X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=mod%2Fitem.php;h=0982bb35d34ef20e370c31e0613a789c8d7db012;hb=ded2812799a63ba159072281d04cb08e1128b4af;hp=5b81f13eeb55257daca551a0ee16699406475194;hpb=709c86b2daec32ae0d5d6d0e7f88b8607e02edba;p=friendica.git

diff --git a/mod/item.php b/mod/item.php
index 5b81f13eeb..0982bb35d3 100644
--- a/mod/item.php
+++ b/mod/item.php
@@ -1,5 +1,12 @@
 <?php
 
+// This is the POST destination for most all locally posted
+// text stuff. This function handles status, wall-to-wall status, 
+// local comments, and remote coments - that are posted on this site 
+// (as opposed to being delivered in a feed).
+// All of these become an "item" which is our basic unit of 
+// information. 
+
 function item_post(&$a) {
 
 	if((! local_user()) && (! remote_user()))
@@ -7,8 +14,7 @@ function item_post(&$a) {
 
 	require_once('include/security.php');
 
-	$uid = $_SESSION['uid'];
-
+	$uid = local_user();
 
 	$parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0);
 
@@ -29,7 +35,7 @@ function item_post(&$a) {
 
 
 	if(! can_write_wall($a,$profile_uid)) {
-		notice("Permission denied." . EOL) ;
+		notice( t('Permission denied.') . EOL) ;
 		return;
 	}
 
@@ -42,37 +48,29 @@ function item_post(&$a) {
 		$user = $r[0];
 	
 
-	$str_group_allow = '';
-	$group_allow = $_POST['group_allow'];
-	if(is_array($group_allow)) {
-		array_walk($group_allow,'sanitise_acl');
-		$str_group_allow = implode('',$group_allow);
-	}
-
-	$str_contact_allow = '';
-	$contact_allow = $_POST['contact_allow'];
-	if(is_array($contact_allow)) {
-		array_walk($contact_allow,'sanitise_acl');
-		$str_contact_allow = implode('',$contact_allow);
-	}
-
-	$str_group_deny = '';
-	$group_deny = $_POST['group_deny'];
-	if(is_array($group_deny)) {
-		array_walk($group_deny,'sanitise_acl');
-		$str_group_deny = implode('',$group_deny);
-	}
-
-	$str_contact_deny = '';
-	$contact_deny = $_POST['contact_deny'];
-	if(is_array($contact_deny)) {
-		array_walk($contact_deny,'sanitise_acl');
-		$str_contact_deny = implode('',$contact_deny);
+	$str_group_allow   = perms2str($_POST['group_allow']);
+	$str_contact_allow = perms2str($_POST['contact_allow']);
+	$str_group_deny    = perms2str($_POST['group_deny']);
+	$str_contact_deny  = perms2str($_POST['contact_deny']);
+
+	$private = ((strlen($str_group_allow) || strlen($str_contact_allow) || strlen($str_group_deny) || strlen($str_contact_deny)) ? 1 : 0);
+
+	if(($parent_item) && 
+		(($parent_item['private']) 
+			|| strlen($parent_item['allow_cid']) 
+			|| strlen($parent_item['allow_gid']) 
+			|| strlen($parent_item['deny_cid']) 
+			|| strlen($parent_item['deny_gid'])
+		)
+	) {
+		$private = 1;
 	}
 
-	$title = notags(trim($_POST['title']));
-	$body = escape_tags(trim($_POST['body']));
-	$location = notags(trim($_POST['location']));
+	$title             = notags(trim($_POST['title']));
+	$body              = escape_tags(trim($_POST['body']));
+	$location          = notags(trim($_POST['location']));
+	$coord             = notags(trim($_POST['coord']));
+	$verb              = notags(trim($_POST['verb']));
 
 	if(! strlen($body)) {
 		notice( t('Empty post discarded.') . EOL );
@@ -83,8 +81,10 @@ function item_post(&$a) {
 	// get contact info for poster
 
 	$author = null;
+	$self   = false;
 
 	if(($_SESSION['uid']) && ($_SESSION['uid'] == $profile_uid)) {
+		$self = true;
 		$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
 			intval($_SESSION['uid'])
 		);
@@ -117,89 +117,210 @@ function item_post(&$a) {
 
 	$post_type = notags(trim($_POST['type']));
 
-	if($post_type == 'net-comment') {
+	if($post_type === 'net-comment') {
 		if($parent_item !== null) {
-			if($parent_item['type'] == 'remote')
+			if($parent_item['type'] === 'remote') {
 				$post_type = 'remote-comment';
-			else		
+			} 
+			else {		
 				$post_type = 'wall-comment';
+			}
 		}
 	}
 
-	$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
+	$str_tags = '';
+	$inform   = '';
 
-	do {
-		$dups = false;
-		$hash = random_string();
+	$tags = get_tags($body);
 
-		$uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash;
 
-		$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
-			dbesc($uri));
-		if(count($r))
-			$dups = true;
-	} while($dups == true);
-
-
-	$r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, 
-		`author-name`, `author-link`, `author-avatar`, `created`,
-		`edited`, `uri`, `title`, `body`, `location`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`)
-		VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )",
-		intval($profile_uid),
-		dbesc($post_type),
-		intval($contact_id),
-		dbesc($contact_record['name']),
-		dbesc($contact_record['url']),
-		dbesc($contact_record['thumb']),
-		dbesc($author['name']),
-		dbesc($author['url']),
-		dbesc($author['thumb']),
-		datetime_convert(),
-		datetime_convert(),
-		dbesc($uri),
-		dbesc($title),
-		dbesc($body),
-		dbesc($location),
-		dbesc($str_contact_allow),
-		dbesc($str_group_allow),
-		dbesc($str_contact_deny),
-		dbesc($str_group_deny)
+	if(count($tags)) {
+		foreach($tags as $tag) {
+			if(strpos($tag,'#') === 0) {
+				$basetag = str_replace('_',' ',substr($tag,1));
+				$body = str_replace($tag,'#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]',$body);
+				if(strlen($str_tags))
+					$str_tags .= ',';
+				$str_tags .= '#[url=' . $a->get_baseurl() . '/search?search=' . rawurlencode($basetag) . ']' . $basetag . '[/url]';
+				continue;
+			}
+			if(strpos($tag,'@') === 0) {
+				$name = substr($tag,1);
+				if((strpos($name,'@')) || (strpos($name,'http://'))) {
+					$newname = $name;
+					$links = @lrdd($name);
+					if(count($links)) {
+						foreach($links as $link) {
+							if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+                    			$profile = $link['@attributes']['href'];
+							if($link['@attributes']['rel'] === 'salmon') {
+								if(strlen($inform))
+									$inform .= ',';
+                    			$inform .= 'url:' . str_replace(',','%2c',$link['@attributes']['href']);
+							}
+						}
+					}
+				}
+				else {
+					$newname = $name;
+					if(strstr($name,'_')) {
+						$newname = str_replace('_',' ',$name);
+						$r = q("SELECT * FROM `contact` WHERE `name` = '%s' AND `uid` = %d LIMIT 1",
+							dbesc($newname),
+							intval($profile_uid)
+						);
+					}
+					else {
+						$r = q("SELECT * FROM `contact` WHERE `nick` = '%s' AND `uid` = %d LIMIT 1",
+							dbesc($name),
+							intval($profile_uid)
+						);
+					}
+					if(count($r)) {
+						$profile = $r[0]['url'];
+						$newname = $r[0]['name'];
+						if(strlen($inform))
+							$inform .= ',';
+						$inform .= 'cid:' . $r[0]['id'];
+					}
+				}
+				if($profile) {
+					$body = str_replace($name,'[url=' . $profile . ']' . $newname	. '[/url]', $body);
+					$profile = str_replace(',','%2c',$profile);
+					if(strlen($str_tags))
+						$str_tags .= ',';
+					$str_tags .= '@[url=' . $profile . ']' . $newname	. '[/url]';
+				}
+			}
+		}
+	}
+
+	$wall = 0;
+	if($post_type === 'wall' || $post_type === 'wall-comment')
+		$wall = 1;
+
+	if(! strlen($verb))
+		$verb = ACTIVITY_POST ;
+
+	$gravity = (($parent) ? 6 : 0 );
+ 
+	$notify_type = (($parent) ? 'comment-new' : 'wall-new' );
+
+	$uri = item_new_uri($a->get_hostname(),$profile_uid);
+
+	$datarray = array();
+	$datarray['uid']           = $profile_uid;
+	$datarray['type']          = $post_type;
+	$datarray['wall']          = $wall;
+	$datarray['gravity']       = $gravity;
+	$datarray['contact-id']    = $contact_id;
+	$datarray['owner-name']    = $contact_record['name'];
+	$datarray['owner-link']    = $contact_record['url'];
+	$datarray['owner-avatar']  = $contact_record['thumb'];
+	$datarray['author-name']   = $author['name'];
+	$datarray['author-link']   = $author['url'];
+	$datarray['author-avatar'] = $author['thumb'];
+	$datarray['created']       = datetime_convert();
+	$datarray['edited']        = datetime_convert();
+	$datarray['changed']       = datetime_convert();
+	$datarray['uri']           = $uri;
+	$datarray['title']         = $title;
+	$datarray['body']          = $body;
+	$datarray['location']      = $location;
+	$datarray['coord']         = $coord;
+	$datarray['tag']           = $str_tags;
+	$datarray['inform']        = $inform;
+	$datarray['verb']          = $verb;
+	$datarray['allow_cid']     = $str_contact_allow;
+	$datarray['allow_gid']     = $str_group_allow;
+	$datarray['deny_cid']      = $str_contact_deny;
+	$datarray['deny_gid']      = $str_group_deny;
+	$datarray['private']       = $private;
+
+	/**
+	 * These fields are for the convenience of plugins...
+	 * 'self' if true indicates the owner is posting on their own wall
+	 * If parent is 0 it is a top-level post.
+	 */
+
+	$datarray['parent']        = $parent;
+	$datarray['self']          = $self;
+
+
+	call_hooks('post_local',$datarray);
+
+	$r = q("INSERT INTO `item` (`uid`,`type`,`wall`,`gravity`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, 
+		`author-name`, `author-link`, `author-avatar`, `created`, `edited`, `changed`, `uri`, `title`, `body`, `location`, `coord`, 
+		`tag`, `inform`, `verb`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`, `private` )
+		VALUES( %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d )",
+		intval($datarray['uid']),
+		dbesc($datarray['type']),
+		intval($datarray['wall']),
+		intval($datarray['gravity']),
+		intval($datarray['contact-id']),
+		dbesc($datarray['owner-name']),
+		dbesc($datarray['owner-link']),
+		dbesc($datarray['owner-avatar']),
+		dbesc($datarray['author-name']),
+		dbesc($datarray['author-link']),
+		dbesc($datarray['author-avatar']),
+		dbesc($datarray['created']),
+		dbesc($datarray['edited']),
+		dbesc($datarray['changed']),
+		dbesc($datarray['uri']),
+		dbesc($datarray['title']),
+		dbesc($datarray['body']),
+		dbesc($datarray['location']),
+		dbesc($datarray['coord']),
+		dbesc($datarray['tag']),
+		dbesc($datarray['inform']),
+		dbesc($datarray['verb']),
+		dbesc($datarray['allow_cid']),
+		dbesc($datarray['allow_gid']),
+		dbesc($datarray['deny_cid']),
+		dbesc($datarray['deny_gid']),
+		intval($datarray['private'])
 	);
+
 	$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
-		dbesc($uri));
+		dbesc($datarray['uri']));
 	if(count($r)) {
 		$post_id = $r[0]['id'];
+		logger('mod_item: saved item ' . $post_id);
 
 		if($parent) {
 
 			// This item is the last leaf and gets the comment box, clear any ancestors
-			$r = q("UPDATE `item` SET `last-child` = 0 WHERE `parent` = %d ",
+			$r = q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent` = %d ",
+				dbesc(datetime_convert()),
 				intval($parent)
 			);
 
 			// Inherit ACL's from the parent item.
-			// TODO merge with subsequent UPDATE operation and save a db write 
 
-			$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s'
+			$r = q("UPDATE `item` SET `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s', `private` = %d
 				WHERE `id` = %d LIMIT 1",
 				dbesc($parent_item['allow_cid']),
 				dbesc($parent_item['allow_gid']),
 				dbesc($parent_item['deny_cid']),
 				dbesc($parent_item['deny_gid']),
+				intval($parent_item['private']),
 				intval($post_id)
 			);
 
+			// Send a notification email to the conversation owner, unless the owner is me and I wrote this item
 			if(($user['notify-flags'] & NOTIFY_COMMENT) && ($contact_record != $author)) {
 				require_once('bbcode.php');
 				$from = $author['name'];
-				$tpl = file_get_contents('view/cmnt_received_eml.tpl');			
+				$tpl = load_view_file('view/cmnt_received_eml.tpl');			
 				$email_tpl = replace_macros($tpl, array(
 					'$sitename' => $a->config['sitename'],
 					'$siteurl' =>  $a->get_baseurl(),
 					'$username' => $user['username'],
 					'$email' => $user['email'],
 					'$from' => $from,
-					'$body' => strip_tags(bbcode($body))
+					'$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
+					'$body' => strip_tags(bbcode($datarray['body']))
 				));
 
 				$res = mail($user['email'], $from . t(" commented on your item at ") . $a->config['sitename'],
@@ -209,17 +330,20 @@ function item_post(&$a) {
 		else {
 			$parent = $post_id;
 
+			// let me know if somebody did a wall-to-wall post on my profile
+
 			if(($user['notify-flags'] & NOTIFY_WALL) && ($contact_record != $author)) {
 				require_once('bbcode.php');
 				$from = $author['name'];
-				$tpl = file_get_contents('view/wall_received_eml.tpl');			
+				$tpl = load_view_file('view/wall_received_eml.tpl');			
 				$email_tpl = replace_macros($tpl, array(
 					'$sitename' => $a->config['sitename'],
 					'$siteurl' =>  $a->get_baseurl(),
 					'$username' => $user['username'],
 					'$email' => $user['email'],
 					'$from' => $from,
-					'$body' => strip_tags(bbcode($body))
+					'$display' => $a->get_baseurl() . '/display/' . $user['nickname'] . '/' . $post_id,
+					'$body' => strip_tags(bbcode($datarray['body']))
 				));
 
 				$res = mail($user['email'], $from . t(" posted on your profile wall at ") . $a->config['sitename'],
@@ -227,13 +351,18 @@ function item_post(&$a) {
 			}
 		}
 
-		$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `last-child` = 1, `visible` = 1
+		$r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `changed` = '%s', `last-child` = 1, `visible` = 1
 			WHERE `id` = %d LIMIT 1",
 			intval($parent),
 			dbesc(($parent == $post_id) ? $uri : $parent_item['uri']),
+			dbesc(datetime_convert()),
 			intval($post_id)
 		);
+
 		// photo comments turn the corresponding item visible to the profile wall
+		// This way we don't see every picture in your new photo album posted to your wall at once.
+		// They will show up as people comment on them.
+
 		if(! $parent_item['visible']) {
 			$r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d LIMIT 1",
 				intval($parent_item['id'])
@@ -243,13 +372,47 @@ function item_post(&$a) {
 
 	$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
 
+	logger('mod_item: notifier invoked: ' . "\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" &");
+
 	proc_close(proc_open("\"$php_path\" \"include/notifier.php\" \"$notify_type\" \"$post_id\" &",
 		array(),$foo));
 
+	/**
+	 * Post to Facebook stream
+	 */
+
+	if((local_user()) && (local_user() == $profile_uid) && (! $private)) {
+		$appid  = get_config('system', 'facebook_appid'  );
+		$secret = get_config('system', 'facebook_secret' );
+		if($appid && $secret) {
+			$fb_post = get_pconfig($local_user(),'facebook','post');
+			if($fb_post) {
+				require_once('library/facebook.php');
+				require_once('include/bbcode.php');	
+
+				$facebook = new Facebook(array(
+					'appId'  => $appid,
+					'secret' => $secret,
+					'cookie' => true
+				));			
+				try {
+					$statusUpdate = $facebook->api('/me/feed', 'post', array('message'=> bbcode($datarray['body']), 'cb' => ''));
+				} 
+				catch (FacebookApiException $e) {
+					notice( t('Facebook status update failed.') . EOL);
+				}
+			}
+		}
+	}
+
 	goaway($a->get_baseurl() . "/" . $_POST['return'] );
 	return; // NOTREACHED
 }
 
+
+
+
+
 function item_content(&$a) {
 
 	if((! local_user()) && (! remote_user()))
@@ -259,7 +422,7 @@ function item_content(&$a) {
 
 	$uid = $_SESSION['uid'];
 
-	if(($a->argc == 3) && ($a->argv[1] == 'drop') && intval($a->argv[2])) {
+	if(($a->argc == 3) && ($a->argv[1] === 'drop') && intval($a->argv[2])) {
 
 		// locate item to be deleted
 
@@ -279,7 +442,8 @@ function item_content(&$a) {
 
 			// delete the item
 
-			$r = q("UPDATE `item` SET `deleted` = 1, `body` = '', `edited` = '%s' WHERE `id` = %d LIMIT 1",
+			$r = q("UPDATE `item` SET `deleted` = 1, `body` = '', `edited` = '%s', `changed` = '%s' WHERE `id` = %d LIMIT 1",
+				dbesc(datetime_convert()),
 				dbesc(datetime_convert()),
 				intval($item['id'])
 			);
@@ -300,15 +464,33 @@ function item_content(&$a) {
 			// If it's the parent of a comment thread, kill all the kids
 
 			if($item['uri'] == $item['parent-uri']) {
-				$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `body` = '' 
+				$r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' 
 					WHERE `parent-uri` = '%s' AND `uid` = %d ",
 					dbesc(datetime_convert()),
+					dbesc(datetime_convert()),
 					dbesc($item['parent-uri']),
 					intval($item['uid'])
 				);
 				// ignore the result
 			}
-
+			else {
+				// ensure that last-child is set in case the comment that had it just got wiped.
+				q("UPDATE `item` SET `last-child` = 0, `changed` = '%s' WHERE `parent-uri` = '%s' AND `uid` = %d ",
+					dbesc(datetime_convert()),
+					dbesc($item['parent-uri']),
+					intval($item['uid'])
+				);
+				// who is the last child now? 
+				$r = q("SELECT `id` FROM `item` WHERE `parent-uri` = '%s' AND `type` != 'activity' AND `deleted` = 0 AND `uid` = %d ORDER BY `edited` DESC LIMIT 1",
+					dbesc($item['parent-uri']),
+					intval($item['uid'])
+				);
+				if(count($r)) {
+					q("UPDATE `item` SET `last-child` = 1 WHERE `id` = %d LIMIT 1",
+						intval($r[0]['id'])
+					);
+				}	
+			}
 			$drop_id = intval($item['id']);
 			$php_path = ((strlen($a->config['php_path'])) ? $a->config['php_path'] : 'php');
 			
@@ -323,7 +505,7 @@ function item_content(&$a) {
 		else {
 			notice( t('Permission denied.') . EOL);
 			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
-			return; //NOTREACHED
+			//NOTREACHED
 		}
 	}
 }
\ No newline at end of file