commit 1.4

Merge branch 'master' into dev

.gitignore

@@ -27,6 +27,8 @@ custom/
 apps/
 # default startpage
 home.html
+# page header plugin
+pageheader.html
 # Ignore site TOS
 doc/SiteTOS.md
 # themes except for redbasic

.homeinstall/README.md

@@ -0,0 +1,164 @@
+# Hubzilla at Home next to your Router
+
+Run hubzilla-setup.sh for an unattended installation of hubzilla.
+
+The script is known to work with Debian 8.3 stable (Jessie)
+
++ Home-PC (Debian-8.3.0-amd64)
++ DigitalOcean droplet (Debian 8.3 x64 / 512 MB Memory / 20 GB Disk / NYC3)
+
+# Step-by-Step Overwiew
+
+## Preconditions
+
+Hardware
+
++ Internet connection and router at home
++ Mini-pc connected to your router
++ USB drive for backups
+
+Software
+
++ Fresh installation of Debian on your mini-pc
++ Router with open ports 80 and 443 for your Debian
+
+## The basic steps (quick overview)
+
++ Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS)
++ Log on to your new debian (server)
+  - apt-get install git
+  - mkdir -p /var/www/html
+  - cd /var/www/html
+  - git clone https://github.com/redmatrix/hubzilla.git .
+  - cp .homeinstall/hubzilla-config.txt.template .homeinstall/hubzilla-config.txt
+  - nano .homeinstall/hubzilla-config.txt
+    - Enter your values there: db pass, domain, values for dyn DNS
+  - hubzilla-setup.sh as root
+    - ... wait, wait, wait until the script is finised
+  - reboot
++ Open your domain with a browser and step throught the initial configuration of hubzilla.
+
+# Step-by-Step in Detail
+
+## Preparations Hardware
+
+### Mini-PC
+
+### Recommended: USB Drive for Backups
+
+The installation will create a daily backup.
+
+If the backup process does not find an external device than the backup goes to
+the internal disk.
+
+The USB drive must be compatible with an encrpyted filesystem LUKS + ext4.
+
+## Preparations Software
+
+### Install Debian Linux on the Mini-PC
+
+Download the stable Debian at https://www.debian.org/
+
+Create bootable USB drive with Debian on it. You could use the programm
+unetbootin, https://en.wikipedia.org/wiki/UNetbootin
+
+Switch of your mini pc, plug in your USB drive and start the mini pc from the
+stick. Install Debian. Follow the instructions of the installation.
+
+### Configure your Router
+
+Open the ports 80 and 443 on your router for your Debian
+
+## Preparations Dynamic IP Address
+
+Your Hubzilla must be reachable by a domain that you can type in your browser
+
+    cooldomain.org
+
+You can use subdomains as well
+
+    my.cooldomain.org
+
+There are two way to get a domain
+
+- buy a domain (recommended) or
+- register a free subdomain
+
+### Method 1: Get yourself an own Domain (recommended)
+
+...for example at selfHOST.de
+
+### Method 2 Register a (free) Subdomain
+
+Register a free subdomain for example at
+
+- freeDNS
+- selfHOST
+
+WATCH THIS: A free subdomain is not the prefered way to get a domain name. Why?
+
+Let's encrpyt issues a limited number of certificates each
+day. Possibly other users of this domain will try to issue a certificate
+at the same day as you do. So make sure you choose a domain with as less subdomains as
+possible.
+
+## Install Hubzilla on your Debian
+
+Login to your debian
+(Provided your username is "you" and the name of the mini pc is "debian". You
+could take the IP address instead of "debian")
+
+    ssh -X you@debian
+
+Change to root user
+
+    su -l
+
+Install git
+
+    apt-get install git
+
+Make the directory for apache and change diretory to it
+
+    mkdir /var/www
+    cd /var/www/
+
+Clone hubzilla from git ("git pull" will update it later)
+
+    git clone https://github.com/redmatrix/hubzilla html
+
+Change to the install script
+
+    cd html/.homeinstall/
+    
+Copy the template file
+    
+    cp hubzilla-config.txt.template hubzilla-config.txt
+
+Change the file "hubzilla-config.txt". Read the instructions there and enter your values.
+
+    nano hubzilla-config.txt
+
+Run the script
+
+     ./hubzilla-setup.sh
+
+Wait... The script should not finish with an error message.
+
+In a webbrowser open your domain.
+Expected: A test page of hubzilla is shown. All checks there shoulg be
+successfull. Go on...
+Expected: A page for the Hubzilla server configuration shows up.
+
+Leave db server name "127.0.0.1" and port "0" untouched.
+
+Enter
+
+- DB user name = hubzilla
+- DB pass word = This is the password you entered in "hubzilla-config.txt"
+- DB name = hubzilla
+
+Leave db type "MySQL" untouched.
+
+Follow the instructions in the next pages.
+

.homeinstall/hubzilla-config.txt.template

@@ -0,0 +1,177 @@
+###############################################
+### MANDATORY - database password #############
+#
+# Please give your database password
+#   Example: db_pass=pass_word_with_no_blanks_in_it
+#   Example: db_pass="this password has blanks in it"
+db_pass=
+
+###############################################
+### MANDATORY - let's encrypt #################
+#
+# Hubilla requires encrypted communication via secure HTTP (HTTPS).
+# This script automates installation of an SSL certificate from
+# Let's Encrypt (https://letsencrypt.org)
+#
+# Please give the domain name of your hub
+#
+#     Example: my.cooldomain.org
+#     Example: cooldomain.org
+#
+# Email is optional
+#
+#
+le_domain=
+le_email=
+
+###############################################
+### OPTIONAL - selfHOST - dynamic IP address ##
+#
+# 1. Register a domain at selfhost.de
+#    - choose offer "DOMAIN dynamisch" 1,50€/mon at 08.01.2016
+# 2. Get your configuration for dynamic IP update
+#    - Log in at selfhost.de
+#    - go to "DynDNS Accounte"
+#    - klick "Details" of your (freshly) registered domain
+#    - You will find the configuration there
+#      - Benutzername (user name) > use this for "selfhost_user="
+#      - Passwort (pass word) > use this for "selfhost_pass="
+#
+#
+selfhost_user=
+selfhost_pass=
+
+###############################################
+### OPTIONAL - FreeDNS - dynamic IP address ###
+#
+# Please give the alpha-numeric-key of freedns
+#
+# Get a free subdomain from freedns and use it for your dynamic ip address
+# Documentation under http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html
+#
+# - Register for a Free domain at http://freedns.afraid.org/signup/
+# - WATCH THIS: Make sure you choose a domain with as less subdomains as
+#   possible. Why? Let's encrpyt issues a limited count of certificates each
+#   day. Possible other users of this domain will try to issue a certificate
+#   at the same day.
+# - Logon to FreeDNS (where you just registered)
+# - Goto http://freedns.afraid.org/dynamic/
+# - Right click on "Direct Link" and copy the URL and paste it somewhere.
+# - You should notice a large and unique alpha-numeric key in the URL
+#
+#       http://freedns.afraid.org/dynamic/update.php?alpha-numeric-key
+#
+#   Provided your url from freedns is
+#
+#	http://freedns.afraid.org/dynamic/update.php?U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#   Then you have to provide
+#
+#       freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#
+#freedns_key=
+
+
+###############################################
+### OPTIONAL - Backup to external device ######
+#
+# The script can use an external device for the daily backup.
+# The file system of the device (USB stick for example) must be compatible
+# with encrypted LUKS + ext4
+#
+# You should test to mount the device befor you run the script
+# (hubzilla-setup.sh).
+# How to find your (pluged-in) devices?
+#
+#     fdisk -l
+#
+# Provided your device was listed as is /dev/sdb1. You could check with:
+#
+#     blkid | grep /dev/sdb1
+#
+# Try to decrypt
+# (You might install cryptsetup befor using apt-get install.
+#
+#     apt-get install cryptsetup
+#     cryptsetup luksOpen /dev/sdb1 cryptobackup
+#
+# Try to mount
+# You might create the directory /media/hubzilla_backup it it does not exist
+# using mkdir.
+#
+#     mkdir /media/hubzilla_backup
+#     mount /dev/mapper/cryptobackup /media/hubzilla_backup
+# 
+# Unmounting device goes like this
+# 
+#     umount /media/hubzilla_backup
+#     cryptsetup luksClose cryptobackup
+#
+# To check if still mounted
+#
+#     lsof /media/hubzilla_backup
+#
+# If you leave the following parameters
+# - "backup_device_name" and
+# - "backup_device_pass"
+# empty the script will create daily backups on the internal disk (which could
+# save you as well).
+#
+#   Example: backup_device_name=/dev/sdc1
+#
+backup_device_name=
+backup_device_pass=
+
+
+###############################################
+### OPTIONAL - Owncloud - deprecated ##########
+#
+# To install owncloud: owncloud=y
+# Leave empty if you don't want to install owncloud
+#
+#owncloud=
+
+
+
+###############################################
+### OPTIONAL - do not mess with things below ##
+#              (...if you are not certain)
+#
+# Usually you are done here
+# Everything below is OPTIONAL
+#
+###############################################
+#
+# Database for hubzilla
+hubzilla_db_name=hubzilla
+hubzilla_db_user=hubzilla
+hubzilla_db_pass=$db_pass
+# 
+#
+# Password for package mysql-server
+#   Example: mysqlpass=aberhallo
+#   Example: mysqlpass="aber hallo has blanks in it"
+#
+mysqlpass=$db_pass
+
+# Password for package phpmyadmin
+#   Example: phpmyadminpass=aberhallo
+#   Example: phpmyadminpass="aber hallo has blanks in it"
+phpmyadminpass=$db_pass
+
+# TODO Prepare hubzilla for programmers
+# - install eclipse and plugins
+# - install xdebug to debug the php with eclipse
+# - weaken permissions on /var/www/html
+# - manual steps after this script
+#   * in eclipse: install plugins for php git hub
+#   * in eclipse: configure firefox (chrome,...) as browser to run with the php debuger
+#   * in eclipse: switch php debugger from zend to xdebug
+#   * in eclipse: add local hubzilla github repository
+#
+# Which user will use eclipse?
+# Leave this empty if you do not want to prepare hubzilla for debugging
+#
+#developer_name=
+

.homeinstall/hubzilla-setup.sh

@@ -0,0 +1,949 @@
+#!/bin/bash
+#
+# How to use
+# ----------
+# 
+# This file automates the installation of hubzilla under Debian Linux
+#
+# 1) Copy the file "hubzilla-config.txt.template" to "hubzilla-config.txt"
+#       Follow the instuctions there
+# 
+# 2) Switch to user "root" by typing "su -"
+# 
+# 3) Run with "./hubzilla-setup.sh"
+#       If this fails check if you can execute the script.
+#       - To make it executable type "chmod +x hubzilla-setup.sh"
+#       - or run "bash hubzilla-setup.sh"
+# 
+# 
+# What does this script do basically?
+# -----------------------------------
+# 
+# This file automates the installation of hubzilla under Debian Linux
+# - install
+#        * apache webserer, 
+#        * php,  
+#        * mysql - the database for hubzilla,  
+#        * phpmyadmin,  
+#        * git to download and update hubzilla itself
+# - download hubzilla core and addons
+# - configure cron
+#        * "poller.php" for regular background prozesses of hubzilla
+#        * to_do "apt-get update" and "apt-get dist-upgrade" to keep linux
+#          up-to-date
+#        * to_do backup hubzillas database and files (rsnapshot)
+# - configure dynamic ip with cron
+# - to_do letsencrypt
+# - to_do redirection to https
+# 
+# 
+# Discussion
+# ----------
+# 
+# Security - password  is the same for mysql-server, phpmyadmin and hubzilla db
+# - The script runs into installation errors for phpmyadmin if it uses
+#   different passwords. For the sake of simplicity one singel password.
+# 
+# Security - suhosin for PHP
+# - The script does not install suhosin.
+# - Is the security package suhosin usefull or not usefull?
+#
+# Hubzilla - email verification
+# - The script switches off email verification off in all htconfig.tpl.
+#   Example: /var/www/html/view/en/htconfig.tpl
+# - Is this a silly idea or not?
+#
+# 
+# Remove Hubzilla (for a fresh start using the script)
+# ----------------------------------------------------
+#
+# You could use /var/www/hubzilla-remove.sh
+# that is created by hubzilla-setup.sh.
+#
+# The script will remove (almost everything) what was installed by the script.
+# After the removal you could run the script again to have a fresh install
+# of all applications including hubzilla and its database.
+# 
+# How to restore from backup
+# --------------------------
+#
+# Daily backup
+# - - - - - - 
+# 
+# The installation
+# - writes a script /var/www/hubzilla-daily.sh
+# - creates a daily cron that runs the hubzilla-daily.sh
+#
+# hubzilla-daily.sh makes a (daily) backup of all relevant files
+# - /var/lib/mysql/ > hubzilla database
+# - /var/www/html/ > hubzilla from github
+# - /var/www/letsencrypt/ > certificates
+# 
+# hubzilla-daily.sh writes the backup
+# - either to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt)
+# - or to /var/cache/rsnapshot in case the external disk is not plugged in
+# 
+# Restore backup
+# - - - - - - - 
+# 
+# This was not tested yet.
+# Bacically you can copy the files from the backup to the server.
+# 
+# Credits
+# -------
+#
+# The script is based on Thomas Willinghams script "debian-setup.sh"
+# which he used to install the red#matrix.
+#
+# The script uses another script from https://github.com/lukas2511/letsencrypt.sh
+#
+# The documentation for bash is here
+# https://www.gnu.org/software/bash/manual/bash.html
+#
+function check_sanity {
+    # Do some sanity checking.
+    print_info "Sanity check..."
+    if [ $(/usr/bin/id -u) != "0" ]
+    then
+        die 'Must be run by root user'
+    fi
+
+    if [ -f /etc/lsb-release ]
+    then
+        die "Distribution is not supported"
+    fi
+    if [ ! -f /etc/debian_version ]
+    then
+        die "Ubuntu is not supported"
+    fi
+}
+
+function check_config {
+    print_info "config check..."
+    # Check for required parameters
+    if [ -z "$db_pass" ]
+    then
+        die "db_pass not set in $configfile"
+    fi     
+    if [ -z "$le_domain" ]
+    then
+        die "le_domain not set in $configfile"
+    fi   
+    # backup is important and should be checked
+	if [ -n "$backup_device_name" ]
+	then
+        device_mounted=0
+		if fdisk -l | grep -i "$backup_device_name.*linux"
+		then
+		    print_info "ok - filesystem of external device is linux"
+	        if [ -n "$backup_device_pass" ]
+	        then
+	            echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
+	            if [ ! -d /media/hubzilla_backup ]
+	            then
+	                mkdir /media/hubzilla_backup
+	            fi
+	            if mount /dev/mapper/cryptobackup /media/hubzilla_backup
+	            then
+                    device_mounted=1
+	                print_info "ok - could encrypt and mount external backup device"
+                	umount /media/hubzilla_backup
+	            else
+            		print_warn "backup to external device will fail because encryption failed"
+	            fi
+                cryptsetup luksClose cryptobackup
+            else
+	            if mount $backup_device_name /media/hubzilla_backup
+	            then
+                    device_mounted=1
+	                print_info "ok - could mount external backup device"
+                	umount /media/hubzilla_backup
+	            else
+            		print_warn "backup to external device will fail because mount failed"
+	            fi
+            fi
+		else
+        	print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
+		fi
+        if [ $device_mounted == 0 ]
+        then
+            die "backup device not ready"
+        fi
+	fi
+}
+
+function die {
+    echo "ERROR: $1" > /dev/null 1>&2
+    exit 1
+}
+
+
+function update_upgrade {
+    print_info "updated and upgrade..."
+    # Run through the apt-get update/upgrade first. This should be done before
+    # we try to install any package
+    apt-get -q -y update && apt-get -q -y dist-upgrade
+    print_info "updated and upgraded linux"
+}
+
+function check_install {
+    if [ -z "`which "$1" 2>/dev/null`" ]
+    then
+        # export DEBIAN_FRONTEND=noninteractive ... answers from the package
+        # configuration database
+        # - q ... without progress information
+        # - y ... answer interactive questions with "yes"
+        # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+        DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2
+        print_info "installed $2 installed for $1"
+    else
+        print_warn "$2 already installed"
+    fi
+}
+
+function nocheck_install {
+    # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
+    # - q ... without progress information
+    # - y ... answer interactive questions with "yes"
+    # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+    # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
+    DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
+    print_info "installed $1"
+}
+
+
+function print_info {
+    echo -n -e '\e[1;34m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function print_warn {
+    echo -n -e '\e[1;31m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function stop_hubzilla {
+    if [ -d /etc/apache2 ]
+    then
+        print_info "stopping apache webserver..."
+        service apache2 stop
+    fi
+    if [ -f /etc/init.d/mysql ]
+    then
+        print_info "stopping mysql db..."
+        /etc/init.d/mysql stop
+    fi
+}
+
+function install_apache {
+    print_info "installing apache..."
+    nocheck_install "apache2 apache2-utils"
+}
+
+function install_curl {
+    print_info "installing curl..."
+    nocheck_install "curl"
+}
+
+function install_sendmail {
+    print_info "installing sendmail..."
+    nocheck_install "sendmail sendmail-bin"
+}
+
+function install_php {
+    # openssl and mbstring are included in libapache2-mod-php5
+    # to_to:  php5-suhosin
+    print_info "installing php..."
+    nocheck_install "libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd"
+    php5enmod mcrypt
+}
+
+function install_mysql {
+    # http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
+    # 
+    # To determine the required package name, key and type you can perform
+    # a trial installation then search the configuration database.
+    # 
+    #     debconf-get-selections | grep mysql-server
+    #
+    # The command debconf-get-selections is provided by the package
+    # debconf-utils, which you may need to install.
+    #
+    #    apt-get install debconf-utils
+    #
+    # If you want to supply an answer to a configuration question but do not 
+    # want to be prompted for it then this can be arranged by preseeding the
+    # DebConf database with the required information.
+    #
+    #     echo mysql-server-5.5 mysql-server/root_password password xyzzy | debconf-set-selections
+    #     echo mysql-server-5.5 mysql-server/root_password_again password xyzzy | debconf-set-selections
+    #
+    print_info "installing mysql..."
+    if [ -z "$mysqlpass" ]
+    then
+        die "mysqlpass not set in $configfile"
+    fi
+    echo mysql-server-5.5 mysql-server/root_password password $mysqlpass | debconf-set-selections
+    echo mysql-server-5.5 mysql-server/root_password_again password $mysqlpass | debconf-set-selections
+    nocheck_install "php5-mysql mysql-server mysql-client"
+    php5enmod mcrypt
+}
+
+function install_phpmyadmin {
+    print_info "installing phpmyadmin..."
+    if [ -z "$phpmyadminpass" ]
+    then
+        die "phpmyadminpass not set in $configfile"
+    fi
+    echo phpmyadmin    phpmyadmin/setup-password password $phpmyadminpass | debconf-set-selections
+    echo phpmyadmin    phpmyadmin/mysql/app-pass password $phpmyadminpass | debconf-set-selections
+    echo phpmyadmin    phpmyadmin/app-password-confirm password $phpmyadminpass | debconf-set-selections
+    echo phpmyadmin    phpmyadmin/mysql/admin-pass    password $phpmyadminpass | debconf-set-selections
+    echo phpmyadmin    phpmyadmin/password-confirm    password $phpmyadminpass | debconf-set-selections
+    echo phpmyadmin    phpmyadmin/reconfigure-webserver multiselect apache2 | debconf-set-selections
+    nocheck_install "phpmyadmin"
+
+    # It seems to be not neccessary to check rewrite.load because it comes
+    # with the installation. To be sure you could check this manually by:
+    #
+    #    nano /etc/apache2/mods-available/rewrite.load
+    #
+    # You should find the content:
+    #
+    #    LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
+
+    a2enmod rewrite
+    if [ ! -f /etc/apache2/apache2.conf ]
+    then
+        die "could not find file /etc/apache2/apache2.conf"
+    fi
+    sed -i \
+        "s/AllowOverride None/AllowOverride all/" \
+        /etc/apache2/apache2.conf
+    if [ -z "`grep 'Include /etc/phpmyadmin/apache.conf' /etc/apache2/apache2.conf`" ]
+    then
+        echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
+    fi
+    service apache2 restart
+}
+
+function create_hubzilla_db {
+    print_info "creating hubzilla database..." 
+    if [ -z "$hubzilla_db_name" ]
+    then
+        die "hubzilla_db_name not set in $configfile"
+    fi     
+    if [ -z "$hubzilla_db_user" ]
+    then
+        die "hubzilla_db_user not set in $configfile"
+    fi     
+    if [ -z "$hubzilla_db_pass" ]
+    then
+        die "hubzilla_db_pass not set in $configfile"
+    fi
+    Q1="CREATE DATABASE IF NOT EXISTS $hubzilla_db_name;"
+    Q2="GRANT USAGE ON *.* TO $hubzilla_db_user@localhost IDENTIFIED BY '$hubzilla_db_pass';"
+    Q3="GRANT ALL PRIVILEGES ON $hubzilla_db_name.* to $hubzilla_db_user@localhost identified by '$hubzilla_db_pass';"
+    Q4="FLUSH PRIVILEGES;"
+    SQL="${Q1}${Q2}${Q3}${Q4}"     
+    mysql -uroot -p$phpmyadminpass -e "$SQL"
+}
+
+function run_freedns {
+    print_info "run freedns (dynamic IP)..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns was not started because 'freedns_key' is empty in $configfile"
+    else
+        if [ -n "$selfhost_user" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key       
+    fi
+}
+
+function install_run_selfhost {
+    print_info "install and start selfhost (dynamic IP)..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
+    else
+        if [ -n "$freedns_key" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        if [ -z "$selfhost_pass" ]
+        then
+            die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
+        fi
+        if [ ! -d $selfhostdir ]
+        then
+            mkdir $selfhostdir
+        fi
+        # the old way
+        # https://carol.selfhost.de/update?username=123456&password=supersafe
+        #
+        # the prefered way
+        wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
+        echo "router" > $selfhostdir/device
+        echo "$selfhost_user" > $selfhostdir/user
+        echo "$selfhost_pass" > $selfhostdir/pass
+        bash $selfhostdir/$selfhostscript update
+    fi
+}
+
+function ping_domain {
+    print_info "ping domain $domain..."
+    # Is the domain resolved? Try to ping 6 times à 10 seconds 
+    COUNTER=0    
+    for i in {1..6}
+    do
+        print_info "loop $i for ping -c 1 $domain ..."     
+        if ping -c 4 -W 1 $le_domain    
+        then
+            print_info "$le_domain resolved"
+            break
+        else 
+            if [ $i -gt 5 ]
+            then
+                die "Failed to: ping -c 1 $domain not resolved"
+            fi            
+        fi 
+        sleep 10
+    done
+    sleep 5
+}
+
+function configure_cron_freedns {
+    print_info "configure cron for freedns..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns is not configured because freedns_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 30 minutes
+        if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
+        then
+            echo "@reboot root https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+            echo "*/30 * * * * root wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for freedns was configured already"
+        fi       
+    fi
+}
+
+function configure_cron_selfhost {
+    print_info "configure cron for selfhost..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "freedns is not configured because freedns_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 30 minutes
+        if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
+        then
+            echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+            echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for selfhost was configured already"
+        fi        
+    fi
+}
+
+function install_git {
+    print_info "installing git..."
+    nocheck_install "git"
+}
+
+function install_letsencrypt {
+    print_info "installing let's encrypt ..."
+    # check if user gave domain
+    if [ -z "$le_domain" ]
+    then
+        die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
+    fi
+    # configure apache
+    apache_le_conf=/etc/apache2/sites-available/le-default.conf    
+    if [ -f $apache_le_conf ]
+    then
+        print_info "$apache_le_conf exist already"
+    else
+        cat > $apache_le_conf <<END
+# letsencrypt default Apache configuration
+Alias /.well-known/acme-challenge /var/www/letsencrypt
+
+<Directory /var/www/letsencrypt>
+    Options FollowSymLinks
+	Allow from all
+</Directory>
+END
+        a2ensite le-default.conf
+        service apache2 restart
+    fi
+    # download the shell script
+    if [ -d $le_dir ]
+    then
+        print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)"
+        return 0
+    fi
+    git clone https://github.com/lukas2511/letsencrypt.sh $le_dir
+    cd $le_dir
+    # create config file for letsencrypt.sh
+    echo "WELLKNOWN=$le_dir" > $le_dir/config.sh
+    if [ -n "$le_email" ]
+    then
+        echo "CONTACT_EMAIL=$le_email" >> $le_dir/config.sh
+    fi
+    # create domain file for letsencrypt.sh
+    # WATCH THIS:
+    #    - It did not work wit "sub.domain.org www.sub.domain.org".
+    #    - So just use "sub.domain.org" only!
+    echo "$le_domain" > $le_dir/domains.txt
+    # test apache config for letsencrpyt
+    url_http=http://$le_domain/.well-known/acme-challenge/domains.txt
+    wget_output=$(wget -nv --spider --max-redirect 0 $url_http)
+    if [ $? -ne 0 ]
+    then
+        die "Failed to load $url_http"
+    fi
+    # run letsencrypt.sh
+    # 
+    ./letsencrypt.sh --cron
+}
+
+function configure_apache_for_https {
+    print_info "configuring apache to use httpS ..."
+    # letsencrypt.sh
+    #
+    #   "${BASEDIR}/certs/${domain}/privkey.pem"
+    #   "${BASEDIR}/certs/${domain}/cert.pem"
+    #   "${BASEDIR}/certs/${domain}/fullchain.pem"
+    #
+    SSLCertificateFile=${le_dir}/certs/${le_domain}/cert.pem
+    SSLCertificateKeyFile=${le_dir}/certs/${le_domain}/privkey.pem
+    SSLCertificateChainFile=${le_dir}/certs/${le_domain}/fullchain.pem
+    if [ ! -f $SSLCertificateFile ]
+    then
+        print_warn "Failed to configure apache for httpS: Missing certificate file $SSLCertificateFile" 
+        return 0  
+    fi
+    # make sure that the ssl mode is enabled
+    print_info "...configuring apache to use httpS - a2enmod ssl ..."
+    a2enmod ssl
+    # modify apach' ssl conf file 
+    if grep -i "ServerName" $sslconf
+    then
+        print_info "seems that apache was already configered to use httpS with $sslconf"
+    else
+        sed -i "s/ServerAdmin.*$/ServerAdmin webmaster@localhost\\n        ServerName ${le_domain}/" $sslconf 
+    fi     
+    sed -i s#/etc/ssl/certs/ssl-cert-snakeoil.pem#$SSLCertificateFile# $sslconf 
+    sed -i s#/etc/ssl/private/ssl-cert-snakeoil.key#$SSLCertificateKeyFile# $sslconf 
+    sed -i s#/etc/apache2/ssl.crt/server-ca.crt#$SSLCertificateChainFile# $sslconf 
+    sed -i s/#SSLCertificateChainFile/SSLCertificateChainFile/ $sslconf 
+    # apply changes
+    a2ensite default-ssl.conf
+    service apache2 restart
+}
+
+function check_https {
+    print_info "checking httpS > testing ..."
+    url_https=https://$le_domain
+    wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
+    if [ $? -ne 0 ]
+    then
+        print_warn "check not ok"
+    else
+        print_info "check ok"
+    fi
+}
+
+function install_hubzilla {
+    print_info "installing hubzilla..."
+    # rm -R /var/www/html/ # for "stand alone" usage
+    cd /var/www/
+    # git clone https://github.com/redmatrix/hubzilla html # for "stand alone" usage
+    cd html/
+    git clone https://github.com/redmatrix/hubzilla-addons addon
+    mkdir -p "store/[data]/smarty3"
+    chmod -R 777 store
+    touch .htconfig.php
+    chmod ou+w .htconfig.php
+    install_hubzilla_plugins
+    cd /var/www/
+    chown -R www-data:www-data html
+	chown root:www-data /var/www/html/
+	chown root:www-data /var/www/html/.htaccess
+	chmod 0644 /var/www/html/.htaccess
+    # try to switch off email registration
+    sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht*
+    if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ]
+    then
+        print_warn "Hubzillas registration prozess might have email verification switched on."
+    fi
+    print_info "installed hubzilla"
+}
+
+function install_hubzilla_plugins {
+    print_info "installing hubzilla plugins..."
+    cd /var/www/html
+    plugin_install=.homeinstall/plugin_install.txt
+    theme_install=.homeinstall/theme_install.txt
+    # overwrite script to update the plugin and themes
+    rm -f $plugins_update
+    echo "cd /var/www/html" >> $plugins_update
+    ###################
+    # write plugin file
+    if [ ! -f "$plugin_install" ]
+    then
+        echo "# To install a plugin" >> $plugin_install
+        echo "# 1. add the plugin in a new line and run" >> $plugin_install
+        echo "# 2. run" >> $plugin_install
+        echo "#   cd /var/www/html/.homeinstall" >> $plugin_install
+        echo "#   ./hubzilla-setup.sh" >> $plugin_install
+        echo "https://gitlab.com/zot/ownmapp.git ownMapp" >> $plugin_install
+        echo "https://gitlab.com/zot/hubzilla-chess.git chess" >> $plugin_install
+    fi
+    # install plugins
+    while read -r line; do
+        [[ "$line" =~ ^#.*$ ]] && continue
+        p_url=$(echo $line | awk -F' ' '{print $1}')
+        p_name=$(echo $line | awk -F' ' '{print $2}')
+        # basic check of format
+	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
+	    then
+            # install addon
+            util/add_addon_repo $line
+            util/update_addon_repo $p_name # not sure if this line is neccessary
+            echo "util/update_addon_repo $p_name" >> $plugins_update
+        else
+            print_info "skipping installation of a plugin from file $plugin_install - something wrong with format in line: $line"
+	    fi
+    done < "$plugin_install"
+    ###################
+    # write theme file
+    if [ ! -f "$theme_install" ]
+    then
+        echo "# To install a theme" >> $theme_install
+        echo "# 1. add the theme in a new line and run" >> $theme_install
+        echo "# 2. run" >> $theme_install
+        echo "#   cd /var/www/html/.homeinstall" >> $theme_install
+        echo "#   ./hubzilla-setup.sh" >> $theme_install
+        echo "https://github.com/DeadSuperHero/hubzilla-themes.git DeadSuperHeroThemes" >> $theme_install
+
+    fi
+    # install plugins
+    while read -r line; do
+        [[ "$line" =~ ^#.*$ ]] && continue
+        p_url=$(echo $line | awk -F' ' '{print $1}')
+        p_name=$(echo $line | awk -F' ' '{print $2}')
+        # basic check of format
+	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
+	    then
+            # install addon
+            util/add_theme_repo $line
+            util/update_theme_repo $p_name # not sure if this line is neccessary
+            echo "util/update_theme_repo $p_name" >> $plugins_update
+        else
+            print_info "skipping installation of a theme from file $theme_install - something wrong with format in line: $line"
+	    fi
+    done < "$theme_install"
+    print_info "installed hubzilla plugins and themes"
+}
+
+function rewrite_to_https {
+    print_info "configuring apache to redirect http to httpS ..."
+    htaccessfile=/var/www/html/.htaccess
+    if grep -i "https" $htaccessfile
+    then
+        print_info "...configuring apache to redirect http to httpS was already done in $htaccessfile"
+    else
+        sed -i "s#QSA]#QSA]\\n  RewriteCond %{SERVER_PORT} !^443$\\n  RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]#" $htaccessfile 
+    fi     
+    service apache2 restart
+}
+
+
+function install_owncloud {
+    if [ -z "$owncloud" ]
+    then
+    	print_info "Do not install owncloud"
+        return 0
+    fi  
+    if [ -f /etc/apt/sources.list.d/owncloud.list ]
+    then
+        print_info "owncloud is already installed and is left untouched"
+        return 0
+    fi
+    print_info "installing owncloud..."
+    # add the repository key to apt
+    wget -nv https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key -O Release.key
+    apt-key add - < Release.key
+    # add the repository and install from there
+    sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list"
+    apt-get update
+    nocheck_install "owncloud"
+    chown -R www-data:www-data /var/www/owncloud/
+	# set strong permissions
+    ocpath='/var/www/owncloud'
+    htuser='www-data'
+    htgroup='www-data'
+    rootuser='root' # On QNAP this is admin
+    find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
+    find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
+    chown -R ${rootuser}:${htgroup} ${ocpath}/
+    chown -R ${htuser}:${htgroup} ${ocpath}/apps/
+    chown -R ${htuser}:${htgroup} ${ocpath}/config/
+    chown -R ${htuser}:${htgroup} ${ocpath}/data/
+    chown -R ${htuser}:${htgroup} ${ocpath}/themes/
+    chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
+    chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
+    chmod 0644 ${ocpath}/.htaccess
+    chmod 0644 ${ocpath}/data/.htaccess
+}
+
+# This will allways overwrite both config files
+#   - internal disk
+#   - external disk (LUKS + ext4)
+#  of rsnapshot for hubzilla
+function install_rsnapshot {
+    print_info "installing rsnapshot..."
+    nocheck_install "rsnapshot"
+	# internal disk
+    cp -f /etc/rsnapshot.conf $snapshotconfig   
+    sed -i "/hourly/s/retain/#retain/" $snapshotconfig 
+    sed -i "/monthly/s/#retain/retain/" $snapshotconfig 
+    sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig
+    sed -i "s/^backup/#backup/" $snapshotconfig
+    if [ -z "`grep 'letsencrypt' $snapshotconfig`" ]
+    then
+		echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig
+		echo "backup	/var/www/html/	localhost/" >> $snapshotconfig
+		echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig
+    fi
+	# external disk
+	if [ -n "$backup_device_name" ] && [ -n "$backup_device_pass" ]
+	then
+		cp -f /etc/rsnapshot.conf $snapshotconfig_external_device   
+		sed -i "s#snapshot_root.*#snapshot_root	$backup_mount_point#" $snapshotconfig_external_device
+		sed -i "/hourly/s/retain/#retain/" $snapshotconfig_external_device 
+		sed -i "/monthly/s/#retain/retain/" $snapshotconfig_external_device 
+		sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device
+		sed -i "s/^backup/#backup/" $snapshotconfig_external_device
+		if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ]
+		then
+			echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig_external_device
+			echo "backup	/var/www/html/	localhost/" >> $snapshotconfig_external_device
+			echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig_external_device
+		fi
+    else
+        print_info "No backup configuration (rsnapshot) for external device configured. Reason: backup_device_name and/or backup_device_pass not given in $configfile"
+	fi
+}
+
+function install_cryptosetup {
+    print_info "installing cryptsetup..."
+    nocheck_install "cryptsetup"
+}
+
+function configure_cron_daily {
+    print_info "configuring cron..."
+    # every 10 min for poller.php
+    if [ -z "`grep 'poller.php' /etc/crontab`" ]
+    then
+        echo "*/10 * * * * www-data cd /var/www/html; php include/poller.php >> /dev/null 2>&1" >> /etc/crontab
+    fi
+    # Run external script daily at 05:30
+    # - stop apache and mysql-server
+    # - backup hubzilla
+    # - update hubzilla core and addon
+    # - update and upgrade linux
+    # - reboot
+echo "#!/bin/sh" > /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "echo \" \"" >> /var/www/$hubzilladaily
+echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
+echo "echo \" \"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - renew certificat if 30 days old...\"" >> /var/www/$hubzilladaily
+echo "bash /var/www/letsencrypt/letsencrypt.sh --cron" >> /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "# stop hubzilla" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - stoping apaache and mysql...\"" >> /var/www/$hubzilladaily
+echo "service apache2 stop" >> /var/www/$hubzilladaily
+echo "/etc/init.d/mysql stop # to avoid inconsistancies" >> /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "# backup" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$hubzilladaily
+echo "backup_device_name=$backup_device_name" >> /var/www/$hubzilladaily
+echo "backup_device_pass=$backup_device_pass" >> /var/www/$hubzilladaily
+echo "backup_mount_point=$backup_mount_point" >> /var/www/$hubzilladaily
+echo "device_mounted=0" >> /var/www/$hubzilladaily
+echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$hubzilladaily
+echo "then" >> /var/www/$hubzilladaily
+echo "    if blkid | grep $backup_device_name" >> /var/www/$hubzilladaily
+echo "    then" >> /var/www/$hubzilladaily
+	if [ -n "$backup_device_pass" ]
+	then
+echo "        echo \"decrypting backup device...\"" >> /var/www/$hubzilladaily
+echo "        echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$hubzilladaily
+    fi
+echo "        if [ ! -d $backup_mount_point ]" >> /var/www/$hubzilladaily
+echo "        then" >> /var/www/$hubzilladaily
+echo "            mkdir $backup_mount_point" >> /var/www/$hubzilladaily
+echo "        fi" >> /var/www/$hubzilladaily
+echo "        echo \"mounting backup device...\"" >> /var/www/$hubzilladaily
+	if [ -n "$backup_device_pass" ]
+	then
+echo "        if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$hubzilladaily
+	else
+echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$hubzilladaily
+	fi
+echo "        then" >> /var/www/$hubzilladaily
+echo "            device_mounted=1" >> /var/www/$hubzilladaily
+echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily
+echo "			rsnapshot -c $snapshotconfig_external_device daily" >> /var/www/$hubzilladaily
+echo "			rsnapshot -c $snapshotconfig_external_device weekly" >> /var/www/$hubzilladaily
+echo "			rsnapshot -c $snapshotconfig_external_device monthly" >> /var/www/$hubzilladaily
+echo "			echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
+echo "			df -h" >> /var/www/$hubzilladaily
+echo "			echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
+echo "			du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily
+echo "            echo \"unmounting backup device...\"" >> /var/www/$hubzilladaily
+echo "            umount $backup_mount_point" >> /var/www/$hubzilladaily
+echo "        else" >> /var/www/$hubzilladaily
+echo "            echo \"failed to mount device $backup_device_name\"" >> /var/www/$hubzilladaily
+echo "        fi" >> /var/www/$hubzilladaily
+	if [ -n "$backup_device_pass" ]
+	then
+echo "        echo \"closing decrypted backup device...\"" >> /var/www/$hubzilladaily
+echo "        cryptsetup luksClose cryptobackup" >> /var/www/$hubzilladaily
+	fi
+echo "    fi" >> /var/www/$hubzilladaily
+echo "fi" >> /var/www/$hubzilladaily
+echo "if [ \$device_mounted == 0 ]" >> /var/www/$hubzilladaily
+echo "then" >> /var/www/$hubzilladaily
+echo "    echo \"device could not be mounted $backup_device_name. Using internal disk for backup...\"" >> /var/www/$hubzilladaily
+echo "	rsnapshot -c $snapshotconfig daily" >> /var/www/$hubzilladaily
+echo "	rsnapshot -c $snapshotconfig weekly" >> /var/www/$hubzilladaily
+echo "	rsnapshot -c $snapshotconfig monthly" >> /var/www/$hubzilladaily
+echo "fi" >> /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
+echo "du -h /var/cache/rsnapshot/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "# update" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating letsencrypt.sh...\"" >> /var/www/$hubzilladaily
+echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
+echo "git -C /var/www/html/ pull" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating hubhilla addons...\"" >> /var/www/$hubzilladaily
+echo "git -C /var/www/html/addon/ pull" >> /var/www/$hubzilladaily
+echo "bash /var/www/html/$plugins_update" >> /var/www/$hubzilladaily
+echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
+echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
+echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily
+echo "apt-get -q -y update && apt-get -q -y dist-upgrade # update linux and upgrade" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - Backup hubzilla and update linux finished. Rebooting...\"" >> /var/www/$hubzilladaily
+echo "#" >> /var/www/$hubzilladaily
+echo "reboot" >> /var/www/$hubzilladaily
+
+    if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ]
+    then
+        echo "30 05 * * * root /bin/bash /var/www/$hubzilladaily >> /var/www/html/hubzilla-daily.log 2>&1" >> /etc/crontab
+        echo "0 0 1 * * root rm /var/www/html/hubzilla-daily.log" >> /etc/crontab
+    fi
+
+    # This is active after either "reboot" or "/etc/init.d/cron reload"
+    print_info "configured cron for updates/upgrades"
+}
+
+function write_uninstall_script {
+    print_info "writing uninstall script..."
+
+    cat > /var/www/hubzilla-remove.sh <<END
+#!/bin/sh
+#
+# This script removes Hubzilla.
+# You might do this for a fresh start using the script.
+# The script will remove (almost everything) what was installed by the script,
+# all applications including hubzilla and its database.
+#
+# Backup the certificates of letsencrypt (you never know)
+cp -a /var/www/letsencrypt/ ~/backup_le_certificats
+#
+# Removal
+apt-get remove apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
+apt-get purge apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
+apt-get autoremove
+apt-get clean
+rm /etc/rsnapshot_hubzilla.conf
+rm /etc/rsnapshot_hubzilla_external_device.conf
+rm -R /etc/apache2/
+rm -R /var/lib/mysql/
+rm -R /var/www
+rm -R /etc/selfhost/
+# uncomment the next line if you want to remove the backups
+# rm -R /var/cache/rsnapshot
+nano /etc/crontab # remove entries there manually
+END
+    chmod -x /var/www/hubzilla-remove.sh
+}
+
+########################################################################
+# START OF PROGRAM 
+########################################################################
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+check_sanity
+
+# Read config file edited by user
+configfile=hubzilla-config.txt
+source $configfile
+
+selfhostdir=/etc/selfhost
+selfhostscript=selfhost-updater.sh
+hubzilladaily=hubzilla-daily.sh
+plugins_update=.homeinstall/plugins_update.sh
+snapshotconfig=/etc/rsnapshot_hubzilla.conf
+snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf
+backup_mount_point=/media/hubzilla_backup
+le_dir=/var/www/letsencrypt
+sslconf=/etc/apache2/sites-available/default-ssl.conf
+
+#set -x    # activate debugging from here
+
+check_config
+stop_hubzilla
+update_upgrade
+install_curl
+install_sendmail
+install_apache
+install_php
+install_mysql
+install_phpmyadmin
+create_hubzilla_db
+run_freedns
+install_run_selfhost
+ping_domain
+configure_cron_freedns
+configure_cron_selfhost
+install_git
+install_letsencrypt
+configure_apache_for_https
+check_https
+install_hubzilla
+rewrite_to_https
+# install_owncloud # deprecated
+install_rsnapshot
+configure_cron_daily
+install_cryptosetup
+write_uninstall_script
+
+#set +x    # stop debugging from here
+

.htaccess

@@ -24,7 +24,11 @@ AddType audio/ogg .oga
   # Also place auth information into REMOTE_USER for sites running
   # in CGI mode.
 
+  RewriteCond %{REQUEST_URI} ^/\.well\-known/.*
+  RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]
+
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule ^(.*)$ index.php?q=$1 [E=REMOTE_USER:%{HTTP:Authorization},L,QSA]
 </IfModule>
+

.openshift/README.md

@@ -0,0 +1,94 @@
+#Hubzilla on OpenShift
+You will notice a new .openshift folder when you fetch from upstream, i.e. from https://github.com/redmatrix/hubzilla.git , which contains a deploy script to set up Hubzilla on OpenShift.
+
+Create an account on OpenShift, then use the registration e-mail and password to create your first Hubzilla instance. Install git and RedHat's command line tools - rhc - if you have not already done so.
+
+```
+rhc app-create your_app_name php-5.4 mysql-5.5 cron phpmyadmin --namespace your_domain --from-code https://github.com/redmatrix/hubzilla.git -l your@email.address -p your_account_password
+```
+
+Make a note of the database username and password OpenShift creates for your instance, and use these at https://your_app_name-your_domain.rhcloud.com/ to complete the setup.
+
+NOTE: PostgreSQL is NOT supported by the deploy script yet.
+
+Update
+To update, consider your own workflow first. I have forked Hubzilla code into my GitHub account to be able to try things out, this remote repo is called origin. Here is how I fetch new code from upstream, merge into my local repo, then push the updated code both into origin and the remote repo called openshift.
+
+```
+git fetch upstream;git checkout master;git merge upstream/master;git push origin;git push openshift HEAD
+```
+
+##Administration
+Symptoms of need for MySQL database administration are:
+- you can visit your domain and see the Hubzilla frontpage, but trying to login throws you back to login. This can mean your session table is marked as crashed.
+- you can login, but your channel posts are not visible. This can mean your item table is marked as crashed.
+- you can login and you can see your channel posts, but apparently nobody is getting your posts, comments, likes and so on. This can mean your outq table is marked as crashed.
+
+You can check your OpenShift logs by doing
+
+```
+rhc tail -a your_app_name -n your_domain -l your@email.address -p your_account_password 
+```
+
+and you might be able to confirm the above suspicions about crashed tables, or other problems you need to fix. 
+
+###How to fix crashed tables in MySQL
+Using MySQL and the MyISAM database engine can result in table indexes coming out of sync, and you have at least two options for fixing tables marked as crashed.
+- Use the database username and password OpenShift creates for your instance at https://your_app_name-your_domain.rhcloud.com/phpmyadmin/ to login via the web into your phpMyAdmin web interface, click your database in the left column, in the right column scroll down to the bottom of the list of tables and click the checkbox for marking all tables, then select Check tables from the drop down menu. This will check the tables for problems, and you can then checkmark only those tables with problems, and select Repair table from the same drop down menu at the bottom.
+- You can login to your instance with SSH - see OpenShift for details - then
+
+```
+cd mysql/data/your_database
+myisamchk -r *.MYI
+```
+
+or if you get
+
+```
+Can't create new tempfile
+```
+
+check your OpenShift's gear quota with
+
+```
+quota -gus
+```
+
+and if you are short on space, then locally (not SSH) do
+
+```
+rhc app-tidy your_app_name -l your_login -p your_password
+```
+
+to have rhc delete temporary files and OpenShift logs to free space first, then check the size of your local repo dir and execute
+
+```
+git gc
+```
+
+against it and check the size again, and then to minimize your remote repo connect via SSH to your application gear and execute the same command against it by changing to the remote repo directory - your repo should be in
+
+```
+~/git/your_app_name.git
+```
+
+(if not, do find -size +1M to find it), then do
+
+```
+cd ~/mysql/data/yourdatabase
+myisamchk -r -v -f*.MYI
+```
+
+and hopefully your database tables are now okay.
+
+##NOTES
+Note 1: definitely DO turn off feeds and discovery by default if you are on the Free or Bronze plan on OpenShift with a single 1Gb gear by visiting https://your-app-name.rhcloud.com/admin/site when logged in as administrator of your Hubzilla site.
+Note 2: DO add the above defaults into the deploy script.
+Note 3: DO add git gc to the deploy script to clean up git.
+Note 4: MAYBE DO add myisamchk - only checking? to the end of the deploy script.
+
+The OpenShift `php` cartridge documentation can be found at:
+http://openshift.github.io/documentation/oo_cartridge_guide.html#php
+
+For information about .openshift directory, consult the documentation:
+http://openshift.github.io/documentation/oo_user_guide.html#the-openshift-directory

.openshift/action_hooks/README.md

@@ -0,0 +1,3 @@
+For information about action hooks, consult the documentation:
+
+http://openshift.github.io/documentation/oo_user_guide.html#action-hooks

.openshift/action_hooks/deploy

@@ -0,0 +1,218 @@
+#!/bin/bash
+# This deploy hook gets executed after dependencies are resolved and the
+# build hook has been run but before the application has been started back
+# up again. This script gets executed directly, so it could be python, php,
+# ruby, etc.
+
+# Bash help: http://www.panix.com/~elflord/unix/bash-tute.html
+
+# For information about action hooks supported by OpenShift, consult the documentation:
+# http://openshift.github.io/documentation/oo_user_guide.html#the-openshift-directory
+
+####
+
+# Hubzilla specific deploy script
+
+# Place this file in /.openshift/action_hooks/ (The .openshift folder will be in the root of your repo)
+# The file name should be "deploy" such that you have:
+# .openshift/action_hooks/deploy
+
+# Conventions: Vars in curley braces have the slash after implied so no need to add it.
+# e.g. ${OPENSHIFT_REPO_DIR}php/foobar = /repo/php/foobar
+# See all OpenShift vars here:
+# https://www.openshift.com/developers/openshift-environment-variables
+
+# HME - NOTE - leftover from original openshift-drupal-deploy
+# In config.php you can leverage the enviroment variables like this:
+# // Define env vars.
+# if (array_key_exists('OPENSHIFT_APP_NAME', $_SERVER)) {
+#  $src = $_SERVER;
+# } else {
+#  $src = $_ENV;
+# }
+#
+# $conf["file_private_path"] = $src['OPENSHIFT_DATA_DIR'] . "private";
+# $conf["file_temporary_path"] = $src['OPENSHIFT_DATA_DIR'] . "tmp";
+
+
+####
+
+# Start Deploy
+
+echo "Starting Deploy..."
+
+# Let's create the Hubzilla files directory in the Openshift data folder ($OPENSHIFT_DATA_DIR).
+
+echo "Check for the files directory called store, if not created - create it"
+
+if [ ! -d ${OPENSHIFT_DATA_DIR}store ]; then
+mkdir -p ${OPENSHIFT_DATA_DIR}"store/[data]/smarty3"
+echo "Done creating files directory"
+
+else
+
+echo "The files directory called store already exists"
+
+fi
+
+####
+
+# Set permissions on the files directory.
+
+echo "Now chmod 777 -R files"
+
+chmod -R 777 ${OPENSHIFT_DATA_DIR}store
+
+echo "chmod done, permissions set to 777"
+
+####
+
+# Symlink our files folder to the repo.
+
+# Note the "php" directory below seems to be the best way to serve OpenShift files.
+# This is good as that allows us for directories one level above such as tmp and private
+
+echo "Create sym links for writeable directories"
+
+ln -sf ${OPENSHIFT_DATA_DIR}store ${OPENSHIFT_REPO_DIR}store
+
+echo "Files sym links created"
+
+####
+
+# Copy .htconfig.php from the repo, rename it and place it in the data directory.
+# if it's there already, skip it.
+
+if [ ! -f ${OPENSHIFT_DATA_DIR}.htconfig.php ];
+
+then
+
+cp ${OPENSHIFT_REPO_DIR}.htconfig.php ${OPENSHIFT_DATA_DIR}.htconfig.php
+
+echo ".htconfig.php copied."
+
+else
+
+echo "Looks like the .htconfig.php file is already there, we won't overwrite it."
+
+fi
+
+####
+
+# symlink the .htconfig.php file.
+
+echo "Create sym link for .htconfig.php"
+
+ln -sf ${OPENSHIFT_DATA_DIR}.htconfig.php ${OPENSHIFT_REPO_DIR}.htconfig.php
+
+echo ".htconfig.php symlink created"
+
+####
+# Copy .htaccess from the repo, rename it and place it in the data directory.
+# if it's there already, skip it.
+
+if [ ! -f ${OPENSHIFT_DATA_DIR}.htaccess ];
+
+then
+
+cp ${OPENSHIFT_REPO_DIR}.htaccess ${OPENSHIFT_DATA_DIR}.htaccess
+
+echo ".htaccess copied."
+
+else
+
+echo "Looks like the .htaccess file is already there, we won't overwrite it."
+
+fi
+
+####
+
+# symlink the .htaccess file.
+
+echo "Create sym link for .htaccess"
+
+ln -sf ${OPENSHIFT_DATA_DIR}.htaccess ${OPENSHIFT_REPO_DIR}.htaccess
+
+echo ".htaccess symlink created"
+
+####
+
+echo "Check for the poller at .openshift/cron/minutely/poller , if not created - create it"
+
+if [ ! -f ${OPENSHIFT_REPO_DIR}.openshift/cron/minutely/poller ]; then
+printf '%s\n' '#!/bin/bash' 'if [ ! -f $OPENSHIFT_DATA_DIR/last_run ]; then' '  touch $OPENSHIFT_DATA_DIR/last_run' 'fi' 'if [[ $(find $OPENSHIFT_DATA_DIR/last_run -mmin +9) ]]; then #run every 10 mins' '  rm -f $OPENSHIFT_DATA_DIR/last_run' '  touch $OPENSHIFT_DATA_DIR/last_run' '  # The command(s) that you want to run every 10 minutes' 'cd /var/lib/openshift/${OPENSHIFT_APP_UUID}/app-root/repo; /opt/rh/php54/root/usr/bin/php include/poller.php' 'fi' >${OPENSHIFT_REPO_DIR}.openshift/cron/minutely/poller
+echo "Done creating file .openshift/cron/minutely/poller"
+
+else
+
+echo "The poller already exists"
+
+fi
+
+####
+
+# Set permissions on the poller script to make it executable.
+
+echo "Now chmod 777 -R poller"
+
+chmod -R 777 ${OPENSHIFT_REPO_DIR}.openshift/cron/minutely/poller
+
+echo "chmod done, permissions set to 777 on poller script."
+
+####
+
+### echo "Check for the hot deploy marker at .openshift/markers/hot_deploy , if not created - create it"
+
+### if [ ! -f ${OPENSHIFT_REPO_DIR}.openshift/markers/hot_deploy ]; then
+
+### touch ${OPENSHIFT_REPO_DIR}.openshift/markers/hot_deploy
+
+### echo "Done creating file .openshift/markers/hot_deploy"
+
+### else
+
+### echo "The hot deploy marker already exists"
+
+### fi
+
+####
+
+# Hubzilla configuration - changes to default settings
+# to make Hubzilla on OpenShift a more pleasant experience 
+echo "Changing default configuration to conserve space and autocreate a social private channel upon account registration"
+cd ${OPENSHIFT_REPO_DIR}
+util/config system auto_channel_create
+util/config system default_permissions_role social_private
+util/config system workflow_channel_next channel
+util/config system expire_delivery_reports 3
+util/config system feed_contacts 0
+util/config system diaspora_enabled 0
+util/config system disable_discover_tab 1
+util/config directory safemode 0
+util/config directory globaldir 1
+util/config directory pubforums 0
+
+# Hubzill addons
+echo "Try to add or update Hubzilla addons"
+cd ${OPENSHIFT_REPO_DIR}
+util/add_addon_repo https://github.com/redmatrix/hubzilla-addons.git HubzillaAddons 
+
+# Hubzilla themes
+echo "Try to add or update Hubzilla themes"
+cd ${OPENSHIFT_REPO_DIR}
+util/add_theme_repo https://github.com/DeadSuperHero/hubzilla-themes.git DeadSuperHeroThemes 
+
+# Hubzilla ownMapp
+echo "Try to add or update Hubzilla ownMapp"
+cd ${OPENSHIFT_REPO_DIR}
+util/add_addon_repo https://gitlab.com/zot/ownmapp.git ownMapp
+
+# Hubzilla Chess
+echo "Try to add or update Hubzilla chess "
+cd ${OPENSHIFT_REPO_DIR}
+util/add_addon_repo https://gitlab.com/zot/hubzilla-chess.git Chess
+
+# Hubzilla Hubsites
+echo "Try to add or update Hubzilla Hubsites"
+cd ${OPENSHIFT_REPO_DIR}
+util/add_addon_repo https://gitlab.com/zot/hubsites.git Hubsites

.openshift/cron/README.cron

@@ -0,0 +1,27 @@
+Run scripts or jobs on a periodic basis
+=======================================
+Any scripts or jobs added to the minutely, hourly, daily, weekly or monthly
+directories will be run on a scheduled basis (frequency is as indicated by the
+name of the directory) using run-parts.
+
+run-parts ignores any files that are hidden or dotfiles (.*) or backup
+files (*~ or *,)  or named *.{rpmsave,rpmorig,rpmnew,swp,cfsaved}
+
+The presence of two specially named files jobs.deny and jobs.allow controls
+how run-parts executes your scripts/jobs.
+   jobs.deny  ===> Prevents specific scripts or jobs from being executed.
+   jobs.allow ===> Only execute the named scripts or jobs (all other/non-named
+                   scripts that exist in this directory are ignored).
+
+The principles of jobs.deny and jobs.allow are the same as those of cron.deny
+and cron.allow and are described in detail at: 
+   http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Automating_System_Tasks.html#s2-autotasks-cron-access
+
+See: man crontab or above link for more details and see the the weekly/
+     directory for an example.
+
+PLEASE NOTE: The Cron cartridge must be installed in order to run the configured jobs.
+
+For more information about cron, consult the documentation:
+http://openshift.github.io/documentation/oo_cartridge_guide.html#cron
+http://openshift.github.io/documentation/oo_user_guide.html#cron

.openshift/cron/weekly/README

@@ -0,0 +1,16 @@
+Run scripts or jobs on a weekly basis
+=====================================
+Any scripts or jobs added to this directory will be run on a scheduled basis
+(weekly) using run-parts.
+
+run-parts ignores any files that are hidden or dotfiles (.*) or backup
+files (*~ or *,)  or named *.{rpmsave,rpmorig,rpmnew,swp,cfsaved} and handles
+the files named jobs.deny and jobs.allow specially.
+
+In this specific example, the chronograph script is the only script or job file
+executed on a weekly basis (due to white-listing it in jobs.allow). And the
+README and chrono.dat file are ignored either as a result of being black-listed
+in jobs.deny or because they are NOT white-listed in the jobs.allow file.
+
+For more details, please see ../README.cron file.
+

.openshift/cron/weekly/chrono.dat

@@ -0,0 +1 @@
+Time And Relative D...n In Execution (Open)Shift!

.openshift/cron/weekly/chronograph

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "`date`: `cat $(dirname \"$0\")/chrono.dat`"

.openshift/cron/weekly/jobs.allow

@@ -0,0 +1,12 @@
+#
+#  Script or job files listed in here (one entry per line) will be
+#  executed on a weekly-basis.
+#
+#  Example: The chronograph script will be executed weekly but the README 
+#           and chrono.dat files in this directory will be ignored.
+#
+#           The README file is actually ignored due to the entry in the
+#           jobs.deny which is checked before jobs.allow (this file).
+#
+chronograph
+

.openshift/cron/weekly/jobs.deny

@@ -0,0 +1,7 @@
+#
+#  Any script or job files listed in here (one entry per line) will NOT be
+#  executed (read as ignored by run-parts).
+#
+
+README
+

.openshift/markers/README.md

@@ -0,0 +1,4 @@
+For information about markers, consult the documentation:
+
+http://openshift.github.io/documentation/oo_user_guide.html#markers
+http://openshift.github.io/documentation/oo_cartridge_guide.html#php-markers

.travis.yml

@@ -0,0 +1,46 @@
+# see http://about.travis-ci.org/docs/user/languages/php/ for more hints
+language: php
+
+# list any PHP version you want to test against
+php:
+  # using major version aliases
+
+  # aliased to a recent 5.4.x version
+  - 5.4
+  # aliased to a recent 5.5.x version
+  - 5.5
+  # aliased to a recent 5.6.x version
+  - 5.6
+  # aliased to a recent 7.x version
+  - 7.0
+  # aliased to a recent hhvm version
+  - hhvm
+
+# optionally specify a list of environments, for example to test different RDBMS
+#env:
+#  - DB=mysql
+#  - DB=pgsql
+
+# optionally set up exclutions and allowed failures in the matrix
+matrix:
+#  exclude:
+#    - php: hhvm
+#      env: DB=pgsql  # PDO driver for pgsql is unsupported by HHVM (3rd party install for support)
+  allow_failures:
+    - php: 7.0
+    - php: hhvm
+
+# execute any number of scripts before the test run, custom env's are available as variables
+#before_script:
+#  - if [[ "$DB" == "pgsql" ]]; then psql -c "DROP DATABASE IF EXISTS hello_world_test;" -U postgres; fi
+#  - if [[ "$DB" == "pgsql" ]]; then psql -c "create database hello_world_test;" -U postgres; fi
+#  - if [[ "$DB" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS hello_world_test;" -uroot; fi
+
+# omitting "script:" will default to phpunit
+# use the $DB env variable to determine the phpunit.xml to use
+script: phpunit  tests/*php
+
+# configure notifications (email, IRC, campfire etc)
+notifications:
+#  irc: "irc.freenode.org#yourfavouriteroomfortravis"
+# a plugin/script to post to a hubzilla channel would be neat here

CHANGELOG

@@ -0,0 +1,168 @@
+Hubzilla 1.4
+	[This list may appear brief, but encompasses a huge amount of re-writing and re-factoring
+	of the internal code structure to gain long-term performance and stability and provide a standard
+	interface to alternate protocol federation plugins which were made possible by the UNO configuration.
+	UNO is a configuration of hubzilla introduced in 1.3 with reduced complexity and which provides 
+	improved protocol federation potential to other networks by virtue of removing nomadic identity 
+	(which is not possible to model or work around using other network protocols).]  
+
+	Implement channel move operation for UNO configuration
+	Remove bookmark references in UNO (which has no bookmarks by default)
+	UI cleanup profiles/chat/manage
+	Refactor webfinger probes and salmon backend for GNU-social federation
+	SECURITY: DAV authentication exploit
+	Context help added
+	More help pages
+	Provide 'posts only' feed
+	Refactor App to remove globals
+	Refactor Session to remove globals
+	provide a fullscreen mode for selected modules and functions
+	Regression: some addon routes broken
+	fix "remember me"
+	Autocomplete tool extended to bbcode/comanche
+	Clone sync of file/photo updates
+	system rename (e.g. http to https or DNS name change) missing some connection photos
+	calendar module not blocked to public whhen block_public enabled
+	Use timeago.js in reshare content so that timestamps will be correct on federated reshares
+	Rework detection of JavaScript to avoid reload penalty under normal operation
+	Changed primary directory server to a hubzilla server
+	Plugins:
+		Diaspora - switch to alternate XML parser to avoid storing compound objects	
+		GNU-Social - Huge amounts of work, federation somewhat working now, several issues remain
+		Friendica - Initial federation work (not yet published)
+		
+Hubzilla 1.3
+	Admin Security configuration page created which consolidates several previously hidden settings:
+		Communication white/black lists
+		Channel white/black lists
+		OEmbed white/black lists
+	Admin Profile Fields page created which manages the availability and order of standard profile fields and allows new fields to be created/managed
+	"Poke" module reworked - page UI updated and "poke basic" setting introduced which limits the available poke "verbs".
+	"Mood" module UI reworked
+	"profile_photo" module UI reworked
+	"cover_photo" module UI reworked
+	"new_channel" module UI reworked
+	"register" module UI reworked
+	"pubsites" module UI reworked
+	item-meta ("iconfig") created which implements arbitrary storage for item metadata for plugins
+	abook-meta ("abconfig") created which implements arbitrary storage for connection metadata for plugins
+	"Strict transport security header" made optional as it conflicts with some existing Apache/nginx configurations 
+	"Hubzilla UNO" (Hubzilla with radically simplified and locked site settings) implemented as an install configuration. 
+	.well-known directory conflict worked out to support LetsEncrypt cert ownership checks without disrupting webfinger and other internal uses of .well-known
+	Lots of work on 'zcards' which are self-contained HTML representations of a channel including cover photos, profile photos, and some text information
+	Long standing bug uncovered which failed to properly restrict the lower time limit for public feed requests
+	A number of fixes to "readmore" to fix page jumping
+	Bugfix: persons other than the channel owner who have permission to upload photos to a channel could not do so if the js_upload plugin/addon was enabled
+	Siteinfo incorrectly identifying secondary directory servers
+	Allow admin to set and lock features when UNO is configured 
+	Atom feeds: alter how events are formatted to be compatible with GNU-social
+	Allow guest/visitor access to view personal calendar
+	Moved several more classes to "composer format" and provided an autoloader.
+	Bugfix: require existing password to change password
+	Bugfix: allow relative_date() to be translated to Polish which has more than two plural forms. 
+	Plugin API: add "requires" keyword to module header to indicate dependent addons
+	ActivityStreams improvements and cleanup: photo and file activities
+	UI cleanup for editing profile when multiple profiles enabled
+	Removed the "markdown" feature as there are numerous issues and no maintainer.
+	Provide "footer" bbcode to ease theming of post footer content
+	Bugfix: install issues caused by composer code refactor and typo in postgres load file 
+	Plugins:
+		keepout - "block public on steroids"
+		pubsubhubbub - provides PuSH support to Atom feeds, required for GNU-social federation
+		GNUsocial protocol - under development
+		Diaspora protocol - some work to ease migration to the new signing format
+		Diaspost - disabled; numerous issues and no maintainer
+		smileybutton - theme work and fixed compatibility with other jot-tools plugins
+		
+
+Hubzilla 1.2
+	Provide extra HTTP security headers (several of them).
+	Allow a site to disable delivery reports if disk space is limited
+	Regression: Wrong theme when viewing single post as non-member
+	Some Diaspora profile photos use relative URLs - force absolute
+	Add locked features to siteinfo report to aid remote debugging
+	Provide version compatibility checking to plugins (minversion, maxversion, and minphpversion)
+	Account config storage
+	Provide optional integrated registration and channel create form 
+	cli utility for managing addons
+	issue with sharing photo "items"
+	cover photo manager: upload, crop, and store
+	cover photo widget created
+	rework the connections list page and provide a few management features there
+	fixed issue with Comanche layout definitions loaded by plugins
+	provide ability to separate delivery functions from item_store() and item_store_update() - some forum messages were being redelivered when cloned.
+	call build_sync_packet() on pdledit changes
+	Abstract the project name and version so these can be customised or removed
+	Allow hiding the ratings links on a per-site basis
+	db_type not present in international setup templates - was unable to choose postgres.
+	item_photo_menu logically divided into a) actions on the post, b) actions related to the author
+	bug: default channel not reset to 0 when last channel removed
+	create widget containing only the contact block
+	regression: public forums granted send stream permissions to connections
+	workaround Firefox's refusal to honour disabling autocomplete of passwords
+	regression: photo's uploaded to a channel by a guest (with file write permissions) not saved correctly.
+	provide mechanisms for custom .well-known handlers (needed for LetsEncrypt ownership verification)
+	proc_run modified to use exec() instead of proc_open() - causing issues on some PHP installations
+	remote delegation failure under a specific set of circumstances which we were finally able to duplicate
+	Delegation section of Channel Manager was missing names and contained useless notification icons.
+	Change "expire" channel setting to show system limit if there is one. 
+	Regression: provide a one-click ignore of pending connection
+	Config to control directory keyword generation on client and server.
+	"Collections" renamed to "Privacy Groups", documentation improved
+	widget_item - allow use of page title instead of message id
+	Add site black/white list checking to all .well-known services
+	reduce incidents of screen jumping when "showmore" is activated
+	add oembed provider for photos
+
+	Addons:
+
+	CSS theming of pageheader plugin
+	xmpp addon ported from Friendica
+	Diaspora private mail issues after the third reply
+	Occasional issue with Diaspora connection requests
+	Add notification email to Diaspora PMs
+	Allow anonymising platform and version for statistics
+	msgfooter addon created
+	removed embedly plugin
+	sync clones after superblock addition
+	"keepout" plugin created
+
+
+Hubzilla 1.1
+
+	Rewrote and simplified the Queue manager and delivery system
+	Rewrote and simplified the outer layers of the Zot protocol
+	Use a standard version numbering scheme in addition to the snapshot tags
+	Provide a channel blacklist for blocking channels with abusive or illegal content at the hub level
+	Make the black/white lists pluggable
+	Update template library
+	Support for letsencrypt certs in various places
+	Cleanup of login and register pages
+	Better error responses for permission denied on channel file repositories
+	Disabled the public stream by default for new installs (can be enabled if desired)
+	Cleanup of API authentication and rework the old OAuth1 stuff
+	Add API "status with media" support compatible with Twitter and conflicting method for GNU-social
+	Rework photo ActivityStreams objects to align better with ActivityStreams producers/consumers
+	Several minor API fixes to work better with AndStatus client
+	Invitation only site - experimental support added, needs more work
+	Fix delivery loop condition due to corrupted data which resulted in recursive upstream delivery
+	Provide more support for external (git) widget collections.
+	Extend the Queue API to 3rd-party network addons which have experienced downtime recently.
+	Regression: Inherited permissions were not explicitly set
+	Regression: "Xyz posted on your wall" notification sent when creating webpages at another channel
+	Regression: Custom permissions not pre-populated on channel creation with named role.
+	Provide "Public" string when a post can be made public, instead of "visible to default audience"
+	Allow hub admin to specify a default role type for the first channel created, reducing complexity
+	Ability for a hub admin to set feature defaults and lock them, reducing complexity
+	Change default expiration of delivery reports to 10 days to accomodate sites with reduced resources
+	Addons/Plugins:
+		Pageheader addon ported from Friendica
+		Hubwall (allow admin to send email to all accounts on this hub) created
+		GNU-social - queueing added 
+		Diaspora - fixes for various failures to update profile photos, updates to queue API 
+		Cross Domain Authenticated Chess (Andrew Manning's repository)
+	
+	And... the normal "lots of bugs fixed, translations updated, and documentation improved" 
+	
+
+	

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2015 Hubzilla
+Copyright (c) 2010-2016 Hubzilla
 All rights reserved.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -1,25 +1,28 @@
+![Hubzilla](images/hubzilla-banner.png)
 
-Hubzilla
-========
+Hubzilla - Community Server
+===========================
 
-###Websites. Redefined.
+Connected and linked web communities. 
+-------------------------------------
 
+<p align="center" markdown="1">
+<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
+</p>
 
-![Hubzilla](images/ghash-32.png)
+**What are Hubz?**
 
-**What are Hubs?**
-
-Hubs are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
+Hubz are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
 This allows hub members on any hub to securely and privately share anything; with anybody, on any hub - anywhere; or share stuff publicly with anybody on the internet if desired. 
 
-**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache, although Mariadb or Postgres and Nginx could also be used - we're pretty easy). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
+**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache and popular variants). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
 
-Hubzilla hubs are
+Hubzilla hubz are
 
 * decentralised
 * inherently social
-* optionally inter-networked with other hubs
-* privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubs)
+* optionally inter-networked with other hubz
+* privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubz)
 
 Possible website applications include
 
@@ -37,6 +40,8 @@ Possible website applications include
 * dating websites
 * pretty much anything you can do on a traditional blog or community website, but that you could do better if you could easily connect it with other websites or privately share things across website boundaries. 
 
+<p align="center" markdown="1">
+<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
+</p>
 
-
-This project is under development and is not yet available for general use.  
+[![Build Status](https://travis-ci.org/redmatrix/hubzilla.svg)](https://travis-ci.org/redmatrix/hubzilla)

Zotlabs/Access/AccessList.php

@@ -0,0 +1,92 @@
+<?php
+
+namespace Zotlabs\Access;
+
+
+class AccessList {
+
+	private $allow_cid;
+	private $allow_gid;
+	private $deny_cid;
+	private $deny_gid;
+
+	/* indicates if we are using the default constructor values or values that have been set explicitly. */
+
+	private $explicit; 
+
+	function __construct($channel) {
+
+		if($channel) {		
+			$this->allow_cid = $channel['channel_allow_cid'];
+			$this->allow_gid = $channel['channel_allow_gid'];
+			$this->deny_cid  = $channel['channel_deny_cid'];
+			$this->deny_gid  = $channel['channel_deny_gid'];
+		}
+		else {
+			$this->allow_cid = '';
+			$this->allow_gid = '';
+			$this->deny_cid  = '';
+			$this->deny_gid  = '';
+		}
+
+		$this->explicit = false;
+	}
+
+	function get_explicit() {
+		return $this->explicit;
+	}
+
+	/**
+	 * Set AccessList from strings such as those in already
+	 * existing stored data items
+	 */
+
+	function set($arr,$explicit = true) {
+		$this->allow_cid = $arr['allow_cid'];
+		$this->allow_gid = $arr['allow_gid'];
+		$this->deny_cid  = $arr['deny_cid'];
+		$this->deny_gid  = $arr['deny_gid'];
+
+		$this->explicit = $explicit;
+	}
+
+	/**
+	 * return an array consisting of the current
+	 * access list components where the elements
+	 * are directly storable. 
+	 */
+
+	function get() {
+		return array(
+			'allow_cid' => $this->allow_cid,
+			'allow_gid' => $this->allow_gid,
+			'deny_cid'  => $this->deny_cid,
+			'deny_gid'  => $this->deny_gid,
+		);
+	}
+
+	/**
+	 * Set AccessList from arrays, such as those provided by
+	 * acl_selector(). For convenience, a string (or non-array) input is 
+	 * assumed to be a comma-separated list and auto-converted into an array. 
+	 */ 
+
+	function set_from_array($arr,$explicit = true) {
+		$this->allow_cid = perms2str((is_array($arr['contact_allow'])) 
+			? $arr['contact_allow'] : explode(',',$arr['contact_allow']));
+		$this->allow_gid = perms2str((is_array($arr['group_allow']))
+			? $arr['group_allow'] : explode(',',$arr['group_allow']));
+		$this->deny_cid  = perms2str((is_array($arr['contact_deny']))
+			? $arr['contact_deny'] : explode(',',$arr['contact_deny']));
+		$this->deny_gid  = perms2str((is_array($arr['group_deny']))
+			? $arr['group_deny'] : explode(',',$arr['group_deny']));
+
+		$this->explicit = $explicit;
+	}
+
+	function is_private() {
+		return (($this->allow_cid || $this->allow_gid || $this->deny_cid || $this->deny_gid) ? true : false);
+	}
+
+}
+

Zotlabs/Identity/BasicId.php

@@ -0,0 +1,18 @@
+<?php
+
+namespace Zotlabs\Identity\BasicId;
+
+class BasicId {
+
+	private $name;
+	private $profile_photo;
+	private $profile_url;
+	private $address;
+	private $protocol;
+
+
+
+
+
+}
+

Zotlabs/Identity/ProfilePhoto.php

@@ -0,0 +1,16 @@
+<?php
+namespace Zotlabs\Identity\ProfilePhoto;
+
+class ProfilePhoto {
+
+	private $photo_large_url;
+	private $photo_medium_url;
+	private $photo_small_url;
+	private $photo_mimetype;
+	private $photo_updated;
+
+
+
+
+}
+

Zotlabs/Project/System.php

@@ -0,0 +1,63 @@
+<?php
+
+namespace Zotlabs\Project;
+
+class System {
+
+	function get_platform_name() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['platform_name'])
+			return \App::$config['system']['platform_name'];
+		return PLATFORM_NAME;
+	}
+
+	function get_site_name() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['sitename'])
+			return \App::$config['system']['sitename'];
+		return '';
+	}
+
+	function get_project_version() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
+			return '';
+		return RED_VERSION;
+	}
+
+	function get_update_version() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
+			return '';
+		return DB_UPDATE_VERSION;
+	}
+
+
+	function get_notify_icon() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
+			return \App::$config['system']['email_notify_icon_url'];
+		return z_root() . '/images/hz-white-32.png';
+	}
+
+	function get_site_icon() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
+			return \App::$config['system']['site_icon_url'];
+		return z_root() . '/images/hz-32.png';
+	}
+
+
+	function get_server_role() {
+		if(UNO)
+			return 'basic';
+		return 'advanced';
+	}
+
+	// return the standardised version. Since we can't easily compare
+	// before the STD_VERSION definition was applied, we have to treat 
+	// all prior release versions the same. You can dig through them
+	// with other means (such as RED_VERSION) if necessary. 
+
+	function get_std_version() {
+		if(defined('STD_VERSION'))
+			return STD_VERSION;
+		return '0.0.0';
+	}
+
+
+}

Zotlabs/Storage/BasicAuth.php

@@ -1,11 +1,11 @@
 <?php
 
-namespace RedMatrix\RedDAV;
+namespace Zotlabs\Storage;
 
 use Sabre\DAV;
 
 /**
- * @brief Authentication backend class for RedDAV.
+ * @brief Authentication backend class for DAV.
  *
  * This class also contains some data which is not necessary for authentication
  * like timezone settings.
@@ -15,7 +15,7 @@ use Sabre\DAV;
  * @link http://github.com/friendica/red
  * @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
  */
-class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic {
+class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 
 	/**
 	 * @brief This variable holds the currently logged-in channel_address.
@@ -45,18 +45,18 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	public $observer = '';
 	/**
 	 *
-	 * @see RedBrowser::set_writeable()
+	 * @see Browser::set_writeable()
 	 * @var \Sabre\DAV\Browser\Plugin
 	 */
 	public $browser;
 	/**
-	 * channel_id of the current visited path. Set in RedDirectory::getDir().
+	 * channel_id of the current visited path. Set in Directory::getDir().
 	 *
 	 * @var int
 	 */
 	public $owner_id = 0;
 	/**
-	 * channel_name of the current visited path. Set in RedDirectory::getDir().
+	 * channel_name of the current visited path. Set in Directory::getDir().
 	 *
 	 * Used for creating the path in cloud/
 	 *
@@ -110,7 +110,7 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic {
 			if ($x) {
 				// @fixme this foreach should not be needed?
 				foreach ($x as $record) {
-					if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
 						return $this->setAuthenticated($r[0]);
@@ -197,7 +197,7 @@ class RedBasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	}
 
 	/**
-	 * @brief Prints out all RedBasicAuth variables to logger().
+	 * @brief Prints out all BasicAuth variables to logger().
 	 *
 	 * @return void
 	 */

Zotlabs/Storage/Browser.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace RedMatrix\RedDAV;
+namespace Zotlabs\Storage;
 
 use Sabre\DAV;
 
@@ -15,7 +15,7 @@ use Sabre\DAV;
  * @link http://github.com/friendica/red
  * @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
  */
-class RedBrowser extends DAV\Browser\Plugin {
+class Browser extends DAV\Browser\Plugin {
 
 	/**
 	 * @see set_writeable()
@@ -188,7 +188,7 @@ class RedBrowser extends DAV\Browser\Plugin {
 
 			$parentHash = '';
 			$owner = $this->auth->owner_id;
-			$splitPath = split('/', $fullPath);
+			$splitPath = explode('/', $fullPath);
 			if (count($splitPath) > 3) {
 				for ($i = 3; $i < count($splitPath); $i++) {
 					$attachName = urldecode($splitPath[$i]);
@@ -217,31 +217,6 @@ class RedBrowser extends DAV\Browser\Plugin {
 			$f[] = $ft;
 		}
 
-		// Storage and quota for the account (all channels of the owner of this directory)!
-		$limit = service_class_fetch($owner, 'attach_upload_limit');
-		$r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d",
-			intval($this->auth->channel_account_id)
-		);
-		$used = $r[0]['total'];
-		if ($used) {
-			$quotaDesc = t('%1$s used');
-			$quotaDesc = sprintf($quotaDesc,
-				userReadableSize($used));
-		}
-		if ($limit && $used) {
-			$quotaDesc = t('%1$s used of %2$s (%3$s&#37;)');
-			$quotaDesc = sprintf($quotaDesc,
-				userReadableSize($used),
-				userReadableSize($limit),
-				round($used / $limit, 1));
-		}
-
-		// prepare quota for template
-		$quota = array();
-		$quota['used'] = $used;
-		$quota['limit'] = $limit;
-		$quota['desc'] = $quotaDesc;
-
 		$output = '';
 		if ($this->enablePost) {
 			$this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output));
@@ -249,7 +224,6 @@ class RedBrowser extends DAV\Browser\Plugin {
 
 		$html .= replace_macros(get_markup_template('cloud.tpl'), array(
 				'$header' => t('Files') . ": " . $this->escapeHTML($path) . "/",
-				'$quota' => $quota,
 				'$total' => t('Total'),
 				'$actionspanel' => $output,
 				'$shared' => t('Shared'),
@@ -269,7 +243,7 @@ class RedBrowser extends DAV\Browser\Plugin {
 			));
 
 		$a = get_app();
-		$a->page['content'] = $html;
+		\App::$page['content'] = $html;
 		load_pdl($a);
 
 		$theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";
@@ -298,11 +272,38 @@ class RedBrowser extends DAV\Browser\Plugin {
 		if (get_class($node) === 'Sabre\\DAV\\SimpleCollection')
 			return;
 
+		// Storage and quota for the account (all channels of the owner of this directory)!
+		$limit = service_class_fetch($owner, 'attach_upload_limit');
+		$r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d",
+			intval($this->auth->channel_account_id)
+		);
+		$used = $r[0]['total'];
+		if ($used) {
+			$quotaDesc = t('You are using %1$s of your available file storage.');
+			$quotaDesc = sprintf($quotaDesc,
+				userReadableSize($used));
+		}
+		if ($limit && $used) {
+			$quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s&#37;)');
+			$quotaDesc = sprintf($quotaDesc,
+				userReadableSize($used),
+				userReadableSize($limit),
+				round($used / $limit, 1) * 100);
+		}
+
+		// prepare quota for template
+		$quota = array();
+		$quota['used'] = $used;
+		$quota['limit'] = $limit;
+		$quota['desc'] = $quotaDesc;
+		$quota['warning'] = ((($limit) && ((round($used / $limit, 1) * 100) >= 90)) ? t('WARNING:') : ''); // 10485760 bytes = 100MB
+
 		$output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array(
 				'$folder_header' => t('Create new folder'),
 				'$folder_submit' => t('Create'),
 				'$upload_header' => t('Upload file'),
-				'$upload_submit' => t('Upload')
+				'$upload_submit' => t('Upload'),
+				'$quota' => $quota
 			));
 	}
 

Zotlabs/Storage/Directory.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace RedMatrix\RedDAV;
+namespace Zotlabs\Storage;
 
 use Sabre\DAV;
 
@@ -16,7 +16,7 @@ use Sabre\DAV;
  * @link http://github.com/friendica/red
  * @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
  */
-class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
+class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 	/**
 	 * @brief The path inside /cloud
@@ -53,7 +53,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 		logger('directory ' . $ext_path, LOGGER_DATA);
 		$this->ext_path = $ext_path;
 		// remove "/cloud" from the beginning of the path
-		$modulename = get_app()->module; 
+		$modulename = \App::$module; 
 		$this->red_path = ((strpos($ext_path, '/' . $modulename) === 0) ? substr($ext_path, strlen($modulename) + 1) : $ext_path);
 		if (! $this->red_path) {
 			$this->red_path = '/';
@@ -114,9 +114,9 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			throw new DAV\Exception\Forbidden('Permission denied.');
 		}
 
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 		if ($this->red_path === '/' && $name === $modulename) {
-			return new RedDirectory('/' . $modulename, $this->auth);
+			return new Directory('/' . $modulename, $this->auth);
 		}
 
 		$x = RedFileData($this->ext_path . '/' . $name, $this->auth);
@@ -168,6 +168,14 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			intval($this->auth->owner_id)
 		);
 
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
 		$this->red_path = $new_path;
 	}
 
@@ -251,7 +259,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			intval($filesize),
 			intval(0),
 			intval($is_photo),
-			dbesc($this->os_path . '/' . $hash),
+			dbesc($f),
 			dbesc(datetime_convert()),
 			dbesc(datetime_convert()),
 			dbesc($allow_cid),
@@ -332,9 +340,15 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 			require_once('include/photos.php');
 			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct);
-			$p = photo_upload($c[0],get_app()->get_observer(),$args);
+			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
+		$sync = attach_export_data($c[0],$hash);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
+
 	}
 
 	/**
@@ -356,12 +370,49 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		if ($r) {
 			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash));
-			if (! $result['success']) {
+
+			if($result['success']) {
+				$sync = attach_export_data($r[0],$ret['data']['hash']);
+				if($sync) {
+					build_sync_packet($r[0]['channel_id'],array('file' => array($sync)));
+				}
+			}
+			else {		
 				logger('error ' . print_r($result, true), LOGGER_DEBUG);
 			}
 		}
 	}
 
+	/**
+	 * @brief delete directory
+	 */
+
+	public function delete() {
+		logger('delete file ' . basename($this->red_path), LOGGER_DEBUG);
+
+		if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) {
+			throw new DAV\Exception\Forbidden('Permission denied.');
+		}
+
+		if ($this->auth->owner_id !== $this->auth->channel_id) {
+			if (($this->auth->observer !== $this->data['creator']) || intval($this->data['is_dir'])) {
+				throw new DAV\Exception\Forbidden('Permission denied.');
+			}
+		}
+
+		attach_delete($this->auth->owner_id, $this->folder_hash);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash,true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
+
+	}
+
+
 	/**
 	 * @brief Checks if a child exists.
 	 *
@@ -372,7 +423,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 	public function childExists($name) {
 		// On /cloud we show a list of available channels.
 		// @todo what happens if no channels are available?
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 		if ($this->red_path === '/' && $name === $modulename) {
 			//logger('We are at ' $modulename . ' show a channel list', LOGGER_DEBUG);
 			return true;
@@ -396,7 +447,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		logger('GetDir: ' . $this->ext_path, LOGGER_DEBUG);
 		$this->auth->log();
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 
 		$file = $this->ext_path;
 

Zotlabs/Storage/File.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace RedMatrix\RedDAV;
+namespace Zotlabs\Storage;
 
 use Sabre\DAV;
 
@@ -15,7 +15,7 @@ use Sabre\DAV;
  * @link http://github.com/friendica/red
  * @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
  */
-class RedFile extends DAV\Node implements DAV\IFile {
+class File extends DAV\Node implements DAV\IFile {
 
 	/**
 	 * The file from attach table.
@@ -84,6 +84,20 @@ class RedFile extends DAV\Node implements DAV\IFile {
 			dbesc($this->data['hash']),
 			intval($this->data['id'])
 		);
+
+		if($this->data->is_photo) {
+			$r = q("update photo set filename = '%s' where resource_id = '%s' and uid = %d",
+				dbesc($newName),
+				dbesc($this->data['hash']),
+				intval($this->auth->owner_id)
+			);
+		}
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash']);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 
 	/**
@@ -126,7 +140,11 @@ class RedFile extends DAV\Node implements DAV\IFile {
 						}
 					}	
 					$fname = dbunescbin($d[0]['data']);
-					$f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : '');
+					if(strpos($fname,'store') === false)
+						$f = 'store/' . $this->auth->owner_nick . '/' . $fname ;
+					else
+						$f = $fname;
+
 					// @todo check return value and set $size directly
 					@file_put_contents($f, $data);
 					$size = @filesize($f);
@@ -169,7 +187,7 @@ class RedFile extends DAV\Node implements DAV\IFile {
 		if($is_photo) {
 			require_once('include/photos.php');
 			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct );
-			$p = photo_upload($c[0],get_app()->get_observer(),$args);
+			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
 		// update the folder's lastmodified timestamp
@@ -201,6 +219,12 @@ class RedFile extends DAV\Node implements DAV\IFile {
 				return;
 			}
 		}
+
+		$sync = attach_export_data($c[0],$this->data['hash']);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
 	}
 
 	/**
@@ -226,7 +250,11 @@ class RedFile extends DAV\Node implements DAV\IFile {
 			}
 
 			if (intval($r[0]['os_storage'])) {
-				$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . dbunescbin($r[0]['data']);
+				$x = dbunescbin($r[0]['data']);
+				if(strpos($x,'store') === false)
+					$f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $x;
+				else
+					$f = $x;
 				return fopen($f, 'rb');
 			}
 			return dbunescbin($r[0]['data']);
@@ -310,5 +338,12 @@ class RedFile extends DAV\Node implements DAV\IFile {
 		}
 
 		attach_delete($this->auth->owner_id, $this->data['hash']);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash'],true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 }

Zotlabs/Web/CheckJS.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class CheckJS {
+
+	private static $jsdisabled = 0;
+
+	function __construct($test = 0) {
+		if(intval($_REQUEST['jsdisabled']))
+			$this->jsdisabled = 1;
+		if(intval($_COOKIE['jsdisabled']))
+			$this->jsdisabled = 1;
+
+		if(! $this->jsdisabled) {
+			$page = urlencode(\App::$query_string);
+
+			if($test) {
+				\App::$page['htmlhead'] .= "\r\n" . '<meta http-equiv="refresh" content="0; url=' . z_root() . '/nojs?f=&redir=' . $page . '">' . "\r\n";
+			}
+			else {
+				\App::$page['htmlhead'] .= "\r\n" . '<noscript><meta http-equiv="refresh" content="0; url=' . z_root() . '/nojs?f=&redir=' . $page . '"></noscript>' . "\r\n";
+			}
+		}
+
+	}
+
+	function disabled() {
+		return self::$jsdisabled;
+	}
+
+
+}
+
+

Zotlabs/Web/HttpMeta.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class HttpMeta {
+
+	private $vars = null;
+	private $og = null;
+
+	function __construct() {
+
+		$this->vars = array();
+		$this->og = array();
+
+	}
+
+	function set($property,$value) {
+		if(strpos($property,'og:') === 0)
+			$this->og[$property] = $value;
+		else
+			$this->vars[$property] = $value;
+	}
+
+	function check_required() {
+		if(
+			($this->og) 
+			&& array_key_exists('og:title',$this->og) 
+			&& array_key_exists('og:type', $this->og) 
+			&& array_key_exists('og:image',$this->og) 
+			&& array_key_exists('og:url',  $this->og)
+		)
+			return true;
+		return false;
+	}
+
+	function get_field($field) {
+		if(strpos($field,'og:') === 0)
+			$arr = $this->og;
+		else
+			$arr = $this->vars;
+
+		if($arr && array_key_exists($field,$arr) && $arr[$field])
+			return $arr[$field];
+		return false;
+	}
+
+
+	function get() {
+		$o = '';
+		if($this->vars) {
+			foreach($this->vars as $k => $v) {
+				$o .= '<meta property="' . $k . '" content="' . urlencode($v) . '" />' . "\r\n" ;
+			}
+		}
+		if($this->check_required()) {
+			foreach($this->og as $k => $v) {
+				$o .= '<meta property="' . $k . '" content="' . urlencode($v) . '" />' . "\r\n" ;
+			}
+		}
+		if($o)
+			return "\r\n" . $o;
+		return $o;
+	}
+
+}

Zotlabs/Web/Router.php

@@ -0,0 +1,203 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class Router {
+
+	function __construct(&$a) {
+
+		/**
+		 *
+		 * We have already parsed the server path into App::$argc and App::$argv
+		 *
+		 * App::$argv[0] is our module name. We will load the file mod/{App::$argv[0]}.php
+		 * and use it for handling our URL request.
+		 * The module file contains a few functions that we call in various circumstances
+		 * and in the following order:
+		 *
+		 * "module"_init
+		 * "module"_post (only called if there are $_POST variables)
+		 * "module"_content - the string return of this function contains our page body
+		 *
+		 * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
+		 * so within the module init and/or post functions and then invoke killme() to terminate
+		 * further processing.
+		 */
+
+		$module = \App::$module;
+
+		if(strlen($module)) {
+
+			/**
+			 *
+			 * We will always have a module name.
+			 * First see if we have a plugin which is masquerading as a module.
+			 *
+			 */
+
+			if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
+				include_once("addon/{$module}/{$module}.php");
+				if(function_exists($module . '_module'))
+					\App::$module_loaded = true;
+			}
+
+			if((strpos($module,'admin') === 0) && (! is_site_admin())) {
+				\App::$module_loaded = false;
+				notice( t('Permission denied.') . EOL);
+				goaway(z_root());
+			}
+
+			/**
+			 * If the site has a custom module to over-ride the standard module, use it.
+			 * Otherwise, look for the standard program module in the 'mod' directory
+			 */
+
+			if(! (\App::$module_loaded)) {
+				if(file_exists("mod/site/{$module}.php")) {
+					include_once("mod/site/{$module}.php");
+					\App::$module_loaded = true;
+				}
+				elseif(file_exists("mod/{$module}.php")) {
+					include_once("mod/{$module}.php");
+					\App::$module_loaded = true;
+				}
+				else logger("mod/{$module}.php not found.");
+			}
+
+
+			/**
+			 * This provides a place for plugins to register module handlers which don't otherwise exist on the system.
+			 * If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if
+			 * there is no specific module file or matching plugin name.
+			 * The plugin should catch at least one of the module hooks for this URL. 
+			 */
+
+			$x = array('module' => $module, 'installed' => false);
+			call_hooks('module_loaded', $x);
+			if($x['installed'])
+				\App::$module_loaded = true;
+
+			/**
+			 * The URL provided does not resolve to a valid module.
+			 *
+			 * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
+			 * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
+			 * we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
+			 * this will often succeed and eventually do the right thing.
+			 *
+			 * Otherwise we are going to emit a 404 not found.
+	 		 */
+
+			if(! (\App::$module_loaded)) {
+
+				// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
+				if((x($_SERVER, 'QUERY_STRING')) && preg_match('/{[0-9]}/', $_SERVER['QUERY_STRING']) !== 0) {
+					killme();
+				}
+
+				if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && \App::$config['system']['dreamhost_error_hack']) {
+					logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
+					goaway(z_root() . $_SERVER['REQUEST_URI']);
+				}
+
+				logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
+				header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
+				$tpl = get_markup_template('404.tpl');
+				\App::$page['content'] = replace_macros($tpl, array(
+						'$message' => t('Page not found.')
+				));
+
+				// pretend this is a module so it will initialise the theme
+				\App::$module = '404';
+				\App::$module_loaded = true;
+			}
+		}
+	}
+
+
+	function Dispatch(&$a) {
+
+		/**
+		 * Call module functions
+		 */
+
+		if(\App::$module_loaded) {
+			\App::$page['page_title'] = \App::$module;
+			$placeholder = '';
+
+			/**
+			 * No theme has been specified when calling the module_init functions
+			 * For this reason, please restrict the use of templates to those which
+			 * do not provide any presentation details - as themes will not be able
+			 * to over-ride them.
+			 */
+
+			if(function_exists(\App::$module . '_init')) {
+				$arr = array('init' => true, 'replace' => false);		
+				call_hooks(\App::$module . '_mod_init', $arr);
+				if(! $arr['replace']) {
+					$func = \App::$module . '_init';
+					$func($a);
+				}
+			}
+
+			/**
+			 * Do all theme initialiasion here before calling any additional module functions.
+			 * The module_init function may have changed the theme.
+			 * Additionally any page with a Comanche template may alter the theme.
+			 * So we'll check for those now.
+			 */
+
+
+			/**
+			 * In case a page has overloaded a module, see if we already have a layout defined
+			 * otherwise, if a PDL file exists for this module, use it
+			 * The member may have also created a customised PDL that's stored in the config
+			 */
+
+			load_pdl($a);
+
+			/**
+		 	 * load current theme info
+		 	 */
+
+			$theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
+			if (file_exists($theme_info_file)){
+				require_once($theme_info_file);
+			}
+
+			if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
+				$func = str_replace('-', '_', current_theme()) . '_init';
+				$func($a);
+			}
+			elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) {
+				require_once('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php');
+				if(function_exists(str_replace('-', '_', \App::$theme_info['extends']) . '_init')) {
+					$func = str_replace('-', '_', \App::$theme_info['extends']) . '_init';
+					$func($a);
+				}
+			}
+
+			if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error)
+				&& (function_exists(\App::$module . '_post'))
+				&& (! x($_POST, 'auth-params'))) {		
+				call_hooks(\App::$module . '_mod_post', $_POST);
+				$func = \App::$module . '_post';
+				$func($a);
+			}
+
+			if((! \App::$error) && (function_exists(\App::$module . '_content'))) {
+				$arr = array('content' => \App::$page['content'], 'replace' => false);
+				call_hooks(\App::$module . '_mod_content', $arr);
+				\App::$page['content'] = $arr['content'];
+				if(! $arr['replace']) {
+					$func = \App::$module . '_content';
+					$arr = array('content' => $func($a));
+				}
+				call_hooks(\App::$module . '_mod_aftercontent', $arr);
+				\App::$page['content'] .= $arr['content'];
+			}
+		}
+	}
+}

Zotlabs/Web/Session.php

@@ -0,0 +1,160 @@
+<?php
+
+namespace Zotlabs\Web;
+
+/**
+ *
+ * @brief This file includes session related functions.
+ *
+ * Session management functions. These provide database storage of PHP
+ * session info.
+ */
+
+
+class Session {
+
+	private static $handler = null;
+	private static $session_started = false;
+
+	function init() {
+
+		$gc_probability = 50;
+
+		ini_set('session.gc_probability', $gc_probability);
+		ini_set('session.use_only_cookies', 1);
+		ini_set('session.cookie_httponly', 1);
+	
+		/*
+		 * Set our session storage functions.
+		 */
+
+		$handler = new \Zotlabs\Web\SessionHandler();
+		self::$handler = $handler;
+
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+
+		// Force cookies to be secure (https only) if this site is SSL enabled. 
+		// Must be done before session_start().
+
+		$arr = session_get_cookie_params();
+		session_set_cookie_params(
+			((isset($arr['lifetime']))   ? $arr['lifetime'] : 0),
+			((isset($arr['path']))      ? $arr['path']     : '/'),
+			((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
+			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+			((isset($arr['httponly']))  ? $arr['httponly'] : true)
+		);
+	}
+
+	function start() {
+		session_start();
+		self::$session_started = true;
+	}
+
+	/**
+	 * @brief Resets the current session.
+	 *
+	 * @return void
+	 */
+
+	function nuke() {
+		self::new_cookie(0); // 0 means delete on browser exit
+		if($_SESSION && count($_SESSION)) {
+			foreach($_SESSION as $k => $v) {
+				unset($_SESSION[$k]);
+			}
+		}
+	}
+
+	function new_cookie($xtime) {
+
+		$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
+
+		$old_sid = session_id();
+
+		if(self::$handler && self::$session_started) {
+			session_regenerate_id(true);
+
+			// force SessionHandler record creation with the new session_id
+			// which occurs as a side effect of read()
+
+			self::$handler->read(session_id());
+		}
+		else 
+			logger('no session handler');
+
+		if (x($_COOKIE, 'jsdisabled')) {
+			setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
+		}
+		setcookie(session_name(),session_id(),$newxtime);
+
+		$arr = array('expire' => $xtime);
+		call_hooks('new_cookie', $arr);
+
+	}
+
+	function extend_cookie() {
+
+		// if there's a long-term cookie, extend it
+
+		$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
+
+		if($xtime)
+			setcookie(session_name(),session_id(),(time() + $xtime));
+		$arr = array('expire' => $xtime);
+		call_hooks('extend_cookie', $arr);
+
+	}
+
+
+	function return_check() {
+
+		// check a returning visitor against IP changes.
+		// If the change results in being blocked from re-entry with the current cookie
+		// nuke the session and logout.
+		// Returning at all indicates the session is still valid.
+
+		// first check if we're enforcing that sessions can't change IP address
+		// @todo what to do with IPv6 addresses
+
+		if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
+			logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+
+			$partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); 
+			$partial2 = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], '.')); 
+
+			$paranoia = intval(get_pconfig($_SESSION['uid'], 'system', 'paranoia'));
+
+			if(! $paranoia)
+				$paranoia = intval(get_config('system', 'paranoia'));
+
+			switch($paranoia) {
+				case 0:
+					// no IP checking
+					break;
+				case 2:
+					// check 2 octets
+					$partial1 = substr($partial1, 0, strrpos($partial1, '.'));
+					$partial2 = substr($partial2, 0, strrpos($partial2, '.'));
+					if($partial1 == $partial2)
+						break;
+				case 1:
+					// check 3 octets
+					if($partial1 == $partial2)
+						break;
+				case 3:
+				default:
+					// check any difference at all
+					logger('Session address changed. Paranoid setting in effect, blocking session. '
+					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+					self::nuke();
+					goaway(z_root());
+					break;
+			}
+		}
+		return true;
+	}
+
+}

Zotlabs/Web/SessionHandler.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionHandler implements \SessionHandlerInterface {
+
+
+	function open ($s, $n) {
+		return true;
+	}
+
+	// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
+	// We rely on this due to differing PHP implementation of session_regenerate_id()
+	// some which call read explicitly and some that do not. So we call it explicitly
+	// just after sid regeneration to force a record to exist.
+
+	function read ($id) {
+
+		if($id) {
+			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+
+			if($r) {
+				return $r[0]['data'];
+			}
+			else {
+				q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
+					dbesc($id),
+					dbesc(time() + 300)
+				);
+			}
+		}
+
+		return '';
+	}
+
+
+	function write ($id, $data) {
+
+		if(! $id || ! $data) {
+			return false;
+		}
+
+		// Unless we authenticate somehow, only keep a session for 5 minutes
+		// The viewer can extend this by performing any web action using the
+		// original cookie, but this allows us to cleanup the hundreds or 
+		// thousands of empty sessions left around from web crawlers which are
+		// assigned cookies on each page that they never use. 
+
+		$expire = time() + 300;
+
+		if($_SESSION) {
+			if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+				$expire = time() + (60 * 60 * 24 * 365);
+			elseif(local_channel())
+				$expire = time() + (60 * 60 * 24 * 3);
+			elseif(remote_channel())
+				$expire = time() + (60 * 60 * 24 * 1);
+		}
+
+		q("UPDATE `session`
+			SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+			dbesc($data),
+			dbesc($expire),
+			dbesc($id)
+		);
+
+		return true;
+	}
+
+	
+	function close() {
+		return true;
+	}
+
+
+	function destroy ($id) {
+		q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
+		return true;
+	}
+
+
+	function gc($expire) {
+		q("DELETE FROM session WHERE expire < %d", dbesc(time()));
+		return true;
+	}
+
+}

Zotlabs/Zot/Auth.php

@@ -0,0 +1,345 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+class Auth {
+
+	protected $test;
+	protected $test_results;
+	protected $debug_msg;
+
+	protected $address;
+	protected $desturl;
+	protected $sec;
+	protected $version;
+	protected $delegate;
+	protected $success;
+	protected $delegate_success;
+
+	protected $remote;
+	protected $remote_service_class;
+	protected $remote_level;
+	protected $remote_hub;
+	protected $dnt;
+
+	function __construct($req) {
+
+
+		$this->test         = ((array_key_exists('test',$req)) ? intval($req['test']) : 0);
+		$this->test_results = array('success' => false);
+		$this->debug_msg    = '';
+
+		$this->success   = false;
+		$this->address   = $req['auth'];
+		$this->desturl   = $req['dest'];
+		$this->sec       = $req['sec'];
+		$this->version   = $req['version'];
+		$this->delegate  = $req['delegate'];
+
+		$c = get_sys_channel();
+		if(! $c) {
+			logger('unable to obtain response (sys) channel');
+			$this->Debug('no local channels found.');
+			$this->Finalise();
+		}
+
+		$x = $this->GetHublocs($this->address);
+
+		if($x) {
+			foreach($x as $xx) {
+				if($this->Verify($c,$xx))
+					break;
+			}
+		}
+
+		/**
+		 * @FIXME we really want to save the return_url in the session before we
+		 * visit rmagic. This does however prevent a recursion if you visit
+		 * rmagic directly, as it would otherwise send you back here again.
+		 * But z_root() probably isn't where you really want to go.
+		 */
+
+		if(strstr($this->desturl,z_root() . '/rmagic'))
+			goaway(z_root());
+
+		$this->Finalise();	
+
+	}
+
+	function GetHublocs($address) {
+
+		// Try and find a hubloc for the person attempting to auth.
+		// Since we're matching by address, we have to return all entries
+		// some of which may be from re-installed hubs; and we'll need to 
+		// try each sequentially to see if one can pass the test
+
+		$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash 
+			where hubloc_addr = '%s' order by hubloc_id desc",
+			dbesc($address)
+		);
+
+		if(! $x) {
+			// finger them if they can't be found.
+			$ret = zot_finger($address, null);
+			if ($ret['success']) {
+				$j = json_decode($ret['body'], true);
+				if($j)
+					import_xchan($j);
+				$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash 
+					where hubloc_addr = '%s' order by hubloc_id desc",
+					dbesc($address)
+				);
+			}
+		}
+		if(! $x) {
+			logger('mod_zot: auth: unable to finger ' . $address);
+			$this->Debug('no hubloc found for ' . $address . ' and probing failed.');
+			$this->Finalise();
+		}
+
+		return $x;
+	}
+
+
+	function Verify($channel,$hubloc) {
+
+		logger('auth request received from ' . $hubloc['hubloc_addr'] );
+
+		$this->remote               = remote_channel();
+		$this->remote_service_class = '';
+		$this->remote_level         = 0;
+		$this->remote_hub           = $hubloc['hubloc_url'];
+		$this->dnt                  = 0;
+
+		// check credentials and access
+
+		// If they are already authenticated and haven't changed credentials,
+		// we can save an expensive network round trip and improve performance.
+
+		// Also check that they are coming from the same site as they authenticated with originally.
+
+		$already_authed = (((remote_channel()) && ($hubloc['hubloc_hash'] == remote_channel()) 
+			&& ($hubloc['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
+	
+		if($this->delegate && $this->delegate !== $_SESSION['delegate_channel'])
+			$already_authed = false;
+
+		if($already_authed)
+			return true;
+
+		if(local_channel()) {
+
+			// tell them to logout if they're logged in locally as anything but the target remote account
+			// in which case just shut up because they don't need to be doing this at all.
+
+			if (\App::$channel['channel_hash'] == $hubloc['xchan_hash']) {
+				return true;
+			}
+			else {
+				logger('already authenticated locally as somebody else.');
+				notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
+				if($this->test) {
+					$this->Debug('already logged in locally with a conflicting identity.');
+					return false;
+				}
+			}
+			return false;
+		}
+
+		// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the 
+		// site private key
+		// The actual channel sending the packet ($c[0]) is not important, but this provides a 
+		// generic zot packet with a sender which can be verified
+
+		$p = zot_build_packet($channel,$type = 'auth_check', 
+			array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), 
+			$hubloc['hubloc_sitekey'], $this->sec);
+
+		$this->Debug('auth check packet created using sitekey ' . $hubloc['hubloc_sitekey']);
+		$this->Debug('packet contents: ' . $p);
+
+		$result = zot_zot($hubloc['hubloc_callback'],$p);
+		if(! $result['success']) {
+			logger('auth_check callback failed.');
+			if($this->test)
+				$this->Debug('auth check request to your site returned .' . print_r($result, true));
+			return false;
+		}
+
+		$j = json_decode($result['body'], true);
+		if(! $j) {
+			logger('auth_check json data malformed.');
+			if($this->test)
+				$this->Debug('json malformed: ' . $result['body']);
+			return false;
+		}
+
+		$this->Debug('auth check request returned .' . print_r($j, true));
+
+		if(! $j['success']) 
+			return false;
+
+		// legit response, but we do need to check that this wasn't answered by a man-in-middle
+
+		if (! rsa_verify($this->sec . $hubloc['xchan_hash'],base64url_decode($j['confirm']),$hubloc['xchan_pubkey'])) {
+			logger('final confirmation failed.');
+			if($this->test)
+				$this->Debug('final confirmation failed. ' . $sec . print_r($j,true) . print_r($hubloc,true));
+			return false;
+		}
+
+		if (array_key_exists('service_class',$j))
+			$this->remote_service_class = $j['service_class'];
+		if (array_key_exists('level',$j))
+			$this->remote_level = $j['level'];
+		if (array_key_exists('DNT',$j))
+			$this->dnt = $j['DNT'];
+
+
+		// log them in
+
+		if ($this->test) {
+			// testing only - return the success result
+			$this->test_results['success'] = true;
+			$this->Debug('Authentication Success!');
+			$this->Finalise();
+		}
+
+		$_SESSION['authenticated'] = 1;
+
+		// check for delegation and if all is well, log them in locally with delegation restrictions
+
+		$this->delegate_success = false;
+
+		if($this->delegate) {
+			$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
+				dbesc($this->delegate)
+			);
+			if ($r && intval($r[0]['channel_id'])) {
+				$allowed = perm_is_allowed($r[0]['channel_id'],$hubloc['xchan_hash'],'delegate');
+				if($allowed) {
+					$_SESSION['delegate_channel'] = $r[0]['channel_id'];
+					$_SESSION['delegate'] = $hubloc['xchan_hash'];
+					$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
+					require_once('include/security.php');
+					// this will set the local_channel authentication in the session
+					change_channel($r[0]['channel_id']);
+					$this->delegate_success = true;
+				}
+			}
+		}
+
+		if (! $this->delegate_success) {
+			// normal visitor (remote_channel) login session credentials
+			$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
+			$_SESSION['my_url'] = $hubloc['xchan_url'];
+			$_SESSION['my_address'] = $this->address;
+			$_SESSION['remote_service_class'] = $this->remote_service_class;
+			$_SESSION['remote_level'] = $this->remote_level;
+			$_SESSION['remote_hub'] = $this->remote_hub;
+			$_SESSION['DNT'] = $this->dnt;
+		}
+
+		$arr = array('xchan' => $hubloc, 'url' => $this->desturl, 'session' => $_SESSION);
+		call_hooks('magic_auth_success',$arr);
+		\App::set_observer($hubloc);
+		require_once('include/security.php');
+		\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+		info(sprintf( t('Welcome %s. Remote authentication successful.'),$hubloc['xchan_name']));
+		logger('mod_zot: auth success from ' . $hubloc['xchan_addr']);
+		$this->success = true;
+		return true;
+	}
+
+	function Debug($msg) {
+		$this->debug_msg .= $msg . EOL;
+	}
+
+
+	function Finalise() {
+
+		if($this->test) {
+			$this->test_results['message'] = $this->debug_msg;
+			json_return_and_die($this->test_results);
+		}
+
+		goaway($this->desturl);
+	}
+
+}
+
+
+/**
+ *
+ * Magic Auth
+ * ==========
+ *
+ * So-called "magic auth" takes place by a special exchange. On the site where the "channel to be authenticated" lives (e.g. $mysite), 
+ * a redirection is made via $mysite/magic to the zot endpoint of the remote site ($remotesite) with special GET parameters.
+ *
+ * The endpoint is typically  https://$remotesite/post - or whatever was specified as the callback url in prior communications
+ * (we will bootstrap an address and fetch a zot info packet if possible where no prior communications exist)
+ *
+ * Five GET parameters are supplied:
+ * * auth => the urlencoded webbie (channel@host.domain) of the channel requesting access
+ * * dest => the desired destination URL (urlencoded)
+ * * sec  => a random string which is also stored on $mysite for use during the verification phase. 
+ * * version => the zot revision
+ * * delegate => optional urlencoded webbie of a local channel to invoke delegation rights for
+ *
+ * * test => (optional 1 or 0 - debugs the authentication exchange and returns a json response instead of redirecting the browser session)
+ *
+ * When this packet is received, an "auth-check" zot message is sent to $mysite.
+ * (e.g. if $_GET['auth'] is foobar@podunk.edu, a zot packet is sent to the podunk.edu zot endpoint, which is typically /post)
+ * If no information has been recorded about the requesting identity a zot information packet will be retrieved before
+ * continuing.
+ *
+ * The sender of this packet is an arbitrary/random site channel. The recipients will be a single recipient corresponding
+ * to the guid and guid_sig we have associated with the requesting auth identity
+ *
+ * \code{.json}
+ * {
+ *   "type":"auth_check",
+ *   "sender":{
+ *     "guid":"kgVFf_...",
+ *     "guid_sig":"PT9-TApz...",
+ *     "url":"http:\/\/podunk.edu",
+ *     "url_sig":"T8Bp7j...",
+ *     "sitekey":"aMtgKTiirXrICP..."
+ *   },
+ *   "recipients":{
+ *     {
+ *       "guid":"ZHSqb...",
+ *       "guid_sig":"JsAAXi..."
+ *     }
+ *   }
+ *   "callback":"\/post",
+ *   "version":1,
+ *   "secret":"1eaa661",
+ *   "secret_sig":"eKV968b1..."
+ * }
+ * \endcode
+ *
+ * auth_check messages MUST use encapsulated encryption. This message is sent to the origination site, which checks the 'secret' to see 
+ * if it is the same as the 'sec' which it passed originally. It also checks the secret_sig which is the secret signed by the 
+ * destination channel's private key and base64url encoded. If everything checks out, a json packet is returned:
+ *
+ * \code{.json}
+ * {
+ *   "success":1,
+ *   "confirm":"q0Ysovd1u...",
+ *   "service_class":(optional)
+ *   "level":(optional)
+ *   "DNT": (optional do-not-track - 1 or 0)
+ * }
+ * \endcode
+ *
+ * 'confirm' in this case is the base64url encoded RSA signature of the concatenation of 'secret' with the
+ * base64url encoded whirlpool hash of the requestor's guid and guid_sig; signed with the source channel private key. 
+ * This prevents a man-in-the-middle from inserting a rogue success packet. Upon receipt and successful 
+ * verification of this packet, the destination site will redirect to the original destination URL and indicate a successful remote login. 
+ * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is 
+ * a string whose contents are not defined by protocol. Example: "basic" or "gold".
+ *
+ * @param[in,out] \App &$a
+ */

Zotlabs/Zot/DReport.php

@@ -0,0 +1,55 @@
+<?php
+namespace Zotlabs\Zot;
+
+class DReport {
+
+	private $location;
+	private $sender;
+	private $recipient;
+	private $message_id;
+	private $status;
+	private $date;
+
+	function __construct($location,$sender,$recipient,$message_id,$status = 'deliver') {
+		$this->location   = $location;
+		$this->sender     = $sender;
+		$this->recipient  = $recipient;
+		$this->message_id = $message_id;
+		$this->status     = $status;
+		$this->date       = datetime_convert();
+	}
+
+	function update($status) {
+		$this->status     = $status;
+		$this->date       = datetime_convert();
+	}
+
+	function addto_recipient($name) {
+		$this->recipient = $this->recipient . ' ' . $name;
+	}
+
+	function addto_update($status) {
+		$this->status = $this->status . ' ' . $status;
+	}
+
+
+	function set($arr) {
+		$this->location   = $arr['location'];
+		$this->sender     = $arr['sender'];
+		$this->recipient  = $arr['recipient'];
+		$this->message_id = $arr['message_id'];
+		$this->status     = $arr['status'];
+		$this->date       = $arr['date'];
+	}
+
+	function get() {
+		return array(
+			'location'   => $this->location,
+			'sender'     => $this->sender,
+			'recipient'  => $this->recipient,
+			'message_id' => $this->message_id,
+			'status'     => $this->status,
+			'date'       => $this->date
+		);
+	}
+}

Zotlabs/Zot/IHandler.php

@@ -0,0 +1,22 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+interface IHandler {
+
+	function Ping();
+
+	function Pickup($data);
+
+	function Notify($data);
+
+	function Request($data);
+
+	function AuthCheck($data,$encrypted);
+
+	function Purge($sender,$recipients);
+
+	function Refresh($sender,$recipients);
+
+}
+

Zotlabs/Zot/Receiver.php

@@ -0,0 +1,297 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+class Receiver {
+
+	protected $data;
+	protected $encrypted;
+	protected $error;
+	protected $messagetype;
+	protected $sender;
+	protected $validated;
+	protected $recipients;
+	protected $response;
+	protected $handler;
+
+	function __construct($data,$prvkey,$handler) {
+
+		$this->error       = false;
+		$this->validated   = false;
+		$this->messagetype = '';
+		$this->response    = array('success' => false);
+
+		$this->handler = $handler;
+
+		if(! is_array($data))
+			$data = json_decode($data,true);
+
+		if($data && is_array($data)) {
+			$this->encrypted = ((array_key_exists('iv',$data)) ? true : false);
+
+			if($this->encrypted) {
+				$this->data = @json_decode(@crypto_unencapsulate($data,$prvkey),true);
+			}
+			if(! $this->data)
+				$this->data = $data;
+
+			if($this->data && is_array($this->data) && array_key_exists('type',$this->data))
+				$this->messagetype = $this->data['type'];
+		}
+		if(! $this->messagetype)
+			$this->error = true;
+
+		if($this->data) {
+			$this->sender     = ((array_key_exists('sender',$this->data)) ? $this->data['sender'] : null);
+			$this->recipients = ((array_key_exists('recipients',$this->data)) ? $this->data['recipients'] : null);
+		}
+
+		if($this->sender)
+			$this->ValidateSender();
+
+		$this->Dispatch();
+	}
+
+	function ValidateSender() {
+		$hubs = zot_gethub($this->sender,true);
+		if (! $hubs) {
+
+			/* Have never seen this guid or this guid coming from this location. Check it and register it. */
+			/* (!!) this will validate the sender. */
+
+        	$result = zot_register_hub($this->sender);
+
+        	if ((! $result['success']) || (! ($hubs = zot_gethub($this->sender,true)))) {
+            	$this->response['message'] = 'Hub not available.';
+	            json_return_and_die($this->response);
+    	    }
+		}
+		foreach($hubs as $hub) {
+			update_hub_connected($hub,((array_key_exists('sitekey',$this->sender)) ? $this->sender['sitekey'] : ''));
+		}
+		$this->validated = true;
+    }
+
+		
+	function Dispatch() {
+
+		/* Handle tasks which don't require sender validation */
+
+		switch($this->messagetype) {
+			case 'ping':
+				/* no validation needed */
+				$this->handler->Ping();
+				break;
+			case 'pickup':
+				/* perform site validation, as opposed to sender validation */
+				$this->handler->Pickup($this->data);
+				break;
+
+			default:
+				if(! $this->validated) {
+					$this->response['message'] = 'Sender not valid';
+					json_return_and_die($this->response);
+				}
+				break;
+		}
+
+		/* Now handle tasks which require sender validation */
+
+		switch($this->messagetype) {
+
+			case 'auth_check':
+				$this->handler->AuthCheck($this->data,$this->encrypted);
+				break;
+
+			case 'request':
+				$this->handler->Request($this->data);
+				break;
+
+			case 'purge':
+				$this->handler->Purge($this->sender,$this->recipients);
+				break;
+
+			case 'refresh':
+			case 'force_refresh':
+				$this->handler->Refresh($this->sender,$this->recipients);
+				break;
+
+			case 'notify':
+				$this->handler->Notify($this->data);
+				break;
+
+			default:
+				$this->response['message'] = 'Not implemented';
+				json_return_and_die($this->response);
+				break;
+		}
+
+	}
+}
+
+
+
+/**
+ * @brief zot communications and messaging.
+ *
+ * Sender HTTP posts to this endpoint ($site/post typically) with 'data' parameter set to json zot message packet.
+ * This packet is optionally encrypted, which we will discover if the json has an 'iv' element.
+ * $contents => array( 'alg' => 'aes256cbc', 'iv' => initialisation vector, 'key' => decryption key, 'data' => encrypted data);
+ * $contents->iv and $contents->key are random strings encrypted with this site's RSA public key and then base64url encoded.
+ * Currently only 'aes256cbc' is used, but this is extensible should that algorithm prove inadequate.
+ *
+ * Once decrypted, one will find the normal json_encoded zot message packet.
+ * 
+ * Defined packet types are: notify, purge, refresh, force_refresh, auth_check, ping, and pickup 
+ *
+ * Standard packet: (used by notify, purge, refresh, force_refresh, and auth_check)
+ * \code{.json}
+ * {
+ *   "type": "notify",
+ *   "sender":{
+ *     "guid":"kgVFf_1...",
+ *     "guid_sig":"PT9-TApzp...",
+ *     "url":"http:\/\/podunk.edu",
+ *     "url_sig":"T8Bp7j5...",
+ *   },
+ *   "recipients": { optional recipient array },
+ *   "callback":"\/post",
+ *   "version":1,
+ *   "secret":"1eaa...",
+ *   "secret_sig": "df89025470fac8..."
+ * }
+ * \endcode
+ *
+ * Signature fields are all signed with the sender channel private key and base64url encoded.
+ * Recipients are arrays of guid and guid_sig, which were previously signed with the recipients private 
+ * key and base64url encoded and later obtained via channel discovery. Absence of recipients indicates
+ * a public message or visible to all potential listeners on this site.
+ *
+ * "pickup" packet:
+ * The pickup packet is sent in response to a notify packet from another site
+ * \code{.json}
+ * {
+ *   "type":"pickup",
+ *   "url":"http:\/\/example.com",
+ *   "callback":"http:\/\/example.com\/post",
+ *   "callback_sig":"teE1_fLI...",
+ *   "secret":"1eaa...",
+ *   "secret_sig":"O7nB4_..."
+ * }
+ * \endcode
+ *
+ * In the pickup packet, the sig fields correspond to the respective data
+ * element signed with this site's system private key and then base64url encoded.
+ * The "secret" is the same as the original secret from the notify packet. 
+ *
+ * If verification is successful, a json structure is returned containing a
+ * success indicator and an array of type 'pickup'.
+ * Each pickup element contains the original notify request and a message field
+ * whose contents are dependent on the message type.
+ *
+ * This JSON array is AES encapsulated using the site public key of the site
+ * that sent the initial zot pickup packet.
+ * Using the above example, this would be example.com.
+ *
+ * \code{.json}
+ * {
+ *   "success":1,
+ *   "pickup":{
+ *     "notify":{
+ *       "type":"notify",
+ *       "sender":{
+ *         "guid":"kgVFf_...",
+ *         "guid_sig":"PT9-TApz...",
+ *         "url":"http:\/\/z.podunk.edu",
+ *         "url_sig":"T8Bp7j5D..."
+ *       },
+ *       "callback":"\/post",
+ *       "version":1,
+ *       "secret":"1eaa661..."
+ *     },
+ *     "message":{
+ *       "type":"activity",
+ *       "message_id":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu",
+ *       "message_top":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu",
+ *       "message_parent":"10b049ce384cbb2da9467319bc98169ab36290b8bbb403aa0c0accd9cb072e76@podunk.edu",
+ *       "created":"2012-11-20 04:04:16",
+ *       "edited":"2012-11-20 04:04:16",
+ *       "title":"",
+ *       "body":"Hi Nickordo",
+ *       "app":"",
+ *       "verb":"post",
+ *       "object_type":"",
+ *       "target_type":"",
+ *       "permalink":"",
+ *       "location":"",
+ *       "longlat":"",
+ *       "owner":{
+ *         "name":"Indigo",
+ *         "address":"indigo@podunk.edu",
+ *         "url":"http:\/\/podunk.edu",
+ *         "photo":{
+ *           "mimetype":"image\/jpeg",
+ *           "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5"
+ *         },
+ *         "guid":"kgVFf_...",
+ *         "guid_sig":"PT9-TAp...",
+ *       },
+ *       "author":{
+ *         "name":"Indigo",
+ *         "address":"indigo@podunk.edu",
+ *         "url":"http:\/\/podunk.edu",
+ *         "photo":{
+ *           "mimetype":"image\/jpeg",
+ *           "src":"http:\/\/podunk.edu\/photo\/profile\/m\/5"
+ *         },
+ *         "guid":"kgVFf_...",
+ *         "guid_sig":"PT9-TAp..."
+ *       }
+ *     }
+ *   }
+ * }
+ * \endcode
+ *
+ * Currently defined message types are 'activity', 'mail', 'profile', 'location'
+ * and 'channel_sync', which each have different content schemas.
+ *
+ * Ping packet:
+ * A ping packet does not require any parameters except the type. It may or may
+ * not be encrypted.
+ *
+ * \code{.json}
+ * {
+ *   "type": "ping"
+ * }
+ * \endcode
+ *
+ * On receipt of a ping packet a ping response will be returned:
+ *
+ * \code{.json}
+ * {
+ *   "success" : 1,
+ *   "site" {
+ *     "url": "http:\/\/podunk.edu",
+ *     "url_sig": "T8Bp7j5...",
+ *     "sitekey": "-----BEGIN PUBLIC KEY-----
+ *                 MIICIjANBgkqhkiG9w0BAQE..."
+ *   }
+ * }
+ * \endcode
+ *
+ * The ping packet can be used to verify that a site has not been re-installed, and to 
+ * initiate corrective action if it has. The url_sig is signed with the site private key
+ * and base64url encoded - and this should verify with the enclosed sitekey. Failure to
+ * verify indicates the site is corrupt or otherwise unable to communicate using zot.
+ * This return packet is not otherwise verified, so should be compared with other
+ * results obtained from this site which were verified prior to taking action. For instance
+ * if you have one verified result with this signature and key, and other records for this 
+ * url which have different signatures and keys, it indicates that the site was re-installed
+ * and corrective action may commence (remove or mark invalid any entries with different
+ * signatures).
+ * If you have no records which match this url_sig and key - no corrective action should
+ * be taken as this packet may have been returned by an imposter.  
+ *
+ * @param[in,out] App &$a
+ */
+

Zotlabs/Zot/Verify.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+
+class Verify {
+
+	function create($type,$channel_id,$token,$meta) {
+		return q("insert into verify ( type, channel, token, meta, created ) values ( '%s', %d, '%s', '%s', '%s' )",
+			dbesc($type),
+			intval($channel_id),
+			dbesc($token),
+			dbesc($meta),
+			dbesc(datetime_convert())
+		);
+	}
+
+	function match($type,$channel_id,$token,$meta) {
+		$r = q("select id from verify where type = '%s' and channel = %d and token = '%s' and meta = '%s' limit 1",
+			dbesc($type),
+			intval($channel_id),
+			dbesc($token),
+			dbesc($meta)
+		);
+		if($r) {
+			q("delete from verify where id = %d",
+				intval($r[0]['id'])
+			);
+			return true; 
+		}
+		return false;
+	}
+
+	function purge($type,$interval) {
+		q("delete from verify where type = '%s' and created < %s - INTERVAL %s",
+			dbesc($type),
+			db_utcnow(),
+			db_quoteinterval($interval)
+		);
+	}
+
+}

Zotlabs/Zot/ZotHandler.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+class ZotHandler implements IHandler {
+
+	function Ping() {
+		zot_reply_ping();
+	}
+
+	function Pickup($data) {
+		zot_reply_pickup($data);
+	}
+
+	function Notify($data) {
+		zot_reply_notify($data);
+	}
+
+	function Request($data) {
+		zot_reply_message_request($data);
+	}
+
+	function AuthCheck($data,$encrypted) {
+		zot_reply_auth_check($data,$encrypted);
+	}
+
+	function Purge($sender,$recipients) {
+		zot_reply_purge($sender,$recipients);
+	}
+
+	function Refresh($sender,$recipients) {
+		zot_reply_refresh($sender,$recipients);
+	}
+
+}

app/firefoxshare.apd

@@ -0,0 +1,4 @@
+url: $baseurl/ffsapi
+requires: local_channel
+name: Firefox Share
+photo: $baseurl/app/firefoxshare.png

app/grid.apd

@@ -0,0 +1,4 @@
+url: $baseurl/network
+requires: local_channel
+name: Grid
+photo: $baseurl/images/hubzilla_logo_6.png

app/matrix.apd

@@ -1,4 +0,0 @@
-url: $baseurl/network
-requires: local_channel
-name: Matrix
-photo: $baseurl/app/matrix.png

doc/Creating-Templates.md

@@ -18,7 +18,7 @@ view/php/default.php
 	<html>
 	<head>
 		<title><?php if(x($page,'title')) echo $page['title'] ?></title>
-		<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
+		<script>var baseurl="<?php echo z_root() ?>";</script>
 		<?php if(x($page,'htmlhead')) echo $page['htmlhead'] ?>
 	</head>
 	<body>

doc/DerivedTheme1.md

@@ -38,7 +38,7 @@ Inside it, put the following information - edit as needed
 
     function mytheme_init(&$a) {
 
-        $a->theme_info['extends'] = 'redbasic';
+        App::$theme_info['extends'] = 'redbasic';
 
 
     }
@@ -63,7 +63,6 @@ In it, put the following:
 
 That's it. This tells the software to read the PCSS information for the redbasic theme first, and then read our CSS file which will just consist of changes we want to make from our parent theme (redbasic). 
 
-
 Now create the actual CSS file for your theme.  Put it in view/theme/mytheme/css/style.css (where we just told the software to look for it). For our example, we'll just change the body background color so you can see that it works. You can use any CSS you'd like. 
 
 
@@ -74,4 +73,29 @@ Now create the actual CSS file for your theme.  Put it in view/theme/mytheme/css
 
 You've just successfully created a derived theme. This needs to be enabled in the admin "themes" panel, and then anybody on the site can use it by selecting it in Settings->Display Settings as their default theme.  
 
+**Lesson 2**
+
+If you want to use the redbasic schemas for your derived theme, you have to do a bit more.
+
+Do everything as above, but don't create view/theme/mytheme/php/style.php, but copy instead  view/theme/redbasic/php/style.php to view/theme/mytheme/php/style.php. Modify that file and remove (or comment out) these two lines:
+
+	if(local_channel() && App::$channel && App::$channel['channel_theme'] != 'redbasic')
+		set_pconfig(local_channel(), 'redbasic', 'schema', '---');
+	
+Also add this line at the bottom:
+
+	echo @file_get_contents('view/theme/mytheme/css/style.css');
+
+To show the schema selector you have to copy view/theme/redbasic/tpl/theme_settings.tpl to  view/theme/mytheme/tpl/theme_settings.tpl. Modify that file and replace the lines:
+
+	{{if $theme == redbasic}}
+	{{include file="field_select.tpl" field=$schema}}
+	{{/if}}
+
+with:
+
+	{{include file="field_select.tpl" field=$schema}}
+	
+
+
 #include doc/macros/main_footer.bb;

doc/Features.md

@@ -57,9 +57,9 @@ Private messages are encrypted during transport and storage. In this day and age
 
 This provides the ability to select posts by date ranges
 
-**Collections Filter**
+**Privacy Group Filter**
 
-Enable widget to display stream posts only from selected collections. This also toggles the outbound permissions while you are viewing a collection. This is analogous to Google "circles" or Disapora "aspects". 
+Enable widget to display stream posts only from selected groups of connection. This also toggles the outbound permissions while you are viewing a privacy group. This is analogous to Google "circles" or Disapora "aspects". 
 
 **Saved Searches**
 

doc/Hooks.md

@@ -1,136 +0,0 @@
-Hooks - Complete List
-=====================
-
-
-* 'about_hook'
-* 'account_settings'
-* 'app_menu'
-* 'atom_author'
-* 'atom_entry'
-* 'atom_feed'
-* 'atom_feed_end'
-* 'authenticate'
-* 'avatar_lookup'
-* 'bb2diaspora'
-* 'bbcode'
-* 'channel_remove'
-* 'check_account_email'
-* 'check_account_invite'
-* 'check_account_password'
-* 'connect_premium'
-* 'connector_settings'
-* 'contact_block_end'
-* 'contact_edit'
-* 'contact_edit_post'
-* 'contact_photo_menu'
-* 'contact_select_options'
-* 'conversation_start'
-* 'cron'
-* 'directory_item'
-* 'display_item'
-* 'display_item'
-* 'display_settings'
-* 'display_settings_post'
-* 'enotify'
-* 'enotify_mail'
-* 'enotify_store'
-* 'event_created'
-* 'event_updated'
-* 'feature_enabled'
-* 'feature_settings'
-* 'feature_settings_post'
-* 'follow'
-* 'gender_selector'
-* 'get_all_perms'
-* 'get_features'
-* 'get_widgets'
-* 'global_permissions'
-* 'home_content'
-* 'home_init'
-* 'html2bbcode'
-* 'import_directory_profile'
-* 'init_1'
-* 'item_photo_menu'
-* 'item_translate'
-* 'jot_networks'
-* 'jot_tool'
-* 'logged_in'
-* 'login_hook'
-* 'logging_out'
-* 'magic_auth'
-* 'magic_auth_success'
-* 'main_slider'
-* 'marital_selector'
-* 'mood_verbs'
-* 'network_content_init'
-* 'network_ping'
-* 'network_tabs'
-* 'network_to_name'
-* 'notifier_end'
-* 'notifier_normal'
-* 'obj_verbs'
-* 'oembed_probe'
-* 'page_content_top'
-* 'page_end'
-* 'page_header'
-* 'parse_atom'
-* 'parse_link'
-* 'pdl_selector'
-* 'perm_is_allowed'
-* 'personal_xrd'
-* 'photo_post_end'
-* 'photo_post_end'
-* 'photo_upload_begin'
-* 'photo_upload_end'
-* 'photo_upload_file'
-* 'photo_upload_form'
-* 'poke_verbs'
-* 'post_local'
-* 'post_local_end'
-* 'post_local_start'
-* 'post_mail'
-* 'post_mail_end'
-* 'post_remote'
-* 'post_remote_end'
-* 'post_remote_update'
-* 'post_remote_update_end'
-* 'prepare_body'
-* 'prepare_body_final'
-* 'prepare_body_init'
-* 'proc_run'
-* 'profile_advanced'
-* 'profile_edit'
-* 'profile_post'
-* 'profile_sidebar'
-* 'profile_sidebar_enter'
-* 'profile_tabs'
-* 'register_account'
-* 'render_location'
-* 'settings_account'
-* 'settings_form'
-* 'settings_post'
-* 'sexpref_selector'
-* 'smilie'
-* 'validate_channelname'
-* 'webfinger'
-* 'zid'
-* 'zid_init'
-
-***General Module Hooks***
-
-* $a->module . '_mod_aftercontent'
-* $a->module . '_mod_aside'
-* $a->module . '_mod_content'
-* $a->module . '_mod_init'
-* $a->module . '_mod_post'
-
-***General Selector Hooks***
-
-* $a->module . '_post_' . $selname
-* $a->module . '_post_' . $selname
-* $a->module . '_post_' . $selname
-* $a->module . '_pre_' . $selname
-* $a->module . '_pre_' . $selname
-* $a->module . '_pre_' . $selname
-
-#include doc/macros/main_footer.bb;

doc/Hubzilla_on_OpenShift.bb

@@ -0,0 +1,105 @@
+[b]Hubzilla on OpenShift[/b]
+You will notice a new .openshift folder when you fetch from upstream, i.e. from [url=https://github.com/redmatrix/hubzilla.git]https://github.com/redmatrix/hubzilla.git[/url] , which contains a deploy script to set up Hubzilla on OpenShift with plugins and extra themes.
+
+As of this writing, 2015-10-28, you do not have to pay for OpenShift on the Free plan, which gives you three gears at no cost. The Bronze plan gives you three gears at no cost too, but you can expand to 16 gears by paying, and this requires you to register your payment card. The three gears can give three instances of Hubzilla with one gear each, or you can combine two gears into one high-availability Hubzilla instance and one extra gear. The main difference to be aware of is this: gears on the Free plan will go into hibernation if left idle for too long, this does not happen on the Bronze plan. 
+
+Create an account on OpenShift, then use the registration e-mail and password to create your first Hubzilla instance. Install git and RedHat's command line tools - rhc - if you have not already done so. See for example https://developers.openshift.com/en/getting-started-debian-ubuntu.html on how to do this on Debian GNU/Linux, or in the menu on that page for other GNU/Linux distributions or other operating systems. 
+
+[code]rhc app-create your_app_name php-5.4 mysql-5.5 cron phpmyadmin --namespace your_domain --from-code https://github.com/redmatrix/hubzilla.git -l your@email.address -p your_account_password
+[/code]
+
+Make a note of the database username and password OpenShift creates for your instance, and use these at [url=https://your_app_name-your_domain.rhcloud.com/]https://your_app_name-your_domain.rhcloud.com/[/url] to complete the setup. You MUST change server address from 127.0.0.1 to localhost.
+
+NOTE: PostgreSQL is NOT supported by the deploy script yet, see [zrl=https://zot-mor.rhcloud.com/display/3c7035f2a6febf87057d84ea0ae511223e9b38dc27913177bc0df053edecac7c@zot-mor.rhcloud.com?zid=haakon%40zot-mor.rhcloud.com]this thread[/zrl].
+
+[b]Update[/b]
+To update, consider your own workflow first. I have forked Hubzilla code into my GitHub account to be able to try things out, this remote repo is called origin. Here is how I fetch new code from upstream, merge into my local repo, then push the updated code both into origin and the remote repo called openshift.
+
+[code]git fetch upstream;git checkout master;git merge upstream/master;git push origin;git push openshift HEAD
+[/code]
+
+[b]Administration[/b]
+Symptoms of need for MySQL database administration are:
+[list]
+[*] you can visit your domain and see the Hubzilla frontpage, but trying to login throws you back to login. This can mean your session table is marked as crashed.
+[*] you can login, but your channel posts are not visible. This can mean your item table is marked as crashed.
+[*] you can login and you can see your channel posts, but apparently nobody is getting your posts, comments, likes and so on. This can mean your outq table is marked as crashed.
+[/list]
+
+You can check your OpenShift logs by doing
+
+[code]
+rhc tail -a your_app_name -n your_domain -l your@email.address -p your_account_password
+[/code]
+
+and you might be able to confirm the above suspicions about crashed tables, or other problems you need to fix.
+
+[b]How to fix crashed tables in MySQL[/b]
+Using MySQL and the MyISAM database engine can result in table indexes coming out of sync, and you have at least two options for fixing tables marked as crashed.
+[list]
+[*] Use the database username and password OpenShift creates for your instance at [url=https://your_app_name-your_domain.rhcloud.com/phpmyadmin/]https://your_app_name-your_domain.rhcloud.com/phpmyadmin/[/url] to login via the web into your phpMyAdmin web interface, click your database in the left column, in the right column scroll down to the bottom of the list of tables and click the checkbox for marking all tables, then select Check tables from the drop down menu. This will check the tables for problems, and you can then checkmark only those tables with problems, and select Repair table from the same drop down menu at the bottom.
+[*] You can port-forward the MySQL database service to your own machine and use the MySQL client called mysqlcheck to check, repair and optimize your database or individual database tables without stopping the MySQL service on OpenShift. Run the following in two separate console windows. 
+
+To port-forward do
+
+[code]rhc port-forward -a your_app_name -n your_domain -l your@email.address -p your_password[/code]
+
+in one console window, then do either -o for optimize, -c for check or -r for repair, like this
+
+[code]mysqlcheck -h 127.0.0.1 -r your_app_name -u your_app_admin_name -p[/code]
+
+and give the app's password at the prompt. If all goes well you should see a number of table names with an OK behind them. 
+
+You can now
+[code]Press CTRL-C to terminate port forwarding[/code]
+[*] You can do
+
+[code]rhc cartridge stop mysql-5.5 -a your_app_name[/code]
+
+to stop the MySQL service running in your app on OpenShift before running myisamchk - which should only be run when MySQL is stopped, and then
+login to your instance with SSH - see OpenShift for details - and do 
+
+[code]cd mysql/data/your_database
+myisamchk -r *.MYI[/code]
+
+or if you get
+
+[code]Can't create new tempfile[/code]
+
+check your OpenShift's gear quota with
+
+[code]quota -gus[/code]
+
+and if you are short on space, then locally (not SSH) do
+
+[code]rhc app-tidy your_app_name -l your_login -p your_password[/code]
+
+to have rhc delete temporary files and OpenShift logs to free space first, then check the size of your local repo dir and execute
+
+[code]git gc[/code]
+
+against it and check the size again, and then to minimize your remote repo connect via SSH to your application gear and execute the same command against it by changing to the remote repo directory - your repo should be in
+
+[code]~/git/your_app_name.git[/code]
+
+(if not, do find -size +1M to find it), then do
+
+[code]
+cd
+cd mysql/data/yourdatabase
+myisamchk -r -v -f*.MYI[/code]
+
+and hopefully your database tables are now okay.
+You can now start the MySQL service on OpenShift by locally doing
+
+[code]rhc cartridge start mysql-5.5 -a your_app_name[/code]
+[/list]
+
+[b]Notes[/b]
+[list]
+[*] definitely DO turn off feeds and discovery by default and limit delivery reports from 30 days to 3 days if you are on the Free or Bronze plan on OpenShift with a single 1Gb gear by visiting [observer.baseurl]/admin/site when logged in as administrator of your Hubzilla site. 
+[*] The above defaults have been added into the deploy script.
+[*] DO add git gc to the deploy script
+[*] MAYBE DO add myisamchk - only checking? to the end of the deploy script.
+[*] mysqlcheck is similar in function to myisamchk, but works differently. The main operational difference is that mysqlcheck must be used when the mysqld server is running, whereas myisamchk should be used when it is not. The benefit of using mysqlcheck is that you do not have to stop the server to perform table maintenance - this means this documenation should be fixed.  
+[/list]

doc/Primary-Directory.md

@@ -12,7 +12,7 @@ There are certain scenarios where you might want your own directory-server that
 
 *   On the hub that will be the Directory Server, open the .htconfig.php file and set:
 
-    `$a->config['system']['directory_mode'] = DIRECTORY_MODE_PRIMARY;`
+    `App::$config['system']['directory_mode'] = DIRECTORY_MODE_PRIMARY;`
 
 
     By default it should already be set as **DIRECTORY_MODE_NORMAL**, so just edit that line to say **DIRECTORY_MODE_PRIMARY**

doc/Privacy.md

@@ -1,25 +1,28 @@
-#Privacy Policy
+Privacy Policy
+==============
+
+
+##Summary##
 
-##Summary
 
 Q: Who can see my content?
  
-A: By default ANYBODY on the internet, UNLESS you restrict it. The $Projectname allows you to choose the privacy level you desire. Restricted content will NOT be visible to spy networks and their advertisers. It will be protected against eavesdropping by outsiders - to the best of our ability. Hub administrators with sufficient skills and patience MAY be able to eavesdrop on some private communications but they must expend effort to do so. Privacy modes exist within the $Projectname which are even resistant to eavesdropping by skilled and determined hub administrators.    
+A: By default ANYBODY on the internet, UNLESS you restrict it. $Projectname allows you to choose the privacy level you desire. Restricted content will NOT be visible to "spy networks" and advertisers. It will be protected against eavesdropping by outsiders - to the best of our ability. Hub administrators with sufficient skills and patience MAY be able to eavesdrop on some private communications but they must expend effort to do so. Privacy modes exist within $Projectname which are even resistant to eavesdropping by skilled and determined hub administrators.    
 
 Q: Can my content be censored?
 
-A: The $Projectname (the network) CANNOT censor your content. Server and hub administrators are subject to local laws and MAY remove objectionable content from their site/hub. Anybody MAY become a hub administrator, including you; and therefore publish content which might otherwise be censored. You still MAY be subject to local laws.   
+A: $Projectname (the network) CANNOT censor your content. Server and hub administrators are subject to local laws and MAY remove objectionable content from their site/hub. Anybody MAY become a hub administrator, including you; and therefore publish content which might otherwise be censored. You still MAY be subject to local laws.   
 
 
 ##Definitions
 
 **$Projectname** 
 
-Otherwise referred to as "the network", the $Projectname is a collection of individual computers/servers (aka **hubs**) which connect together to form a larger cooperative network. 
+Otherwise referred to as "the network", $Projectname is a collection of individual computers/servers (aka **hubs**) which connect together to form a larger cooperative network. 
 
 **hub** 
 
-An individual computer or server connected to the $Projectname. These are provided by a **hub administrator** and may be public or private, paid or free.
+An individual computer or server connected to $Projectname. These are provided by a **hub administrator** and may be public or private, paid or free.
 
 **hub administrator**
 
@@ -29,7 +32,7 @@ The system operator of an individual hub.
 
 **Public Information**
 
-Any information or anything posted by you within the $Projectname MAY be public or visible to anybody on the internet. To the extent possible, the $Projectname allows you to protect content and restrict who can view it.
+Any information or anything posted by you within $Projectname MAY be public or visible to anybody on the internet. To the extent possible, $Projectname allows you to protect content and restrict who can view it.
 
 Your profile photo, your channel name, and the location (URL or network address) of your channel are visible to anybody on the internet and privacy controls will not affect the display of these items. 
 
@@ -37,7 +40,7 @@ You MAY additionally provide other profile information. Any information which yo
 
 **Content**
 
-Content you provide (status posts, photos, files, etc.) belongs to you. The $Projectname default is to publish content openly and visible to anybody on the internet (PUBLIC). You MAY control this in your channel settings and restrict the default permissions or you MAY restrict the visibility of any single published item separately (PRIVATE). The $Projectname developers will ensure that restricted content is ONLY visible to those in the restriction list - to the best of their ability. 
+Content you provide (status posts, photos, files, etc.) belongs to you. The $Projectname default is to publish content openly and visible to anybody on the internet (PUBLIC). You MAY control this in your channel settings and restrict the default permissions or you MAY restrict the visibility of any single published item separately (PRIVATE). $Projectname developers will ensure that restricted content is ONLY visible to those in the restriction list - to the best of their ability. 
 
 Content (especially status posts) that you share with other networks or that you have made visible to anybody on the internet (PUBLIC) cannot easily be taken back once it has been published. It MAY be shared with other networks and made available through RSS/Atom feeds. It may also be syndicated on other $Projectname sites. It MAY appear on spy networks and internet searches. If you do not wish this default behaviour please adjust your channel settings and restrict who can see your content. 
 
@@ -45,28 +48,29 @@ Content (especially status posts) that you share with other networks or that you
 
 Comments to posts that were created by others and posts which are designated as forum posts belong to you as the creator/author, but the distribution of these posts is not under your direct control. These posts/comments MAY be re-distributed to others, and MAY be visible to anybody on the internet. In the case of comments, the creator of the "first message" in the thread to which you are replying controls the distribution of all comments and replies to that message.
 
-
 **Private Information**
 
-$Projectname developers will ensure that any content you provide which is designated as PRIVATE will be protected against eavesdropping - to the best of their ability. Private content is generally hidden or obscured even from hub administrators. It is also stripped from email notifications. It is difficult but NOT impossible for this content to be seen by a hub administrator.  This is a side effect of the physical laws of the universe.  Unfortunately, if a database needs to decrypt a post at display time, it must have the means to decrypt the post!  End to end encryption is also provided and this CANNOT be seen, even by a determined administrator. 
+$Projectname developers will ensure that any content you provide which is designated as PRIVATE will be protected against eavesdropping - to the best of their ability. Private channel content CAN be seen in the database of every involved hub administrator, but private messages are obscured in the database. The latter means that it is very difficult, but NOT impossible for this content to be seen by a hub administrator. Private channel content and private messages are also stripped from email notifications. End to end encryption is provided as an optional feature and this CANNOT be seen, even by a determined administrator.  
 
 ##Identity Privacy
 
-Privacy for your identity is another aspect. Because you have a decentralized identity in the $Projectname, your privacy extends beyond your home hub. If you want to have complete control of your privacy and security you should run your own hub on a dedicated server. For many people, this is complicated and may stretch their technical abilities. So let's list a few precautions you can make to assure your privacy as much as possible.
+Privacy for your identity is another aspect. Because you have a decentralized identity in $Projectname, your privacy extends beyond your home hub. If you want to have complete control of your privacy and security you should run your own hub on a dedicated server. For many people, this is complicated and may stretch their technical abilities. So let's list a few precautions you can make to assure your privacy as much as possible.
 
 A decentralized identity has a lot of advantages and gives you al lot of interesting features, but you should be aware of the fact that your identity is known by other hubs in the $Projectname network. One of those advantages is that other channels can serve you customized content and allow you to see private things (such as private photos which others wish to share with you). Because of this those channels need to know who you are. But we understand that sometimes those other channels know more from you than you might desire. For instance the plug-in Visage that can tell a channel owner the last time you visit their profile. You can easily OPT-OUT of this low level and we think, harmless tracking.
 
-* You can enable [Do Not Track (DNT)](http://donottrack.us/) in your web browser. We respect this new privacy policy proposal. All modern browsers support DNT. You will find it in the privacy settings of your browsers or else you can consult the web browser's manual. This will not affect the functionality of the $Projectname. This setting is probably enough for most people.
+* You can enable [Do Not Track (DNT)](http://donottrack.us/) in your web browser. We respect this new privacy policy proposal. All modern browsers support DNT. You will find it in the privacy settings of your browsers or else you can consult the web browser's manual. This will not affect the functionality of $Projectname. This setting is probably enough for most people.
+
 *You can [disable publication](settings) of your channel in our channel directory. If you want people to find your channel, you should give your channel address directly to them. We think this is a good indication that you prefer extra privacy and automatically enable "Do Not Track" if this is the case.
+
 * You can have a blocked hub. That means that all channels and content on that hub is not public, and not visible to the outside world. This is something only your hub administrator can do. We also respect this and automatically enable "Do Not Track" if it is set.
 
 ###Censorship
 
-The $Projectname is a global network which is inclusive of all religions and cultures. This does not imply that every member of the network feels the same way you do on contentious issues, and some people may be STRONGLY opposed to the content you post. In general, if you wish to post something that you know may nor be universally acceptable, the best approach is to restrict the audience using privacy controls to a small circle of friends. 
+$Projectname is a global network which is inclusive of all religions and cultures. This does not imply that every member of the network feels the same way you do on contentious issues, and some people may be STRONGLY opposed to the content you post. In general, if you wish to post something that you know may nor be universally acceptable, the best approach is to restrict the audience using privacy controls to a small circle of friends. 
 
-The $Projectname as a network provider is unable to censor content. However, hub administrators MAY censor any content which appears on their hub to comply with local laws or even personal judgement. Their decision is final. If you have issues with any hub administrator, you may move your account and postings to another site which is more in line with your expectations. Please check (periodically) the [Terms of Service](help/TermsOfService) of your hub to learn about any rules or guidelines. If your content consists of material which is illegal or may cause issues, you are STRONGLY encouraged to host your own (become a hub administrator). You may still find that your content is blocked on some hubs, but the $Projectname as a network cannot block it from being posted.
+$Projectname as a network provider is unable to censor content. However, hub administrators MAY censor any content which appears on their hub to comply with local laws or even personal judgement. Their decision is final. If you have issues with any hub administrator, you may move your account and postings to another site which is more in line with your expectations. Please check (periodically) the [Terms of Service](help/TermsOfService) of your hub to learn about any rules or guidelines. If your content consists of material which is illegal or may cause issues, you are STRONGLY encouraged to host your own (become a hub administrator). You may still find that your content is blocked on some hubs, but $Projectname as a network cannot block it from being posted.
 
-The $Projectname RECOMMENDS that hub administrators provide a grace period of 1-2 days between warning an account holder of content that needs to be removed and physically removing or disabling the account. This will give the content owner an opportunity to export their channel meta-data and import it to another site. In rare cases the content may be of such a nature to justify the immediate termination of the account. This is a hub decision, not a $Projectname decision. 
+$Projectname RECOMMENDS that hub administrators provide a grace period of 1-2 days between warning an account holder of content that needs to be removed and physically removing or disabling the account. This will give the content owner an opportunity to export their channel meta-data and import it to another site. In rare cases the content may be of such a nature to justify the immediate termination of the account. This is a hub decision, not a $Projectname decision. 
 
 If you typically and regularly post content of an adult or offensive nature, you are STRONGLY encouraged to mark your account "NSFW" (Not Safe For Work). This will prevent the display of your profile photo in the directory except to viewers that have chosen to disable "safe mode". If your profile photo is found by directory administrators to be adult or offensive, the directory administrator MAY flag your profile photo as NSFW. There is currently no official mechanism to contest or reverse this decision, which is why you SHOULD mark your own account NSFW if it is likely to be inappropriate for general audiences. 
 

doc/README.md

@@ -5,7 +5,7 @@ Hubzilla
 ###Websites. Redefined.
 
 
-![Hubzilla](images/ghash-32.png)
+![Hubzilla](../images/hz-32.png)
 
 **What are Hubs?**
 
@@ -39,4 +39,4 @@ Possible website applications include
 
 
 
-This project is under development and is not yet available for general use.  
+This project is under development and is not yet available for general use.  

doc/Tags-and-Mentions.md

@@ -11,9 +11,9 @@ When you start to mention somebody, it will create an auto-complete box to selec
 
 **Private Mentions**
 
-If you wish to restrict a post to a single person or a number of people, you can do this by selecting channels or collections from the privacy tool. You can also just tag them with a privacy tag. A privacy tag is a name preceded by the two characters @! - and in addition to tagging these channels, will also change the privacy permissions of the post to include them (and perhaps restrict the post from "everybody" if this was the default). You can have more than one privacy tag, for instance @!bob and @!linda will send the post only to Bob and Linda (in addition to any recipients you selected with the privacy selector - if any). 
+If you wish to restrict a post to a single person or a number of people, you can do this by selecting channels or privacy groups from the privacy tool. You can also just tag them with a privacy tag. A privacy tag is a name preceded by the two characters @! - and in addition to tagging these channels, will also change the privacy permissions of the post to include them (and perhaps restrict the post from "everybody" if this was the default). You can have more than one privacy tag, for instance @!bob and @!linda will send the post only to Bob and Linda (in addition to any recipients you selected with the privacy selector - if any). 
 
-You may also tag public collections. When you create or edit a collection, there is a checkbox to allow the group members to be seen by others. If this box is checked for a collection and you tag (for instance) @!Friends - the post will be restricted to the Friends collection. Check that the collection is public before doing this - as there is no way to take back a post except to delete it. The collection name will appear in the post and will alert members of that collection that they are members of it.    
+You may also tag privacy groups which are "public". When you create or edit a privacy group, there is a checkbox to allow the group members to be seen by others. If this box is checked for a group and you tag (for instance) @!Friends - the post will be restricted to the Friends group. Check that the group is public before doing this - as there is no way to take back a post except to delete it. The group name will appear in the post and will alert members of that group that they are members of it.    
 
 
 

doc/Translations.md

@@ -4,13 +4,13 @@ Translating the $Projectname
 Translation Process
 -------------------
 
-The strings used in the UI of Red is translated at [Transifex][1] and then
+The strings used in the UI of Hubzilla is translated at [Transifex][1] and then
 included in the git repository at github. If you want to help with translation
-for any language, be it correcting terms or translating Red to a
+for any language, be it correcting terms or translating Hubzilla to a
 currently not supported language, please register an account at transifex.com
-and contact the Red translation team there.
+and contact the Redmatrix translation team there.
 
-Translating Red is simple. Just use the online tool at transifex. If you
+Translating Hubzilla is simple. Just use the online tool at transifex. If you
 don't want to deal with git & co. that is fine, we check the status of the
 translations regularly and import them into the source tree at github so that
 others can use them.
@@ -26,32 +26,32 @@ tree.
 
 If you want to get your work into the source tree yourself, feel free to do so
 and contact us with and question that arises. The process is simple and
-Red ships with all the tools necessary.
+Hubzilla ships with all the tools necessary.
 
 The location of the translated files in the source tree is
     /view/LNG-CODE/
 where LNG-CODE is the language code used, e.g. de for German or fr for French.
 For the email templates (the *.tpl files) just place them into the directory
-and you are done. The translated strings come as a "messages.po" file from
-transifex which needs to be translated into the PHP file Red uses.  To do
+and you are done. The translated strings come as a "hmessages.po" file from
+transifex which needs to be translated into the PHP file Hubzilla uses.  To do
 so, place the file in the directory mentioned above and use the "po2php"
-utility from the util directory of your Red installation.
+utility from the util directory of your Hubzilla installation.
 
 Assuming you want to convert the German localization which is placed in
-view/de/messages.po you would do the following.
+view/de/hmessages.po you would do the following.
 
 1. Navigate at the command prompt to the base directory of your
-   Red installation
+   Hubzilla installation
 
 2. Execute the po2php script, which will place the translation
-   in the strings.php file that is used by Red.
+   in the hstrings.php file that is used by Hubzilla.
 
-       $> php util/po2php.php view/de/messages.po
+       $> php util/po2php.php view/de/hmessages.po
 
-   The output of the script will be placed at view/de/strings.php where
+   The output of the script will be placed at view/de/hstrings.php where
    froemdoca os expecting it, so you can test your translation mmediately.
                                   
-3. Visit your Red page to check if it still works in the language you
+3. Visit your Hubzilla page to check if it still works in the language you
    just translated. If not try to find the error, most likely PHP will give
    you a hint in the log/warnings.about the error.
                                         
@@ -59,19 +59,19 @@ view/de/messages.po you would do the following.
    not give any output if the file is ok but might give a hint for
    searching the bug in the file.
 
-       $> php view/de/strings.php
+       $> php view/de/hstrings.php
 
 4. commit the two files with a meaningful commit message to your git
-   repository, push it to your fork of the Red repository at github and
+   repository, push it to your fork of the Hubzilla repository at github and
    issue a pull request for that commit.
 
 Utilities
 ---------
 
 Additional to the po2php script there are some more utilities for translation
-in the "util" directory of the Red source tree.  If you only want to
-translate Red into another language you wont need any of these tools most
-likely but it gives you an idea how the translation process of Red
+in the "util" directory of the Hubzilla source tree.  If you only want to
+translate Hubzilla into another language you wont need any of these tools most
+likely but it gives you an idea how the translation process of Hubzilla
 works.
 
 For further information see the utils/README file.
@@ -79,7 +79,7 @@ For further information see the utils/README file.
 Known Problems
 --------------
 
-* Red uses the language setting of the visitors browser to determain the
+* Hubzilla uses the language setting of the visitors browser to determain the
   language for the UI. Most of the time this works, but there are some known
   quirks.
 * the early translations are based on the friendica translations, if you 

doc/Widgets.md

@@ -15,7 +15,7 @@ Some/many of these widgets have restrictions which may restrict the type of page
     * args: count - number of items to return (default 24)
 <br />&nbsp;<br />
 
-* collections - collection selector for the current logged in channel
+* collections - privacy group selector for the current logged in channel
 
     * args: mode - one of "conversation", "group", "abook" depending on module
 <br />&nbsp;<br />
@@ -74,8 +74,11 @@ Some/many of these widgets have restrictions which may restrict the type of page
 
 * suggestedchats - "interesting" chatrooms chosen for the current observer
 
-* item - displays a single webpage item by mid
-    * args: mid - message_id of webpage to display
+* item - displays a single webpage item by mid or page title
+    * args:
+	* channel_id - channel that owns the content, defualt is the profile_uid 
+	* mid - message_id of webpage to display (must be webpage, not a conversation item)
+	* title - URL page title of webpage (must provide one of either title or mid)
 <br />&nbsp;<br />
 
 * photo - display a single photo
@@ -85,10 +88,17 @@ Some/many of these widgets have restrictions which may restrict the type of page
     * style - CSS style string
 <br />&nbsp;<br />
 
+* cover_photo - display the cover photo for the selected channel
+    * args:
+	* channel_id - channel to use, default is the profile_uid 
+    * style - CSS style string (default is dynamically resized to width of region)
+<br />&nbsp;<br />
+
+
 * photo_rand - display a random photo from one of your photo albums. Photo permissions are honoured
     * args: 
     * album - album name (very strongly recommended if you have lots of photos)
-    * scale - typically 0 (original size), 1 (640px), or 2 (320px)
+    * scale - typically 0 (original size), 1 (1024px), 2, (640px), or 3 (320px)
     * style - CSS style string
 	* channel_id - if not your own
 <br />&nbsp;<br />
@@ -99,6 +109,21 @@ Some/many of these widgets have restrictions which may restrict the type of page
     * channel_id - if not your own
 <br />&nbsp;<br />
 
+* tasklist - provide a task or to-do list for the currently logged-in channel.
+	* args:
+	* all - display completed tasks if all is non-zero.
+<br />&nbsp;<br />
+
+* forums - provide a list of connected public forums with unseen counts for the current logged-in channel.
+<br />&nbsp;<br />
+
+
+* album - provides a widget containing a complete photo album from albums belonging to the page owner; this may be too large to present in a sidebar region as is best implemented as a content region widget. 
+	* args:
+	* album - album name
+	* title - optional title, album name is used if not present
+<br />&nbsp;<br />
+ 
 
 Creating New Widgets
 ====================

doc/about.bb

@@ -1,24 +1,24 @@
 [b]About[/b]
 
-The $Projectname is a decentralized communication network, which aims to provide communication that is censorship-resistant, privacy-respecting, and thus free from the oppressive claws of contemporary corporate communication giants. These giants function primarily as spy networks for paying clients of all sorts and types, in addition to monopolizing and centralizing the Internet; a feature that was not part of the original and revolutionary goals that produced the World Wide Web. 
+$Projectname is a decentralized communication network, which aims to provide communication that is censorship-resistant, privacy-respecting, and thus free from the oppressive claws of contemporary corporate communication giants. These giants function primarily as spy networks for paying clients of all sorts and types, in addition to monopolizing and centralizing the Internet; a feature that was not part of the original and revolutionary goals that produced the World Wide Web. 
 
-The $Projectname is free and open source.  It is designed to scale from a $35 Raspberry Pi, to top of the line AMD and Intel Xeon-powered multi-core enterprise servers.  It can be used to support communication between a few individuals, or scale to many thousands and more.
+$Projectname is free and open source.  It is designed to scale from a $35 Raspberry Pi, to top of the line AMD and Intel Xeon-powered multi-core enterprise servers.  It can be used to support communication between a few individuals, or scale to many thousands and more.
 
-Red aims to be skill and resource agnostic. It is easy to use by everyday computer users, as well as by systems administrators and developers. 
+$Projectname aims to be skill and resource agnostic. It is easy to use by everyday computer users, as well as by systems administrators and developers. 
 
 How you use it depends on how you want to use it. 
 
 It is written in the PHP scripting language, thus making it trivial to install on any hosting platform in use today. This includes self-hosting at home, at hosting providers such as [url=http://mediatemple.com/]Media Temple[/url] and [url=http://www.dreamhost.com/]Dreamhost[/url], or on virtual and dedicated servers, offered by the likes of [url=https://www.linode.com]Linode[/url],  [url=http://greenqloud.com]GreenQloud[/url] or [url=https://aws.amazon.com]Amazon AWS[/url].
 
-In other words, the $Projectname can run on any computing platform that comes with a web server, a MySQL-compatible database, and the PHP scripting language. 
+In other words, $Projectname can run on any computing platform that comes with a web server, a MySQL-compatible database, and the PHP scripting language. 
 
-Along the way, Red offers a number of unique goodies: 
+Along the way, $Projectname offers a number of unique goodies: 
 
-[b]Single-click user identification:[/b] meaning you can access sites on the $Projectname simply by clicking on links to remote sites. Authentication just happens automagically behind the scenes. Forget about remembering multiple user names with multiple passwords when accessing different sites online.
+[b]Single-click user identification:[/b] meaning you can access sites on $Projectname simply by clicking on links to remote sites. Authentication just happens automagically behind the scenes. Forget about remembering multiple user names with multiple passwords when accessing different sites online.
 
-[b]Cloning:[/b] of online identities. Your online presence no longer has to be tied to a single server, domain name or IP address.  You can clone and import your identity (or channel as we call it) to another server (or, a hub as servers are known in the $Projectname).  Now, should your primary hub go down, no worries, your contacts, posts[i]*[/i], and messages[i]*[/i] will automagically continue to be available and accessible under your cloned channel. [i](*: only posts and messages as from the moment you cloned your channel)[/i]
+[b]Cloning:[/b] of online identities. Your online presence no longer has to be tied to a single server, domain name or IP address.  You can clone and import your identity (or channel as we call it) to another server (or, a hub as servers are known in $Projectname).  Now, should your primary hub go down, no worries, your contacts, posts[i]*[/i], and messages[i]*[/i] will automagically continue to be available and accessible under your cloned channel. [i](*: only posts and messages as from the moment you cloned your channel)[/i]
 
-[b]Privacy:[/b]  Red identities (Zot IDs) can be deleted, backed up/downloaded, and cloned.  The user is in full control of their data. Should you decide to delete all your content and erase your Zot ID, all you have to do is click on a link and it's immediately deleted from the hub.  No questions, no fuss. 
+[b]Privacy:[/b] $Projectname identities (Zot IDs) can be deleted, backed up/downloaded, and cloned.  The user is in full control of their data. Should you decide to delete all your content and erase your Zot ID, all you have to do is click on a link and it's immediately deleted from the hub.  No questions, no fuss. 
 
 #include doc/macros/main_footer.bb;
 

doc/addons.bb

@@ -1,19 +1,22 @@
 [h3]Plugins/Addons[/h3]
 [list=1]
 [*] abcjsplugin - Create musical scores in your posts
+[*] adultphotoflag - prevents nsfw photos from being displayed in public albums
 [*] bbmath - use complex math expressions in your posts
 [*] bookmarker - replace #^ with bookmark link in posts
 [*] buglink - provide a bug reporting icon in the lower-left corner of every page
 [*] calc - a scientific calculator
+[*] chess - cross domain identity aware interactive chess games
 [*] chords - generate fingering charts and alternatives for every known guitar chord
 [*] custom_home - set a custom page as the hub start page
-[*] diaspora - crosspost to a Diaspora account (different from the built-in Diaspora emulator)
+[*] dfedfix - fixes some federation issues with Diaspora releases around aug-sep 2015
+[*] diaspora - Diaspora protocol emulator
+[*] diaspost - crosspost to a Diaspora account (different from the Diaspora protocol emulator)
 [*] dirstats - show some interesting statistics generated by the driectory server
 [*] donate - provides a project donation page
 [*] dwpost - crosspost to Dreamwidth
-[*] embedly - use the embedly (formerly ooehmbed) service to embed media from many providers
 [*] extcron - use an external cron service to run your hub's scheduled tasks
-[*] flattr - provides a "Flattr Us" button
+[*] flattrwidget - provides a "Flattr Us" button
 [*] flip - create upside down text
 [*] fortunate - displays random quote (fortune cookie). Requires setting up a fortune server.
 [*] frphotos - import photo albums from Friendica
@@ -26,12 +29,16 @@
 [*] libertree - crosspost to Libertree
 [*] likebanner - create a "like us on red#matrix" banner image
 [*] ljpost - crosspost to LiveJournal
+[*] logrot - logfile rotation utility
 [*] mahjongg - Chinese puzzle game
 [*] mailhost - when using multiple channel clones, select one to receive email notifications
 [*] mayan_places - set location field to a random city in the Mayan world
 [*] morechoice - additional gender/sexual-preference choices for profiles (not safe for work)
 [*] moremoods - Additional mood options
 [*] morepokes - additional poke options (not safe for work)
+[*] msgfooter - provide legal or other text on each outgoing post
+[*] noembed - use noembed.com as an addition to Hubzilla's native oembed functionality (currently broken)
+[*] nofed - prevent "federation" of channel posts, maintains all interaction on your site
 [*] nsabait - add random terrorism related hashtags to your posts
 [*] nsfw - Highly recommended plugin to collpase posts with inappropriate content
 [*] openclipatar - choose a profile photo from hundreds of royalty free images
@@ -42,21 +49,29 @@
 [*] qrator - generate QR code images
 [*] rainbowtag - display your tag and category clouds in colours
 [*] randpost - post/reply bot based on and requires fortunate
-[*] redred - Crosspost to another Redmatrix or Hubzilla channel
+[*] redfiles - import file storage from redmatrix
+[*] redphotos - import photo albums from redmatrix
+[*] redred - Crosspost to another Red Matrix or Hubzilla channel
 [*] rtof - Crosspost to Friendica
+[*] sendzid - add 'zid' auth parmaters to all outbound links, not just in-network links
+[*] skeleton - sample addon/plugin to demonstrate plugin development
 [*] smiley_pack - extend the built-in smilie (emoticon) support
 [*] smileybutton - provides a smiley selector on the post window
 [*] startpage - set a personal preferred page to redirect after logging in.
+[*] statistics_json - Diaspora statistics generator
 [*] statusnet - GNU-social and StatusNet crosspost [zrl=[baseurl]/help/addons_gnusocial]Posting To Gnu Social[/zrl]
 [*] superblock - Highly recommended - completely block an offensive channel from your stream
+[*] testdrive - Turns your hub into a test drive site with accounts that expire after a trail period.
 [*] tictac - 3D tic-tac-toe
 [*] torch - flashlight app
 [*] tour - feature tour for new members
 [*] twitter - crosspost to Twitter
 [*] upload_limits - discover what server setting (there are a few) may be causing large photo uploads to fail
 [*] visage - show visitors to your channel
+[*] wholikesme - provides a page to display what connections have 'liked' your posts the most
 [*] webRTC - use an external server (mayfirst.org) to negotiate webRTC hookups
 [*] wppost - crosspost to WordPress (or other wordpress XMLRPC service)
+[*] xmpp - XMPP chat based on converse.js
 [/list]
 
 [h3]Addon Repositories[/h3]

doc/admins.bb

@@ -0,0 +1,15 @@
+[h2]Documentation for Hub Administrators[/h2]
+
+[h3]Administrators[/h3]
+
+[zrl=[baseurl]/help/install]Install[/zrl]
+[zrl=[baseurl]/help/red2pi]Installing $Projectname on the Raspberry Pi[/zrl]
+[zrl=[baseurl]/help/Hubzilla_on_OpenShift]$Projectname on OpenShift[/zrl]
+[zrl=[baseurl]/help/troubleshooting]Troubleshooting Tips[/zrl]
+[zrl=[baseurl]/help/hidden_configs]Tweaking $Projectname's Hidden Configurations[/zrl]
+[zrl=[baseurl]/help/faq_admins]FAQ For Admins[/zrl]
+[zrl=[baseurl]/help/service_classes]Service Classes[/zrl]
+[zrl=[baseurl]/help/directories]Working with and configuring Directories[/zrl]
+[zrl=[baseurl]/help/theme_management]Theme Management[/zrl]
+
+

doc/api/statuses_update.bb

@@ -0,0 +1,23 @@
+[h2]statuses/update[/h2]
+Parameters
+
+    title: Title of the status
+    status: Status in text [or bbcode] format
+    htmlstatus: Status in HTML format
+    in_reply_to_status_id
+    lat: latitude
+    long: longitude
+    media: image data
+    source: Application name
+    group_allow
+    contact_allow
+    group_deny
+    contact_deny
+
+
+Example
+
+[code]
+curl -u theUsername:thePassword http://mywebsite/api/statuses/update.xml -d status='Hello world'
+[/code]
+

doc/api_posting.bb

@@ -4,19 +4,20 @@ The API allows you to post to the red# by HTTP POST request. Below you see an ex
 
 [code]curl -ssl -u [color=blue]$E-Mail[/color]:[color=blue]$Password[/color] -d "[color=blue]$Parameters[/color]" [url][observer=1][observer.baseurl][/observer][observer=0]example.com[/observer]/api/statuses/update
 [/url][/code]
-[table][tr][td]$E-Mail:[/td][td]The E-Mail Adress you use to login[/td][/tr]
+[table][tr][td]$E-Mail:[/td][td]The E-Mail Address you use to login, or the channel nickname (without the hostname)[/td][/tr]
 [tr][td]$Password:[/td][td]The Password you use to login[/td][/tr]
 [tr][td]$Parameters:[/td][td]That's the interesting part, here you insert the content you want to send using the following parameters:[/td][/tr][/table]
 
 [ul]
 [*]title: the title of the posting
-[*]channel: the channel you want to post to 
+[*]channel: the channel you want to post to (do not use this parameter with HTTP Basic auth)
 [*]category: a comma-seperated list of categories for the posting
 [*]status: the content of the posting, formatted with BBCode
                                 OR
 [*]htmlstatus:the content of the posting, formatted in HTML.
 [/ul]
 
+To post to a specific channel, replace the email address with the channel nickname. If you supply the channel parameter, it has to match the "email", but is superfluous anyway.
 
 Instead of calling [observer=1][observer.baseurl][/observer][observer=0]example.com[/observer]/api/statuses/update which returns a json (you could also add .json on the end to clarify) output, you can use [observer.baseurl]/api/statuses/update.xml to get an xml formatted return.
 

doc/bbcode.html

@@ -7,11 +7,11 @@
 <li>[u]underlined[/u] - <u>underlined</u><br />
 <li>[s]strike[/s] - <strike>strike</strike><br />
 <li>[color=red]red[/color] - <span style="color:  red;">red</span><br />
-<li>[url=https://redmatrix.me]$Projectname[/url] <a href="https://redmatrix.me">$Projectname</a><br />
-<li>[img]https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg" alt="Image/photo" /><br />
-<li>[img float=left]https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg" style="float:left;" alt="Image/photo" /><br />
+<li>[url=https://zothub.com]$Projectname[/url] <a href="https://zothub.com">$Projectname</a><br />
+<li>[img]https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg" alt="Image/photo" /><br />
+<li>[img float=left]https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg" style="float:left;" alt="Image/photo" /><br />
 <div style="clear:both;"></div>
-<li>[img float=right]https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://redmatrix.me/images/default_profile_photos/rainbow_man/48.jpg" style="float:right;" alt="Image/photo" /><br />
+<li>[img float=right]https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg[/img] <img src="https://zothub.com/images/default_profile_photos/rainbow_man/48.jpg" style="float:right;" alt="Image/photo" /><br />
 <div style="clear:both;"></div>
 <li>[code]code[/code] <code>code</code><br />
 <li>[quote]quote[/quote] <blockquote>quote</blockquote><br />
@@ -50,8 +50,8 @@
 <p>$Projectname specific codes</p>
 <ul class="listbullet" style="list-style-type: circle;">
 <li>[&amp;copy;] &copy;  This works for many HTML entities</li>
-<li>[zrl]https://redmatrix.me[/zrl] Magic-auth version of [url] tag</li>
-<li>[zmg]https://redmatrix.me/some/photo.jpg[/zmg] Magic-auth version of [img] tag<br /></li>
+<li>[zrl]https://zothub.com[/zrl] Magic-auth version of [url] tag</li>
+<li>[zmg]https://zothub.com/some/photo.jpg[/zmg] Magic-auth version of [img] tag<br /></li>
 
 <li>[observer=1]Text to display if observer is authenticated in the matrix[/observer]</li>
 <li>[observer=0]Text to display if observer is <strong>not</strong> authenticated in the matrix[/observer]</li>

doc/bugs.bb

@@ -0,0 +1,45 @@
+[h2]Bugs, Issues, and things that go bump in the night...[/h2]
+[h3]Something went wrong! Who is charge of fixing it?[/h3]
+
+[b]Hubzilla Community Server[/b]
+
+Hubzilla Community Server is open source software which is maintained by "the community" - essentially unpaid volunteers.
+
+[b]Hubzilla Enterprise Server[/b]
+
+Hubzilla Enterprise Server is commercial software with a variety of support plans depending on the specific license terms.
+
+ 
+The first thing you need to do is talk to your hub administrator - the person who runs and manages your site. They are in the unique position of having access to the internal software and database and [b]logfiles[/b] and will need to be involved in fixing your problem. Other people "on the net" can't really help with this. The first thing the hub administrator needs to do is look at their logs and/or try to reproduce the problem. So try to be as helpful and courteous as possible in helping them look into the problem. 
+
+To find your hub administrator (if you don't know who they are) please look at [url=[baseurl]/siteinfo]this page[/url]. If they have not provided any contact info on that page or provided an "Impressum" there, see [url=[baseurl]/siteinfo/json]this site info summary[/url] under the heading "admin:".
+
+[h3]I'm a hub administrator; what do I do?[/h3]
+
+The software instructions which provide this server are open source and are available for your inspection. If an error message was reported, often one can do a search on the source files for that error message and find out what triggered it. With this information and the site logfiles it may be possible to figure out the sequence of events leading to the error. There could also be other sites involved, and the problem may not even be on your site but elsewhere in the network. Try to pin down the communication endpoints (hubs or sites) involved in the problem and contact the administrator of that site or those sites. Please try and provide an event time of when things went wrong so it can be found in the logs. Work with the other administrator(s) to try and find the cause of the problem. Logfiles are your friend. When something happens in the software that we didn't expect, it is nearly always logged. 
+
+[h3]The white screen of death[/h3]
+
+If you get a blank white screen when doing something, this is almost always a code or syntax error. There are instructions in your .htconfig.php file for enabling syntax logging. We recommend all sites use this. With syntax logging enabled repeat the sequence which led to the error and it should log the offending line of code. Hopefully you will be able to fix the problem with this information. When you do, please submit the fix "upstream" so that we can share the fix with the rest of the project members and other communities. This is a key benefit of using open source software - we share with each other and everybody benefits.
+
+[h3]I'm stumped. I can't figure out what is wrong.[/h3]
+
+[b]Hubzilla Enterprise Server[/b]
+
+Please make contact with the vendor - who will have provided you with support contact details. Preferably this contact will be made by the hub administrator so that he/she can assist us in collecting the necessary issue details. We will assign a ticket and notify you of progress. 
+
+
+[b]Hubzilla Community Server[/b]
+
+At this point it might be worthwhile discussing the issue on one of the online forums. There may be several of these and some may be more suited to your spoken language. As a last resort, try "Channel One", which is in English.
+
+If the community developers can't help you right away, understand that they are volunteers and may have a lot of other work and demands on their time. At this point you need to file a bug report. You will need an account on github.com to do this. So register, and then visit https://github.com/redmatrix/hubzilla/issues
+. Create an issue here and provide all the same information that you provided online. Don't leave out anything. 
+
+Then you wait. If it's a high profile issue, it may get fixed quickly. But nobody is in charge of fixing bugs. If it lingers without resolution, please spend some more time investigating the problem. Ask about anything you don't understand related to the behaviour. You will learn more about how the software works and quite possibly figure out why it isn't working now. Ultimately it is somebody in the community who is going to fix this and you are a member of the community; and this is how the open source process works.
+
+
+[b]In either case[/b]
+
+Other developers working to fix the problem may need to find out more, so do your homework and document what is happening and everything you've tried. Don't say "I did xyz and it didn't work." That doesn't tell us anything. Tell us precisely what steps you took and what you expected the result to be, and precisely what happened as a result. If there were any error messages, don't say "there was an error message". Tell us exactly what the message said.
+       

doc/ca/Privacy.md

@@ -0,0 +1,78 @@
+Política de Privacitat
+======================
+
+
+##Sumari##
+
+
+Q: Qui pot veure el meu contingut?
+ 
+A: Per defecte TOTHOM A INTERNET, EXCEPTE que ho hagis restringit. $Projectname permet te triar el nivell de privacitat que desitgis. El contingut restringit no serà visible als "espies de la xarxa " ni als anunciants. Estarà protegit contra l'espionatge per estranys - de la millor manera que sabem. Administradors de nodes amb habilitats i paciència suficients poden ser capaços d'espiar a algunes comunicacions privades però han de invertir molt esforç per fer-ho. Hi maneres de Privacitat en $Projectname que són fins i tot resistents a escoltes il·legals pels administradors de nodes hàbils i decidits.
+
+Q: Pot el meu contingut ser censurat?
+
+A: $Projectname (la xarxa de nodes) NO POT censurat el teu contingut. Els administradors de servidor i del node estan subjectes a les lleis locals i poden suprimir contingut censurable des del seu lloc/node. Qualsevol POT convertir-se en un administrador de node, inclòs tu; i per tant publicar contingut que d'altra manera podria ser censurat. Encara i això estaràs subjecte a les teves lleis locals. Es la teva decisió.   
+
+
+##Definicions
+
+**$Projectname** 
+
+Coneguda d'un altre forma com "la xarxa", Hubzilla és una col·lecció d'equips individuals/servidors (àlies nodes) que connecten entre si per formar una xarxa cooperativa més gran.
+
+**node (hub)** 
+
+Un equip individual o un servidor connectat a $Projectname. Aquests són proporcionats per un **administrador del node** i poden ser públics o privats, de pagament o gratuïts.
+
+**administrador del node**
+
+L'operador del sistema d'un node individual. 
+
+##Polítiques
+
+**Informació Pública**
+
+Qualsevol informació o cualsevol cosa publicada per tu a $Projectname POT ser pública o visible a qualsevol a Internet. En la mesura que sigui possible, $Projectname te permet protegir el contingut i restringir qui pot veure-ho.
+
+La teva foto de perfil, el nom del teu canal, i la ubicació (URL o adreça de xarxa) del seu canal són visibles per a qualsevol persona a Internet i els controls de privacitat no afectaràn la visualització d'aquests elements.
+
+POTS proporcionar, a més, un altra informació de perfil. Qualsevol informació que proporcionis en el teu perfil públic **per defecte** POT ser transmesa a altres centres en $Projectname i, a més, és possible que aparegui en el directori del canal. POTS restringir la visualització d'aquesta informació de perfil. Es POT restringir (permets que visualitzin), només als membres del teu nucli, o només les connexions (amics), o altres conjunts limitats de espectadors com desitgis. Si vols que el teu perfil estigui restringit, has d'establir la configuració de privacitat adequada, o simplement NO PROPORCIONIS informació addicional.
+
+**Contingut**
+
+El contingut que proporciones (missatges d'estat, fotos, arxius, etc.) et pertany a tu. Per defecte a $Projectname és publica contingut de forma oberta i visible per qualsevol en internet (PÚBLIC). POTS controlar això a la seva configuració del canal i restringir els permisos per defecte o pot restringir la visibilitat de qualsevol article únic publicat per separat (PRIVAT). Els desenvolupadors $Projectname s'han d'assegurat que el contingut restringit és visible NOMÉs per als que estan a la llista d'autoritzats - han emprat el millor d'ells per això.
+
+El contingut (especialment les entrades d'estat) que es comparteixen amb altres xarxes o que has fet visible a qualsevol a Internet (PÚBLIC) no poden ser retirats (esborrats) fàcilment un cop que ha estat publicats. Pot haver estat compartit amb altres xarxes i posat a disposició a través de feeds RSS/Atom. També pot haver estat sindicat en altres llocs $Projectname. Pot aparèixer en les xarxes d'espionatge i recerques a Internet. Si no desitges aquest comportament per defecte, si et plau,  ajusta la configuració del canal i restringeix qui pot veure el teu contingut.
+
+**Comentaris i entrades a Forums**
+
+Els comentaris als llocs que es van crear per altres i entrades que es designen com missatges al fòrum pertanyen tant a tu com al creador/autor, però la distribució d'aquests llocs no està sota el teu control directe. Aquestes entrades/comentaris es poden tornar a distribuir als altres, i pot ser visible per qualsevol en internet. En el cas dels comentaris, el creador del "primer missatge" al fil al qual està responent controla la distribució de tots els comentaris i respostes a aquest missatge.
+
+
+**Informació Privada**
+
+Els desenvolupadors de $Projectname aseguraràn que cualsevol contingut que creis designat com PRIVAT estarà protegit contra estaràn protegits contra les escoltes - han emprat el millor d'ells per això. El contingut privat generalment s'amaga o enfosqueix fins i tot als administradors de nodes. També s'eliminen les notificacions per correu electrònic. És difícil, però no impossible que aquest contingut sigui vist per un administrador de node. El xifrat extrem a extrem es facilita com una característica opcional i fa el contingut, NO VISIBLE, fins i tot per un administrador determinat a veure'l.
+
+##Privacitat de la Identitat
+
+La Privacitat per la teva identitat és un altre aspecte. En tenir una identitat descentralitzada a $Projectname, la seva privacitat s'estén més enllà del seu node d'inici. Si vols tenir el control complet de la teva privacitat i seguretat has d'executar el teu propi centre en un servidor dedicat. Per a moltes persones, això és complicat i pot esgotar les seves habilitats tècniques. Així que anem a enumerar algunes precaucions que pots fer per assegurar la teva privacitat tant com sigui possible.
+
+Una identitat descentralitzat té molts avantatges i te dóna un munt de característiques interessants, però has de ser conscient del fet que la teva identitat és coneguda per altres centres de la xarxa $Projectname. Un d'aquests avantatges és que altres canals poden servir contingut personalitzat i permetrà veure el contingut privat (com fotos privades que altres volen compartir amb vostè). Per això els canals necessiten saber qui ets. Però entenem que de vegades aquests altres canals en saben més de tu del que pugui desitjar. Per exemple, el plug-in Visage pot dir-li al propietari d'un canal l'última vegada que vas visitar el seu perfil. Pots renunciar fàcilment a aquest baix nivell de seguiment, que creiem inofensiu.
+
+* Pots activar [No Em Segueixis (anglès:Do Not Track (DNT))](http://donottrack.us/) al teu navegador web. Respectem aquesta nova política de privacitat proposada. Tots en navegadors moderns soporten DNT. Trobaràs als ajustos de privacitat del teu navegador web o sino pots consultar el manual del navegador. Això no afectarà la funcionalitat de $Projectname. Aquest ajust, segurament,  es suficient per la majoria de la gent.
+
+* Pots [deshabilitar publicacions](ajustos) del teu canal al nostre canal de directoris. Si vols que la gent trobi el teu canal, has de facilitar la teva direcció del canal a ell(a). Pensem que això es un bon indicador que, en aquest cas, vols es un extra de privacitat i automaticament s'activarà "No Em Segueixis" (DNT).
+
+* Pots tenir un node blocat. Això significa que tots els canals i contingut en aquest node no es públic i invisible al món exterior. Això és quelcom que només ho pot fer l'administrador del teu node. També es respecta això i automàticament s'activa DNT si és sel·leccionat.
+
+###Censura
+
+$Projectname és una xarxa global que inclou a totes les religions i cultures. Això no implica que tots els membres de la xarxa pensin de la mateixa manera que tu pel que fa en temes polèmics, i algunes persones poden sentir una forta oposició al contingut que publiquis. En general, si desitjes publicar alguna cosa que saps que no és universalment acceptable, el millor enfocament consisteix a restringir l'audiència utilitzant els controls de privacitat a un petit cercle d'amics.
+
+$Projectname com un proveïdor de la xarxa no pot censurar el contingut. No obstant això, els administradors de node poden censurar qualsevol contingut que apareix en el seu centre per complir amb les lleis locals o fins i tot el seu judici personal. La seva decisió serà inapel·lable. Si té problemes amb qualsevol administrador de node, pots moure el teu compte i publicacions a un altre lloc que estigui més d'acord amb les teves expectatives. Si us plau comprova (periòdicament) les [Condicions d'ús](help/TermsOfService) del teu centre per aprendre sobre les normes o directrius. Si el teu contingut consisteix en un material que és il·legal o que pugui causar problemes, es recomana ENCARIDAMENT a allotjar tu mateix (convertir-te en un administrador de node). Podràs trobar que el teu contingut està bloquejat en alguns centres, però $Projectname, com a xarxa, no pot bloquejar una vegada publicat.
+
+$Projectname RECOMANA que els administradors de nodes ofereixin un període de gràcia de 1-2 dies entre advertir al titular d'un compte, que hi ha contingut que ha de ser eliminat, i l'eliminació física o desactivació del compte. Això li donarà al propietari del contingut l'oportunitat d'exportar els seus canal de meta-dades i importar-lo a un altre lloc. En rares ocasions el contingut pot ser de tal naturalesa que es justifiqui l'eliminació immediata del compte. Aquesta és una decisió del node, no és una decisió de $Projectname.
+
+Si normalment i regularment publiques contingut per a adults o de caràcter ofensiu, es recomana ENCARIDAMENT que marquis el compte com "NSFW" (No segur per al treball). Això evitarà que es mostri la teva foto de perfil al directori, excepte per als espectadors que han optat per desactivar el "mode segur". Si la teva foto de perfil es considera per a adults o ofensiu pels administradors de directori, l'administrador del directori POT marcar la teva foto de perfil com NSFW. Actualment no hi ha un sistema oficial per revertir aquesta decisió. Així DEURIES marcar tu mateix, el teu compte, com a NSFW si és probable que no sigui apropiat per a audiències generals.
+
+#include doc/macros/main_footer.bb;

doc/ca/TermsOfService.md

@@ -0,0 +1,8 @@
+Termes del Servei
+================
+Aquest node Hubzilla encara no te Termes del Servei. Estic buscant un model adient.....
+En resum empreu el servei respectant els altres i no cometeu il·legalitats. Aquest node no s'identifica amb les opinions dels usuaris ni es responsablilitza de les mateixes. 
+
+
+#include doc/SiteTOS.md;
+

doc/ca/about.bb

@@ -0,0 +1,27 @@
+[b]Que és[/b]
+
+$Projectname és una xarxa de comunicacions descentralitzades, que permet comunicacions lliures de censura, amb privacitat, i per tant lliure de les urpes opressores de gegants contemporanis de comunicació corporativa. Aquests gegants funcionen principalment com xarxes d''espionatge per a cobrar a clients de totes les classes i tipus, a més de monopolitzar i centralitzar Internet; una característica que no formava part dels objectius originals i revolucionàries que van produir la World Wide Web. 
+
+$Projectname és gratuït i de codi obert. Està dissenyat per a creixèr des de una raspberry pi de 35€, fins el màxim de la gama de servidors AMD i servidors empresarials de múltiples nuclis que funcionen amb Intel Xeon. Pot ser utilitzat per a suportar la comunicació entre uns pocs individus, o l'escalar a molts milers i més.
+
+$Projectname pretén ser àgil i capaç de treballar amb múltiples recursos informàtics. És fàcil d'utilitzar pels usuaris habituals d''ordinadors, així com per administradors de sistemes i desenvolupadors. 
+
+
+La forma d'utilitzar depèn de com voleu utilitzar-lo.
+
+Està escrit en el llenguatge de scripting PHP, pel que és trivial instal·lar-lo en qualsevol plataforma d'allotjament en ús avui en dia. Això inclou l'auto-allotjament a casa, en els proveïdors d'allotjament, com ara [url=http://mediatemple.com/]Media Temple[/url] i [url=http://www.dreamhost.com/]Dreamhost[/url], o en servidors virtuals i dedicats, oferts per gràcia de [url=https://www.linode.com]Linode[/url],  [url=http://greenqloud.com]GreenQloud[/url] o [url=https://aws.amazon.com]Amazon AWS[/url].
+
+
+En altres paraules, $Projectname es pot executar en qualsevol plataforma informàtica que vingui amb un servidor web, una base de dades compatible amb MySQL i el llenguatge de scripting PHP.
+
+
+          
+De pas, $Projectname ofereix una sèrie de atractius únics:
+          
+[b]Identificació amb un sol clic d'usuari:[/b] vol dir que pot accedir a llocs en $Projectname simplement fent clic als enllaços a llocs remots. L''autenticació passa automàgicament en segon plà. Oblida't de recordar múltiples noms d'usuari amb múltiples contrasenyes en accedir a diferents llocs en línia.
+
+[b]La clonació:[/b] de les identitats en línia. La seva presència en línia ja no ha d'estar lligat a un sol servidor, nom de domini o adreça IP. Pot clonar i importar la seva identitat (o canal com en diem) a un altre servidor (o, en un concentrasor com son coneguts els servidors a $Projectname). Ara, si el seu concentrador/servidor cau, no et preocupis, els teus contactes, missatges [i]*[/i], i els missatges de [i]*[/i] automàgicament segueixen estant disponibles i accessibles al seu canal clonat. [i](*: només es perden els missatges i els missatges a partir del moment en que va clonar el seu canal)[/i]
+
+[b]Privacitat:[/b] les identitats a $Projectname (Zot identificadors) es poden eliminar, salvar/descarregar i clonar. L'usuari té el control total de les seves dades. Si vostè decideix esborrar tot el seu contingut i esborrar la seva ID Zot, tot el que has de fer és fer clic a un enllaç i s'eliminen immediatament d concentrador/servidor. No hi ha preguntes, sense problemes.
+
+#include doc/macros/main_footer.bb;

doc/ca/accounts_profiles_channels_basics.bb

@@ -0,0 +1,19 @@
+[size=large][b]Comptes, Perfils i Canals[/b][/size]
+
+Una vegada t'has registrat amb un [i]compte[/i] al servei, també has de crear un [i]perfil[/i] i un [i]canal[/i]. 
+
+[b]Compte[/b]
+Tens i]un[/i] compte. Això consisteix en una adreça de correu electrònic i una contrasenya. Amb el teu compte pots accedit al teu perfil i al teu canal.
+[i]Pensa en el teu compte com una via per autenticar-te al teu lloc $Projectname. Et permet fer coses com, crear perfils i canals amb els que podràs  amb altres persones.[/i]
+
+[b]Perfil[/b]
+Segurament t'has registrat a altres serveis a internet, com fòrums, o comunicacions en línia. Per a tots ells proveeixes alguna informació de tu, data de naixement, país, edat, i que es el que d'agrada. [observer=1]If you like you can see your profile here: [baseurl]/profile/[observer.webname] and edit it by clicking on the pencil icon next to your avatar image. [/observer]
+Unlike other services $Projectname offers you the advantage of creating [i]many more profiles[/i]. That way you are able to distinguish between profiles targeted specially at everyone (your public profile), your work mates, your family and your partner.
+[i]Think of your profile as the basic information about yourself you tell other people.[/i]
+
+[b]Channel[/b]
+During the registration you created your first [i]channel[/i]. Yes, besides several profiles you are able to have several channels. This might be a bit confusing in the beginning, but let's clear things up. You already have created one channel. You can use this one for the public, to communicate with people about every day life. But perhaps you are an avid book reader and many people are bored by that. So  you open a [i]second channel[/i] just for the book lovers, where you all can talk about books as much as you like. Obviously this is a new stream of posts, with a new profile (... or new profile[i]s[/i] ...) and completely different contacts. Some connections might exist in both channels, but there will be some that are exclusive to only one of both. You yourself just switch between both of them just like you would in real life switch when talking to people you meet on the street or people you meet specially to talk about books. You can even connect to yourself, or better: to your other channel. :)
+[i]Think of a channel as different spaces dedicated to different topics where you meet with different people.[/i]
+
+#include doc/macros/main_footer.bb;
+

doc/ca/admins.bb

@@ -0,0 +1,15 @@
+[h2]Documentació per a Administradors de Concentradors (dits Hubs en anglès)[/h2]
+
+[h3]Administradors[/h3]
+
+[zrl=[baseurl]/help/install]Instal·lació[/zrl]
+[zrl=[baseurl]/help/red2pi]Instal·lant $Projectname en una Raspberry Pi[/zrl]
+[zrl=[baseurl]/help/Hubzilla_on_OpenShift]$Projectname en OpenShift[/zrl]
+[zrl=[baseurl]/help/troubleshooting]Consells per solucionar problemes[/zrl]
+[zrl=[baseurl]/help/hidden_configs]Afinant Configuracions ocultes de $Projectname[/zrl]
+[zrl=[baseurl]/help/faq_admins]FAQ Per als Administradors[/zrl]
+[zrl=[baseurl]/help/service_classes]Classes de Serveis[/zrl]
+[zrl=[baseurl]/help/directories]Treballant amb i configuració de directoris[/zrl]
+[zrl=[baseurl]/help/theme_management]Gestió de Temes[/zrl]
+
+

doc/ca/channels.bb

@@ -0,0 +1,32 @@
+[b]Canals[/b]
+
+
+
+Els canals són simplement col·leccions de continguts emmagatzemats en un sol lloc. Un canal pot representar qualsevol cosa. Podria representi, un lloc web, un fòrum, àlbums de fotos, qualsevol cosa. Per a la majoria de la gent, el seu primer canal serà "Ell" mateix.
+
+Les característiques més importants d'un canal que "em" representa són:
+
+Comunicacions segures i privades "lliures d'spam"
+
+Identitat i "un sol inici de sessió " a través de tota la xarxa
+
+Controls de privacitat i permisos que s'estenen a tota la xarxa
+
+Serveis de directori (com una guia telefònica)
+
+En resum, una cadena que et representa a tú mateix és "jo, a l'Internet ".
+
+Hauràs de crear el teu primer canal com a part del procés de registre. També pots crear canals additonal des del menú "Selecciona canal ".
+
+Se li demanarà que proporcioni un nom de canal, i un curt sobrenom. Per a un canal que et representa a tu mateix, és una bona idea utilitzar el teu nom real per assegurar-se que els teus amics puguin trobar-te, i connectar al teu canal. El sobrenom curt s'utilitzarà per generar un nom "intermediari". Això és una mica com un nom d'usuari, i es veurà com una adreça de correu electrònic, prenent forma sobrenom@domini. Has de pensar una mica en que desitges utilitzar aquí. Imagina a algú demanant la teu nom intermediari i haver de dir-los que és "Crema-miss_issipi.123". "cremamississipi" seria una opció molt millor.
+
+Una vegada que hagis creat el teu canal, se't portarà a la pàgina de configuració, que permet definir el teu canal, i establir els teus permisos predeterminats.
+
+Un cop fet això, el canal està llest per utilitzar. En [observer=1][observer.url][/observer][observer=0]example.com/channel/username[/observer] trobaràs el teu canal de "flux". Aquí és on apareixerà la teva activitat recent, en ordre cronològic invers. Si publica a la casella "compartir", apareixerà l'entrada a la part superior del teu flux. També trobaràs enllaços a totes les altres àrees de comunicació per aquest canal. El fitxa "en quant a " conté el teu "perfil", la pàgina de fotos conté àlbums de fotos, i la pàgina d'esdeveniments conté esdeveniments compartits per tu i els teus contactes.
+
+La pàgina "Xarxa" conté tots els missatges recents de tota la xarxa $Projectname, de nou amb sentit cronològic invers. Els missatges exactes que apareixen aquí depenen en gran mesura dels teus permisos. En la teva forma més permissiva, rebràs missatges de desconeguts. A l'altre extrem de l'escala, podràs veure els missatges de només els seus amics - o si ets realment antisocial, només els teus propis missatges.
+
+Com s'ha esmentat al principi, són possibles molts altres tipus de canal, però, el procediment de creació és el mateix. La diferència entre els canals es troba principalment en els permisos assignats. Per exemple, una cadena per a l'intercanvi de documents amb els seus col.legues a la feina, és millor si canvieu valors més permissius per "Em pot escriure en el meu" públic "magatzem d'arxius ", que un compte personal. Per obtenir més informació, consulteu la secció de permisos.
+                                                                                  
+
+#include doc/macros/main_footer.bb;

doc/ca/develop.bb

@@ -0,0 +1,34 @@
+[h2]Documentació per Desenvolupadors[/h2]
+
+[h3]Documentació Tècnica[/h3]
+[zrl=[baseurl]/help/Zot---A-High-Level-Overview]Una vista en profunditat a Zot[/zrl]
+[zrl=[baseurl]/help/zot]Una introducció a Zot[/zrl]
+[zrl=[baseurl]/help/zot_structures]Estuctures a Zot[/zrl]
+[zrl=[baseurl]/help/comanche]Descripcions de Pàgina a Comanche[/zrl]
+[zrl=[baseurl]/help/Creating-Templates]Creant Plantilles a Comanche[/zrl]
+[zrl=[baseurl]/help/Widgets]Artilugis[/zrl]
+[zrl=[baseurl]/help/plugins]Complements[/zrl]
+[zrl=[baseurl]/help/hooklist]Ganxos (detallat - en construcció)[/zrl]
+[zrl=[baseurl]/help/doco]Documentació[/zrl]
+[zrl=[baseurl]/help/DerivedTheme1]Creant Temes Derivats[/zrl]
+[zrl=[baseurl]/help/schema_development]Esquemes[/zrl]
+[zrl=[baseurl]/help/Translations]Traduccions[/zrl]
+[zrl=[baseurl]/help/developers]Desenvolupadors[/zrl]
+[zrl=[baseurl]/help/intro_for_developers]Introducció per Desenvolupadors[/zrl]
+[zrl=[baseurl]/help/database]Documentació del esquema de la base de dades[/zrl]
+[zrl=[baseurl]/help/api_functions]Funcions de la API[/zrl]
+[zrl=[baseurl]/help/api_posting]Entrades a $Projectname emprant la API[/zrl]
+[zrl=[baseurl]/help/developer_function_primer]Funcions Red 101[/zrl]
+[zrl=[baseurl]/doc/html/]Refrència del Codi (Doxygen generat - ajust de cookies)[/zrl]
+[zrl=[baseurl]/help/to_do_doco]Llista de Pendents per a la Documentació del Projecte $Projectname[/zrl]
+[zrl=[baseurl]/help/to_do_code]Llista de Pendents per a Desenvolupadors[/zrl]
+[zrl=[baseurl]/help/roadmap]Full de ruta[/zrl]
+[zrl=[baseurl]/help/git_for_non_developers]Git per a No-Desenvolupadors[/zrl]
+[zrl=[baseurl]/help/dev_beginner]Manual pas-a-pas per a desenvolupadors principiants[/zrl]
+
+[h3]Preguntes Més Freqüents (FAQ) Per Desenvolupadors[/h3]
+[zrl=[baseurl]/help/faq_developers]FAQ Per Desenvoupadors[/zrl]
+
+[h3]Recursos Externs[/h3]
+[url=https://zothub.com/channel/one]Development Channel[/url]
+[url=https://federated.social/channel/postgres]Postgres-specific $Projectname Admin Support Channel[/url]

doc/ca/features.bb

@@ -0,0 +1,202 @@
+[b][size=36]Característiques[/size][/b]
+
+[b][size=24]$Projectname en Poques Paraules[/size][/b]
+
+TL;DR
+
+$Projectname proveeix publicacions i comunicacions socials distribuïdes amb [b]permisos descentralitzats[/b].
+
+Així, que vol dir "permisos descentralitzats"? Em donen la habilitat de compàrtir quelcom al meu lloc web (fotos, mitjans, arxius, pàgines web, etc.) Aamb persones específiques en llocs completament diferents - encara que no necesàriament amb [i]tothom[/i] en aquests llocs web; i no es necessita tenir un usuari i contrasenya en aquests altres llocs web per poder fer-ho ni per poder tafanejar el que ells han compartit amb mi. Ells tenen un usuari i contrasenya al seu lloc web i "màgica autenticació" entre llocs web afiliats a la xarxa. També, al esser centralitzat, no hi ha terceres parts que puguin saltar-se els permisos i veure el que estàs fent a la xarxa.
+
+$Projectname combina moltes característiques dels blocs tradicionals, les xarxes socials i els mitjans de comunicació, sistemes de gestió de continguts i emmagatzematge en el núvol personal en un marc de treball fàcil d'utilitzar. Cada node de la xarxa pot funcionar independent o enllaçar amb altres nodes per crear una súper-xarxa; deixant la privacitat sota el control de l'editor original. 
+
+$Projectname és una aplicació de servidor web de codi obert escrit originalment en PHP/MySQL i és fàcilment instalable per aquells amb habilitats d'administració web bàsiques. També s'estén fàcilment a través de plugins i temes i altres eines de tercers.
+
+[b][size=24]Característiques de $Projectname[/size][/b]
+
+
+$Projectname és un tot terreny per a la publicació web i una xarxa de comunicacions amb diverses característiques úniques. Està dissenyat per a ser utilitzat per la gamma més àmplia de persones a la web, dels blocaires no tècnics, als programadors de PHP experts i administradors de sistemes experimentats.
+
+A aquesta pàgina s'enumeren algunes de les característiques fonamentals de $Projectname que s'inclouen amb la versió oficial. Igual que amb la majoria del programari lliure i de codi obert, pot haver moltes altres extensions, complements, plugins, temes i configuracions que estan limitats només per les necessitats i la imaginació dels membres.
+
+[b][size=24]Construït per la Privacitat i la Llibertat[/size][/b]
+
+Un dels objectius de disseny de $Projectname és permetre la comunicació fàcil a la web, mentre que preserva la intimitat, si així es desitja pels membres. Per aconseguir aquest objectiu, $Projectname inclou una sèrie de característiques que permeten nivells arbitraris de privacitat:
+
+[b]Control Lliscant d'Afinitat[/b]
+
+En afegir connexions en $Projectname, els membres tenen l'opció d'assignar nivells de "afinitat" (el prop que la seva amistat és amb el contacte) per a la nova connexió. Per exemple, quan s'afegeix a algú que resulta ser una persona a la que segueixes el seu bloc, podries assignar al seu canal un nivell d'afinitat de "Coneguts".
+
+D'altra banda, quan s'afegeix el canal d'un amic, que pot ser col·locat sota el nivell d'afinitat de "Amics".
+
+En aquest punt, l'eina [i]Control Lliscant d'Afinitat[/i] de $Projectname, que en general apareix a la part superior de la teva pàgina, ajusta el contingut de la pàgina per incloure als que estan dins del rang afinitat desitjada. No es mostraran Canals fora d'aquest rang, llevat que s'ajusti el Control Lliscant per incloure'ls.
+
+El Control Lliscant D'Afinitat permet filtrar instantàniament grans quantitats de contingut, agrupats per nivells de proximitat.
+
+[b]Filtre de Connexions[/b]
+
+Tens la capacitat de controlar amb precisió el que apareix en el teu flux emprant opcionalment el "filtre de connexió". Quan s'activa, l'editor de connexió proporciona entrades per a la selecció de criteris que ha de ser aparellat amb la finalitat d'incloure o excloure un lloc específic d'un canal específic. Una vegada que un missatge s'ha permès, tots els comentaris a aquest lloc se'ls permet, independentment de si s'ajusten als criteris de selecció. Pots seleccionar paraules que si estàn presents al bloc o assegurar-te que està inclosses en el teu flux. Les expressions regulars es poden usar per al control encara més fi, així com hashtags o fins i tot l'idioma detectat del lloc.
+
+[b]Llista de Control d'Accés[/b]
+
+En compartir el contingut, els membres tenen l'opció de restringir qui veu el contingut. En fer clic al cadenat sota de la casella de compartir, un pot triar els destinataris desitjats del lloc, fent clic en els seus noms.
+
+Un cop enviat, el missatge serà visible únicament pel remitent i els destinataris seleccionats. En altres paraules, el missatge no apareixerà al mur públic.
+
+Llistes de Control d'Accés es poden aplicar als continguts i missatges, fotos, esdeveniments, pàgines web, sales de xat i arxius.
+
+[b]Inici de Sessió Únic[/b]
+
+Les Llistes de Control d'Accés treballen per a tots els canals a la xarxa gràcies a la nostra tecnologia única d'inici de sessió únic. La majoria dels enllaços interns proporcionen una identitat símbolica que pot ser verificada en altres llocs $Projectname i s'utilitza per controlar l'accés als recursos privats. Entres una vegada al teu concentrador. Després d'això, l'autenticació de tots els recursos de $Projectname és "màgia".
+
+
+[b]WebDAV activa l'Emagatzematge d'Arxius[/b]
+
+Els arxius poden ser enviats a la teva àrea d'emmagatzematge personal utilitzant les teves utilitats del sistema operatiu (arrossegar i deixar anar en la majoria dels casos). Pots protegir aquests arxius amb la Llista de Control d'Accés amb qualsevol combinació de membres de $Projectname (incloent alguns membres d'altres terceres xarxes) o fer-los públics.
+
+[b]Foto Àlbums[/b]
+
+Salva Fotos en Àlbums. Totes les fotografies es poden protegir mitjançant llistes de control d'accés.
+
+[b]Calendari d'Esdeveniments[/b]
+
+Creació i gestió d'esdeveniments i tasques, que també poden ser protegits amb llistes de control d'accés. Els esdeveniments poden ser importats/exportats a un altre programari amb el format estàndard de la indústria vCalendar/iCal i compartida en els llocs amb els altres. Esdeveniments d'aniversari s'agreguen automàticament dels teus amics i es tradueixen a la seva zona horària correcta així sabràs exactament quan es produeix l'aniversari - no importa on et trobis en el món en relació amb la persona de l'aniversari. Els esdeveniments es creen normalment amb taulells d'assistència perquè els teus amics i connexions puguin confirmar la seva assistència a l'instant.
+
+[b]Sales de Xat[/b]
+
+Pots crear qualsevol nombre de sales de xat personals i permetre l'accés a través de llistes de control d'accés. Aquestes solen ser més segures que XMPP, IRC, i altres transports de missatgeria instantània, encara que també permetem l'ús d'aquests altres serveis a través de connectors.
+
+[b]Constructor de Pàgines Web[/b]
+
+$Projectname té moltes eines de creació de "Gestió de Contingut" per a la creació de pàgines web, incloent l'edició disposició, menús, blocs, widgets, i pàgina/contingut per regions. Totes aquestes poden ser d'accés controlat perquè les pàgines resultants siguin privades per al seu públic objectiu.
+
+[b]Apps/Aplicacions[/b]
+
+Apps poden ser construïdes i distribuïdes pels membres. Aquestes aplicacions són diferents del tradicional "bloqueig pel proveïdor" perquè són controlats completament per l'autor - que pot proporcionar control d'accés a les pàgines d'aplicacions de destinació i la càrrega consegüent per a aquest accés. La majoria de les aplicacions en $Projectname són gratuïtes i es poden crear fàcilment per aquells que no tenen coneixements de programació.
+
+[b]Disposició[/b]
+
+La disposició de la pàgina es basa en un llenguatge de descripció anomenat Comanche. $Projectname en si mateix està escrit amb dissenys de Comanche i es poden canviar. Això permet un nivell de personalització que no se sol trobar en els anomenats "entorns multiusuari".
+
+[b]Favorits[/b]
+
+Compartir i guardar/administrar els enllaços de favorits proporcionats en les converses.  
+ 
+ 
+[b]Xifrat de missatges privats i Dubtes sobre la confidencialitat[/b]
+
+El correu privat s'emmagatzema en un format ocult. Si bé això no és a prova de bales, en general, evita l'espionatge informal per l'administrador del lloc o ISP. 
+
+Cada canal de $Projectname té el seu propi conjunt únic de claus RSA (de 4096 bits) públiques i privades associades, que es genera quan es crea primer els canals. Això s'utilitza per protegir els missatges privats i missatges en trànsit.
+
+A més, els missatges poden ser creats utilitzant "xifrat d'extrem a extrem", que no pot ser llegit per els operadors $Projectname o ISPs o algú que no coneixi el codi d'accés.
+
+Els missatges públics en general, no es xifren en trànsit o en l'emmagatzematge.
+
+Els missatges privats poden ser retirats (com si no s'hagués enviat), encara que no es garanteix que el destinatari no l'ha llegit abans que l'hagis retirat.
+
+Entrades i missatges poden ser creats amb una data de venciment, moment en el qual s'eliminaran/borraran en el lloc del destinatari.
+
+
+[b]Servei de Federació[/b]
+
+A més de l'afegit (addon) "connectors d'entrades creuades" a una varietat de xarxes alternatives, no hi ha suport natiu per a la importació de continguts de RSS/Atom i usar això per crear canals especials. A més, una implementació experimental, però de treball del protocol de la Diàspora permet la comunicació amb la gent en les xarxes socials friendica i Diàspora descentralitzats. Actualment això es va marcar experimental a causa de que aquestes xarxes no tenen el mateix nivell de funcions de privacitat i encriptació i habilitats com $Projectname i poden presentar riscos per a la privacitat.
+També hi ha suport experimental per a l'autenticació OpenID que es pot utilitzar en les llistes de control d'accés. Aquest és un treball en progrés. El seu concentrador $Projectname pot ser utilitzat com un proveïdor d'OpenID per autenticar als serveis externs que utilitzen aquesta tecnologia.
+Els canals poden tenir permisos per convertir-se en "canals derivats" on dos o més canals existents es combinen per crear un nou canal d'actualitat. 
+
+[b]Col·leccions[/b]
+
+"Col·leccions" és la nostra implementació de grups de privacitat, que és similar a Google "Cercles" i "Aspectes" de Diaspora. Això li permet filtrar el flux entrant per col·leccions o grups, i automàticament configurar la llista de control d'accés sortint a només aquells en la Col·lecció quan publiqui. Pots obviar tot això en qualsevol moment (abans d'enviar l'entrada).
+
+
+[b]Serveis de Directori [/b]
+
+Oferim fàcil accés a un directori de membres i proporcionem eines descentralitzades capaçes de proporcionar amics "suggerits". Els directoris són llocs normals $Projectname que han optat per acceptar la funció de servidor de directori. Això requereix més recursos que la majoria dels llocs típics pel que no és el predeterminat. Els Directoris estan sincronitzats i reflecteixen el que tots ells contenen amb informació actualitzada sobre tota la xarxa (subjecte a demores normals de propagació).
+ 
+
+[b]TLS/SSL[/b]
+
+Els concentradors de $Projectname que empran TLS/SSL, les comunicacions entre client i servidor son encriptades via TLS/SSL.  Donades les recents revelacions en els mitjans de comunicació en relació amb, la vigilància global i l'elusió de xifrat pel NSA i GCHQ, és raonable suposar que les comunicacions HTTPS-protegides es poden veure compromeses de diverses maneres. Les comunicacions privades són en conseqüència xifrades en un nivell superior abans d'enviar-les fora del lloc.
+
+[b]Ajustos del Canals[/b]
+
+Quan es crea un canal, es tria un rol al que s'apliquen una sèrie d'ajustos de seguretat i privacitat preconfigurats. Aquests són elegits per les millors pràctiques per mantenir la privacitat en els nivells requerits.
+                      
+Si escolliu un paper privacitat "personalitzat", cada canal permet permisos de gra fi que es fixaràn per a diferents aspectes de la comunicació. Per exemple, sota la capçalera "Ajusts de Seguretat i Privacitat", cada aspecte a la banda esquerra de la pàgina, té sis (6) Opcions possibles de visualització/accés, que es poden seleccionar fent clic al menú desplegable. També hi ha una sèrie d'altres opcions de privacitat que pots editar.
+
+Les opcions són:                      
+  - Ningú, excepte tu mateix.
+  - Només aquells que es permeten específicament.
+  - Qualsevol persona en la seva llibreta d'adreces.
+  - Qualsevol en aquest lloc web.
+  - Qualsevol persona en aquesta xarxa.
+  - Qualsevol autenticat.
+  - Qualsevol persona a Internet.
+
+[b]Forums Públics i Privats[/b]
+
+Els fòrums són típicament canals que poden estar obertes a la participació de múltiples autors. Actualment existeixen dos mecanismes per pujar als fòrums: 1) els missatges "de mur a mur" i 2) a través de les etiquetes de foro @menció. Els fòrums poden ser creats per qualsevol persona i s'utilitzats per a qualsevol propòsit. El directori conté una opció per buscar fòrums públics. Als Fòrums privats només es poden fer entrades pels membres i sovint només son vistos pels membres.
+
+
+[b]Clonat de Comptes[/b]
+
+Els Comptes a $Projectname es refereixen com a [i]identitats nómades[/i], perquè la identitat d'un membre no està lligada al concentrador/servidor on es va crear originalment. Per exemple, quan es crea un compte de Facebook o Gmail, que està lligat a aquests serveis. No poden funcionar sense Facebook.com o Gmail.com.  
+
+Per contra, imagina que has creat una identitat a $Projectname anomenada [b]tina@Hubzillahub.com[/b]. Aquesta es pot clonar a un altre hub de $Projectname amb el mateix nom o un altre de diferent: per exemple [b]viuPerSempre@HubzillaHub.info[/b]
+                                                                     
+Tots dos canals estan ara sincronitzats, el que significa que tots els seus contactes i preferències es dupliquen en el teu clon. No importa si s'envia un missatge des del seu hub original o el nou centre. Els missatges/emtrades seran reflectits/des en tots dos comptes.
+
+Aquesta és una característica bastant revolucionària, si tenim en compte alguns dels escenaris:
+    
+  - Què passa si el concentrador/servidor on la identitat es basa cau sobtadament fora de línia? Sense clonació, un membre no pot comunicar fins que aquest centre torna a estar de nou en línia (sens dubte molts de vosaltres heu vist i maleït el Twitter "Fail Whale"). Amb la clonació, es pot iniciar la sessió al compte clonat, i la vida continua feliços per sempre. - L'administrador del teu concentrador/servidor ja no es pot permetre el luxe de pagar el concentrador/servidor $Projectname que ofereix gratuitament. Llavors anuncia que el centre serà tancant en dues setmanes. Això li dóna temps suficient als socis/partíceps per clonar la seva identitat/s i preservar les seves relacions de $Projectname, amics i contingut. - Què passa si la teva identitat està subjecta a la censura del govern? El teu proveïdor del concentrador/servidor pot ser obligat a eliminar el teu compte, juntament amb les identitats i dades associades. Amb la clonació, a $Projectname ofereixes [b]resistència a la censura[/b]. Pots tenir centenars de clons, si vols, amb noms totalment diferents, i existents en molts centres diferents, escampats a tot l'Internet.
+
+$Projectname ofereix noves i interesants possibilitats per a la privacitat. Pots llegir més a la pàgina <<Bones Pràctiques en Comunicacions Privades>>.
+
+A tenir en compte. Per a una explicació completa de la clonació d'identitat, llegir el <HOW TO CLONE MY IDENTITY>.
+
+[b]Perfils Multiples[/b]
+
+Es poden crear qualsevol nombre de perfils amb informació diferent i es poden fer-se visible/s a alguns de les teves connexions/amics. Un perfil "per defecte" es pot veure per qualsevol persona i pot contenir informació limitada, amb més informació disponible per grups o persones seleccionades. Això vol dir que el perfil (i el contingut del lloc) per als teus amics bevedors de cervesa pot ser diferents del que presentes als seus companys de treball, i també completament diferent del que és visible per al públic en general.
+
+[b]Còpies de Seguretat del Compte[/b]
+
+Hubzilla ofereix una còpia de seguretat del compte, amb un simple clic, on pots descarregar una còpia de seguretat completa del teu perfil(s).  
+
+Les còpies de seguretat es poden utilitzar per clonar o restaurar un perfil.
+
+[b]Eliminació del Compte[/b]
+
+Els comptes poden ser [b]esborrats immediatament[/b] fent clic en un enllaç. [b]Això és així[/b]. Tot el contingut associat s'elimina de la xarxa (això inclou els missatges i qualsevol altre tipus de contingut produït pel perfil suprimit). Depenent del nombre de connexions que té, el procés d'eliminació de contingut remot podria portar el seu temps, però està previst que passi tan aviat com sigui possible.
+
+[b][size=20]Creació de Contingut[/size][/b]
+
+[b]Escribint Entrades[/b]
+
+$Projectname suporta un nombre de diferents alternatives per afegir contingut amb text enriquit. La opció per defecte es una variant personalitzada de _BBcode, ajustada per al seu ús a $Projectname. Pots activar l'ús de Markdown (un llenguatge de marques) fàcil de treballar amb ell. Un editor visual també es pot emprar. El editor visual tradicionalment emprat en $Projectname va tenir seriosos problemes i ha estat eliminat. Estem actualment buscant un substitut. 
+
+Quant creem "llocs Web", El contingut espot afegir en HTML, Markdown, BBcode, i/o text plà.
+
+[b]Esborrat del contingut[/b]
+Qualsevol contingut creat a $Projectname roman sota el control del membre (o canal) que el va crear originalment.  En qualsevol moment, un membre pot esborrar un missatge o un rang de missatges.  El procés d'esborrat assegura que el contingut es eliminat, indiferentment de on es va publicar si en el canal primari (l'inicial)del concentrador/servidor o en altre qualsevol on el canal es va autenticar remotament via Zot ($Projectname communicació i protocol d'autenticació).
+
+[b]Multimedia[/b]
+Igual que qualsevol altre sistema modern de blocs, xarxes socials, o d'un servei de micro-blogging, $Projectname és compatible amb la càrrega d'arxius, la incorporació dels vídeos, l'enllaç de pàgines web.
+
+[b]Vista Prèvia/Edició[/b] 
+Les entrades es poder pre visualitzar abans d'enviar-les i reeditar desprès de ser enviades.
+
+[b]Votacions/Consens[/b]
+El missatges poden convertir-se en "consensos", són articles que ofereixen als lectors una forma de retroalimentació, es recopilen en comptadors de "d'acord", "en desacord" i "abstenir-se". Que permeten mesurar l'interès per les idees i crear enquestes informals. 
+
+
+[b]Estenent $Projectname[/b]
+
+$Projectname es pot estendre per diferents nombre de vies, a través de la personalització del lloc, la teva personalització, ajustos optatius, temes i addons/plugins. 
+
+[b]API[/b]
+
+Una API està disponible per al seu ús per serveis de terceres part. Està basat originalment en una de les primeres API's de Twitter(de la que existeixen cents d'eines de terceres parts). S'està ampliant actualment per proporcionar accés a les instal·lacions i capacitats que són específiques de $Projectname. L'accés pot ser proporcionada per usuari/contrasenya o OAuth i es proporciona registre de clients d'aplicacions OAuth.
+
+ 
+
+#include doc/macros/main_footer.bb;

doc/ca/first-post.bb

@@ -0,0 +1,3 @@
+[size=large]La teva primera entrada[/size]
+
+... pendent de ser escrita ...

doc/ca/general.bb

@@ -0,0 +1,20 @@
+[h2]Informació del Projecte/Lloc[/h2]
+
+[zrl=[baseurl]/help/Privacy]Politica de Privacitat[/zrl]
+
+[zrl=[baseurl]/help/history]Història de $Projectname[/zrl]
+
+[h3]Recursos Externs[/h3]
+[zrl=[baseurl]/help/external-resource-links]Enllaços a Recursos Externs[/zrl]
+
+[url=https://github.com/redmatrix/hubzilla]Lloc Web Principal[/url]
+
+[url=https://github.com/redmatrix/hubzilla-addons]Complements del Lloc Web[/url]
+
+[url=[baseurl]/help/credits]Credits en $Projectname[/url]
+
+[h3]Sobre Aquest Node $Projectname[/h3]
+[zrl=[baseurl]/help/TermsOfService]Termes de Servei per a AQUEST Node[/zrl]
+[zrl=[baseurl]/siteinfo]Informació del Node[/zrl]
+[zrl=[baseurl]/siteinfo/json]Informació Tècnica Detallada en format JSON d'aquest Node[/zrl]
+

doc/ca/main.bb

@@ -0,0 +1,12 @@
+[zrl=[baseurl]/help/about][b]Que és $Projectname?[/b][/zrl]
+$Projectname és una plataforma de comunicació i publicació descentralitzada que et permet mantenir el control de les teves necessitats de comunicació, gràcies a l'encriptació automàtica i control d'accés de gra fi. Éts tu, i només tu qui decideixes qui pot veure les teves coses.
+
+[zrl=[baseurl]/help/features][b]Característiques de $Projectname[/b][/zrl]
+
+$Projectname ja s'està executant com una xarxa distribuïda global i demostra la seva versatilitat i escalabilitat des de independent fins a grans llocs.
+Penseu en plataformes independents de comunicació de la família, de comunitats en línia distribuïdes, fòrums de suport, blocs i pàgines web. O proveïdors de continguts professionals amb canals premium comercials i accés de continguts específics. El que vulguis, $Projectname és allà per atendre la teva creativitat.
+
+[zrl=[baseurl]/help/what_is_zot][b]Tens Zot? Be, Deuries.[/b][/zrl]
+Zot és el gran nou protocol de communicació inventat especialment per a $Projectname. Com a membre, ja no estàs lligat a un sol lloc o concentrador (hub) gràcies a les "identitats nòmades". Migra fàcilment a un altre servidor i manté els teus contactes intactes, o clona i executa el mateix canal en diversos servidors. Encara que un d'ells tanqui, no es perd res. A més, una vegada que estàs dins de $Projectname no hi ha necessitat d'autenticar dues vegades, fins i tot quan s'accedeix des d'un altre lloc $Projectname. Zot és el que difèrencia $Projectname de qualsevol altre projecte.
+
+

doc/ca/members.bb

@@ -0,0 +1,25 @@
+[h2]Documentació per a Membres del Concentrador[/h2]
+
+[h3]Començant[/h3]
+[zrl=[baseurl]/help/registration]Registrant un Compte[/zrl]
+[zrl=[baseurl]/help/accounts_profiles_channels_basics]Tu a $Projectname: breument comptes, perfils i canals[/zrl]
+[zrl=[baseurl]/help/profiles]Perfils[/zrl]
+[zrl=[baseurl]/help/channels]Canals[/zrl]
+[zrl=[baseurl]/help/roles]Permisos per roles i tipus de Canals[/zrl]
+[zrl=[baseurl]/help/first-post]La teva primera entrada[/zrl]
+[zrl=[baseurl]/help/connecting_to_channels]Connectant Amb Altres Canals[/zrl]
+[zrl=[baseurl]/help/permissions]Permisos I Encriptació: Tu Tens El Control[/zrl]
+[zrl=[baseurl]/help/cloud]Emmagatzegament Al Núbol[/zrl]
+[zrl=[baseurl]/help/remove_account]Esborrar un Canal o un Compte[/zrl]
+
+[h3]Ajuda per als Membres[/h3]
+[zrl=[baseurl]/help/tags_and_mentions]Etiquetes i Mencions[/zrl]
+[zrl=[baseurl]/help/webpages]Pàgines Web[/zrl]
+[zrl=[baseurl]/help/bbcode]Referència BBcode per a entrades i comentaris[/zrl]
+[zrl=[baseurl]/help/checking_account_quota_usage]Comprovant la Quota d'Ús del Compte[/zrl]
+[zrl=[baseurl]/help/cloud_desktop_clients]Clients d'Escriptori al Núbol[/zrl]
+[zrl=[baseurl]/help/AdvancedSearch]Cerca Avançada al Directori[/zrl]
+[zrl=[baseurl]/help/addons]Ajuda pels Addons[/zrl]
+[zrl=[baseurl]/help/diaspora_compat]Compatibilitat de Comunicacions amb Diaspora (Diaspora i Friendica)[/zrl]
+[zrl=[baseurl]/help/faq_members]FAQ Per Membres[/zrl]
+[zrl=[baseurl]/help/bugs]Errors, Assumptes, i les coses que arriben de cop a la nit...[/zrl]

doc/ca/profiles.bb

@@ -0,0 +1,37 @@
+[b]Profiles[/b]
+
+$Projectname has unlimited profiles. You may use different profiles to show different "sides of yourself" to different audiences. This is different to having different channels. Different channels allow for completely different sets of information. You may have a channel for yourself, a channel for your sports team, a channel for your website, or whatever else. A profile allows for finely graded "sides" of each channel. For example, your default public profile might say "Hello, I'm Fred, and I like laughing". You may show your close friends a profile that adds "and I also enjoy dwarf tossing".
+
+You always have a profile known as your "default" or "public" profile. This profile is always available to the general public and cannot be hidden (there may be rare exceptions on privately run or disconnected sites). You may, and probably should restrict the information you make available on your public profile.
+
+That said, if you want other friends to be able to find you, it helps to have the following information in your public profile...
+
+[ul][*]Your real name or at least a nickname everybody knows
+[*]A photo of you
+[*]Your location on the planet, at least to a country level.[/ul]
+
+In addition, if you'd like to meet people that share some general interests with you, please take a moment and add some "Keywords" to your profile. Such as "music, linux, photography" or whatever. You can add as many keywords as you like.
+
+To create an alternate profile, first go to [zrl=[baseurl]/settings/features]Settings > Additional Features[/zrl] and enable "Multiple Profiles" there, otherwise you won't have the ability to use more than just your default profile.
+
+Then select "Edit Profiles" from the menu of your $Projectname site. You may edit an existing profile, change the profile photo, add things to a profile or create a new profile. You may also create a "clone" of an existing profile if you only wish to change a few items but don't wish to enter all the information again. To do that, click on the profile you want to clone and choose "Clone this profile" there.
+
+In the list of your profiles, you can also choose the contacts who can see a specific profile. Just click on "Edit visibility" next to the profile in question (only available for the profiles that are not your default profile) and then click on user images to add them to or remove them from the group of people who can see this profile.
+
+Once a profile has been selected, when the person views your profile, they will see the private profile you have assigned. If they are not authenticated, they will see your public profile.
+
+There is a setting which allows you to publish your profile to a directory and ensure that it can be found by others. You can change this setting on the "Settings" page.
+
+If you do not wish to be found be people unless you give them your channel address, you may leave your profile unpublished.
+
+[b]Keywords and Directory Search[/b]
+
+On the directory page, you may search for people with published profiles. Currently, only the name field and the keywords are searched.  You may also include such keywords in your default profile - which may be used to search for common interests with other members. Keywords are used in the channel suggestion tool and although they aren't visible in the directory, they are shown if people visit your profile page.
+
+On your Connnections page and in the directory there is a link to "Suggestions" or "Channel Suggestions", respectively. This will find channels who have matching and/or similar keywords. The more keywords you provide, the more relevant the search results that are returned. These are sorted by relevance.
+
+See Also
+
+[zrl=[baseurl]/help/AdvancedSearch]Advanced Searching[/zrl]
+
+#include doc/macros/main_footer.bb;

doc/ca/registration.bb

@@ -0,0 +1,35 @@
+[size=large][b]Registre[/b][/size]
+
+No tots els llocs $Projectname permeten la inscripció oberta. Si es permet el registre, veureu un enllaç de " Registre " immediatament sota de l'entrada a la pàgina principal del lloc. Seguint aquest enllaç et portarà a la pàgina de registre del lloc. En alguns llocs es pot redirigir a un altre lloc que permet registres. Com tots els llocs $Projectname estan vinculats, no importa on resideix el teu compte.
+
+[b]La Teva Adreça de Correu Electrònic[/b]
+
+Si us plau introdueix la teva adreça de correu electrònic vàlida. La teva adreça de correu electrònic mai es farà pública. Aquesta adreça s'utilitzarà per activar el teu compte, que (opcionalment) enviarà notificacions de correu electrònic per als missatges entrants o articles, [i]i per recuperar contrasenyes perdudes[/i].
+
+[b]Contrasenya[/b]
+
+Introdueix una contrasenya de la teva elecció, i repeix-la en la segona casella per assegurar-te que es va escriure correctament. Com $Projectname ofereix una identitat descentralitzada, Es pot accedir al teu compte en molts altres llocs web no només en el que t'has donat d'alta.
+
+[b]Termes Del Servei[/b]
+
+Clica a l'enllaç per llegir els [zrl=[baseurl]/help/TermsOfService]Termes de Servei[/zrl] del lloc. Una vegada llegits, marca la casella al formulari de registre per confirmar.
+
+[b]Registre[/b]
+
+Una vegada que hagis proporcionat els detalls necessaris, fes clic al botó "Registrar-se". Alguns llocs poden requerir l'aprovació de l'administrador abans de processar el registre, s'avisarà si aquest és el cas. Si us plau, mira el teu correu electrònic (incloent carpetes d'spam) per poder finalitzar la teva aprovació de registre.
+
+[b]Crear un Canal[/b]
+
+A continuació, se et presentarà la pantalla " Afegir un canal". Normalment, el primer canal serà un que et representa - pel que l'ús del seu propi nom (o pseudònim) com el nom del canal és una bona idea. El nom de la cadena ha de ser pensat com un títol o descripció breu del teu canal. El " triar un sobrenom curt " és similar a un "nom d'usuari ". Farem servir tot el que entra aquí per crear una adreça de canal, que altres persones utilitzaran per connectar-se amb tu, i que utilitzaràs per iniciar sessió en altres llocs. Això s'assembla a una adreça de correu electrònic, i pren la forma nickname@siteyouregisteredat.xyz
+
+Quan es crea el teu canal se't portarà directament a la pàgina de configuració on pots definir permisos, habilitar les funcions, etc. Totes aquestes coses es tracten a la secció corresponent dels fitxers d'ajuda.
+
+Veure Tambè
+[zrl=[baseurl]/help/accounts_profiles_channels_basics]Lo Basic sobre Identitats dins $Projectname[/zrl]
+[zrl=[baseurl]/help/accounts]Comptes[/zrl]
+[zrl=[baseurl]/help/profiles]Perfils[/zrl]
+[zrl=[baseurl]/help/permissions]Permisos[/zrl]
+[zrl=[baseurl]/help/remove_account]Eliminar Compte[/zrl]
+
+#include doc/macros/main_footer.bb;
+

doc/ca/what_is_zot.bb

@@ -0,0 +1,61 @@
+[b]Qué és Zot?[/b]
+
+Zot és el protocol que fa funcionar $Projectname, proveeix tres Característiques esencials: Comunicacions, Identitat, i Control d'Accéss.
+
+Les funcionalitats que proveeix es poden describir de la següent manera: 
+
+ - una relació en línia es només un munt de permisos
+ - internet és només un altre carpeta
+
+[b][size=20]Comunicacions[/size][/b]
+
+Zot és un protocol revolucionari que ofereix [i]comunicacions descentralitzades[/i] i [i]gestió d'identitat[/i] en tota la malla (o entrallat de connexions). El resultat es una plataforma que proveeix serveis web comparables amb els que ofereixen les grans companyies, però sense elles ni els seus problemes de privacitat, la seva insaciable necessitat de beneficis, ni la seva idea dels jardins-privats.
+
+Comunicacions i xarxes socials són una part integral del teixit. Qualsevol canal (i qualsevol servei ofert per aquest canal) por fer ús complert de les grans caracteristiques de comunicació social a escala global. Aquestes comunicacions poden ser públiques o privades - i comunicacions privades no es limiten a encriptar totalment l'enviament, sino que també encripten l'emmagatzegament per tal d'impedir que, administradors de sistemes murris o proveidors de servei, accidental o intencionadament tafanegin o revelin dades personals.
+
+Zot permet un ampli vental de serveis en segon plà per a la xarxa, des de oferir suggeriments d'amics, a serveis de directori. També pot realitzar altres coses que normalment només són possibles en un proveïdor centralitzat, com missatges "de mur a mur". Perfils particulars/múltiples es poden crear fàcilment i el contingut del web es pot adaptar a l'espectador a través del [i]Control Lliscant d'Afinitat[/i].
+
+No trobaràs, de cap manera,  aquestes característiques en altres serveis de comunicació descentralitzades. A més de proporcionar la descentralització de concentradors (servidors), potser la característica més innovadora i interessant de Zot és el subministrament de serveis [i]d'identitat descentralitzada[/i].
+
+[b][size=20]Identitat[/size][/b] 
+
+La capa que permet identitat mitjançant Zot es única. Facilita [i]l'identificació única invisible[/i] al llarg de tots els llocs de la malla. 
+
+També ofereix [i]identitat nómada[/i], de tal forma que les teves comunicacions amb amics, familiars , i qualsevol amb el que et comuniquis no s'han de veure afectats per la pérdua (caiguda, desconnexió) temporal/permanent del teu node de comunicació primari. 
+
+Les parts importants de la teva identitat i les relacions es poden copiar a una memòria USB, o el teu ordinador portàtil, i poden aparèixer en qualsevol node de la xarxa en qualsevol moment - amb tots els teus amics i preferències intactes. 
+
+Fonamentalment, aquestes instàncies (identitats) nòmades es mantenen en sincronia per tal que qualsevol instància pugui fer-se càrrec si un altre està en perill o danyada. Això el protegeix contra no només d'una fallada del sistema, sinó també de sobrecàrregues temporals del lloc i/o la manipulació governamental o censura.
+
+Identitat nòmada, inici de sessió únic, i nodes $Projectname descentralitzats, al nostre parer, introduir un alt grau de grau de [i]resiliència[/i] i [i]persistència[/i] en les comunicacions d'Internet, que són profundament necessàries en direcció contrària de les tendències mundials cap a la centralització corporativa, així com la vigilància governamental indiscriminada i la censura.
+
+Com naveges per la xarxa, els canals de visualització i el seu contingut únic, que es produeix sobre la marxa, fins i tot a través de centres de servidors completament diferents. No hi ha contrasenyes per entrar. No hi ha res a escriure. No tens que posar teu nom en cada nou lloc que visites.
+
+Com Zot pot fer això? En diem [i]identificació-màgica[/i], perquè $Projectname oculta els detalls de les complexitats que van a l'inici únic de sessió, les identitats nòmades, i l'experiència de navegació a la xarxa. Aquest és un dels objectius de disseny de $Projectname: per augmentar la privacitat i la llibertat a la xarxa, alhora que redueix la complexitat i el tedi interposat per la necessitat d'introduir noves contrasenyes i noms d'usuari per a cada vista diferent, que pots visitar en línia.
+
+Entrar com a usuari només una vegada en el teu centre d'origen (o qualsevol centre de recolçament nòmada que hagis triat). Això permet accedir a tots els serveis autenticats en qualsevol lloc de la malla - com ara anar a comprar, blocs, fòrums, i l'accés a la informació privada. Això és igual que els serveis oferts pels grans proveïdors de les empreses amb enormes bases de dades d'usuaris; però, pots ser un membre d'aquesta comunitat, així com un servidor en aquesta xarxa emprant un RasberryPi de 35$. La teva contrasenya no s'emmagatzema en un miler de diferents llocs, o encara pitjor, només en uns pocs llocs com Google i Facebook, fora del teu control directe.
+
+No pots ser silenciat. No pots ser eliminat de la xarxa, llevat que triïs per sortir, tu mateix.
+
+[b][size=20]Control d'Accés[/size][/b]
+
+La capa de identitat de Zot permet proporcionar permisos específics a qualsevol contingut que desitgis publicar - i aquests permisos s'estenen per $ProjectName. Això és com tenir un sol súper gran espai web format per un exèrcit de petits llocs web individuals - i on cada canal a la xarxa pot controlar completament les seves preferències de privacitat i ús compartit dels recursos web que creen.
+
+Actualment, la xarxa suporta comunicacions, àlbums de fotos, esdeveniments, i arxius. Això s'ampliarà en el futur per proporcionar serveis de gestió de continguts (pàgines web) i instal·lacions d'emmagatzematge en el núvol, com biblioteques WebDAV i multimèdia. Cada objecte i la forma en què es comparteix i amb qui està completament sota el teu control.
+
+Aquest tipus de control està disponible en grans proveïdors de serveis com Facebook i Google, ja que poseeixen la base de dades d'usuari. Dins de la xarxa, no hi ha necessitat d'un gran usuari de base de dades a la teva màquina - perquè la xarxa [i]és[/i] la teva base de dades d'usuari. Té essencialment infinita capacitat (limitada pel nombre total de nodes en línia a través d'Internet), i s'estén entre centenars, i potencialment milions d'ordinadors.
+
+L'accés pot ser concedit o negat per a qualsevol recurs, a qualsevol canal, o qualsevol grup de canals; en qualsevol lloc dins de la malla. Altres podràn accedir al teu contingut si els permets fer-ho, i ni tan sols cal tenir un compte al node. Les teves fotos privades no es poden veure, perquè els permissos realment funcionen; no són un complement que s'ha afegit a l'últim moment. Si no ets a la llista d'espectadors  permesos per a una foto en particular, tu no la veuràs.
+
+[b][size=18]Recursos Addicionals i Enllaços[/size][/b]
+
+Per més detalla, informació tècnica sobre Zot, clica sobre algún dels següents enllaços: 
+
+ - [url=https://github.com/friendica/red/wiki/Zot---A-High-Level-Overview]Vista per experts (en anglès)[/url]
+
+ - [url=https://github.com/friendica/red/wiki/zot]Especificació pel desenvolupament de Zot (en anglès)[/url]
+
+ - [url=https://github.com/redmatrix/hubzilla/blob/master/include/zot.php]Referència per la implementació de Zot en PHP (en anglès)[/url]
+
+
+#include doc/macros/main_footer.bb;

doc/channels.bb

@@ -22,7 +22,7 @@ Once you have created your channel, you will be taken to the settings page, wher
 
 Once you have done this, your channel is ready to use. At [observer=1][observer.url][/observer][observer=0]example.com/channel/username[/observer] you will find your channel "stream". This is where your recent activity will appear, in reverse chronological order. If you post in the box marked "share", the entry will appear at the top of your stream. You will also find links to all the other communication areas for this channel here. The "About" tab contains your "profile", the photos page contain photo albums, and the events page contains events share by both yourself and your contacts.
 
-The "Matrix" page contains all recent posts from across the matrix, again in reverse chronologial order. The exact posts that appear here depend largely on your permissions. At their most permissive, you will receive posts from complete strangers. At the other end of the scale, you may see posts from only your friends - or if you're feeling really anti-social, only your own posts.
+The "Grid" page contains all recent posts from across the $Projectname network, again in reverse chronologial order. The exact posts that appear here depend largely on your permissions. At their most permissive, you will receive posts from complete strangers. At the other end of the scale, you may see posts from only your friends - or if you're feeling really anti-social, only your own posts.
 
 As mentioned at the start, many other kinds of channel are possible, however, the creation procedure is the same. The difference between channels lies primarily in the permissions assigned. For example, a channel for sharing documents with colleagues at work would probably want more permissive settings for "Can write to my "public" file storage" than a personal account. For more information, see the permissions section.
 

doc/cloud.bb

@@ -10,7 +10,7 @@ On many public servers there may be limits on disk usage.
 
 The quickest and easiest way to share files is through file attachments. In the row of icons below the status post editor is a tool to upload attachments. Click the tool, select a file and submit. After the file is uploaded, you will see an attachment code placed inside the text region. Do not edit this line or it may break the ability for your friends to see the attachment. You can use the post permissions dialogue box or privacy hashtags to restrict the visibility of the file - which will be set to match the permissions of the post your are sending.
 
-To delete attachments or change the permissions on the stored files, visit [observer.baseurl]/filestorage/{{username}}" replacing {{username}} with the nickname you provided during channel creation.
+To delete attachments or change the permissions on the stored files, visit [observer.baseurl]/cloud/{{username}}" replacing {{username}} with the nickname you provided during channel creation.
 
 [b]Web Access[/b]
 
@@ -22,6 +22,6 @@ See: [zrl=[baseurl]/help/cloud_desktop_clients]Cloud Desktop Clients[/zrl]
 
 [b]Permissions[/b]
 
-When using WebDAV, the file is created with your channel's default file permissions and this cannot be changed from within the operating system. It also may not be as restrictive as you would like. What we've found is that the preferred method of making files private is to first create folders or directories; then visit "filestorage/{{username}}"; select the directory and change the permissions. Do this before you put anything into the directory. The directory permissions take precedence so you can then put files or other folders into that container and they will be protected from unwanted viewers by the directory permissions. It is common for folks to create a "personal" or "private" folder which is restricted to themselves. You can use this as a personal cloud to store anything from anywhere on the web or any computer and it is protected from others. You might also create folders for "family" and "friends" with permission granted to appropriate collections of channels.
+When using WebDAV, the file is created with your channel's default file permissions and this cannot be changed from within the operating system. It also may not be as restrictive as you would like. What we've found is that the preferred method of making files private is to first create folders or directories; then visit "filestorage/{{username}}"; select the directory and change the permissions. Do this before you put anything into the directory. The directory permissions take precedence so you can then put files or other folders into that container and they will be protected from unwanted viewers by the directory permissions. It is common for folks to create a "personal" or "private" folder which is restricted to themselves. You can use this as a personal cloud to store anything from anywhere on the web or any computer and it is protected from others. You might also create folders for "family" and "friends" with permission granted to appropriate privacy groups.
 
 #include doc/macros/main_footer.bb;

doc/comanche.bb

@@ -27,8 +27,8 @@ Currently there are five layout templates, unless your site provides additional
 			edgesthree - three column layout with fixed side margins
 			full - three column layout with fixed side margins and adds a "header" region beneath the navigation bar
 
-	[b]redable[/b]
-	A template for reading longer texts. Three columns: aside, content and right_aside.
+	[b]redable[/b] (sic)
+	A template for reading longer texts full screen (so without navigation bar). Three columns: aside, content and right_aside.
 	For maximum readability it is advised to only use the middle content column.
 
 	[b]zen[/b]

doc/context/admin/security/help.html

@@ -0,0 +1,3 @@
+<h3>Security Settings</h3>
+<p>This page contains various administrator settings related to security.</p>
+<p>To save any changes you make to these settings, you must press the Submit button.</p>

doc/context/channel/help.html

@@ -0,0 +1,24 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This is the home page of a channel. It is similar to someone's profile "wall" in a social network context. Posts created by the channel are displayed according to the observer's viewing permissions.</dd>
+  <dt>Create a Post</dt>
+  <dd>If you have permission to create posts on the channel page, then you will see the post editor at the top.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/cloud/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This page displays a channel's "cloud" files. The files visible to the observer depend on the individual file permissions set by the channel owner. If you have permission to create/upload files you will see control buttons above the file list.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/mail/help.html

@@ -0,0 +1,10 @@
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>The messages displayed in private mail are visible only to you and the single recipient. </dd>
+  <dt>Combined View</dt>
+  <dd>Complete conversations can be viewed in a continuous thread by selecting <b>Combined View</b>. Available conversations are displayed beneath the menu in the side panel.</dd>
+  <dt>Inbox/Outbox</dt>
+  <dd>Individual sent messages are viewed by selecting <b>Outbox</b>, and incoming messages are viewed using the <b>Inbox</b> filter.</dd>
+  <dt>New Message</dt>
+  <dd>Individual messages have delivery reports that can be viewed using the drop-down menu. Messages can also be recalled from the same menu, which can prevent the recipient from viewing the message <i>if they have not already read it</i>.</dd>
+</dl>

doc/context/network/help.html

@@ -0,0 +1,26 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>The network page displays a stream of posts and conversations, typically ordered by the most recently updated. This page is highly customizable.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#profile-jot-wrapper", 0); return false;' title="Click to highlight element...">Create a Post</a></dt>
+  <dd>At the top of the page there is a text box that says "Share". Clicking this box opens a new post editor. The post editor is customizable, but the basic editor provides fields for a post body and an optional post <b>Title</b>. Buttons below the text area to the left provide shortcuts to text formatting and inserting links, images, and other data into the post. The buttons to the right provide a post preview, the post permissions setting, and a <b>Submit</b> button to send the post.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#group-sidebar", 1); return false;' title="Click to highlight element...">Privacy Groups</a></dt>
+  <dd>The privacy groups you have created are displayed in the side panel. Selecting them filters posts to those created by channels in the chosen group.</dd>
+  <dt><a href='#' onclick='$("#dbtn-acl").click(); return false;' title="Click to highlight element...">Post Permissions</a></dt>
+  <dd>The access control list (ACL) is what you use to set who can see your new post. Pressing the ACL button beside the Submit button will display a dialog in which you can select what channels and/or privacy groups can see the post. You can also select who is explicitly denied access. For example, say you are planning a surprise party for a friend. You can send an invitation post to everyone in your <b>Friends</b> group <i>except</i> the friend you are surprising. In this case you "show" the <b>Friends</b> group but "don't show" that one person.</dd>
+</dl>

doc/context/photos/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This page displays a channel's photo albums. The images visible to the observer depend on the individual image permissions.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/profile/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This is the profile page of a channel. It typically displays information describing the channel. If the channel represents a person in a social network, for example, then the profile might provide contact information and other personal details about the person. Channels can have multiple profiles, where the displayed profile depends on the observer.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/credits.bb

@@ -1,5 +1,9 @@
 [b]Credits[/b]
 
+Thanks to all who have helped and contributed to the project and its predecessors over the years. It is possible we missed in your name but this is unintentional. We also thank the community and its members for providing valuable input and without whom this entire effort would be meaningless. 
+
+It is also worth acknowledging the contributions and solutions to problems which arose from discussions amongst members and developers of other somewhat related and competing projects; even if we have had our occasional disagreements. 
+
 Mike Macgirvin
 Fabio Comuni
 Simon L'nu
@@ -10,7 +14,7 @@ tommy tomson
 Simon
 zottel
 Christian Vogeley
-jeroenpraat
+Jeroen van Riet Paap (jeroenpraat)
 Michael Vogel
 erik
 Zach Prezkuta
@@ -62,6 +66,7 @@ tonnerkiller
 Antoine G
 Christian Drechsler
 Ludovic Grossard
+RedmatrixCanada
 Stanislav Lechev [0xAF]
 aweiher
 bufalo1973
@@ -73,3 +78,5 @@ mycocham
 ndurchx
 pafcu
 Simó Albert i Beltran
+Manuel Reva
+Manuel Jiménez Friaza

doc/database.bb

@@ -23,18 +23,17 @@
 [tr][td][zrl=[baseurl]/help/database/db_group_member]group_member[/zrl][/td][td]privacy groups (collections), group info[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_groups]groups[/zrl][/td][td]privacy groups (collections), member info[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_hook]hook[/zrl][/td][td]plugin hook registry[/td][/tr]
-[tr][td][zrl=[baseurl]/help/database/db_hubloc]hubloc[/zrl][/td][td]Red location storage, ties a hub location to an xchan[/td][/tr]
+[tr][td][zrl=[baseurl]/help/database/db_hubloc]hubloc[/zrl][/td][td]xchan location storage, ties a hub location to an xchan[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_issue]issue[/zrl][/td][td]future bug/issue database[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_item]item[/zrl][/td][td]all posts and webpages[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_item_id]item_id[/zrl][/td][td]other identifiers on other services for posts[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_likes]likes[/zrl][/td][td]likes of 'things'[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_mail]mail[/zrl][/td][td]private messages[/td][/tr]
-[tr][td][zrl=[baseurl]/help/database/db_manage]manage[/zrl][/td][td]may be unused in Red, table of accounts that can "su" each other[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_menu]menu[/zrl][/td][td]webpage menu data[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_menu_item]menu_item[/zrl][/td][td]entries for webpage menus[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_notify]notify[/zrl][/td][td]notifications[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_obj]obj[/zrl][/td][td]object data for things (x has y)[/td][/tr]
-[tr][td][zrl=[baseurl]/help/database/db_outq]outq[/zrl][/td][td]Red output queue[/td][/tr]
+[tr][td][zrl=[baseurl]/help/database/db_outq]outq[/zrl][/td][td]output queue[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_pconfig]pconfig[/zrl][/td][td]personal (per channel) configuration storage[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_photo]photo[/zrl][/td][td]photo storage[/td][/tr]
 [tr][td][zrl=[baseurl]/help/database/db_poll]poll[/zrl][/td][td]data for polls[/td][/tr]

doc/database/db_abook.bb

@@ -27,29 +27,22 @@
 [/td][/tr]
 [tr][td]abook_dob[/td][td]Datetime of connection's birthday converted from *their* timezone to UTC[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]abook_flags[/td][td]Bitfield containing blocked(0x1), ignored(0x2), hidden(0x4), archived(0x8), pending(0x10), unconnected(0x20), self(0x80), feed(0x100)[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_flags[/td][td]No longer used[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
 [tr][td]abook_profile[/td][td]profile.guid of profile to display to this connection if authenticated[/td][td]char(64)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
+[tr][td]abook_blocked[/td][td]Bi-directional communications with this channel are blocked, regardless of other permissions. [/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_ignored[/td][td]Incoming communications from this channel are blocked, regardless of other permissions.  [/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_hidden[/td][td]This connection will not be shown as a connection to anybody but the channel owner[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_archived[/td][td]This connection is likely non-functioning and the entry and conversations are preserved, but further polled communications will not be attempted. [/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_pending[/td][td]A connection request was received from this channel but has not been approved by the channel owner, public communications may still be visible but no additional permissions have been granted. [/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_unconnected[/td][td]currently unused. Projected usage is to indicate "one-way" connections which were insitgated on this end but are still pending on the remote end. [/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_self[/td][td]is a special case where the owner is the target. Every channel has one abook entry with abook_self and with a target abook_xchan set to channel.channel_hash . When this flag is present, abook_my_perms is the default permissions granted to all new connections and several other fields are unused.[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_feed[/td][td]indicates this connection is an RSS/Atom feed and may trigger special handling.[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_incl[/td][td]connection filter allow rules separated by LF[/td][td]text[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_excl[/td][td]connection filter deny rules separated by LF[/td][td]text[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]abook_instance[/td][td]comma separated list of site urls of all channel clones that this connection is connected with (used only for singleton networks which don't support cloning)[/td][td]text[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/table]
 
 
-Notes: 
-
-ABOOK_FLAGS_BLOCKED - Bi-directional communications with this channel are blocked, regardless of other permissions. 
-
-ABOOK_FLAGS_IGNORED - Incoming communications from this channel are blocked, regardless of other permissions.  
-
-ABOOK_FLAGS_HIDDEN - This connection will not be shown as a connection to anybody but the channel owner
-
-ABOOK_FLAGS_ARCHIVED - This connection is likely non-functioning and the entry and conversations are preserved, but further polled communications will not be attempted. 
-
-ABOOK_FLAGS_PENDING - A connection request was received from this channel but has not been approved by the channel owner, public communications may still be visible but no additional permissions have been granted. 
-
-ABOOK_FLAGS_UNCONNECTED - currently unused. Projected usage is to indicate "one-way" connections which were insitgated on this end but are still pending on the remote end. 
-
-ABOOK_FLAGS_SELF is a special case where the owner is the target. Every channel has one abook entry with ABOOK_FLAGS_SELF with a target abook_xchan set to channel.channel_hash . When this flag is present, abook_my_perms is the default permissions granted to all new connections and several other fields are unused.
-
-ABOOK_FLAGS_FEED - indicates this connection is an RSS/Atom feed and may trigger special handling.
-
 Return to [zrl=[baseurl]/help/database]database documentation[/zrl]

doc/database/db_attach.bb

@@ -21,7 +21,15 @@
 [/td][/tr]
 [tr][td]folder[/td][td]attach.hash of parent folder[/td][td]char(64)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]flags[/td][td]see notes[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]flags[/td][td]no longer used[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[/td][/tr]
+[tr][td]is_dir[/td][td]0 (file) or 1 to indicate a directory[/td][td]tinyint[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[/td][/tr]
+[tr][td]is_photo[/td][td]if 1, a photo is linked to this resource[/td][td]tinyint[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[/td][/tr]
+[tr][td]os_storage[/td][td]if 0, data contains content; if 1 data contains path to content (always 1 in hubzilla)[/td][td]tinyint[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[/td][/tr]
+[tr][td]display_path[/td][td]under construction, store the human readable path[/td][td]mediumtext[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
 [tr][td]data[/td][td]file data or pathname to stored data if ATTACH_FLAG_OS[/td][td]longblob[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
@@ -39,12 +47,6 @@
 [/td][/tr]
 [/table]
 
-
-Bitmasks
-
-define ( 'ATTACH_FLAG_DIR',    0x0001);  This is a directory
-define ( 'ATTACH_FLAG_OS',     0x0002);  Data content is link to OS file containing data, if unset the data filed contains the file data
-
 permissions are xchan_hash or group_hash surrounded by angle chars. e.g. '<abc123><xyz789>'
 
 Return to [zrl=[baseurl]/help/database]database documentation[/zrl]

doc/database/db_channel.bb

@@ -1,96 +1,100 @@
 [table]
 [tr][th]Field[/th][th]Description[/th][th]Type[/th][th]Null[/th][th]Key[/th][th]Default[/th][th]Extra
 [/th][/tr]
-[tr][td]channel_id[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
+[tr][td]channel_id[/td][td]sequential ID[/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
 [/td][/tr]
-[tr][td]channel_account_id[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]channel_account_id[/td][td]account.id of the account owning this channel[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]channel_primary[/td][td][/td][td]tinyint(1) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]channel_primary[/td][td]1 = this is the primary instance of this channel[/td][td]tinyint(1) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]channel_name[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_name[/td][td]Name that this channel is known by[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_address[/td][td][/td][td]char(255)[/td][td]NO[/td][td]UNI[/td][td][/td][td]
+[tr][td]channel_address[/td][td]"username" or URL-and-email safe nickname[/td][td]char(255)[/td][td]NO[/td][td]UNI[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_guid[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_guid[/td][td]Long hash representing a psuedo-unique ID, does not have ot be globally unique[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_guid_sig[/td][td][/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_guid_sig[/td][td]channel.gui signed with channel.prvkey and base64url_encoded[/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_hash[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_hash[/td][td]base64url_encode of a 64-char whirlpool hash of channel.guid and channel_guid_sig concatenated, synonymous with xchan_hash.[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_timezone[/td][td][/td][td]char(128)[/td][td]NO[/td][td]MUL[/td][td]UTC[/td][td]
+[tr][td]channel_timezone[/td][td]PHP-legal timezone[/td][td]char(128)[/td][td]NO[/td][td]MUL[/td][td]UTC[/td][td]
 [/td][/tr]
-[tr][td]channel_location[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_location[/td][td]Default for item.location[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_theme[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_theme[/td][td]channel theme preference[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_startpage[/td][td][/td][td]char(255)[/td][td]NO[/td][td][/td][td][/td][td]
+[tr][td]channel_startpage[/td]relative site URL to visit after logging in[td][/td][td]char(255)[/td][td]NO[/td][td][/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_pubkey[/td][td][/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_pubkey[/td][td]RSA public key 4096 bit[/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_prvkey[/td][td][/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_prvkey[/td][td]RSA private key 4096 bit[/td][td]text[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_notifyflags[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]65535[/td][td]
+[tr][td]channel_notifyflags[/td][td]bifield representing what notification types are active[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]65535[/td][td]
 [/td][/tr]
-[tr][td]channel_pageflags[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]channel_pageflags[/td][td]bitfield of special channel uses[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]channel_dirdate[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]channel_dirdate[/td][td]time when directory was last pinged. Must do this once a month[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]channel_deleted[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]channel_deleted[/td][td]time when channel was deleted[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]channel_max_anon_mail[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]10[/td][td]
+[tr][td]channel_max_anon_mail[/td][td]unused[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]10[/td][td]
 [/td][/tr]
-[tr][td]channel_max_friend_req[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]10[/td][td]
+[tr][td]channel_max_friend_req[/td][td]unused[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]10[/td][td]
 [/td][/tr]
-[tr][td]channel_expire_days[/td][td][/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]channel_expire_days[/td][td]expire imported content that hasn't been otherwise protected after this many days, 0 is no expiration[/td][td]int(11)[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]channel_passwd_reset[/td][td][/td][td]char(255)[/td][td]NO[/td][td][/td][td][/td][td]
+[tr][td]channel_passwd_reset[/td][td]password reset token[/td][td]char(255)[/td][td]NO[/td][td][/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_default_group[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]channel_default_group[/td][td]put all new connections into the group with this name[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]channel_allow_cid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_allow_cid[/td][td]Default permissions for this channel[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_allow_gid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_allow_gid[/td][td]Default permissions for this channel[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_deny_cid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_deny_cid[/td][td]Default permissions for this channel[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_deny_gid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]channel_deny_gid[/td][td]Default permissions for this channel[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]channel_r_stream[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_stream[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_r_profile[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_profile[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_r_photos[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_photos[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_r_abook[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_abook[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_stream[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_stream[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_wall[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_wall[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_tagwall[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_tagwall[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_comment[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_comment[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_mail[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_mail[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_photos[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_photos[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_chat[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_chat[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_a_delegate[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]channel_a_delegate[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]channel_r_storage[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_storage[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_storage[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_storage[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_r_pages[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_r_pages[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_pages[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_pages[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_a_republish[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_a_republish[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
-[tr][td]channel_w_like[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[tr][td]channel_w_like[/td][td]specific permission bitfield[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[/td][/tr]
+[tr][td]channel_removed[/td][td]if 1, this channel has been deleted[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
+[/td][/tr]
+[tr][td]channel_system[/td][td]if 1, this is the special system channel on this site[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]128[/td][td]
 [/td][/tr]
 [/table]
 
-Return to [zrl=[baseurl]/help/database]database documentation[/zrl]
+Return to [zrl=[baseurl]/help/database]database documentation[/zrl]

doc/database/db_chat.bb

@@ -1,15 +1,15 @@
 [table]
 [tr][th]Field[/th][th]Description[/th][th]Type[/th][th]Null[/th][th]Key[/th][th]Default[/th][th]Extra
 [/th][/tr]
-[tr][td]chat_id[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
+[tr][td]chat_id[/td][td]sequential ID[/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
 [/td][/tr]
-[tr][td]chat_room[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]chat_room[/td][td]chatroom.cr_id for this chat[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]chat_xchan[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]chat_xchan[/td][td]author xchan_hash[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]chat_text[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]chat_text[/td][td]the text of the chat message[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]created[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]created[/td][td]timestamp of this message[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
 [/table]
 

doc/database/db_chatpresence.bb

@@ -1,17 +1,17 @@
 [table]
 [tr][th]Field[/th][th]Description[/th][th]Type[/th][th]Null[/th][th]Key[/th][th]Default[/th][th]Extra
 [/th][/tr]
-[tr][td]cp_id[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
+[tr][td]cp_id[/td][td]sequential ID[/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
 [/td][/tr]
-[tr][td]cp_room[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]cp_room[/td][td]chatroom.cr_id of the chatroom[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]cp_xchan[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]cp_xchan[/td][td]xchan_hash of the chatroom participant[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]cp_last[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]cp_last[/td][td]datetime last ping[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]cp_status[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td]NULL[/td][td]
+[tr][td]cp_status[/td][td]text status description e.g. "online"[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]cp_client[/td][td][/td][td]char(128)[/td][td]NO[/td][td][/td][td][/td][td]
+[tr][td]cp_client[/td][td][/td]IP address of this client[td]char(128)[/td][td]NO[/td][td][/td][td][/td][td]
 [/td][/tr]
 [/table]
 

doc/database/db_chatroom.bb

@@ -1,27 +1,27 @@
 [table]
 [tr][th]Field[/th][th]Description[/th][th]Type[/th][th]Null[/th][th]Key[/th][th]Default[/th][th]Extra
 [/th][/tr]
-[tr][td]cr_id[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
+[tr][td]cr_id[/td][td]sequential ID[/td][td]int(10) unsigned[/td][td]NO[/td][td]PRI[/td][td]NULL[/td][td]auto_increment
 [/td][/tr]
-[tr][td]cr_aid[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]cr_aid[/td][td]account.id of chatroom owner[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]cr_uid[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]cr_uid[/td][td]channel.channel_id of chatroom owner[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]cr_name[/td][td][/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
+[tr][td]cr_name[/td][td]visible name of chatroom[/td][td]char(255)[/td][td]NO[/td][td]MUL[/td][td][/td][td]
 [/td][/tr]
-[tr][td]cr_created[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]cr_created[/td][td]creation timestampe[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]cr_edited[/td][td][/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
+[tr][td]cr_edited[/td][td]edited timestamp[/td][td]datetime[/td][td]NO[/td][td]MUL[/td][td]0000-00-00 00:00:00[/td][td]
 [/td][/tr]
-[tr][td]cr_expire[/td][td][/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
+[tr][td]cr_expire[/td][td]expiration period for chats in this chatroom in minutes, 0 is no expiration[/td][td]int(10) unsigned[/td][td]NO[/td][td]MUL[/td][td]0[/td][td]
 [/td][/tr]
-[tr][td]allow_cid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]allow_cid[/td][td]permissions for this room[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]allow_gid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]allow_gid[/td][td]permissions for this room[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]deny_cid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]deny_cid[/td][td]permissions for this room[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
-[tr][td]deny_gid[/td][td][/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
+[tr][td]deny_gid[/td][td]permissions for this room[/td][td]mediumtext[/td][td]NO[/td][td][/td][td]NULL[/td][td]
 [/td][/tr]
 [/table]