $img->scaleImage(80);
2765                         $r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 5);
2766
2767                         $img->scaleImage(48);
2768                         $r = $img->store($importer['importer_uid'], $importer['id'], $hash, basename($photo_url), 'Contact Photos', 6);
2769
2770                         $a = get_app();
2771
2772                         q("UPDATE `contact` SET `avatar-date` = '%s', `photo` = '%s', `thumb` = '%s', `micro` = '%s'
2773                                 WHERE `uid` = %d AND `id` = %d",
2774                                 dbesc(datetime_convert()),
2775                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-4.'.$img->getExt()),
2776                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-5.'.$img->getExt()),
2777                                 dbesc($a->get_baseurl() . '/photo/' . $hash . '-6.'.$img->getExt()),
2778                                 intval($importer['importer_uid']),
2779                                 intval($importer['id'])
2780                         );
2781                 }
2782         }
2783
2784         if(($name_updated) && (strlen($new_name)) && ($name_updated > $importer['name-date'])) {
2785                 $r = q("select * from contact where uid = %d and id = %d limit 1",
2786                         intval($importer['importer_uid']),
2787                         intval($importer['id'])
2788                 );
2789
2790                 $x = q("UPDATE `contact` SET `name` = '%s', `name-date` = '%s' WHERE `uid` = %d AND `id` = %d",
2791                         dbesc(notags(trim($new_name))),
2792                         dbesc(datetime_convert()),
2793                         intval($importer['importer_uid']),
2794                         intval($importer['id'])
2795                 );
2796
2797                 // do our best to update the name on content items
2798
2799                 if(count($r)) {
2800                         q("update item set `author-name` = '%s' where `author-name` = '%s' and `author-link` = '%s' and uid = %d",
2801                                 dbesc(notags(trim($new_name))),
2802                                 dbesc($r[0]['name']),
2803                                 dbesc($r[0]['url']),
2804                                 intval($importer['importer_uid'])
2805                         );
2806                 }
2807         }
2808
2809
2810
2811         // Currently unsupported - needs a lot of work
2812         $reloc = $feed->get_feed_tags( NAMESPACE_DFRN, 'relocate' );
2813         if(isset($reloc[0]['child'][NAMESPACE_DFRN])) {
2814                 $base = $reloc[0]['child'][NAMESPACE_DFRN];
2815                 $newloc = array();
2816                 $newloc['uid'] = $importer['importer_uid'];
2817                 $newloc['cid'] = $importer['id'];
2818                 $newloc['name'] = notags(unxmlify($base['name'][0]['data']));
2819                 $newloc['photo'] = notags(unxmlify($base['photo'][0]['data']));
2820                 $newloc['thumb'] = notags(unxmlify($base['thumb'][0]['data']));
2821                 $newloc['micro'] = notags(unxmlify($base['micro'][0]['data']));
2822                 $newloc['url'] = notags(unxmlify($base['url'][0]['data']));
2823                 $newloc['request'] = notags(unxmlify($base['request'][0]['data']));
2824                 $newloc['confirm'] = notags(unxmlify($base['confirm'][0]['data']));
2825                 $newloc['notify'] = notags(unxmlify($base['notify'][0]['data']));
2826                 $newloc['poll'] = notags(unxmlify($base['poll'][0]['data']));
2827                 $newloc['sitepubkey'] = notags(unxmlify($base['sitepubkey'][0]['data']));
2828                 /** relocated user must have original key pair */
2829                 /*$newloc['pubkey'] = notags(unxmlify($base['pubkey'][0]['data']));
2830                 $newloc['prvkey'] = notags(unxmlify($base['prvkey'][0]['data']));*/
2831
2832                 logger("items:relocate contact ".print_r($newloc, true).print_r($importer, true), LOGGER_DEBUG);
2833
2834                 // update contact
2835                 $r = q("SELECT photo, url FROM contact WHERE id=%d AND uid=%d;",
2836                         intval($importer['id']),
2837                         intval($importer['importer_uid']));
2838                 if ($r === false)
2839                         return 1;
2840                 $old = $r[0];
2841
2842                 $x = q("UPDATE contact SET
2843                                         name = '%s',
2844                                         photo = '%s',
2845                                         thumb = '%s',
2846                                         micro = '%s',
2847                                         url = '%s',
2848                                         request = '%s',
2849                                         confirm = '%s',
2850                                         notify = '%s',
2851                                         poll = '%s',
2852                                         `site-pubkey` = '%s'
2853                         WHERE id=%d AND uid=%d;",
2854                                         dbesc($newloc['name']),
2855                                         dbesc($newloc['photo']),
2856                                         dbesc($newloc['thumb']),
2857                                         dbesc($newloc['micro']),
2858                                         dbesc($newloc['url']),
2859                                         dbesc($newloc['request']),
2860                                         dbesc($newloc['confirm']),
2861                                         dbesc($newloc['notify']),
2862                                         dbesc($newloc['poll']),
2863                                         dbesc($newloc['sitepubkey']),
2864                                         intval($importer['id']),
2865                                         intval($importer['importer_uid']));
2866
2867                 if ($x === false)
2868                         return 1;
2869                 // update items
2870                 $fields = array(
2871                         'owner-link' => array($old['url'], $newloc['url']),
2872                         'author-link' => array($old['url'], $newloc['url']),
2873                         'owner-avatar' => array($old['photo'], $newloc['photo']),
2874                         'author-avatar' => array($old['photo'], $newloc['photo']),
2875                         );
2876                 foreach ($fields as $n=>$f){
2877                         $x = q("UPDATE `item` SET `%s`='%s' WHERE `%s`='%s' AND uid=%d",
2878                                         $n, dbesc($f[1]),
2879                                         $n, dbesc($f[0]),
2880                                         intval($importer['importer_uid']));
2881                                 if ($x === false)
2882                                         return 1;
2883                         }
2884
2885                 // TODO
2886                 // merge with current record, current contents have priority
2887                 // update record, set url-updated
2888                 // update profile photos
2889                 // schedule a scan?
2890                 return 0;
2891         }
2892
2893
2894         // handle friend suggestion notification
2895
2896         $sugg = $feed->get_feed_tags( NAMESPACE_DFRN, 'suggest' );
2897         if(isset($sugg[0]['child'][NAMESPACE_DFRN])) {
2898                 $base = $sugg[0]['child'][NAMESPACE_DFRN];
2899                 $fsugg = array();
2900                 $fsugg['uid'] = $importer['importer_uid'];
2901                 $fsugg['cid'] = $importer['id'];
2902                 $fsugg['name'] = notags(unxmlify($base['name'][0]['data']));
2903                 $fsugg['photo'] = notags(unxmlify($base['photo'][0]['data']));
2904                 $fsugg['url'] = notags(unxmlify($base['url'][0]['data']));
2905                 $fsugg['request'] = notags(unxmlify($base['request'][0]['data']));
2906                 $fsugg['body'] = escape_tags(unxmlify($base['note'][0]['data']));
2907
2908                 // Does our member already have a friend matching this description?
2909
2910                 $r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `nurl` = '%s' AND `uid` = %d LIMIT 1",
2911                         dbesc($fsugg['name']),
2912                         dbesc(normalise_link($fsugg['url'])),
2913                         intval($fsugg['uid'])
2914                 );
2915                 if(count($r))
2916                         return 0;
2917
2918                 // Do we already have an fcontact record for this person?
2919
2920                 $fid = 0;
2921                 $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
2922                         dbesc($fsugg['url']),
2923                         dbesc($fsugg['name']),
2924                         dbesc($fsugg['request'])
2925                 );
2926                 if(count($r)) {
2927                         $fid = $r[0]['id'];
2928
2929                         // OK, we do. Do we already have an introduction for this person ?
2930                         $r = q("select id from intro where uid = %d and fid = %d limit 1",
2931                                 intval($fsugg['uid']),
2932                                 intval($fid)
2933                         );
2934                         if(count($r))
2935                                 return 0;
2936                 }
2937                 if(! $fid)
2938                         $r = q("INSERT INTO `fcontact` ( `name`,`url`,`photo`,`request` ) VALUES ( '%s', '%s', '%s', '%s' ) ",
2939                         dbesc($fsugg['name']),
2940                         dbesc($fsugg['url']),
2941                         dbesc($fsugg['photo']),
2942                         dbesc($fsugg['request'])
2943                 );
2944                 $r = q("SELECT * FROM `fcontact` WHERE `url` = '%s' AND `name` = '%s' AND `request` = '%s' LIMIT 1",
2945                         dbesc($fsugg['url']),
2946                         dbesc($fsugg['name']),
2947                         dbesc($fsugg['request'])
2948                 );
2949                 if(count($r)) {
2950                         $fid = $r[0]['id'];
2951                 }
2952                 // database record did not get created. Quietly give up.
2953                 else
2954                         return 0;
2955
2956
2957                 $hash = random_string();
2958
2959                 $r = q("INSERT INTO `intro` ( `uid`, `fid`, `contact-id`, `note`, `hash`, `datetime`, `blocked` )
2960                         VALUES( %d, %d, %d, '%s', '%s', '%s', %d )",
2961                         intval($fsugg['uid']),
2962                         intval($fid),
2963                         intval($fsugg['cid']),
2964                         dbesc($fsugg['body']),
2965                         dbesc($hash),
2966                         dbesc(datetime_convert()),
2967                         intval(0)
2968                 );
2969
2970                 notification(array(
2971                         'type'         => NOTIFY_SUGGEST,
2972                         'notify_flags' => $importer['notify-flags'],
2973                         'language'     => $importer['language'],
2974                         'to_name'      => $importer['username'],
2975                         'to_email'     => $importer['email'],
2976                         'uid'          => $importer['importer_uid'],
2977                         'item'         => $fsugg,
2978                         'link'         => $a->get_baseurl() . '/notifications/intros',
2979                         'source_name'  => $importer['name'],
2980                         'source_link'  => $importer['url'],
2981                         'source_photo' => $importer['photo'],
2982                         'verb'         => ACTIVITY_REQ_FRIEND,
2983                         'otype'        => 'intro'
2984                 ));
2985
2986                 return 0;
2987         }
2988
2989         $ismail = false;
2990
2991         $rawmail = $feed->get_feed_tags( NAMESPACE_DFRN, 'mail' );
2992         if(isset($rawmail[0]['child'][NAMESPACE_DFRN])) {
2993
2994                 logger('local_delivery: private message received');
2995
2996                 $ismail = true;
2997                 $base = $rawmail[0]['child'][NAMESPACE_DFRN];
2998
2999                 $msg = array();
3000                 $msg['uid'] = $importer['importer_uid'];
3001                 $msg['from-name'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['name'][0]['data']));
3002                 $msg['from-photo'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']));
3003                 $msg['from-url'] = notags(unxmlify($base['sender'][0]['child'][NAMESPACE_DFRN]['uri'][0]['data']));
3004                 $msg['contact-id'] = $importer['id'];
3005                 $msg['title'] = notags(unxmlify($base['subject'][0]['data']));
3006                 $msg['body'] = escape_tags(unxmlify($base['content'][0]['data']));
3007                 $msg['seen'] = 0;
3008                 $msg['replied'] = 0;
3009                 $msg['uri'] = notags(unxmlify($base['id'][0]['data']));
3010                 $msg['parent-uri'] = notags(unxmlify($base['in-reply-to'][0]['data']));
3011                 $msg['created'] = datetime_convert(notags(unxmlify('UTC','UTC',$base['sentdate'][0]['data'])));
3012
3013                 dbesc_array($msg);
3014
3015                 $r = dbq("INSERT INTO `mail` (`" . implode("`, `", array_keys($msg))
3016                         . "`) VALUES ('" . implode("', '", array_values($msg)) . "')" );
3017
3018                 // send notifications.
3019
3020                 require_once('include/enotify.php');
3021
3022                 $notif_params = array(
3023                         'type' => NOTIFY_MAIL,
3024                         'notify_flags' => $importer['notify-flags'],
3025                         'language' => $importer['language'],
3026                         'to_name' => $importer['username'],
3027                         'to_email' => $importer['email'],
3028                         'uid' => $importer['importer_uid'],
3029                         'item' => $msg,
3030                         'source_name' => $msg['from-name'],
3031                         'source_link' => $importer['url'],
3032                         'source_photo' => $importer['thumb'],
3033                         'verb' => ACTIVITY_POST,
3034                         'otype' => 'mail'
3035                 );
3036
3037                 notification($notif_params);
3038                 return 0;
3039
3040                 // NOTREACHED
3041         }
3042
3043         $community_page = 0;
3044         $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
3045         if($rawtags) {
3046                 $community_page = intval($rawtags[0]['data']);
3047         }
3048         if(intval($importer['forum']) != $community_page) {
3049                 q("update contact set forum = %d where id = %d",
3050                         intval($community_page),
3051                         intval($importer['id'])
3052                 );
3053                 $importer['forum'] = (string) $community_page;
3054         }
3055
3056         logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
3057
3058         // process any deleted entries
3059
3060         $del_entries = $feed->get_feed_tags(NAMESPACE_TOMB, 'deleted-entry');
3061         if(is_array($del_entries) && count($del_entries)) {
3062                 foreach($del_entries as $dentry) {
3063                         $deleted = false;
3064                         if(isset($dentry['attribs']['']['ref'])) {
3065                                 $uri = $dentry['attribs']['']['ref'];
3066                                 $deleted = true;
3067                                 if(isset($dentry['attribs']['']['when'])) {
3068                                         $when = $dentry['attribs']['']['when'];
3069                                         $when = datetime_convert('UTC','UTC', $when, 'Y-m-d H:i:s');
3070                                 }
3071                                 else
3072                                         $when = datetime_convert('UTC','UTC','now','Y-m-d H:i:s');
3073                         }
3074                         if($deleted) {
3075
3076                                 // check for relayed deletes to our conversation
3077
3078                                 $is_reply = false;
3079                                 $r = q("select * from item where uri = '%s' and uid = %d limit 1",
3080                                         dbesc($uri),
3081                                         intval($importer['importer_uid'])
3082                                 );
3083                                 if(count($r)) {
3084                                         $parent_uri = $r[0]['parent-uri'];
3085                                         if($r[0]['id'] != $r[0]['parent'])
3086                                                 $is_reply = true;
3087                                 }
3088
3089                                 if($is_reply) {
3090                                         $community = false;
3091
3092                                         if($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP ) {
3093                                                 $sql_extra = '';
3094                                                 $community = true;
3095                                                 logger('local_delivery: possible community delete');
3096                                         }
3097                                         else
3098                                                 $sql_extra = " and contact.self = 1 and item.wall = 1 ";
3099
3100                                         // was the top-level post for this reply written by somebody on this site?
3101                                         // Specifically, the recipient?
3102
3103                                         $is_a_remote_delete = false;
3104
3105                                         // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used?
3106                                         $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`,
3107                                                 `contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item`
3108                                                 INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
3109                                                 WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')
3110                                                 AND `item`.`uid` = %d
3111                                                 $sql_extra
3112                                                 LIMIT 1",
3113                                                 dbesc($parent_uri),
3114                                                 dbesc($parent_uri),
3115                                                 dbesc($parent_uri),
3116                                                 intval($importer['importer_uid'])
3117                                         );
3118                                         if($r && count($r))
3119                                                 $is_a_remote_delete = true;
3120
3121                                         // Does this have the characteristics of a community or private group comment?
3122                                         // If it's a reply to a wall post on a community/prvgroup page it's a
3123                                         // valid community comment. Also forum_mode makes it valid for sure.
3124                                         // If neither, it's not.
3125
3126                                         if($is_a_remote_delete && $community) {
3127                                                 if((! $r[0]['forum_mode']) && (! $r[0]['wall'])) {
3128                                                         $is_a_remote_delete = false;
3129                                                         logger('local_delivery: not a community delete');
3130                                                 }
3131                                         }
3132
3133                                         if($is_a_remote_delete) {
3134                                                 logger('local_delivery: received remote delete');
3135                                         }
3136                                 }
3137
3138                                 $r = q("SELECT `item`.*, `contact`.`self` FROM `item` INNER JOIN contact on `item`.`contact-id` = `contact`.`id`
3139                                         WHERE `uri` = '%s' AND `item`.`uid` = %d AND `contact-id` = %d AND NOT `item`.`file` LIKE '%%[%%' LIMIT 1",
3140                                         dbesc($uri),
3141                                         intval($importer['importer_uid']),
3142                                         intval($importer['id'])
3143                                 );
3144
3145                                 if(count($r)) {
3146                                         $item = $r[0];
3147
3148                                         if($item['deleted'])
3149                                                 continue;
3150
3151                                         logger('local_delivery: deleting item ' . $item['id'] . ' uri=' . $item['uri'], LOGGER_DEBUG);
3152
3153                                         if(($item['verb'] === ACTIVITY_TAG) && ($item['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
3154                                                 $xo = parse_xml_string($item['object'],false);
3155                                                 $xt = parse_xml_string($item['target'],false);
3156
3157                                                 if($xt->type === ACTIVITY_OBJ_NOTE) {
3158                                                         $i = q("select * from `item` where uri = '%s' and uid = %d limit 1",
3159                                                                 dbesc($xt->id),
3160                                                                 intval($importer['importer_uid'])
3161                                                         );
3162                                                         if(count($i)) {
3163
3164                                                                 // For tags, the owner cannot remove the tag on the author's copy of the post.
3165
3166                                                                 $owner_remove = (($item['contact-id'] == $i[0]['contact-id']) ? true: false);
3167                                                                 $author_remove = (($item['origin'] && $item['self']) ? true : false);
3168                                                                 $author_copy = (($item['origin']) ? true : false);
3169
3170                                                                 if($owner_remove && $author_copy)
3171                                                                         continue;
3172                                                                 if($author_remove || $owner_remove) {
3173                                                                         $tags = explode(',',$i[0]['tag']);
3174                                                                         $newtags = array();
3175                                                                         if(count($tags)) {
3176                                                                                 foreach($tags as $tag)
3177                                                                                         if(trim($tag) !== trim($xo->body))
3178                                                                                                 $newtags[] = trim($tag);
3179                                                                         }
3180                                                                         q("update item set tag = '%s' where id = %d",
3181                                                                                 dbesc(implode(',',$newtags)),
3182                                                                                 intval($i[0]['id'])
3183                                                                         );
3184                                                                         create_tags_from_item($i[0]['id']);
3185                                                                 }
3186                                                         }
3187                                                 }
3188                                         }
3189
3190                                         if($item['uri'] == $item['parent-uri']) {
3191                                                 $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',
3192                                                         `body` = '', `title` = ''
3193                                                         WHERE `parent-uri` = '%s' AND `uid` = %d",
3194                                                         dbesc($when),
3195                                                         dbesc(datetime_convert()),
3196                                                         dbesc($item['uri']),
3197                                                         intval($importer['importer_uid'])
3198                                                 );
3199                                                 create_tags_from_itemuri($item['uri'], $importer['importer_uid']);
3200                                                 create_files_from_itemuri($item['uri'], $importer['importer_uid']);
3201                                                 update_thread_uri($item['uri'], $importer['importer_uid']);
3202                                         }
3203                                         else {
3204                                                 $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s',
3205                                                         `body` = '', `title` = ''
3206                                                         WHERE `uri` = '%s' AND `uid` = %d",
3207                                                         dbesc($when),
3208                                                         dbesc(datetime_convert()),
3209                                                         dbesc($uri),
3210                                                         intval($importer['importer_uid'])
3211                                                 );
3212                                                 create_tags_from_itemuri($uri, $importer['importer_uid']);
3213                                                 create_files_from_itemuri($uri, $importer['importer_uid']);
3214                                                 update_thread_uri($uri, $importer['importer_uid']);
3215                                                 if($item['last-child']) {
3216                                                         // ensure that last-child is set in case the comment that had it just got wiped.
3217                                                         q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ",
3218                                                                 dbesc(datetime_convert()),
3219                                                                 dbesc($item['parent-uri']),
3220                                                                 intval($item['uid'])
3221                                                         );
3222                                                         // who is the last child now?
3223                                                         $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d
3224                                                                 ORDER BY `created` DESC LIMIT 1",
3225                                                                         dbesc($item['parent-uri']),
3226                                                                         intval($importer['importer_uid'])
3227                                                         );
3228                                                         if(count($r)) {
3229                                                                 q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d",
3230                                                                         intval($r[0]['id'])
3231                                                                 );
3232                                                         }
3233                                                 }
3234                                                 // if this is a relayed delete, propagate it to other recipients
3235
3236                                                 if($is_a_remote_delete)
3237                                                         proc_run('php',"include/notifier.php","drop",$item['id']);
3238                                         }
3239                                 }
3240                         }
3241                 }
3242         }
3243
3244
3245         foreach($feed->get_items() as $item) {
3246
3247                 $is_reply = false;
3248                 $item_id = $item->get_id();
3249                 $rawthread = $item->get_item_tags( NAMESPACE_THREAD, 'in-reply-to');
3250                 if(isset($rawthread[0]['attribs']['']['ref'])) {
3251                         $is_reply = true;
3252                         $parent_uri = $rawthread[0]['attribs']['']['ref'];
3253                 }
3254
3255                 if($is_reply) {
3256                         $community = false;
3257
3258                         if($importer['page-flags'] == PAGE_COMMUNITY || $importer['page-flags'] == PAGE_PRVGROUP ) {
3259                                 $sql_extra = '';
3260                                 $community = true;
3261                                 logger('local_delivery: possible community reply');
3262                         }
3263                         else
3264                                 $sql_extra = " and contact.self = 1 and item.wall = 1 ";
3265
3266                         // was the top-level post for this reply written by somebody on this site?
3267                         // Specifically, the recipient?
3268
3269                         $is_a_remote_comment = false;
3270                         $top_uri = $parent_uri;
3271
3272                         $r = q("select `item`.`parent-uri` from `item`
3273                                 WHERE `item`.`uri` = '%s'
3274                                 LIMIT 1",
3275                                 dbesc($parent_uri)
3276                         );
3277                         if($r && count($r)) {
3278                                 $top_uri = $r[0]['parent-uri'];
3279
3280                                 // POSSIBLE CLEANUP --> Why select so many fields when only forum_mode and wall are used?
3281                                 $r = q("select `item`.`id`, `item`.`uri`, `item`.`tag`, `item`.`forum_mode`,`item`.`origin`,`item`.`wall`,
3282                                         `contact`.`name`, `contact`.`url`, `contact`.`thumb` from `item`
3283                                         INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
3284                                         WHERE `item`.`uri` = '%s' AND (`item`.`parent-uri` = '%s' or `item`.`thr-parent` = '%s')
3285                                         AND `item`.`uid` = %d
3286                                         $sql_extra
3287                                         LIMIT 1",
3288                                         dbesc($top_uri),
3289                                         dbesc($top_uri),
3290                                         dbesc($top_uri),
3291                                         intval($importer['importer_uid'])
3292                                 );
3293                                 if($r && count($r))
3294                                         $is_a_remote_comment = true;
3295                         }
3296
3297                         // Does this have the characteristics of a community or private group comment?
3298                         // If it's a reply to a wall post on a community/prvgroup page it's a
3299                         // valid community comment. Also forum_mode makes it valid for sure.
3300                         // If neither, it's not.
3301
3302                         if($is_a_remote_comment && $community) {
3303                                 if((! $r[0]['forum_mode']) && (! $r[0]['wall'])) {
3304                                         $is_a_remote_comment = false;
3305                                         logger('local_delivery: not a community reply');
3306                                 }
3307                         }
3308
3309                         if($is_a_remote_comment) {
3310                                 logger('local_delivery: received remote comment');
3311                                 $is_like = false;
3312                                 // remote reply to our post. Import and then notify everybody else.
3313
3314                                 $datarray = get_atom_elements($feed, $item);
3315
3316                                 $r = q("SELECT `id`, `uid`, `last-child`, `edited`, `body`  FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
3317                                         dbesc($item_id),
3318                                         intval($importer['importer_uid'])
3319                                 );
3320
3321                                 // Update content if 'updated' changes
3322
3323                                 if(count($r)) {
3324                                         $iid = $r[0]['id'];
3325                                         if (edited_timestamp_is_newer($r[0], $datarray)) {
3326
3327                                                 // do not accept (ignore) an earlier edit than one we currently have.
3328                                                 if(datetime_convert('UTC','UTC',$datarray['edited']) < $r[0]['edited'])
3329                                                         continue;
3330
3331                                                 logger('received updated comment' , LOGGER_DEBUG);
3332                                                 $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
3333                                                         dbesc($datarray['title']),
3334                                                         dbesc($datarray['body']),
3335                                                         dbesc($datarray['tag']),
3336                                                         dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
3337                                                         dbesc(datetime_convert()),
3338                                                         dbesc($item_id),
3339                                                         intval($importer['importer_uid'])
3340                                                 );
3341                                                 create_tags_from_itemuri($item_id, $importer['importer_uid']);
3342
3343                                                 proc_run('php',"include/notifier.php","comment-import",$iid);
3344
3345                                         }
3346
3347                                         continue;
3348                                 }
3349
3350
3351
3352                                 $own = q("select name,url,thumb from contact where uid = %d and self = 1 limit 1",
3353                                         intval($importer['importer_uid'])
3354                                 );
3355
3356
3357                                 $datarray['type'] = 'remote-comment';
3358                                 $datarray['wall'] = 1;
3359                                 $datarray['parent-uri'] = $parent_uri;
3360                                 $datarray['uid'] = $importer['importer_uid'];
3361                                 $datarray['owner-name'] = $own[0]['name'];
3362                                 $datarray['owner-link'] = $own[0]['url'];
3363                                 $datarray['owner-avatar'] = $own[0]['thumb'];
3364                                 $datarray['contact-id'] = $importer['id'];
3365
3366                                 if(($datarray['verb'] === ACTIVITY_LIKE) || ($datarray['verb'] === ACTIVITY_DISLIKE)) {
3367                                         $is_like = true;
3368                                         $datarray['type'] = 'activity';
3369                                         $datarray['gravity'] = GRAVITY_LIKE;
3370                                         $datarray['last-child'] = 0;
3371                                         // only one like or dislike per person
3372                                         // splitted into two queries for performance issues
3373                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb = '%s' and (`parent-uri` = '%s') and deleted = 0 limit 1",
3374                                                 intval($datarray['uid']),
3375                                                 intval($datarray['contact-id']),
3376                                                 dbesc($datarray['verb']),
3377                                                 dbesc($datarray['parent-uri'])
3378
3379                                         );
3380                                         if($r && count($r))
3381                                                 continue;
3382
3383                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb = '%s' and (`thr-parent` = '%s') and deleted = 0 limit 1",
3384                                                 intval($datarray['uid']),
3385                                                 intval($datarray['contact-id']),
3386                                                 dbesc($datarray['verb']),
3387                                                 dbesc($datarray['parent-uri'])
3388
3389                                         );
3390                                         if($r && count($r))
3391                                                 continue;
3392                                 }
3393
3394                                 if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
3395
3396                                         $xo = parse_xml_string($datarray['object'],false);
3397                                         $xt = parse_xml_string($datarray['target'],false);
3398
3399                                         if(($xt->type == ACTIVITY_OBJ_NOTE) && ($xt->id)) {
3400
3401                                                 // fetch the parent item
3402
3403                                                 $tagp = q("select * from item where uri = '%s' and uid = %d limit 1",
3404                                                         dbesc($xt->id),
3405                                                         intval($importer['importer_uid'])
3406                                                 );
3407                                                 if(! count($tagp))
3408                                                         continue;
3409
3410                                                 // extract tag, if not duplicate, and this user allows tags, add to parent item
3411
3412                                                 if($xo->id && $xo->content) {
3413                                                         $newtag = '#[url=' . $xo->id . ']'. $xo->content . '[/url]';
3414                                                         if(! (stristr($tagp[0]['tag'],$newtag))) {
3415                                                                 $i = q("SELECT `blocktags` FROM `user` where `uid` = %d LIMIT 1",
3416                                                                         intval($importer['importer_uid'])
3417                                                                 );
3418                                                                 if(count($i) && ! intval($i[0]['blocktags'])) {
3419                                                                         q("UPDATE item SET tag = '%s', `edited` = '%s', `changed` = '%s' WHERE id = %d",
3420                                                                                 dbesc($tagp[0]['tag'] . (strlen($tagp[0]['tag']) ? ',' : '') . $newtag),
3421                                                                                 intval($tagp[0]['id']),
3422                                                                                 dbesc(datetime_convert()),
3423                                                                                 dbesc(datetime_convert())
3424                                                                         );
3425                                                                         create_tags_from_item($tagp[0]['id']);
3426                                                                 }
3427                                                         }
3428                                                 }
3429                                         }
3430                                 }
3431
3432
3433                                 $posted_id = item_store($datarray);
3434                                 $parent = 0;
3435
3436                                 if($posted_id) {
3437                                         $r = q("SELECT `parent`, `parent-uri` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
3438                                                 intval($posted_id),
3439                                                 intval($importer['importer_uid'])
3440                                         );
3441                                         if(count($r)) {
3442                                                 $parent = $r[0]['parent'];
3443                                                 $parent_uri = $r[0]['parent-uri'];
3444                                         }
3445
3446                                         if(! $is_like) {
3447                                                 $r1 = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `uid` = %d AND `parent` = %d",
3448                                                         dbesc(datetime_convert()),
3449                                                         intval($importer['importer_uid']),
3450                                                         intval($r[0]['parent'])
3451                                                 );
3452
3453                                                 $r2 = q("UPDATE `item` SET `last-child` = 1, `changed` = '%s' WHERE `uid` = %d AND `id` = %d",
3454                                                         dbesc(datetime_convert()),
3455                                                         intval($importer['importer_uid']),
3456                                                         intval($posted_id)
3457                                                 );
3458                                         }
3459
3460                                         if($posted_id && $parent) {
3461
3462                                                 proc_run('php',"include/notifier.php","comment-import","$posted_id");
3463
3464                                                 if((! $is_like) && (! $importer['self'])) {
3465
3466                                                         require_once('include/enotify.php');
3467
3468                                                         notification(array(
3469                                                                 'type'         => NOTIFY_COMMENT,
3470                                                                 'notify_flags' => $importer['notify-flags'],
3471                                                                 'language'     => $importer['language'],
3472                                                                 'to_name'      => $importer['username'],
3473                                                                 'to_email'     => $importer['email'],
3474                                                                 'uid'          => $importer['importer_uid'],
3475                                                                 'item'         => $datarray,
3476                                                                 'link'             => $a->get_baseurl().'/display/'.urlencode(get_item_guid($posted_id)),
3477                                                                 'source_name'  => stripslashes($datarray['author-name']),
3478                                                                 'source_link'  => $datarray['author-link'],
3479                                                                 'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
3480                                                                         ? $importer['thumb'] : $datarray['author-avatar']),
3481                                                                 'verb'         => ACTIVITY_POST,
3482                                                                 'otype'        => 'item',
3483                                                                 'parent'       => $parent,
3484                                                                 'parent_uri'   => $parent_uri,
3485                                                         ));
3486
3487                                                 }
3488                                         }
3489
3490                                         return 0;
3491                                         // NOTREACHED
3492                                 }
3493                         }
3494                         else {
3495
3496                                 // regular comment that is part of this total conversation. Have we seen it? If not, import it.
3497
3498                                 $item_id  = $item->get_id();
3499                                 $datarray = get_atom_elements($feed,$item);
3500
3501                                 if($importer['rel'] == CONTACT_IS_FOLLOWER)
3502                                         continue;
3503
3504                                 $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
3505                                         dbesc($item_id),
3506                                         intval($importer['importer_uid'])
3507                                 );
3508
3509                                 // Update content if 'updated' changes
3510
3511                                 if(count($r)) {
3512                                         if (edited_timestamp_is_newer($r[0], $datarray)) {
3513
3514                                                 // do not accept (ignore) an earlier edit than one we currently have.
3515                                                 if(datetime_convert('UTC','UTC',$datarray['edited']) < $r[0]['edited'])
3516                                                         continue;
3517
3518                                                 $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
3519                                                         dbesc($datarray['title']),
3520                                                         dbesc($datarray['body']),
3521                                                         dbesc($datarray['tag']),
3522                                                         dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
3523                                                         dbesc(datetime_convert()),
3524                                                         dbesc($item_id),
3525                                                         intval($importer['importer_uid'])
3526                                                 );
3527                                                 create_tags_from_itemuri($item_id, $importer['importer_uid']);
3528                                         }
3529
3530                                         // update last-child if it changes
3531
3532                                         $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow');
3533                                         if(($allow) && ($allow[0]['data'] != $r[0]['last-child'])) {
3534                                                 $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d",
3535                                                         dbesc(datetime_convert()),
3536                                                         dbesc($parent_uri),
3537                                                         intval($importer['importer_uid'])
3538                                                 );
3539                                                 $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s'  WHERE `uri` = '%s' AND `uid` = %d",
3540                                                         intval($allow[0]['data']),
3541                                                         dbesc(datetime_convert()),
3542                                                         dbesc($item_id),
3543                                                         intval($importer['importer_uid'])
3544                                                 );
3545                                         }
3546                                         continue;
3547                                 }
3548
3549                                 $datarray['parent-uri'] = $parent_uri;
3550                                 $datarray['uid'] = $importer['importer_uid'];
3551                                 $datarray['contact-id'] = $importer['id'];
3552                                 if(($datarray['verb'] == ACTIVITY_LIKE) || ($datarray['verb'] == ACTIVITY_DISLIKE)) {
3553                                         $datarray['type'] = 'activity';
3554                                         $datarray['gravity'] = GRAVITY_LIKE;
3555                                         // only one like or dislike per person
3556                                         // splitted into two queries for performance issues
3557                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`parent-uri` = '%s') limit 1",
3558                                                 intval($datarray['uid']),
3559                                                 intval($datarray['contact-id']),
3560                                                 dbesc($datarray['verb']),
3561                                                 dbesc($parent_uri)
3562                                         );
3563                                         if($r && count($r))
3564                                                 continue;
3565
3566                                         $r = q("select id from item where uid = %d and `contact-id` = %d and verb ='%s' and deleted = 0 and (`thr-parent` = '%s') limit 1",
3567                                                 intval($datarray['uid']),
3568                                                 intval($datarray['contact-id']),
3569                                                 dbesc($datarray['verb']),
3570                                                 dbesc($parent_uri)
3571                                         );
3572                                         if($r && count($r))
3573                                                 continue;
3574
3575                                 }
3576
3577                                 if(($datarray['verb'] === ACTIVITY_TAG) && ($datarray['object-type'] === ACTIVITY_OBJ_TAGTERM)) {
3578
3579                                         $xo = parse_xml_string($datarray['object'],false);
3580                                         $xt = parse_xml_string($datarray['target'],false);
3581
3582                                         if($xt->type == ACTIVITY_OBJ_NOTE) {
3583                                                 $r = q("select * from item where `uri` = '%s' AND `uid` = %d limit 1",
3584                                                         dbesc($xt->id),
3585                                                         intval($importer['importer_uid'])
3586                                                 );
3587                                                 if(! count($r))
3588                                                         continue;
3589
3590                                                 // extract tag, if not duplicate, add to parent item
3591                                                 if($xo->content) {
3592                                                         if(! (stristr($r[0]['tag'],trim($xo->content)))) {
3593                                                                 q("UPDATE item SET tag = '%s' WHERE id = %d",
3594                                                                         dbesc($r[0]['tag'] . (strlen($r[0]['tag']) ? ',' : '') . '#[url=' . $xo->id . ']'. $xo->content . '[/url]'),
3595                                                                         intval($r[0]['id'])
3596                                                                 );
3597                                                                 create_tags_from_item($r[0]['id']);
3598                                                         }
3599                                                 }
3600                                         }
3601                                 }
3602
3603                                 $posted_id = item_store($datarray);
3604
3605                                 // find out if our user is involved in this conversation and wants to be notified.
3606
3607                                 if(!x($datarray['type']) || $datarray['type'] != 'activity') {
3608
3609                                         $myconv = q("SELECT `author-link`, `author-avatar`, `parent` FROM `item` WHERE `parent-uri` = '%s' AND `uid` = %d AND `parent` != 0 AND `deleted` = 0",
3610                                                 dbesc($top_uri),
3611                                                 intval($importer['importer_uid'])
3612                                         );
3613
3614                                         if(count($myconv)) {
3615                                                 $importer_url = $a->get_baseurl() . '/profile/' . $importer['nickname'];
3616
3617                                                 // first make sure this isn't our own post coming back to us from a wall-to-wall event
3618                                                 if(! link_compare($datarray['author-link'],$importer_url)) {
3619
3620
3621                                                         foreach($myconv as $conv) {
3622
3623                                                                 // now if we find a match, it means we're in this conversation
3624
3625                                                                 if(! link_compare($conv['author-link'],$importer_url))
3626                                                                         continue;
3627
3628                                                                 require_once('include/enotify.php');
3629
3630                                                                 $conv_parent = $conv['parent'];
3631
3632                                                                 notification(array(
3633                                                                         'type'         => NOTIFY_COMMENT,
3634                                                                         'notify_flags' => $importer['notify-flags'],
3635                                                                         'language'     => $importer['language'],
3636                                                                         'to_name'      => $importer['username'],
3637                                                                         'to_email'     => $importer['email'],
3638                                                                         'uid'          => $importer['importer_uid'],
3639                                                                         'item'         => $datarray,
3640                                                                         'link'             => $a->get_baseurl().'/display/'.urlencode(get_item_guid($posted_id)),
3641                                                                         'source_name'  => stripslashes($datarray['author-name']),
3642                                                                         'source_link'  => $datarray['author-link'],
3643                                                                         'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
3644                                                                                 ? $importer['thumb'] : $datarray['author-avatar']),
3645                                                                         'verb'         => ACTIVITY_POST,
3646                                                                         'otype'        => 'item',
3647                                                                         'parent'       => $conv_parent,
3648                                                                         'parent_uri'   => $parent_uri
3649
3650                                                                 ));
3651
3652                                                                 // only send one notification
3653                                                                 break;
3654                                                         }
3655                                                 }
3656                                         }
3657                                 }
3658                                 continue;
3659                         }
3660                 }
3661
3662                 else {
3663
3664                         // Head post of a conversation. Have we seen it? If not, import it.
3665
3666
3667                         $item_id  = $item->get_id();
3668                         $datarray = get_atom_elements($feed,$item);
3669
3670                         if((x($datarray,'object-type')) && ($datarray['object-type'] === ACTIVITY_OBJ_EVENT)) {
3671                                 $ev = bbtoevent($datarray['body']);
3672                                 if(x($ev,'desc') && x($ev,'start')) {
3673                                         $ev['cid'] = $importer['id'];
3674                                         $ev['uid'] = $importer['uid'];
3675                                         $ev['uri'] = $item_id;
3676                                         $ev['edited'] = $datarray['edited'];
3677                                         $ev['private'] = $datarray['private'];
3678
3679                                         $r = q("SELECT * FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
3680                                                 dbesc($item_id),
3681                                                 intval($importer['uid'])
3682                                         );
3683                                         if(count($r))
3684                                                 $ev['id'] = $r[0]['id'];
3685                                         $xyz = event_store($ev);
3686                                         continue;
3687                                 }
3688                         }
3689
3690                         $r = q("SELECT `uid`, `last-child`, `edited`, `body` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
3691                                 dbesc($item_id),
3692                                 intval($importer['importer_uid'])
3693                         );
3694
3695                         // Update content if 'updated' changes
3696
3697                         if(count($r)) {
3698                                 if (edited_timestamp_is_newer($r[0], $datarray)) {
3699
3700                                         // do not accept (ignore) an earlier edit than one we currently have.
3701                                         if(datetime_convert('UTC','UTC',$datarray['edited']) < $r[0]['edited'])
3702                                                 continue;
3703
3704                                         $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `edited` = '%s', `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
3705                                                 dbesc($datarray['title']),
3706                                                 dbesc($datarray['body']),
3707                                                 dbesc($datarray['tag']),
3708                                                 dbesc(datetime_convert('UTC','UTC',$datarray['edited'])),
3709                                                 dbesc(datetime_convert()),
3710                                                 dbesc($item_id),
3711                                                 intval($importer['importer_uid'])
3712                                         );
3713                                         create_tags_from_itemuri($item_id, $importer['importer_uid']);
3714                                         update_thread_uri($item_id, $importer['importer_uid']);
3715                                 }
3716
3717                                 // update last-child if it changes
3718
3719                                 $allow = $item->get_item_tags( NAMESPACE_DFRN, 'comment-allow');
3720                                 if($allow && $allow[0]['data'] != $r[0]['last-child']) {
3721                                         $r = q("UPDATE `item` SET `last-child` = %d , `changed` = '%s' WHERE `uri` = '%s' AND `uid` = %d",
3722                                                 intval($allow[0]['data']),
3723                                                 dbesc(datetime_convert()),
3724                                                 dbesc($item_id),
3725                                                 intval($importer['importer_uid'])
3726                                         );
3727                                 }
3728                                 continue;
3729                         }
3730
3731                         $datarray['parent-uri'] = $item_id;
3732                         $datarray['uid'] = $importer['importer_uid'];
3733                         $datarray['contact-id'] = $importer['id'];
3734
3735
3736                         if(! link_compare($datarray['owner-link'],$importer['url'])) {
3737                                 // The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery,
3738                                 // but otherwise there's a possible data mixup on the sender's system.
3739                                 // the tgroup delivery code called from item_store will correct it if it's a forum,
3740                                 // but we're going to unconditionally correct it here so that the post will always be owned by our contact.
3741                                 logger('local_delivery: Correcting item owner.', LOGGER_DEBUG);
3742                                 $datarray['owner-name']   = $importer['senderName'];
3743                                 $datarray['owner-link']   = $importer['url'];
3744                                 $datarray['owner-avatar'] = $importer['thumb'];
3745                         }
3746
3747                         if(($importer['rel'] == CONTACT_IS_FOLLOWER) && (! tgroup_check($importer['importer_uid'],$datarray)))
3748                                 continue;
3749
3750                         // This is my contact on another system, but it's really me.
3751                         // Turn this into a wall post.
3752                         $notify = item_is_remote_self($importer, $datarray);
3753
3754                         $posted_id = item_store($datarray, false, $notify);
3755
3756                         if(stristr($datarray['verb'],ACTIVITY_POKE)) {
3757                                 $verb = urldecode(substr($datarray['verb'],strpos($datarray['verb'],'#')+1));
3758                                 if(! $verb)
3759                                         continue;
3760                                 $xo = parse_xml_string($datarray['object'],false);
3761
3762                                 if(($xo->type == ACTIVITY_OBJ_PERSON) && ($xo->id)) {
3763
3764                                         // somebody was poked/prodded. Was it me?
3765
3766                                         $links = parse_xml_string("<links>".unxmlify($xo->link)."</links>",false);
3767
3768                                 foreach($links->link as $l) {
3769                                 $atts = $l->attributes();
3770                                 switch($atts['rel']) {
3771                                         case "alternate":
3772                                                                 $Blink = $atts['href'];
3773                                                                 break;
3774                                                         default:
3775                                                                 break;
3776                                     }
3777                                 }
3778                                         if($Blink && link_compare($Blink,$a->get_baseurl() . '/profile/' . $importer['nickname'])) {
3779
3780                                                 // send a notification
3781                                                 require_once('include/enotify.php');
3782
3783                                                 notification(array(
3784                                                         'type'         => NOTIFY_POKE,
3785                                                         'notify_flags' => $importer['notify-flags'],
3786                                                         'language'     => $importer['language'],
3787                                                         'to_name'      => $importer['username'],
3788                                                         'to_email'     => $importer['email'],
3789                                                         'uid'          => $importer['importer_uid'],
3790                                                         'item'         => $datarray,
3791                                                         'link'             => $a->get_baseurl().'/display/'.urlencode(get_item_guid($posted_id)),
3792                                                         'source_name'  => stripslashes($datarray['author-name']),
3793                                                         'source_link'  => $datarray['author-link'],
3794                                                         'source_photo' => ((link_compare($datarray['author-link'],$importer['url']))
3795                                                                 ? $importer['thumb'] : $datarray['author-avatar']),
3796                                                         'verb'         => $datarray['verb'],
3797                                                         'otype'        => 'person',
3798                                                         'activity'     => $verb,
3799
3800                                                 ));
3801                                         }
3802                                 }
3803                         }
3804
3805                         continue;
3806                 }
3807         }
3808
3809         return 0;
3810         // NOTREACHED
3811
3812 }
3813
3814
3815 function new_follower($importer,$contact,$datarray,$item,$sharing = false) {
3816         $url = notags(trim($datarray['author-link']));
3817         $name = notags(trim($datarray['author-name']));
3818         $photo = notags(trim($datarray['author-avatar']));
3819
3820         $rawtag = $item->get_item_tags(NAMESPACE_ACTIVITY,'actor');
3821         if($rawtag && $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'])
3822                 $nick = $rawtag[0]['child'][NAMESPACE_POCO]['preferredUsername'][0]['data'];
3823
3824         if(is_array($contact)) {
3825                 if(($contact['network'] == NETWORK_OSTATUS && $contact['rel'] == CONTACT_IS_SHARING)
3826                         || ($sharing && $contact['rel'] == CONTACT_IS_FOLLOWER)) {
3827                         $r = q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d",
3828                                 intval(CONTACT_IS_FRIEND),
3829                                 intval($contact['id']),
3830                                 intval($importer['uid'])
3831                         );
3832                 }
3833                 // send email notification to owner?
3834         }
3835         else {
3836
3837                 // create contact record
3838
3839                 $r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `name`, `nick`, `photo`, `network`, `rel`,
3840                         `blocked`, `readonly`, `pending`, `writable` )
3841                         VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, 1 ) ",
3842                         intval($importer['uid']),
3843                         dbesc(datetime_convert()),
3844                         dbesc($url),
3845                         dbesc(normalise_link($url)),
3846                         dbesc($name),
3847                         dbesc($nick),
3848                         dbesc($photo),
3849                         dbesc(($sharing) ? NETWORK_ZOT : NETWORK_OSTATUS),
3850                         intval(($sharing) ? CONTACT_IS_SHARING : CONTACT_IS_FOLLOWER)
3851                 );
3852                 $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `pending` = 1 LIMIT 1",
3853                                 intval($importer['uid']),
3854                                 dbesc($url)
3855                 );
3856                 if(count($r))
3857                                 $contact_record = $r[0];
3858
3859                 // create notification
3860                 $hash = random_string();
3861
3862                 if(is_array($contact_record)) {
3863                         $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `hash`, `datetime`)
3864                                 VALUES ( %d, %d, 0, 0, '%s', '%s' )",
3865                                 intval($importer['uid']),
3866                                 intval($contact_record['id']),
3867                                 dbesc($hash),
3868                                 dbesc(datetime_convert())
3869                         );
3870                 }
3871
3872                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
3873                         intval($importer['uid'])
3874                 );
3875                 $a = get_app();
3876                 if(count($r)) {
3877
3878                         if(intval($r[0]['def_gid'])) {
3879                                 require_once('include/group.php');
3880                                 group_add_member($r[0]['uid'],'',$contact_record['id'],$r[0]['def_gid']);
3881                         }
3882
3883                         if(($r[0]['notify-flags'] & NOTIFY_INTRO) &&
3884                                 (($r[0]['page-flags'] == PAGE_NORMAL) OR ($r[0]['page-flags'] == PAGE_SOAPBOX))) {
3885
3886
3887
3888                                 notification(array(
3889                                         'type'         => NOTIFY_INTRO,
3890                                         'notify_flags' => $r[0]['notify-flags'],
3891                                         'language'     => $r[0]['language'],
3892                                         'to_name'      => $r[0]['username'],
3893                                         'to_email'     => $r[0]['email'],
3894                                         'uid'          => $r[0]['uid'],
3895                                         'link'             => $a->get_baseurl() . '/notifications/intro',
3896                                         'source_name'  => ((strlen(stripslashes($contact_record['name']))) ? stripslashes($contact_record['name']) : t('[Name Withheld]')),
3897                                         'source_link'  => $contact_record['url'],
3898                                         'source_photo' => $contact_record['photo'],
3899                                         'verb'         => ($sharing ? ACTIVITY_FRIEND : ACTIVITY_FOLLOW),
3900                                         'otype'        => 'intro'
3901                                 ));
3902
3903
3904                         }
3905                 }
3906         }
3907 }
3908
3909 function lose_follower($importer,$contact,$datarray,$item) {
3910
3911         if(($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_SHARING)) {
3912                 q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d",
3913                         intval(CONTACT_IS_SHARING),
3914                         intval($contact['id'])
3915                 );
3916         }
3917         else {
3918                 contact_remove($contact['id']);
3919         }
3920 }
3921
3922 function lose_sharer($importer,$contact,$datarray,$item) {
3923
3924         if(($contact['rel'] == CONTACT_IS_FRIEND) || ($contact['rel'] == CONTACT_IS_FOLLOWER)) {
3925                 q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d",
3926                         intval(CONTACT_IS_FOLLOWER),
3927                         intval($contact['id'])
3928                 );
3929         }
3930         else {
3931                 contact_remove($contact['id']);
3932         }
3933 }
3934
3935
3936 function subscribe_to_hub($url,$importer,$contact,$hubmode = 'subscribe') {
3937
3938         $a = get_app();
3939
3940         if(is_array($importer)) {
3941                 $r = q("SELECT `nickname` FROM `user` WHERE `uid` = %d LIMIT 1",
3942                         intval($importer['uid'])
3943                 );
3944         }
3945
3946         // Diaspora has different message-ids in feeds than they do
3947         // through the direct Diaspora protocol. If we try and use
3948         // the feed, we'll get duplicates. So don't.
3949
3950         if((! count($r)) || $contact['network'] === NETWORK_DIASPORA)
3951                 return;
3952
3953         $push_url = get_config('system','url') . '/pubsub/' . $r[0]['nickname'] . '/' . $contact['id'];
3954
3955         // Use a single verify token, even if multiple hubs
3956
3957         $verify_token = ((strlen($contact['hub-verify'])) ? $contact['hub-verify'] : random_string());
3958
3959         $params= 'hub.mode=' . $hubmode . '&hub.callback=' . urlencode($push_url) . '&hub.topic=' . urlencode($contact['poll']) . '&hub.verify=async&hub.verify_token=' . $verify_token;
3960
3961         logger('subscribe_to_hub: ' . $hubmode . ' ' . $contact['name'] . ' to hub ' . $url . ' endpoint: '  . $push_url . ' with verifier ' . $verify_token);
3962
3963         if(! strlen($contact['hub-verify'])) {
3964                 $r = q("UPDATE `contact` SET `hub-verify` = '%s' WHERE `id` = %d",
3965                         dbesc($verify_token),
3966                         intval($contact['id'])
3967                 );
3968         }
3969
3970         post_url($url,$params);
3971
3972         logger('subscribe_to_hub: returns: ' . $a->get_curl_code(), LOGGER_DEBUG);
3973
3974         return;
3975
3976 }
3977
3978
3979 function atom_author($tag,$name,$uri,$h,$w,$photo) {
3980         $o = '';
3981         if(! $tag)
3982                 return $o;
3983         $name = xmlify($name);
3984         $uri = xmlify($uri);
3985         $h = intval($h);
3986         $w = intval($w);
3987         $photo = xmlify($photo);
3988
3989
3990         $o .= "<$tag>\r\n";
3991         $o .= "<name>$name</name>\r\n";
3992         $o .= "<uri>$uri</uri>\r\n";
3993         $o .= '<link rel="photo"  type="image/jpeg" media:width="' . $w . '" media:height="' . $h . '" href="' . $photo . '" />' . "\r\n";
3994         $o .= '<link rel="avatar" type="image/jpeg" media:width="' . $w . '" media:height="' . $h . '" href="' . $photo . '" />' . "\r\n";
3995
3996         call_hooks('atom_author', $o);
3997
3998         $o .= "</$tag>\r\n";
3999         return $o;
4000 }
4001
4002 function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
4003
4004         $a = get_app();
4005
4006         if(! $item['parent'])
4007                 return;
4008
4009         if($item['deleted'])
4010                 return '<at:deleted-entry ref="' . xmlify($item['uri']) . '" when="' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '" />' . "\r\n";
4011
4012
4013         if($item['allow_cid'] || $item['allow_gid'] || $item['deny_cid'] || $item['deny_gid'])
4014                 $body = fix_private_photos($item['body'],$owner['uid'],$item,$cid);
4015         else
4016                 $body = $item['body'];
4017
4018         $o = "\r\n\r\n<entry>\r\n";
4019
4020         if(is_array($author))
4021                 $o .= atom_author('author',$author['name'],$author['url'],80,80,$author['thumb']);
4022         else
4023                 $o .= atom_author('author',(($item['author-name']) ? $item['author-name'] : $item['name']),(($item['author-link']) ? $item['author-link'] : $item['url']),80,80,(($item['author-avatar']) ? $item['author-avatar'] : $item['thumb']));
4024         if(strlen($item['owner-name']))
4025                 $o .= atom_author('dfrn:owner',$item['owner-name'],$item['owner-link'],80,80,$item['owner-avatar']);
4026
4027         if(($item['parent'] != $item['id']) || ($item['parent-uri'] !== $item['uri']) || (($item['thr-parent'] !== '') && ($item['thr-parent'] !== $item['uri']))) {
4028                 $parent_item = (($item['thr-parent']) ? $item['thr-parent'] : $item['parent-uri']);
4029                 $o .= '<thr:in-reply-to ref="' . xmlify($parent_item) . '" type="text/html" href="' .  xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['parent']) . '" />' . "\r\n";
4030         }
4031
4032         $o .= '<id>' . xmlify($item['uri']) . '</id>' . "\r\n";
4033         $o .= '<title>' . xmlify($item['title']) . '</title>' . "\r\n";
4034         $o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n";
4035         $o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n";
4036         $o .= '<dfrn:env>' . base64url_encode($body, true) . '</dfrn:env>' . "\r\n";
4037         $o .= '<content type="' . $type . '" >' . xmlify((($type === 'html') ? bbcode($body) : $body)) . '</content>' . "\r\n";
4038         $o .= '<link rel="alternate" type="text/html" href="' . xmlify($a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id']) . '" />' . "\r\n";
4039         if($comment)
4040                 $o .= '<dfrn:comment-allow>' . intval($item['last-child']) . '</dfrn:comment-allow>' . "\r\n";
4041
4042         if($item['location']) {
4043                 $o .= '<dfrn:location>' . xmlify($item['location']) . '</dfrn:location>' . "\r\n";
4044                 $o .= '<poco:address><poco:formatted>' . xmlify($item['location']) . '</poco:formatted></poco:address>' . "\r\n";
4045         }
4046
4047         if($item['coord'])
4048                 $o .= '<georss:point>' . xmlify($item['coord']) . '</georss:point>' . "\r\n";
4049
4050         if(($item['private']) || strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid']))
4051                 $o .= '<dfrn:private>' . (($item['private']) ? $item['private'] : 1) . '</dfrn:private>' . "\r\n";
4052
4053         if($item['extid'])
4054                 $o .= '<dfrn:extid>' . xmlify($item['extid']) . '</dfrn:extid>' . "\r\n";
4055         if($item['bookmark'])
4056                 $o .= '<dfrn:bookmark>true</dfrn:bookmark>' . "\r\n";
4057
4058         if($item['app'])
4059                 $o .= '<statusnet:notice_info local_id="' . $item['id'] . '" source="' . xmlify($item['app']) . '" ></statusnet:notice_info>' . "\r\n";
4060
4061         if($item['guid'])
4062                 $o .= '<dfrn:diaspora_guid>' . $item['guid'] . '</dfrn:diaspora_guid>' . "\r\n";
4063
4064         if($item['signed_text']) {
4065                 $sign = base64_encode(json_encode(array('signed_text' => $item['signed_text'],'signature' => $item['signature'],'signer' => $item['signer'])));
4066                 $o .= '<dfrn:diaspora_signature>' . xmlify($sign) . '</dfrn:diaspora_signature>' . "\r\n";
4067         }
4068
4069         $verb = construct_verb($item);
4070         $o .= '<as:verb>' . xmlify($verb) . '</as:verb>' . "\r\n";
4071         $actobj = construct_activity_object($item);
4072         if(strlen($actobj))
4073                 $o .= $actobj;
4074         $actarg = construct_activity_target($item);
4075         if(strlen($actarg))
4076                 $o .= $actarg;
4077
4078         $tags = item_getfeedtags($item);
4079         if(count($tags)) {
4080                 foreach($tags as $t) {
4081                         $o .= '<category scheme="X-DFRN:' . xmlify($t[0]) . ':' . xmlify($t[1]) . '" term="' . xmlify($t[2]) . '" />' . "\r\n";
4082                 }
4083         }
4084
4085         $o .= item_getfeedattach($item);
4086
4087         $mentioned = get_mentions($item);
4088         if($mentioned)
4089                 $o .= $mentioned;
4090
4091         call_hooks('atom_entry', $o);
4092
4093         $o .= '</entry>' . "\r\n";
4094
4095         return $o;
4096 }
4097
4098 function fix_private_photos($s, $uid, $item = null, $cid = 0) {
4099
4100         if(get_config('system','disable_embedded'))
4101                 return $s;
4102
4103         $a = get_app();
4104
4105         logger('fix_private_photos: check for photos', LOGGER_DEBUG);
4106         $site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://'));
4107
4108         $orig_body = $s;
4109         $new_body = '';
4110
4111         $img_start = strpos($orig_body, '[img');
4112         $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
4113         $img_len = ($img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false);
4114         while( ($img_st_close !== false) && ($img_len !== false) ) {
4115
4116                 $img_st_close++; // make it point to AFTER the closing bracket
4117                 $image = substr($orig_body, $img_start + $img_st_close, $img_len);
4118
4119                 logger('fix_private_photos: found photo ' . $image, LOGGER_DEBUG);
4120
4121
4122                 if(stristr($image , $site . '/photo/')) {
4123                         // Only embed locally hosted photos
4124                         $replace = false;
4125                         $i = basename($image);
4126                         $i = str_replace(array('.jpg','.png','.gif'),array('','',''),$i);
4127                         $x = strpos($i,'-');
4128
4129                         if($x) {
4130                                 $res = substr($i,$x+1);
4131                                 $i = substr($i,0,$x);
4132                                 $r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d AND `uid` = %d",
4133                                         dbesc($i),
4134                                         intval($res),
4135                                         intval($uid)
4136                                 );
4137                                 if($r) {
4138
4139                                         // Check to see if we should replace this photo link with an embedded image
4140                                         // 1. No need to do so if the photo is public
4141                                         // 2. If there's a contact-id provided, see if they're in the access list
4142                                         //    for the photo. If so, embed it.
4143                                         // 3. Otherwise, if we have an item, see if the item permissions match the photo
4144                                         //    permissions, regardless of order but first check to see if they're an exact
4145                                         //    match to save some processing overhead.
4146
4147                                         if(has_permissions($r[0])) {
4148                                                 if($cid) {
4149                                                         $recips = enumerate_permissions($r[0]);
4150                                                         if(in_array($cid, $recips)) {
4151                                                                 $replace = true;
4152                                                         }
4153                                                 }
4154                                                 elseif($item) {
4155                                                         if(compare_permissions($item,$r[0]))
4156                                                                 $replace = true;
4157                                                 }
4158                                         }
4159                                         if($replace) {
4160                                                 $data = $r[0]['data'];
4161                                                 $type = $r[0]['type'];
4162
4163                                                 // If a custom width and height were specified, apply before embedding
4164                                                 if(preg_match("/\[img\=([0-9]*)x([0-9]*)\]/is", substr($orig_body, $img_start, $img_st_close), $match)) {
4165                                                         logger('fix_private_photos: scaling photo', LOGGER_DEBUG);
4166
4167                                                         $width = intval($match[1]);
4168                                                         $height = intval($match[2]);
4169
4170                                                         $ph = new Photo($data, $type);
4171                                                         if($ph->is_valid()) {
4172                                                                 $ph->scaleImage(max($width, $height));
4173                                                                 $data = $ph->imageString();
4174                                                                 $type = $ph->getType();
4175                                                         }
4176                                                 }
4177
4178                                                 logger('fix_private_photos: replacing photo', LOGGER_DEBUG);
4179                                                 $image = 'data:' . $type . ';base64,' . base64_encode($data);
4180                                                 logger('fix_private_photos: replaced: ' . $image, LOGGER_DATA);
4181                                         }
4182                                 }
4183                         }
4184                 }
4185
4186                 $new_body = $new_body . substr($orig_body, 0, $img_start + $img_st_close) . $image . '[/img]';
4187                 $orig_body = substr($orig_body, $img_start + $img_st_close + $img_len + strlen('[/img]'));
4188                 if($orig_body === false)
4189                         $orig_body = '';
4190
4191                 $img_start = strpos($orig_body, '[img');
4192                 $img_st_close = ($img_start !== false ? strpos(substr($orig_body, $img_start), ']') : false);
4193                 $img_len = ($img_start !== false ? strpos(substr($orig_body, $img_start + $img_st_close + 1), '[/img]') : false);
4194         }
4195
4196         $new_body = $new_body . $orig_body;
4197
4198         return($new_body);
4199 }
4200
4201
4202 function has_permissions($obj) {
4203         if(($obj['allow_cid'] != '') || ($obj['allow_gid'] != '') || ($obj['deny_cid'] != '') || ($obj['deny_gid'] != ''))
4204                 return true;
4205         return false;
4206 }
4207
4208 function compare_permissions($obj1,$obj2) {
4209         // first part is easy. Check that these are exactly the same.
4210         if(($obj1['allow_cid'] == $obj2['allow_cid'])
4211                 && ($obj1['allow_gid'] == $obj2['allow_gid'])
4212                 && ($obj1['deny_cid'] == $obj2['deny_cid'])
4213                 && ($obj1['deny_gid'] == $obj2['deny_gid']))
4214                 return true;
4215
4216         // This is harder. Parse all the permissions and compare the resulting set.
4217
4218         $recipients1 = enumerate_permissions($obj1);
4219         $recipients2 = enumerate_permissions($obj2);
4220         sort($recipients1);
4221         sort($recipients2);
4222         if($recipients1 == $recipients2)
4223                 return true;
4224         return false;
4225 }
4226
4227 // returns an array of contact-ids that are allowed to see this object
4228
4229 function enumerate_permissions($obj) {
4230         require_once('include/group.php');
4231         $allow_people = expand_acl($obj['allow_cid']);
4232         $allow_groups = expand_groups(expand_acl($obj['allow_gid']));
4233         $deny_people  = expand_acl($obj['deny_cid']);
4234         $deny_groups  = expand_groups(expand_acl($obj['deny_gid']));
4235         $recipients   = array_unique(array_merge($allow_people,$allow_groups));
4236         $deny         = array_unique(array_merge($deny_people,$deny_groups));
4237         $recipients   = array_diff($recipients,$deny);
4238         return $recipients;
4239 }
4240
4241 function item_getfeedtags($item) {
4242         $ret = array();
4243         $matches = false;
4244         $cnt = preg_match_all('|\#\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches);
4245         if($cnt) {
4246                 for($x = 0; $x < $cnt; $x ++) {
4247                         if($matches[1][$x])
4248                                 $ret[] = array('#',$matches[1][$x], $matches[2][$x]);
4249                 }
4250         }
4251         $matches = false;
4252         $cnt = preg_match_all('|\@\[url\=(.*?)\](.*?)\[\/url\]|',$item['tag'],$matches);
4253         if($cnt) {
4254                 for($x = 0; $x < $cnt; $x ++) {
4255                         if($matches[1][$x])
4256                                 $ret[] = array('@',$matches[1][$x], $matches[2][$x]);
4257                 }
4258         }
4259         return $ret;
4260 }
4261
4262 function item_getfeedattach($item) {
4263         $ret = '';
4264         $arr = explode('[/attach],',$item['attach']);
4265         if(count($arr)) {
4266                 foreach($arr as $r) {
4267                         $matches = false;
4268                         $cnt = preg_match('|\[attach\]href=\"(.*?)\" length=\"(.*?)\" type=\"(.*?)\" title=\"(.*?)\"|',$r,$matches);
4269                         if($cnt) {
4270                                 $ret .= '<link rel="enclosure" href="' . xmlify($matches[1]) . '" type="' . xmlify($matches[3]) . '" ';
4271                                 if(intval($matches[2]))
4272                                         $ret .= 'length="' . intval($matches[2]) . '" ';
4273                                 if($matches[4] !== ' ')
4274                                         $ret .= 'title="' . xmlify(trim($matches[4])) . '" ';
4275                                 $ret .= ' />' . "\r\n";
4276                         }
4277                 }
4278         }
4279         return $ret;
4280 }
4281
4282
4283
4284 function item_expire($uid, $days, $network = "", $force = false) {
4285
4286         if((! $uid) || ($days < 1))
4287                 return;
4288
4289         // $expire_network_only = save your own wall posts
4290         // and just expire conversations started by others
4291
4292         $expire_network_only = get_pconfig($uid,'expire','network_only');
4293         $sql_extra = ((intval($expire_network_only)) ? " AND wall = 0 " : "");
4294
4295         if ($network != "") {
4296                 $sql_extra .= sprintf(" AND network = '%s' ", dbesc($network));
4297                 // There is an index "uid_network_received" but not "uid_network_created"
4298                 // This avoids the creation of another index just for one purpose.
4299                 // And it doesn't really matter wether to look at "received" or "created"
4300                 $range = "AND `received` < UTC_TIMESTAMP() - INTERVAL %d DAY ";
4301         } else
4302                 $range = "AND `created` < UTC_TIMESTAMP() - INTERVAL %d DAY ";
4303
4304         $r = q("SELECT * FROM `item`
4305                 WHERE `uid` = %d $range
4306                 AND `id` = `parent`
4307                 $sql_extra
4308                 AND `deleted` = 0",
4309                 intval($uid),
4310                 intval($days)
4311         );
4312
4313         if(! count($r))
4314                 return;
4315
4316         $expire_items = get_pconfig($uid, 'expire','items');
4317         $expire_items = (($expire_items===false)?1:intval($expire_items)); // default if not set: 1
4318
4319         // Forcing expiring of items - but not notes and marked items
4320         if ($force)
4321                 $expire_items = true;
4322
4323         $expire_notes = get_pconfig($uid, 'expire','notes');
4324         $expire_notes = (($expire_notes===false)?1:intval($expire_notes)); // default if not set: 1
4325
4326         $expire_starred = get_pconfig($uid, 'expire','starred');
4327         $expire_starred = (($expire_starred===false)?1:intval($expire_starred)); // default if not set: 1
4328
4329         $expire_photos = get_pconfig($uid, 'expire','photos');
4330         $expire_photos = (($expire_photos===false)?0:intval($expire_photos)); // default if not set: 0
4331
4332         logger('expire: # items=' . count($r). "; expire items: $expire_items, expire notes: $expire_notes, expire starred: $expire_starred, expire photos: $expire_photos");
4333
4334         foreach($r as $item) {
4335
4336                 // don't expire filed items
4337
4338                 if(strpos($item['file'],'[') !== false)
4339                         continue;
4340
4341                 // Only expire posts, not photos and photo comments
4342
4343                 if($expire_photos==0 && strlen($item['resource-id']))
4344                         continue;
4345                 if($expire_starred==0 && intval($item['starred']))
4346                         continue;
4347                 if($expire_notes==0 && $item['type']=='note')
4348                         continue;
4349                 if($expire_items==0 && $item['type']!='note')
4350                         continue;
4351
4352                 drop_item($item['id'],false);
4353         }
4354
4355         proc_run('php',"include/notifier.php","expire","$uid");
4356
4357 }
4358
4359
4360 function drop_items($items) {
4361         $uid = 0;
4362
4363         if(! local_user() && ! remote_user())
4364                 return;
4365
4366         if(count($items)) {
4367                 foreach($items as $item) {
4368                         $owner = drop_item($item,false);
4369                         if($owner && ! $uid)
4370                                 $uid = $owner;
4371                 }
4372         }
4373
4374         // multiple threads may have been deleted, send an expire notification
4375
4376         if($uid)
4377                 proc_run('php',"include/notifier.php","expire","$uid");
4378 }
4379
4380
4381 function drop_item($id,$interactive = true) {
4382
4383         $a = get_app();
4384
4385         // locate item to be deleted
4386
4387         $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
4388                 intval($id)
4389         );
4390
4391         if(! count($r)) {
4392                 if(! $interactive)
4393                         return 0;
4394                 notice( t('Item not found.') . EOL);
4395                 goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
4396         }
4397
4398         $item = $r[0];
4399
4400         $owner = $item['uid'];
4401
4402         $cid = 0;
4403
4404         // check if logged in user is either the author or owner of this item
4405
4406         if(is_array($_SESSION['remote'])) {
4407                 foreach($_SESSION['remote'] as $visitor) {
4408                         if($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
4409                                 $cid = $visitor['cid'];
4410                                 break;
4411                         }
4412                 }
4413         }
4414
4415
4416         if((local_user() == $item['uid']) || ($cid) || (! $interactive)) {
4417
4418                 // Check if we should do HTML-based delete confirmation
4419                 if($_REQUEST['confirm']) {
4420                         // <form> can't take arguments in its "action" parameter
4421                         // so add any arguments as hidden inputs
4422                         $query = explode_querystring($a->query_string);
4423                         $inputs = array();
4424                         foreach($query['args'] as $arg) {
4425                                 if(strpos($arg, 'confirm=') === false) {
4426                                         $arg_parts = explode('=', $arg);
4427                                         $inputs[] = array('name' => $arg_parts[0], 'value' => $arg_parts[1]);
4428                                 }
4429                         }
4430
4431                         return replace_macros(get_markup_template('confirm.tpl'), array(
4432                                 '$method' => 'get',
4433                                 '$message' => t('Do you really want to delete this item?'),
4434                                 '$extra_inputs' => $inputs,
4435                                 '$confirm' => t('Yes'),
4436                                 '$confirm_url' => $query['base'],
4437                                 '$confirm_name' => 'confirmed',
4438                                 '$cancel' => t('Cancel'),
4439                         ));
4440                 }
4441                 // Now check how the user responded to the confirmation query
4442                 if($_REQUEST['canceled']) {
4443                         goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
4444                 }
4445
4446                 logger('delete item: ' . $item['id'], LOGGER_DEBUG);
4447                 // delete the item
4448
4449                 $r = q("UPDATE `item` SET `deleted` = 1, `title` = '', `body` = '', `edited` = '%s', `changed` = '%s' WHERE `id` = %d",
4450                         dbesc(datetime_convert()),
4451                         dbesc(datetime_convert()),
4452                         intval($item['id'])
4453                 );
4454                 create_tags_from_item($item['id']);
4455                 create_files_from_item($item['id']);
4456                 delete_thread($item['id']);
4457
4458                 // clean up categories and tags so they don't end up as orphans
4459
4460                 $matches = false;
4461                 $cnt = preg_match_all('/<(.*?)>/',$item['file'],$matches,PREG_SET_ORDER);
4462                 if($cnt) {
4463                         foreach($matches as $mtch) {
4464                                 file_tag_unsave_file($item['uid'],$item['id'],$mtch[1],true);
4465                         }
4466                 }
4467
4468                 $matches = false;
4469
4470                 $cnt = preg_match_all('/\[(.*?)\]/',$item['file'],$matches,PREG_SET_ORDER);
4471                 if($cnt) {
4472                         foreach($matches as $mtch) {
4473                                 file_tag_unsave_file($item['uid'],$item['id'],$mtch[1],false);
4474                         }
4475                 }
4476
4477                 // If item is a link to a photo resource, nuke all the associated photos
4478                 // (visitors will not have photo resources)
4479                 // This only applies to photos uploaded from the photos page. Photos inserted into a post do not
4480                 // generate a resource-id and therefore aren't intimately linked to the item.
4481
4482                 if(strlen($item['resource-id'])) {
4483                         q("DELETE FROM `photo` WHERE `resource-id` = '%s' AND `uid` = %d ",
4484                                 dbesc($item['resource-id']),
4485                                 intval($item['uid'])
4486                         );
4487                         // ignore the result
4488                 }
4489
4490                 // If item is a link to an event, nuke the event record.
4491
4492                 if(intval($item['event-id'])) {
4493                         q("DELETE FROM `event` WHERE `id` = %d AND `uid` = %d",
4494                                 intval($item['event-id']),
4495                                 intval($item['uid'])
4496                         );
4497                         // ignore the result
4498                 }
4499
4500                 // clean up item_id and sign meta-data tables
4501
4502                 /*
4503                 // Old code - caused very long queries and warning entries in the mysql logfiles:
4504
4505                 $r = q("DELETE FROM item_id where iid in (select id from item where parent = %d and uid = %d)",
4506                         intval($item['id']),
4507                         intval($item['uid'])
4508                 );
4509
4510                 $r = q("DELETE FROM sign where iid in (select id from item where parent = %d and uid = %d)",
4511                         intval($item['id']),
4512                         intval($item['uid'])
4513                 );
4514                 */
4515
4516                 // The new code splits the queries since the mysql optimizer really has bad problems with subqueries
4517
4518                 // Creating list of parents
4519                 $r = q("select id from item where parent = %d and uid = %d",
4520                         intval($item['id']),
4521                         intval($item['uid'])
4522                 );
4523
4524                 $parentid = "";
4525
4526                 foreach ($r AS $row) {
4527                         if ($parentid != "")
4528                                 $parentid .= ", ";
4529
4530                         $parentid .= $row["id"];
4531                 }
4532
4533                 // Now delete them
4534                 if ($parentid != "") {
4535                         $r = q("DELETE FROM item_id where iid in (%s)", dbesc($parentid));
4536
4537                         $r = q("DELETE FROM sign where iid in (%s)", dbesc($parentid));
4538                 }
4539
4540                 // If it's the parent of a comment thread, kill all the kids
4541
4542                 if($item['uri'] == $item['parent-uri']) {
4543                         $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = ''
4544                                 WHERE `parent-uri` = '%s' AND `uid` = %d ",
4545                                 dbesc(datetime_convert()),
4546                                 dbesc(datetime_convert()),
4547                                 dbesc($item['parent-uri']),
4548                                 intval($item['uid'])
4549                         );
4550                         create_tags_from_item($item['parent-uri'], $item['uid']);
4551                         create_files_from_item($item['parent-uri'], $item['uid']);
4552                         delete_thread_uri($item['parent-uri'], $item['uid']);
4553                         // ignore the result
4554                 }
4555                 else {
4556                         // ensure that last-child is set in case the comment that had it just got wiped.
4557                         q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ",
4558                                 dbesc(datetime_convert()),
4559                                 dbesc($item['parent-uri']),
4560                                 intval($item['uid'])
4561                         );
4562                         // who is the last child now?
4563                         $r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d ORDER BY `edited` DESC LIMIT 1",
4564                                 dbesc($item['parent-uri']),
4565                                 intval($item['uid'])
4566                         );
4567                         if(count($r)) {
4568                                 q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d",
4569                                         intval($r[0]['id'])
4570                                 );
4571                         }
4572
4573                         // Add a relayable_retraction signature for Diaspora.
4574                         store_diaspora_retract_sig($item, $a->user, $a->get_baseurl());
4575                 }
4576                 $drop_id = intval($item['id']);
4577
4578                 // send the notification upstream/downstream as the case may be
4579
4580                 proc_run('php',"include/notifier.php","drop","$drop_id");
4581
4582                 if(! $interactive)
4583                         return $owner;
4584                 goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
4585                 //NOTREACHED
4586         }
4587         else {
4588                 if(! $interactive)
4589                         return 0;
4590                 notice( t('Permission denied.') . EOL);
4591                 goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
4592                 //NOTREACHED
4593         }
4594
4595 }
4596
4597
4598 function first_post_date($uid,$wall = false) {
4599         $r = q("select id, created from item
4600                 where uid = %d and wall = %d and deleted = 0 and visible = 1 AND moderated = 0
4601                 and id = parent
4602                 order by created asc limit 1",
4603                 intval($uid),
4604                 intval($wall ? 1 : 0)
4605         );
4606         if(count($r)) {
4607 //              logger('first_post_date: ' . $r[0]['id'] . ' ' . $r[0]['created'], LOGGER_DATA);
4608                 return substr(datetime_convert('',date_default_timezone_get(),$r[0]['created']),0,10);
4609         }
4610         return false;
4611 }
4612
4613 function posted_dates($uid,$wall) {
4614         $dnow = datetime_convert('',date_default_timezone_get(),'now','Y-m-d');
4615
4616         $dthen = first_post_date($uid,$wall);
4617         if(! $dthen)
4618                 return array();
4619
4620         // Set the start and end date to the beginning of the month
4621         $dnow = substr($dnow,0,8).'01';
4622         $dthen = substr($dthen,0,8).'01';
4623
4624         $ret = array();
4625         // Starting with the current month, get the first and last days of every
4626         // month down to and including the month of the first post
4627         while(substr($dnow, 0, 7) >= substr($dthen, 0, 7)) {
4628                 $dstart = substr($dnow,0,8) . '01';
4629                 $dend = substr($dnow,0,8) . get_dim(intval($dnow),intval(substr($dnow,5)));
4630                 $start_month = datetime_convert('','',$dstart,'Y-m-d');
4631                 $end_month = datetime_convert('','',$dend,'Y-m-d');
4632                 $str = day_translate(datetime_convert('','',$dnow,'F Y'));
4633                 $ret[] = array($str,$end_month,$start_month);
4634                 $dnow = datetime_convert('','',$dnow . ' -1 month', 'Y-m-d');
4635         }
4636         return $ret;
4637 }
4638
4639
4640 function posted_date_widget($url,$uid,$wall) {
4641         $o = '';
4642
4643         if(! feature_enabled($uid,'archives'))
4644                 return $o;
4645
4646         // For former Facebook folks that left because of "timeline"
4647
4648 /*      if($wall && intval(get_pconfig($uid,'system','no_wall_archive_widget')))
4649                 return $o;*/
4650
4651         $ret = posted_dates($uid,$wall);
4652         if(! count($ret))
4653                 return $o;
4654
4655         $o = replace_macros(get_markup_template('posted_date_widget.tpl'),array(
4656                 '$title' => t('Archives'),
4657                 '$size' => ((count($ret) > 6) ? 6 : count($ret)),
4658                 '$url' => $url,
4659                 '$dates' => $ret
4660         ));
4661         return $o;
4662 }
4663
4664 function store_diaspora_retract_sig($item, $user, $baseurl) {
4665         // Note that we can't add a target_author_signature
4666         // if the comment was deleted by a remote user. That should be ok, because if a remote user is deleting
4667         // the comment, that means we're the home of the post, and Diaspora will only
4668         // check the parent_author_signature of retractions that it doesn't have to relay further
4669         //
4670         // I don't think this function gets called for an "unlike," but I'll check anyway
4671
4672         $enabled = intval(get_config('system','diaspora_enabled'));
4673         if(! $enabled) {
4674                 logger('drop_item: diaspora support disabled, not storing retraction signature', LOGGER_DEBUG);
4675                 return;
4676         }
4677
4678         logger('drop_item: storing diaspora retraction signature');
4679
4680         $signed_text = $item['guid'] . ';' . ( ($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment');
4681
4682         if(local_user() == $item['uid']) {
4683
4684                 $handle = $user['nickname'] . '@' . substr($baseurl, strpos($baseurl,'://') + 3);
4685                 $authorsig = base64_encode(rsa_sign($signed_text,$user['prvkey'],'sha256'));
4686         }
4687         else {
4688                 $r = q("SELECT `nick`, `url` FROM `contact` WHERE `id` = '%d' LIMIT 1",
4689                         $item['contact-id'] // If this function gets called, drop_item() has already checked remote_user() == $item['contact-id']
4690                 );
4691                 if(count($r)) {
4692                         // The below handle only works for NETWORK_DFRN. I think that's ok, because this function
4693                         // only handles DFRN deletes
4694                         $handle_baseurl_start = strpos($r['url'],'://') + 3;
4695                         $handle_baseurl_length = strpos($r['url'],'/profile') - $handle_baseurl_start;
4696                         $handle = $r['nick'] . '@' . substr($r['url'], $handle_baseurl_start, $handle_baseurl_length);
4697                         $authorsig = '';
4698                 }
4699         }
4700
4701         if(isset($handle))
4702                 q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
4703                         intval($item['id']),
4704                         dbesc($signed_text),
4705                         dbesc($authorsig),
4706                         dbesc($handle)
4707                 );
4708
4709         return;
4710 }