]> git.mxchange.org Git - friendica.git/blob - mod/item.php
Continued a bit:
[friendica.git] / mod / item.php
1 <?php
2
3 /*
4  * This is the POST destination for most all locally posted
5  * text stuff. This function handles status, wall-to-wall status,
6  * local comments, and remote coments that are posted on this site
7  * (as opposed to being delivered in a feed).
8  * Also processed here are posts and comments coming through the
9  * statusnet/twitter API.
10  *
11  * All of these become an "item" which is our basic unit of
12  * information.
13  *
14  * Posts that originate externally or do not fall into the above
15  * posting categories go through item_store() instead of this function.
16  */
17
18 require_once 'include/crypto.php';
19 require_once 'include/enotify.php';
20 require_once 'include/email.php';
21 require_once 'include/tags.php';
22 require_once 'include/files.php';
23 require_once 'include/threads.php';
24 require_once 'include/text.php';
25 require_once 'include/items.php';
26 require_once 'include/Scrape.php';
27 require_once 'include/diaspora.php';
28 require_once 'include/Contact.php';
29
30 function item_post(App $a) {
31
32         if ((! local_user()) && (! remote_user()) && (! x($_REQUEST,'commenter'))) {
33                 return;
34         }
35
36         require_once 'include/security.php';
37
38         $uid = local_user();
39
40         if (x($_REQUEST, 'dropitems')) {
41                 $arr_drop = explode(',', $_REQUEST['dropitems']);
42                 drop_items($arr_drop);
43                 $json = array('success' => 1);
44                 echo json_encode($json);
45                 killme();
46         }
47
48         call_hooks('post_local_start', $_REQUEST);
49         // logger('postinput ' . file_get_contents('php://input'));
50         logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
51
52         $api_source = ((x($_REQUEST, 'api_source') && $_REQUEST['api_source']) ? true : false);
53
54         $message_id = ((x($_REQUEST, 'message_id') && $api_source) ? strip_tags($_REQUEST['message_id']) : '');
55
56         $return_path = ((x($_REQUEST, 'return')) ? $_REQUEST['return'] : '');
57         $preview = ((x($_REQUEST, 'preview')) ? intval($_REQUEST['preview']) : 0);
58
59         /*
60          * Check for doubly-submitted posts, and reject duplicates
61          * Note that we have to ignore previews, otherwise nothing will post
62          * after it's been previewed
63          */
64         if (!$preview && x($_REQUEST, 'post_id_random')) {
65                 if (x($_SESSION, 'post-random') && $_SESSION['post-random'] == $_REQUEST['post_id_random']) {
66                         logger("item post: duplicate post", LOGGER_DEBUG);
67                         item_post_return(App::get_baseurl(), $api_source, $return_path);
68                 } else {
69                         $_SESSION['post-random'] = $_REQUEST['post_id_random'];
70                 }
71         }
72
73         // Is this a reply to something?
74         $parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
75         $parent_uri = ((x($_REQUEST,'parent_uri')) ? trim($_REQUEST['parent_uri']) : '');
76
77         $parent_item = null;
78         $parent_contact = null;
79         $thr_parent = '';
80         $parid = 0;
81         $r = false;
82         $objecttype = null;
83
84         if ($parent || $parent_uri) {
85
86                 $objecttype = ACTIVITY_OBJ_COMMENT;
87
88                 if (! x($_REQUEST,'type')) {
89                         $_REQUEST['type'] = 'net-comment';
90                 }
91
92                 if ($parent) {
93                         $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
94                                 intval($parent)
95                         );
96                 } elseif ($parent_uri && local_user()) {
97                         // This is coming from an API source, and we are logged in
98                         $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
99                                 dbesc($parent_uri),
100                                 intval(local_user())
101                         );
102                 }
103
104                 // if this isn't the real parent of the conversation, find it
105                 if (dbm::is_result($r)) {
106                         $parid = $r[0]['parent'];
107                         $parent_uri = $r[0]['uri'];
108                         if ($r[0]['id'] != $r[0]['parent']) {
109                                 $r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
110                                         intval($parid)
111                                 );
112                         }
113                 }
114
115                 if (! dbm::is_result($r)) {
116                         notice( t('Unable to locate original post.') . EOL);
117                         if (x($_REQUEST,'return')) {
118                                 goaway($return_path);
119                         }
120                         killme();
121                 }
122                 $parent_item = $r[0];
123                 $parent = $r[0]['id'];
124
125                 // multi-level threading - preserve the info but re-parent to our single level threading
126                 //if(($parid) && ($parid != $parent))
127                 $thr_parent = $parent_uri;
128
129                 if ($parent_item['contact-id'] && $uid) {
130                         $r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
131                                 intval($parent_item['contact-id']),
132                                 intval($uid)
133                         );
134                         if (dbm::is_result($r)) {
135                                 $parent_contact = $r[0];
136                         }
137
138                         // If the contact id doesn't fit with the contact, then set the contact to null
139                         $thrparent = q("SELECT `author-link`, `network` FROM `item` WHERE `uri` = '%s' LIMIT 1", dbesc($thr_parent));
140                         if (dbm::is_result($thrparent) AND ($thrparent[0]["network"] === NETWORK_OSTATUS)
141                                 AND (normalise_link($parent_contact["url"]) != normalise_link($thrparent[0]["author-link"]))) {
142                                 $parent_contact = get_contact_details_by_url($thrparent[0]["author-link"]);
143
144                                 if (!isset($parent_contact["nick"])) {
145                                         require_once 'include/Scrape.php';
146                                         $probed_contact = probe_url($thrparent[0]["author-link"]);
147                                         if ($probed_contact["network"] != NETWORK_FEED) {
148                                                 $parent_contact = $probed_contact;
149                                                 $parent_contact["nurl"] = normalise_link($probed_contact["url"]);
150                                                 $parent_contact["thumb"] = $probed_contact["photo"];
151                                                 $parent_contact["micro"] = $probed_contact["photo"];
152                                                 $parent_contact["addr"] = $probed_contact["addr"];
153                                         }
154                                 }
155                                 logger('no contact found: ' . print_r($thrparent, true), LOGGER_DEBUG);
156                         } else {
157                                 logger('parent contact: ' . print_r($parent_contact, true), LOGGER_DEBUG);
158                         }
159
160                         if ($parent_contact["nick"] == "") {
161                                 $parent_contact["nick"] = $parent_contact["name"];
162                         }
163                 }
164         }
165
166         if ($parent) {
167                 logger('mod_item: item_post parent=' . $parent);
168         }
169
170         $profile_uid = ((x($_REQUEST,'profile_uid')) ? intval($_REQUEST['profile_uid']) : 0);
171         $post_id     = ((x($_REQUEST,'post_id'))     ? intval($_REQUEST['post_id'])     : 0);
172         $app         = ((x($_REQUEST,'source'))      ? strip_tags($_REQUEST['source'])  : '');
173         $extid       = ((x($_REQUEST,'extid'))       ? strip_tags($_REQUEST['extid'])   : '');
174         $object      = ((x($_REQUEST,'object'))      ? $_REQUEST['object']              : '');
175
176         // Check for multiple posts with the same message id (when the post was created via API)
177         if (($message_id != '') AND ($profile_uid != 0)) {
178                 $r = q("SELECT * FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
179                         dbesc($message_id),
180                         intval($profile_uid)
181                 );
182
183                 if (dbm::is_result($r)) {
184                         logger("Message with URI ".$message_id." already exists for user ".$profile_uid, LOGGER_DEBUG);
185                         return;
186                 }
187         }
188
189         $allow_moderated = false;
190
191         // here is where we are going to check for permission to post a moderated comment.
192
193         // First check that the parent exists and it is a wall item.
194
195         if ((x($_REQUEST, 'commenter')) && ((! $parent) || (! $parent_item['wall']))) {
196                 notice(t('Permission denied.') . EOL) ;
197                 if (x($_REQUEST, 'return')) {
198                         goaway($return_path);
199                 }
200                 killme();
201         }
202
203         /*
204          * Now check that it is a page_type of PAGE_BLOG, and that valid personal details
205          * have been provided, and run any anti-spam plugins
206          */
207         if ((! can_write_wall($a, $profile_uid)) && (! $allow_moderated)) {
208                 notice(t('Permission denied.') . EOL) ;
209                 if (x($_REQUEST, 'return')) {
210                         goaway($return_path);
211                 }
212                 killme();
213         }
214
215
216         // is this an edited post?
217
218         $orig_post = null;
219
220         if ($post_id) {
221                 $i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
222                         intval($profile_uid),
223                         intval($post_id)
224                 );
225                 if (! dbm::is_result($i)) {
226                         killme();
227                 }
228                 $orig_post = $i[0];
229         }
230
231         $user = null;
232
233         $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
234                 intval($profile_uid)
235         );
236         if (dbm::is_result($r)) {
237                 $user = $r[0];
238         }
239
240         if ($orig_post) {
241                 $str_group_allow   = $orig_post['allow_gid'];
242                 $str_contact_allow = $orig_post['allow_cid'];
243                 $str_group_deny    = $orig_post['deny_gid'];
244                 $str_contact_deny  = $orig_post['deny_cid'];
245                 $location          = $orig_post['location'];
246                 $coord             = $orig_post['coord'];
247                 $verb              = $orig_post['verb'];
248                 $objecttype        = $orig_post['object-type'];
249                 $emailcc           = $orig_post['emailcc'];
250                 $app               = $orig_post['app'];
251                 $categories        = $orig_post['file'];
252                 $title             = notags(trim($_REQUEST['title']));
253                 $body              = escape_tags(trim($_REQUEST['body']));
254                 $private           = $orig_post['private'];
255                 $pubmail_enable    = $orig_post['pubmail'];
256                 $network           = $orig_post['network'];
257                 $guid              = $orig_post['guid'];
258                 $extid             = $orig_post['extid'];
259
260         } else {
261
262                 /*
263                  * if coming from the API and no privacy settings are set,
264                  * use the user default permissions - as they won't have
265                  * been supplied via a form.
266                  */
267                 /// @TODO use x($_REQUEST, 'foo') here
268                 if (($api_source)
269                         && (! array_key_exists('contact_allow', $_REQUEST))
270                         && (! array_key_exists('group_allow', $_REQUEST))
271                         && (! array_key_exists('contact_deny', $_REQUEST))
272                         && (! array_key_exists('group_deny', $_REQUEST))) {
273                         $str_group_allow   = $user['allow_gid'];
274                         $str_contact_allow = $user['allow_cid'];
275                         $str_group_deny    = $user['deny_gid'];
276                         $str_contact_deny  = $user['deny_cid'];
277                 } else {
278
279                         // use the posted permissions
280
281                         $str_group_allow   = perms2str($_REQUEST['group_allow']);
282                         $str_contact_allow = perms2str($_REQUEST['contact_allow']);
283                         $str_group_deny    = perms2str($_REQUEST['group_deny']);
284                         $str_contact_deny  = perms2str($_REQUEST['contact_deny']);
285                 }
286
287                 $title             = notags(trim($_REQUEST['title']));
288                 $location          = notags(trim($_REQUEST['location']));
289                 $coord             = notags(trim($_REQUEST['coord']));
290                 $verb              = notags(trim($_REQUEST['verb']));
291                 $emailcc           = notags(trim($_REQUEST['emailcc']));
292                 $body              = escape_tags(trim($_REQUEST['body']));
293                 $network           = notags(trim($_REQUEST['network']));
294                 $guid              = get_guid(32);
295
296                 item_add_language_opt($_REQUEST);
297                 $postopts = $_REQUEST['postopts'] ? $_REQUEST['postopts'] : "";
298
299                 $private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
300
301                 if ($user['hidewall']) {
302                         $private = 2;
303                 }
304
305                 // If this is a comment, set the permissions from the parent.
306
307                 if ($parent_item) {
308
309                         // for non native networks use the network of the original post as network of the item
310                         if (($parent_item['network'] != NETWORK_DIASPORA)
311                                 AND ($parent_item['network'] != NETWORK_OSTATUS)
312                                 AND ($network == "")) {
313                                 $network = $parent_item['network'];
314                         }
315
316                         $str_contact_allow = $parent_item['allow_cid'];
317                         $str_group_allow   = $parent_item['allow_gid'];
318                         $str_contact_deny  = $parent_item['deny_cid'];
319                         $str_group_deny    = $parent_item['deny_gid'];
320                         $private           = $parent_item['private'];
321                 }
322
323                 $pubmail_enable    = ((x($_REQUEST, 'pubmail_enable') && intval($_REQUEST['pubmail_enable']) && (! $private)) ? 1 : 0);
324
325                 // if using the API, we won't see pubmail_enable - figure out if it should be set
326
327                 if ($api_source && $profile_uid && $profile_uid == local_user() && (! $private)) {
328                         $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
329                         if (! $mail_disabled) {
330                                 $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
331                                         intval(local_user())
332                                 );
333                                 if (dbm::is_result($r) && intval($r[0]['pubmail'])) {
334                                         $pubmail_enabled = true;
335                                 }
336                         }
337                 }
338
339                 if (! strlen($body)) {
340                         if ($preview) {
341                                 killme();
342                         }
343                         info(t('Empty post discarded.') . EOL );
344                         if (x($_REQUEST, 'return')) {
345                                 goaway($return_path);
346                         }
347                         killme();
348                 }
349         }
350
351         if (strlen($categories)) {
352                 // get the "fileas" tags for this post
353                 $filedas = file_tag_file_to_list($categories, 'file');
354         }
355         // save old and new categories, so we can determine what needs to be deleted from pconfig
356         $categories_old = $categories;
357         $categories = file_tag_list_to_file(trim($_REQUEST['category']), 'category');
358         $categories_new = $categories;
359         if (strlen($filedas)) {
360                 // append the fileas stuff to the new categories list
361                 $categories .= file_tag_list_to_file($filedas, 'file');
362         }
363
364         // get contact info for poster
365
366         $author = null;
367         $self   = false;
368         $contact_id = 0;
369
370         if ((local_user()) && (local_user() == $profile_uid)) {
371                 $self = true;
372                 $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
373                         intval($_SESSION['uid']));
374         } elseif(remote_user()) {
375                 if (is_array($_SESSION['remote'])) {
376                         foreach ($_SESSION['remote'] as $v) {
377                                 if ($v['uid'] == $profile_uid) {
378                                         $contact_id = $v['cid'];
379                                         break;
380                                 }
381                         }
382                 }
383                 if ($contact_id) {
384                         $r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
385                                 intval($contact_id)
386                         );
387                 }
388         }
389
390         if (dbm::is_result($r)) {
391                 $author = $r[0];
392                 $contact_id = $author['id'];
393         }
394
395         // get contact info for owner
396
397         if ($profile_uid == local_user()) {
398                 $contact_record = $author;
399         } else {
400                 $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
401                         intval($profile_uid)
402                 );
403                 if (dbm::is_result($r)) {
404                         $contact_record = $r[0];
405                 }
406         }
407
408         $post_type = notags(trim($_REQUEST['type']));
409
410         if ($post_type === 'net-comment' && $parent_item !== null) {
411                 if ($parent_item['wall'] == 1) {
412                         $post_type = 'wall-comment';
413                 } else {
414                         $post_type = 'remote-comment';
415                 }
416         }
417
418         /*
419          * When a photo was uploaded into the message using the (profile wall) ajax
420          * uploader, The permissions are initially set to disallow anybody but the
421          * owner from seeing it. This is because the permissions may not yet have been
422          * set for the post. If it's private, the photo permissions should be set
423          * appropriately. But we didn't know the final permissions on the post until
424          * now. So now we'll look for links of uploaded messages that are in the
425          * post and set them to the same permissions as the post itself.
426          */
427
428         $match = null;
429
430         if ((! $preview) && preg_match_all("/\[img([\=0-9x]*?)\](.*?)\[\/img\]/",$body,$match)) {
431                 $images = $match[2];
432                 if (count($images)) {
433
434                         $objecttype = ACTIVITY_OBJ_IMAGE;
435
436                         foreach ($images as $image) {
437                                 if (! stristr($image,App::get_baseurl() . '/photo/')) {
438                                         continue;
439                                 }
440                                 $image_uri = substr($image,strrpos($image,'/') + 1);
441                                 $image_uri = substr($image_uri,0, strpos($image_uri,'-'));
442                                 if (! strlen($image_uri)) {
443                                         continue;
444                                 }
445                                 $srch = '<' . intval($contact_id) . '>';
446
447                                 $r = q("SELECT `id` FROM `photo` WHERE `allow_cid` = '%s' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = ''
448                                         AND `resource-id` = '%s' AND `uid` = %d LIMIT 1",
449                                         dbesc($srch),
450                                         dbesc($image_uri),
451                                         intval($profile_uid)
452                                 );
453
454                                 if (! dbm::is_result($r)) {
455                                         continue;
456                                 }
457
458                                 $r = q("UPDATE `photo` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
459                                         WHERE `resource-id` = '%s' AND `uid` = %d AND `album` = '%s' ",
460                                         dbesc($str_contact_allow),
461                                         dbesc($str_group_allow),
462                                         dbesc($str_contact_deny),
463                                         dbesc($str_group_deny),
464                                         dbesc($image_uri),
465                                         intval($profile_uid),
466                                         dbesc( t('Wall Photos'))
467                                 );
468                         }
469                 }
470         }
471
472
473         /*
474          * Next link in any attachment references we find in the post.
475          */
476         $match = false;
477
478         if ((! $preview) && preg_match_all("/\[attachment\](.*?)\[\/attachment\]/", $body, $match)) {
479                 $attaches = $match[1];
480                 if (count($attaches)) {
481                         foreach ($attaches as $attach) {
482                                 $r = q("SELECT * FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
483                                         intval($profile_uid),
484                                         intval($attach)
485                                 );
486                                 if (dbm::is_result($r)) {
487                                         $r = q("UPDATE `attach` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
488                                                 WHERE `uid` = %d AND `id` = %d",
489                                                 dbesc($str_contact_allow),
490                                                 dbesc($str_group_allow),
491                                                 dbesc($str_contact_deny),
492                                                 dbesc($str_group_deny),
493                                                 intval($profile_uid),
494                                                 intval($attach)
495                                         );
496                                 }
497                         }
498                 }
499         }
500
501         // embedded bookmark or attachment in post? set bookmark flag
502
503         $bookmark = 0;
504         $data = get_attachment_data($body);
505         if (preg_match_all("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism", $body, $match, PREG_SET_ORDER) OR isset($data["type"])) {
506                 $objecttype = ACTIVITY_OBJ_BOOKMARK;
507                 $bookmark = 1;
508         }
509
510         $body = bb_translate_video($body);
511
512
513         // Fold multi-line [code] sequences
514         $body = preg_replace('/\[\/code\]\s*\[code\]/ism', "\n", $body);
515
516         $body = scale_external_images($body, false);
517
518         // Setting the object type if not defined before
519         if (!$objecttype) {
520                 $objecttype = ACTIVITY_OBJ_NOTE; // Default value
521                 require_once 'include/plaintext.php';
522                 $objectdata = get_attached_data($body);
523
524                 if ($post["type"] == "link") {
525                         $objecttype = ACTIVITY_OBJ_BOOKMARK;
526                 } elseif ($post["type"] == "video") {
527                         $objecttype = ACTIVITY_OBJ_VIDEO;
528                 } elseif ($post["type"] == "photo") {
529                         $objecttype = ACTIVITY_OBJ_IMAGE;
530                 }
531
532         }
533
534         // Look for any tags and linkify them
535         $str_tags = '';
536         $inform   = '';
537
538         $tags = get_tags($body);
539
540         /*
541          * add a statusnet style reply tag if the original post was from there
542          * and we are replying, and there isn't one already
543          */
544         if ($parent AND ($parent_contact['network'] == NETWORK_OSTATUS)) {
545                 $contact = '@[url=' . $parent_contact['url'] . ']' . $parent_contact['nick'] . '[/url]';
546
547                 if (!in_array($contact,$tags)) {
548                         $body = $contact . ' ' . $body;
549                         $tags[] = $contact;
550                 }
551
552                 $toplevel_contact = "";
553                 $toplevel_parent = q("SELECT `contact`.* FROM `contact`
554                                                 INNER JOIN `item` ON `item`.`contact-id` = `contact`.`id` AND `contact`.`url` = `item`.`author-link`
555                                                 WHERE `item`.`id` = `item`.`parent` AND `item`.`parent` = %d", intval($parent));
556                 if (dbm::is_result($toplevel_parent)) {
557                         $toplevel_contact = '@' . $toplevel_parent[0]['nick'] . '+' . $toplevel_parent[0]['id'];
558                 } else {
559                         $toplevel_parent = q("SELECT `author-link`, `author-name` FROM `item` WHERE `id` = `parent` AND `parent` = %d", intval($parent));
560                         $toplevel_contact = '@[url=' . $toplevel_parent[0]['author-link'] . ']' . $toplevel_parent[0]['author-name'] . '[/url]';
561                 }
562
563                 if (!in_array($toplevel_contact, $tags)) {
564                         $tags[] = $toplevel_contact;
565                 }
566         }
567
568         $tagged = array();
569
570         $private_forum = false;
571
572         if (count($tags)) {
573                 foreach ($tags as $tag) {
574
575                         if (strpos($tag, '#') === 0) {
576                                 continue;
577                         }
578
579                         /*
580                          * If we already tagged 'Robert Johnson', don't try and tag 'Robert'.
581                          * Robert Johnson should be first in the $tags array
582                          */
583                         $fullnametagged = false;
584                         foreach ($tagged as $nextTag) {
585                                 if (stristr($nextTag, $tag . ' ')) {
586                                         $fullnametagged = true;
587                                         break;
588                                 }
589                         }
590                         if ($fullnametagged) {
591                                 continue;
592                         }
593
594                         $success = handle_tag($a, $body, $inform, $str_tags, (local_user()) ? local_user() : $profile_uid , $tag, $network);
595                         if ($success['replaced']) {
596                                 $tagged[] = $tag;
597                         }
598                         if (is_array($success['contact']) && intval($success['contact']['prv'])) {
599                                 $private_forum = true;
600                                 $private_id = $success['contact']['id'];
601                         }
602                 }
603         }
604
605         if (($private_forum) && (! $parent) && (! $private)) {
606                 // we tagged a private forum in a top level post and the message was public.
607                 // Restrict it.
608                 $private = 1;
609                 $str_contact_allow = '<' . $private_id . '>';
610         }
611
612         $attachments = '';
613         $match = false;
614
615         if (preg_match_all('/(\[attachment\]([0-9]+)\[\/attachment\])/',$body,$match)) {
616                 foreach ($match[2] as $mtch) {
617                         $r = q("SELECT `id`,`filename`,`filesize`,`filetype` FROM `attach` WHERE `uid` = %d AND `id` = %d LIMIT 1",
618                                 intval($profile_uid),
619                                 intval($mtch)
620                         );
621                         if (dbm::is_result($r)) {
622                                 if (strlen($attachments)) {
623                                         $attachments .= ',';
624                                 }
625                                 $attachments .= '[attach]href="' . App::get_baseurl() . '/attach/' . $r[0]['id'] . '" length="' . $r[0]['filesize'] . '" type="' . $r[0]['filetype'] . '" title="' . (($r[0]['filename']) ? $r[0]['filename'] : '') . '"[/attach]';
626                         }
627                         $body = str_replace($match[1],'',$body);
628                 }
629         }
630
631         $wall = 0;
632
633         if ($post_type === 'wall' || $post_type === 'wall-comment') {
634                 $wall = 1;
635         }
636
637         if (! strlen($verb)) {
638                 $verb = ACTIVITY_POST ;
639         }
640
641         if ($network == "") {
642                 $network = NETWORK_DFRN;
643         }
644
645         $gravity = (($parent) ? 6 : 0 );
646
647         // even if the post arrived via API we are considering that it
648         // originated on this site by default for determining relayability.
649
650         $origin = ((x($_REQUEST,'origin')) ? intval($_REQUEST['origin']) : 1);
651
652         $notify_type = (($parent) ? 'comment-new' : 'wall-new' );
653
654         $uri = (($message_id) ? $message_id : item_new_uri($a->get_hostname(),$profile_uid, $guid));
655
656         // Fallback so that we alway have a thr-parent
657         if (!$thr_parent) {
658                 $thr_parent = $uri;
659         }
660
661         $datarray = array();
662         $datarray['uid']           = $profile_uid;
663         $datarray['type']          = $post_type;
664         $datarray['wall']          = $wall;
665         $datarray['gravity']       = $gravity;
666         $datarray['network']       = $network;
667         $datarray['contact-id']    = $contact_id;
668         $datarray['owner-name']    = $contact_record['name'];
669         $datarray['owner-link']    = $contact_record['url'];
670         $datarray['owner-avatar']  = $contact_record['thumb'];
671         $datarray['owner-id']      = get_contact($datarray['owner-link'], 0);
672         $datarray['author-name']   = $author['name'];
673         $datarray['author-link']   = $author['url'];
674         $datarray['author-avatar'] = $author['thumb'];
675         $datarray['author-id']     = get_contact($datarray['author-link'], 0);
676         $datarray['created']       = datetime_convert();
677         $datarray['edited']        = datetime_convert();
678         $datarray['commented']     = datetime_convert();
679         $datarray['received']      = datetime_convert();
680         $datarray['changed']       = datetime_convert();
681         $datarray['extid']         = $extid;
682         $datarray['guid']          = $guid;
683         $datarray['uri']           = $uri;
684         $datarray['title']         = $title;
685         $datarray['body']          = $body;
686         $datarray['app']           = $app;
687         $datarray['location']      = $location;
688         $datarray['coord']         = $coord;
689         $datarray['tag']           = $str_tags;
690         $datarray['file']          = $categories;
691         $datarray['inform']        = $inform;
692         $datarray['verb']          = $verb;
693         $datarray['object-type']   = $objecttype;
694         $datarray['allow_cid']     = $str_contact_allow;
695         $datarray['allow_gid']     = $str_group_allow;
696         $datarray['deny_cid']      = $str_contact_deny;
697         $datarray['deny_gid']      = $str_group_deny;
698         $datarray['private']       = $private;
699         $datarray['pubmail']       = $pubmail_enable;
700         $datarray['attach']        = $attachments;
701         $datarray['bookmark']      = intval($bookmark);
702         $datarray['thr-parent']    = $thr_parent;
703         $datarray['postopts']      = $postopts;
704         $datarray['origin']        = $origin;
705         $datarray['moderated']     = $allow_moderated;
706         $datarray['gcontact-id']   = get_gcontact_id(array("url" => $datarray['author-link'], "network" => $datarray['network'],
707                                                         "photo" => $datarray['author-avatar'], "name" => $datarray['author-name']));
708         $datarray['object']        = $object;
709
710         /*
711          * These fields are for the convenience of plugins...
712          * 'self' if true indicates the owner is posting on their own wall
713          * If parent is 0 it is a top-level post.
714          */
715         $datarray['parent']        = $parent;
716         $datarray['self']          = $self;
717 //      $datarray['prvnets']       = $user['prvnets'];
718
719         $datarray['parent-uri'] = ($parent == 0) ? $uri : $parent_item['uri'];
720         $datarray['plink'] = App::get_baseurl() . '/display/' . urlencode($datarray['guid']);
721         $datarray['last-child'] = 1;
722         $datarray['visible'] = 1;
723
724         if ($orig_post) {
725                 $datarray['edit'] = true;
726         }
727
728         // Search for hashtags
729         item_body_set_hashtags($datarray);
730
731         // preview mode - prepare the body for display and send it via json
732         if ($preview) {
733                 require_once 'include/conversation.php';
734                 // We set the datarray ID to -1 because in preview mode the dataray
735                 // doesn't have an ID.
736                 $datarray["id"] = -1;
737                 $o = conversation($a,array(array_merge($contact_record,$datarray)),'search', false, true);
738                 logger('preview: ' . $o);
739                 echo json_encode(array('preview' => $o));
740                 killme();
741         }
742
743         call_hooks('post_local',$datarray);
744
745         if (x($datarray, 'cancel')) {
746                 logger('mod_item: post cancelled by plugin.');
747                 if ($return_path) {
748                         goaway($return_path);
749                 }
750
751                 $json = array('cancel' => 1);
752                 if (x($_REQUEST,'jsreload') && strlen($_REQUEST['jsreload'])) {
753                         $json['reload'] = App::get_baseurl() . '/' . $_REQUEST['jsreload'];
754                 }
755
756                 echo json_encode($json);
757                 killme();
758         }
759
760         // Fill the cache field
761         put_item_in_cache($datarray);
762
763         if ($orig_post) {
764                 $r = q("UPDATE `item` SET `title` = '%s', `body` = '%s', `tag` = '%s', `attach` = '%s', `file` = '%s', `rendered-html` = '%s', `rendered-hash` = '%s', `edited` = '%s', `changed` = '%s' WHERE `id` = %d AND `uid` = %d",
765                         dbesc($datarray['title']),
766                         dbesc($datarray['body']),
767                         dbesc($datarray['tag']),
768                         dbesc($datarray['attach']),
769                         dbesc($datarray['file']),
770                         dbesc($datarray['rendered-html']),
771                         dbesc($datarray['rendered-hash']),
772                         dbesc(datetime_convert()),
773                         dbesc(datetime_convert()),
774                         intval($post_id),
775                         intval($profile_uid)
776                 );
777
778                 create_tags_from_item($post_id);
779                 create_files_from_item($post_id);
780                 update_thread($post_id);
781
782                 // update filetags in pconfig
783                 file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
784
785                 proc_run(PRIORITY_HIGH, "include/notifier.php", 'edit_post', $post_id);
786                 if ((x($_REQUEST,'return')) && strlen($return_path)) {
787                         logger('return: ' . $return_path);
788                         goaway($return_path);
789                 }
790                 killme();
791         } else {
792                 $post_id = 0;
793         }
794
795         q("COMMIT");
796         q("START TRANSACTION;");
797
798         $r = q("INSERT INTO `item` (`guid`, `extid`, `uid`,`type`,`wall`,`gravity`, `network`, `contact-id`,
799                                         `owner-name`,`owner-link`,`owner-avatar`, `owner-id`,
800                                         `author-name`, `author-link`, `author-avatar`, `author-id`,
801                                         `created`, `edited`, `commented`, `received`, `changed`,
802                                         `uri`, `thr-parent`, `title`, `body`, `app`, `location`, `coord`,
803                                         `tag`, `inform`, `verb`, `object-type`, `postopts`,
804                                         `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private`,
805                                         `pubmail`, `attach`, `bookmark`,`origin`, `moderated`, `file`,
806                                         `rendered-html`, `rendered-hash`, `gcontact-id`, `object`,
807                                         `parent`, `parent-uri`, `plink`, `last-child`, `visible`)
808                 VALUES('%s', '%s', %d, '%s', %d, %d, '%s', %d,
809                         '%s', '%s', '%s', %d,
810                         '%s', '%s', '%s', %d,
811                         '%s', '%s', '%s', '%s', '%s',
812                         '%s', '%s', '%s', '%s', '%s', '%s', '%s',
813                         '%s', '%s', '%s', '%s', '%s',
814                         '%s', '%s', '%s', '%s', %d,
815                         %d, '%s', %d, %d, %d, '%s',
816                         '%s', '%s', %d, '%s',
817                         %d, '%s', '%s', %d, %d)",
818                 dbesc($datarray['guid']),
819                 dbesc($datarray['extid']),
820                 intval($datarray['uid']),
821                 dbesc($datarray['type']),
822                 intval($datarray['wall']),
823                 intval($datarray['gravity']),
824                 dbesc($datarray['network']),
825                 intval($datarray['contact-id']),
826                 dbesc($datarray['owner-name']),
827                 dbesc($datarray['owner-link']),
828                 dbesc($datarray['owner-avatar']),
829                 intval($datarray['owner-id']),
830                 dbesc($datarray['author-name']),
831                 dbesc($datarray['author-link']),
832                 dbesc($datarray['author-avatar']),
833                 intval($datarray['author-id']),
834                 dbesc($datarray['created']),
835                 dbesc($datarray['edited']),
836                 dbesc($datarray['commented']),
837                 dbesc($datarray['received']),
838                 dbesc($datarray['changed']),
839                 dbesc($datarray['uri']),
840                 dbesc($datarray['thr-parent']),
841                 dbesc($datarray['title']),
842                 dbesc($datarray['body']),
843                 dbesc($datarray['app']),
844                 dbesc($datarray['location']),
845                 dbesc($datarray['coord']),
846                 dbesc($datarray['tag']),
847                 dbesc($datarray['inform']),
848                 dbesc($datarray['verb']),
849                 dbesc($datarray['object-type']),
850                 dbesc($datarray['postopts']),
851                 dbesc($datarray['allow_cid']),
852                 dbesc($datarray['allow_gid']),
853                 dbesc($datarray['deny_cid']),
854                 dbesc($datarray['deny_gid']),
855                 intval($datarray['private']),
856                 intval($datarray['pubmail']),
857                 dbesc($datarray['attach']),
858                 intval($datarray['bookmark']),
859                 intval($datarray['origin']),
860                 intval($datarray['moderated']),
861                 dbesc($datarray['file']),
862                 dbesc($datarray['rendered-html']),
863                 dbesc($datarray['rendered-hash']),
864                 intval($datarray['gcontact-id']),
865                 dbesc($datarray['object']),
866                 intval($datarray['parent']),
867                 dbesc($datarray['parent-uri']),
868                 dbesc($datarray['plink']),
869                 intval($datarray['last-child']),
870                 intval($datarray['visible'])
871         );
872
873         if (dbm::is_result($r)) {
874                 $r = q("SELECT LAST_INSERT_ID() AS `item-id`");
875                 if (dbm::is_result($r)) {
876                         $post_id = $r[0]['item-id'];
877                 } else {
878                         $post_id = 0;
879                 }
880         } else {
881                 logger('mod_item: unable to create post.');
882                 $post_id = 0;
883         }
884
885         if ($post_id == 0) {
886                 q("COMMIT");
887                 logger('mod_item: unable to retrieve post that was just stored.');
888                 notice(t('System error. Post not saved.') . EOL);
889                 goaway($return_path);
890                 // NOTREACHED
891         }
892
893         logger('mod_item: saved item ' . $post_id);
894
895         $datarray["id"] = $post_id;
896
897         item_set_last_item($datarray);
898
899         // update filetags in pconfig
900         file_tag_update_pconfig($uid,$categories_old,$categories_new,'category');
901
902         if ($parent) {
903
904                 // This item is the last leaf and gets the comment box, clear any ancestors
905                 $r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d AND `last-child` AND `id` != %d",
906                         dbesc(datetime_convert()),
907                         intval($parent),
908                         intval($post_id)
909                 );
910
911                 // update the commented timestamp on the parent
912                 q("UPDATE `item` SET `visible` = 1, `commented` = '%s', `changed` = '%s' WHERE `id` = %d",
913                         dbesc(datetime_convert()),
914                         dbesc(datetime_convert()),
915                         intval($parent)
916                 );
917
918                 if ($contact_record != $author) {
919                         notification(array(
920                                 'type'         => NOTIFY_COMMENT,
921                                 'notify_flags' => $user['notify-flags'],
922                                 'language'     => $user['language'],
923                                 'to_name'      => $user['username'],
924                                 'to_email'     => $user['email'],
925                                 'uid'          => $user['uid'],
926                                 'item'         => $datarray,
927                                 'link'         => App::get_baseurl().'/display/'.urlencode($datarray['guid']),
928                                 'source_name'  => $datarray['author-name'],
929                                 'source_link'  => $datarray['author-link'],
930                                 'source_photo' => $datarray['author-avatar'],
931                                 'verb'         => ACTIVITY_POST,
932                                 'otype'        => 'item',
933                                 'parent'       => $parent,
934                                 'parent_uri'   => $parent_item['uri']
935                         ));
936
937                 }
938
939
940                 // Store the comment signature information in case we need to relay to Diaspora
941                 Diaspora::store_comment_signature($datarray, $author, ($self ? $user['prvkey'] : false), $post_id);
942
943         } else {
944                 $parent = $post_id;
945
946                 $r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d",
947                         intval($parent),
948                         intval($post_id));
949
950                 if ($contact_record != $author) {
951                         notification(array(
952                                 'type'         => NOTIFY_WALL,
953                                 'notify_flags' => $user['notify-flags'],
954                                 'language'     => $user['language'],
955                                 'to_name'      => $user['username'],
956                                 'to_email'     => $user['email'],
957                                 'uid'          => $user['uid'],
958                                 'item'         => $datarray,
959                                 'link'         => App::get_baseurl().'/display/'.urlencode($datarray['guid']),
960                                 'source_name'  => $datarray['author-name'],
961                                 'source_link'  => $datarray['author-link'],
962                                 'source_photo' => $datarray['author-avatar'],
963                                 'verb'         => ACTIVITY_POST,
964                                 'otype'        => 'item'
965                         ));
966                 }
967         }
968
969         call_hooks('post_local_end', $datarray);
970
971         if (strlen($emailcc) && $profile_uid == local_user()) {
972                 $erecips = explode(',', $emailcc);
973                 if (count($erecips)) {
974                         foreach ($erecips as $recip) {
975                                 $addr = trim($recip);
976                                 if (! strlen($addr)) {
977                                         continue;
978                                 }
979                                 $disclaimer = '<hr />' . sprintf( t('This message was sent to you by %s, a member of the Friendica social network.'),$a->user['username'])
980                                         . '<br />';
981                                 $disclaimer .= sprintf( t('You may visit them online at %s'), App::get_baseurl() . '/profile/' . $a->user['nickname']) . EOL;
982                                 $disclaimer .= t('Please contact the sender by replying to this post if you do not wish to receive these messages.') . EOL;
983                                 if (!$datarray['title']=='') {
984                                         $subject = email_header_encode($datarray['title'], 'UTF-8');
985                                 } else {
986                                         $subject = email_header_encode('[Friendica]' . ' ' . sprintf( t('%s posted an update.'), $a->user['username']), 'UTF-8');
987                                 }
988                                 $link = '<a href="' . App::get_baseurl() . '/profile/' . $a->user['nickname'] . '"><img src="' . $author['thumb'] . '" alt="' . $a->user['username'] . '" /></a><br /><br />';
989                                 $html    = prepare_body($datarray);
990                                 $message = '<html><body>' . $link . $html . $disclaimer . '</body></html>';
991                                 include_once 'include/html2plain.php';
992                                 $params = array (
993                                     'fromName' => $a->user['username'],
994                                     'fromEmail' => $a->user['email'],
995                                     'toEmail' => $addr,
996                                     'replyTo' => $a->user['email'],
997                                     'messageSubject' => $subject,
998                                     'htmlVersion' => $message,
999                                     'textVersion' => html2plain($html.$disclaimer),
1000                                 );
1001                                 Emailer::send($params);
1002                         }
1003                 }
1004         }
1005
1006         if ($post_id == $parent) {
1007                 add_thread($post_id);
1008         } else {
1009                 update_thread($parent, true);
1010         }
1011
1012         q("COMMIT");
1013
1014         create_tags_from_item($post_id);
1015         create_files_from_item($post_id);
1016
1017         // Insert an item entry for UID=0 for global entries.
1018         // We now do it in the background to save some time.
1019         // This is important in interactive environments like the frontend or the API.
1020         // We don't fork a new process since this is done anyway with the following command
1021         proc_run(array('priority' => PRIORITY_HIGH, 'dont_fork' => true), "include/create_shadowentry.php", $post_id);
1022
1023         // Call the background process that is delivering the item to the receivers
1024         proc_run(PRIORITY_HIGH, "include/notifier.php", $notify_type, $post_id);
1025
1026         logger('post_complete');
1027
1028         item_post_return(App::get_baseurl(), $api_source, $return_path);
1029         // NOTREACHED
1030 }
1031
1032 function item_post_return($baseurl, $api_source, $return_path) {
1033         // figure out how to return, depending on from whence we came
1034
1035         if ($api_source) {
1036                 return;
1037         }
1038
1039         if ($return_path) {
1040                 goaway($return_path);
1041         }
1042
1043         $json = array('success' => 1);
1044         if (x($_REQUEST, 'jsreload') && strlen($_REQUEST['jsreload'])) {
1045                 $json['reload'] = $baseurl . '/' . $_REQUEST['jsreload'];
1046         }
1047
1048         logger('post_json: ' . print_r($json,true), LOGGER_DEBUG);
1049
1050         echo json_encode($json);
1051         killme();
1052 }
1053
1054
1055
1056 function item_content(App $a) {
1057
1058         if ((! local_user()) && (! remote_user())) {
1059                 return;
1060         }
1061
1062         require_once 'include/security.php';
1063
1064         $o = '';
1065         if (($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
1066                 $o = drop_item($a->argv[2], !is_ajax());
1067                 if (is_ajax()) {
1068                         // ajax return: [<item id>, 0 (no perm) | <owner id>]
1069                         echo json_encode(array(intval($a->argv[2]), intval($o)));
1070                         killme();
1071                 }
1072         }
1073         return $o;
1074 }
1075
1076 /**
1077  * This function removes the tag $tag from the text $body and replaces it with
1078  * the appropiate link.
1079  *
1080  * @param App $a Application instance @TODO is unused in this function's scope (excluding included files)
1081  * @param unknown_type $body the text to replace the tag in
1082  * @param string $inform a comma-seperated string containing everybody to inform
1083  * @param string $str_tags string to add the tag to
1084  * @param integer $profile_uid
1085  * @param string $tag the tag to replace
1086  * @param string $network The network of the post
1087  *
1088  * @return boolean true if replaced, false if not replaced
1089  */
1090 function handle_tag(App $a, &$body, &$inform, &$str_tags, $profile_uid, $tag, $network = "") {
1091         require_once 'include/Scrape.php';
1092         require_once 'include/socgraph.php';
1093
1094         $replaced = false;
1095         $r = null;
1096
1097         //is it a person tag?
1098         if (strpos($tag, '@') === 0) {
1099                 //is it already replaced?
1100                 if (strpos($tag, '[url=')) {
1101                         //append tag to str_tags
1102                         if (!stristr($str_tags, $tag)) {
1103                                 if (strlen($str_tags)) {
1104                                         $str_tags .= ',';
1105                                 }
1106                                 $str_tags .= $tag;
1107                         }
1108
1109                         // Checking for the alias that is used for OStatus
1110                         $pattern = "/@\[url\=(.*?)\](.*?)\[\/url\]/ism";
1111                         if (preg_match($pattern, $tag, $matches)) {
1112
1113                                 $r = q("SELECT `alias`, `name` FROM `contact` WHERE `nurl` = '%s' AND `alias` != '' AND `uid` = 0",
1114                                         normalise_link($matches[1]));
1115                                 if (!dbm::is_result($r)) {
1116                                         $r = q("SELECT `alias`, `name` FROM `gcontact` WHERE `nurl` = '%s' AND `alias` != ''",
1117                                                 normalise_link($matches[1]));
1118                                 }
1119                                 if (dbm::is_result($r)) {
1120                                         $data = $r[0];
1121                                 } else {
1122                                         $data = probe_url($matches[1]);
1123                                 }
1124
1125                                 if ($data["alias"] != "") {
1126                                         $newtag = '@[url=' . $data["alias"] . ']' . $data["name"] . '[/url]';
1127                                         if (!stristr($str_tags, $newtag)) {
1128                                                 if (strlen($str_tags)) {
1129                                                         $str_tags .= ',';
1130                                                 }
1131                                                 $str_tags .= $newtag;
1132                                         }
1133                                 }
1134                         }
1135
1136                         return $replaced;
1137                 }
1138                 $stat = false;
1139                 //get the person's name
1140                 $name = substr($tag, 1);
1141
1142                 // Sometimes the tag detection doesn't seem to work right
1143                 // This is some workaround
1144                 $nameparts = explode(" ", $name);
1145                 $name = $nameparts[0];
1146
1147                 // Try to detect the contact in various ways
1148                 if ((strpos($name, '@')) || (strpos($name, 'http://'))) {
1149                         // Is it in format @user@domain.tld or @http://domain.tld/...?
1150
1151                         // First check the contact table for the address
1152                         $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network`, `notify` FROM `contact`
1153                                 WHERE `addr` = '%s' AND `uid` = %d AND
1154                                         (`network` != '%s' OR (`notify` != '' AND `alias` != ''))
1155                                 LIMIT 1",
1156                                         dbesc($name),
1157                                         intval($profile_uid),
1158                                         dbesc(NETWORK_OSTATUS)
1159                         );
1160
1161                         // Then check in the contact table for the url
1162                         if (!dbm::is_result($r)) {
1163                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network`, `notify` FROM `contact`
1164                                         WHERE `nurl` = '%s' AND `uid` = %d AND
1165                                                 (`network` != '%s' OR (`notify` != '' AND `alias` != ''))
1166                                         LIMIT 1",
1167                                                 dbesc(normalise_link($name)),
1168                                                 intval($profile_uid),
1169                                                 dbesc(NETWORK_OSTATUS)
1170                                 );
1171                         }
1172
1173                         // Then check in the global contacts for the address
1174                         if (!dbm::is_result($r)) {
1175                                 $r = q("SELECT `url`, `nick`, `name`, `alias`, `network`, `notify` FROM `gcontact`
1176                                         WHERE `addr` = '%s' AND (`network` != '%s' OR (`notify` != '' AND `alias` != ''))
1177                                         LIMIT 1",
1178                                                 dbesc($name),
1179                                                 dbesc(NETWORK_OSTATUS)
1180                                 );
1181                         }
1182
1183                         // Then check in the global contacts for the url
1184                         if (!dbm::is_result($r)) {
1185                                 $r = q("SELECT `url`, `nick`, `name`, `alias`, `network`, `notify` FROM `gcontact`
1186                                         WHERE `nurl` = '%s' AND (`network` != '%s' OR (`notify` != '' AND `alias` != ''))
1187                                         LIMIT 1",
1188                                                 dbesc(normalise_link($name)),
1189                                                 dbesc(NETWORK_OSTATUS)
1190                                 );
1191                         }
1192
1193                         if (!dbm::is_result($r)) {
1194                                 $probed = probe_url($name);
1195                                 if ($result['network'] != NETWORK_PHANTOM) {
1196                                         update_gcontact($probed);
1197                                         $r = q("SELECT `url`, `name`, `nick`, `network`, `alias`, `notify` FROM `gcontact` WHERE `nurl` = '%s' LIMIT 1",
1198                                                 dbesc(normalise_link($probed["url"])));
1199                                 }
1200                         }
1201                 } else {
1202                         $r = false;
1203                         if (strrpos($name,'+')) {
1204                                 // Is it in format @nick+number?
1205                                 $tagcid = intval(substr($name,strrpos($name,'+') + 1));
1206
1207                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1",
1208                                                 intval($tagcid),
1209                                                 intval($profile_uid)
1210                                 );
1211                         }
1212
1213                         // select someone by attag or nick and the name passed in the current network
1214                         if(!dbm::is_result($r) AND ($network != ""))
1215                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `network` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
1216                                                 dbesc($name),
1217                                                 dbesc($name),
1218                                                 dbesc($network),
1219                                                 intval($profile_uid)
1220                                 );
1221
1222                         //select someone from this user's contacts by name in the current network
1223                         if (!dbm::is_result($r) AND ($network != "")) {
1224                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `name` = '%s' AND `network` = '%s' AND `uid` = %d LIMIT 1",
1225                                                 dbesc($name),
1226                                                 dbesc($network),
1227                                                 intval($profile_uid)
1228                                 );
1229                         }
1230
1231                         // select someone by attag or nick and the name passed in
1232                         if(!dbm::is_result($r)) {
1233                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `attag` = '%s' OR `nick` = '%s' AND `uid` = %d ORDER BY `attag` DESC LIMIT 1",
1234                                                 dbesc($name),
1235                                                 dbesc($name),
1236                                                 intval($profile_uid)
1237                                 );
1238                         }
1239
1240                         // select someone from this user's contacts by name
1241                         if(!dbm::is_result($r)) {
1242                                 $r = q("SELECT `id`, `url`, `nick`, `name`, `alias`, `network` FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
1243                                                 dbesc($name),
1244                                                 intval($profile_uid)
1245                                 );
1246                         }
1247                 }
1248
1249                 if (dbm::is_result($r)) {
1250                         if (strlen($inform) AND (isset($r[0]["notify"]) OR isset($r[0]["id"]))) {
1251                                 $inform .= ',';
1252                         }
1253
1254                         if (isset($r[0]["id"])) {
1255                                 $inform .= 'cid:' . $r[0]["id"];
1256                         } elseif (isset($r[0]["notify"])) {
1257                                 $inform  .= $r[0]["notify"];
1258                         }
1259
1260                         $profile = $r[0]["url"];
1261                         $alias   = $r[0]["alias"];
1262                         $newname = $r[0]["nick"];
1263                         if (($newname == "") OR (($r[0]["network"] != NETWORK_OSTATUS) AND ($r[0]["network"] != NETWORK_TWITTER)
1264                                 AND ($r[0]["network"] != NETWORK_STATUSNET) AND ($r[0]["network"] != NETWORK_APPNET))) {
1265                                 $newname = $r[0]["name"];
1266                         }
1267                 }
1268
1269                 //if there is an url for this persons profile
1270                 if (isset($profile) AND ($newname != "")) {
1271
1272                         $replaced = true;
1273                         // create profile link
1274                         $profile = str_replace(',','%2c',$profile);
1275                         $newtag = '@[url='.$profile.']'.$newname.'[/url]';
1276                         $body = str_replace('@'.$name, $newtag, $body);
1277                         // append tag to str_tags
1278                         if (! stristr($str_tags,$newtag)) {
1279                                 if (strlen($str_tags)) {
1280                                         $str_tags .= ',';
1281                                 }
1282                                 $str_tags .= $newtag;
1283                         }
1284
1285                         // Status.Net seems to require the numeric ID URL in a mention if the person isn't
1286                         // subscribed to you. But the nickname URL is OK if they are. Grrr. We'll tag both.
1287                         if (strlen($alias)) {
1288                                 $newtag = '@[url='.$alias.']'.$newname.'[/url]';
1289                                 if (! stristr($str_tags,$newtag)) {
1290                                         if (strlen($str_tags)) {
1291                                                 $str_tags .= ',';
1292                                         }
1293                                         $str_tags .= $newtag;
1294                                 }
1295                         }
1296                 }
1297         }
1298
1299         return array('replaced' => $replaced, 'contact' => $r[0]);
1300 }