$r = dba::p(
"SELECT ".item_fieldlists()."
- FROM `item` ".item_joins()."
+ FROM `item` ".item_joins(api_user())."
WHERE ".item_condition()." AND (`item`.`uid` = 0 OR (`item`.`uid` = ? AND NOT `item`.`global`))
AND `item`.`body` LIKE CONCAT('%',?,'%')
$sql_extra
"SELECT " . item_fieldlists() . "
FROM `thread`
STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
- " . item_joins() . "
+ " . item_joins(api_user()) . "
STRAIGHT_JOIN `user` ON `user`.`uid` = `thread`.`uid`
AND NOT `user`.`hidewall`
AND `verb` = ?
$r = dba::p(
"SELECT " . item_fieldlists() . "
FROM `item`
- " . item_joins() . "
+ " . item_joins(api_user()) . "
STRAIGHT_JOIN `user` ON `user`.`uid` = `item`.`uid`
AND NOT `user`.`hidewall`
AND `verb` = ?
"SELECT " . item_fieldlists() . "
FROM `thread`
STRAIGHT_JOIN `item` ON `item`.`id` = `thread`.`iid`
- " . item_joins() . "
+ " . item_joins(api_user()) . "
WHERE `thread`.`uid` = 0
AND `verb` = ?
AND NOT `thread`.`private`
$sql_extra .= " AND `item`.`id` = %d";
}
+ // try to fetch the item for the local user - or the public item, if there is no local one
+ $uri_item = dba::selectFirst('item', ['uri'], ['id' => $id]);
+ if (!DBM::is_result($uri_item)) {
+ throw new BadRequestException("There is no status with this id.");
+ }
+
+ $item = dba::selectFirst('item', ['id'], ['uri' => $uri_item['uri'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]);
+ if (!DBM::is_result($item)) {
+ throw new BadRequestException("There is no status with this id.");
+ }
+
+ $id = $item['id'];
+
$r = q(
"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id` AND `contact`.`uid` = `item`.`uid`
AND (NOT `contact`.`blocked` OR `contact`.`pending`)
WHERE `item`.`visible` AND NOT `item`.`moderated` AND NOT `item`.`deleted`
- AND `item`.`uid` = %d AND `item`.`verb` = '%s'
+ AND `item`.`uid` IN (0, %d) AND `item`.`verb` = '%s'
$sql_extra",
intval(api_user()),
dbesc(ACTIVITY_POST),
logger('API: api_conversation_show: '.$id);
- $r = q("SELECT `parent` FROM `item` WHERE `id` = %d", intval($id));
- if (DBM::is_result($r)) {
- $id = $r[0]["parent"];
+ // try to fetch the item for the local user - or the public item, if there is no local one
+ $item = dba::selectFirst('item', ['parent-uri'], ['id' => $id]);
+ if (!DBM::is_result($item)) {
+ throw new BadRequestException("There is no status with this id.");
+ }
+
+ $parent = dba::selectFirst('item', ['id'], ['uri' => $item['parent-uri'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]);
+ if (!DBM::is_result($parent)) {
+ throw new BadRequestException("There is no status with this id.");
}
+ $id = $parent['id'];
+
$sql_extra = '';
if ($max_id > 0) {
$sql_extra = ' AND `item`.`id` <= ' . intval($max_id);
}
- // Not sure why this query was so complicated. We should keep it here for a while,
- // just to make sure that we really don't need it.
- // FROM `item` INNER JOIN (SELECT `uri`,`parent` FROM `item` WHERE `id` = %d) AS `temp1`
- // ON (`item`.`thr-parent` = `temp1`.`uri` AND `item`.`parent` = `temp1`.`parent`)
-
$r = q(
"SELECT `item`.*, `item`.`id` AS `item_id`, `item`.`network` AS `item_network`,
`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,
AND (NOT `contact`.`blocked` OR `contact`.`pending`)
WHERE `item`.`parent` = %d AND `item`.`visible`
AND NOT `item`.`moderated` AND NOT `item`.`deleted`
- AND `item`.`uid` = %d AND `item`.`verb` = '%s'
+ AND `item`.`uid` IN (0, %d) AND `item`.`verb` = '%s'
AND `item`.`id`>%d $sql_extra
ORDER BY `item`.`id` DESC LIMIT %d ,%d",
intval($id),
$ret = api_statuses_show($type);
- Item::deleteById($id);
+ Item::deleteForUser(['id' => $id], api_user());
return $ret;
}
if (!DBM::is_result($photo_item)) {
throw new InternalServerErrorException("problem with deleting items occured");
}
- Item::deleteById($photo_item[0]['id']);
+ Item::deleteForUser(['id' => $photo_item[0]['id']], api_user());
}
// now let's delete all photos from the album
throw new BadRequestException("no new albumname specified");
}
// check if album is existing
- $r = q(
- "SELECT `id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'",
- intval(api_user()),
- dbesc($album)
- );
- if (!DBM::is_result($r)) {
+ if (!dba::exists('photo', ['uid' => api_user(), 'album' => $album])) {
throw new BadRequestException("album not available");
}
// now let's update all photos to the albumname
- $result = q(
- "UPDATE `photo` SET `album` = '%s' WHERE `uid` = %d AND `album` = '%s'",
- dbesc($album_new),
- intval(api_user()),
- dbesc($album)
- );
+ $result = dba::update('photo', ['album' => $album_new], ['uid' => api_user(), 'album' => $album]);
// return success of updating or error message
if ($result) {
}
// function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore
// to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion)
- Item::deleteById($photo_item[0]['id']);
+ Item::deleteForUser(['id' => $photo_item[0]['id']], api_user());
$answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.'];
return api_format_data("photo_delete", $type, ['$result' => $answer]);
throw new ForbiddenException();
}
// input params
- $profileid = defaults($_REQUEST, 'profile_id', 0);
+ $profile_id = defaults($_REQUEST, 'profile_id', 0);
// error if image data is missing
if (!x($_FILES, 'image')) {
}
// check if specified profile id is valid
- if ($profileid != 0) {
- $r = q(
- "SELECT `id` FROM `profile` WHERE `uid` = %d AND `id` = %d",
- intval(api_user()),
- intval($profileid)
- );
+ if ($profile_id != 0) {
+ $profile = dba::selectFirst('profile', ['is-default'], ['uid' => api_user(), 'id' => $profile_id]);
// error message if specified profile id is not in database
- if (!DBM::is_result($r)) {
+ if (!DBM::is_result($profile)) {
throw new BadRequestException("profile_id not available");
}
- $is_default_profile = $r['profile'];
+ $is_default_profile = $profile['is-default'];
} else {
$is_default_profile = 1;
}
}
// change specified profile or all profiles to the new resource-id
if ($is_default_profile) {
- q(
- "UPDATE `photo` SET `profile` = 0 WHERE `profile` = 1 AND `resource-id` != '%s' AND `uid` = %d",
- dbesc($data['photo']['id']),
- intval(local_user())
- );
-
- q(
- "UPDATE `contact` SET `photo` = '%s', `thumb` = '%s', `micro` = '%s' WHERE `self` AND `uid` = %d",
- dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext),
- dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext),
- dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-6.' . $fileext),
- intval(local_user())
- );
+ $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()];
+ dba::update('photo', ['profile' => false], $condition);
} else {
- q(
- "UPDATE `profile` SET `photo` = '%s', `thumb` = '%s' WHERE `id` = %d AND `uid` = %d",
- dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype),
- dbesc(System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype),
- intval($_REQUEST['profile']),
- intval(local_user())
- );
+ $fields = ['photo' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $filetype,
+ 'thumb' => System::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $filetype];
+ dba::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]);
}
- // we'll set the updated profile-photo timestamp even if it isn't the default profile,
- // so that browsers will do a cache update unconditionally
-
- q(
- "UPDATE `contact` SET `avatar-date` = '%s' WHERE `self` = 1 AND `uid` = %d",
- dbesc(DateTimeFormat::utcNow()),
- intval(local_user())
- );
+ Contact::updateSelfFromUserID(api_user(), true);
// Update global directory in background
//$user = api_get_user(get_app());
$sec = random_string();
- q(
- "INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)
- VALUES( %d, %s, '%s', '%s', %d )",
- intval(api_user()),
- intval($cid),
- dbesc($dfrn_id),
- dbesc($sec),
- intval(time() + 45)
- );
+ $fields = ['uid' => api_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
+ 'sec' => $sec, 'expire' => time() + 45];
+ dba::insert('profile_check', $fields);
logger($contact['name'] . ' ' . $sec, LOGGER_DEBUG);
$dest = ($url ? '&destination_url=' . $url : '');
return api_format_data("direct_messages_setseen", $type, ['$result' => $answer]);
}
- // get data of the specified message id
- $r = q(
- "SELECT `id` FROM `mail` WHERE `id` = %d AND `uid` = %d",
- intval($id),
- intval($uid)
- );
-
// error message if specified id is not in database
- if (!DBM::is_result($r)) {
+ if (!dba::exists('mail', ['id' => $id, 'uid' => $uid])) {
$answer = ['result' => 'error', 'message' => 'message id not in database'];
return api_format_data("direct_messages_setseen", $type, ['$result' => $answer]);
}
// update seen indicator
- $result = q(
- "UPDATE `mail` SET `seen` = 1 WHERE `id` = %d AND `uid` = %d",
- intval($id),
- intval($uid)
- );
+ $result = dba::update('mail', ['seen' => true], ['id' => $id]);
if ($result) {
// return success
}
// input params
- $profileid = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0);
+ $profile_id = (x($_REQUEST, 'profile_id') ? $_REQUEST['profile_id'] : 0);
// retrieve general information about profiles for user
$multi_profiles = Feature::isEnabled(api_user(), 'multi_profiles');
$directory = Config::get('system', 'directory');
// get data of the specified profile id or all profiles of the user if not specified
- if ($profileid != 0) {
+ if ($profile_id != 0) {
$r = q(
"SELECT * FROM `profile` WHERE `uid` = %d AND `id` = %d",
intval(api_user()),
- intval($profileid)
+ intval($profile_id)
);
// error message if specified gid is not in database