<?php
+require_once('include/datetime.php');
+
/**
*
* MySQL database class
logger('dba: ' . $str );
}
- else {
- /**
- * If dbfail.out exists, we will write any failed calls directly to it,
- * regardless of any logging that may or may nor be in effect.
- * These usually indicate SQL syntax errors that need to be resolved.
- */
+ /**
+ * If dbfail.out exists, we will write any failed calls directly to it,
+ * regardless of any logging that may or may nor be in effect.
+ * These usually indicate SQL syntax errors that need to be resolved.
+ */
- if($result === false) {
- logger('dba: ' . printable($sql) . ' returned false.');
- if(file_exists('dbfail.out'))
- file_put_contents('dbfail.out', printable($sql) . ' returned false' . "\n", FILE_APPEND);
- }
+ if($result === false) {
+ logger('dba: ' . printable($sql) . ' returned false.');
+ if(file_exists('dbfail.out'))
+ file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . ' returned false' . "\n", FILE_APPEND);
}
if(($result === true) || ($result === false))
if($this->debug)
- logger('dba: ' . printable(print_r($r, true)), LOGGER_DATA);
+ logger('dba: ' . printable(print_r($r, true)));
return($r);
}
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => $birthday
+ '$birthday' => $birthday,
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
));
foreach($items as $item) {
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
- $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`
+ $r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`
FROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`
WHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1",
dbesc($owner_nick)
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : '')
+ '$birthday' => ((strlen($birthday)) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''),
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
));
call_hooks('atom_feed', $atom);
}
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(is_array($contact) && intval($contact['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($contact['id'])
+ );
+ $contact['forum'] = (string) $community_page;
+ }
+
// process any deleted entries
// NOTREACHED
}
+
+ $community_page = 0;
+ $rawtags = $feed->get_feed_tags( NAMESPACE_DFRN, 'community');
+ if($rawtags) {
+ $community_page = intval($rawtags[0]['data']);
+ }
+ if(intval($importer['forum']) != $community_page) {
+ q("update contact set forum = %d where id = %d limit 1",
+ intval($community_page),
+ intval($importer['id'])
+ );
+ $importer['forum'] = (string) $community_page;
+ }
logger('local_delivery: feed item count = ' . $feed->get_item_quantity());
'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , ATOM_TIME)) ,
'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , ATOM_TIME)) ,
'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , ATOM_TIME)) ,
- '$birthday' => $birthday
+ '$birthday' => $birthday,
+ '$community' => (($owner['page-flags'] == PAGE_COMMUNITY) ? '<dfrn:community>1</dfrn:community>' : '')
+
));
if($mail) {
$importer_uid = $contact['uid'];
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
+ $r = q("SELECT `contact`.*, `user`.`page-flags` FROM `contact` LEFT JOIN `user` on `contact`.`uid` = `user`.`uid` WHERE `user`.`uid` = %d AND `contact`.`self` = 1 LIMIT 1",
intval($importer_uid)
);
if(! count($r))
* Actually, important actions should not be triggered by Links / GET-Requests at all, but somethimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
*/
-function get_form_security_token($typename = "") {
+function get_form_security_token($typename = '') {
$a = get_app();
$timestamp = time();
- $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $timestamp . $typename);
+ $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
- return $timestamp . "." . $sec_hash;
+ return $timestamp . '.' . $sec_hash;
}
-function check_form_security_token($typename = "", $formname = 'form_security_token') {
+function check_form_security_token($typename = '', $formname = 'form_security_token') {
if (!x($_REQUEST, $formname)) return false;
$hash = $_REQUEST[$formname];
$a = get_app();
- $x = explode(".", $hash);
+ $x = explode('.', $hash);
if (time() > (IntVal($x[0]) + $max_livetime)) return false;
- $sec_hash = hash('whirlpool', $a->user["guid"] . $a->user["prvkey"] . session_id() . $x[0] . $typename);
+ $sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
return ($sec_hash == $x[1]);
}
function check_form_security_std_err_msg() {
return t('The form security token was not correct. This probably happened because the form has been opened for too long (>3 hours) before subitting it.') . EOL;
}
-function check_form_security_token_redirectOnErr($err_redirect, $typename = "", $formname = 'form_security_token') {
+function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
$a = get_app();
+ logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+ logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
notice( check_form_security_std_err_msg() );
goaway($a->get_baseurl() . $err_redirect );
}
}
-function check_form_security_token_ForbiddenOnErr($typename = "", $formname = 'form_security_token') {
+function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
if (!check_form_security_token($typename, $formname)) {
+ logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+ logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
header('HTTP/1.1 403 Forbidden');
killme();
}
$ptype = ((x($_POST,'type')) ? $_POST['type'] : '');
$dfrn_version = ((x($_POST,'dfrn_version')) ? (float) $_POST['dfrn_version'] : 2.0);
$perm = ((x($_POST,'perm')) ? $_POST['perm'] : 'r');
-
+
if($ptype === 'profile-check') {
if((strlen($challenge)) && (strlen($sec))) {
intval($contact_id)
);
}
- }
-
+ }
+
header("Content-type: application/atom+xml");
$o = get_feed_for($a,$dfrn_id, $a->argv[1], $last_update, $direction);
echo $o;
if($can_post && ($ph[0]['uid'] == $owner_uid)) {
$tools = array(
'edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . (($cmd === 'edit') ? '' : '/edit'), (($cmd === 'edit') ? t('View photo') : t('Edit photo'))),
- 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'], t('Use as profile photo')),
+ 'profile'=>array($a->get_baseurl() . '/profile_photo/use/'.$ph[0]['resource-id'] . '?form_security_token=' . get_form_security_token('profile_photo'), t('Use as profile photo')),
);
// lock
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
$hub
$salmon
+ $community
<updated>$feed_updated</updated>
<id>$feed_id</id>
<title>$feed_title</title>
- <generator uri="http://friendika.com" version="$version">Friendika</generator>
+ <generator uri="http://friendica.com" version="$version">Friendica</generator>
<link rel="license" href="http://creativecommons.org/licenses/by/3.0/" />
$hub
$salmon
+ $community
<updated>$feed_updated</updated>
projects / friendica.git / commitdiff