本文整理汇总了PHP中init_groups_visitor函数的典型用法代码示例。如果您正苦于以下问题:PHP init_groups_visitor函数的具体用法?PHP init_groups_visitor怎么用?PHP init_groups_visitor使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了init_groups_visitor函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: permissions_sql
function permissions_sql($owner_id, $remote_verified = false, $groups = null)
{
$local_user = local_user();
$remote_user = remote_user();
/**
* Construct permissions
*
* default permissions - anonymous user
*/
$sql = " AND allow_cid = '' \n\t\t\t AND allow_gid = '' \n\t\t\t AND deny_cid = '' \n\t\t\t AND deny_gid = '' \n\t";
/**
* Profile owner - everything is visible
*/
if ($local_user && $local_user == $owner_id) {
$sql = '';
} elseif ($remote_user) {
if (!$remote_verified) {
$r = q("SELECT id FROM contact WHERE id = %d AND uid = %d AND blocked = 0 LIMIT 1", intval($remote_user), intval($owner_id));
if (count($r)) {
$remote_verified = true;
$groups = init_groups_visitor($remote_user);
}
}
if ($remote_verified) {
$gs = '<<>>';
// should be impossible to match
if (is_array($groups) && count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql = sprintf(" AND ( allow_cid = '' OR allow_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( deny_cid = '' OR NOT deny_cid REGEXP '<%d>' ) \n\t\t\t\t AND ( allow_gid = '' OR allow_gid REGEXP '%s' )\n\t\t\t\t AND ( deny_gid = '' OR NOT deny_gid REGEXP '%s') \n\t\t\t\t", intval($remote_user), intval($remote_user), dbesc($gs), dbesc($gs));
}
}
return $sql;
}示例2: photos_content
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/upload/xxxxx (xxxxx is album name)
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once 'include/bbcode.php';
require_once 'include/security.php';
require_once 'include/conversation.php';
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$can_post = false;
$visitor = 0;
$contact = null;
$remote_contact = false;
$owner_uid = $a->data['user']['uid'];
$community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
if (local_user() && local_user() == $owner_uid) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$can_post = true;
$contact = $r[0];
$remote_contact = true;
$visitor = remote_user();
}
}
}
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval(remote_user()), intval($owner_uid));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
notice(t('Access to this item is restricted.') . EOL);
return;
}
$sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
$o = "";
// tabs
$_is_owner = local_user() && local_user() == $owner_uid;
$o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
//
// dispatch request
//
if ($datatype === 'upload') {
if (!$can_post) {
notice(t('Permission denied.'));
return;
}
$selname = $datum ? hex2bin($datum) : '';
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '> </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
continue;
//.........这里部分代码省略.........
示例3: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0, $forpubsub = false)
{
$sitefeed = strlen($owner_nick) ? false : true;
// not yet implemented, need to rewrite huge chunks of following logic
$public_feed = $dfrn_id ? false : true;
$starred = false;
// not yet implemented, possible security issues
$converse = false;
if ($public_feed && $a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if ($a->argv[$x] == 'converse') {
$converse = true;
}
if ($a->argv[$x] == 'starred') {
$starred = true;
}
if ($a->argv[$x] === 'category' && $a->argc > $x + 1 && strlen($a->argv[$x + 1])) {
$category = $a->argv[$x + 1];
}
}
}
// default permissions - anonymous user
$sql_extra = " AND `item`.`allow_cid` = '' AND `item`.`allow_gid` = '' AND `item`.`deny_cid` = '' AND `item`.`deny_gid` = '' ";
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`, `user`.`page-flags`\n\t\tFROM `contact` INNER JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick));
if (!count($r)) {
killme();
}
$owner = $r[0];
$owner_id = $owner['user_uid'];
$owner_nick = $owner['nickname'];
$birthday = feed_birthday($owner_id, $owner['timezone']);
$sql_post_table = "";
$visibility = "";
if (!$public_feed) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
return false;
break;
// NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id));
if (!count($r)) {
killme();
}
$contact = $r[0];
require_once 'include/security.php';
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf("\n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' )\n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' )\n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s')\n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($public_feed) {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
// Include answers to status.net posts in pubsub feeds
if ($forpubsub) {
$sql_post_table = "INNER JOIN `thread` ON `thread`.`iid` = `item`.`parent`\n\t\t\t\tLEFT JOIN `item` AS `thritem` ON `thritem`.`uri`=`item`.`thr-parent` AND `thritem`.`uid`=`item`.`uid`";
$visibility = sprintf("AND (`item`.`parent` = `item`.`id`) OR (`item`.`network` = '%s' AND ((`thread`.`network`='%s') OR (`thritem`.`network` = '%s')))", dbesc(NETWORK_DFRN), dbesc(NETWORK_OSTATUS), dbesc(NETWORK_OSTATUS));
$date_field = "`received`";
$sql_order = "`item`.`received` DESC";
} else {
$date_field = "`changed`";
$sql_order = "`item`.`parent` " . $sort . ", `item`.`created` ASC";
}
if (!strlen($last_update)) {
$last_update = 'now -30 days';
}
if (isset($category)) {
$sql_post_table = sprintf("INNER JOIN (SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d ORDER BY `tid` DESC) AS `term` ON `item`.`id` = `term`.`oid` ", dbesc(protect_sprintf($category)), intval(TERM_OBJ_POST), intval(TERM_CATEGORY), intval($owner_id));
//$sql_extra .= file_tag_file_query('item',$category,'category');
}
if ($public_feed) {
if (!$converse) {
$sql_extra .= " AND `contact`.`self` = 1 ";
}
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
// AND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )
//.........这里部分代码省略.........
示例4: display_content
function display_content(&$a, $update = 0)
{
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
$o = '';
$a->page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array());
if ($update) {
$nick = $_REQUEST['nick'];
} else {
$nick = $a->argc > 1 ? $a->argv[1] : '';
}
if ($update) {
$item_id = $_REQUEST['item_id'];
$a->profile = array('uid' => intval($update), 'profile_uid' => intval($update));
} else {
$item_id = $a->argc > 2 ? $a->argv[2] : 0;
if ($a->argc == 2) {
$nick = "";
if (local_user()) {
$r = q("SELECT `id` FROM `item`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `guid` = '%s' AND `uid` = %d", $a->argv[1], local_user());
if (count($r)) {
$item_id = $r[0]["id"];
$nick = $a->user["nickname"];
}
}
if ($nick == "") {
$r = q("SELECT `user`.`nickname`, `item`.`id` FROM `item` INNER JOIN `user` ON `user`.`uid` = `item`.`uid`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\t\t\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\t\t\t\tAND `item`.`private` = 0 AND NOT `user`.`hidewall`\n\t\t\t\t\t\tAND `item`.`guid` = '%s'", $a->argv[1]);
// AND `item`.`private` = 0 AND `item`.`wall` = 1
if (count($r)) {
$item_id = $r[0]["id"];
$nick = $r[0]["nickname"];
}
}
if ($nick == "") {
$r = q("SELECT `item`.`id` FROM `item`\n\t\t\t\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\t\t\tAND `item`.`allow_cid` = '' AND `item`.`allow_gid` = ''\n\t\t\t\t\t\tAND `item`.`deny_cid` = '' AND `item`.`deny_gid` = ''\n\t\t\t\t\t\tAND `item`.`private` = 0 AND `item`.`uid` = 0\n\t\t\t\t\t\tAND `item`.`guid` = '%s'", $a->argv[1]);
// AND `item`.`private` = 0 AND `item`.`wall` = 1
if (count($r)) {
$item_id = $r[0]["id"];
}
}
}
}
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.') . EOL);
return;
}
$groups = array();
$contact = null;
$remote_contact = false;
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['uid']) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['uid']));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($a->profile['uid']));
if (count($r)) {
$a->page_contact = $r[0];
}
$is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false;
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
if ($is_owner) {
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
$x = array('is_owner' => true, 'allow_location' => $a->user['allow_location'], 'default_location' => $a->user['default-location'], 'nickname' => $a->user['nickname'], 'lockstate' => is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'acl' => populate_acl($a->user, $celeb), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user(), 'acl_data' => construct_acl_data($a, $a->user));
$o .= status_editor($a, $x, 0, true);
}
$sql_extra = item_permissions_sql($a->profile['uid'], $remote_contact, $groups);
// AND `item`.`parent` = ( SELECT `parent` FROM `item` FORCE INDEX (PRIMARY, `uri`) WHERE ( `id` = '%s' OR `uri` = '%s' ))
if ($update) {
$r = q("SELECT id FROM item WHERE item.uid = %d\n\t\t AND `item`.`parent` = (SELECT `parent` FROM `item` WHERE (`id` = '%s' OR `uri` = '%s'))\n\t\t {$sql_extra} AND unseen = 1", intval($a->profile['uid']), dbesc($item_id), dbesc($item_id));
if (!$r) {
return '';
}
//.........这里部分代码省略.........
示例5: Verify
//.........这里部分代码省略.........
return true;
} else {
logger('already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($this->test) {
$this->Debug('already logged in locally with a conflicting identity.');
return false;
}
}
return false;
}
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the
// site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a
// generic zot packet with a sender which can be verified
$p = zot_build_packet($channel, $type = 'auth_check', array(array('guid' => $hubloc['hubloc_guid'], 'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], $this->sec);
$this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']);
$this->Debug('packet contents: ' . $p);
$result = zot_zot($hubloc['hubloc_callback'], $p);
if (!$result['success']) {
logger('auth_check callback failed.');
if ($this->test) {
$this->Debug('auth check request to your site returned .' . print_r($result, true));
}
return false;
}
$j = json_decode($result['body'], true);
if (!$j) {
logger('auth_check json data malformed.');
if ($this->test) {
$this->Debug('json malformed: ' . $result['body']);
}
return false;
}
$this->Debug('auth check request returned .' . print_r($j, true));
if (!$j['success']) {
return false;
}
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($this->sec . $hubloc['xchan_hash'], base64url_decode($j['confirm']), $hubloc['xchan_pubkey'])) {
logger('final confirmation failed.');
if ($this->test) {
$this->Debug('final confirmation failed. ' . $sec . print_r($j, true) . print_r($hubloc, true));
}
return false;
}
if (array_key_exists('service_class', $j)) {
$this->remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$this->remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$this->dnt = $j['DNT'];
}
// log them in
if ($this->test) {
// testing only - return the success result
$this->test_results['success'] = true;
$this->Debug('Authentication Success!');
$this->Finalise();
}
$_SESSION['authenticated'] = 1;
// check for delegation and if all is well, log them in locally with delegation restrictions
$this->delegate_success = false;
if ($this->delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", dbesc($this->delegate));
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'], $hubloc['xchan_hash'], 'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $hubloc['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once 'include/security.php';
// this will set the local_channel authentication in the session
change_channel($r[0]['channel_id']);
$this->delegate_success = true;
}
}
}
if (!$this->delegate_success) {
// normal visitor (remote_channel) login session credentials
$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
$_SESSION['my_url'] = $hubloc['xchan_url'];
$_SESSION['my_address'] = $this->address;
$_SESSION['remote_service_class'] = $this->remote_service_class;
$_SESSION['remote_level'] = $this->remote_level;
$_SESSION['remote_hub'] = $this->remote_hub;
$_SESSION['DNT'] = $this->dnt;
}
$arr = array('xchan' => $hubloc, 'url' => $this->desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
\App::set_observer($hubloc);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $hubloc['xchan_name']));
logger('mod_zot: auth success from ' . $hubloc['xchan_addr']);
$this->success = true;
return true;
}示例6: post_init
//.........这里部分代码省略.........
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($sec . $xx['xchan_hash'], base64url_decode($j['confirm']), $xx['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j, true) . print_r($xx, true);
continue;
}
continue;
}
if (array_key_exists('service_class', $j)) {
$remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$DNT = $j['DNT'];
}
}
// everything is good... maybe
if (local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $xx['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
continue;
}
}
continue;
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$delegation_success = false;
if ($delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", dbesc($delegate));
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'], $xx['xchan_hash'], 'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $xx['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once 'include/security.php';
change_channel($r[0]['channel_id']);
$delegation_success = true;
}
}
}
$_SESSION['authenticated'] = 1;
if (!$delegation_success) {
$_SESSION['visitor_id'] = $xx['xchan_hash'];
$_SESSION['my_url'] = $xx['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
}
$arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
$a->set_observer($xx);
require_once 'include/security.php';
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $xx['xchan_name']));
logger('mod_zot: auth success from ' . $xx['xchan_addr']);
} else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
continue;
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']);
}
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
continue;
}
}
/**
* @FIXME we really want to save the return_url in the session before we
* visit rmagic. This does however prevent a recursion if you visit
* rmagic directly, as it would otherwise send you back here again.
* But z_root() probably isn't where you really want to go.
*/
if (strstr($desturl, z_root() . '/rmagic')) {
goaway(z_root());
}
if ($test) {
json_return_and_die($ret);
}
goaway($desturl);
}
}示例7: public_permissions_sql
function public_permissions_sql($observer_hash)
{
$observer = get_app()->get_observer();
$groups = init_groups_visitor($observer_hash);
$gs = '<<>>';
// should be impossible to match
if (is_array($groups) && count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . $g . '>';
}
}
$sql = '';
if ($observer_hash) {
$sql = sprintf(" OR (( NOT (deny_cid like '%s' OR deny_gid REGEXP '%s')\n\t\t\t AND ( allow_cid like '%s' OR allow_gid REGEXP '%s' OR ( allow_cid = '' AND allow_gid = '') )\n\t\t\t ))\n\t\t\t", dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs), dbesc(protect_sprintf('%<' . $observer_hash . '>%')), dbesc($gs));
}
return $sql;
}示例8: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update)
{
require_once 'bbcode.php';
// default permissions - anonymous user
$sql_extra = " \n\t\tAND `allow_cid` = '' \n\t\tAND `allow_gid` = '' \n\t\tAND `deny_cid` = '' \n\t\tAND `deny_gid` = '' \n\t";
if (strlen($owner_id) && !intval($owner_id)) {
$r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1", dbesc($owner_id));
if (count($r)) {
$owner_id = $r[0]['uid'];
$owner_nick = $r[0]['nickname'];
}
}
$r = q("SELECT * FROM `contact` WHERE `self` = 1 LIMIT 1");
if (count($r)) {
$owner = $r[0];
} else {
killme();
}
if ($dfrn_id != '*') {
$r = q("SELECT * FROM `contact` WHERE ( `issued-id` = '%s' OR ( `duplex` = 1 AND `dfrn-id` = '%s' )) LIMIT 1", dbesc($dfrn_id), dbesc($dfrn_id));
if (!count($r)) {
return false;
}
$contact = $r[0];
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf(" \n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') \n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($dfrn_id == '' || $dfrn_id == '*') {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
if (!strlen($last_update)) {
$last_update = 'now - 30 days';
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `contact-id`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 \n\t\tAND NOT `item`.`type` IN ( 'remote', 'net-comment' ) AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )\n\t\t{$sql_extra}\n\t\tORDER BY `parent` %s, `created` ASC LIMIT 0, 300", dbesc($check_date), dbesc($check_date), dbesc($sort));
if (!count($r)) {
killme();
}
$items = $r;
$feed_template = file_get_contents('view/atom_feed.tpl');
$tomb_template = file_get_contents('view/atom_tomb.tpl');
$item_template = file_get_contents('view/atom_item.tpl');
$cmnt_template = file_get_contents('view/atom_cmnt.tpl');
$atom = '';
$atom .= replace_macros($feed_template, array('$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', 'Y-m-d\\TH:i:s\\Z'))));
foreach ($items as $item) {
// public feeds get html, our own nodes use bbcode
if ($dfrn_id == '*') {
$item['body'] = bbcode($item['body']);
$type = 'html';
} else {
$type = 'text';
}
if ($item['deleted']) {
$atom .= replace_macros($tomb_template, array('$id' => xmlify($item['uri']), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z'))));
} else {
$verb = construct_verb($item);
$actobj = construct_activity($item);
if ($item['parent'] == $item['id']) {
$atom .= replace_macros($item_template, array('$name' => xmlify($item['name']), '$profile_page' => xmlify($item['url']), '$thumb' => xmlify($item['thumb']), '$owner_name' => xmlify($item['owner-name']), '$owner_profile_page' => xmlify($item['owner-link']), '$owner_thumb' => xmlify($item['owner-avatar']), '$item_id' => xmlify($item['uri']), '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$location' => xmlify($item['location']), '$type' => $type, '$content' => xmlify($item['body']), '$verb' => xmlify($verb), '$actobj' => $actobj, '$comment_allow' => $item['last-child'] && strlen($contact['dfrn-id']) ? 1 : 0));
} else {
$atom .= replace_macros($cmnt_template, array('$name' => xmlify($item['name']), '$profile_page' => xmlify($item['url']), '$thumb' => xmlify($item['thumb']), '$item_id' => xmlify($item['uri']), '$title' => xmlify($item['title']), '$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00', 'Y-m-d\\TH:i:s\\Z')), '$type' => $type, '$content' => xmlify($item['body']), '$verb' => xmlify($verb), '$actobj' => $actobj, '$parent_id' => xmlify($item['parent-uri']), '$comment_allow' => $item['last-child'] ? 1 : 0));
}
}
}
$atom .= '</feed>' . "\r\n";
return $atom;
}示例9: post_init
//.........这里部分代码省略.........
$result = zot_zot($x[0]['hubloc_callback'], $p);
if (!$result['success']) {
logger('mod_zot: auth_check callback failed.');
if ($test) {
$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
json_return_and_die($ret);
}
goaway($desturl);
}
$j = json_decode($result['body'], true);
if (!$j) {
logger('mod_zot: auth_check json data malformed.');
if ($test) {
$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
json_return_and_die($ret);
}
}
}
if ($test) {
$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
}
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (!rsa_verify($sec . $x[0]['xchan_hash'], base64url_decode($j['confirm']), $x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j, true) . print_r($x[0], true);
json_return_and_die($ret);
}
goaway($desturl);
}
if (array_key_exists('service_class', $j)) {
$remote_service_class = $j['service_class'];
}
if (array_key_exists('level', $j)) {
$remote_level = $j['level'];
}
if (array_key_exists('DNT', $j)) {
$DNT = $j['DNT'];
}
}
// everything is good... maybe
if (local_user()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice(t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
json_return_and_die($ret);
}
}
goaway($desturl);
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success', $arr);
$a->set_observer($x[0]);
require_once 'include/security.php';
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $x[0]['xchan_name']));
logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_WORKS), intval($x[0]['hubloc_id']));
} else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
json_return_and_die($ret);
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_id = %d ", intval(HUBLOC_RECEIVE_ERROR), intval($x[0]['hubloc_id']));
}
// FIXME - we really want to save the return_url in the session before we visit rmagic.
// This does however prevent a recursion if you visit rmagic directly, as it would otherwise send you back here again.
// But z_root() probably isn't where you really want to go.
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST, true) . print_r($j, true) . EOL;
json_return_and_die($ret);
}
if (strstr($desturl, z_root() . '/rmagic')) {
goaway(z_root());
}
goaway($desturl);
}
return;
}示例10: get_feed_for
function get_feed_for(&$a, $dfrn_id, $owner_nick, $last_update, $direction = 0)
{
// default permissions - anonymous user
if (!strlen($owner_nick)) {
killme();
}
$public_feed = $dfrn_id ? false : true;
$starred = false;
$converse = false;
if ($public_feed && $a->argc > 2) {
for ($x = 2; $x < $a->argc; $x++) {
if ($a->argv[$x] == 'converse') {
$converse = true;
}
if ($a->argv[$x] == 'starred') {
$starred = true;
}
}
}
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
$r = q("SELECT `contact`.*, `user`.`uid` AS `user_uid`, `user`.`nickname`, `user`.`timezone`\n\t\tFROM `contact` LEFT JOIN `user` ON `user`.`uid` = `contact`.`uid`\n\t\tWHERE `contact`.`self` = 1 AND `user`.`nickname` = '%s' LIMIT 1", dbesc($owner_nick));
if (!count($r)) {
killme();
}
$owner = $r[0];
$owner_id = $owner['user_uid'];
$owner_nick = $owner['nickname'];
$birthday = feed_birthday($owner_id, $owner['timezone']);
if (!$public_feed) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", dbesc($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", dbesc($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
return false;
break;
// NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `contact`.`uid` = %d {$sql_extra} LIMIT 1", intval($owner_id));
if (!count($r)) {
killme();
}
$contact = $r[0];
$groups = init_groups_visitor($contact['id']);
if (count($groups)) {
for ($x = 0; $x < count($groups); $x++) {
$groups[$x] = '<' . intval($groups[$x]) . '>';
}
$gs = implode('|', $groups);
} else {
$gs = '<<>>';
}
// Impossible to match
$sql_extra = sprintf(" \n\t\t\tAND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\tAND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\tAND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') \n\t\t", intval($contact['id']), intval($contact['id']), dbesc($gs), dbesc($gs));
}
if ($public_feed) {
$sort = 'DESC';
} else {
$sort = 'ASC';
}
if (!strlen($last_update)) {
$last_update = 'now -30 days';
}
if ($public_feed) {
if (!$converse) {
$sql_extra .= " AND `contact`.`self` = 1 ";
}
}
$check_date = datetime_convert('UTC', 'UTC', $last_update, 'Y-m-d H:i:s');
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`name-date`, `contact`.`uri-date`, `contact`.`avatar-date`,\n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `contact-id`, `contact`.`uid` AS `contact-uid`,\n\t\t`sign`.`signed_text`, `sign`.`signature`, `sign`.`signer`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tLEFT JOIN `sign` ON `sign`.`iid` = `item`.`id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`parent` != 0 \n\t\tAND `item`.`wall` = 1 AND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND ( `item`.`edited` > '%s' OR `item`.`changed` > '%s' )\n\t\t{$sql_extra}\n\t\tORDER BY `parent` %s, `created` ASC LIMIT 0, 300", intval($owner_id), dbesc($check_date), dbesc($check_date), dbesc($sort));
// Will check further below if this actually returned results.
// We will provide an empty feed if that is the case.
$items = $r;
$feed_template = get_markup_template($dfrn_id ? 'atom_feed_dfrn.tpl' : 'atom_feed.tpl');
$atom = '';
$hubxml = feed_hublinks();
$salmon = feed_salmonlinks($owner_nick);
$atom .= replace_macros($feed_template, array('$version' => xmlify(FRIENDICA_VERSION), '$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick), '$feed_title' => xmlify($owner['name']), '$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)), '$hub' => $hubxml, '$salmon' => $salmon, '$name' => xmlify($owner['name']), '$profile_page' => xmlify($owner['url']), '$photo' => xmlify($owner['photo']), '$thumb' => xmlify($owner['thumb']), '$picdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['avatar-date'] . '+00:00', ATOM_TIME)), '$uridate' => xmlify(datetime_convert('UTC', 'UTC', $owner['uri-date'] . '+00:00', ATOM_TIME)), '$namdate' => xmlify(datetime_convert('UTC', 'UTC', $owner['name-date'] . '+00:00', ATOM_TIME)), '$birthday' => strlen($birthday) ? '<dfrn:birthday>' . xmlify($birthday) . '</dfrn:birthday>' : ''));
call_hooks('atom_feed', $atom);
if (!count($items)) {
call_hooks('atom_feed_end', $atom);
$atom .= '</feed>' . "\r\n";
return $atom;
}
foreach ($items as $item) {
// public feeds get html, our own nodes use bbcode
if ($public_feed) {
$type = 'html';
// catch any email that's in a public conversation and make sure it doesn't leak
if ($item['private']) {
//.........这里部分代码省略.........
示例11: profile_content
function profile_content(&$a, $update = false)
{
require_once "include/bbcode.php";
require_once 'include/security.php';
$groups = array();
$tab = 'posts';
if (remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1", intval($contact_id));
if (count($r)) {
$contact = $r[0];
}
} else {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$a->profile['profile_uid'] = 1;
if (!$update) {
if (x($_GET, 'tab')) {
$tab = notags(trim($_GET['tab']));
}
$tpl = file_get_contents('view/profile_tabs.tpl');
$o .= replace_macros($tpl, array('$url' => $a->get_baseurl() . '/' . $a->cmd, '$phototab' => $a->get_baseurl() . '/photos/' . $a->profile['nickname']));
if ($tab == 'profile') {
require_once 'view/profile_advanced.php';
return $o;
}
if (can_write_wall($a, 1)) {
$tpl = file_get_contents('view/jot-header.tpl');
$a->page['htmlhead'] .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl()));
require_once 'view/acl_selectors.php';
$tpl = file_get_contents("view/jot.tpl");
if (is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid']))) {
$lockstate = 'lock';
} else {
$lockstate = 'unlock';
}
$o .= replace_macros($tpl, array('$baseurl' => $a->get_baseurl(), '$defloc' => $_SESSION['uid'] == 1 ? $a->user['default-location'] : '', '$return_path' => $a->cmd, '$visitor' => $_SESSION['uid'] == 1 ? 'block' : 'none', '$lockstate' => $lockstate, '$acl' => $_SESSION['uid'] == 1 ? populate_acl($a->user) : '', '$profile_uid' => 1));
}
if ($tab == 'posts' && !$a->pager['start']) {
$o .= '<div id="live-profile"></div>' . "\r\n";
}
}
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
// Profile owner - everything is visible
if (local_user()) {
$sql_extra = '';
// Oh - while we're here... reset the Unseen messages
$r = q("UPDATE `item` SET `unseen` = 0 WHERE `type` != 'remote' AND `unseen` = 1 ");
} elseif (remote_user()) {
$gs = '<<>>';
// should be impossible to match
if (count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql_extra = sprintf(" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\t AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), dbesc($gs), dbesc($gs));
}
$r = q("SELECT COUNT(*) AS `total`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND `type` != 'remote') \n\t\t{$sql_extra} ");
if (count($r)) {
$a->set_pager_total($r[0]['total']);
}
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, \n\t\t`contact`.`thumb`, `contact`.`dfrn-id`, `contact`.`self`, \n\t\t`contact`.`id` AS `cid`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND `item`.`parent` IN ( SELECT `parent` FROM `item` WHERE `id` = `parent` AND `type` != 'remote') \n\t\t{$sql_extra}\n\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", intval($a->pager['start']), intval($a->pager['itemspage']));
$cmnt_tpl = file_get_contents('view/comment_item.tpl');
$tpl = file_get_contents('view/wall_item.tpl');
if ($update) {
$return_url = $_SESSION['return_url'];
} else {
$return_url = $_SESSION['return_url'] = $a->cmd;
}
if (count($r)) {
foreach ($r as $item) {
$comment = '';
$template = $tpl;
$redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
if (can_write_wall($a, 1)) {
if ($item['last-child']) {
$comment = replace_macros($cmnt_tpl, array('$return_path' => $_SESSION['return_url'], '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => 1, '$mylink' => $contact['url'], '$mytitle' => t('Me'), '$myphoto' => $contact['thumb'], '$ww' => ''));
}
}
$profile_url = $item['url'];
// This is my profile but I'm not the author of this post/comment. If it's somebody that's a fan or mutual friend,
// I can go directly to their profile as an authenticated guest.
if (local_user() && ($item['rel'] == DIRECTION_IN || $item['rel'] == DIRECTION_BOTH) && !$item['self']) {
$profile_url = $redirect_url;
}
// We received this post via a remote feed. It's either a wall-to-wall or a remote comment. The author is
// known to us and is reflected in the contact-id for this item. We can use the contact url or redirect rather than
// use the link in the feed. This is different than on the network page where we may not know the author.
$profile_name = strlen($item['author-name']) ? $item['author-name'] : $item['name'];
$profile_avatar = strlen($item['author-avatar']) ? $item['author-avatar'] : $item['thumb'];
$profile_link = $profile_url;
$drop = '';
if ($item['contact-id'] == $_SESSION['visitor_id'] || $_SESSION['uid']) {
$drop = replace_macros(file_get_contents('view/wall_item_drop.tpl'), array('$id' => $item['id']));
//.........这里部分代码省略.........
示例12: photo_init
function photo_init(&$a)
{
switch ($a->argc) {
case 3:
$person = $a->argv[2];
$type = $a->argv[1];
break;
case 2:
$photo = $a->argv[1];
break;
case 1:
default:
killme();
return;
// NOTREACHED
}
if (x($type)) {
switch ($type) {
case 'profile':
$resolution = 4;
break;
case 'avatar':
default:
$resolution = 5;
break;
}
$uid = str_replace('.jpg', '', $person);
$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `profile` = 1 LIMIT 1", intval($resolution));
if (count($r)) {
$data = $r[0]['data'];
}
if (x($data) === false) {
$data = file_get_contents($resolution == 5 ? 'images/default-profile-sm.jpg' : 'images/default-profile.jpg');
}
} else {
$resolution = 0;
$photo = str_replace('.jpg', '', $photo);
if (substr($photo, -2, 1) == '-') {
$resolution = intval(substr($photo, -1, 1));
$photo = substr($photo, 0, -2);
}
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
if (local_user()) {
// Owner can always see his/her photos
$sql_extra = '';
} elseif (remote_user()) {
// authenticated visitor - here lie dragons
$groups = init_groups_visitor($_SESSION['visitor_id']);
$gs = '<<>>';
// should be impossible to match
if (count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql_extra = sprintf(" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\t\t\t AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\t\t\t AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\t\t\t AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), dbesc($gs), dbesc($gs));
}
// Now we'll see if we can access the photo
$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d {$sql_extra} LIMIT 1", dbesc($photo), intval($resolution));
if (count($r)) {
$data = $r[0]['data'];
}
}
if (x($data) === false) {
killme();
return;
// NOTREACHED
}
header("Content-type: image/jpeg");
header('Expires: ' . datetime_convert('UTC', 'UTC', 'now + 3 months', 'D, d M Y H:i:s' . ' GMT'));
// header("Cache-Control: max-age=36000, only-if-cached");
echo $data;
killme();
return;
//NOTREACHED
}示例13: display_content
function display_content(&$a)
{
if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
notice(t('Public access denied.') . EOL);
return;
}
require_once "include/bbcode.php";
require_once 'include/security.php';
require_once 'include/conversation.php';
require_once 'include/acl_selectors.php';
$o = '<div id="live-display"></div>' . "\r\n";
$a->page['htmlhead'] .= <<<EOT
<script>
\$(document).ready(function() {
\t\$(".comment-edit-wrapper textarea").contact_autocomplete(baseurl+"/acl");
\t// make auto-complete work in more places
\t\$(".wall-item-comment-wrapper textarea").contact_autocomplete(baseurl+"/acl");
});
</script>
EOT;
$nick = $a->argc > 1 ? $a->argv[1] : '';
profile_load($a, $nick);
$item_id = $a->argc > 2 ? intval($a->argv[2]) : 0;
if (!$item_id) {
$a->error = 404;
notice(t('Item not found.') . EOL);
return;
}
$groups = array();
$contact = null;
$remote_contact = false;
if (remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($a->profile['uid']));
if (count($r)) {
$contact = $r[0];
$remote_contact = true;
}
}
if (!$remote_contact) {
if (local_user()) {
$contact_id = $_SESSION['cid'];
$contact = $a->contact;
}
}
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", intval($a->profile['uid']));
if (count($r)) {
$a->page_contact = $r[0];
}
$is_owner = local_user() && local_user() == $a->profile['profile_uid'] ? true : false;
if ($a->profile['hidewall'] && !$is_owner && !$remote_contact) {
notice(t('Access to this profile has been restricted.') . EOL);
return;
}
if ($is_owner) {
$celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
}
$x = array('is_owner' => true, 'allow_location' => $a->user['allow_location'], 'default_location' => $a->user['default-location'], 'nickname' => $a->user['nickname'], 'lockstate' => is_array($a->user) && (strlen($a->user['allow_cid']) || strlen($a->user['allow_gid']) || strlen($a->user['deny_cid']) || strlen($a->user['deny_gid'])) ? 'lock' : 'unlock', 'acl' => populate_acl($a->user, $celeb), 'bang' => '', 'visitor' => 'block', 'profile_uid' => local_user());
$o .= status_editor($a, $x, 0, true);
$sql_extra = item_permissions_sql($a->profile['uid'], $remote_contact, $groups);
$r = q("SELECT `item`.*, `item`.`id` AS `item_id`, \n\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`rel`,\n\t\t`contact`.`network`, `contact`.`thumb`, `contact`.`self`, `contact`.`writable`, \n\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\tWHERE `item`.`uid` = %d AND `item`.`visible` = 1 AND `item`.`deleted` = 0\n\t\tand `item`.`moderated` = 0\n\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\tAND `item`.`parent` = ( SELECT `parent` FROM `item` WHERE ( `id` = '%s' OR `uri` = '%s' ))\n\t\t{$sql_extra}\n\t\tORDER BY `parent` DESC, `gravity` ASC, `id` ASC ", intval($a->profile['uid']), dbesc($item_id), dbesc($item_id));
if (count($r)) {
if (local_user() && local_user() == $a->profile['uid']) {
q("UPDATE `item` SET `unseen` = 0 \n\t\t\t\tWHERE `parent` = %d AND `unseen` = 1", intval($r[0]['parent']));
}
$o .= conversation($a, $r, 'display', false);
} else {
$r = q("SELECT `id` FROM `item` WHERE `id` = '%s' OR `uri` = '%s' LIMIT 1", dbesc($item_id), dbesc($item_id));
if (count($r)) {
if ($r[0]['deleted']) {
notice(t('Item has been removed.') . EOL);
} else {
notice(t('Permission denied.') . EOL);
}
} else {
notice(t('Item not found.') . EOL);
}
}
return $o;
}示例14: photos_content
function photos_content(&$a)
{
// URLs:
// photos/name
// photos/name/upload
// photos/name/album/xxxxx
// photos/name/album/xxxxx/edit
// photos/name/image/xxxxx
// photos/name/image/xxxxx/edit
if (!x($a->data, 'user')) {
notice(t('No photos selected') . EOL);
return;
}
$_SESSION['photo_return'] = $a->cmd;
//
// Parse arguments
//
if ($a->argc > 3) {
$datatype = $a->argv[2];
$datum = $a->argv[3];
} elseif ($a->argc > 2 && $a->argv[2] == 'upload') {
$datatype = 'upload';
} else {
$datatype = 'summary';
}
if ($a->argc > 4) {
$cmd = $a->argv[4];
} else {
$cmd = 'view';
}
//
// Setup permissions structures
//
$owner_uid = $a->data['user']['uid'];
if (remote_user()) {
$contact_id = $_SESSION['visitor_id'];
$groups = init_groups_visitor($contact_id);
}
// default permissions - anonymous user
$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
// Profile owner - everything is visible
if (local_user() && $_SESSION['uid'] == $owner_uid) {
$sql_extra = '';
} elseif (remote_user()) {
// authenticated visitor - here lie dragons
$gs = '<<>>';
// should be impossible to match
if (count($groups)) {
foreach ($groups as $g) {
$gs .= '|<' . intval($g) . '>';
}
}
$sql_extra = sprintf(" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `deny_cid` = '' OR NOT `deny_cid` REGEXP '<%d>' ) \n\t\t\t AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )\n\t\t\t AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ", intval($_SESSION['visitor_id']), intval($_SESSION['visitor_id']), dbesc($gs), dbesc($gs));
}
//
// dispatch request
//
if ($datatype == 'upload') {
if (!(local_user() && $_SESSION['uid'] == $a->data['user']['uid'])) {
notice(t('Permission denied.'));
return;
}
$albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
$albumselect .= '<option value="" selected="selected" > </option>';
if (count($a->data['albums'])) {
foreach ($a->data['albums'] as $album) {
if ($album['album'] == '' || $album['album'] == t('Contact Photos')) {
continue;
}
$albumselect .= '<option value="' . $album['album'] . '">' . $album['album'] . '</option>';
}
}
$albumselect .= '</select>';
$tpl = file_get_contents('view/photos_upload.tpl');
$o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$filestext' => t('Select files to upload: '), '$albumselect' => $albumselect, '$permissions' => t('Permissions'), '$aclselect' => populate_acl($a->user), '$archive' => $a->get_baseurl() . '/jumploader_z.jar', '$nojava' => t('Use the following controls only if the Java uploader (above) fails to launch.'), '$uploadurl' => $a->get_baseurl() . '/photos', '$submit' => t('Submit')));
return $o;
}
if ($datatype == 'album') {
$album = hex2bin($datum);
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `album` = '%s' \n\t\t\t{$sql_extra} GROUP BY `resource-id`", dbesc($album));
if (count($r)) {
$a->set_pager_total(count($r));
}
$r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `album` = '%s' \n\t\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage']));
$o .= '<h3>' . $album . '</h3>';
if ($cmd == 'edit') {
if ($album != t('Profile Photos') && $album != t('Contact Photos')) {
if (local_user() && $_SESSION['uid'] == $a->data['user']['uid']) {
$edit_tpl = file_get_contents('view/album_edit.tpl');
$o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$album' => $album, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
}
}
} else {
if ($album != t('Profile Photos') && $album != t('Contact Photos')) {
if (local_user() && $_SESSION['uid'] == $a->data['user']['uid']) {
$o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
}
}
}
$tpl = file_get_contents('view/photo_album.tpl');
//.........这里部分代码省略.........
示例15: get
function get()
{
$noid = get_config('system', 'disable_openid');
if ($noid) {
goaway(z_root());
}
logger('mod_openid ' . print_r($_REQUEST, true), LOGGER_DATA);
if (x($_REQUEST, 'openid_mode')) {
$openid = new LightOpenID(z_root());
if ($openid->validate()) {
logger('openid: validate');
$authid = normalise_openid($_REQUEST['openid_identity']);
if (!strlen($authid)) {
logger(t('OpenID protocol error. No ID returned.') . EOL);
goaway(z_root());
}
$x = match_openid($authid);
if ($x) {
$r = q("select * from channel where channel_id = %d limit 1", intval($x));
if ($r) {
$y = q("select * from account where account_id = %d limit 1", intval($r[0]['channel_account_id']));
if ($y) {
foreach ($y as $record) {
if ($record['account_flags'] == ACCOUNT_OK || $record['account_flags'] == ACCOUNT_UNVERIFIED) {
logger('mod_openid: openid success for ' . $x[0]['channel_name']);
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
authenticate_success($record, $r[0], true, true, true, true);
goaway(z_root());
}
}
}
}
}
// Successful OpenID login - but we can't match it to an existing account.
// See if they've got an xchan
$r = q("select * from xconfig left join xchan on xchan_hash = xconfig.xchan where cat = 'system' and k = 'openid' and v = '%s' limit 1", dbesc($authid));
if ($r) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['xchan_hash'];
$_SESSION['my_url'] = $r[0]['xchan_url'];
$_SESSION['my_address'] = $r[0]['xchan_addr'];
$arr = array('xchan' => $r[0], 'session' => $_SESSION);
call_hooks('magic_auth_openid_success', $arr);
\App::set_observer($r[0]);
require_once 'include/security.php';
\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf(t('Welcome %s. Remote authentication successful.'), $r[0]['xchan_name']));
logger('mod_openid: remote auth success from ' . $r[0]['xchan_addr']);
if ($_SESSION['return_url']) {
goaway($_SESSION['return_url']);
}
goaway(z_root());
}
// no xchan...
// create one.
// We should probably probe the openid url and figure out if they have any kind of
// social presence we might be able to scrape some identifying info from.
$name = $authid;
$url = trim($_REQUEST['openid_identity'], '/');
if (strpos($url, 'http') === false) {
$url = 'https://' . $url;
}
$pphoto = z_root() . '/' . get_default_profile_photo();
$parsed = @parse_url($url);
if ($parsed) {
$host = $parsed['host'];
}
$attr = $openid->getAttributes();
if (is_array($attr) && count($attr)) {
foreach ($attr as $k => $v) {
if ($k === 'namePerson/friendly') {
$nick = notags(trim($v));
}
if ($k === 'namePerson/first') {
$first = notags(trim($v));
}
if ($k === 'namePerson') {
$name = notags(trim($v));
}
if ($k === 'contact/email') {
$addr = notags(trim($v));
}
if ($k === 'media/image/aspect11') {
$photosq = trim($v);
}
if ($k === 'media/image/default') {
$photo_other = trim($v);
}
}
}
if (!$nick) {
if ($first) {
$nick = $first;
} else {
$nick = $name;
}
}
require_once 'library/urlify/URLify.php';
//.........这里部分代码省略.........