X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fitem.php;h=552d3e3b3c339b6091722e48aa098126b124dc60;hb=6d7b0182376d6ce0cfa2c4e01500ff321b9e9b51;hp=83854ed159db25b95df4b56df4a97a7c38fcb185;hpb=4631a3c282228dff2681cd493f997d14c412fba5;p=friendica.git diff --git a/mod/item.php b/mod/item.php index 83854ed159..552d3e3b3c 100644 --- a/mod/item.php +++ b/mod/item.php @@ -5,13 +5,15 @@ function sanitise_acl(&$item) { } function item_post(&$a) { -dbg(2); + if((! local_user()) && (! remote_user())) return; require_once('include/security.php'); $uid = $_SESSION['uid']; + + $parent = ((x($_POST,'parent')) ? intval($_POST['parent']) : 0); $parent_item = null; @@ -22,7 +24,7 @@ dbg(2); ); if(! count($r)) { notice("Unable to locate original post." . EOL); - goaway($a->get_baseurl() . "/profile/$profile_uid"); + goaway($a->get_baseurl() . "/" . $_POST['return'] ); } $parent_item = $r[0]; } @@ -67,41 +69,66 @@ dbg(2); if(! strlen($body)) { notice("Empty post discarded." . EOL ); - goaway($a->get_baseurl() . "/profile/$profile_uid"); + goaway($a->get_baseurl() . "/" . $_POST['return'] ); + } - if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) + // get contact info for poster + + if((x($_SESSION,'visitor_id')) && (intval($_SESSION['visitor_id']))) { $contact_id = $_SESSION['visitor_id']; + } else { - $r = q("SELECT `id` FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($_SESSION['uid'])); if(count($r)) $contact_id = $r[0]['id']; - } + } + + // get contact info for owner + + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", + intval($profile_uid) + ); + if(count($r)) + $contact_record = $r[0]; + + $post_type == notags(trim($_POST['type'])); + + if($post_type == 'net-comment') { + if($parent_item !== null && $parent_item['type'] != 'remote') + $post_type = 'wall-comment'; + } $notify_type = (($parent) ? 'comment-new' : 'wall-new' ); - if($_POST['type'] == 'jot') { + if(($_POST['type'] == 'wall') || ($_POST['type'] == 'wall-comment') || ($_POST['type'] == 'net-comment')) { do { $dups = false; $hash = random_string(); - $r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' LIMIT 1", - dbesc($hash)); + + $uri = "urn:X-dfrn:" . $a->get_hostname() . ':' . $profile_uid . ':' . $hash; + + $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", + dbesc($uri)); if(count($r)) $dups = true; } while($dups == true); - $r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`created`,`edited`,`hash`,`body`, - `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`) - VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", + $r = q("INSERT INTO `item` (`uid`,`type`,`contact-id`,`owner-name`,`owner-link`,`owner-avatar`, `created`, + `edited`, `uri`, `body`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid`) + VALUES( %d, '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )", intval($profile_uid), - "jot", + dbesc($_POST['type']), intval($contact_id), + dbesc($contact_record['name']), + dbesc($contact_record['url']), + dbesc($contact_record['thumb']), datetime_convert(), datetime_convert(), - dbesc($hash), + dbesc($uri), dbesc(escape_tags(trim($_POST['body']))), dbesc($str_contact_allow), dbesc($str_group_allow), @@ -109,8 +136,8 @@ dbg(2); dbesc($str_group_deny) ); - $r = q("SELECT `id` FROM `item` WHERE `hash` = '%s' LIMIT 1", - dbesc($hash)); + $r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1", + dbesc($uri)); if(count($r)) { $post_id = $r[0]['id']; @@ -137,24 +164,84 @@ dbg(2); $parent = $post_id; } - $r = q("UPDATE `item` SET `parent` = %d, `last-child` = 1, `visible` = 1 + $r = q("UPDATE `item` SET `parent` = %d, `parent-uri` = '%s', `last-child` = 1, `visible` = 1 WHERE `id` = %d LIMIT 1", intval($parent), - intval($post_id)); + dbesc(($parent == $post_id) ? $uri : $parent_item['uri']), + intval($post_id) + ); } - $url = bin2hex($a->get_baseurl()); + $url = $a->get_baseurl(); - proc_close(proc_open("php include/notifier.php $url $notify_type $post_id > notify.log &", + proc_close(proc_open("php include/notifier.php \"$url\" \"$notify_type\" \"$post_id\" > notify.log &", array(),$foo)); } -// goaway($a->get_baseurl() . "/profile/$profile_uid"); + goaway($a->get_baseurl() . "/" . $_POST['return'] ); + return; // NOTREACHED +} +function item_content(&$a) { + if((! local_user()) && (! remote_user())) + return; + require_once('include/security.php'); + $uid = $_SESSION['uid']; + if(($a->argc == 3) && ($a->argv[1] == 'drop') && intval($a->argv[2])) { + // locate item to be deleted + $r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1", + intval($a->argv[2]) + ); + + if(! count($r)) { + notice("Item not found." . EOL); + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + } + $item = $r[0]; + + // check if logged in user is either the author or owner of this item + + if(($_SESSION['visitor_id'] == $item['contact-id']) || ($_SESSION['uid'] == $item['uid'])) { + + // delete the item + + $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' WHERE `id` = %d LIMIT 1", + dbesc(datetime_convert()), + intval($item['id']) + ); + + // If it's the parent of a comment thread, kill all the kids + + if($item['uri'] == $item['parent-uri']) { + $r = q("UPDATE `item` SET `deleted` = 1, `edited` = '%s' + WHERE `parent-uri` = '%s' AND `uid` = %d ", + dbesc(datetime_convert()), + dbesc($item['parent-uri']), + intval($item['uid']) + ); + } + + $url = $a->get_baseurl(); + $drop_id = intval($item['id']); + + // send the notification upstream/downstream as the case may be + + proc_close(proc_open("php include/notifier.php \"$url\" \"drop\" \"$drop_id\" > notify.log &", + array(),$foo)); + + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + return; //NOTREACHED + } + else { + notice("Permission denied." . EOL); + goaway($a->get_baseurl() . '/' . $_SESSION['return_url']); + return; //NOTREACHED + } + } } \ No newline at end of file