Merge branch 2.2RC

Update DE translation strings

.gitignore

@@ -60,11 +60,13 @@ nbproject/
 .idea/
 
 
-# composer files (at the moment composer is not officially supported and only used to add SabreDAV, we should add these)
-composer.* 
-
-# When we include composer we should exclude vendor/
+## composer
+# locally installed composer binary
+composer.phar
+# vendor/ is managed by composer, no need to include in our repository
+# requires new deployment and needs discussion first
 #vendor/
-# Exclude at least some vendor test files, examples, etc.
-vendor/sabre/*/tests/
+# Exclude at least some vendor test files, examples, etc. so far
+vendor/**/tests/
+vendor/**/Test/
 vendor/sabre/*/examples/

.homeinstall/hubzilla-setup.sh

@@ -491,7 +491,7 @@ END
         print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)"
         return 0
     fi
-    git clone https://github.com/lukas2511/letsencrypt.sh $le_dir
+    git clone https://github.com/lukas2511/dehydrated $le_dir
     cd $le_dir
     # create config file for letsencrypt.sh
     echo "WELLKNOWN=$le_dir" > $le_dir/config.sh
@@ -511,9 +511,9 @@ END
     then
         die "Failed to load $url_http"
     fi
-    # run letsencrypt.sh
+    # run script dehydrated
     # 
-    ./letsencrypt.sh --cron --config $le_dir/config.sh
+    ./dehydrated --cron --config $le_dir/config.sh
 }
 
 function configure_apache_for_https {
@@ -730,8 +730,8 @@ echo "#" >> /var/www/$hubzilladaily
 echo "echo \" \"" >> /var/www/$hubzilladaily
 echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
 echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - renew certificat...\"" >> /var/www/$hubzilladaily
-echo "bash $le_dir/letsencrypt.sh --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily
+echo "bash $le_dir/dehydrated --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "# stop hubzilla" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - stoping apache and mysql...\"" >> /var/www/$hubzilladaily
@@ -798,7 +798,7 @@ echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
 echo "du -h /var/cache/rsnapshot/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
 echo "#" >> /var/www/$hubzilladaily
 echo "# update" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating letsencrypt.sh...\"" >> /var/www/$hubzilladaily
+echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/html/ pull" >> /var/www/$hubzilladaily

.travis.yml

@@ -5,10 +5,6 @@ language: php
 php:
   # using major version aliases
 
-  # aliased to a recent 5.4.x version
-  - 5.4
-  # aliased to a recent 5.5.x version
-  - 5.5
   # aliased to a recent 5.6.x version
   - 5.6
   # aliased to a recent 7.x version
@@ -27,7 +23,6 @@ matrix:
 #    - php: hhvm
 #      env: DB=pgsql  # PDO driver for pgsql is unsupported by HHVM (3rd party install for support)
   allow_failures:
-    - php: 7.0
     - php: hhvm
 
 # execute any number of scripts before the test run, custom env's are available as variables
@@ -36,11 +31,14 @@ matrix:
 #  - if [[ "$DB" == "pgsql" ]]; then psql -c "create database hello_world_test;" -U postgres; fi
 #  - if [[ "$DB" == "mysql" ]]; then mysql -e "create database IF NOT EXISTS hello_world_test;" -uroot; fi
 
+install:
+  - composer require phpunit/phpunit
+
 # omitting "script:" will default to phpunit
 # use the $DB env variable to determine the phpunit.xml to use
-script: phpunit  tests/*php
+script: vendor/bin/phpunit  tests/unit/
 
 # configure notifications (email, IRC, campfire etc)
 notifications:
 #  irc: "irc.freenode.org#yourfavouriteroomfortravis"
-# a plugin/script to post to a hubzilla channel would be neat here
+# a plugin/script to post to a hubzilla channel would be neat here

CHANGELOG

@@ -1,3 +1,276 @@
+Hubzilla 2.2 (2017-03-08)
+	- Don't collapse long nsfw content if nsfw plugin is already collapsing it
+	- Provide version compatibility check for themes (minversion, maxversion)
+	- Use chanlink_hash() instead of chanlink_url() where appropriate
+	- Use head_add_link() for feed discovery
+	- Provide HTTP header parser which honours continuation lines
+	- Numerous doco improvements
+	- Implement virtual privacy groups from restricted profile access list
+	- Implement permission roles
+	- Implement app-tray
+	- Default to manual conversation updates
+	- Implement channel move for all server roles
+	- Implement nav login modal
+	- Rename bb2diaspora.php to markdown.php
+	- Remove obsolete module 'match'
+	- Move firefox social api configuration to plugin
+	- Move rsd service to twitter_api plugin
+	- Add build_pagehead hook
+	- Move opensearch to plugins
+	- Move dreamhost hack to plugin
+	- Add wiki permissions
+	- Introduce hubloc_store_lowlevel() and xchan_store_lowlevel()
+	- Move diaspora account import to the diaspora plugin
+	- Allow export of single data sets instead of always exporting everything we know about in channel export
+	- Queue optimisations for sites that have lingered in the queue for more than a couple of days
+	- Add affinity slider tool settings for min and max defaults in settings/featured
+	- Provide lowlevel xchan storage function to ensure that all non-null rows are initialised
+	- Implement native wiki
+	- Block well-known from oembed
+	- Implement observer.language bbcode and observer.language comanche conditional
+	- Implement daemon_addon hook to let plugins create custom background processes
+	- Implement profile vcards
+	- Implement connection vcards
+	- Implement 'click to call' in address book
+	- Default cover photo
+	- Remove fullscreen functionality in photo album view
+	- Update fontawesome lib to version 4.7.0
+	- Implement a menu to select a section to be open by default in connedit
+	- Improve comanche conditionals
+	- Add enclosures and categories to atom feed parsing
+	- Allow the atom_entry hook to change the results
+	- Set 'adjust for viewer timezone' as the default for new events
+	- Allow event creation in other timezones than your own
+	- Update fullcalendar lib to version 3.1
+	- Move api version call back to core
+	- Create first webpage as 'home' if none exist
+	- Show webpages link to visitors if a 'home' page exists
+
+	Bugfixes
+	- Fix schema not saved if session theme != selected theme and schema select display issue
+	- Fix no acl not detected in post_activity_item()
+	- Fix find_folder_hash_by_path() was not safe against multiple attach structures with the same filename but in different directories
+	- Fix don't search on empty filename - we shouldn't find it. The reason why this change is being made is because we actually did find it due to a development glitch
+	- Fix several places where head_add_(css|js) functions have been used incorrectly.
+	- Fix webpage import tool
+	- Fix numerous bugs with the addon repo management GUI
+	- Fix attach_delete() to remove photo resources even if the attach table row wasn't found
+	- Fix choking if photo_factory() returns null
+	- Fix embedimage if an albumname contains quotes
+	- Fix chat member list when one or more members are connected via access tokens
+	- Fix issue #636 - some localised (e.g. Italian) strings have single quotes which throw JS errors when used in single quoted template constructs
+	- Fix issues #629 and #635 - edited post arriving from downstream source was not being rejected
+	- Fix peoplefind widget not honouring directory option settings
+	- Fix issue with HTML in code blocks in markdown in wiki
+	- Fix issue with post signatures if posted from api and logged in locally with a different identity
+
+	Plugins/Addon
+	- Add experimental webmention plugin
+	- NSFW: Use button instead of text link
+	- Diaspora: gracefully handle multiple photos per post
+	- Diaspora: change profile photo permission call
+	- Logrotate: don't throw an error if another server process renamed the logfile before we got to it
+	- Chess: the channel owner must be one of the players, so only require selecting one connection for an opponent
+	- Move firefox social api configuration to plugin from core
+	- Move rsd service to twitter_api plugin from core
+	- Move opensearch to plugins from core
+	- Move dreamhost hack to plugin from
+	- Move diaspora account import to addon from core
+	- Reflect hubloc store changes in plugins
+	- Reflect xchan store changes in plugins
+	- Rendezvous: Fixed marker creation bug
+	- Rendezvous: Center on marker if specified in URL, and update browser address bar with shareable link when selecting markers on the map
+	- Rendezvous: Set default value of 0 for priximity alert when making new markers
+	- Move gitwiki to plugins from core which has been replaced by native wiki
+	- Openclipatar: reflect changes to files and photos which were unified in core some time ago
+	- Reintroduce gnusocial plugin after security/functionality review
+	- Twitter_api: hubzilla core issue 638 - unsupported message-id field not available in all twitter api functions
+	- Superblock: update to reflect core changes
+	- Rendezvous: implement static marker proximity alert
+	- Phpmailer: security update
+
+Hubzilla 2.0 (2016-12-23)
+	- Deprecate bb_iframe
+	- Note widget: resize the textarea to reveal full content
+	- Implement fixed left aside
+	- Implement lockview for wikilist
+	- Simplify wikilist widget
+	- Router error reporting
+	- Setup changes to check for shell_exec and exec functions
+	- Extensible permissions upgrade handling for channels with custom permission roles
+	- Allow plugins to cancel item_store() and item_store_update()
+	- ZOT version 1.2 provides negotiation of cryptographic algorithms
+	- Provide a fresh new look and cleaner layout and more relevant information to siteinfo
+	- Introduce highlight bbcode [hl]
+	- Implement wiki mimetypes markdown or bbcode
+	- Doc pages refactoring
+	- Update webpages and wiki context help
+	- Make a git commit when a new wiki page is created
+	- Prev-next navigation for mod_connedit to ease bulk connection edits
+	- Move the remote user homebutton to the user menu
+	- Do not render maps/locations for Diaspora destinations
+	- Provide 'per-page' caching for is_matrix_url() results to reduce duplicate queries
+	- Don't send notification for posts/comments on old conversations that were refetched after having expired
+	- Numerous wiki UI improvements
+	- Move twitter api to addon
+	- Cleanup and re-organise the voting and attendance buttons
+	- Reorganise emoticons
+	- Collapse navbar-collapse-1 if avatar menu is clicked.
+	- New display setting: static page update as opposed to live update
+	- Command line administrative channel connect utility
+	- Modernise chanview
+	- Implement edit activities to share post/comment edits with protocols which do not support them (e.g. Diaspora)
+	- Wiki export
+	- Numerous postgres compatibility fixes
+	- Remove requirement that imported profile photos be in the profile photos album
+	- Change event behaviour - share by default.
+	- Use PDO database driver exclusively (deprecate drivers that are separately maintained)
+	- Zot API re-write and extended
+
+	Bugfixes
+	- Fix z_fetch_url() incorrect variable
+	- Fix SQL error with app categories
+	- Fix do not show revert buttons if we do not have write perms
+	- Fix dropdown positions
+	- Fix do not increase opacity to more than 1
+	- Fix clone sync missing for some item delete operations
+	- Fix embed-image for fullscreen mode
+	- Fix attach_list_files()
+	- Fix full screen for embedded videos
+	- Fix the forum widget for forums with custom perms
+	- Fix issue #607 parens not recognised inside urls
+	- Fix pubsites: don't list dead sites
+	- Fix issue #596 silence headers already sent warning
+	- Fix missing plugins in zot-info
+	- Fix notification issue
+	- Fix issue #594 like of thing appears as profile owner like
+	- Fix export issue
+	- Fix checklist bbcode - only turn [] and [x] into checkboxes if it is found inside a checklist
+	- Fix wiki permissions issues
+	- Fix public calendar leaks connection information (birthdays) when view_contacts is not allowed
+	- Fix attach_rename: flaw in duplicate filename detection resulted in filename(1)(1)(1).ext
+	- Fix a fatal error with incorrect DB object access
+	- Provide /locs link on settings page if there is more than one hubloc for this channnel *that isn't deleted*.
+	- Fix issue #577 if connecting to a channel that is already pending, undo the pending and set connect permissions accordingly
+	- Fix issue #575, when 'nofinish' is set on an event, invalid date was generated/stored
+	- Fix bbcode event formatting issue
+	- Fix zot_finger from navbar people search looping
+	- Fix fromStandalonePermission()
+
+	Plugins
+	- GNU Social: removed from addons for security reasons - it might be re-implemented once it is properly reviewed
+	- Diaspora: missing item author when diaspora public comment received from relay
+	- Superblock: refactoring
+	- New addon: tripleaes for pro
+	- Cdav:  "if not exists" only supported starting with postgresql v. 9.5 debian stable has 9.4
+	- Rendezvous: added markers and members export tool at /rendezvous/[group_id]/export/{markers,members}
+	- Twitter: move twitter api to addon
+	- New addon: b2tbtn (back to top button)
+	- Diaspora: import public diaspora messages to sys if applicable
+	- Diaspora: try and handle singletons better and simplify the associated notifier decisions
+	- Rendezvous: add proximity alert feature to members to issue notification when member is within a specified distance.
+	- New addon: diaspora_reconnect to refriend diaspora/friendica connections from a clone or channel move
+	- Diaspora: change the logic for deciding between upstream and downstream message flow for notifier plugins
+	- Rendezvous: prompt member to share their location by activating the GPS control using a tooltip and pulsing visibility
+	- statistics_json: fix nodeinfo
+	- Rendezvous: restored the lost gps-icon.png and corrected the OpenStreetMap tile server URL to avoid insecure content warnings
+	- Rendezvous: use observer name if available
+	- std_embeds: missing backslash
+	- Diaspora: postgres fixes issue #31
+	- Rendezvous: added marker list with centering buttons and popup open.
+	- Rendezvous: added control to see list of members sharing their location, with buttons to pan the map to center them
+	- Diaspora: system level diaspora toggle
+	- Rendezvous: added control that displays members.
+	- Diaspora: rename diaspora2bb() to markdown_to_bb() in core
+	- Hubwall: remove illegal unescaped angle chars
+	- Rendezvous: Add control to delete member if not updated in over 14 minutes
+
+Hubzilla 1.14 (2016-10-13)
+	- New hook bbcode_filter
+	- Unify the various mail sending instance to enotify::send() and z_mail()
+	- Provide ability for admin to change account password
+	- Replace deprecated Sabre functions
+	- Add plugin hook for 'get_profile_photo'
+	- Convert NULL_DATE to a legal date for compatibility with MySQL strict mode
+	- Allow a site to over-ride the help table-of-contents files
+	- Autoscroll to target post/comment when in single-thread mode
+	- Indicator for own response verb activity
+	- Add server role documentation
+	- Pro: remove 'Additional Features' link for techlevel 0
+	- Upgrade fullcalendar library to version 3
+	- Whitelist button tag in htmlpurifier
+	- Upgrade justifiedGallery library to version 3.6.3
+	- Pubsites improvements
+	- Upgrade foundation library to version 6.2.3
+	- Ability to move photos to another album
+	- Submodules for settings page
+	- Submodules for admin page
+	- Remove chatroom suggestions
+	- Revamped and improved theme select backend
+	- Theme preview
+	- Implement techlevels for pro server role
+	- BBcode checklist
+	- Improve save to folder modal dialog
+	- Case insensitive sort apps
+	- Add authors to post distribution
+	- Redirect to plugin page after enabling to show configuration settings if applicable
+	- Move allowed email domains to admin->security page
+	- Display text around the searched query in documentation search
+	- Comanche observer conditionals
+	- Remove ratings
+	- Context help for /connedit
+	- Provide configurable sidebar table-of-contents indexes for different levels of the help hierarchy
+	- Comanche conditionals
+	- Cover photo enhancements (does not disappear after initial scrolldown)
+	- Website import/export
+	- Server roles (basic, standard and pro)
+
+	Bugfixes
+	- Fix connected time not shown on ajax loaded connections
+	- API issues
+	- Fix readmore.js collapsing on scrolldirection change in some mobile browsers
+	- Personalize Server Emails
+	- Audio player doesn't automatically show for m4a files
+	- Fix ajax page update with /channel?f=&mid=hash
+	- Angle bracket characters in DB password not recognised
+	- Regression: files/photos were not synchronising to channel clones properly
+	- Missing categories in preview mode
+	- attach_store() sql issue
+	- Rename id share_container to distr_container - share_container seem to be blacklisted in various security browser plugins
+	- Add 'map' extension to files served natively by nginx without using the project controller
+	- Zot discovery wasn't returning in all cases (after discovering zot)
+	- Do not show hidden channels in /randprof
+	- Numerous postgres fixes
+	- Illegal offset errors in include/conversation:status_editor() when no permissions array is passed
+	- Patch foundation-6.2.3 to work with jquery-3.1
+	- Custom/expert permissions bug
+	- Mail: return array instead of object
+	- Don't send purge_all notification to self
+	- Saved search: tags and connection searches weren't being saved
+	- Do not allow PERMS_PUBLIC as a choice for writable permission limits
+	- Force cover photos as well as profile photos to be public. As a side effect 'thing' photos will also be considered public
+	- Make lock switching actually work with multiple acl forms
+	- Create smarty dir before any templates can be initialised
+	- Fix aconfig
+	- Broken doc search
+	- Public forum check with custom/expert permissions
+
+	Plugins
+	- Standard Embed: update to convert old corporate bbcodes
+	- Cdav security: fix rw permission check
+	- Cdav: add partial support for recurring events in the browser client (editing/creating is not implemented)
+	- New plugin phpmailer: use phpmailer class instead of php's built-in mail() function
+	- Diaspora: third party on other network comment issue
+	- Diaspora: comment fix (hubzilla originated comment with plugin activated by comment author not making it to Diaspora)
+	- Cdav: provide calendar list view
+	- Diaspora: allow comments on public diaspora posts which were imported by subscribing to public tags.
+	- Wppost: add blog_id parameter for WordPress MU sites such as WordPress.com
+	- Wppost: don't log the password in normal mode
+	- Hubwall: provide choice of sender addresses, the real admin email, postmaster, or noreply.
+	- Chord: General cleanup of chord app
+	- Chord: Update chord binary for modern linux systems
+	- Start grouping addons by server_role
+
 Hubzilla 1.12
 	- extensible permissions so you can create a new permission rule such as "can write to my wiki" or "can see me naked". 
 	- guest access tokens can do anything you let them, including create posts and administer your channel 

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2016 the Hubzilla Community
+Copyright (c) 2010-2017 the Hubzilla Community
 All rights reserved.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -3,60 +3,27 @@
 Hubzilla - Community Server
 ===========================
 
-Groupware re-imagined and re-invented. 
---------------------------------------
-
-Connect and link decentralised web communities. 
------------------------------------------------
-
 <p align="center" markdown="1">
 <em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
 
-**What are Hubz?**
 
-Hubz are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
-This allows hub members on any hub to securely and privately share anything; with anybody, on any hub - anywhere; or share stuff publicly with anybody on the internet if desired. 
+**What is Hubzilla?**
 
-**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache and popular variants). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
+Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. 
 
-Hubzilla hubz are
+Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. 
 
-* decentralised
-* inherently social
-* optionally inter-networked with other hubz
-* privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubz)
+Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services.
 
-Possible website applications include
+Migration and live backups of your connections, settings, and everything you publish are built-in, so you never need worry about server failure. 
 
-* decentralised social networking nodes
-* personal cloud storage
-* file dropboxes
-* managing organisational communications and activities
-* collaboration and community decision-making
-* small business websites
-* public and private media/file libraries
-* blogs
-* event promotion
-* feed aggregation and republishing
-* forums
-* dating websites
-* pretty much anything you can do on a traditional blog or community website, but that you could do better if you could easily connect it with other websites or privately share things across website boundaries. 
+Hubzilla is completely decentralised and open source, for you modify or adapt to your needs and desires. Plugins, themes, and numerous configuration options extend the overall capabilities to do anything you can imagine. 
 
-<p align="center" markdown="1">
-<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
-</p>
 
-**Who Are We and What Are Our Principles?**
-
-The Hubzilla community is powered by passionate volunteers creating an open source **commons** of decentralised services which are highly integrated and can rival the feature set of centralised providers. We are open to sponsorship and donations to cover expenses and compensate for our time and energy, however the project core is basically non-profit and is not designed for the purpose of commercial gain or exploitation. 
-
-Some sites may include monetisation strategies such as subscriptions and *freemium* models where members pay for resources they consume beyond a basic level. The project community supports such monetisation initiatives (nobody should be forced to pay "out of pocket" to provide a service to others), but we maintain the **commons** to provide open and free access of the software to all. 
-
-The software is not designed for data collection of its members or providing advertising. We don't have a need or desire for these things and feel that software built around these goals is poorly designed and represents compromised principles and ethics. 
-
-As a project, we are inclusive of all beliefs and cultures and do what we are able to provide an environment that is free from hostility and harrassment. Whether or not we succeed in this endaevour requires constant vigilance and help from all members of the community, working together to build an inter-networking tool with amazing potential. 
+**Who Are We?**
 
+The Hubzilla community consists of passionate volunteers creating an open source commons of decentralised services which are highly integrated and can rival the feature set of large centralised providers. We do our best to provide ethical software which places you in control of your online communications and privacy expectations.
 
 
 [![Build Status](https://travis-ci.org/redmatrix/hubzilla.svg)](https://travis-ci.org/redmatrix/hubzilla)

Zotlabs/Access/PermissionRoles.php

@@ -7,6 +7,9 @@ use Zotlabs\Lib as Zlib;
 
 class PermissionRoles {
 
+	static public function version() {
+		return 2;
+	}
 
 	static function role_perms($role) {
 
@@ -22,7 +25,7 @@ class PermissionRoles {
 				$ret['online'] = true;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'chat', 'post_like', 'republish' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -35,7 +38,7 @@ class PermissionRoles {
 				$ret['online'] = true;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'chat', 'post_like' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -49,7 +52,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
@@ -64,7 +67,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'republish', 'chat' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -77,7 +80,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'chat' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -92,7 +95,7 @@ class PermissionRoles {
 
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_wall', 'post_comments',
+					'view_pages', 'view_wiki', 'post_wall', 'post_comments',
 					'post_mail', 'post_like' , 'chat' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -100,6 +103,7 @@ class PermissionRoles {
 				$ret['limits']['view_contacts'] = PERMS_SPECIFIC;
 				$ret['limits']['view_storage']  = PERMS_SPECIFIC;
 				$ret['limits']['view_pages']    = PERMS_SPECIFIC;
+				$ret['limits']['view_wiki']     = PERMS_SPECIFIC;
 
 				break;
 
@@ -111,7 +115,7 @@ class PermissionRoles {
 
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' , 'republish' ];
 	
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -125,7 +129,7 @@ class PermissionRoles {
 				$ret['online'] = false;
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'send_stream', 'post_wall', 'post_comments', 
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments', 
 					'post_mail', 'post_like' , 'republish' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
@@ -140,7 +144,7 @@ class PermissionRoles {
 
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'post_like' , 'republish' ];
+					'view_pages', 'view_wiki', 'post_like' , 'republish' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
 
@@ -154,12 +158,13 @@ class PermissionRoles {
 
 				$ret['perms_connect'] = [ 
 					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
-					'view_pages', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
-					'post_mail', 'post_like' , 'republish', 'chat' ];
+					'view_pages', 'view_wiki', 'write_storage', 'write_pages', 'post_wall', 'post_comments', 'tag_deliver',
+					'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki' ];
 
 				$ret['limits'] = PermissionLimits::Std_Limits();
 				break;
 
+			case 'custom':
 			default:
 				break;
 		}
@@ -174,7 +179,68 @@ class PermissionRoles {
 		return $ret;
 	}
 
+	static public function new_custom_perms($uid,$perm,$abooks) {
 
+		// set permissionlimits for this permission here, for example:
+
+		// if($perm === 'mynewperm')
+		//     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
+
+		if($perm === 'view_wiki')
+		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_PUBLIC);
+
+		if($perm === 'write_wiki')
+		     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,PERMS_SPECIFIC);
+
+
+		// set autoperms here if applicable
+		// choices are to set to 0, 1, or the value of an existing perm
+
+		if(get_pconfig($uid,'system','autoperms')) {
+
+			$c = channelx_by_n($uid);
+			$value = 0;
+
+			// if($perm === 'mynewperm')
+			//	 $value = get_abconfig($uid,$c['channel_hash'],'autoperms','someexistingperm');
+
+			if($perm === 'view_wiki')
+				$value = get_abconfig($uid,$c['channel_hash'],'autoperms','view_pages');
+
+			if($perm === 'write_wiki')
+				$value = get_abconfig($uid,$c['channel_hash'],'autoperms','write_pages');
+
+			if($c) {
+				set_abconfig($uid,$c['channel_hash'],'autoperms',$perm,$value);
+			}
+
+
+		}
+
+		// now set something for all existing connections.
+
+		if($abooks) {
+			foreach($abooks as $ab) {
+				switch($perm) {
+					// case 'mynewperm':
+					// choices are to set to 1, set to 0, or clone an existing perm
+					// set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
+					//		intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','someexistingperm')));
+
+					case 'view_wiki':
+						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
+							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','view_pages')));
+
+					case 'write_wiki':
+						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
+							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','write_pages')));
+
+					default:
+						break;
+				}
+			}
+		}
+	}
 
 
 	static public function roles() {
@@ -210,6 +276,4 @@ class PermissionRoles {
     	return $roles;
 	}
 
-
-
 }

Zotlabs/Access/Permissions.php

@@ -10,9 +10,20 @@ class Permissions {
 	/**
 	 * Extensible permissions.
 	 * To add new permissions, add to the list of $perms below, with a simple description.
+	 *
 	 * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
 	 * if this permission should be granted to new connections.
 	 *
+	 * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom 
+	 * permission roles. You will want to set a default PermissionLimit for each channel and also
+	 * provide a sane default for any existing connections. You may or may not wish to provide a
+	 * default auto permission. If in doubt, leave this alone as custom permissions by definition
+	 * are the responsibility of the channel owner to manage. You just don't want to create any 
+	 * suprises or break things so you have an opportunity to provide sane settings. 
+	 *
+	 * Update the version here and in PermissionRoles
+	 *
+	 *
 	 * Permissions with 'view' in the name are considered read permissions. Anything
 	 * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
 	 * is given PERMS_SPECIFIC.
@@ -23,6 +34,11 @@ class Permissions {
 	 *
 	 */
 
+	static public function version() {
+		// This must match the version in PermissionRoles.php before permission updates can run.
+		return 2;
+	}
+
 
 	static public function Perms($filter = '') {
 
@@ -34,7 +50,9 @@ class Permissions {
 			'view_storage'  => t('Can view my file storage and photos'),
 			'write_storage' => t('Can upload/modify my file storage and photos'),
 			'view_pages'    => t('Can view my channel webpages'),
+			'view_wiki'     => t('Can view my wiki pages'),
 			'write_pages'   => t('Can create/edit my channel webpages'),
+			'write_wiki'    => t('Can write to my wiki pages'),
 			'post_wall'     => t('Can post on my channel (wall) page'),
 			'post_comments' => t('Can comment on or like my posts'),
 			'post_mail'     => t('Can send me private mail messages'),
@@ -76,6 +94,10 @@ class Permissions {
 	// Undeclared permissions are set to 0
 
 	static public function FilledPerms($arr) {
+		if(is_null($arr)) {
+			btlogger('FilledPerms: null');
+		}
+
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
@@ -88,6 +110,17 @@ class Permissions {
 
 	}
 
+	static public function OPerms($arr) {
+		$ret = [];
+		if($arr) {
+			foreach($arr as $k => $v) {
+				$ret[] = [ 'name' => $k, 'value' => $v ];
+			}
+		}
+		return $ret;
+	}
+
+
 	static public function FilledAutoperms($channel_id) {
 		if(! intval(get_pconfig($channel_id,'system','autoperms')))
 			return false;
@@ -98,7 +131,7 @@ class Permissions {
 		);
 		if($r) {
 			foreach($r as $rr) {
-				$arr[$rr['k']] = $arr[$rr['v']];
+				$arr[$rr['k']] = intval($rr['v']);
 			}
 		}
 		return $arr;
@@ -113,4 +146,76 @@ class Permissions {
 		}
 		return true;
 	}
+
+	static public function connect_perms($channel_id) {
+
+		$my_perms = [];
+		$permcat = null;
+		$automatic = 0;
+
+		// If a default permcat exists, use that
+
+		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');		
+		if(! in_array($pc, [ '','default' ])) {
+			$pcp = new Zlib\Permcat($channel_id);
+			$permcat = $pcp->fetch($pc);
+			if($permcat && $permcat['perms']) {
+				foreach($permcat['perms'] as $p) {
+					$my_perms[$p['name']] = $p['value'];
+				}
+			}
+		}
+
+		// look up the permission role to see if it specified auto-connect
+		// and if there was no permcat or a default permcat, set the perms 
+		// from the role
+
+		$role = get_pconfig($channel_id,'system','permissions_role');
+		if($role) {
+			$xx = PermissionRoles::role_perms($role);
+			if($xx['perms_auto'])
+				$automatic = 1;
+
+			if((! $my_perms) && ($xx['perms_connect'])) {
+				$default_perms = $xx['perms_connect'];
+				$my_perms = Permissions::FilledPerms($default_perms);
+			}
+		}
+
+		// If we reached this point without having any permission information,
+		// it is likely a custom permissions role. First see if there are any
+		// automatic permissions.
+
+		if(! $my_perms) {
+			$m = Permissions::FilledAutoperms($channel_id);
+			if($m) {
+				$automatic = 1;
+				$my_perms = $m;
+			}
+		}
+
+		// If we reached this point with no permissions, the channel is using
+		// custom perms but they are not automatic. They will be stored in abconfig with 
+		// the channel's channel_hash (the 'self' connection).
+
+		if(! $my_perms) {
+			$r = q("select channel_hash from channel where channel_id = %d",
+				intval($channel_id)
+			);
+			if($r) {
+				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
+					intval($channel_id),
+					dbesc($r[0]['channel_hash'])
+				);
+				if($x) {
+					foreach($x as $xv) {
+						$my_perms[$xv['k']] = intval($xv['v']);
+					}
+				}
+			}
+		}
+
+		return ( [ 'perms' => $my_perms, 'automatic' => $automatic ] );
+	}
+
 }

Zotlabs/Daemon/Addon.php

@@ -0,0 +1,14 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+require_once('include/zot.php');
+
+class Addon {
+
+	static public function run($argc,$argv) {
+
+		call_hooks('daemon_addon',$argv);
+
+	}
+}

Zotlabs/Daemon/Checksites.php

@@ -3,7 +3,6 @@
 namespace Zotlabs\Daemon;
 
 require_once('include/zot.php');
-require_once('include/hubloc.php');
 
 
 class Checksites {

Zotlabs/Daemon/Cron.php

@@ -43,16 +43,15 @@ class Cron {
 	
 		// expire any expired mail
 
-		q("delete from mail where expires != '%s' and expires < %s ",
+		q("delete from mail where expires > '%s' and expires < %s ",
 			dbesc(NULL_DATE),
 			db_utcnow()
 		);
 
 		// expire any expired items
 
-		$r = q("select id from item where expires != '%s' and expires < %s 
+		$r = q("select id from item where expires > '2001-01-01 00:00:00' and expires < %s 
 			and item_deleted = 0 ",
-			dbesc(NULL_DATE),
 			db_utcnow()
 		);
 		if($r) {
@@ -64,7 +63,7 @@ class Cron {
 
 		// delete expired access tokens
 
-		$r = q("select atoken_id from atoken where atoken_expires != '%s' && atoken_expires < %s",
+		$r = q("select atoken_id from atoken where atoken_expires > '%s' and atoken_expires < %s",
 			dbesc(NULL_DATE),
 			db_utcnow()
 		);

Zotlabs/Daemon/Cron_daily.php

@@ -76,7 +76,6 @@ class Cron_daily {
 		Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));
 
-		require_once('include/hubloc.php');
 		remove_obsolete_hublocs();
 
 		call_hooks('cron_daily',datetime_convert());

Zotlabs/Daemon/Cron_weekly.php

@@ -17,7 +17,6 @@ class Cron_weekly {
 
 		z_check_cert();
 
-		require_once('include/hubloc.php');
 		prune_hub_reinstalls();
 	
 		mark_orphan_hubsxchans();

Zotlabs/Daemon/Externals.php

@@ -58,7 +58,7 @@ class Externals {
 			}
 
 			if($url) {
-				if($r[0]['site_pull'] !== NULL_DATE)
+				if($r[0]['site_pull'] > NULL_DATE)
 					$mindate = urlencode(datetime_convert('','',$r[0]['site_pull'] . ' - 1 day'));
 				else {
 					$days = get_config('externals','since_days');

Zotlabs/Daemon/Master.php

@@ -24,8 +24,7 @@ class Master {
 	static public function Release($argc,$argv) {
 		cli_startup();
 		logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-		require_once('Zotlabs/Daemon/' . $argv[0] . '.php');
 		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
 		$cls::run($argc,$argv);
 	}	
-}
+}

Zotlabs/Daemon/Notifier.php

@@ -4,6 +4,7 @@ namespace Zotlabs\Daemon;
 
 require_once('include/queue_fn.php');
 require_once('include/html2plain.php');
+require_once('include/conversation.php');
 
 /*
  * This file was at one time responsible for doing all deliveries, but this caused
@@ -120,7 +121,7 @@ class Notifier {
 			$normal_mode = false;
 			$mail = true;
 			$private = true;
-			$message = q("SELECT * FROM `mail` WHERE `id` = %d LIMIT 1",
+			$message = q("SELECT * FROM mail WHERE id = %d LIMIT 1",
 					intval($item_id)
 			);
 			if(! $message) {
@@ -238,7 +239,7 @@ class Notifier {
 				$channel = $s[0];
 			$uid = $item_id;
 			$recipients = array();
-			$r = q("select abook_xchan from abook where abook_channel = %d",
+			$r = q("select abook_xchan from abook where abook_channel = %d and abook_self = 0",
 				intval($item_id)
 			);
 			if($r) {
@@ -371,12 +372,13 @@ class Notifier {
 				if(! $encoded_item['flags'])
 					$encoded_item['flags'] = array();
 				$encoded_item['flags'][] = 'relay';
+				$upstream = true;
 			}
 			else {
 				logger('notifier: normal distribution', LOGGER_DEBUG);
 				if($cmd === 'relay')
 					logger('notifier: owner relay');
-
+				$upstream = false;
 				// if our parent is a tag_delivery recipient, uplink to the original author causing
 				// a delivery fork. 
 	
@@ -445,6 +447,7 @@ class Notifier {
 
 		$narr = array(
 			'channel' => $channel,
+			'upstream' => $upstream,
 			'env_recips' => $env_recips,
 			'packet_recips' => $packet_recips,
 			'recipients' => $recipients,
@@ -488,7 +491,7 @@ class Notifier {
 		// Now we have collected recipients (except for external mentions, FIXME)
 		// Let's reduce this to a set of hubs.
 
-		$r = q("select * from hubloc where hubloc_hash in (" . implode(',',$recipients) . ") 
+		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ") 
 			and hubloc_error = 0 and hubloc_deleted = 0"
 		);		
  
@@ -546,6 +549,7 @@ class Notifier {
 
 				$narr = array(
 					'channel' => $channel,
+					'upstream' => $upstream,
 					'env_recips' => $env_recips,
 					'packet_recips' => $packet_recips,
 					'recipients' => $recipients,
@@ -599,8 +603,8 @@ class Notifier {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
 			elseif($packet_type === 'request') {
-				$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hash,
-					array('message_id' => $request_message_id)
+				$packet = zot_build_packet($channel,$packet_type,$env_recips,$hub['hubloc_sitekey'],$hub['site_crypto'],
+					$hash, array('message_id' => $request_message_id)
 				);
 			}
 
@@ -614,7 +618,7 @@ class Notifier {
 				));
 			}
 			else {
-				$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null),$hash);	
+				$packet = zot_build_packet($channel,'notify',$env_recips,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
 				queue_insert(array(
 					'hash'       => $hash,
 					'account_id' => $target_item['aid'],

Zotlabs/Daemon/Onepoll.php

@@ -54,7 +54,7 @@ class Onepoll {
 
 		logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}");
 
-		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] === NULL_DATE))	
+		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE))	
 			? datetime_convert('UTC','UTC','now - 7 days')
 			: datetime_convert('UTC','UTC',$contact['abook_updated'] . ' - 2 days')
 		);
@@ -102,11 +102,20 @@ class Onepoll {
 			$fetch_feed = true;
 			$x = null;
 
+			// They haven't given us permission to see their stream
+
 			$can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream'));
 
 			if(! $can_view_stream)
 				$fetch_feed = false;
 
+			// we haven't given them permission to send us their stream
+
+			$can_send_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'my_perms','send_stream'));
+			
+			if(! $can_send_stream)
+				$fetch_feed = false;
+
 			if($fetch_feed) {
 
 				$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		

Zotlabs/Daemon/Poller.php

@@ -117,7 +117,7 @@ class Poller {
 	
 					// if we've never connected with them, start the mark for death countdown from now
 	
-					if($c == NULL_DATE) {
+					if($c <= NULL_DATE) {
 						$r = q("update abook set abook_connected = '%s'  where abook_id = %d",
 							dbesc(datetime_convert()),
 							intval($contact['abook_id'])
@@ -171,7 +171,7 @@ class Poller {
 		}
 
 		if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ",
+			$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last <= '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ",
 				intval(UPDATE_FLAGS_UPDATED),
 				dbesc(NULL_DATE),
 				db_utcnow(), db_quoteinterval('7 DAY')
@@ -182,7 +182,7 @@ class Poller {
 					// If they didn't respond when we attempted before, back off to once a day
 					// After 7 days we won't bother anymore
 
-					if($rr['ud_last'] != NULL_DATE)
+					if($rr['ud_last'] > NULL_DATE)
 						if($rr['ud_last'] > datetime_convert('UTC','UTC', 'now - 1 day'))
 							continue;
 					Master::Summon(array('Onedirsync',$rr['ud_id']));

Zotlabs/Daemon/Queue.php

@@ -61,30 +61,15 @@ class Queue {
 			// the site is permanently down, there's no reason to attempt delivery at all, or at most not more than once 
 			// or twice a day. 
 	
-			// FIXME: can we sort postgres on outq_priority and maintain the 'distinct' ?
-			// The order by max(outq_priority) might be a dodgy query because of the group by.
-			// The desired result is to return a sequence in the order most likely to be delivered in this run.
-			// If a hub has already been sitting in the queue for a few days, they should be delivered last;
-			// hence every failure should drop them further down the priority list.
- 
-			if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
-				$prefix = 'DISTINCT ON (outq_posturl)';
-				$suffix = 'ORDER BY outq_posturl';
-			} else {
-				$prefix = '';
-				$suffix = 'GROUP BY outq_posturl ORDER BY max(outq_priority)';
-			}
-			$r = q("SELECT $prefix * FROM outq WHERE outq_delivered = 0 and (( outq_created > %s - INTERVAL %s and outq_updated < %s - INTERVAL %s ) OR ( outq_updated < %s - INTERVAL %s )) $suffix",
-				db_utcnow(), db_quoteinterval('12 HOUR'),
-				db_utcnow(), db_quoteinterval('15 MINUTE'),
-				db_utcnow(), db_quoteinterval('1 HOUR')
+			$r = q("SELECT * FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s ",
+				db_utcnow()
 			);
 		}
 		if(! $r)
 			return;
 
-		foreach($r as $rr) {
-			queue_deliver($rr);
+		foreach($r as $rv) {
+			queue_deliver($rv);
 		}
 	}
 }

Zotlabs/Daemon/Ratenotif.php

@@ -77,7 +77,7 @@ class Ratenotif {
 						continue;
 
 					$hash = random_string();
-					$n = zot_build_packet($channel,'notify',null,null,$hash);
+					$n = zot_build_packet($channel,'notify',null,null,'',$hash);
 
 					queue_insert(array(
 						'hash'       => $hash,

Zotlabs/Extend/Hook.php

@@ -10,7 +10,7 @@ class Hook {
 			$function = serialize($function);
 		}
 
-		$r = q("SELECT * FROM `hook` WHERE `hook` = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d LIMIT 1",
+		$r = q("SELECT * FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d LIMIT 1",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -23,13 +23,13 @@ class Hook {
 		// To aid in upgrade and transition, remove old settings for any registered hooks that match in all respects except
 		// for priority or hook_version
 
-		$r = q("DELETE FROM `hook` where `hook` = '%s' and `file` = '%s' and `fn` = '%s'",
+		$r = q("DELETE FROM hook where hook = '%s' and file = '%s' and fn = '%s'",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function)
 		);
 
-		$r = q("INSERT INTO `hook` (`hook`, `file`, `fn`, `priority`, `hook_version`) VALUES ( '%s', '%s', '%s', %d, %d )",
+		$r = q("INSERT INTO hook (hook, file, fn, priority, hook_version) VALUES ( '%s', '%s', '%s', %d, %d )",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -44,7 +44,7 @@ class Hook {
 		if(is_array($function)) {
 			$function = serialize($function);
 		}
-		$r = q("DELETE FROM hook WHERE hook = '%s' AND `file` = '%s' AND `fn` = '%s' and priority = %d and hook_version = %d",
+		$r = q("DELETE FROM hook WHERE hook = '%s' AND file = '%s' AND fn = '%s' and priority = %d and hook_version = %d",
 			dbesc($hook),
 			dbesc($file),
 			dbesc($function),
@@ -60,7 +60,7 @@ class Hook {
 
 	static public function unregister_by_file($file) {
 
-		$r = q("DELETE FROM hook WHERE `file` = '%s' ",
+		$r = q("DELETE FROM hook WHERE file = '%s' ",
 			dbesc($file)
 		);
 

Zotlabs/Lib/AConfig.php

@@ -10,12 +10,12 @@ class AConfig {
 		return XConfig::Load('a_' . $account_id);
 	}
 
-	static public function Get($account_id,$family,$key) {
-		return XConfig::Get('a_' . $account_id,$family,$key);
+	static public function Get($account_id,$family,$key,$default = false) {
+		return XConfig::Get('a_' . $account_id,$family,$key, $default);
 	}
 
 	static public function Set($account_id,$family,$key,$value) {
-		return XConfig::Get('a_' . $account_id,$family,$key,$value);
+		return XConfig::Set('a_' . $account_id,$family,$key,$value);
 	}
 
 	static public function Delete($account_id,$family,$key) {

Zotlabs/Lib/AbConfig.php

@@ -16,7 +16,7 @@ class AbConfig {
 	}
 
 
-	static public function Get($chan,$xhash,$family,$key) {
+	static public function Get($chan,$xhash,$family,$key, $default = false) {
 		$r = q("select * from abconfig where chan = %d and xchan = '%s' and cat = '%s' and k = '%s' limit 1",
 			intval($chan),
 			dbesc($xhash),
@@ -26,7 +26,7 @@ class AbConfig {
 		if($r) {
 			return ((preg_match('|^a:[0-9]+:{.*}$|s', $r[0]['v'])) ? unserialize($r[0]['v']) : $r[0]['v']);
 		}
-		return false;
+		return $default;
 	}
 
 

Zotlabs/Lib/Api_router.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class Api_router {
+
+	static private $routes = array();
+
+	static function register($path,$fn,$auth_required) {
+		self::$routes[$path] = [ 'func' => $fn, 'auth' => $auth_required ];
+	}
+
+	static function find($path) {
+		if(array_key_exists($path,self::$routes))
+			return self::$routes[$path];
+		return null;
+	}
+
+	static function dbg() {
+		return self::$routes;
+	}
+
+}

Zotlabs/Lib/Apps.php

@@ -38,6 +38,7 @@ class Apps {
 				if(plugin_is_installed($plugin)) {
 					$x = self::parse_app_description($f,$translate);
 					if($x) {
+						$x['plugin'] = $plugin;
 						$ret[] = $x;
 					}
 				}
@@ -54,7 +55,6 @@ class Apps {
 			return;
 		$apps = self::get_system_apps(false);
 
-
 		self::$installed_system_apps = q("select * from app where app_system = 1 and app_channel = %d",
 			intval(local_channel())
 		);
@@ -68,7 +68,7 @@ class Apps {
 				if($id !== true) {
 					// if we already installed this app, but it changed, preserve any categories we created
 					$s = '';
-					$r = q("select * from term where otype = %d and oid = d",
+					$r = q("select * from term where otype = %d and oid = %d",
 						intval(TERM_OBJ_APP),
 						intval($id)
 					);
@@ -102,17 +102,19 @@ class Apps {
 		foreach(self::$installed_system_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if($iapp['app_version'] != $app['version']) {
+				if(($iapp['app_version'] != $app['version'])
+					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
 			}
 		}
+
 		return $notfound;
 	}
 
 
 	static public function app_name_compare($a,$b) {
-		return strcmp($a['name'],$b['name']);
+		return strcasecmp($a['name'],$b['name']);
 	}
 
 
@@ -144,8 +146,11 @@ class Apps {
 		$ret['type'] = 'system';
 
 		foreach($ret as $k => $v) {
-			if(strpos($v,'http') === 0)
-				$ret[$k] = zid($v);
+			if(strpos($v,'http') === 0) {
+				if(! (local_channel() && strpos($v,z_root()) === 0)) {
+					$ret[$k] = zid($v);
+				}
+			}
 		}
 
 		if(array_key_exists('desc',$ret))
@@ -157,6 +162,8 @@ class Apps {
 		if(array_key_exists('version',$ret))
 			$ret['version'] = str_replace(array('\'','"'),array(''','&dquot;'),$ret['version']);
 
+		if(array_key_exists('categories',$ret))
+			$ret['categories'] = str_replace(array('\'','"'),array(''','&dquot;'),$ret['categories']);
 
 		if(array_key_exists('requires',$ret)) {
 			$requires = explode(',',$ret['requires']);
@@ -203,7 +210,7 @@ class Apps {
 	static public function translate_system_apps(&$arr) {
 		$apps = array(
 			'Site Admin' => t('Site Admin'),
-			'Bug Report' => t('Bug Report'),
+			'Report Bug' => t('Report Bug'),
 			'View Bookmarks' => t('View Bookmarks'),
 			'My Chatrooms' => t('My Chatrooms'),
 			'Connections' => t('Connections'),
@@ -238,9 +245,9 @@ class Apps {
 			'Profile Photo' => t('Profile Photo')
 		);
 
-		if(array_key_exists($arr['name'],$apps))
+		if(array_key_exists($arr['name'],$apps)) {
 			$arr['name'] = $apps[$arr['name']];
-
+		}
 	}
 
 
@@ -255,6 +262,7 @@ class Apps {
 		 *    list: normal mode for viewing an app on the app page
 		 *       no buttons are shown
 		 *    edit: viewing the app page in editing mode provides a delete button
+		 *    nav: render apps for app-bin
 		 */
 
 		$installed = false;
@@ -267,14 +275,20 @@ class Apps {
 
 		self::translate_system_apps($papp);
 
+		if(($papp['plugin']) && (! plugin_is_installed($papp['plugin'])))
+			return '';
+
 		$papp['papp'] = self::papp_encode($papp);
 
 		if(! strstr($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 
 		foreach($papp as $k => $v) {
-			if(strpos($v,'http') === 0 && $k != 'papp')
-				$papp[$k] = zid($v);
+			if(strpos($v,'http') === 0 && $k != 'papp') {
+				if(! (local_channel() && strpos($v,z_root()) === 0)) {
+					$papp[$k] = zid($v);
+				}
+			}
 			if($k === 'desc')
 				$papp['desc'] = str_replace(array('\'','"'),array(''','&dquot;'),$papp['desc']);
 
@@ -332,14 +346,23 @@ class Apps {
 		}
 
 		$install_action = (($installed) ? t('Update') : t('Install'));
+		$icon = ((strpos($papp['photo'],'icon:') === 0) ? substr($papp['photo'],5) : '');
 
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
+			'$icon' => $icon,
 			'$hosturl' => $hosturl,
 			'$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''),
 			'$install' => (($hosturl && $mode == 'view') ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
-			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : '')
+			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
+			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
+			'$deleted' => $papp['deleted'],
+			'$feature' => (($papp['embed']) ? false : true),
+			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
+			'$navapps' => (($mode == 'nav') ? true : false),
+			'$add' => t('Add to app-tray'),
+			'$remove' => t('Remove from app-tray')
 		));
 	}
 
@@ -359,7 +382,7 @@ class Apps {
 			if($r) {
 				if(! $r[0]['app_system']) {
 					if($app['categories'] && (! $app['term'])) {
-						$r[0]['term'] = q("select * from term where otype = %d and oid = d",
+						$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
 							intval(TERM_OBJ_APP),
 							intval($r[0]['id'])
 						);
@@ -382,36 +405,82 @@ class Apps {
 				intval($uid)
 			);
 			if($x) {
-				$x[0]['app_deleted'] = 1;
-				q("delete from term where otype = %d and oid = %d",
-					intval(TERM_OBJ_APP),
-					intval($x[0]['id'])
-				);
-				if($x[0]['app_system']) {
-					$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
-						dbesc($app['guid']),
-						intval($uid)
+				if(! intval($x[0]['app_deleted'])) {
+					$x[0]['app_deleted'] = 1;
+					q("delete from term where otype = %d and oid = %d",
+						intval(TERM_OBJ_APP),
+						intval($x[0]['id'])
 					);
+					if($x[0]['app_system']) {
+						$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
+							dbesc($app['guid']),
+							intval($uid)
+						);
+					}
+					else {
+						$r = q("delete from app where app_id = '%s' and app_channel = %d",
+							dbesc($app['guid']),
+							intval($uid)
+						);
+
+						// we don't sync system apps - they may be completely different on the other system
+						build_sync_packet($uid,array('app' => $x));
+					}
 				}
 				else {
-					$r = q("delete from app where app_id = '%s' and app_channel = %d",
-						dbesc($app['guid']),
-						intval($uid)
-					);
-
-					// we don't sync system apps - they may be completely different on the other system
-					build_sync_packet($uid,array('app' => $x));
+					self::app_undestroy($uid,$app);
 				}
 			}
 		}
 	}
 
+	static public function app_undestroy($uid,$app) {
+
+		// undelete a system app
+		
+		if($uid && $app['guid']) {
+
+			$x = q("select * from app where app_id = '%s' and app_channel = %d limit 1",
+				dbesc($app['guid']),
+				intval($uid)
+			);
+			if($x) {
+				if($x[0]['app_system']) {
+					$r = q("update app set app_deleted = 0 where app_id = '%s' and app_channel = %d",
+						dbesc($app['guid']),
+						intval($uid)
+					);
+				}
+			}
+		}
+	}
+
+	static public function app_feature($uid,$app) {
+		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
+			dbesc($app['guid']),
+			intval($uid)
+		);
+
+		$x = q("select * from term where otype = %d and oid = %d and term = 'nav_featured_app' limit 1",
+			intval(TERM_OBJ_APP),
+			intval($r[0]['id'])
+		);
+
+		if($x) {
+			q("delete from term where otype = %d and oid = %d and term = 'nav_featured_app'",
+				intval(TERM_OBJ_APP),
+				intval($x[0]['oid'])
+			);
+		}
+		else {
+			store_item_tag($uid,$r[0]['id'],TERM_OBJ_APP,TERM_CATEGORY,'nav_featured_app',escape_tags(z_root() . '/apps/?f=&cat=nav_featured_app'));
+		}
+	}
 
 	static public function app_installed($uid,$app) {
 
-		$r = q("select id from app where app_id = '%s' and app_version = '%s' and app_channel = %d limit 1",
+		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc((array_key_exists('guid',$app)) ? $app['guid'] : ''), 
-			dbesc((array_key_exists('version',$app)) ? $app['version'] : ''), 
 			intval($uid)
 		);
 		return(($r) ? true : false);
@@ -421,7 +490,7 @@ class Apps {
 
 	static public function app_list($uid, $deleted = false, $cat = '') {
 		if($deleted) 
-			$sql_extra = " and app_deleted = 1 ";
+			$sql_extra = "";
 		else
 			$sql_extra = " and app_deleted = 0 ";
 
@@ -445,6 +514,7 @@ class Apps {
 		$r = q("select * from app where app_channel = %d $sql_extra order by app_name asc",
 			intval($uid)
 		);
+
 		if($r) {
 			for($x = 0; $x < count($r); $x ++) {
 				if(! $r[$x]['app_system'])
@@ -455,6 +525,7 @@ class Apps {
 				);
 			}
 		}
+
 		return($r);
 	}
 
@@ -467,7 +538,7 @@ class Apps {
 
 	static public function app_store($arr) {
 
-		// logger('app_store: ' . print_r($arr,true));
+		//logger('app_store: ' . print_r($arr,true));
 
 		$darray = array();
 		$ret = array('success' => false);
@@ -478,7 +549,7 @@ class Apps {
 		if((! $darray['app_url']) || (! $darray['app_channel']))
 			return $ret;
 
-		if($arr['photo'] && ! strstr($arr['photo'],z_root())) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
 			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
@@ -494,13 +565,14 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr'))     ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price'))    ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page'))     ? escape_tags($arr['page']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin'))   ? escape_tags($arr['plugin']) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
 
 		$created = datetime_convert();
 
-		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
+		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d )",
 			dbesc($darray['app_id']),
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
@@ -517,6 +589,7 @@ class Apps {
 			dbesc($created),
 			dbesc($created),
 			intval($darray['app_system']),
+			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted'])
 		);
 		if($r) {
@@ -545,6 +618,7 @@ class Apps {
 
 	static public function app_update($arr) {
 
+		//logger('app_update: ' . print_r($arr,true));
 		$darray = array();
 		$ret = array('success' => false);
 
@@ -555,7 +629,7 @@ class Apps {
 		if((! $darray['app_url']) || (! $darray['app_channel']) || (! $darray['app_id']))
 			return $ret;
 
-		if($arr['photo'] && ! strstr($arr['photo'],z_root())) {
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
 			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
@@ -569,13 +643,14 @@ class Apps {
 		$darray['app_addr']     = ((x($arr,'addr')) ? escape_tags($arr['addr']) : '');
 		$darray['app_price']    = ((x($arr,'price')) ? escape_tags($arr['price']) : '');
 		$darray['app_page']     = ((x($arr,'page')) ? escape_tags($arr['page']) : '');
+		$darray['app_plugin']   = ((x($arr,'plugin')) ? escape_tags($arr['plugin']) : '');
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
 
 		$edited = datetime_convert();
 
-		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_deleted = %d where app_id = '%s' and app_channel = %d",
+		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d where app_id = '%s' and app_channel = %d",
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
 			dbesc($darray['app_name']),
@@ -589,6 +664,7 @@ class Apps {
 			dbesc($darray['app_requires']),
 			dbesc($edited),
 			intval($darray['app_system']),
+			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted']),
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
@@ -655,6 +731,9 @@ class Apps {
 		if($app['app_photo'])
 			$ret['photo'] = $app['app_photo'];
 
+		if($app['app_icon'])
+			$ret['icon'] = $app['app_icon'];
+
 		if($app['app_version'])
 			$ret['version'] = $app['app_version'];
 
@@ -673,6 +752,9 @@ class Apps {
 		if($app['app_system'])
 			$ret['system'] = $app['app_system'];
 
+		if($app['app_plugin'])
+			$ret['plugin'] = $app['app_plugin'];
+
 		if($app['app_deleted'])
 			$ret['deleted'] = $app['app_deleted'];
 
@@ -690,6 +772,8 @@ class Apps {
 		if(! $embed)
 			return $ret;
 
+		$ret['embed'] = true;
+
 		if(array_key_exists('categories',$ret))
 			unset($ret['categories']);
 	

Zotlabs/Lib/Config.php

@@ -98,13 +98,13 @@ class Config {
 	 * @return mixed Return value or false on error or if not set
 	 */
 
-	static public function Get($family,$key) {
+	static public function Get($family,$key,$default = false) {
 		if((! array_key_exists($family, \App::$config)) || (! array_key_exists('config_loaded', \App::$config[$family])))
 			self::Load($family);
 
 		if(array_key_exists('config_loaded', \App::$config[$family])) {
 			if(! array_key_exists($key, \App::$config[$family])) {
-				return false;		
+				return $default;		
 			}
 			return ((! is_array(\App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$family][$key])) 
 				? unserialize(\App::$config[$family][$key])
@@ -112,7 +112,7 @@ class Config {
 			);
 		}
 
-		return false;
+		return $default;
 	}
 
 	/**

Zotlabs/Lib/Enotify.php

@@ -70,7 +70,19 @@ class Enotify {
 		$hostname = substr($hostname,0,strpos($hostname,':'));
 
 		// Do not translate 'noreply' as it must be a legal 7-bit email address
-		$sender_email = 'noreply' . '@' . $hostname;
+
+		$reply_email = get_config('system','reply_address');
+		if(! $reply_email)
+			$reply_email = 'noreply' . '@' . $hostname;
+
+		$sender_email = get_config('system','from_email');
+		if(! $sender_email)
+			$sender_email = 'Administrator' . '@' . \App::get_hostname();
+	
+		$sender_name = get_config('system','from_email_name');
+		if(! $sender_name)
+			$sender_name = \Zotlabs\Lib\System::get_site_name();
+
 
 		$additional_mail_header = "";
 
@@ -90,6 +102,10 @@ class Enotify {
 				$title = $params['item']['title'];
 				$body = $params['item']['body'];
 			}
+			if($params['item']['created'] < datetime_convert('UTC','UTC','now - 1 month')) {
+				logger('notification invoked for an old item which may have been refetched.',LOGGER_DEBUG,LOG_INFO);
+				return;
+			}
 		} 
 		else {
 			$title = $body = '';
@@ -101,7 +117,7 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_MAIL) {
 		logger('notification: mail');
-		$subject = 	sprintf( t('[Hubzilla:Notify] New mail received at %s'),$sitename);
+		$subject = 	sprintf( t('[$Projectname:Notify] New mail received at %s'),$sitename);
 
 		$preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename);
 		$epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]');
@@ -116,10 +132,13 @@ class Enotify {
 
 		$itemlink =  $params['link'];
 
-		// ignore like/unlike activity on posts - they probably require a sepearate notification preference
+		// ignore like/unlike activity on posts - they probably require a separate notification preference
 
-		if (array_key_exists('item',$params) && (! visible_activity($params['item'])))
+		if (array_key_exists('item',$params) && (! visible_activity($params['item']))) {
+			logger('notification: not a visible activity. Ignoring.');
+			pop_lang();
 			return;
+		}
 
 		$parent_mid = $params['parent_mid'];
 
@@ -189,7 +208,7 @@ class Enotify {
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.
 
-		$subject = sprintf( t('[Hubzilla:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
@@ -198,8 +217,87 @@ class Enotify {
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
 	}
 
+	if ($params['type'] == NOTIFY_LIKE) {
+//		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
+
+		$itemlink =  $params['link'];
+
+		// ignore like/unlike activity on posts - they probably require a separate notification preference
+
+		if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
+			logger('notification: not a like activity. Ignoring.');
+			pop_lang();
+			return;
+		}
+
+		$parent_mid = $params['parent_mid'];
+
+		// Check to see if there was already a notify for this post.
+		// If so don't create a second notification
+
+		$p = null;
+		$p = q("select id from notify where link = '%s' and uid = %d limit 1",
+			dbesc($params['link']),
+			intval($recip['channel_id'])
+		);
+		if ($p) {
+			logger('notification: like already notified');
+			pop_lang();
+			return;
+		}
+	
+
+		// if it's a post figure out who's post it is.
+
+		$p = null;
+
+		if($params['otype'] === 'item' && $parent_mid) {
+			$p = q("select * from item where mid = '%s' and uid = %d limit 1",
+				dbesc($parent_mid),
+				intval($recip['channel_id'])
+			);
+		}
+
+		xchan_query($p);
+
+
+		$item_post_type = item_post_type($p[0]);
+//		$private = $p[0]['item_private'];
+		$parent_id = $p[0]['id'];
+
+		$parent_item = $p[0];
+
+
+		// "your post"
+		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
+			$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
+				$recip['channel_name'],
+				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
+				$itemlink,
+				$item_post_type);
+		else {
+			pop_lang();
+			return;
+		}
+
+		// Some mail softwares relies on subject field for threading.
+		// So, we cannot have different subjects for notifications of the same thread.
+		// Before this we have the name of the replier on the subject rendering 
+		// differents subjects for messages on the same thread.
+
+		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']); 
+		$epreamble = $dest_str; 
+
+		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
+		$tsitelink = sprintf( $sitelink, $siteurl );
+		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
+	}
+
+
+
 	if($params['type'] == NOTIFY_WALL) {
-		$subject = sprintf( t('[Hubzilla:Notify] %s posted to your profile wall') , $sender['xchan_name']);
+		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
 
 		$preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
 
@@ -227,7 +325,7 @@ class Enotify {
 			return;
 		}
 	
-		$subject =	sprintf( t('[Hubzilla:Notify] %s tagged you') , $sender['xchan_name']);
+		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') ,
 			$recip['channel_name'],
@@ -241,7 +339,7 @@ class Enotify {
 	}
 
 	if ($params['type'] == NOTIFY_POKE) {
-		$subject =	sprintf( t('[Hubzilla:Notify] %1$s poked you') , $sender['xchan_name']);
+		$subject =	sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') ,
 			$recip['channel_name'], 
@@ -259,7 +357,7 @@ class Enotify {
 	}
 
 	if ($params['type'] == NOTIFY_TAGSHARE) {
-		$subject =	sprintf( t('[Hubzilla:Notify] %s tagged your post') , $sender['xchan_name']);
+		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') ,
 			$recip['channel_name'],
@@ -273,7 +371,7 @@ class Enotify {
 	}
 
 	if ($params['type'] == NOTIFY_INTRO) {
-		$subject = sprintf( t('[Hubzilla:Notify] Introduction received'));
+		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
 		$preamble = sprintf( t('%1$s, you\'ve received an new connection request from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
 		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a new connection request[/zrl] from %3$s.'),
 			$recip['channel_name'],
@@ -288,7 +386,7 @@ class Enotify {
 	}
 
 	if ($params['type'] == NOTIFY_SUGGEST) {
-		$subject = sprintf( t('[Hubzilla:Notify] Friend suggestion received'));
+		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
 		$preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
 		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'),
 			$recip['channel_name'],
@@ -346,7 +444,7 @@ class Enotify {
 	do {
 		$dups = false;
 		$hash = random_string();
-		$r = q("SELECT `id` FROM `notify` WHERE `hash` = '%s' LIMIT 1",
+		$r = q("SELECT id FROM notify WHERE hash = '%s' LIMIT 1",
 			dbesc($hash));
 		if ($r)
 			$dups = true;
@@ -386,8 +484,11 @@ class Enotify {
 	// Mark some notifications as seen right away
 	// Note! The notification have to be created, because they are used to send emails
 	// So easiest solution to hide them from Notices is to mark them as seen right away.
-	// Another option would be to not add them to the DB, and change how emails are handled (probably would be better that way)
+	// Another option would be to not add them to the DB, and change how emails are handled 
+	// (probably would be better that way)
+
 	$always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices');
+
 	if (!$always_show_in_notices) {
 		if (($params['type'] == NOTIFY_WALL) || ($params['type'] == NOTIFY_MAIL) || ($params['type'] == NOTIFY_INTRO)) {
 			$seen = 1;
@@ -459,7 +560,7 @@ class Enotify {
 		// use $_SESSION['zid_override'] to force zid() to use 
 		// the recipient address instead of the current observer
 
-		$_SESSION['zid_override'] = $recip['channel_address'] . '@' . \App::get_hostname();
+		$_SESSION['zid_override'] = channel_reddress($recip);
 		$_SESSION['zrl_override'] = z_root() . '/channel/' . $recip['channel_address'];
 		
 		$textversion = zidify_links($textversion);
@@ -515,7 +616,7 @@ class Enotify {
 					$private_activity = true;
 				case NOTIFY_MAIL:
 					$datarray['textversion'] = $datarray['htmlversion'] = $datarray['title'] = '';
-					$datarray['subject'] = preg_replace('/' . preg_quote(t('[Hubzilla:Notify]')) . '/','$0*',$datarray['subject']);
+					$datarray['subject'] = preg_replace('/' . preg_quote(t('[$Projectname:Notify]')) . '/','$0*',$datarray['subject']);
 					break;
 				default:
 					break;
@@ -577,7 +678,7 @@ class Enotify {
 		self::send(array(
 			'fromName'             => $sender_name,
 			'fromEmail'            => $sender_email,
-			'replyTo'              => $sender_email,
+			'replyTo'              => $reply_email,
 			'toEmail'              => $recip['account_email'],
 			'messageSubject'       => $datarray['subject'],
 			'htmlVersion'          => $email_html_body,
@@ -606,6 +707,16 @@ class Enotify {
 	 */
 	static public function send($params) {
 
+		$params['sent']   = false;
+		$params['result'] = false;
+
+		call_hooks('email_send', $params);
+
+		if($params['sent']) {
+			logger("notification: enotify::send (addon) returns " . (($params['result']) ? 'success' : 'failure'), LOGGER_DEBUG);
+			return $params['result'];
+		}
+
 		$fromName = email_header_encode(html_entity_decode($params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8'); 
 		$messageSubject = email_header_encode(html_entity_decode($params['messageSubject'],ENT_QUOTES,'UTF-8'),'UTF-8');
 
@@ -645,7 +756,8 @@ class Enotify {
 			$multipartMessageBody,							// message body
 			$messageHeader									// message headers
 		);
-		logger("notification: enotify::send returns " . $res, LOGGER_DEBUG);
+		logger("notification: enotify::send returns " . (($res) ? 'success' : 'failure'), LOGGER_DEBUG);
+		return $res;
 	}
 
 	static public function format($item) {
@@ -654,12 +766,12 @@ class Enotify {
 
 		require_once('include/conversation.php');
 
-		// Call localize_item with the "brief" flag to get a one line status for activities. 
+		// Call localize_item to get a one line status for activities. 
 		// This should set $item['localized'] to indicate we have a brief summary.
 
 		localize_item($item);
 
-		if($item_localize) {
+		if($item['localize']) {
 			$itemem_text = $item['localize'];
 		}
 		else {
@@ -671,7 +783,7 @@ class Enotify {
 		// convert this logic into a json array just like the system notifications
 
 		return array(
-			'notify_link' => $item['llink'], 
+			'notify_link' => $item['llink'],
 			'name' => $item['author']['xchan_name'],
 			'url' => $item['author']['xchan_url'],
 			'photo' => $item['author']['xchan_photo_s'],

Zotlabs/Lib/ExtendedZip.php

@@ -0,0 +1,57 @@
+<?php
+
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+
+namespace Zotlabs\Lib;
+
+/**
+ * Description of ExtendedZip
+ *
+ * @author andrew
+ */
+class ExtendedZip extends \ZipArchive {
+		
+		// Member function to add a whole file system subtree to the archive
+		public function addTree($dirname, $localname = '') {
+				if ($localname)
+						$this->addEmptyDir($localname);
+				$this->_addTree($dirname, $localname);
+		}
+
+		// Internal function, to recurse
+		protected function _addTree($dirname, $localname) {
+				$dir = opendir($dirname);
+				while ($filename = readdir($dir)) {
+						// Discard . and ..
+						if ($filename == '.' || $filename == '..')
+								continue;
+
+						// Proceed according to type
+						$path = $dirname . '/' . $filename;
+						$localpath = $localname ? ($localname . '/' . $filename) : $filename;
+						if (is_dir($path)) {
+								// Directory: add & recurse
+								$this->addEmptyDir($localpath);
+								$this->_addTree($path, $localpath);
+						}
+						else if (is_file($path)) {
+								// File: just add
+								$this->addFile($path, $localpath);
+						}
+				}
+				closedir($dir);
+		}
+
+		// Helper function
+		public static function zipTree($dirname, $zipFilename, $flags = 0, $localname = '') {
+				$zip = new self();
+				$zip->open($zipFilename, $flags);
+				$zip->addTree($dirname, $localname);
+				$zip->close();
+		}
+		
+}

Zotlabs/Lib/IConfig.php

@@ -10,7 +10,7 @@ class IConfig {
 		return;
 	}
 
-	static public function Get(&$item, $family, $key) {
+	static public function Get(&$item, $family, $key, $default = false) {
 
 		$is_item = false;
 	
@@ -28,7 +28,7 @@ class IConfig {
 			$iid = $item;
 
 		if(! $iid)
-			return false;
+			return $default;
 
 		if(is_array($item) && array_key_exists('iconfig',$item) && is_array($item['iconfig'])) {
 			foreach($item['iconfig'] as $c) {
@@ -48,7 +48,7 @@ class IConfig {
 				$item['iconfig'][] = $r[0];
 			return $r[0]['v'];
 		}
-		return false;
+		return $default;
 
 	}
 

Zotlabs/Lib/NativeWiki.php

@@ -0,0 +1,210 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+define ( 'NWIKI_ITEM_RESOURCE_TYPE', 'nwiki' );
+
+class NativeWiki {
+
+
+	static public function listwikis($channel, $observer_hash) {
+
+		$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
+		$wikis = q("SELECT * FROM item 
+			WHERE resource_type = '%s' AND mid = parent_mid AND uid = %d AND item_deleted = 0 $sql_extra", 
+			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
+			intval($channel['channel_id'])
+		);
+
+		if($wikis) {
+			foreach($wikis as &$w) {
+				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
+				$w['htmlName'] = escape_tags($w['rawName']);
+				$w['urlName']  = urlencode(urlencode($w['rawName']));
+				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
+				$w['lock']     = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
+			}
+		}
+		// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
+		return array('wikis' => $wikis);
+	}
+
+
+	function create_wiki($channel, $observer_hash, $wiki, $acl) {
+
+		// Generate unique resource_id using the same method as item_message_id()
+		do {
+			$dups = false;
+			$resource_id = random_string();
+			$r = q("SELECT mid FROM item WHERE resource_id = '%s' AND resource_type = '%s' AND uid = %d LIMIT 1", 
+				dbesc($resource_id), 
+				dbesc(NWIKI_ITEM_RESOURCE_TYPE),
+				intval($channel['channel_id'])
+			);
+			if($r)
+				$dups = true;
+		} while($dups == true);
+
+		$ac = $acl->get();
+		$mid = item_message_id();
+
+		$arr = array();	// Initialize the array of parameters for the post
+		$item_hidden = ((intval($wiki['postVisible']) === 0) ? 1 : 0); 
+		$wiki_url = z_root() . '/wiki/' . $channel['channel_address'] . '/' . $wiki['urlName'];
+		$arr['aid'] = $channel['channel_account_id'];
+		$arr['uid'] = $channel['channel_id'];
+		$arr['mid'] = $mid;
+		$arr['parent_mid'] = $mid;
+		$arr['item_hidden'] = $item_hidden;
+		$arr['resource_type'] = NWIKI_ITEM_RESOURCE_TYPE;
+		$arr['resource_id'] = $resource_id;
+		$arr['owner_xchan'] = $channel['channel_hash'];
+		$arr['author_xchan'] = $observer_hash;
+		$arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . urlencode($arr['mid']);
+		$arr['llink'] = $arr['plink'];
+		$arr['title'] = $wiki['htmlName'];  // name of new wiki;
+		$arr['allow_cid'] = $ac['allow_cid'];
+		$arr['allow_gid'] = $ac['allow_gid'];
+		$arr['deny_cid'] = $ac['deny_cid'];
+		$arr['deny_gid'] = $ac['deny_gid'];
+		$arr['item_wall'] = 1;
+		$arr['item_origin'] = 1;
+		$arr['item_thread_top'] = 1;
+		$arr['item_private'] = intval($acl->is_private());
+		$arr['verb'] = ACTIVITY_CREATE;
+		$arr['obj_type'] = ACTIVITY_OBJ_WIKI;
+		$arr['body'] = '[table][tr][td][h1]New Wiki[/h1][/td][/tr][tr][td][zrl=' . $wiki_url . ']' . $wiki['htmlName'] . '[/zrl][/td][/tr][/table]';
+
+		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_wiki'),true);
+
+		// Save the wiki name information using iconfig. This is shareable.
+		if(! set_iconfig($arr, 'wiki', 'rawName', $wiki['rawName'], true)) {
+			return array('item' => null, 'success' => false);
+		}
+		if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
+			return array('item' => null, 'success' => false);
+		}
+	
+		$post = item_store($arr);
+
+		$item_id = $post['item_id'];
+
+		if($item_id) {
+			\Zotlabs\Daemon\Master::Summon(array('Notifier', 'activity', $item_id));
+			return array('item' => $post['item'], 'item_id' => $item_id, 'success' => true);
+		}
+		else {
+			return array('item' => null, 'success' => false);
+		}
+	}
+
+	static public function sync_a_wiki_item($uid,$id,$resource_id) {
+
+
+		$r = q("SELECT * from item WHERE uid = %d AND ( id = %d OR ( resource_type = '%s' and resource_id = %d )) ",
+			intval($uid),
+			intval($id),
+			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
+			intval($resource_id)
+		);
+		if($r) {
+			xchan_query($r);
+			$sync_item = fetch_post_tags($r);
+			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
+		}
+	}
+
+	function delete_wiki($channel_id,$observer_hash,$resource_id) {
+
+		$w = self::get_wiki($channel_id,$observer_hash,$resource_id);
+		$item = $w['wiki'];
+		if(! $item) {
+			return array('item' => null, 'success' => false);
+		} 
+		else {
+			$drop = drop_item($item['id'], false, DROPITEM_NORMAL, true);
+		}
+
+		info( t('Wiki files deleted successfully'));
+
+		return array('item' => $item, 'item_id' => $item['id'], 'success' => (($drop === 1) ? true : false));
+	}
+
+
+	static public function get_wiki($channel_id, $observer_hash, $resource_id) {
+		
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
+
+		$item = q("SELECT * FROM item WHERE uid = %d AND resource_type = '%s' AND resource_id = '%s' AND item_deleted = 0 
+			$sql_extra limit 1",
+			intval($channel_id), 
+			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
+			dbesc($resource_id)
+		);
+		if(! $item) {
+			return array('wiki' => null);
+		}
+		else {
+		
+			$w = $item[0];	// wiki item table record
+			// Get wiki metadata
+			$rawName  = get_iconfig($w, 'wiki', 'rawName');
+			$mimeType = get_iconfig($w, 'wiki', 'mimeType');
+
+			return array(
+				'wiki' => $w,
+				'rawName' => $rawName,
+				'htmlName' => escape_tags($rawName),
+				'urlName' => urlencode(urlencode($rawName)),
+				'mimeType' => $mimeType
+			);
+		}
+	}
+
+
+	static public function exists_by_name($uid, $urlName) {
+
+		$sql_extra = item_permissions_sql($uid);		
+
+		$item = q("SELECT item.id, resource_id FROM item left join iconfig on iconfig.iid = item.id 
+			WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d 
+			AND item_deleted = 0 $sql_extra limit 1", 
+			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
+			dbesc(urldecode($urlName)), 
+			intval($uid)
+		);
+
+		if($item) {
+			return array('id' => $item[0]['id'], 'resource_id' => $item[0]['resource_id']);
+		} 
+		else {
+			return array('id' => null, 'resource_id' => null);
+		}
+	}
+
+
+	static public function get_permissions($resource_id, $owner_id, $observer_hash) {
+		// TODO: For now, only the owner can edit
+		$sql_extra = item_permissions_sql($owner_id, $observer_hash);
+
+		if(local_channel() && local_channel() == $owner_id) {
+			return [ 'read' => true, 'write' => true, 'success' => true ];
+		}
+
+		$r = q("SELECT * FROM item WHERE uid = %d and resource_type = '%s' AND resource_id = '%s' $sql_extra LIMIT 1",
+			intval($owner_id),
+			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
+			dbesc($resource_id)
+		);
+
+		if(! $r) {
+			return array('read' => false, 'write' => false, 'success' => true);
+		}
+		else {
+			// TODO: Create a new permission setting for wiki analogous to webpages. Until
+			// then, use webpage permissions
+			$write = perm_is_allowed($owner_id, $observer_hash,'write_wiki');
+			return array('read' => true, 'write' => $write, 'success' => true);
+		}
+	}
+}

Zotlabs/Lib/NativeWikiPage.php

@@ -0,0 +1,664 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use \Zotlabs\Lib as Zlib;
+
+class NativeWikiPage {
+
+	static public function page_list($channel_id,$observer_hash, $resource_id) {
+
+		// TODO: Create item table records for pages so that metadata like title can be applied
+		$w = Zlib\NativeWiki::get_wiki($channel_id,$observer_hash,$resource_id);
+
+		$pages[] = [
+			'resource_id' => '',
+			'title'       => 'Home',
+			'url'         => 'Home',
+			'link_id'     => 'id_wiki_home_0'
+		];
+
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
+
+		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
+			$sql_extra group by mid",
+			dbesc($resource_id),
+			intval($channel_id)
+		);
+		if($r) {
+			$items = fetch_post_tags($r,true);
+			foreach($items as $page_item) {
+				$title = get_iconfig($page_item['id'],'nwikipage','pagetitle',t('(No Title)'));
+				if(urldecode($title) !== 'Home') {
+					$pages[] = [
+						'resource_id' => $resource_id,
+						'title'       => escape_tags($title),
+						'url'         => urlencode(urlencode($title)),
+						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
+					];
+				}
+			}
+		}
+
+		return array('pages' => $pages, 'wiki' => $w);
+	}
+
+
+	static public function create_page($channel_id, $observer_hash, $name, $resource_id) {
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+
+		if (! $w['wiki']) {
+			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		// create an empty activity
+
+		$arr = [];
+		$arr['uid']           = $channel_id;
+		$arr['author_xchan']  = $observer_hash;
+		$arr['resource_type'] = 'nwikipage';
+		$arr['resource_id']   = $resource_id;
+		$arr['allow_cid']     = $w['wiki']['allow_cid'];
+		$arr['allow_gid']     = $w['wiki']['allow_gid'];
+		$arr['deny_cid']      = $w['wiki']['deny_cid'];
+		$arr['deny_gid']      = $w['wiki']['deny_gid'];
+
+		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel_id,'view_wiki'),true);
+
+		// We may wish to change this some day.
+		$arr['item_unpublished'] = 1;
+
+		set_iconfig($arr,'nwikipage','pagetitle',(($name) ? $name : t('(No Title)')),true);
+
+		$p = post_activity_item($arr, false, false);
+
+		if($p['item_id']) {
+			$page = [ 
+				'rawName'  => $name,
+				'htmlName' => escape_tags($name),
+				'urlName'  => urlencode($name), 
+
+			];
+
+			return array('page' => $page, 'item_id' => $p['item_id'], 'item' => $p['activity'], 'wiki' => $w, 'message' => '', 'success' => true);
+		}
+		return [ 'success' => false, 'message' => t('Wiki page create failed.') ];
+	}
+
+	static public function rename_page($arr) {
+
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
+		$pageNewName   = ((array_key_exists('pageNewName',$arr))   ? $arr['pageNewName']   : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if(! $w['wiki']) {
+			return array('message' => t('Wiki not found.'), 'success' => false);
+		}
+
+
+		$ic = q("select * from iconfig left join item on iconfig.iid = item.id 
+			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
+			intval($channel_id),
+			dbesc($pageNewName)
+		);
+
+		if($ic) {
+			return [ 'success' => false, 'message' => t('Destination name already exists') ];
+		}
+
+
+		$ids = [];
+
+		$ic = q("select *, item.id as item_id from iconfig left join item on iconfig.iid = item.id 
+			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
+			intval($channel_id),
+			dbesc($pageUrlName)
+		);
+
+		if($ic) {
+			foreach($ic as $c) {
+				set_iconfig($c['item_id'],'nwikipage','pagetitle',$pageNewName);
+			}
+
+			$page = [ 
+				'rawName'  => $pageNewName, 
+				'htmlName' => escape_tags($pageNewName), 
+				'urlName'  => urlencode(escape_tags($pageNewName))
+			];
+
+			return [ 'success' => true, 'page' => $page ];
+		}
+
+		return [ 'success' => false, 'item_id' => $c['item_id'], 'message' => t('Page not found') ];
+	
+	}
+
+	static public function get_page_content($arr) {
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']        : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']        : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']      : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? intval($arr['channel_id']) : 0);
+		$revision      = ((array_key_exists('revision',$arr))      ? intval($arr['revision'])   : (-1));
+
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if (! $w['wiki']) {
+			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		$item = self::load_page($arr);
+
+		if($item) {
+			$content = $item['body'];
+
+			return [ 
+				'content' => json_encode($content), 
+				'mimeType' => $w['mimeType'], 
+				'message' => '', 
+				'success' => true
+			];
+		}
+	
+		return array('content' => null, 'message' => t('Error reading page content'), 'success' => false);
+
+	}
+
+	static public function page_history($arr) {
+		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
+		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if (!$w['wiki']) {
+			return array('history' => null, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		$items = self::load_page_history($arr);
+
+		$history = [];
+
+		if($items) {
+			$processed = 0;
+			foreach($items as $item) {
+				if($processed > 1000)
+					break;
+				$processed ++;
+				$history[] = [ 
+					'revision' => $item['revision'],
+					'date' => datetime_convert('UTC',date_default_timezone_get(),$item['edited']),
+					'name' => $item['author']['xchan_name'],
+					'title' => get_iconfig($item,'nwikipage','commit_msg') 
+				];
+
+			}
+
+			return [ 'success' => true, 'history' => $history ];
+		}
+
+		return [ 'success' => false ];
+
+	}
+	
+
+	static public function load_page($arr) {
+
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']     : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']     : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']   : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']      : 0);
+		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']        : (-1));
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+
+		if (! $w['wiki']) {
+			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		$ids = '';
+
+		$ic = q("select * from iconfig left join item on iconfig.iid = item.id where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
+			intval($channel_id),
+			dbesc($pageUrlName)
+		);
+
+		if($ic) {
+			foreach($ic as $c) {
+				if($ids)
+					$ids .= ',';
+				$ids .= intval($c['iid']);
+			}
+		}
+
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
+
+		if($revision == (-1))
+			$sql_extra .= " order by revision desc ";
+		elseif($revision)
+			$sql_extra .= " and revision = " . intval($revision) . " ";
+
+		$r = null;
+
+
+		if($ids) {
+			$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and id in ( $ids ) $sql_extra limit 1",
+				dbesc($resource_id),
+				intval($channel_id)
+			);
+
+			if($r) {
+				$items = fetch_post_tags($r,true);
+				return $items[0];
+			}
+		}
+
+		return null;
+	}
+
+	static public function load_page_history($arr) {
+
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']     : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']     : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash']   : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']      : 0);
+		$revision      = ((array_key_exists('revision',$arr))      ? $arr['revision']        : (-1));
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if (! $w['wiki']) {
+			return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		$ids = '';
+
+		$ic = q("select * from iconfig left join item on iconfig.iid = item.id where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
+			intval($channel_id),
+			dbesc($pageUrlName)
+		);
+	
+		if($ic) {
+			foreach($ic as $c) {
+				if($ids)
+					$ids .= ',';
+				$ids .= intval($c['iid']);
+			}
+		}
+
+		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
+
+		$sql_extra .= " order by revision desc ";
+
+		$r = null;
+		if($ids) {
+			$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and id in ( $ids ) and item_deleted = 0 $sql_extra",
+				dbesc($resource_id),
+				intval($channel_id)
+			);
+			if($r) {
+				xchan_query($r);
+				$items = fetch_post_tags($r,true);
+				return $items;
+			}
+		}
+
+		return null;
+	}
+
+
+
+	static public function prepare_content($s) {
+			
+		$text = preg_replace_callback('{
+					(?:\n\n|\A\n?)
+					(	            # $1 = the code block -- one or more lines, starting with a space/tab
+					  (?>
+						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
+						.*\n+
+					  )+
+					)
+					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
+				}xm',
+				'self::nwiki_prepare_content_callback', $s);
+	
+		return $text;
+	}
+	
+	static public function nwiki_prepare_content_callback($matches) {
+		$codeblock = $matches[1];
+	
+		$codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
+		return "\n\n" . $codeblock ;
+	}
+	
+	
+	
+	static public function save_page($arr) {
+
+		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
+		$content = ((array_key_exists('content',$arr)) ? purify_html(Zlib\NativeWikiPage::prepare_content($arr['content'])) : '');
+		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+		$revision = ((array_key_exists('revision',$arr))    ? $arr['revision']    : 0);
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+
+		if (!$w['wiki']) {
+			return array('message' => t('Error reading wiki'), 'success' => false);
+		}
+	
+		// fetch the most recently saved revision. 
+
+		$item = self::load_page($arr);
+		if(! $item) {
+			return array('message' => t('Page not found'), 'success' => false);
+		}
+
+		// change just the fields we need to change to create a revision; 
+
+		unset($item['id']);
+		unset($item['author']);
+
+		$item['parent']       = 0;
+		$item['body']         = $content;
+		$item['author_xchan'] = $observer_hash;
+		$item['revision']     = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1);
+		$item['edited']       = datetime_convert();
+
+		if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) {
+			for($x = 0; $x < count($item['iconfig']); $x ++) {
+				unset($item['iconfig'][$x]['id']);
+				unset($item['iconfig'][$x]['iid']);
+			}
+		}
+
+		$ret = item_store($item, false, false);
+
+		if($ret['item_id'])
+			return array('message' => '', 'item_id' => $ret['item_id'], 'filename' => $filename, 'success' => true);
+		else
+			return array('message' => t('Page update failed.'), 'success' => false);
+	}	
+
+	static public function delete_page($arr) {
+		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
+		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+
+		if(! $w['wiki']) {
+			return [ 'success' => false, 'message' => t('Error reading wiki') ];
+		}
+
+		$ids = [];
+
+		$ic = q("select * from iconfig left join item on iconfig.iid = item.id 
+			where uid = %d and cat = 'nwikipage' and k = 'pagetitle' and v = '%s'",
+			intval($channel_id),
+			dbesc($pageUrlName)
+		);
+
+		if($ic) {
+			foreach($ic as $c) {
+				$ids[] = intval($c['iid']);
+			}
+		}
+
+		if($ids) {
+			drop_items($ids);
+			return [ 'success' => true ];
+		}
+
+		return [ 'success' => false, 'message' => t('Nothing deleted') ];	
+	}
+	
+	static public function revert_page($arr) {
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
+		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
+		$commitHash    = ((array_key_exists('commitHash',$arr))    ? $arr['commitHash']    : null);
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+
+		if (! $commitHash) {
+			return array('content' => $content, 'message' => 'No commit was provided', 'success' => false);
+		}
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if (!$w['wiki']) {
+			return array('content' => $content, 'message' => 'Error reading wiki', 'success' => false);
+		}
+
+		$x = $arr;
+
+		if(intval($commitHash) > 0) {
+			unset($x['commitHash']);
+			$x['revision'] = intval($commitHash) - 1;
+			$loaded = self::load_page($x);
+
+			if($loaded) {
+				$content = $loaded['body'];
+				return [ 'content' => $content, 'success' => true ];
+			}
+			return [ 'content' => $content, 'success' => false ]; 
+		}
+	}
+	
+	static public function compare_page($arr) {
+		$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
+		$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
+		$currentCommit = ((array_key_exists('currentCommit',$arr)) ? $arr['currentCommit'] : (-1));
+		$compareCommit = ((array_key_exists('compareCommit',$arr)) ? $arr['compareCommit'] : 0);
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+
+		if (!$w['wiki']) {
+			return array('message' => t('Error reading wiki'), 'success' => false);
+		}
+
+		$x = $arr;
+		$x['revision'] = (-1);
+
+		$currpage = self::load_page($x);
+		if($currpage)
+			$currentContent = $currpage['body'];
+
+		$x['revision'] = $compareCommit;
+		$comppage = self::load_page($x);
+		if($comppage)
+			$compareContent = $comppage['body'];
+
+		if($currpage && $comppage) {
+			require_once('library/class.Diff.php');
+			$diff = \Diff::toTable(\Diff::compare($currentContent, $compareContent));
+
+			return [ 'success' => true, 'diff' => $diff ];
+		}
+		return [ 'success' => false, 'message' =>  t('Compare: object not found.') ];
+
+	}
+	
+	static public function commit($arr) {
+
+		$commit_msg    = ((array_key_exists('commit_msg', $arr))   ? $arr['commit_msg']    : t('Page updated'));
+		$observer_hash = ((array_key_exists('observer_hash',$arr)) ? $arr['observer_hash'] : '');
+		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);
+		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : t('Untitled'));
+
+		if(array_key_exists('resource_id', $arr)) {
+			$resource_id = $arr['resource_id'];
+		}
+		else {
+			return array('message' => t('Wiki resource_id required for git commit'), 'success' => false);
+		}
+
+		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
+		if (! $w['wiki']) {
+			return array('message' => t('Error reading wiki'), 'success' => false);
+		}
+
+
+		$page = self::load_page($arr);
+
+		if($page) {
+			set_iconfig($page['id'],'nwikipage','commit_msg',escape_tags($commit_msg),true);
+			return [ 'success' => true, 'item_id' => $page['id'], 'page' => $page ];
+		}
+
+		return [ 'success' => false, 'message' => t('Page not found.') ];
+
+	}
+	
+	static public function convert_links($s, $wikiURL) {
+		
+		if (strpos($s,'[[') !== false) {
+			preg_match_all("/\[\[(.*?)\]\]/", $s, $match);
+			$pages = $pageURLs = array();
+			foreach ($match[1] as $m) {
+				// TODO: Why do we need to double urlencode for this to work?
+				$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+				$pages[] = $m;
+			}
+			$idx = 0;
+			while(strpos($s,'[[') !== false) {
+			$replace = '<a href="'.$wikiURL.'/'.$pageURLs[$idx].'">'.$pages[$idx].'</a>';
+				$s = preg_replace("/\[\[(.*?)\]\]/", $replace, $s, 1);
+				$idx++;
+			}
+		}
+		return $s;
+	}
+	
+	/**
+	 * Replace the instances of the string [toc] with a list element that will be populated by
+	 * a table of contents by the JavaScript library
+	 * @param string $s
+	 * @return string
+	 */
+	static public function generate_toc($s) {
+		if (strpos($s,'[toc]') !== false) {
+			//$toc_md = wiki_toc($s);	// Generate Markdown-formatted list prior to HTML render
+			$toc_md = '<ul id="wiki-toc"></ul>'; // use the available jQuery plugin http://ndabas.github.io/toc/
+			$s = preg_replace("/\[toc\]/", $toc_md, $s, -1);
+		}
+		return $s;
+	}
+	
+	/**
+	 *  Converts a select set of bbcode tags. Much of the code is copied from include/bbcode.php
+	 * @param string $s
+	 * @return string
+	 */
+	static public function bbcode($s) {
+			
+		$s = str_replace(array('[baseurl]', '[sitename]'), array(z_root(), get_config('system', 'sitename')), $s);
+			
+		$s = preg_replace_callback("/\[observer\.language\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_callback', $s);
+
+		$s = preg_replace_callback("/\[observer\.language\!\=(.*?)\](.*?)\[\/observer\]/ism",'oblanguage_necallback', $s);
+
+
+		$observer = \App::get_observer();
+		if ($observer) {
+			$s1 = '<span class="bb_observer" title="' . t('Different viewers will see this text differently') . '">';
+			$s2 = '</span>';
+			$obsBaseURL = $observer['xchan_connurl'];
+			$obsBaseURL = preg_replace("/\/poco\/.*$/", '', $obsBaseURL);
+			$s = str_replace('[observer.baseurl]', $obsBaseURL, $s);
+			$s = str_replace('[observer.url]', $observer['xchan_url'], $s);
+			$s = str_replace('[observer.name]', $s1 . $observer['xchan_name'] . $s2, $s);
+			$s = str_replace('[observer.address]', $s1 . $observer['xchan_addr'] . $s2, $s);
+			$s = str_replace('[observer.webname]', substr($observer['xchan_addr'], 0, strpos($observer['xchan_addr'], '@')), $s);
+			$s = str_replace('[observer.photo]', '', $s);
+		} 
+		else {
+			$s = str_replace('[observer.baseurl]', '', $s);
+			$s = str_replace('[observer.url]', '', $s);
+			$s = str_replace('[observer.name]', '', $s);
+			$s = str_replace('[observer.address]', '', $s);
+			$s = str_replace('[observer.webname]', '', $s);
+			$s = str_replace('[observer.photo]', '', $s);
+		}
+	
+		return $s;
+	}
+	
+	static public function get_file_ext($arr) {
+		if($arr['mimeType'] == 'text/bbcode')
+			return '.bb';
+		else
+			return '.md';
+	}
+	
+	// This function is derived from 
+	// http://stackoverflow.com/questions/32068537/generate-table-of-contents-from-markdown-in-php
+	static public function toc($content) {
+	  // ensure using only "\n" as line-break
+	  $source = str_replace(["\r\n", "\r"], "\n", $content);
+	
+	  // look for markdown TOC items
+	  preg_match_all(
+		'/^(?:=|-|#).*$/m',
+		$source,
+		$matches,
+		PREG_PATTERN_ORDER | PREG_OFFSET_CAPTURE
+	  );
+	
+	  // preprocess: iterate matched lines to create an array of items
+	  // where each item is an array(level, text)
+	  $file_size = strlen($source);
+	  foreach ($matches[0] as $item) {
+		$found_mark = substr($item[0], 0, 1);
+		if ($found_mark == '#') {
+		  // text is the found item
+		  $item_text = $item[0];
+		  $item_level = strrpos($item_text, '#') + 1;
+		  $item_text = substr($item_text, $item_level);
+		} else {
+		  // text is the previous line (empty if <hr>)
+		  $item_offset = $item[1];
+		  $prev_line_offset = strrpos($source, "\n", -($file_size - $item_offset + 2));
+		  $item_text =
+			substr($source, $prev_line_offset, $item_offset - $prev_line_offset - 1);
+		  $item_text = trim($item_text);
+		  $item_level = $found_mark == '=' ? 1 : 2;
+		}
+		if (!trim($item_text) OR strpos($item_text, '|') !== FALSE) {
+		  // item is an horizontal separator or a table header, don't mind
+		  continue;
+		}
+		$raw_toc[] = ['level' => $item_level, 'text' => trim($item_text)];
+	  }
+		$o = '';
+		foreach($raw_toc as $t) {
+			$level = intval($t['level']);
+			$text = $t['text'];
+			switch ($level) {
+				case 1:
+					$li = '* ';
+					break;
+				case 2:
+					$li = '  * ';
+					break;
+				case 3:
+					$li = '    * ';
+					break;
+				case 4:
+					$li = '      * ';
+					break;
+				default:
+					$li = '* ';
+					break;
+			}
+			$o .= $li . $text . "\n";
+		}
+	  return $o;
+	}
+
+}

Zotlabs/Lib/PConfig.php

@@ -67,16 +67,16 @@ class PConfig {
 	 * @return mixed Stored value or false if it does not exist
 	 */
 
-	static public function Get($uid,$family,$key,$instore = false) {
+	static public function Get($uid,$family,$key,$default = false) {
 
 		if(is_null($uid) || $uid === false)
-			return false;
+			return $default;
 
 		if(! array_key_exists($uid, \App::$config))
 			self::Load($uid);
 
 		if((! array_key_exists($family, \App::$config[$uid])) || (! array_key_exists($key, \App::$config[$uid][$family])))
-			return false;
+			return $default;
 
 		return ((! is_array(\App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$uid][$family][$key])) 
 			? unserialize(\App::$config[$uid][$family][$key])
@@ -185,13 +185,17 @@ class PConfig {
 
 		$ret = false;
 
-		if(array_key_exists($key, \App::$config[$uid][$family]))
+		if(array_key_exists($uid,\App::$config) 
+			&& is_array(\App::$config['uid']) 
+			&& array_key_exists($family,\App::$config['uid']) 
+			&& array_key_exists($key, \App::$config[$uid][$family]))
 			unset(\App::$config[$uid][$family][$key]);
-			$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
-				intval($uid),
-				dbesc($family),
-				dbesc($key)
-			);
+			
+		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
+			intval($uid),
+			dbesc($family),
+			dbesc($key)
+		);
 
 		return $ret;
 	}

Zotlabs/Lib/Permcat.php

@@ -0,0 +1,146 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use \Zotlabs\Access as Zaccess;
+
+class Permcat {
+
+	private $permcats = [];
+
+	public function __construct($channel_id) {
+
+		$perms = [];
+
+		// first check role perms for a perms_connect setting
+
+		$role = get_pconfig($channel_id,'system','permissions_role');
+		if($role) {
+			$x = Zaccess\PermissionRoles::role_perms($role);
+			if($x['perms_connect']) {
+				$perms = Zaccess\Permissions::FilledPerms($x['perms_connect']);
+			}
+		}
+
+		// if no role perms it may be a custom role, see if there any autoperms
+
+		if(! $perms) {
+			$perms = Zaccess\Permissions::FilledAutoPerms($channel_id);
+		}
+
+		// if no autoperms it may be a custom role with manual perms
+
+		if(! $perms) {
+			$r = q("select channel_hash from channel where channel_id = %d",
+				intval($channel_id)
+			);
+			if($r) {
+				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
+					intval($channel_id),
+					dbesc($r[0]['channel_hash'])
+				);
+				if($x) {
+					foreach($x as $xv) {
+						$perms[$xv['k']] = intval($xv['v']);
+					}
+				}
+			}
+		}
+
+		// nothing was found - create a filled permission array where all permissions are 0
+
+		if(! $perms) {
+			$perms = Zaccess\Permissions::FilledPerms([]);
+		}
+
+		$this->permcats[] = [
+			'name'      => 'default',
+			'localname' => t('default','permcat'),
+			'perms'     => Zaccess\Permissions::Operms($perms),
+			'system'    => 1
+		];
+
+
+		$p = $this->load_permcats($channel_id);
+		if($p) {
+			for($x = 0; $x < count($p); $x++) {
+				$this->permcats[] = [
+					'name'      => $p[$x][0],
+					'localname' => $p[$x][1],
+					'perms'     => Zaccess\Permissions::Operms(Zaccess\Permissions::FilledPerms($p[$x][2])),
+					'system'    => intval($p[$x][3])
+				];
+			}
+		}
+	}
+
+
+	public function listing() {
+		return $this->permcats;
+	}
+
+	public function fetch($name) {
+		if($name && $this->permcats) {
+			foreach($this->permcats as $permcat) {
+				if(strcasecmp($permcat['name'],$name) === 0) {
+					return $permcat;
+				}
+			}
+		}
+		return ['error' => true];
+	}
+
+	public function load_permcats($uid) {
+
+		$permcats = [
+			[ 'follower', t('follower','permcat'),
+				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages','view_wiki',
+				  'post_like' ], 1
+			],
+			[ 'contributor', t('contributor','permcat'),
+				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages','view_wiki',
+				  'post_wall','post_comments','write_wiki','post_like','tag_deliver','chat' ], 1
+			],
+			[ 'publisher', t('publisher','permcat'),
+				[ 'view_stream','view_profile','view_contacts','view_storage','view_pages',
+				  'write_storage','post_wall','write_pages','write_wiki','post_comments','post_like','tag_deliver',
+				  'chat', 'republish' ], 1
+			]
+		];
+
+		if($uid) {
+			$x = q("select * from pconfig where uid = %d and cat = 'permcat'",
+				intval($uid)
+			);
+			if($x) {
+				foreach($x as $xv) {
+					$value = ((preg_match('|^a:[0-9]+:{.*}$|s', $xv['v'])) ? unserialize($xv['v']) : $xv['v']);
+					$permcats[] = [ $xv['k'], $xv['k'], $value, 0 ];
+				}
+			}
+		}					
+
+		call_hooks('permcats',$permcats);
+
+		return $permcats;
+
+	}
+
+	static public function find_permcat($arr,$name) {
+		if((! $arr) || (! $name))
+			return false;
+		foreach($arr as $p)
+			if($p['name'] == $name)
+				return $p['value'];
+	}
+
+	static public function update($channel_id, $name,$permarr) {
+		PConfig::Set($channel_id,'permcat',$name,$permarr);
+	}
+
+	static public function delete($channel_id,$name) {
+		PConfig::Delete($channel_id,'permcat',$name);
+	}
+
+
+}

Zotlabs/Lib/PermissionDescription.php

@@ -12,22 +12,25 @@ require_once("include/text.php");
  * permission settings for an item with an empty ACL.
  * i.e the caption, icon, and tooltip for the no-ACL option in the ACL dialog.
  */
-class PermissionDescription  {
+class PermissionDescription {
 
 	private $global_perm;
 	private $channel_perm;
 	private $fallback_description;
-	
+
 	/**
 	 * Constructor is private.
-	 * Use static methods fromGlobalPermission(), fromStandalonePermission(), or fromDescription()
-	 * to create instances.
+	 * Use static methods fromGlobalPermission(), fromStandalonePermission(),
+	 * or fromDescription() to create instances.
+	 *
+	 * @internal
+	 * @param int $global_perm
+	 * @param int $channel_perm
+	 * @param string $description (optional) default empty
 	 */
 	private function __construct($global_perm, $channel_perm, $description = '') {
-
 		$this->global_perm  = $global_perm;
 		$this->channel_perm = $channel_perm;
-		
 		$this->fallback_description = ($description  == '') ? t('Visible to your default audience') : $description;
 	}
 
@@ -43,23 +46,22 @@ class PermissionDescription  {
 		return new PermissionDescription('', 0x80000, $description);
 	}
 
-
 	/**
 	 * Use this method only if the interpretation of an empty ACL doesn't fall back to a global
 	 * default permission. You should pass one of the constants from boot.php - PERMS_PUBLIC,
 	 * PERMS_NETWORK etc.
-	 * 
+	 *
 	 * @param  integer $perm - a single enumerated constant permission - PERMS_PUBLIC, PERMS_NETWORK etc.
 	 * @return a new instance of PermissionDescription
 	 */
 	public static function fromStandalonePermission($perm) {
 
 		$result = new PermissionDescription('', $perm);
-		
-		$checkPerm = $this->get_permission_description();
-		if ($checkPerm == $this->fallback_description) {
+
+		$checkPerm = $result->get_permission_description();
+		if($checkPerm == $result->fallback_description) {
 			$result = null;
-			logger('null PermissionDescription from unknown standalone permission: ' . $perm ,LOGGER_DEBUG, LOG_ERROR);
+			logger('null PermissionDescription from unknown standalone permission: ' . $perm, LOGGER_DEBUG, LOG_ERR);
 		}
 
 		return $result;
@@ -67,9 +69,9 @@ class PermissionDescription  {
 
 	/**
 	 * This is the preferred way to create a PermissionDescription, as it provides the most details.
-	 * Use this method if you know an empty ACL will result in one of the global default permissions 
+	 * Use this method if you know an empty ACL will result in one of the global default permissions
 	 * being used, such as channel_r_stream (for which you would pass 'view_stream').
-	 * 
+	 *
 	 * @param  string $permname - a key for the global perms array from get_perms() in permissions.php,
 	 *         e.g. 'view_stream', 'view_profile', etc.
 	 * @return a new instance of PermissionDescription
@@ -80,19 +82,19 @@ class PermissionDescription  {
 
 		$global_perms = \Zotlabs\Access\Permissions::Perms();
 
-		if (array_key_exists($permname, $global_perms)) {
+		if(array_key_exists($permname, $global_perms)) {
 
-			$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'],$permname);
+			$channelPerm = \Zotlabs\Access\PermissionLimits::Get(\App::$channel['channel_id'], $permname);
 
 			$result = new PermissionDescription('', $channelPerm);
 		} else {
 			// The acl dialog can handle null arguments, but it shouldn't happen
-			logger('null PermissionDescription from unknown global permission: ' . $permname ,LOGGER_DEBUG, LOG_ERROR);
+			logger('null PermissionDescription from unknown global permission: ' . $permname, LOGGER_DEBUG, LOG_ERR);
 		}
+
 		return $result;
 	}
 
-
 	/**
 	 * Gets a localized description of the permission, or a generic message if the permission
 	 * is unknown.
@@ -101,8 +103,7 @@ class PermissionDescription  {
 	 */
 	public function get_permission_description() {
 
-		switch($this->channel_perm) {			
-
+		switch($this->channel_perm) {
 			case 0:              return t('Only me');
 			case PERMS_PUBLIC:   return t('Public');
 			case PERMS_NETWORK:  return t('Anybody in the $Projectname network');
@@ -117,19 +118,18 @@ class PermissionDescription  {
 
 	/**
 	 * Returns an icon css class name if an appropriate one is available, e.g. "fa-globe" for Public,
-	 * otherwise returns empty string. 
+	 * otherwise returns empty string.
 	 *
 	 * @return string icon css class name (often FontAwesome)
 	 */
 	public function get_permission_icon() {
 
-		switch($this->channel_perm) {			
-
+		switch($this->channel_perm) {
 			case 0:/* only me */ return 'fa-eye-slash';
 			case PERMS_PUBLIC:   return 'fa-globe';
 			case PERMS_NETWORK:  return 'fa-share-alt-square'; // fa-share-alt-square is very similiar to the hubzilla logo, but we should create our own logo class to use
-			case PERMS_SITE:     return 'fa-sitemap'; 
-			case PERMS_CONTACTS: return 'fa-group'; 
+			case PERMS_SITE:     return 'fa-sitemap';
+			case PERMS_CONTACTS: return 'fa-group';
 			case PERMS_SPECIFIC: return 'fa-list';
 			case PERMS_AUTHED:   return '';
 			case PERMS_PENDING:  return '';
@@ -137,7 +137,6 @@ class PermissionDescription  {
 		}
 	}
 
-
 	/**
 	 * Returns a localized description of where the permission came from, if this is known.
 	 * If it's not know, or if the permission is standalone and didn't come from a default
@@ -147,8 +146,7 @@ class PermissionDescription  {
 	*/
 	public function get_permission_origin_description() {
 
-		switch($this->global_perm) {			
-
+		switch($this->global_perm) {
 			case PERMS_R_STREAM:  return t('This is your default setting for the audience of your normal stream, and posts.');
 			case PERMS_R_PROFILE: return t('This is your default setting for who can view your default channel profile');
 			case PERMS_R_ABOOK:   return t('This is your default setting for who can view your connections');

Zotlabs/Lib/SuperCurl.php

@@ -105,7 +105,7 @@ class SuperCurl {
 			$opts['cookie'] = 'PHPSESSID=' . trim(file_get_contents('store/[data]/cookien_' . $this->magicauth));
 			$c = channelx_by_n($this->magicauth);
 			if($c)
-				$url = zid($this->url,$c['channel_address'] . '@' . \App::get_hostname());
+				$url = zid($this->url,channel_reddress($c));
 		}	
 		if($this->custom)
 			$opts['custom'] = $this->custom;

Zotlabs/Lib/System.php

@@ -32,20 +32,34 @@ class System {
 	static public function get_notify_icon() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
 			return \App::$config['system']['email_notify_icon_url'];
-		return z_root() . '/images/hz-white-32.png';
+		return z_root() . DEFAULT_NOTIFY_ICON;
 	}
 
 	static public function get_site_icon() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
 			return \App::$config['system']['site_icon_url'];
-		return z_root() . '/images/hz-32.png';
+		return z_root() . DEFAULT_PLATFORM_ICON ;
 	}
 
 
+	static public function get_project_link() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_link'])
+			return \App::$config['system']['project_link'];
+		return 'https://hubzilla.org';
+	}
+
+	static public function get_project_srclink() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
+			return \App::$config['system']['project_srclink'];
+		return 'https://github.com/redmatrix/hubzilla';
+	}
+
+
+
 	static public function get_server_role() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['server_role'])
 			return \App::$config['system']['server_role'];
-		return 'pro';
+		return 'standard';
 	}
 
 	static public function get_std_version() {
@@ -54,5 +68,15 @@ class System {
 		return '0.0.0';
 	}
 
+	static public function compatible_project($p) {
 
+		if(get_directory_realm() != DIRECTORY_REALM)
+			return true;
+
+		foreach(['hubzilla','zap'] as $t) {
+			if(stristr($p,$t))
+				return true;
+		}
+		return false;
+	}
 }

Zotlabs/Lib/Techlevels.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class Techlevels {
+
+	static public function levels() {
+		$techlevels = [
+			'0' => t('Beginner/Basic'),
+			'1' => t('Novice - not skilled but willing to learn'),
+			'2' => t('Intermediate - somewhat comfortable'),
+			'3' => t('Advanced - very comfortable'),
+			'4' => t('Expert - I can write computer code'),			
+			'5' => t('Wizard - I probably know more than you do')
+		];
+		return $techlevels;
+	}
+
+}
+

Zotlabs/Lib/ThreadItem.php

@@ -44,7 +44,7 @@ class ThreadItem {
 				 * Only add those that will be displayed
 				 */
 
-				if((! visible_activity($item)) || array_key_exists('author_blocked',$item)) {
+				if((! visible_activity($item)) || array_key_exists('blocked',$item)) {
 					continue;
 				}
 
@@ -136,7 +136,7 @@ class ThreadItem {
 		$filer = ((($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) ? t("Save to Folder") : false);
 
 		$profile_avatar = $item['author']['xchan_photo_m'];
-		$profile_link   = chanlink_url($item['author']['xchan_url']);
+		$profile_link   = chanlink_hash($item['author_xchan']);
 		$profile_name   = $item['author']['xchan_name'];
 
 		$location = format_location($item);
@@ -174,6 +174,11 @@ class ThreadItem {
   
 		$responses = get_responses($conv_responses,$response_verbs,$this,$item);
 
+		$my_responses = [];
+		foreach($response_verbs as $v) {
+			$my_responses[$v] = (($conv_responses[$v][$item['mid'] . '-m']) ? 1 : 0);
+		}
+
 		$like_count = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid']] : '');
 		$like_list = ((x($conv_responses['like'],$item['mid'])) ? $conv_responses['like'][$item['mid'] . '-l'] : '');
 		if (count($like_list) > MAX_LIKERS) {
@@ -246,10 +251,11 @@ class ThreadItem {
 		}
 
 		$server_role = get_config('system','server_role');
+
 		$has_bookmarks = false;
 		if(is_array($item['term'])) {
 			foreach($item['term'] as $t) {
-				if(($server_role != 'basic') && ($t['ttype'] == TERM_BOOKMARK))
+				if((get_account_techlevel() > 0) && ($t['ttype'] == TERM_BOOKMARK))
 					$has_bookmarks = true;
 			}
 		}
@@ -289,7 +295,7 @@ class ThreadItem {
 		$owner_address = substr($item['owner']['xchan_addr'],0,strpos($item['owner']['xchan_addr'],'@'));
 		$viewthread = $item['llink'];
 		if($conv->get_mode() === 'channel')
-			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . $item['mid'];
+			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode($item['mid']);
 
 		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
 		$list_unseen_txt = (($unseen_comments) ? sprintf('%d unseen',$unseen_comments) : '');
@@ -329,6 +335,8 @@ class ThreadItem {
 			'wall' => t('Wall-to-Wall'),
 			'vwall' => t('via Wall-To-Wall:'),
 			'profile_url' => $profile_link,
+			'thread_action_menu' => thread_action_menu($item,$conv->get_mode()),
+			'thread_author_menu' => thread_author_menu($item,$conv->get_mode()),
 			'item_photo_menu' => item_photo_menu($item),
 			'dreport' => $dreport,
 			'name' => $profile_name,
@@ -343,12 +351,16 @@ class ThreadItem {
 			'isotime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'c'),
 			'localtime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'r'),
 			'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r')) : ''),
-			'expiretime' => (($item['expires'] !== NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
+			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
 			'lock' => $lock,
 			'verified' => $verified,
 			'unverified' => $unverified,
 			'forged' => $forged,
 			'location' => $location,
+			'attend_label' => t('Attend'),
+			'attend_title' => t('Attendance Options'),
+			'vote_label' => t('Vote'),
+			'vote_title' => t('Voting Options'),
 			'indent' => $indent,
 			'owner_url' => $this->get_owner_url(),
 			'owner_photo' => $this->get_owner_photo(),
@@ -380,6 +392,7 @@ class ThreadItem {
 			'list_unseen_txt' => $list_unseen_txt,
 			'markseen' => t('Mark all seen'),
 			'responses' => $responses,
+			'my_responses' => $my_responses,
 			'like_count' => $like_count,
 			'like_list' => $like_list,
 			'like_list_part' => $like_list_part,
@@ -396,6 +409,7 @@ class ThreadItem {
 			'comment' => $this->get_comment_box($indent),
 			'previewing' => ($conv->is_preview() ? ' preview ' : ''),
 			'wait' => t('Please wait'),
+			'submid' => str_replace(['+','='], ['',''], base64_encode(substr($item['mid'],0,32))),
 			'thread_level' => $thread_level
 		);
 
@@ -411,6 +425,12 @@ class ThreadItem {
 		if($visible_comments === false)
 			$visible_comments = 3;
 
+//		needed for scroll to comment from notification but needs more work
+//		as we do not want to open all comments unless there is actually an #item_xx anchor
+//		and the url fragment is not sent to the server. 
+//		if(in_array(\App::$module,['display','update_display'])) 
+//			$visible_comments = 99999;
+
 		if(($this->get_display_mode() === 'normal') && ($nb_children > 0)) {
 			foreach($children as $child) {
 				$result['children'][] = $child->get_template_data($conv_responses, $thread_level + 1);
@@ -747,7 +767,7 @@ class ThreadItem {
 			return;
 		
 		if($this->is_toplevel() && ($this->get_data_value('author_xchan') != $this->get_data_value('owner_xchan'))) {
-			$this->owner_url = chanlink_url($this->data['owner']['xchan_url']);
+			$this->owner_url = chanlink_hash($this->data['owner']['xchan_hash']);
 			$this->owner_photo = $this->data['owner']['xchan_photo_m'];
 			$this->owner_name = $this->data['owner']['xchan_name'];
 			$this->wall_to_wall = true;

Zotlabs/Lib/ThreadStream.php

@@ -58,7 +58,7 @@ class ThreadStream {
 			case 'display':
 				// in this mode we set profile_owner after initialisation (from conversation()) and then 
 				// pull some trickery which allows us to re-invoke this function afterward
-				// it's an ugly hack so FIXME
+				// it's an ugly hack so @FIXME
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
 			case 'page':
@@ -160,9 +160,9 @@ class ThreadStream {
 			}
 			elseif(($this->observer) && (! $item->is_commentable())) {
 				if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
-					$item->set_commentable(perm_is_allowed($this->profile_owner,$this->observer['xchan_hash'],'post_comments'));
+					$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
 				else
-					$item->set_commentable(can_comment_on_post($this->observer['xchan_hash'],$item->data));
+					$item->set_commentable(can_comment_on_post($ob_hash,$item->data));
 			}
 		}
 		require_once('include/channel.php');

Zotlabs/Lib/XConfig.php

@@ -59,16 +59,16 @@ class XConfig {
 	 * @return mixed Stored $value or false if it does not exist
 	 */
 
-	static public function Get($xchan, $family, $key) {
+	static public function Get($xchan, $family, $key, $default = false) {
 
 		if(! $xchan)
-			return false;
+			return $default;
 
 		if(! array_key_exists($xchan, \App::$config))
 			load_xconfig($xchan);
 
 		if((! array_key_exists($family, \App::$config[$xchan])) || (! array_key_exists($key, \App::$config[$xchan][$family])))
-			return false;
+			return $default;
 
 		return ((! is_array(\App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', \App::$config[$xchan][$family][$key])) 
 			? unserialize(\App::$config[$xchan][$family][$key])

Zotlabs/Module/Acl.php

@@ -19,7 +19,7 @@ require_once("include/group.php");
 
 class Acl extends \Zotlabs\Web\Controller {
 
-	function init(){
+	function init() {
 	
 		//	logger('mod_acl: ' . print_r($_REQUEST,true));
 	
@@ -49,7 +49,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		$extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array());
 	
 		// The different autocomplete libraries use different names for the search text
-		// parameter. Internaly we'll use $search to represent the search text no matter
+		// parameter. Internally we'll use $search to represent the search text no matter
 		// what request variable it was attached to. 
 	
 		if(array_key_exists('query',$_REQUEST)) {
@@ -66,7 +66,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			// These queries require permission checking. We'll create a simple array of xchan_hash for those with
 			// the requisite permissions which we can check against. 
 
-			$x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = 1",
+			$x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = '1'",
 				intval(local_channel()),
 				dbesc(($type === 'm') ? 'post_mail' : 'tag_deliver')
 			);
@@ -77,7 +77,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 
 		if($search) {
-			$sql_extra = " AND `name` LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
 	
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
@@ -87,8 +87,8 @@ class Acl extends \Zotlabs\Web\Controller {
 
 			$order_extra2 = "CASE WHEN xchan_name LIKE " 
 					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
-					. " then POSITION('" . dbesc($search) 
-					. "' IN xchan_name) else position('" . dbesc($search) . "' IN xchan_addr) end, ";
+					. " then POSITION('" . protect_sprintf(dbesc($search)) 
+					. "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
 
 			$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
 			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
@@ -103,11 +103,32 @@ class Acl extends \Zotlabs\Web\Controller {
 		$contacts = array();
 		
 		if($type == '' || $type == 'g') {
-	
+
+			// virtual groups based on private profile viewing ability
+
+			$r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d",
+				intval(local_channel())
+			);	
+			if($r) {
+				foreach($r as $rv) {
+					$groups[] = array(
+						"type"  => "g",
+						"photo" => "images/twopeople.png",
+						"name"  => t('Profile','acl') . ' ' . $rv['profile_name'],
+						"id"	=> 'vp' . $rv['id'],
+						"xid"   => 'vp.' . $rv['profile_guid'],
+						"uids"  => group_get_profile_members_xchan(local_channel(), $rv['id']),
+						"link"  => ''
+					);
+				}
+			}
+
+			// Normal privacy groups
+
 			$r = q("SELECT groups.id, groups.hash, groups.gname
-					FROM groups,group_member 
+					FROM groups, group_member 
 					WHERE groups.deleted = 0 AND groups.uid = %d 
-					AND group_member.gid=groups.id
+					AND group_member.gid = groups.id
 					$sql_extra
 					GROUP BY groups.id
 					ORDER BY groups.gname 
@@ -134,25 +155,34 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 	
 		if($type == '' || $type == 'c') {
+
 			$extra_channels_sql  = ''; 
-			// Only include channels who allow the observer to view their permissions
-			foreach($extra_channels as $channel) {
-				if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts'))
-					$extra_channels_sql .= "," . intval($channel);
+
+			// Only include channels who allow the observer to view their connections
+			if($extra_channels) {
+				foreach($extra_channels as $channel) {
+					if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) {
+						if($extra_channel_sql)
+							$extra_channels_sql .= ',';
+						$extra_channels_sql .= intval($channel);
+					}
+				}
 			}
 	
-			$extra_channels_sql = substr($extra_channels_sql,1); // Remove initial comma
-	
 			// Getting info from the abook is better for local users because it contains info about permissions
 			if(local_channel()) {
 				if($extra_channels_sql != '')
 					$extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 ";
 
+
+				// Add atokens belonging to the local channel @TODO restrict by search
+
 				$r2 = null;
 
 				$r1 = q("select * from atoken where atoken_uid = %d",
 					intval(local_channel())
 				);
+
 				if($r1) {
 					require_once('include/security.php');
 					$r2 = array();
@@ -172,6 +202,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					}
 				} 
 
+				// add connections
 	
 				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self 
 					FROM abook left join xchan on abook_xchan = xchan_hash 

Zotlabs/Module/Admin/Account_edit.php

@@ -0,0 +1,84 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+
+class Account_edit {
+
+	function post() {
+
+		$account_id = $_REQUEST['aid'];
+
+		if(! $account_id)
+			return;
+
+		$pass1 = trim($_REQUEST['pass1']);
+		$pass2 = trim($_REQUEST['pass2']);
+		if($pass1 && $pass2 && ($pass1 === $pass2)) {
+			$salt = random_string(32);
+			$password_encoded = hash('whirlpool', $salt . $pass1);
+			$r = q("update account set account_salt = '%s', account_password = '%s', 
+				account_password_changed = '%s' where account_id = %d",
+				dbesc($salt),
+				dbesc($password_encoded),
+				dbesc(datetime_convert()),
+				intval($account_id)
+			);
+			if($r)
+				info( sprintf( t('Password changed for account %d.'), $account_id). EOL);
+
+		}
+
+		$service_class = trim($_REQUEST['service_class']);
+		$account_level = intval(trim($_REQUEST['account_level']));
+		$account_language = trim($_REQUEST['account_language']);
+
+		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
+			where account_id = %d",
+			dbesc($service_class),
+			intval($account_level),
+			dbesc($account_language),
+			intval($account_id)
+		);
+
+		if($r)
+			info( t('Account settings updated.') . EOL);
+
+		goaway(z_root() . '/admin/accounts');
+	}
+
+
+	function get() {
+		if(argc() > 2)
+			$account_id = argv(2);
+
+		$x = q("select * from account where account_id = %d limit 1",
+			intval($account_id)
+		);
+
+		if(! $x) {
+			notice ( t('Account not found.') . EOL);
+			return '';
+		}
+
+
+		$a = replace_macros(get_markup_template('admin_account_edit.tpl'), [
+			'$account' => $x[0],
+			'$title' => t('Account Edit'),
+			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
+			'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
+			'$account_level' => [ 'account_level', t('Technical skill level'), $x[0]['account_level'], '', \Zotlabs\Lib\Techlevels::levels() ],
+			'$account_language' => [ 'account_language' , t('Account language (for emails)'), $x[0]['account_language'], '', language_list() ],
+			'$service_class' => [ 'service_class', t('Service class'), $x[0]['account_service_class'], '' ],
+			'$submit' => t('Submit'),
+			]
+		);
+
+		return $a;
+
+
+	}
+
+
+}

Zotlabs/Module/Admin/Accounts.php

@@ -0,0 +1,205 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+
+class Accounts {
+	
+	/**
+	 * @brief Handle POST actions on accounts admin page.
+	 *
+	 * This function is called when on the admin user/account page the form was
+	 * submitted to handle multiple operations at once. If one of the icons next
+	 * to an entry are pressed the function admin_page_accounts() will handle this.
+	 *
+	 */
+
+	function post() {
+		$pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() );
+		$users   = ( x($_POST, 'user')    ? $_POST['user']    : array() );
+		$blocked = ( x($_POST, 'blocked') ? $_POST['blocked'] : array() );
+	
+		check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts');
+	
+		// change to switch structure?
+		// account block/unblock button was submitted
+		if (x($_POST, 'page_users_block')) {
+			for ($i = 0; $i < count($users); $i++) {
+				// if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag
+				$op = ($blocked[$i]) ? '& ~' : '| ';
+				q("UPDATE account SET account_flags = (account_flags $op%d) WHERE account_id = %d",
+					intval(ACCOUNT_BLOCKED),
+					intval($users[$i])
+				);
+			}
+			notice( sprintf( tt("%s account blocked/unblocked", "%s account blocked/unblocked", count($users)), count($users)) );
+		}
+		// account delete button was submitted
+		if (x($_POST, 'page_accounts_delete')) {
+			foreach ($users as $uid){
+				account_remove($uid, true, false);
+			}
+			notice( sprintf( tt("%s account deleted", "%s accounts deleted", count($users)), count($users)) );
+		}
+		// registration approved button was submitted
+		if (x($_POST, 'page_users_approve')) {
+			foreach ($pending as $hash) {
+				account_allow($hash);
+			}
+		}
+		// registration deny button was submitted
+		if (x($_POST, 'page_users_deny')) {
+			foreach ($pending as $hash) {
+				account_deny($hash);
+			}
+		}
+	
+		goaway(z_root() . '/admin/accounts' );
+	}
+
+	/**
+	 * @brief Generate accounts admin page and handle single item operations.
+	 *
+	 * This function generates the accounts/account admin page and handles the actions
+	 * if an icon next to an entry was clicked. If several items were selected and
+	 * the form was submitted it is handled by the function admin_page_accounts_post().
+	 *
+	 * @return string
+	 */
+
+	function get(){
+		if (argc() > 2) {
+			$uid = argv(3);
+			$account = q("SELECT * FROM account WHERE account_id = %d",
+				intval($uid)
+			);
+	
+			if (! $account) {
+				notice( t('Account not found') . EOL);
+				goaway(z_root() . '/admin/accounts' );
+			}
+	
+			check_form_security_token_redirectOnErr('/admin/accounts', 'admin_accounts', 't');
+	
+			switch (argv(2)){
+				case 'delete':
+					// delete user
+					account_remove($uid,true,false);
+	
+					notice( sprintf(t("Account '%s' deleted"), $account[0]['account_email']) . EOL);
+					break;
+				case 'block':
+					q("UPDATE account SET account_flags = ( account_flags | %d ) WHERE account_id = %d",
+						intval(ACCOUNT_BLOCKED),
+						intval($uid)
+					);
+	
+					notice( sprintf( t("Account '%s' blocked") , $account[0]['account_email']) . EOL);
+					break;
+				case 'unblock':
+					q("UPDATE account SET account_flags = ( account_flags & ~%d ) WHERE account_id = %d",
+							intval(ACCOUNT_BLOCKED),
+							intval($uid)
+					);
+	
+					notice( sprintf( t("Account '%s' unblocked"), $account[0]['account_email']) . EOL);
+					break;
+			}
+	
+			goaway(z_root() . '/admin/accounts' );
+		}
+	
+		/* get pending */
+		$pending = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d )>0 ",
+			intval(ACCOUNT_PENDING)
+		);
+	
+		/* get accounts */
+	
+		$total = q("SELECT count(*) as total FROM account");
+		if (count($total)) {
+			\App::set_pager_total($total[0]['total']);
+			\App::set_pager_itemspage(100);
+		}
+	
+		$serviceclass = (($_REQUEST['class']) ? " and account_service_class = '" . dbesc($_REQUEST['class']) . "' " : '');
+
+		$key = (($_REQUEST['key']) ? dbesc($_REQUEST['key']) : 'account_id');
+		$dir = 'asc';
+		if(array_key_exists('dir',$_REQUEST))
+			$dir = ((intval($_REQUEST['dir'])) ? 'asc' : 'desc');
+
+		$base = z_root() . '/admin/accounts?f=';
+		$odir = (($dir === 'asc') ? '0' : '1');
+	
+		$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, 
+			(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac 
+			where true $serviceclass order by $key $dir limit %d offset %d ",
+			intval(ACCOUNT_BLOCKED),
+			db_concat('ch.channel_address', ' '),
+			intval(\App::$pager['itemspage']),
+			intval(\App::$pager['start'])
+		);
+	
+	//	function _setup_users($e){
+	//		$accounts = Array(
+	//			t('Normal Account'), 
+	//			t('Soapbox Account'),
+	//			t('Community/Celebrity Account'),
+	//			t('Automatic Friend Account')
+	//		);
+	
+	//		$e['page_flags'] = $accounts[$e['page-flags']];
+	//		$e['register_date'] = relative_date($e['register_date']);
+	//		$e['login_date'] = relative_date($e['login_date']);
+	//		$e['lastitem_date'] = relative_date($e['lastitem_date']);
+	//		return $e;
+	//	}
+	//	$users = array_map("_setup_users", $users);
+	
+		$t = get_markup_template('admin_accounts.tpl');
+		$o = replace_macros($t, array(
+			// strings //
+			'$title' => t('Administration'),
+			'$page' => t('Accounts'),
+			'$submit' => t('Submit'),
+			'$select_all' => t('select all'),
+			'$h_pending' => t('Registrations waiting for confirm'),
+			'$th_pending' => array( t('Request date'), t('Email') ),
+			'$no_pending' =>  t('No registrations.'),
+			'$approve' => t('Approve'),
+			'$deny' => t('Deny'),
+			'$delete' => t('Delete'),
+			'$block' => t('Block'),
+			'$unblock' => t('Unblock'),
+			'$odir' => $odir,
+			'$base' => $base,
+			'$h_users' => t('Accounts'),
+			'$th_users' => array( 
+				[ t('ID'), 'account_id' ],
+				[ t('Email'), 'account_email' ],
+				[ t('All Channels'), 'channels' ],
+				[ t('Register date'), 'account_created' ],
+				[ t('Last login'), 'account_lastlog' ],
+				[ t('Expires'), 'account_expires' ],
+				[ t('Service Class'), 'account_service_class'] ),
+	
+			'$confirm_delete_multi' => t('Selected accounts will be deleted!\n\nEverything these accounts had posted on this site will be permanently deleted!\n\nAre you sure?'),
+			'$confirm_delete' => t('The account {0} will be deleted!\n\nEverything this account has posted on this site will be permanently deleted!\n\nAre you sure?'),
+	
+			'$form_security_token' => get_form_security_token("admin_accounts"),
+	
+			// values //
+			'$baseurl' => z_root(),
+	
+			'$pending' => $pending,
+			'$users' => $users,
+		));
+		$o .= paginate($a);
+	
+		return $o;
+	}
+	
+
+}

Zotlabs/Module/Admin/Channels.php

@@ -0,0 +1,176 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+/**
+ * @brief Admin Module for Channels.
+ *
+ */
+class Channels {
+
+	/**
+	 * @brief Handle POST actions on channels admin page.
+	 *
+	 */
+	function post() {
+
+		$channels = ( x($_POST, 'channel') ? $_POST['channel'] : Array() );
+
+		check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels');
+
+		$xor = db_getfunc('^');
+
+		if(x($_POST, 'page_channels_block')) {
+			foreach($channels as $uid) {
+				q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
+					intval(PAGE_CENSORED),
+					intval( $uid )
+				);
+				\Zotlabs\Daemon\Master::Summon(array('Directory', $uid, 'nopush'));
+			}
+			notice( sprintf( tt("%s channel censored/uncensored", "%s channels censored/uncensored", count($channels)), count($channels)) );
+		}
+		if(x($_POST, 'page_channels_code')) {
+			foreach($channels as $uid) {
+				q("UPDATE channel SET channel_pageflags = ( channel_pageflags $xor %d ) where channel_id = %d",
+					intval(PAGE_ALLOWCODE),
+					intval( $uid )
+				);
+			}
+			notice( sprintf( tt("%s channel code allowed/disallowed", "%s channels code allowed/disallowed", count($channels)), count($channels)) );
+		}
+		if(x($_POST, 'page_channels_delete')) {
+			foreach($channels as $uid) {
+				channel_remove($uid, true);
+			}
+			notice( sprintf( tt("%s channel deleted", "%s channels deleted", count($channels)), count($channels)) );
+		}
+
+		goaway(z_root() . '/admin/channels' );
+	}
+
+	/**
+	 * @brief Generate channels admin page and handle single item operations.
+	 *
+	 * @return string with parsed HTML
+	 */
+	function get() {
+		if(argc() > 2) {
+			$uid = argv(3);
+			$channel = q("SELECT * FROM channel WHERE channel_id = %d",
+				intval($uid)
+			);
+
+			if(! $channel) {
+				notice( t('Channel not found') . EOL);
+				goaway(z_root() . '/admin/channels' );
+			}
+
+			switch(argv(2)) {
+				case "delete":{
+					check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
+					// delete channel
+					channel_remove($uid,true);
+
+					notice( sprintf(t("Channel '%s' deleted"), $channel[0]['channel_name']) . EOL);
+				}; break;
+
+				case "block":{
+					check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
+					$pflags = $channel[0]['channel_pageflags'] ^ PAGE_CENSORED;
+					q("UPDATE channel SET channel_pageflags = %d where channel_id = %d",
+						intval($pflags),
+						intval( $uid )
+					);
+					\Zotlabs\Daemon\Master::Summon(array('Directory',$uid,'nopush'));
+
+					notice( sprintf( (($pflags & PAGE_CENSORED) ? t("Channel '%s' censored"): t("Channel '%s' uncensored")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL);
+				}; break;
+
+				case "code":{
+					check_form_security_token_redirectOnErr('/admin/channels', 'admin_channels', 't');
+					$pflags = $channel[0]['channel_pageflags'] ^ PAGE_ALLOWCODE;
+					q("UPDATE channel SET channel_pageflags = %d where channel_id = %d",
+						intval($pflags),
+						intval( $uid )
+					);
+
+					notice( sprintf( (($pflags & PAGE_ALLOWCODE) ? t("Channel '%s' code allowed"): t("Channel '%s' code disallowed")) , $channel[0]['channel_name'] . ' (' . $channel[0]['channel_address'] . ')' ) . EOL);
+				}; break;
+
+				default:
+					break;
+			}
+			goaway(z_root() . '/admin/channels' );
+		}
+
+		$key = (($_REQUEST['key']) ? dbesc($_REQUEST['key']) : 'channel_id');
+		$dir = 'asc';
+		if(array_key_exists('dir',$_REQUEST))
+			$dir = ((intval($_REQUEST['dir'])) ? 'asc' : 'desc');
+
+		$base = z_root() . '/admin/channels?f=';
+		$odir = (($dir === 'asc') ? '0' : '1');
+
+		/* get channels */
+
+		$total = q("SELECT count(*) as total FROM channel where channel_removed = 0 and channel_system = 0");
+		if($total) {
+			\App::set_pager_total($total[0]['total']);
+			\App::set_pager_itemspage(100);
+		}
+
+		$channels = q("SELECT * from channel where channel_removed = 0 and channel_system = 0 order by $key $dir limit %d offset %d ",
+			intval(\App::$pager['itemspage']),
+			intval(\App::$pager['start'])
+		);
+
+		if($channels) {
+			for($x = 0; $x < count($channels); $x ++) {
+				if($channels[$x]['channel_pageflags'] & PAGE_CENSORED)
+					$channels[$x]['blocked'] = true;
+				else
+					$channels[$x]['blocked'] = false;
+
+				if($channels[$x]['channel_pageflags'] & PAGE_ALLOWCODE)
+					$channels[$x]['allowcode'] = true;
+				else
+					$channels[$x]['allowcode'] = false;
+			}
+		}
+
+		$t = get_markup_template('admin_channels.tpl');
+		$o = replace_macros($t, array(
+			// strings //
+			'$title' => t('Administration'),
+			'$page' => t('Channels'),
+			'$submit' => t('Submit'),
+			'$select_all' => t('select all'),
+			'$delete' => t('Delete'),
+			'$block' => t('Censor'),
+			'$unblock' => t('Uncensor'),
+			'$code' => t('Allow Code'),
+			'$uncode' => t('Disallow Code'),
+			'$h_channels' => t('Channel'),
+			'$base' => $base,
+			'$odir' => $odir,
+			'$th_channels' => array(
+					[ t('UID'), 'channel_id' ],
+					[ t('Name'), 'channel_name' ],
+					[ t('Address'), 'channel_address' ]),
+
+			'$confirm_delete_multi' => t('Selected channels will be deleted!\n\nEverything that was posted in these channels on this site will be permanently deleted!\n\nAre you sure?'),
+			'$confirm_delete' => t('The channel {0} will be deleted!\n\nEverything that was posted in this channel on this site will be permanently deleted!\n\nAre you sure?'),
+
+			'$form_security_token' => get_form_security_token('admin_channels'),
+
+			// values //
+			'$baseurl' => z_root(),
+			'$channels' => $channels,
+		));
+		$o .= paginate($a);
+
+		return $o;
+	}
+
+}

Zotlabs/Module/Admin/Dbsync.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+
+class Dbsync {
+	
+
+
+
+	function get() {
+		$o = '';
+	
+		if(argc() > 3 && intval(argv(3)) && argv(2) === 'mark') {
+			set_config('database', 'update_r' . intval(argv(3)), 'success');
+			if(intval(get_config('system','db_version')) <= intval(argv(3)))
+				set_config('system','db_version',intval(argv(3)) + 1);
+			info( t('Update has been marked successful') . EOL);
+			goaway(z_root() . '/admin/dbsync');
+		}
+	
+		if(argc() > 2 && intval(argv(2))) {
+			require_once('install/update.php');
+			$func = 'update_r' . intval(argv(2));
+			if(function_exists($func)) {
+				$retval = $func();
+				if($retval === UPDATE_FAILED) {
+					$o .= sprintf( t('Executing %s failed. Check system logs.'), $func); 
+				}
+				elseif($retval === UPDATE_SUCCESS) {
+					$o .= sprintf( t('Update %s was successfully applied.'), $func);
+					set_config('database',$func, 'success');
+				}
+				else
+					$o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $func);
+			}
+			else
+				$o .= sprintf( t('Update function %s could not be found.'), $func);
+	
+			return $o;
+		}
+	
+		$failed = array();
+		$r = q("select * from config where cat = 'database' ");
+		if(count($r)) {
+			foreach($r as $rr) {
+				$upd = intval(substr($rr['k'],8));
+				if($rr['v'] === 'success')
+					continue;
+				$failed[] = $upd;
+			}
+		}
+		if(! count($failed))
+			return '<div class="generic-content-wrapper-styled"><h3>' . t('No failed updates.') . '</h3></div>';
+	
+		$o = replace_macros(get_markup_template('failed_updates.tpl'),array(
+			'$base' => z_root(),
+			'$banner' => t('Failed Updates'),
+			'$desc' => '',
+			'$mark' => t('Mark success (if update was manually applied)'),
+			'$apply' => t('Attempt to execute this update step automatically'),
+			'$failed' => $failed
+		));
+	
+		return $o;
+	}
+}

Zotlabs/Module/Admin/Features.php

@@ -0,0 +1,74 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+
+class Features {
+
+	
+	function post() {
+	
+		check_form_security_token_redirectOnErr('/admin/features', 'admin_manage_features');
+	
+		logger('postvars: ' . print_r($_POST,true));
+	
+		$arr = array();
+		$features = get_features(false);
+	
+		foreach($features as $fname => $fdata) {
+			foreach(array_slice($fdata,1) as $f) {
+				$feature = $f[0];
+	
+				if(array_key_exists('feature_' . $feature,$_POST))
+					$val = intval($_POST['feature_' . $feature]);
+				else
+					$val = 0;
+				set_config('feature',$feature,$val);
+	
+				if(array_key_exists('featurelock_' . $feature,$_POST))
+					set_config('feature_lock',$feature,$val);
+				else
+					del_config('feature_lock',$feature);
+			}
+		}
+	
+		goaway(z_root() . '/admin/features' );
+	
+	}
+	
+	function get() {
+		
+		if((argc() > 1) && (argv(1) === 'features')) {
+			$arr = array();
+			$features = get_features(false);
+	
+			foreach($features as $fname => $fdata) {
+				$arr[$fname] = array();
+				$arr[$fname][0] = $fdata[0];
+				foreach(array_slice($fdata,1) as $f) {
+	
+					$set = get_config('feature',$f[0]);
+					if($set === false)
+						$set = $f[3];
+					$arr[$fname][1][] = array(
+						array('feature_' .$f[0],$f[1],$set,$f[2],array(t('Off'),t('On'))),
+						array('featurelock_' .$f[0],sprintf( t('Lock feature %s'),$f[1]),(($f[4] !== false) ? 1 : 0),'',array(t('Off'),t('On')))
+					);
+				}
+			}
+			
+			$tpl = get_markup_template("admin_settings_features.tpl");
+			$o .= replace_macros($tpl, array(
+				'$form_security_token' => get_form_security_token("admin_manage_features"),
+				'$title'	=> t('Manage Additional Features'),
+				'$features' => $arr,
+				'$submit'   => t('Submit'),
+			));
+	
+			return $o;
+		}
+	}
+	
+
+}

Zotlabs/Module/Admin/Logs.php

@@ -0,0 +1,101 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+class Logs {
+
+
+	
+	/**
+	 * @brief POST handler for logs admin page.
+	 *
+	 */
+
+	function post() {
+		if (x($_POST, 'page_logs')) {
+			check_form_security_token_redirectOnErr('/admin/logs', 'admin_logs');
+	
+			$logfile   = ((x($_POST,'logfile'))   ? notags(trim($_POST['logfile'])) : '');
+			$debugging = ((x($_POST,'debugging')) ? true : false);
+			$loglevel  = ((x($_POST,'loglevel'))  ? intval(trim($_POST['loglevel'])) : 0);
+	
+			set_config('system','logfile', $logfile);
+			set_config('system','debugging',  $debugging);
+			set_config('system','loglevel', $loglevel);
+		}
+	
+		info( t('Log settings updated.') );
+		goaway(z_root() . '/admin/logs' );
+	}
+	
+	/**
+	 * @brief Logs admin page.
+	 *
+	 * @return string
+	 */
+
+	function get() {
+	
+		$log_choices = Array(
+			LOGGER_NORMAL => 'Normal',
+			LOGGER_TRACE => 'Trace',
+			LOGGER_DEBUG => 'Debug',
+			LOGGER_DATA => 'Data',
+			LOGGER_ALL => 'All'
+		);
+	
+		$t = get_markup_template('admin_logs.tpl');
+	
+		$f = get_config('system', 'logfile');
+	
+		$data = '';
+	
+		if(!file_exists($f)) {
+			$data = t("Error trying to open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f exist and is 
+	readable.");
+		}
+		else {
+			$fp = fopen($f, 'r');
+			if(!$fp) {
+				$data = t("Couldn't open <strong>$f</strong> log file.\r\n<br/>Check to see if file $f is readable.");
+			}
+			else {
+				$fstat = fstat($fp);
+				$size = $fstat['size'];
+				if($size != 0)
+				{
+					if($size > 5000000 || $size < 0)
+						$size = 5000000;
+					$seek = fseek($fp,0-$size,SEEK_END);
+					if($seek === 0) {
+						$data = escape_tags(fread($fp,$size));
+						while(! feof($fp))
+							$data .= escape_tags(fread($fp,4096));
+					}
+				}
+				fclose($fp);
+			}
+		}
+	
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Logs'),
+			'$submit' => t('Submit'),
+			'$clear' => t('Clear'),
+			'$data' => $data,
+			'$baseurl' => z_root(),
+			'$logname' =>  get_config('system','logfile'),
+	
+			// name, label, value, help string, extra data...
+			'$debugging' => array('debugging', t("Debugging"),get_config('system','debugging'), ""),
+			'$logfile'   => array('logfile', t("Log file"), get_config('system','logfile'), t("Must be writable by web server. Relative to your top-level webserver directory.")),
+			'$loglevel'  => array('loglevel', t("Log level"), get_config('system','loglevel'), "", $log_choices),
+	
+			'$form_security_token' => get_form_security_token('admin_logs'),
+		));
+	}
+	
+
+
+}

Zotlabs/Module/Admin/Plugins.php

@@ -0,0 +1,475 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+use \Zotlabs\Storage\GitRepo as GitRepo;
+
+class Plugins {
+
+
+	function post() {
+
+		if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) {
+			@include_once("addon/" . argv(2) . "/" . argv(2) . ".php");
+			if(function_exists(argv(2).'_plugin_admin_post')) {
+				$func = argv(2) . '_plugin_admin_post';
+				$func($a);
+			}
+				
+			goaway(z_root() . '/admin/plugins/' . argv(2) );
+
+		}
+		elseif(argc() > 2) {
+			switch(argv(2)) {
+				case 'updaterepo':
+					if (array_key_exists('repoName', $_REQUEST)) {
+						$repoName = $_REQUEST['repoName'];
+					} 
+					else {
+						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
+					}
+					$extendDir = 'store/[data]/git/sys/extend';
+					$addonDir = $extendDir . '/addon';
+					if (!file_exists($extendDir)) {
+						if (!mkdir($extendDir, 0770, true)) {
+							logger('Error creating extend folder: ' . $extendDir);
+							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+						}
+						else {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
+								logger('Error creating symlink to addon folder: ' . $addonDir);
+								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+							}
+						}
+					}
+					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
+					if (!is_dir($repoDir)) {
+						logger('Repo directory does not exist: ' . $repoDir);
+						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
+					}
+					if (!is_writable($repoDir)) {
+						logger('Repo directory not writable to web server: ' . $repoDir);
+						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
+					}
+					$git = new GitRepo('sys', null, false, $repoName, $repoDir);
+					try {
+						if ($git->pull()) {
+							$files = array_diff(scandir($repoDir), array('.', '..'));
+							foreach ($files as $file) {
+								if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
+									$source = '../extend/addon/' . $repoName . '/' . $file;
+									$target = realpath('addon/') . '/' . $file;
+									unlink($target);
+									if (!symlink($source, $target)) {
+										logger('Error linking addons to /addon');
+										json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
+									}
+								}
+							}
+							json_return_and_die(array('message' => 'Repo updated.', 'success' => true));
+						} else {
+							json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
+						}
+					} catch (\PHPGit\Exception\GitException $e) {
+						json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
+					}
+				case 'removerepo':
+					if (array_key_exists('repoName', $_REQUEST)) {
+						$repoName = $_REQUEST['repoName'];
+					} else {
+						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
+					}
+					$extendDir = 'store/[data]/git/sys/extend';
+					$addonDir = $extendDir . '/addon';
+					if (!file_exists($extendDir)) {
+						if (!mkdir($extendDir, 0770, true)) {
+							logger('Error creating extend folder: ' . $extendDir);
+							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+						} else {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
+								logger('Error creating symlink to addon folder: ' . $addonDir);
+								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+							}
+						}
+					}
+					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
+					if (!is_dir($repoDir)) {
+						logger('Repo directory does not exist: ' . $repoDir);
+						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
+					}
+					if (!is_writable($repoDir)) {
+						logger('Repo directory not writable to web server: ' . $repoDir);
+						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
+					}
+					// TODO: remove directory and unlink /addon/files
+					if (rrmdir($repoDir)) {
+						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
+					} else {
+						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
+					}
+				case 'installrepo':
+					require_once('library/markdown.php');
+					if (array_key_exists('repoURL', $_REQUEST)) {
+						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies					
+						$repoURL = $_REQUEST['repoURL'];
+						$extendDir = 'store/[data]/git/sys/extend';
+						$addonDir = $extendDir . '/addon';
+						if (!file_exists($extendDir)) {
+							if (!mkdir($extendDir, 0770, true)) {
+								logger('Error creating extend folder: ' . $extendDir);
+								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+							} else {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
+									logger('Error creating symlink to addon folder: ' . $addonDir);
+									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+								}
+							}
+						}
+						if (!is_writable($extendDir)) {
+							logger('Directory not writable to web server: ' . $extendDir);
+							json_return_and_die(array('message' => 'Directory not writable to web server.', 'success' => false));
+						}
+						$repoName = null;
+						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
+							$repoName = $_REQUEST['repoName'];
+						} else {
+							$repoName = GitRepo::getRepoNameFromURL($repoURL);
+						}
+						if (!$repoName) {
+							logger('Invalid git repo');
+							json_return_and_die(array('message' => 'Invalid git repo', 'success' => false));
+						}
+						$repoDir = $addonDir . '/' . $repoName;
+						$tempRepoBaseDir = 'store/[data]/git/sys/temp/';
+						$tempAddonDir = $tempRepoBaseDir . $repoName;
+
+						if (!is_writable($addonDir) || !is_writable($tempAddonDir)) {
+							logger('Temp repo directory or /extend/addon not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => 'Temp repo directory not writable to web server.', 'success' => false));
+						}
+						rename($tempAddonDir, $repoDir);
+
+						if (!is_writable(realpath('addon/'))) {
+							logger('/addon directory not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => '/addon directory not writable to web server.', 'success' => false));
+						}
+						$files = array_diff(scandir($repoDir), array('.', '..'));
+						foreach ($files as $file) {
+							if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
+								$source = '../extend/addon/' . $repoName . '/' . $file;
+								$target = realpath('addon/') . '/' . $file;
+								unlink($target);
+								if (!symlink($source, $target)) {
+									logger('Error linking addons to /addon');
+									json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
+								}
+							}
+						}
+						$git = new GitRepo('sys', $repoURL, false, $repoName, $repoDir);
+						$repo = $git->probeRepo();
+						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
+					}
+				case 'addrepo':
+					require_once('library/markdown.php');
+					if (array_key_exists('repoURL', $_REQUEST)) {
+						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies					
+						$repoURL = $_REQUEST['repoURL'];
+						$extendDir = 'store/[data]/git/sys/extend';
+						$addonDir = $extendDir . '/addon';
+						$tempAddonDir = realpath('store/[data]') . '/git/sys/temp';
+						if (!file_exists($extendDir)) {
+							if (!mkdir($extendDir, 0770, true)) {
+								logger('Error creating extend folder: ' . $extendDir);
+								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+							} else {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
+									logger('Error creating symlink to addon folder: ' . $addonDir);
+									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+								}
+							}
+						}
+						if (!is_dir($tempAddonDir)) {
+							if (!mkdir($tempAddonDir, 0770, true)) {
+								logger('Error creating temp plugin repo folder: ' . $tempAddonDir);
+								json_return_and_die(array('message' => 'Error creating temp plugin repo folder: ' . $tempAddonDir, 'success' => false));
+							}
+						}
+						$repoName = null;
+						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
+							$repoName = $_REQUEST['repoName'];
+						} else {
+							$repoName = GitRepo::getRepoNameFromURL($repoURL);
+						}
+						if (!$repoName) {
+							logger('Invalid git repo');
+							json_return_and_die(array('message' => 'Invalid git repo: ' . $repoName, 'success' => false));
+						}
+						$repoDir = $tempAddonDir . '/' . $repoName;
+						if (!is_writable($tempAddonDir)) {
+							logger('Temporary directory for new addon repo is not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => 'Temporary directory for new addon repo is not writable to web server.', 'success' => false));
+						}
+						// clone the repo if new automatically
+						$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
+
+						$remotes = $git->git->remote();
+						$fetchURL = $remotes['origin']['fetch'];
+						if ($fetchURL !== $git->url) {
+							if (rrmdir($repoDir)) {
+								$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
+							} else {
+								json_return_and_die(array('message' => 'Error deleting existing addon repo.', 'success' => false));
+							}
+						}
+						$repo = $git->probeRepo();
+						$repo['readme'] = $repo['manifest'] = null;
+						foreach ($git->git->tree('master') as $object) {
+							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
+								$repo['readme'] = Markdown($git->git->cat->blob($object['hash']));
+							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
+								$repo['manifest'] = $git->git->cat->blob($object['hash']);
+							}
+						}
+						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
+					} else {
+						json_return_and_die(array('message' => 'No repo URL provided', 'success' => false));
+					}
+					break;
+				default:
+					break;
+			}
+		}
+	}
+
+
+	function get() {
+
+		/*
+		 * Single plugin
+		 */
+
+		if (\App::$argc == 3){
+			$plugin = \App::$argv[2];
+			if (!is_file("addon/$plugin/$plugin.php")){
+				notice( t("Item not found.") );
+				return '';
+			}
+	
+			$enabled = in_array($plugin,\App::$plugins);
+			$info = get_plugin_info($plugin);
+			$x = check_plugin_versions($info);
+	
+			// disable plugins which are installed but incompatible versions
+	
+			if($enabled && ! $x) {
+				$enabled = false;
+				$idz = array_search($plugin, \App::$plugins);
+				if ($idz !== false) {
+					unset(\App::$plugins[$idz]);
+					uninstall_plugin($plugin);
+					set_config("system","addon", implode(", ",\App::$plugins));
+				}
+			}
+			$info['disabled'] = 1-intval($x);
+	
+			if (x($_GET,"a") && $_GET['a']=="t"){
+				check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't');
+				$pinstalled = false;
+				// Toggle plugin status
+				$idx = array_search($plugin, \App::$plugins);
+				if ($idx !== false){
+					unset(\App::$plugins[$idx]);
+					uninstall_plugin($plugin);
+					$pinstalled = false;
+					info( sprintf( t("Plugin %s disabled."), $plugin ) );
+				} else {
+					\App::$plugins[] = $plugin;
+					install_plugin($plugin);
+					$pinstalled = true;
+					info( sprintf( t("Plugin %s enabled."), $plugin ) );
+				}
+				set_config("system","addon", implode(", ",\App::$plugins));
+
+				if($pinstalled) {
+					@require_once("addon/$plugin/$plugin.php");
+					if(function_exists($plugin.'_plugin_admin'))
+						goaway(z_root() . '/admin/plugins/' . $plugin);
+				}
+				goaway(z_root() . '/admin/plugins' );
+			}
+			// display plugin details
+			require_once('library/markdown.php');
+	
+			if (in_array($plugin, \App::$plugins)){
+				$status = 'on';
+				$action = t('Disable');
+			} else {
+				$status = 'off';
+				$action =  t('Enable');
+			}
+	
+			$readme = null;
+			if (is_file("addon/$plugin/README.md")){
+				$readme = file_get_contents("addon/$plugin/README.md");
+				$readme = Markdown($readme);
+			} else if (is_file("addon/$plugin/README")){
+				$readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
+			}
+	
+			$admin_form = '';
+	
+			$r = q("select * from addon where plugin_admin = 1 and aname = '%s' limit 1",
+				dbesc($plugin)
+			);
+	
+			if($r) {
+				@require_once("addon/$plugin/$plugin.php");
+				if(function_exists($plugin.'_plugin_admin')) {
+					$func = $plugin.'_plugin_admin';
+					$func($a, $admin_form);
+				}
+			}
+	
+	
+			$t = get_markup_template('admin_plugins_details.tpl');
+			return replace_macros($t, array(
+				'$title' => t('Administration'),
+				'$page' => t('Plugins'),
+				'$toggle' => t('Toggle'),
+				'$settings' => t('Settings'),
+				'$baseurl' => z_root(),
+	
+				'$plugin' => $plugin,
+				'$status' => $status,
+				'$action' => $action,
+				'$info' => $info,
+				'$str_author' => t('Author: '),
+				'$str_maintainer' => t('Maintainer: '),
+				'$str_minversion' => t('Minimum project version: '),
+				'$str_maxversion' => t('Maximum project version: '),
+				'$str_minphpversion' => t('Minimum PHP version: '),
+				'$str_serverroles' => t('Compatible Server Roles: '),
+				'$str_requires' => t('Requires: '),
+				'$disabled' => t('Disabled - version incompatibility'),
+	
+				'$admin_form' => $admin_form,
+				'$function' => 'plugins',
+				'$screenshot' => '',
+				'$readme' => $readme,
+	
+				'$form_security_token' => get_form_security_token('admin_plugins'),
+			));
+		}
+	
+	
+		/*
+		 * List plugins
+		 */
+		$plugins = array();
+		$files = glob('addon/*/');
+		if($files) {
+			foreach($files as $file) {
+				if (is_dir($file)){
+					list($tmp, $id) = array_map('trim', explode('/', $file));
+					$info = get_plugin_info($id);
+					$enabled = in_array($id,\App::$plugins);
+					$x = check_plugin_versions($info);
+	
+					// disable plugins which are installed but incompatible versions
+	
+					if($enabled && ! $x) {
+						$enabled = false;
+						$idz = array_search($id, \App::$plugins);
+						if ($idz !== false) {
+							unset(\App::$plugins[$idz]);
+							uninstall_plugin($id);
+							set_config("system","addon", implode(", ",\App::$plugins));
+						}
+					}
+					$info['disabled'] = 1-intval($x);
+	
+					$plugins[] = array( $id, (($enabled)?"on":"off") , $info);
+				}
+			}
+		}
+	
+		usort($plugins,'self::plugin_sort');
+
+		$allowManageRepos = false;
+		if(is_writable('extend/addon') && is_writable('store/[data]')) {
+			$allowManageRepos = true;
+		} 
+		
+		$admin_plugins_add_repo_form= replace_macros(
+			get_markup_template('admin_plugins_addrepo.tpl'), array(
+				'$post' => 'admin/plugins/addrepo',
+				'$desc' => t('Enter the public git repository URL of the plugin repo.'),
+				'$repoURL' => array('repoURL', t('Plugin repo git URL'), '', ''),
+				'$repoName' => array('repoName', t('Custom repo name'), '', '', t('(optional)')),
+				'$submit' => t('Download Plugin Repo')
+			)
+		);
+		$newRepoModalID = random_string(3);
+		$newRepoModal = replace_macros(
+			get_markup_template('generic_modal.tpl'), array(
+				'$id' => $newRepoModalID,
+				'$title' => t('Install new repo'),
+				'$ok' => t('Install'),
+				'$cancel' => t('Cancel')
+			)
+		);
+			
+		$reponames = $this->listAddonRepos();
+		$addonrepos = [];
+		foreach($reponames as $repo) {
+			$addonrepos[] = array('name' => $repo, 'description' => '');
+			// TODO: Parse repo info to provide more information about repos
+		}
+		
+		$t = get_markup_template('admin_plugins.tpl');
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Plugins'),
+			'$submit' => t('Submit'),
+			'$baseurl' => z_root(),
+			'$function' => 'plugins',
+			'$plugins' => $plugins,
+			'$disabled' => t('Disabled - version incompatibility'),
+			'$form_security_token' => get_form_security_token('admin_plugins'),
+			'$allowManageRepos' => $allowManageRepos,
+			'$managerepos' => t('Manage Repos'),
+			'$installedtitle' => t('Installed Plugin Repositories'),
+			'$addnewrepotitle' =>	t('Install a New Plugin Repository'),
+			'$expandform' => false,
+			'$form' => $admin_plugins_add_repo_form,
+			'$newRepoModal' => $newRepoModal,
+			'$newRepoModalID' => $newRepoModalID,
+			'$addonrepos' => $addonrepos,
+			'$repoUpdateButton' => t('Update'),
+			'$repoBranchButton' => t('Switch branch'),
+			'$repoRemoveButton' => t('Remove')
+		));
+	}
+
+	function listAddonRepos() {
+		$addonrepos = [];
+		$addonDir = 'extend/addon/';
+		if(is_dir($addonDir)) {
+			if ($handle = opendir($addonDir)) {
+				while (false !== ($entry = readdir($handle))) {
+					if ($entry != "." && $entry != "..") {
+						$addonrepos[] = $entry;
+					}
+				}
+				closedir($handle);
+			}
+		}
+		return $addonrepos;
+	}
+
+	static public function plugin_sort($a,$b) {
+		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
+	}
+
+
+}

Zotlabs/Module/Admin/Profs.php

@@ -0,0 +1,169 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+class Profs {
+
+	function post() {
+	
+		if(array_key_exists('basic',$_REQUEST)) {
+			$arr = explode(',',$_REQUEST['basic']);
+			for($x = 0; $x < count($arr); $x ++) 
+				if(trim($arr[$x]))
+					$arr[$x] = trim($arr[$x]);
+			set_config('system','profile_fields_basic',$arr);
+	
+			if(array_key_exists('advanced',$_REQUEST)) {
+				$arr = explode(',',$_REQUEST['advanced']);
+				for($x = 0; $x < count($arr); $x ++)
+					if(trim($arr[$x]))
+						$arr[$x] = trim($arr[$x]);
+				set_config('system','profile_fields_advanced',$arr);
+			}
+			goaway(z_root() . '/admin/profs');
+		}
+	
+	
+		if(array_key_exists('field_name',$_REQUEST)) {
+			if($_REQUEST['id']) {
+				$r = q("update profdef set field_name = '%s', field_type = '%s', field_desc = '%s' field_help = '%s', field_inputs = '%s' where id = %d",
+					dbesc($_REQUEST['field_name']),
+					dbesc($_REQUEST['field_type']),
+					dbesc($_REQUEST['field_desc']),
+					dbesc($_REQUEST['field_help']),
+					dbesc($_REQUEST['field_inputs']),
+					intval($_REQUEST['id'])
+				);
+			}
+			else {
+				$r = q("insert into profdef ( field_name, field_type, field_desc, field_help, field_inputs ) values ( '%s' , '%s', '%s', '%s', '%s' )",
+					dbesc($_REQUEST['field_name']),
+					dbesc($_REQUEST['field_type']),
+					dbesc($_REQUEST['field_desc']),
+					dbesc($_REQUEST['field_help']),
+					dbesc($_REQUEST['field_inputs'])
+				);
+			}
+		}
+	
+	
+		// add to chosen array basic or advanced
+	
+		goaway(z_root() . '/admin/profs');
+	}
+	
+	function get() {
+	
+		if((argc() > 3) && argv(2) == 'drop' && intval(argv(3))) {
+			$r = q("delete from profdef where id = %d",
+				intval(argv(3))
+			);
+			// remove from allowed fields
+	
+			goaway(z_root() . '/admin/profs');	
+		}
+	
+		if((argc() > 2) && argv(2) === 'new') {
+			return replace_macros(get_markup_template('profdef_edit.tpl'),array(
+				'$header' => t('New Profile Field'),
+				'$field_name' => array('field_name',t('Field nickname'),$_REQUEST['field_name'],t('System name of field')),
+				'$field_type' => array('field_type',t('Input type'),(($_REQUEST['field_type']) ? $_REQUEST['field_type'] : 'text'),''),
+				'$field_desc' => array('field_desc',t('Field Name'),$_REQUEST['field_desc'],t('Label on profile pages')),
+				'$field_help' => array('field_help',t('Help text'),$_REQUEST['field_help'],t('Additional info (optional)')),
+				'$submit' => t('Save')
+			));
+		}
+	
+		if((argc() > 2) && intval(argv(2))) {
+			$r = q("select * from profdef where id = %d limit 1",
+				intval(argv(2))
+			);
+			if(! $r) {
+				notice( t('Field definition not found') . EOL);
+				goaway(z_root() . '/admin/profs');
+			}
+	
+			return replace_macros(get_markup_template('profdef_edit.tpl'),array(
+				'$id' => intval($r[0]['id']),
+				'$header' => t('Edit Profile Field'),
+				'$field_name' => array('field_name',t('Field nickname'),$r[0]['field_name'],t('System name of field')),
+				'$field_type' => array('field_type',t('Input type'),$r[0]['field_type'],''),
+				'$field_desc' => array('field_desc',t('Field Name'),$r[0]['field_desc'],t('Label on profile pages')),
+				'$field_help' => array('field_help',t('Help text'),$r[0]['field_help'],t('Additional info (optional)')),
+				'$submit' => t('Save')
+			));
+		}
+	
+		$basic = '';
+		$barr = array();
+		$fields = get_profile_fields_basic();
+		if(! $fields)
+			$fields = get_profile_fields_basic(1);
+		if($fields) {
+			foreach($fields as $k => $v) {
+				if($basic)
+					$basic .= ', ';
+				$basic .= trim($k);
+				$barr[] = trim($k);
+			}
+		}
+	
+		$advanced = '';
+		$fields = get_profile_fields_advanced();
+		if(! $fields)
+			$fields = get_profile_fields_advanced(1);
+		if($fields) {
+			foreach($fields as $k => $v) {
+				if(in_array(trim($k),$barr))
+					continue;
+				if($advanced)
+					$advanced .= ', ';
+				$advanced .= trim($k);
+			}
+		}
+	
+		$all = '';
+		$fields = get_profile_fields_advanced(1);
+		if($fields) {
+			foreach($fields as $k => $v) {
+				if($all)
+					$all .= ', ';
+				$all .= trim($k);
+			}
+		}
+	
+		$r = q("select * from profdef where true");
+		if($r) {
+			foreach($r as $rr) {
+				if($all)
+					$all .= ', ';
+				$all .= $rr['field_name'];
+			}
+		}
+	
+		
+		$o = replace_macros(get_markup_template('admin_profiles.tpl'),array(
+			'$title' => t('Profile Fields'),
+			'$basic' => array('basic',t('Basic Profile Fields'),$basic,''),
+			'$advanced' => array('advanced',t('Advanced Profile Fields'),$advanced,t('(In addition to basic fields)')),
+			'$all' => $all,
+			'$all_desc' => t('All available fields'),
+			'$cust_field_desc' => t('Custom Fields'),
+			'$cust_fields' => $r,
+			'$edit' => t('Edit'),
+			'$drop' => t('Delete'),
+			'$new' => t('Create Custom Field'),		
+			'$submit' => t('Submit')
+		));
+	
+		return $o;
+	
+	
+	}
+
+
+
+
+
+}

Zotlabs/Module/Admin/Queue.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+
+class Queue {
+
+
+	
+	function get() {
+
+		$o = '';
+	
+		$expert = ((array_key_exists('expert',$_REQUEST)) ? intval($_REQUEST['expert']) : 0);
+	
+		if($_REQUEST['drophub']) {
+			hubloc_mark_as_down($_REQUEST['drophub']);
+			remove_queue_by_posturl($_REQUEST['drophub']);
+		}
+	
+		if($_REQUEST['emptyhub']) {
+			remove_queue_by_posturl($_REQUEST['emptyhub']);
+		}
+	
+		$r = q("select count(outq_posturl) as total, max(outq_priority) as priority, outq_posturl from outq 
+			where outq_delivered = 0 group by outq_posturl order by total desc");
+	
+		for($x = 0; $x < count($r); $x ++) {
+			$r[$x]['eurl'] = urlencode($r[$x]['outq_posturl']);
+			$r[$x]['connected'] = datetime_convert('UTC',date_default_timezone_get(),$r[$x]['connected'],'Y-m-d');
+		}
+	
+		$o = replace_macros(get_markup_template('admin_queue.tpl'), array(
+			'$banner' => t('Queue Statistics'),
+			'$numentries' => t('Total Entries'),
+			'$priority' => t('Priority'),
+			'$desturl' => t('Destination URL'),
+			'$nukehub' => t('Mark hub permanently offline'),
+			'$empty' => t('Empty queue for this hub'),
+			'$lastconn' => t('Last known contact'),
+			'$hasentries' => ((count($r)) ? true : false),
+			'$entries' => $r,
+			'$expert' => $expert
+		));
+	
+		return $o;
+	}
+	
+
+
+
+}

Zotlabs/Module/Admin/Security.php

@@ -0,0 +1,123 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+class Security {
+
+	function post() {
+		check_form_security_token_redirectOnErr('/admin/security', 'admin_security');
+	
+		$allowed_email        = ((x($_POST,'allowed_email'))	    ? notags(trim($_POST['allowed_email']))		: '');
+		$not_allowed_email    = ((x($_POST,'not_allowed_email'))	? notags(trim($_POST['not_allowed_email']))		: '');
+
+		set_config('system','allowed_email', $allowed_email);
+		set_config('system','not_allowed_email', $not_allowed_email);	
+
+		$block_public         = ((x($_POST,'block_public'))		? True	: False);
+		set_config('system','block_public',$block_public);
+	
+		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
+		set_config('system','whitelisted_sites',$ws);
+	
+		$bs = $this->trim_array_elems(explode("\n",$_POST['blacklisted_sites']));
+		set_config('system','blacklisted_sites',$bs);
+	
+		$wc = $this->trim_array_elems(explode("\n",$_POST['whitelisted_channels']));
+		set_config('system','whitelisted_channels',$wc);
+	
+		$bc = $this->trim_array_elems(explode("\n",$_POST['blacklisted_channels']));
+		set_config('system','blacklisted_channels',$bc);
+	
+		$embed_sslonly         = ((x($_POST,'embed_sslonly'))		? True	: False);
+		set_config('system','embed_sslonly',$embed_sslonly);
+	
+		$we = $this->trim_array_elems(explode("\n",$_POST['embed_allow']));
+		set_config('system','embed_allow',$we);
+	
+		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
+		set_config('system','embed_deny',$be);
+	
+		$ts = ((x($_POST,'transport_security')) ? True : False);
+		set_config('system','transport_security_header',$ts);
+
+		$cs = ((x($_POST,'content_security')) ? True : False);
+		set_config('system','content_security_policy',$cs);
+
+		goaway(z_root() . '/admin/security');
+	}
+	
+	
+
+	function get() {
+	
+		$whitesites = get_config('system','whitelisted_sites');
+		$whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : '');
+	
+		$blacksites = get_config('system','blacklisted_sites');
+		$blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : '');
+	
+	
+		$whitechannels = get_config('system','whitelisted_channels');
+		$whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : '');
+	
+		$blackchannels = get_config('system','blacklisted_channels');
+		$blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : '');
+	
+	
+		$whiteembeds = get_config('system','embed_allow');
+		$whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : '');
+	
+		$blackembeds = get_config('system','embed_deny');
+		$blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : '');
+	
+		$embed_coop = intval(get_config('system','embed_coop'));
+	
+		if((! $whiteembeds) && (! $blackembeds)) {
+			$embedhelp1 = t("By default, unfiltered HTML is allowed in embedded media. This is inherently insecure.");
+		}
+
+		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
+		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
+		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
+	
+		$t = get_markup_template('admin_security.tpl');
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Security'),
+			'$form_security_token' => get_form_security_token('admin_security'),
+	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
+			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
+			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
+			'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),
+			'$not_allowed_email'	=> array('not_allowed_email', t("Not allowed email domains"), get_config('system','not_allowed_email'), t("Comma separated list of domains which are not allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains, unless allowed domains have been defined.")),
+			'$whitelisted_sites' => array('whitelisted_sites', t('Allow communications only from these sites'), $whitesites_str, t('One site per line. Leave empty to allow communication from anywhere by default')),
+			'$blacklisted_sites' => array('blacklisted_sites', t('Block communications from these sites'), $blacksites_str, ''),
+			'$whitelisted_channels' => array('whitelisted_channels', t('Allow communications only from these channels'), $whitechannels_str, t('One channel (hash) per line. Leave empty to allow from any channel by default')),
+			'$blacklisted_channels' => array('blacklisted_channels', t('Block communications from these channels'), $blackchannels_str, ''),
+			'$embed_sslonly' => array('embed_sslonly',t('Only allow embeds from secure (SSL) websites and links.'), intval(get_config('system','embed_sslonly')),''),
+			'$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. By default embedded content is filtered.')),
+			'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
+	
+//	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),
+
+			'$submit' => t('Submit')
+		));
+	}
+
+
+	function trim_array_elems($arr) {
+		$narr = array();
+	
+		if($arr && is_array($arr)) {
+			for($x = 0; $x < count($arr); $x ++) {
+				$y = trim($arr[$x]);
+				if($y)
+					$narr[] = $y;
+			}
+		}
+		return $narr;
+	}
+	
+	
+}

Zotlabs/Module/Admin/Site.php

@@ -0,0 +1,321 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+class Site {
+
+	/**
+	 * @brief POST handler for Admin Site Page.
+	 *
+	 */
+	function post(){
+		if (!x($_POST, 'page_site')) {
+			return;
+		}
+
+		check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
+
+		$sitename 			=	((x($_POST,'sitename'))			? notags(trim($_POST['sitename']))			: '');
+		$server_role 		=	((x($_POST,'server_role'))		? notags(trim($_POST['server_role']))		: 'standard');
+
+		$banner				=	((x($_POST,'banner'))			? trim($_POST['banner'])				: false);
+
+		$admininfo			=	((x($_POST,'admininfo'))		? trim($_POST['admininfo'])				: false);
+		$siteinfo			=	((x($_POST,'siteinfo'))		    ? trim($_POST['siteinfo'])				: '');
+		$language			=	((x($_POST,'language'))			? notags(trim($_POST['language']))			: '');
+		$theme				=	((x($_POST,'theme'))			? notags(trim($_POST['theme']))				: '');
+		$theme_mobile			=	((x($_POST,'theme_mobile'))		? notags(trim($_POST['theme_mobile']))			: '');
+//		$site_channel			=	((x($_POST,'site_channel'))	? notags(trim($_POST['site_channel']))				: '');
+		$maximagesize		=	((x($_POST,'maximagesize'))		? intval(trim($_POST['maximagesize']))				:  0);
+
+		$register_policy	=	((x($_POST,'register_policy'))	? intval(trim($_POST['register_policy']))	:  0);
+
+		$access_policy	=	((x($_POST,'access_policy'))	? intval(trim($_POST['access_policy']))	:  0);
+		$invite_only	= ((x($_POST,'invite_only'))		? True	: False);
+		$abandon_days	=	((x($_POST,'abandon_days'))	    ? intval(trim($_POST['abandon_days']))	    :  0);
+
+		$register_text		=	((x($_POST,'register_text'))	? notags(trim($_POST['register_text']))		: '');
+		$frontpage			=	((x($_POST,'frontpage'))	? notags(trim($_POST['frontpage']))		: '');
+		$mirror_frontpage	=	((x($_POST,'mirror_frontpage'))	? intval(trim($_POST['mirror_frontpage']))		: 0);
+		$directory_server	=	((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
+		$allowed_sites		=	((x($_POST,'allowed_sites'))	? notags(trim($_POST['allowed_sites']))		: '');
+		$force_publish		=	((x($_POST,'publish_all'))		? True	: False);
+		$disable_discover_tab =	((x($_POST,'disable_discover_tab'))		? False	:	True);
+		$login_on_homepage	=	((x($_POST,'login_on_homepage'))		? True	:	False);
+		$enable_context_help = ((x($_POST,'enable_context_help'))		? True	:	False);
+		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
+		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
+		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
+
+		$verifyssl         = ((x($_POST,'verifyssl'))        ? True : False);
+		$proxyuser         = ((x($_POST,'proxyuser'))        ? notags(trim($_POST['proxyuser']))  : '');
+		$proxy             = ((x($_POST,'proxy'))            ? notags(trim($_POST['proxy']))      : '');
+		$timeout           = ((x($_POST,'timeout'))          ? intval(trim($_POST['timeout']))    : 60);
+		$delivery_interval = ((x($_POST,'delivery_interval'))? intval(trim($_POST['delivery_interval'])) : 0);
+		$delivery_batch_count = ((x($_POST,'delivery_batch_count') && $_POST['delivery_batch_count'] > 0)? intval(trim($_POST['delivery_batch_count'])) : 1);
+		$poll_interval     = ((x($_POST,'poll_interval'))    ? intval(trim($_POST['poll_interval'])) : 0);
+		$maxloadavg        = ((x($_POST,'maxloadavg'))       ? intval(trim($_POST['maxloadavg'])) : 50);
+		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
+		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
+		$techlevel_lock    = ((x($_POST,'techlock'))   ? intval($_POST['techlock'])   : 0);
+
+		$techlevel         = null;
+		if(array_key_exists('techlevel', $_POST))
+			$techlevel = intval($_POST['techlevel']);
+
+		set_config('system', 'server_role', $server_role);
+		set_config('system', 'feed_contacts', $feed_contacts);
+		set_config('system', 'delivery_interval', $delivery_interval);
+		set_config('system', 'delivery_batch_count', $delivery_batch_count);
+		set_config('system', 'poll_interval', $poll_interval);
+		set_config('system', 'maxloadavg', $maxloadavg);
+		set_config('system', 'frontpage', $frontpage);
+		set_config('system', 'mirror_frontpage', $mirror_frontpage);
+		set_config('system', 'sitename', $sitename);
+		set_config('system', 'login_on_homepage', $login_on_homepage);
+		set_config('system', 'enable_context_help', $enable_context_help);
+		set_config('system', 'verify_email', $verify_email);
+		set_config('system', 'default_expire_days', $default_expire_days);
+		set_config('system', 'techlevel_lock', $techlevel_lock);
+
+		if(! is_null($techlevel))
+			set_config('system', 'techlevel', $techlevel);
+
+		if($directory_server)
+			set_config('system','directory_server',$directory_server);
+
+		if ($banner == '') {
+			del_config('system', 'banner');
+		} else {
+			set_config('system', 'banner', $banner);
+		}
+
+		if ($admininfo == ''){
+			del_config('system', 'admininfo');
+		} else {
+			require_once('include/text.php');
+			linkify_tags($a, $admininfo, local_channel());
+			set_config('system', 'admininfo', $admininfo);
+		}
+		set_config('system','siteinfo',$siteinfo);
+		set_config('system', 'language', $language);
+		set_config('system', 'theme', $theme);
+		if ( $theme_mobile === '---' ) {
+			del_config('system', 'mobile_theme');
+		} else {
+			set_config('system', 'mobile_theme', $theme_mobile);
+		}
+	//	set_config('system','site_channel', $site_channel);
+		set_config('system','maximagesize', $maximagesize);
+
+		set_config('system','register_policy', $register_policy);
+		set_config('system','invitation_only', $invite_only);
+		set_config('system','access_policy', $access_policy);
+		set_config('system','account_abandon_days', $abandon_days);
+		set_config('system','register_text', $register_text);
+		set_config('system','allowed_sites', $allowed_sites);
+		set_config('system','publish_all', $force_publish);
+		set_config('system','disable_discover_tab', $disable_discover_tab);
+		if ($global_directory == '') {
+			del_config('system', 'directory_submit_url');
+		} else {
+			set_config('system', 'directory_submit_url', $global_directory);
+		}
+
+		set_config('system','no_community_page', $no_community_page);
+		set_config('system','no_utf', $no_utf);
+		set_config('system','verifyssl', $verifyssl);
+		set_config('system','proxyuser', $proxyuser);
+		set_config('system','proxy', $proxy);
+		set_config('system','curl_timeout', $timeout);
+
+		info( t('Site settings updated.') . EOL);
+		goaway(z_root() . '/admin/site' );
+	}
+
+	/**
+	 * @brief Admin page site.
+	 *
+	 * @return string with HTML
+	 */
+	function get() {
+
+		/* Installed langs */
+		$lang_choices = array();
+		$langs = glob('view/*/hstrings.php');
+
+		if(is_array($langs) && count($langs)) {
+			if(! in_array('view/en/hstrings.php',$langs))
+				$langs[] = 'view/en/';
+			asort($langs);
+			foreach($langs as $l) {
+				$t = explode("/",$l);
+				$lang_choices[$t[1]] = $t[1];
+			}
+		}
+
+		/* Installed themes */
+		$theme_choices_mobile["---"] = t("Default");
+		$theme_choices = array();
+		$files = glob('view/theme/*');
+		if($files) {
+			foreach($files as $file) {
+				$vars = '';
+				$f = basename($file);
+
+				$info = get_theme_info($f);
+				$compatible = check_plugin_versions($info);
+				if(!$compatible) {
+					$theme_choices[$f] = $theme_choices_mobile[$f] = sprintf(t('%s - (Incompatible)'), $f);
+					continue;
+				}
+
+				if (file_exists($file . '/library'))
+					continue;
+				if (file_exists($file . '/mobile'))
+					$vars = t('mobile');
+				if (file_exists($file . '/experimental'))
+					$vars .= t('experimental');
+				if (file_exists($file . '/unsupported'))
+					$vars .= t('unsupported');
+				if ($vars) {
+					$theme_choices[$f] = $f . ' (' . $vars . ')';
+					$theme_choices_mobile[$f] = $f . ' (' . $vars . ')';
+				}
+				else {
+					$theme_choices[$f] = $f;
+					$theme_choices_mobile[$f] = $f;
+				}
+			}
+		}
+
+		$dir_choices = null;
+		$dirmode = get_config('system','directory_mode');
+		$realm = get_directory_realm();
+
+		// directory server should not be set or settable unless we are a directory client
+
+		if($dirmode == DIRECTORY_MODE_NORMAL) {
+			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'",
+				intval(DIRECTORY_MODE_SECONDARY),
+				intval(DIRECTORY_MODE_PRIMARY),
+				dbesc($realm)
+			);
+			if($x) {
+				$dir_choices = array();
+				foreach($x as $xx) {
+					$dir_choices[$xx['site_url']] = $xx['site_url'];
+				}
+			}
+		}
+
+		/* Banner */
+
+		$banner = get_config('system', 'banner');
+		if($banner === false)
+			$banner = get_config('system','sitename');
+
+		$banner = htmlspecialchars($banner);
+
+		/* Admin Info */
+		$admininfo = get_config('system', 'admininfo');
+
+		/* Register policy */
+		$register_choices = Array(
+			REGISTER_CLOSED  => t("No"),
+			REGISTER_APPROVE => t("Yes - with approval"),
+			REGISTER_OPEN    => t("Yes")
+		);
+
+		/* Acess policy */
+		$access_choices = Array(
+			ACCESS_PRIVATE => t("My site is not a public server"),
+			ACCESS_PAID => t("My site has paid access only"),
+			ACCESS_FREE => t("My site has free access only"),
+			ACCESS_TIERED => t("My site offers free accounts with optional paid upgrades")
+		);
+
+		$discover_tab = get_config('system','disable_discover_tab');
+		// $disable public streams by default
+		if($discover_tab === false)
+			$discover_tab = 1;
+		// now invert the logic for the setting.
+		$discover_tab = (1 - $discover_tab);
+
+		$server_roles = [
+			'basic'    => t('Basic/Minimal Social Networking'),
+			'standard' => t('Standard Configuration (default)'),
+			'pro'      => t('Professional')
+		];
+
+		$techlevels = [
+			'0' => t('Beginner/Basic'),
+			'1' => t('Novice - not skilled but willing to learn'),
+			'2' => t('Intermediate - somewhat comfortable'),
+			'3' => t('Advanced - very comfortable'),
+			'4' => t('Expert - I can write computer code'),
+			'5' => t('Wizard - I probably know more than you do')
+		];
+
+		$homelogin = get_config('system','login_on_homepage');
+		$enable_context_help = get_config('system','enable_context_help');
+
+		$t = get_markup_template("admin_site.tpl");
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Site'),
+			'$submit' => t('Submit'),
+			'$registration' => t('Registration'),
+			'$upload' => t('File upload'),
+			'$corporate' => t('Policies'),
+			'$advanced' => t('Advanced'),
+
+			'$baseurl' => z_root(),
+			// name, label, value, help string, extra data...
+			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
+
+			'$server_role' 		=> array('server_role', t("Server Configuration/Role"), get_config('system','server_role'),'',$server_roles),
+
+			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],
+
+			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
+
+			'$banner'			=> array('banner', t("Banner/Logo"), $banner, ""),
+			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
+			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
+			'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
+			'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
+			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
+//			'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
+			'$feed_contacts'    => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')),
+			'$maximagesize'		=> array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
+			'$register_policy'	=> array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices),
+			'$invite_only'		=> array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")),
+			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices),
+			'$register_text'	=> array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
+			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
+			'$mirror_frontpage'	=> array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')),
+			'$abandon_days'     => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
+			'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
+			'$verify_email'		=> array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")),
+			'$force_publish'	=> array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
+			'$disable_discover_tab'	=> array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')),
+			'$login_on_homepage'	=> array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
+			'$enable_context_help'	=> array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),
+
+			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),
+
+			'$proxyuser'		=> array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
+			'$proxy'			=> array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
+			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
+			'$delivery_interval'			=> array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
+			'$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")),
+			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
+			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
+			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
+			'$form_security_token' => get_form_security_token("admin_site"),
+		));
+	}
+
+}

Zotlabs/Module/Admin/Themes.php

@@ -0,0 +1,233 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+
+class Themes {
+
+	function post() {
+
+		$theme = argv(2);
+		if (is_file("view/theme/$theme/php/config.php")){
+			require_once("view/theme/$theme/php/config.php");
+			// fixme add parent theme if derived
+			if (function_exists("theme_admin_post")){
+				theme_admin_post($a);
+			}
+		}
+		info(t('Theme settings updated.'));
+		if(is_ajax()) 
+			return;
+	
+		goaway(z_root() . '/admin/themes/' . $theme );
+	}
+
+
+	
+
+	
+	/**
+	 * @brief Themes admin page.
+	 *
+	 * @return string
+	 */
+
+	function get(){
+	
+		$allowed_themes_str = get_config('system', 'allowed_themes');
+		$allowed_themes_raw = explode(',', $allowed_themes_str);
+		$allowed_themes = array();
+		if(count($allowed_themes_raw))
+			foreach($allowed_themes_raw as $x)
+				if(strlen(trim($x)))
+					$allowed_themes[] = trim($x);
+	
+		$themes = array();
+		$files = glob('view/theme/*');
+		if($files) {
+			foreach($files as $file) {
+				$f = basename($file);
+				$is_experimental = intval(file_exists($file . '/.experimental'));
+				$is_supported = 1-(intval(file_exists($file . '/.unsupported'))); // Is not used yet
+				$is_allowed = intval(in_array($f,$allowed_themes));
+				$themes[] = array('name' => $f, 'experimental' => $is_experimental, 'supported' => $is_supported, 'allowed' => $is_allowed);
+			}
+		}
+	
+		if(! count($themes)) {
+			notice( t('No themes found.'));
+			return '';
+		}
+	
+		/*
+		 * Single theme
+		 */
+	
+		if (\App::$argc == 3){
+			$theme = \App::$argv[2];
+			if(! is_dir("view/theme/$theme")){
+				notice( t("Item not found.") );
+				return '';
+			}
+	
+			if (x($_GET,"a") && $_GET['a']=="t"){
+				check_form_security_token_redirectOnErr('/admin/themes', 'admin_themes', 't');
+	
+				// Toggle theme status
+	
+				$this->toggle_theme($themes, $theme, $result);
+				$s = $this->rebuild_theme_table($themes);
+				if($result)
+					info( sprintf('Theme %s enabled.', $theme));
+				else
+					info( sprintf('Theme %s disabled.', $theme));
+	
+				set_config('system', 'allowed_themes', $s);
+				goaway(z_root() . '/admin/themes' );
+			}
+	
+			// display theme details
+			require_once('library/markdown.php');
+	
+			if ($this->theme_status($themes,$theme)) {
+				$status="on"; $action= t("Disable");
+			} else {
+				$status="off"; $action= t("Enable");
+			}
+	
+			$readme=Null;
+			if (is_file("view/theme/$theme/README.md")){
+				$readme = file_get_contents("view/theme/$theme/README.md");
+				$readme = Markdown($readme);
+			} else if (is_file("view/theme/$theme/README")){
+				$readme = "<pre>". file_get_contents("view/theme/$theme/README") ."</pre>";
+			}
+	
+			$admin_form = '';
+			if (is_file("view/theme/$theme/php/config.php")){
+				require_once("view/theme/$theme/php/config.php");
+				if(function_exists("theme_admin")){
+					$admin_form = theme_admin($a);
+				}
+			}
+	
+			$screenshot = array( get_theme_screenshot($theme), t('Screenshot'));
+			if(! stristr($screenshot[0],$theme))
+				$screenshot = null;
+	
+			$t = get_markup_template('admin_plugins_details.tpl');
+			return replace_macros($t, array(
+				'$title' => t('Administration'),
+				'$page' => t('Themes'),
+				'$toggle' => t('Toggle'),
+				'$settings' => t('Settings'),
+				'$baseurl' => z_root(),
+			
+				'$plugin' => $theme,
+				'$status' => $status,
+				'$action' => $action,
+				'$info' => get_theme_info($theme),
+				'$function' => 'themes',
+				'$admin_form' => $admin_form,
+				'$str_author' => t('Author: '),
+				'$str_maintainer' => t('Maintainer: '),
+				'$screenshot' => $screenshot,
+				'$readme' => $readme,
+	
+				'$form_security_token' => get_form_security_token('admin_themes'),
+			));
+		}
+	
+		/*
+		 * List themes
+		 */
+	
+		$xthemes = array();
+		if($themes) {
+			foreach($themes as $th) {
+				$xthemes[] = array($th['name'],(($th['allowed']) ? "on" : "off"), get_theme_info($th['name']));
+			}
+		}
+	
+		$t = get_markup_template('admin_plugins.tpl');
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Themes'),
+			'$submit' => t('Submit'),
+			'$baseurl' => z_root(),
+			'$function' => 'themes',
+			'$plugins' => $xthemes,
+			'$experimental' => t('[Experimental]'),
+			'$unsupported' => t('[Unsupported]'),
+			'$form_security_token' => get_form_security_token('admin_themes'),
+		));
+	}
+	
+
+
+	/**
+	 * @param array $themes
+	 * @param string $th
+	 * @param int $result
+	 */
+	function toggle_theme(&$themes, $th, &$result) {
+		for($x = 0; $x < count($themes); $x ++) {
+			if($themes[$x]['name'] === $th) {
+				if($themes[$x]['allowed']) {
+					$themes[$x]['allowed'] = 0;
+					$result = 0;
+				}
+				else {
+					$themes[$x]['allowed'] = 1;
+					$result = 1;
+				}
+			}
+		}
+	}
+	
+	/**
+	 * @param array $themes
+	 * @param string $th
+	 * @return int
+	 */
+	function theme_status($themes, $th) {
+		for($x = 0; $x < count($themes); $x ++) {
+			if($themes[$x]['name'] === $th) {
+				if($themes[$x]['allowed']) {
+					return 1;
+				}
+				else {
+					return 0;
+				}
+			}
+		}
+		return 0;
+	}
+	
+	
+	/**
+	 * @param array $themes
+	 * @return string
+	 */
+	function rebuild_theme_table($themes) {
+		$o = '';
+		if(count($themes)) {
+			foreach($themes as $th) {
+				if($th['allowed']) {
+					if(strlen($o))
+						$o .= ',';
+					$o .= $th['name'];
+				}
+			}
+		}
+		return $o;
+	}
+	
+
+
+
+
+
+
+
+}

Zotlabs/Module/Api.php

@@ -3,37 +3,45 @@ namespace Zotlabs\Module;
 
 require_once('include/api.php');
 
-
-
 class Api extends \Zotlabs\Web\Controller {
 
+
+	function init() {
+		zot_api_init();
+
+		api_register_func('api/client/register', 'api_client_register', false);
+		api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
+		api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
+
+		$args = [];
+		call_hooks('api_register',$args);
+
+		return;
+	}
+
 	function post() {
-	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 	
-		if(count(\App::$user) && x(\App::$user,'uid') && \App::$user['uid'] != local_channel()) {
-			notice( t('Permission denied.') . EOL);
-			return;
-		}
-	
 	}
 	
-		function get() {
-		if(\App::$cmd=='api/oauth/authorize'){
+	function get() {
+
+		if(\App::$cmd === 'api/oauth/authorize'){
 	
 			/* 
 			 * api/oauth/authorize interact with the user. return a standard page
 			 */
 			
-			\App::$page['template'] = "minimal";
+			\App::$page['template'] = 'minimal';
 					
 			// get consumer/client from request token
 			try {
 				$request = OAuth1Request::from_request();
-			} catch(Exception $e) {
+			}
+			catch(\Exception $e) {
 				echo "<pre>"; var_dump($e); killme();
 			}
 			
@@ -41,17 +49,20 @@ class Api extends \Zotlabs\Web\Controller {
 			if(x($_POST,'oauth_yes')){
 			
 				$app = $this->oauth_get_client($request);
-				if (is_null($app)) return "Invalid request. Unknown token.";
+				if (is_null($app)) 
+					return "Invalid request. Unknown token.";
+
 				$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
 	
-				$verifier = md5($app['secret'].local_channel());
-				set_config("oauth", $verifier, local_channel());
+				$verifier = md5($app['secret'] . local_channel());
+				set_config('oauth', $verifier, local_channel());
 				
 				
-				if($consumer->callback_url!=null) {
+				if($consumer->callback_url != null) {
 					$params = $request->get_parameters();
-					$glue="?";
-					if (strstr($consumer->callback_url,$glue)) $glue="?";
+					$glue = '?';
+					if(strstr($consumer->callback_url,$glue))
+						$glue = '?';
 					goaway($consumer->callback_url . $glue . "oauth_token=" . OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuth1Util::urlencode_rfc3986($verifier));
 					killme();
 				}
@@ -59,7 +70,7 @@ class Api extends \Zotlabs\Web\Controller {
 				$tpl = get_markup_template("oauth_authorize_done.tpl");
 				$o = replace_macros($tpl, array(
 					'$title' => t('Authorize application connection'),
-					'$info' => t('Return to your app and insert this Securty Code:'),
+					'$info' => t('Return to your app and insert this Security Code:'),
 					'$code' => $verifier,
 				));
 			
@@ -72,21 +83,18 @@ class Api extends \Zotlabs\Web\Controller {
 				notice( t('Please login to continue.') . EOL );
 				return login(false,'api-login',$request->get_parameters());
 			}
-			//FKOAuth1::loginUser(4);
 			
 			$app = $this->oauth_get_client($request);
-			if (is_null($app)) return "Invalid request. Unknown token.";
-			
-			
-	
-			
+			if (is_null($app))
+				return "Invalid request. Unknown token.";
+						
 			$tpl = get_markup_template('oauth_authorize.tpl');
 			$o = replace_macros($tpl, array(
-				'$title' => t('Authorize application connection'),
-				'$app' => $app,
+				'$title'     => t('Authorize application connection'),
+				'$app'       => $app,
 				'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
-				'$yes'	=> t('Yes'),
-				'$no'	=> t('No'),
+				'$yes'	     => t('Yes'),
+				'$no'	     => t('No'),
 			));
 			
 			//echo "<pre>"; var_dump($app); killme();
@@ -94,29 +102,24 @@ class Api extends \Zotlabs\Web\Controller {
 			return $o;
 		}
 		
-		echo api_call($a);
+		echo api_call();
 		killme();
 	}
 
 	function oauth_get_client($request){
 
-	
 		$params = $request->get_parameters();
-		$token = $params['oauth_token'];
+		$token  = $params['oauth_token'];
 	
-		$r = q("SELECT `clients`.* 
-			FROM `clients`, `tokens` 
-			WHERE `clients`.`client_id`=`tokens`.`client_id` 
-			AND `tokens`.`id`='%s' AND `tokens`.`auth_scope`='request'",
-			dbesc($token));
+		$r = q("SELECT clients.* FROM clients, tokens WHERE clients.client_id = tokens.client_id 
+			AND tokens.id = '%s' AND tokens.auth_scope = 'request' ",
+			dbesc($token)
+		);
+		if($r)
+			return $r[0];
 
-		if (!count($r))
-			return null;
+		return null;
 	
-		return $r[0];
 	}
 	
-	
-	
-	
 }

Zotlabs/Module/Appman.php

@@ -27,6 +27,7 @@ class Appman extends \Zotlabs\Web\Controller {
 				'price' => escape_tags($_REQUEST['price']),
 				'requires' => escape_tags($_REQUEST['requires']),
 				'system' => intval($_REQUEST['system']),
+				'plugin' => escape_tags($_REQUEST['plugin']),
 				'sig' => escape_tags($_REQUEST['sig']),
 				'categories' => escape_tags($_REQUEST['categories'])
 			);
@@ -35,8 +36,9 @@ class Appman extends \Zotlabs\Web\Controller {
 	
 			if(Zlib\Apps::app_installed(local_channel(),$arr))
 				info( t('App installed.') . EOL);
-	
-			return;
+
+			goaway(z_root() . '/apps');
+			return; //not reached
 		}
 	
 	
@@ -56,13 +58,18 @@ class Appman extends \Zotlabs\Web\Controller {
 		if($_POST['delete']) {
 			Zlib\Apps::app_destroy(local_channel(),$papp);
 		}
-	
+
 		if($_POST['edit']) {
 			return;
 		}
-	
+
+		if($_POST['feature']) {
+			Zlib\Apps::app_feature(local_channel(),$papp);
+		}
+
 		if($_SESSION['return_url']) 
 			goaway(z_root() . '/' . $_SESSION['return_url']);
+
 		goaway(z_root() . '/apps');
 	
 	
@@ -75,7 +82,7 @@ class Appman extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
 		$channel = \App::get_channel();
 		$app = null;
 		$embed = null;
@@ -121,6 +128,7 @@ class Appman extends \Zotlabs\Web\Controller {
 			'$price' => array('price', t('Price of app'),(($app) ? $app['app_price'] : ''), ''),
 			'$page' => array('page', t('Location (URL) to purchase app'),(($app) ? $app['app_page'] : ''), ''),
 			'$system' => (($app) ? intval($app['app_system']) : 0),
+			'$plugin' => (($app) ? $app['app_plugin'] : ''),
 			'$requires' => (($app) ? $app['app_requires'] : ''),
 			'$embed' => $embed,
 			'$submit' => t('Submit')

Zotlabs/Module/Apps.php

@@ -1,7 +1,6 @@
 <?php
 namespace Zotlabs\Module;
 
-//require_once('include/apps.php');
 
 use \Zotlabs\Lib as Zlib;
 
@@ -13,16 +12,15 @@ class Apps extends \Zotlabs\Web\Controller {
 			$mode = 'edit';
 		else
 			$mode = 'list';
-	
-		$_SESSION['return_url'] = \App::$cmd;
+
+		$_SESSION['return_url'] = \App::$query_string;
 	
 		$apps = array();
 	
-	
 		if(local_channel()) {
 			Zlib\Apps::import_system_apps();
 			$syslist = array();
-			$list = Zlib\Apps::app_list(local_channel(), false, $_GET['cat']);
+			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $_GET['cat']);
 			if($list) {
 				foreach($list as $x) {
 					$syslist[] = Zlib\Apps::app_encode($x);
@@ -40,12 +38,15 @@ class Apps extends \Zotlabs\Web\Controller {
 		foreach($syslist as $app) {
 			$apps[] = Zlib\Apps::app_render($app,$mode);
 		}
-	
+
 		return replace_macros(get_markup_template('myapps.tpl'), array(
 			'$sitename' => get_config('system','sitename'),
-			'$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? ' - ' . escape_tags($_GET['cat']) : ''),
+			'$cat' => ((array_key_exists('cat',$_GET) && $_GET['cat']) ? escape_tags($_GET['cat']) : ''),
 			'$title' => t('Apps'),
 			'$apps' => $apps,
+			'$authed' => ((local_channel()) ? true : false),
+			'$manage' => t('Manage apps'),
+			'$create' => (($mode == 'edit') ? t('Create new app') : '')
 		));
 	
 	}

Zotlabs/Module/Attach.php

@@ -14,7 +14,7 @@ class Attach extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		$r = attach_by_hash(argv(1),((argc() > 2) ? intval(argv(2)) : 0));
+		$r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0));
 	
 		if(! $r['success']) {
 			notice( $r['message'] . EOL);

Zotlabs/Module/Cal.php

@@ -109,7 +109,7 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 			/* edit/create form */
 			if($event_id) {
-				$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 					dbesc($event_id),
 					intval($channel['channel_id'])
 				);
@@ -209,6 +209,10 @@ class Cal extends \Zotlabs\Web\Controller {
 			$adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start);
 			$adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish);
 	
+
+			if(! perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'view_contacts'))
+				$sql_extra .= " and etype != 'birthday' ";
+
 			if (x($_GET,'id')){
 			  	$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                                from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1",
@@ -224,7 +228,7 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                              from event left join item on event_hash = resource_id 
-					where resource_type = 'event' and event.uid = %d $ignored 
+					where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
 					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
 					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) $sql_extra ",
 					intval($channel['channel_id']),
@@ -288,8 +292,8 @@ class Cal extends \Zotlabs\Web\Controller {
 						$title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8'));
 					}
 					$html = format_event_html($rr);
-					$rr['desc'] = bbcode($rr['desc']);
-					$rr['location'] = bbcode($rr['location']);
+					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
 						'hash' => $rr['event_hash'],

Zotlabs/Module/Channel.php

@@ -1,6 +1,6 @@
 <?php
-namespace Zotlabs\Module;
 
+namespace Zotlabs\Module;
 
 require_once('include/contact_widgets.php');
 require_once('include/items.php');
@@ -10,6 +10,10 @@ require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 require_once('include/permissions.php');
 
+/**
+ * @brief Channel Controller
+ *
+ */
 class Channel extends \Zotlabs\Web\Controller {
 
 	function init() {
@@ -34,26 +38,32 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
 			$which = $channel['channel_address'];
-			$profile = argv(1);		
+			$profile = argv(1);
 		}
 
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Posts and comments') . '" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n" ;
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" title="' . t('Only posts') . '" href="' . z_root() . '/feed/' . $which . '?top=1" />' . "\r\n" ;
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'title' => t('Posts and comments'),
+			'href'  => z_root() . '/feed/' . $which
+		]);
+
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'title' => t('Only posts'),
+			'href'  => z_root() . '/feed/' . $which . '?f=&top=1'
+		]);
 
-		// Not yet ready for prime time
-		//	\App::$page['htmlhead'] .= '<link rel="openid.server" href="' . z_root() . '/id/' . $which .'?f=" />' . "\r\n" ;
-		//	\App::$page['htmlhead'] .= '<link rel="openid.delegate" href="' . z_root() . '/channel/' . $which .'" />' . "\r\n" ;
 
 		// Run profile_load() here to make sure the theme is set before
 		// we start loading content
 
 		profile_load($which,$profile);
-
 	}
 
 	function get($update = 0, $load = false) {
 
-
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 
@@ -66,12 +76,13 @@ class Channel extends \Zotlabs\Web\Controller {
 		$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
 		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
 
-		if(observer_prohibited(true)) {			
+		if(observer_prohibited(true)) {
 			return login();
 		}
 
 		$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
 		$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
+		$static   = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 
 		$groups = array();
 
@@ -108,20 +119,23 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if(! $update) {
 
+			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
+
 			$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
 
 			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
 
 			if($channel && $is_owner) {
 				$channel_acl = array(
-					'allow_cid' => $channel['channel_allow_cid'], 
-					'allow_gid' => $channel['channel_allow_gid'], 
-					'deny_cid' => $channel['channel_deny_cid'], 
+					'allow_cid' => $channel['channel_allow_cid'],
+					'allow_gid' => $channel['channel_allow_gid'],
+					'deny_cid' => $channel['channel_deny_cid'],
 					'deny_gid' => $channel['channel_deny_gid']
 				);
 			}
-			else
-				$channel_acl = array(); 
+			else {
+				$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
+			}
 
 
 			if($perms['post_wall']) {
@@ -133,17 +147,18 @@ class Channel extends \Zotlabs\Web\Controller {
 					'nickname' => \App::$profile['channel_address'],
 					'lockstate' => (((strlen(\App::$profile['channel_allow_cid'])) || (strlen(\App::$profile['channel_allow_gid'])) || (strlen(\App::$profile['channel_deny_cid'])) || (strlen(\App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
 					'acl' => (($is_owner) ? populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
-					'permissions' => (($is_owner) ? $channel_acl : ''),
+					'permissions' => $channel_acl,
 					'showacl' => (($is_owner) ? 'yes' : ''),
 					'bang' => '',
 					'visitor' => (($is_owner || $observer) ? true : false),
 					'profile_uid' => \App::$profile['profile_uid'],
 					'editor_autocomplete' => true,
 					'bbco_autocomplete' => 'bbcode',
-					'bbcode' => true
-        		);
+					'bbcode' => true,
+					'jotnets' => true
+				);
 
-        		$o .= status_editor($a,$x);
+				$o .= status_editor($a,$x);
 			}
 
 		}
@@ -166,23 +181,27 @@ class Channel extends \Zotlabs\Web\Controller {
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
 		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
-		
+
 		if($update && $_SESSION['loadtime'])
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
 		if($load)
 			$simple_update = '';
 
+		if($static && $simple_update)
+			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+
 		if(($update) && (! $load)) {
 
 			if($mid) {
 				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
-					AND item_wall = 1 AND item_unseen = 1 $sql_extra limit 1",
+					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid . '%'),
 					intval(\App::$profile['profile_uid'])
 				);
-			} 
+				$_SESSION['loadtime'] = datetime_convert();
+			}
 			else {
-				$r = q("SELECT distinct parent AS `item_id`, created from item
+				$r = q("SELECT distinct parent AS item_id, created from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					WHERE uid = %d $item_normal
 					AND item_wall = 1 $simple_update
@@ -198,10 +217,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {
 
 			if(x($category)) {
-			        $sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
+				$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-			        $sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}
 
 			if($datequery) {
@@ -225,10 +244,9 @@ class Channel extends \Zotlabs\Web\Controller {
 					if (! $r) {
 						notice( t('Permission denied.') . EOL);
 					}
-
-				} 
+				}
 				else {
-					$r = q("SELECT distinct id AS item_id, created FROM item 
+					$r = q("SELECT distinct id AS item_id, created FROM item
 						left join abook on item.author_xchan = abook.abook_xchan
 						WHERE uid = %d $item_normal
 						AND item_wall = 1 and item_thread_top = 1
@@ -247,11 +265,11 @@ class Channel extends \Zotlabs\Web\Controller {
 		if($r) {
 
 			$parents_str = ids_to_querystr($r,'item_id');
- 
-			$items = q("SELECT `item`.*, `item`.`id` AS `item_id` 
-				FROM `item`
-				WHERE `item`.`uid` = %d $item_normal
-				AND `item`.`parent` IN ( %s )
+
+			$items = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE item.uid = %d $item_normal
+				AND item.parent IN ( %s )
 				$sql_extra ",
 				intval(\App::$profile['profile_uid']),
 				dbesc($parents_str)
@@ -267,8 +285,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				notice( t('Permission denied.') . EOL);
 			}
 
-		} 
-		else {
+		} else {
 			$items = array();
 		}
 
@@ -282,7 +299,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				$maxheight = 400;
 
 			$o .= '<div id="live-channel"></div>' . "\r\n";
-			$o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] 
+			$o .= "<script> var profile_uid = " . \App::$profile['profile_uid']
 				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page']
 				. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
 
@@ -301,6 +318,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$nouveau' => '0',
 				'$wall' => '1',
 				'$fh' => '0',
+				'$static'  => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$search' => '',
 				'$order' => '',
@@ -314,7 +332,6 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$dbegin' => $datequery2
 			));
 
-
 		}
 
 		$update_unseen = '';
@@ -322,10 +339,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		if($page_mode === 'list') {
 
 			/**
-			 * in "list mode", only mark the parent item and any like activities as "seen". 
+			 * in "list mode", only mark the parent item and any like activities as "seen".
 			 * We won't distinguish between comment likes and post likes. The important thing
 			 * is that the number of unseen comments will be accurate. The SQL to separate the
-			 * comment likes could also get somewhat hairy. 
+			 * comment likes could also get somewhat hairy.
 			 */
 
 			if($parents_str) {
@@ -348,7 +365,7 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if($checkjs->disabled()) {
 			$o .= conversation($a,$items,'channel',$update,'traditional');
-		} 
+		}
 		else {
 			$o .= conversation($a,$items,'channel',$update,$page_mode);
 		}
@@ -359,7 +376,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		}
 
-		if($mid) 
+		if($mid)
 			$o .= '<div id="content-complete"></div>';
 
 		return $o;

Zotlabs/Module/Chanview.php

@@ -58,7 +58,9 @@ class Chanview extends \Zotlabs\Web\Controller {
 				}
 				logger('mod_chanview: constructed address ' . print_r($matches,true)); 
 			}
-	
+
+			$r = null;
+
 			if($_REQUEST['address']) {
 				$j = \Zotlabs\Zot\Finger::run($_REQUEST['address'],null);
 				if($j['success']) {
@@ -66,40 +68,74 @@ class Chanview extends \Zotlabs\Web\Controller {
 					$r = q("select * from xchan where xchan_addr = '%s' limit 1",
 						dbesc($_REQUEST['address'])
 					);
-					if($r)
+					if($r) {
 						\App::$poi = $r[0];
+					}
+				}
+				if(! $r) {
+					if(discover_by_webbie($_REQUEST['address'])) {
+						$r = q("select * from xchan where xchan_addr = '%s' limit 1",
+							dbesc($_REQUEST['address'])
+						);
+						if($r) {
+							\App::$poi = $r[0];
+						}
+					}
 				}
 			}
 		}
 	
 		if(! \App::$poi) {
-	//		We don't know who this is, and we can't figure it out from the URL
-	//		On the plus side, there's a good chance we know somebody else at that 
-	//		hub so sending them there with a Zid will probably work anyway.
+
+			//		We don't know who this is, and we can't figure it out from the URL
+			//		On the plus side, there's a good chance we know somebody else at that 
+			//		hub so sending them there with a Zid will probably work anyway.
+
 			$url = ($_REQUEST['url']);
+			if(! $url) {
+				notice( t('Channel not found.') . EOL);
+				return;
+			}
 			if($observer)
 				$url = zid($url);
+
 		}
+
+		$is_zot = false;
 	
 		if (\App::$poi) {
-		$url = \App::$poi['xchan_url'];
-		if($observer)
-			$url = zid($url);
+			$url = \App::$poi['xchan_url'];
+			if(\App::$poi['xchan_network'] === 'zot') {
+				$is_zot = true;
+			}			
 		}
-		// let somebody over-ride the iframed viewport presentation
-		// or let's just declare this a failed experiment.
+
+		// We will load the chanview template if it's a foreign network, 
+		// just so that we can provide a connect button along with a profile
+		// photo. Chances are we can't load the remote profile into an iframe
+		// because of cross-domain security headers. So provide a link to
+		// the remote profile. 
+
+		// Zot channels will usually have a connect link.
+		// If it isn't zot, 'pro' members won't be able to use the connect
+		// button as it is a foreign network so just send them to the remote
+		// profile.  
+
 	
-	//	if((! local_channel()) || (get_pconfig(local_channel(),'system','chanview_full')))
-		
-		goaway($url);
-	
-	//	$o = replace_macros(get_markup_template('chanview.tpl'),array(
-	//		'$url' => $url,
-	//		'$full' => t('toggle full screen mode')
-	//	));
-	
-	//	return $o;
+		if($is_zot || \Zotlabs\Lib\System::get_server_role() === 'pro') {
+			if($is_zot && $observer) {
+				$url = zid($url);
+			}
+			goaway($url);
+		}
+		else {	
+			$o = replace_macros(get_markup_template('chanview.tpl'),array(
+				'$url' => $url,
+				'$full' => t('toggle full screen mode')
+			));
 	
+			return $o;
+		}
 	}
 	
 }

Zotlabs/Module/Chat.php

@@ -33,9 +33,7 @@ class Chat extends \Zotlabs\Web\Controller {
 			$which = $channel['channel_address'];
 			$profile = argv(1);		
 		}
-	
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ;
-	
+		
 		// Run profile_load() here to make sure the theme is set before
 		// we start loading content
 	

Zotlabs/Module/Chatsvc.php

@@ -111,8 +111,22 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 				intval(\App::$data['chat']['room_id'])
 			);
 			if($r) {
-				foreach($r as $rr) {
-					switch($rr['cp_status']) {
+				foreach($r as $rv) {
+					if(! $rv['xchan_name']) {
+						$rv['xchan_hash'] =  $rv['cp_xchan'];
+						$rv['xchan_name'] = substr($rv['cp_xchan'],strrpos($rv['cp_xchan'],'.')+1);
+						$rv['xchan_addr'] = '';
+						$rv['xchan_network'] = 'unknown';
+						$rv['xchan_url'] = z_root();
+						$rv['xchan_hidden'] = 1;
+						$rv['xchan_photo_mimetype'] = 'image/jpeg';
+						$rv['xchan_photo_l'] = get_default_profile_photo(300); 
+						$rv['xchan_photo_m'] = get_default_profile_photo(80); 
+						$rv['xchan_photo_s'] = get_default_profile_photo(48); 
+
+					}
+
+					switch($rv['cp_status']) {
 						case 'away':
 							$status = t('Away');
 							$status_class = 'away';
@@ -124,7 +138,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 							break;
 					}
 		
-					$inroom[] = array('img' => zid($rr['xchan_photo_m']), 'img_type' => $rr['xchan_photo_mimetype'],'name' => $rr['xchan_name'], 'status' => $status, 'status_class' => $status_class);
+					$inroom[] = array('img' => zid($rv['xchan_photo_m']), 'img_type' => $rv['xchan_photo_mimetype'],'name' => $rv['xchan_name'], 'status' => $status, 'status_class' => $status_class);
 				}
 			}
 	
@@ -143,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
 						'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'),
-						'text' => smilies(bbcode($rr['chat_text'])),
+						'text' => zidify_links(smilies(bbcode($rr['chat_text']))),
 						'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '')
 					);
 				}

Zotlabs/Module/Cloud.php

@@ -1,7 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/cloud.php
+ * @file Zotlabs/Module/Cloud.php
  * @brief Initialize Hubzilla's cloud (SabreDAV).
  *
  * Module for accessing the DAV storage area.
@@ -17,34 +17,33 @@ require_once('include/attach.php');
 
 
 /**
- * @brief Fires up the SabreDAV server.
+ * @brief Cloud Module.
  *
- * @param App &$a
  */
-
-
 class Cloud extends \Zotlabs\Web\Controller {
 
+	/**
+	 * @brief Fires up the SabreDAV server.
+	 *
+	 */
 	function init() {
-	
+
 		if (! is_dir('store'))
 			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
-	
+
 		$which = null;
 		if (argc() > 1)
 			$which = argv(1);
-	
+
 		$profile = 0;
-	
-		\App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
-	
+
 		if ($which)
 			profile_load( $which, $profile);
-	
+
 		$auth = new \Zotlabs\Storage\BasicAuth();
-	
+
 		$ob_hash = get_observer_hash();
-	
+
 		if ($ob_hash) {
 			if (local_channel()) {
 				$channel = \App::get_channel();
@@ -57,40 +56,38 @@ class Cloud extends \Zotlabs\Web\Controller {
 			}
 			$auth->observer = $ob_hash;
 		}
-	
-		if ($_GET['davguest'])
-			$_SESSION['davguest'] = true;
-	
+
+
 		$_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
 		$_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
 		$_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
-	
+
 		$_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
 		$_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
 		$_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
-	
+
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
-	
+
 		// A SabreDAV server-object
 		$server = new SDAV\Server($rootDirectory);
 		// prevent overwriting changes each other with a lock backend
 		$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
 		$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
-	
+
 		$server->addPlugin($lockPlugin);
-	
+
 		$is_readable = false;
-	
+
 		// provide a directory view for the cloud in Hubzilla
 		$browser = new \Zotlabs\Storage\Browser($auth);
 		$auth->setBrowserPlugin($browser);
-	
+
 		$server->addPlugin($browser);
-	
+
 		// Experimental QuotaPlugin
 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
-	
+
 		ob_start();
 		// All we need to do now, is to fire up the server
 		$server->exec();
@@ -99,5 +96,5 @@ class Cloud extends \Zotlabs\Web\Controller {
 
 		killme();
 	}
-	
+
 }

Zotlabs/Module/Connect.php

@@ -29,7 +29,7 @@ class Connect extends \Zotlabs\Web\Controller {
 		profile_load($which,'');
 	}
 	
-		function post() {
+	function post() {
 	
 		if(! array_key_exists('channel', \App::$data))
 			return;
@@ -60,13 +60,13 @@ class Connect extends \Zotlabs\Web\Controller {
 		$observer = \App::get_observer();
 		if(($observer) && ($_POST['submit'] === t('Continue'))) {
 			if($observer['xchan_follow'])
-				$url = sprintf($observer['xchan_follow'],urlencode(\App::$data['channel']['channel_address'] . '@' . \App::get_hostname())); 
+				$url = sprintf($observer['xchan_follow'],urlencode(channel_reddress(\App::$data['channel'])));
 			if(! $url) {
 				$r = q("select * from hubloc where hubloc_hash = '%s' order by hubloc_id desc limit 1",
 					dbesc($observer['xchan_hash'])
 				);
 				if($r)
-					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(\App::$data['channel']['channel_address'] . '@' . \App::get_hostname()); 
+					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(\App::$data['channel']));
 			}
 		}
 		if($url)
@@ -78,7 +78,7 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 		$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);
 	

Zotlabs/Module/Connections.php

@@ -228,10 +228,18 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 		$contacts = array();
 	
-		if(count($r)) {
-	
+		if($r) {
+
+			vcard_query($r);
+
+
 			foreach($r as $rr) {
 				if($rr['xchan_url']) {
+
+					if(($rr['vcard']) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr'])
+						$phone = ((\App::$is_mobile || \App::$is_tablet) ? $rr['vcard']['tels'][0]['nr'] : '');
+					else
+						$phone = '';
 	
 					$status_str = '';
 					$status = array(
@@ -261,12 +269,14 @@ class Connections extends \Zotlabs\Web\Controller {
 						'link' => z_root() . '/connedit/' . $rr['abook_id'],
 						'deletelink' => z_root() . '/connedit/' . intval($rr['abook_id']) . '/drop',
 						'delete' => t('Delete'),
-						'url' => chanlink_url($rr['xchan_url']),
+						'url' => chanlink_hash($rr['xchan_hash']),
 						'webbie_label' => t('Channel address'),
 						'webbie' => $rr['xchan_addr'],
 						'network_label' => t('Network'),
 						'network' => network_to_name($rr['xchan_network']),
 						'public_forum' => ((intval($rr['xchan_pubforum'])) ? true : false),
+						'call' => t('Call'),
+						'phone' => $phone,
 						'status_label' => t('Status'),
 						'status' => $status_str,
 						'connected_label' => t('Connected'),

Zotlabs/Module/Connedit.php

@@ -37,15 +37,17 @@ class Connedit extends \Zotlabs\Web\Controller {
 				intval(argv(1))
 			);
 			if($r) {
-				\App::$poi = $r[0];
+				\App::$poi = array_shift($r);
 			}
 		}
 	
+
 		$channel = \App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);
 	
 	}
+
 	
 	/* @brief Evaluate posted values and set changes
 	 *
@@ -84,6 +86,12 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 		call_hooks('contact_edit_post', $_POST);
 	
+		$vc = get_abconfig(local_channel(),$orig_record['abook_xchan'],'system','vcard');
+		$vcard = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); 
+		$serialised_vcard = update_vcard($_REQUEST,$vcard);
+		if($serialised_vcard)
+			set_abconfig(local_channel(),$orig_record[0]['abook_xchan'],'system','vcard',$serialised_vcard);
+
 		if(intval($orig_record[0]['abook_self'])) {
 			$autoperms = intval($_POST['autoperms']);
 			$is_self = true;
@@ -96,7 +104,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 		$profile_id = $_POST['profile_assign'];
 		if($profile_id) {
-			$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND `uid` = %d LIMIT 1",
+			$r = q("SELECT profile_guid FROM profile WHERE profile_guid = '%s' AND uid = %d LIMIT 1",
 				dbesc($profile_id),
 				intval(local_channel())
 			);
@@ -204,6 +212,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 		}
 	
 		if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) {
+
 			$new_friend = true;
 	
 			// @fixme it won't be common, but when you accept a new connection request
@@ -213,21 +222,13 @@ class Connedit extends \Zotlabs\Web\Controller {
 			// request. The workaround is to approve the connection, then go back and
 			// adjust permissions as desired.
 	
-			$abook_my_perms = get_channel_default_perms(local_channel());
-	
-			$role = get_pconfig(local_channel(),'system','permissions_role');
-			if($role) {
-				$x = \Zotlabs\Access\PermissionRoles::role_perms($role);
-				if($x['perms_connect']) {
-					$abook_my_perms = $x['perms_connect'];
+			$p = \Zotlabs\Access\Permissions::connect_perms(local_channel());
+			$my_perms = $p['perms'];
+			if($my_perms) {
+				foreach($my_perms as $k => $v) {
+					set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
 				}
 			}
-
-			$filled_perms = \Zotlabs\Access\Permissions::FilledPerms($abook_my_perms);
-			foreach($filled_perms as $k => $v) {
-				set_abconfig($channel['channel_id'],$orig_record[0]['abook_xchan'],'my_perms',$k,$v);
-			}
-
 		}
 
 		$abook_pending = (($new_friend) ? 0 : $orig_record[0]['abook_pending']);
@@ -244,14 +245,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 	
-		if($orig_record[0]['abook_profile'] != $profile_id) {
-			//Update profile photo permissions
-	
-			logger('A new profile was assigned - updating profile photos');
-			profile_photo_set_profile_perms(local_channel(),$profile_id);
-	
-		}
-	
 		if($r)
 			info( t('Connection updated.') . EOL);
 		else
@@ -365,7 +358,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				intval(\App::$poi['abook_id'])
 			);
 			if($r) {
-				\App::$poi = $r[0];
+				\App::$poi = array_shift($r);
 			}
 	
 			$clone = \App::$poi;
@@ -396,6 +389,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 			return login();
 		}
 	
+		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
 		$channel = \App::get_channel();
 		$my_perms = get_channel_default_perms(local_channel());
 		$role = get_pconfig(local_channel(),'system','permissions_role');
@@ -448,7 +442,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			}
 			if($cmd === 'resetphoto') {
-				q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s' limit 1",
+				q("update xchan set xchan_photo_date = '2001-01-01 00:00:00' where xchan_hash = '%s'",
 					dbesc($orig_record[0]['xchan_hash'])
 				);
 				$cmd = 'refresh';
@@ -521,11 +515,12 @@ class Connedit extends \Zotlabs\Web\Controller {
 			if($cmd === 'drop') {
 	
 	
-	// FIXME
-	// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
-	// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier runs
-	// in the background there could be a race condition preventing this packet from being sent in all cases.
-	// PLACEHOLDER
+				// @FIXME
+				// We need to send either a purge or a refresh packet to the other side (the channel being unfriended).
+				// The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier
+				// runs in the background there could be a race condition preventing this packet from being sent in all
+				// cases.
+				// PLACEHOLDER
 	
 				contact_remove(local_channel(), $orig_record[0]['abook_id']);
 				build_sync_packet(0 /* use the current local_channel */,
@@ -545,9 +540,33 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 		if(\App::$poi) {
 	
+			$abook_prev = 0;
+			$abook_next = 0;
+
 			$contact_id = \App::$poi['abook_id'];
 			$contact = \App::$poi;
-	
+
+			$cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 order by xchan_name",
+				intval(local_channel())
+			);
+
+			if($cn) {
+				$pntotal = count($cn);
+
+				for($x = 0; $x < $pntotal; $x ++) {
+					if($cn[$x]['abook_id'] == $contact_id) {
+						if($x === 0)
+							$abook_prev = 0;
+						else
+							$abook_prev = $cn[$x - 1]['abook_id'];
+						if($x === $pntotal)
+							$abook_next = 0;
+						else
+							$abook_next = $cn[$x +1]['abook_id'];
+					}
+				}
+ 			}
+
 			$tools = array(
 	
 				'view' => array(
@@ -611,23 +630,49 @@ class Connedit extends \Zotlabs\Web\Controller {
 				),
 	
 			);
+
+			$sections = [];
+
+			$sections['perms'] = [
+					'label' => t('Permissions'),
+					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=perms',
+					'sel'   => '',
+					'title' => t('Open Individual Permissions section by default'),
+			];
 	
 			$self = false;
 	
-			if(intval($contact['abook_self']))
+			if(intval($contact['abook_self'])) {
 				$self = true;
+				$abook_prev = $abook_next = 0;
+			}
 	
+			$vc = get_abconfig(local_channel(),$contact['abook_xchan'],'system','vcard');
+
+			$vctmp = (($vc) ? \Sabre\VObject\Reader::read($vc) : null); 
+			$vcard = (($vctmp) ? get_vcard_array($vctmp,$contact['abook_id']) : [] );
+			if(! $vcard)
+				$vcard['fn'] = $contact['xchan_name'];
+
+
 			$tpl = get_markup_template("abook_edit.tpl");
 	
 			if(feature_enabled(local_channel(),'affinity')) {
+
+				$sections['affinity'] = [
+					'label' => t('Affinity'),
+					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=affinity',
+					'sel'   => '',
+					'title' => t('Open Set Affinity section by default'),
+				];
 	
-				$labels = array(
+				$labels = [
 					t('Me'),
 					t('Family'),
 					t('Friends'),
 					t('Acquaintances'),
 					t('All')
-				);
+				];
 				call_hooks('affinity_labels',$labels);
 				$label_str = '';
 	
@@ -649,6 +694,15 @@ class Connedit extends \Zotlabs\Web\Controller {
 					'$labels' => $label_str,
 				));
 			}
+
+			if(feature_enabled(local_channel(),'connfilter')) {
+				$sections['filter'] = [
+					'label' => t('Filter'),
+					'url'   => z_root() . '/connedit/' . $contact['abook_id'] . '/?f=&section=filter',
+					'sel'   => '',
+					'title' => t('Open Custom Filter section by default'),
+				];
+			}
 	
 			$rating_val = 0;
 			$rating_text = '';
@@ -663,13 +717,9 @@ class Connedit extends \Zotlabs\Web\Controller {
 				$rating_text = $xl[0]['xlink_rating_text'];
 			}
 	
-			$poco_rating = get_config('system','poco_rating_enable');
+			$rating_enabled = get_config('system','rating_enabled');
 	
-			// if unset default to enabled
-			if($poco_rating === false)
-				$poco_rating = true;
-	
-			if($poco_rating) {
+			if($rating_enabled) {
 				$rating = replace_macros(get_markup_template('rating_slider.tpl'),array(
 					'$min' => -10,
 					'$val' => $rating_val
@@ -728,6 +778,15 @@ class Connedit extends \Zotlabs\Web\Controller {
 				$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
 			}
 	
+			$pcat = new \Zotlabs\Lib\Permcat(local_channel());
+			$pcatlist = $pcat->listing();
+			$permcats = [];
+			if($pcatlist) {
+				foreach($pcatlist as $pc) {
+					$permcats[$pc['name']] = $pc['localname'];
+				}
+			}
+
 			$locstr = '';
 	
 			$locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'
@@ -749,11 +808,16 @@ class Connedit extends \Zotlabs\Web\Controller {
 			else
 				$locstr = t('none');
 	
-			$o .= replace_macros($tpl,array(
-	
+			$o .= replace_macros($tpl, [
 				'$header'         => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no),
+				'$permcat'        => [ 'permcat', t('Permission role'), '', '',$permcats ],
+				'$permcat_new'    => t('Add permission role'),
+				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 				'$addr'           => $contact['xchan_addr'],
+				'$section'        => $section,
+				'$sections'       => $sections,
+				'$vcard'          => $vcard,
 				'$addr_text'      => t('This connection\'s primary address is'),
 				'$loc_text'       => t('Available locations:'),
 				'$locstr'         => $locstr,
@@ -791,12 +855,42 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permnote_self'  => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'),
 				'$lastupdtext'    => t('Last update:'),
 				'$last_update'    => relative_date($contact['abook_connected']),
+				'$is_mobile'      => ((\App::$is_mobile || \App::$is_tablet) ? true : false),
 				'$profile_select' => contact_profile_assign($contact['abook_profile']),
 				'$multiprofs'     => $multiprofs,
 				'$contact_id'     => $contact['abook_id'],
 				'$name'           => $contact['xchan_name'],
-	
-			));
+				'$abook_prev'     => $abook_prev,
+				'$abook_next'     => $abook_next,
+				'$vcard_label'    => t('Details'),	
+				'$displayname'    => $displayname,
+				'$name_label'     => t('Name'),
+				'$org_label'      => t('Organisation'),
+				'$title_label'    => t('Title'),
+				'$tel_label'      => t('Phone'),
+				'$email_label'    => t('Email'),
+				'$impp_label'     => t('Instant messenger'),
+				'$url_label'      => t('Website'),
+				'$adr_label'      => t('Address'),
+				'$note_label'     => t('Note'),
+				'$mobile'         => t('Mobile'),
+				'$home'           => t('Home'),
+				'$work'           => t('Work'),
+				'$other'          => t('Other'),
+				'$add_card'       => t('Add Contact'),
+				'$add_field'      => t('Add Field'),
+				'$create'         => t('Create'),
+				'$update'         => t('Update'),
+				'$delete'         => t('Delete'),
+				'$cancel'         => t('Cancel'),
+				'$po_box'         => t('P.O. Box'),
+				'$extra'          => t('Additional'),
+				'$street'         => t('Street'),
+				'$locality'       => t('Locality'),
+				'$region'         => t('Region'),
+				'$zip_code'       => t('ZIP Code'),
+				'$country'        => t('Country')
+			]);
 	
 			$arr = array('contact' => $contact,'output' => $o);
 	
@@ -804,9 +898,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			return $arr['output'];
 	
-		}
-	
-	
+		}	
 	}
-	
 }

Zotlabs/Module/Contactgroup.php

@@ -23,7 +23,7 @@ class Contactgroup extends \Zotlabs\Web\Controller {
 	
 		if((argc() > 1) && (intval(argv(1)))) {
 	
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);

Zotlabs/Module/Cover_photo.php

@@ -88,7 +88,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			if($r) {
 	
 				$base_image = $r[0];
-				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents($base_image['content']) : dbunescbin($base_image['content']));
+				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
 			
 				$im = photo_factory($base_image['content'], $base_image['mimetype']);
 				if($im->is_valid()) {
@@ -309,7 +309,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 					$havescale = true;
 			}
 	
-			$r = q("SELECT `content`, `mimetype`, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
+			$r = q("SELECT content, mimetype, resource_id, os_storage FROM photo WHERE id = %d and uid = %d limit 1",
 				intval($r[0]['id']),
 				intval(local_channel())
 	
@@ -320,7 +320,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			}
 	
 			if(intval($r[0]['os_storage']))
-				$data = @file_get_contents($r[0]['content']);
+				$data = @file_get_contents(dbunescbin($r[0]['content']));
 			else
 				$data = dbunescbin($r[0]['content']); 
 	

Zotlabs/Module/Dav.php

@@ -1,31 +1,26 @@
 <?php
-
-namespace Zotlabs\Module;
 /**
- * @file mod/dav.php
+ * @file Zotlabs/Module/Dav.php
  * @brief Initialize Hubzilla's cloud (SabreDAV).
  *
  * Module for accessing the DAV storage area from a DAV client.
  */
 
+namespace Zotlabs\Module;
+
 use \Sabre\DAV as SDAV;
 use \Zotlabs\Storage;
 
-// composer autoloader for SabreDAV
-require_once('vendor/autoload.php');
-
 require_once('include/attach.php');
 
-/**
- * @brief Fires up the SabreDAV server.
- *
- * @param App &$a
- */
-
 class Dav extends \Zotlabs\Web\Controller {
 
+	/**
+	 * @brief Fires up the SabreDAV server.
+	 *
+	 */
 	function init() {
-	
+
 		// workaround for HTTP-auth in CGI mode
 		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
  			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
@@ -47,16 +42,16 @@ class Dav extends \Zotlabs\Web\Controller {
 
 		if (! is_dir('store'))
 			os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
-	
+
 		if (argc() > 1)
 			profile_load(argv(1),0);
-	
+
 
 		$auth = new \Zotlabs\Storage\BasicAuth();
 		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
 
 		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
-	
+
 		// A SabreDAV server-object
 		$server = new SDAV\Server($rootDirectory);
 
@@ -68,21 +63,20 @@ class Dav extends \Zotlabs\Web\Controller {
 		// prevent overwriting changes each other with a lock backend
 		$lockBackend = new SDAV\Locks\Backend\File('store/[data]/locks');
 		$lockPlugin = new SDAV\Locks\Plugin($lockBackend);
-	
+
 		$server->addPlugin($lockPlugin);
-	
+
 		// provide a directory view for the cloud in Hubzilla
 		$browser = new \Zotlabs\Storage\Browser($auth);
 		$auth->setBrowserPlugin($browser);
-	
+
 		// Experimental QuotaPlugin
-		// require_once('Zotlabs/Storage/QuotaPlugin.php');
 		// $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
-	
+
 		// All we need to do now, is to fire up the server
 		$server->exec();
-	
+
 		killme();
 	}
-	
+
 }

Zotlabs/Module/Directory.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Zotlabs\Module;
 
 require_once('include/socgraph.php');
@@ -67,6 +68,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$observer = get_observer_hash();
 	
 		$globaldir = get_directory_setting($observer, 'globaldir');
+
 		// override your personal global search pref if we're doing a navbar search of the directory
 		if(intval($_REQUEST['navsearch']))
 			$globaldir = 1;
@@ -84,10 +86,9 @@ class Directory extends \Zotlabs\Web\Controller {
 			$search = ((x($_GET,'search')) ? notags(trim(rawurldecode($_GET['search']))) : '');
 	
 	
-		if(strpos($search,'=') && local_channel() && get_pconfig(local_channel(),'feature','expert'))
+		if(strpos($search,'=') && local_channel() && feature_enabled(local_channel(), 'advanced_dirsearch'))
 			$advanced = $search;
 	
-	
 		$keywords = (($_GET['keywords']) ? $_GET['keywords'] : '');
 	
 		// Suggest channels if no search terms or keywords are given
@@ -239,7 +240,9 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$page_type = '';
 	
-							if($rr['total_ratings'])
+							$rating_enabled = get_config('system','rating_enabled');
+
+							if($rr['total_ratings'] && $rating_enabled)
 								$total_ratings = sprintf( tt("%d rating", "%d ratings", $rr['total_ratings']), $rr['total_ratings']);
 							else
 								$total_ratings = '';
@@ -260,10 +263,11 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$hometown = ((x($profile,'hometown') == 1) ? $profile['hometown']  : False);
 	
-							$about = ((x($profile,'about') == 1) ? bbcode($profile['about']) : False);
+							$about = ((x($profile,'about') == 1) ? zidify_links(bbcode($profile['about'])) : False);
 	
 							$keywords = ((x($profile,'keywords')) ? $profile['keywords'] : '');
 	
+
 							$out = '';
 	
 							if($keywords) {
@@ -312,7 +316,7 @@ class Directory extends \Zotlabs\Web\Controller {
 								'gender'   => $gender,
 								'total_ratings' => $total_ratings,
 								'viewrate' => true,
-								'canrate' => ((local_channel()) ? true : false),
+								'canrate' => (($rating_enabled && local_channel()) ? true : false),
 								'pdesc'	=> $pdesc,
 								'pdesc_label' => t('Description:'),
 								'marital'  => $marital,

Zotlabs/Module/Dirsearch.php

@@ -12,7 +12,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$ret = array('success' => false);
 	
@@ -185,7 +185,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		else {
 			$qlimit = " LIMIT " . intval($perpage) . " OFFSET " . intval($startrec);
 			if($return_total) {
-				$r = q("SELECT COUNT(xchan_hash) AS `total` FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
+				$r = q("SELECT COUNT(xchan_hash) AS total FROM xchan left join xprof on xchan_hash = xprof_hash where $logic $sql_extra and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 $safesql ");
 				if($r) {
 					$ret['total_items'] = $r[0]['total'];
 				}
@@ -410,13 +410,13 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		$rand = db_getfunc('rand');
 		$realm = get_directory_realm();
 		if($realm == DIRECTORY_REALM) {
-			$r = q("select * from site where site_access != 0 and site_register !=0 and ( site_realm = '%s' or site_realm = '') and site_type = %d order by $rand",
+			$r = q("select * from site where site_access != 0 and site_register !=0 and ( site_realm = '%s' or site_realm = '') and site_type = %d and site_dead = 0 order by $rand",
 				dbesc($realm),
 				intval(SITE_TYPE_ZOT)
 			);
 		}
 		else {
-			$r = q("select * from site where site_access != 0 and site_register !=0 and site_realm = '%s' and site_type = %d order by $rand",
+			$r = q("select * from site where site_access != 0 and site_register !=0 and site_realm = '%s' and site_type = %d and site_dead = 0 order by $rand",
 				dbesc($realm),
 				intval(SITE_TYPE_ZOT)
 			);
@@ -448,15 +448,15 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 					$register = 'closed';
 	
 				if(strpos($rr['site_url'],'https://') !== false)
-					$ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location'], 'project' => $rr['site_project']);
+					$ret['sites'][] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location'], 'project' => $rr['site_project'], 'version' => $rr['site_version']);
 				else
-					$insecure[] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location'], 'project' => $rr['site_project']);
+					$insecure[] = array('url' => $rr['site_url'], 'access' => $access, 'register' => $register, 'sellpage' => $rr['site_sellpage'], 'location' => $rr['site_location'], 'project' => $rr['site_project'], 'version' => $rr['site_version']);
 			}
 			if($insecure) {
 				$ret['sites'] = array_merge($ret['sites'],$insecure);
 			}
 		}
 		return $ret;
-	}		
-	
+	}
+
 }

Zotlabs/Module/Display.php

@@ -1,12 +1,17 @@
 <?php
 namespace Zotlabs\Module;
 
+require_once("include/bbcode.php");
+require_once('include/security.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+require_once('include/items.php');
 
 
 class Display extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
-	
+
 		$checkjs = new \Zotlabs\Web\CheckJS(1);
 	
 		if($load)
@@ -18,30 +23,21 @@ class Display extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		require_once("include/bbcode.php");
-		require_once('include/security.php');
-		require_once('include/conversation.php');
-		require_once('include/acl_selectors.php');
-		require_once('include/items.php');
-	
-	
-		\App::$page['htmlhead'] .= replace_macros(get_markup_template('display-head.tpl'), array());
-	
+			
 		if(argc() > 1 && argv(1) !== 'load')
 			$item_hash = argv(1);
 	
-	
 		if($_REQUEST['mid'])
 			$item_hash = $_REQUEST['mid'];
-	
-	
-		if(! $item_hash) {
+
+			if(! $item_hash) {
 			\App::$error = 404;
 			notice( t('Item not found.') . EOL);
 			return;
 		}
 	
 		$observer_is_owner = false;
+		$updateable = false;
 	
 	
 		if(local_channel() && (! $update)) {
@@ -73,7 +69,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'expanded' => true,
 				'editor_autocomplete' => true,
 				'bbco_autocomplete' => 'bbcode',
-				'bbcode' => true
+				'bbcode' => true,
+				'jotnets' => true
 			);
 	
 			$o = '<div id="jot-popup">';
@@ -92,9 +89,15 @@ class Display extends \Zotlabs\Web\Controller {
 		// find a copy of the item somewhere
 	
 		$target_item = null;
-	
+
+		if(strpos($item_hash,'b64.') === 0)
+			$decoded = @base64url_decode(substr($item_hash,4));
+		if($decoded)
+			$item_hash = $decoded;
+
 		$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
-			dbesc($item_hash . '%')
+			dbesc($item_hash . '%'),
+			dbesc($decoded . '%')
 		);
 	
 		if($r) {
@@ -120,6 +123,8 @@ class Display extends \Zotlabs\Web\Controller {
 			 	return '';
 			}
 		}
+		
+		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 	
 	
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
@@ -129,10 +134,13 @@ class Display extends \Zotlabs\Web\Controller {
 		if($load)
 			$simple_update = '';
 	
-	
+		if($static && $simple_update)
+			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 	
 		if((! $update) && (! $load)) {
 	
+
+			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
 	
 			$o .= '<div id="live-display"></div>' . "\r\n";
 			$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
@@ -153,6 +161,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'$fh' => '0',
 				'$nouveau' => '0',
 				'$wall' => '0',
+				'$static' => $static,
 				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$search' => '',
@@ -173,10 +182,9 @@ class Display extends \Zotlabs\Web\Controller {
 		$item_normal = item_normal();
 	
 		$sql_extra = public_permissions_sql($observer_hash);
-	
+
 		if(($update && $load) || ($checkjs->disabled())) {
 	
-			$updateable = false;
 	
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
 	
@@ -186,9 +194,9 @@ class Display extends \Zotlabs\Web\Controller {
 				require_once('include/channel.php');
 				$sys = get_sys_channel();
 				$sysid = $sys['channel_id'];
-	
+
 				if(local_channel()) {
-					$r = q("SELECT * from item
+					$r = q("SELECT item.id as item_id from item
 						WHERE uid = %d
 						and mid = '%s'
 						$item_normal
@@ -202,6 +210,7 @@ class Display extends \Zotlabs\Web\Controller {
 					}
 	
 				}
+
 				if($r === null) {
 	
 					// in case somebody turned off public access to sys channel content using permissions
@@ -211,10 +220,10 @@ class Display extends \Zotlabs\Web\Controller {
 						$sysid = 0;
 	
 	
-					$r = q("SELECT * from item
+					$r = q("SELECT item.id as item_id from item
 						WHERE mid = '%s'
-						AND (((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
-						AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
+						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
+						AND item.deny_gid  = '' AND item_private = 0 ) 
 						and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 						OR uid = %d )
 						$sql_extra )
@@ -234,11 +243,11 @@ class Display extends \Zotlabs\Web\Controller {
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			$sysid = $sys['channel_id'];
-	
+
 			if(local_channel()) {
-				$r = q("SELECT * from item
+				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
-					and mid = '%s'
+					and parent_mid = '%s'
 					$item_normal
 					$simple_update
 					limit 1",
@@ -249,16 +258,17 @@ class Display extends \Zotlabs\Web\Controller {
 					$updateable = true;
 				}
 			}
+
 			if($r === null) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
 	
-				$r = q("SELECT * from item
-					WHERE mid = '%s'
-					AND (((( `item`.`allow_cid` = ''  AND `item`.`allow_gid` = '' AND `item`.`deny_cid`  = '' 
-					AND `item`.`deny_gid`  = '' AND item_private = 0 ) 
+				$r = q("SELECT item.parent AS item_id from item
+					WHERE parent_mid = '%s'
+					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
+					AND item.deny_gid  = '' AND item_private = 0 ) 
 					and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d )
 					$sql_extra )
@@ -278,11 +288,11 @@ class Display extends \Zotlabs\Web\Controller {
 	
 		if($r) {
 	
-			$parents_str = ids_to_querystr($r,'id');
+			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
 	
-				$items = q("SELECT `item`.*, `item`.`id` AS `item_id` 
-					FROM `item`
+				$items = q("SELECT item.*, item.id AS item_id 
+					FROM item
 					WHERE parent in ( %s ) $item_normal ",
 					dbesc($parents_str)
 				);
@@ -308,10 +318,10 @@ class Display extends \Zotlabs\Web\Controller {
 		if($updateable) {
 			$x = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 AND uid = %d and parent = %d ",
 				intval(local_channel()),
-				intval($r[0]['parent'])
+				intval($r[0]['item_id'])
 			);
 		}
-	
+
 		$o .= '<div id="content-complete"></div>';
 	
 		return $o;
@@ -320,7 +330,7 @@ class Display extends \Zotlabs\Web\Controller {
 	/*
 		elseif((! $update) && (!  {
 			
-			$r = q("SELECT `id`, item_flags FROM `item` WHERE `id` = '%s' OR `mid` = '%s' LIMIT 1",
+			$r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1",
 				dbesc($item_hash),
 				dbesc($item_hash)
 			);

Zotlabs/Module/Dreport.php

@@ -21,10 +21,11 @@ class Dreport extends \Zotlabs\Web\Controller {
 			$table = 'push';
 			$mid = ((argc() > 2) ? argv(2) : '');
 			if($mid) {	
-				$i = q("select id from item where mid = '%s' and author_xchan = '%s' and uid = %d",
+				$i = q("select id from item where mid = '%s' and uid = %d and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
 					dbesc($mid),
+					intval($channel['channel_id']),
 					dbesc($channel['channel_hash']),
-					intval($channel['channel_id'])
+					dbesc($channel['channel_hash'])
 				);
 				if($i) {
 					\Zotlabs\Daemon\Master::Summon([ 'Notifier', 'edit_post', $i[0]['id'] ]);
@@ -47,8 +48,9 @@ class Dreport extends \Zotlabs\Web\Controller {
 	
 		switch($table) {
 			case 'item':
-				$i = q("select id from item where mid = '%s' and author_xchan = '%s' ",
+				$i = q("select id from item where mid = '%s' and ( author_xchan = '%s' or ( owner_xchan = '%s' and item_wall = 1 )) ",
 					dbesc($mid),
+					dbesc($channel['channel_hash']),
 					dbesc($channel['channel_hash'])
 				);
 				break;
@@ -74,7 +76,7 @@ class Dreport extends \Zotlabs\Web\Controller {
 	
 		if(! $r) {
 			notice( t('no results') . EOL);
-			return;
+//			return;
 		}
 		
 		for($x = 0; $x < count($r); $x++ ) {

Zotlabs/Module/Editblock.php

@@ -80,7 +80,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);

Zotlabs/Module/Editlayout.php

@@ -91,7 +91,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);

Zotlabs/Module/Editpost.php

@@ -25,7 +25,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d AND ( owner_xchan = '%s' OR author_xchan = '%s' ) LIMIT 1",
 			intval($post_id),
 			dbesc(get_observer_hash()),
 			dbesc(get_observer_hash())
@@ -78,6 +78,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 
 		$x = array(
 			'nickname' => $channel['channel_address'],
+			'item' => $itm[0],
 			'editor_autocomplete'=> true,
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => $_SESSION['return_url'],
@@ -85,6 +86,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,
+			'parent' => (($itm[0]['mid'] === $itm[0]['parent_mid']) ? 0 : $itm[0]['parent']),
 			'mimetype' => $itm[0]['mimetype'],
 			'ptyp' => $itm[0]['obj_type'],
 			'body' => htmlspecialchars_decode(undo_post_tagging($itm[0]['body']),ENT_COMPAT),

Zotlabs/Module/Editwebpage.php

@@ -95,7 +95,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 
 		$sql_extra = item_permissions_sql($owner);
 
-		$itm = q("SELECT * FROM `item` WHERE `id` = %d and uid = %s $sql_extra LIMIT 1",
+		$itm = q("SELECT * FROM item WHERE id = %d and uid = %s $sql_extra LIMIT 1",
 			intval($post_id),
 			intval($owner)
 		);

Zotlabs/Module/Embedphotos.php

@@ -1,99 +1,96 @@
 <?php
+
 namespace Zotlabs\Module;
 
 /**
+ * @brief
  *
- * This is the POST destination for the embedphotos button
- *
- */  
-
-
+ */
 class Embedphotos extends \Zotlabs\Web\Controller {
 
 	function get() {
-		
+
 	}
 
+	/**
+	 *
+	 * This is the POST destination for the embedphotos button
+	 *
+	 */
 	function post() {
-		
-    if (argc() > 1 && argv(1) === 'album') {
-        // API: /embedphotos/album
-        $name = (x($_POST,'name') ? $_POST['name'] : null );
-        if (!$name) {
-            json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false));
-        }
-        $album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name));
-        json_return_and_die(array('status' => true, 'content' => $album));
-
-    }
-    if (argc() > 1 && argv(1) === 'albumlist') {
-        // API: /embedphotos/albumlist
-        $album_list = $this->embedphotos_album_list($a);
-        json_return_and_die(array('status' => true, 'albumlist' => $album_list));
-
-    }
-    if (argc() > 1 && argv(1) === 'photolink') {
-        // API: /embedphotos/photolink
-        $href = (x($_POST,'href') ? $_POST['href'] : null );
-        if (!$href) {
-            json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false));
-        }
-        $resource_id = array_pop(explode("/", $href));
-        $r = q("SELECT obj,body from item where resource_type = 'photo' and resource_id = '%s' limit 1",
-						dbesc($resource_id)
-					);
-        if(!$r) {
-            json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
-        }
-        $obj = json_decode($r[0]['obj'], true);
-        if(x($obj,'body')) {
-            $photolink = $obj['body'];
-        } elseif (x($obj,'bbcode')) {
-            $photolink = $obj['bbcode'];
-        } elseif ($r[0]['body'] !== '') {
-						$photolink = $r[0]['body'];
-				}	else {
-            json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
-        }
-        json_return_and_die(array('status' => true, 'photolink' => $photolink));
-
-    }
+		if (argc() > 1 && argv(1) === 'album') {
+			// API: /embedphotos/album
+			$name = (x($_POST,'name') ? $_POST['name'] : null );
+			if(!$name) {
+				json_return_and_die(array('errormsg' => 'Error retrieving album', 'status' => false));
+			}
+			$album = $this->embedphotos_widget_album(array('channel' => \App::get_channel(), 'album' => $name));
+			json_return_and_die(array('status' => true, 'content' => $album));
+		}
+		if(argc() > 1 && argv(1) === 'albumlist') {
+			// API: /embedphotos/albumlist
+			$album_list = $this->embedphotos_album_list($a);
+			json_return_and_die(array('status' => true, 'albumlist' => $album_list));
+		}
+		if(argc() > 1 && argv(1) === 'photolink') {
+			// API: /embedphotos/photolink
+			$href = (x($_POST,'href') ? $_POST['href'] : null );
+			if(!$href) {
+				json_return_and_die(array('errormsg' => 'Error retrieving link ' . $href, 'status' => false));
+			}
+			$resource_id = array_pop(explode("/", $href));
+			$r = q("SELECT obj from item where resource_type = 'photo' and resource_id = '%s' limit 1",
+				dbesc($resource_id)
+			);
+			if(!$r) {
+				json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
+			}
+			$obj = json_decode($r[0]['obj'], true);
+			if(x($obj,'body')) {
+				$photolink = $obj['body'];
+			} elseif (x($obj,'bbcode')) {
+				$photolink = $obj['bbcode'];
+			} else {
+				json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
+			}
+			json_return_and_die(array('status' => true, 'photolink' => $photolink));
+		}
 	}
-	
-	
-/**
- * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
- * the input array as in widget_item()
- * @param type $name
- * @return string
- */
-function embedphotos_widget_album($args) {
 
-    $channel_id = 0;
-    if(array_key_exists('channel',$args))
-            $channel = $args['channel'];
-            $channel_id = intval($channel['channel_id']);
-    if(! $channel_id)
-            $channel_id = \App::$profile_uid;
-    if(! $channel_id)
-            return '';
+	/**
+	 * Copied from include/widgets.php::widget_album() with a modification to get the profile_uid from
+	 * the input array as in widget_item()
+	 *
+	 * @param array $args
+	 * @return string with HTML
+	 */
+	function embedphotos_widget_album($args) {
+
+		$channel_id = 0;
+		if(array_key_exists('channel', $args))
+			$channel = $args['channel'];
+		$channel_id = intval($channel['channel_id']);
+		if(! $channel_id)
+			$channel_id = \App::$profile_uid;
+		if(! $channel_id)
+			return '';
+
 		$owner_uid = $channel_id;
-    require_once('include/security.php');
-    $sql_extra = permissions_sql($channel_id);
+		require_once('include/security.php');
+		$sql_extra = permissions_sql($channel_id);
 
-    if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage'))
-            return '';
+		if(! perm_is_allowed($channel_id,get_observer_hash(),'view_storage'))
+			return '';
 
-    if($args['album'])
-            $album = (($args['album'] === '/') ? '' : $args['album'] );
-    if($args['title'])
-            $title = $args['title'];
+		if($args['album'])
+			$album = $args['album'];
+		if($args['title'])
+			$title = $args['title'];
 
-		/** 
+		/**
 		 * This may return incorrect permissions if you have multiple directories of the same name.
 		 * It is a limitation of the photo table using a name for a photo album instead of a folder hash
 		 */
-
 		if($album) {
 			$x = q("select hash from attach where filename = '%s' and uid = %d limit 1",
 				dbesc($album),
@@ -109,34 +106,33 @@ function embedphotos_widget_album($args) {
 		$order = 'DESC';
 
 		$r = q("SELECT p.resource_id, p.id, p.filename, p.mimetype, p.imgscale, p.description, p.created FROM photo p INNER JOIN
-				(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph 
+				(SELECT resource_id, max(imgscale) imgscale FROM photo WHERE uid = %d AND album = '%s' AND imgscale <= 4 AND photo_usage IN ( %d, %d ) $sql_extra GROUP BY resource_id) ph
 				ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)
-			ORDER BY created $order",
-			intval($owner_uid),
-			dbesc($album),
-			intval(PHOTO_NORMAL),
-			intval(PHOTO_PROFILE)
+				ORDER BY created $order",
+				intval($owner_uid),
+				dbesc($album),
+				intval(PHOTO_NORMAL),
+				intval(PHOTO_PROFILE)
 		);
 
 		$photos = array();
-			if(count($r)) {
-				$twist = 'rotright';
-				foreach($r as $rr) {
-	
-					if($twist == 'rotright')
-						$twist = 'rotleft';
-					else
-						$twist = 'rotright';
-					
-					$ext = $phototypes[$rr['mimetype']];
-	
-					$imgalt_e = $rr['filename'];
-					$desc_e = $rr['description'];
-	
-					$imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id']
+		if(count($r)) {
+			$twist = 'rotright';
+			foreach($r as $rr) {
+				if($twist == 'rotright')
+					$twist = 'rotleft';
+				else
+					$twist = 'rotright';
+
+				$ext = $phototypes[$rr['mimetype']];
+
+				$imgalt_e = $rr['filename'];
+				$desc_e = $rr['description'];
+
+				$imagelink = (z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/image/' . $rr['resource_id']
 					. (($_GET['order'] === 'posted') ? '?f=&order=posted' : ''));
-	
-					$photos[] = array(
+
+				$photos[] = array(
 						'id' => $rr['id'],
 						'twist' => ' ' . $twist . rand(2,4),
 						'link' => $imagelink,
@@ -148,8 +144,8 @@ function embedphotos_widget_album($args) {
 						'hash'=> $rr['resource_id'],
 						'unknown' => t('Unknown')
 					);
-				}
 			}
+		}
 
 		$tpl = get_markup_template('photo_album.tpl');
 		$o .= replace_macros($tpl, array(
@@ -165,18 +161,16 @@ function embedphotos_widget_album($args) {
 		));
 
 		return $o;
-}
+	}
 
-
-function embedphotos_album_list($a) {
-    $o = '';
-    require_once('include/photos.php');
-    $p = photos_albums_list(\App::get_channel(), \App::get_observer());
-    if ($p['success']) {
-        return $p['albums'];
-    } else {
-        return null;
-    }
-}
+	function embedphotos_album_list($a) {
+		require_once('include/photos.php');
+		$p = photos_albums_list(\App::get_channel(), \App::get_observer());
+		if($p['success']) {
+			return $p['albums'];
+		} else {
+			return null;
+		}
+	}
 
 }

Zotlabs/Module/Events.php

@@ -43,6 +43,10 @@ class Events extends \Zotlabs\Web\Controller {
 		$adjust   = intval($_POST['adjust']);
 		$nofinish = intval($_POST['nofinish']);
 	
+		$timezone = ((x($_POST,'timezone_select')) ? notags(trim($_POST['timezone_select']))     : '');
+
+		$tz = (($timezone) ? $timezone : date_default_timezone_get());
+
 		$categories = escape_tags(trim($_POST['category']));
 	
 		// only allow editing your own events. 
@@ -57,9 +61,6 @@ class Events extends \Zotlabs\Web\Controller {
 			$start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute);
 		}
 	
-		if($nofinish) {
-			$finish = NULL_DATE;
-		}
 	
 		if($finish_text) {
 			$finish = $finish_text;
@@ -67,11 +68,16 @@ class Events extends \Zotlabs\Web\Controller {
 		else {
 			$finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute);
 		}
+
+		if($nofinish) {
+			$finish = NULL_DATE;
+		}
+
 	
 		if($adjust) {
-			$start = datetime_convert(date_default_timezone_get(),'UTC',$start);
+			$start = datetime_convert($tz,'UTC',$start);
 			if(! $nofinish)
-				$finish = datetime_convert(date_default_timezone_get(),'UTC',$finish);
+				$finish = datetime_convert($tz,'UTC',$finish);
 		}
 		else {
 			$start = datetime_convert('UTC','UTC',$start);
@@ -118,8 +124,10 @@ class Events extends \Zotlabs\Web\Controller {
 			goaway($onerror_url);
 		}
 	
-		$share = ((intval($_POST['share'])) ? intval($_POST['share']) : 0);
-	
+		//		$share = ((intval($_POST['distr'])) ? intval($_POST['distr']) : 0);
+
+		$share = 1;	
+
 		$channel = \App::get_channel();
 	
 		$acl = new \Zotlabs\Access\AccessList(false);
@@ -207,7 +215,6 @@ class Events extends \Zotlabs\Web\Controller {
 	
 		$event = event_store_event($datarray);
 	
-	
 		if($post_tags)	
 			$datarray['term'] = $post_tags;
 	
@@ -336,7 +343,7 @@ class Events extends \Zotlabs\Web\Controller {
 	
 			/* edit/create form */
 			if($event_id) {
-				$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 					dbesc($event_id),
 					intval(local_channel())
 				);
@@ -371,11 +378,14 @@ class Events extends \Zotlabs\Web\Controller {
 			$event_xchan = ((x($orig_event)) ? $orig_event['event_xchan'] : $channel['channel_hash']);
 			$mid = ((x($orig_event)) ? $orig_event['mid'] : '');
 	
-			if(! x($orig_event))
+			if(! x($orig_event)) {
 				$sh_checked = '';
-			else
+				$a_checked = ' checked="checked" ';
+			}
+			else {
 				$sh_checked = ((($orig_event['allow_cid'] === '<' . $channel['channel_hash'] . '>' || (! $orig_event['allow_cid'])) && (! $orig_event['allow_gid']) && (! $orig_event['deny_cid']) && (! $orig_event['deny_gid'])) ? '' : ' checked="checked" ' );
-	
+			}
+
 			if($orig_event['event_xchan'])
 				$sh_checked .= ' disabled="disabled" ';
 	
@@ -438,8 +448,6 @@ class Events extends \Zotlabs\Web\Controller {
 
 			$permissions = ((x($orig_event)) ? $orig_event : $perm_defaults);
 
-			//print_r(acl2json($permissions['allow_gid'])); killme();
-	
 			$tpl = get_markup_template('event_form.tpl');
 	
 			$form = replace_macros($tpl,array(
@@ -467,9 +475,6 @@ class Events extends \Zotlabs\Web\Controller {
 				'$l_text' => (($event_id) ? t('Edit Location') : t('Location')),
 				'$l_orig' => $l_orig,
 				'$t_orig' => $t_orig,
-				'$sh_text' => t('Share this event'),
-				'$sh_checked' => $sh_checked,
-				'$share' => array('share', t('Share this event'), $sh_checked, '', array(t('No'),t('Yes'))),
 				'$preview' => t('Preview'),
 				'$perms_label' => t('Permission settings'),
 				// populating the acl dialog was a permission description from view_stream because Cal.php, which
@@ -480,6 +485,10 @@ class Events extends \Zotlabs\Web\Controller {
 				'$allow_gid' => acl2json($permissions['allow_gid']),
 				'$deny_cid' => acl2json($permissions['deny_cid']),
 				'$deny_gid' => acl2json($permissions['deny_gid']),
+				'$tz_choose' => feature_enabled(local_channel(),'event_tz_select'),
+				'$timezone' => array('timezone_select' , t('Timezone:'), date_default_timezone_get(), '', get_timezones()),
+
+				'$lockstate' => (($acl->is_private()) ? 'lock' : 'unlock'),
 
 				'$submit' => t('Submit'),
 				'$advanced' => t('Advanced Options')
@@ -545,8 +554,8 @@ class Events extends \Zotlabs\Web\Controller {
 				);
 			} elseif($export) {
 				$r = q("SELECT * from event where uid = %d
-					AND (( `adjust` = 0 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' ) 
-					OR  (  `adjust` = 1 AND ( `dtend` >= '%s' or nofinish = 1 ) AND `dtstart` <= '%s' )) ",
+					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
+					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
 					intval(local_channel()),
 					dbesc($start),
 					dbesc($finish),
@@ -559,10 +568,10 @@ class Events extends \Zotlabs\Web\Controller {
 				// There's still an issue if the finish date crosses the end of month.
 				// Noting this for now - it will need to be fixed here and in Friendica.
 				// Ultimately the finish date shouldn't be involved in the query. 
-	
+
 				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
 	                              from event left join item on event_hash = resource_id 
-					where resource_type = 'event' and event.uid = %d $ignored 
+					where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
 					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
 					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) ",
 					intval(local_channel()),
@@ -571,7 +580,6 @@ class Events extends \Zotlabs\Web\Controller {
 					dbesc($adjust_start),
 					dbesc($adjust_finish)
 				);
-	
 			}
 	
 			$links = array();
@@ -609,6 +617,12 @@ class Events extends \Zotlabs\Web\Controller {
 						$end = null;
 					} else {
 						$end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c'));
+
+						// give a fake end to birthdays so they get crammed into a 
+						// single day on the calendar
+
+						if($rr['etype'] === 'birthday')
+							$end = null;
 					}
 					
 					
@@ -620,14 +634,14 @@ class Events extends \Zotlabs\Web\Controller {
 	
 					$drop = array(z_root().'/events/drop/'.$rr['event_hash'],t('Delete event'),'','');
 	
-					$title = strip_tags(html_entity_decode(bbcode($rr['summary']),ENT_QUOTES,'UTF-8'));
+					$title = strip_tags(html_entity_decode(zidify_links(bbcode($rr['summary'])),ENT_QUOTES,'UTF-8'));
 					if(! $title) {
 						list($title, $_trash) = explode("<br",bbcode($rr['desc']),2);
 						$title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8'));
 					}
 					$html = format_event_html($rr);
-					$rr['desc'] = bbcode($rr['desc']);
-					$rr['location'] = bbcode($rr['location']);
+					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
 						'hash' => $rr['event_hash'],
@@ -694,7 +708,7 @@ class Events extends \Zotlabs\Web\Controller {
 		}
 	
 		if($mode === 'drop' && $event_id) {
-			$r = q("SELECT * FROM `event` WHERE event_hash = '%s' AND `uid` = %d LIMIT 1",
+			$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
 				dbesc($event_id),
 				intval(local_channel())
 			);
@@ -702,7 +716,7 @@ class Events extends \Zotlabs\Web\Controller {
 			$sync_event = $r[0];
 	
 			if($r) {
-				$r = q("delete from event where event_hash = '%s' and uid = %d limit 1",
+				$r = q("delete from event where event_hash = '%s' and uid = %d",
 					dbesc($event_id),
 					intval(local_channel())
 				);

Zotlabs/Module/Fbrowser.php

@@ -32,7 +32,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				$sql_extra2 = " ORDER BY created DESC LIMIT 0, 10";
 				
 				if (\App::$argc==2){
-					$albums = q("SELECT distinct(`album`) AS `album` FROM `photo` WHERE `uid` = %d ",
+					$albums = q("SELECT distinct(album) AS album FROM photo WHERE uid = %d ",
 						intval(local_channel())
 					);
 					// anon functions only from 5.3.0... meglio tardi che mai..
@@ -43,14 +43,14 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				$album = "";
 				if (\App::$argc==3){
 					$album = hex2bin(\App::$argv[2]);
-					$sql_extra = sprintf("AND `album` = '%s' ",dbesc($album));
+					$sql_extra = sprintf("AND album = '%s' ",dbesc($album));
 					$sql_extra2 = "";
 					$path[]=array(z_root() . "/fbrowser/image/" . \App::$argv[2] . "/", $album);
 				}
 					
-				$r = q("SELECT `resource_id`, `id`, `filename`, type, min(`imgscale`) AS `hiq`,max(`imgscale`) AS `loq`, `description`  
-						FROM `photo` WHERE `uid` = %d $sql_extra
-						GROUP BY `resource_id` $sql_extra2",
+				$r = q("SELECT resource_id, id, filename, type, min(imgscale) AS hiq,max(imgscale) AS loq, description  
+						FROM photo WHERE uid = %d $sql_extra
+						GROUP BY resource_id $sql_extra2",
 					intval(local_channel())					
 				);
 				
@@ -70,7 +70,7 @@ class Fbrowser extends \Zotlabs\Web\Controller {
 				break;
 			case "file":
 				if (\App::$argc==2){
-					$files = q("SELECT id, filename, filetype FROM `attach` WHERE `uid` = %d ",
+					$files = q("SELECT id, filename, filetype FROM attach WHERE uid = %d ",
 						intval(local_channel())
 					);
 					

Zotlabs/Module/Ffsapi.php

@@ -1,71 +0,0 @@
-<?php
-namespace Zotlabs\Module;
-
-
-
-class Ffsapi extends \Zotlabs\Web\Controller {
-
-	function get() {
-	
-		$baseurl = z_root();
-		$name = get_config('system','sitename');
-		$description = t('Share content from Firefox to $Projectname');
-		$author = 'Mike Macgirvin';
-		$homepage = 'http://hubzilla.org';
-		$activate = t('Activate the Firefox $Projectname provider');
-	
-	$s = <<< EOT
-	
-	<script>
-	
-	var baseurl = '$baseurl';
-	
-	var data = {
-	  "origin": baseurl,
-	  // currently required
-	  "name": '$name',
-	  "iconURL": baseurl+"/images/hz-16.png",
-	  "icon32URL": baseurl+"/images/hz-32.png",
-	  "icon64URL": baseurl+"/images/hz-64.png",
-	
-	  // at least one of these must be defined
-	  // "workerURL": baseurl+"/worker.js",
-	  // "sidebarURL": baseurl+"/sidebar.htm",
-	  "shareURL": baseurl+"/rpost?f=&url=%{url}",
-	
-	  // status buttons are scheduled for Firefox 26 or 27
-	  //"statusURL": baseurl+"/statusPanel.html",
-	
-	  // social bookmarks are available in Firefox 26
-	  "markURL": baseurl+"/rbmark?f=&url=%{url}&title=%{title}",
-	  // icons should be 32x32 pixels
-	  // "markedIcon": baseurl+"/images/checkbox-checked-32.png",
-	  // "unmarkedIcon": baseurl+"/images/checkbox-unchecked-32.png",
-	  "unmarkedIcon": baseurl+"/images/hz-bookmark-32.png",
-	
-	  // should be available for display purposes
-	  "description": "$description",
-	  "author": "$author",
-	  "homepageURL": "$homepage",
-	
-	  // optional
-	  "version": "1.0"
-	}
-	
-	function activate(node) {
-	  var event = new CustomEvent("ActivateSocialFeature");
-	  var jdata = JSON.stringify(data);
-	  node.setAttribute("data-service", JSON.stringify(data));
-	  node.dispatchEvent(event);
-	}
-	</script>
-	
-	<button onclick="activate(this)" title="$activate" class="btn btn-primary">$activate</button>
-	
-EOT;
-	
-	return $s;
-	
-	}
-	
-}

Zotlabs/Module/Fhublocs.php

@@ -42,7 +42,7 @@ class Fhublocs extends \Zotlabs\Web\Controller {
 				if($y)
 					$primary_address = $y[0]['xchan_addr'];
 	
-				$hub_address = $rr['channel']['channel_address'] . '@' . \App::get_hostname();
+				$hub_address = channel_reddress($rr['channel']);
 	
 			
 				$primary = (($hub_address === $primary_address) ? 1 : 0);
@@ -56,19 +56,21 @@ class Fhublocs extends \Zotlabs\Web\Controller {
 	
 				// Create a verified hub location pointing to this site.
 	
-				$h = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_primary, hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey, hubloc_network )
-					values ( '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s' )",
-					dbesc($rr['channel_guid']),
-					dbesc($rr['channel_guid_sig']),
-					dbesc($rr['channel_hash']),
-					dbesc($rr['channel_address'] . '@' . \App::get_hostname()),
-					intval($primary),
-					dbesc(z_root()),
-					dbesc(base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey']))),
-					dbesc(\App::get_hostname()),
-					dbesc(z_root() . '/post'),
-					dbesc($sitekey),
-					dbesc('zot')
+
+				$h = hubloc_store_lowlevel(
+					[
+						'hubloc_guid'     => $rr['channel_guid'],
+						'hubloc_guid_sig' => $rr['channel_guid_sig'],
+						'hubloc_hash'     => $rr['channel_hash'],
+						'hubloc_addr'     => channel_reddress($rr),
+						'hubloc_network'  => 'zot',
+						'hubloc_primary'  => $primary,
+						'hubloc_url'      => z_root(),
+						'hubloc_url_sig'  => base64url_encode(rsa_sign(z_root(),$rr['channel_prvkey'])),
+						'hubloc_host'     => \App::get_hostname(),
+						'hubloc_callback' => z_root() . '/post',
+						'hubloc_sitekey'  => $sitekey
+					]
 				);
 	
 				if($h)

Zotlabs/Module/File_upload.php

@@ -12,7 +12,7 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 		// logger('file upload: ' . print_r($_REQUEST,true));
 	
-		$channel = (($_REQUEST['channick']) ? get_channel_by_nick($_REQUEST['channick']) : null);
+		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
 	
 		if(! $channel) {
 			logger('channel not found');

Zotlabs/Module/Filestorage.php

@@ -1,7 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 /**
- * @file mod/filestorage.php
+ * @file Zotlabs/Module/Filestorage.php
  *
  */
 
@@ -16,43 +16,43 @@ require_once('include/attach.php');
 class Filestorage extends \Zotlabs\Web\Controller {
 
 	function post() {
-	
+
 		$channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0);
-	
+
 		if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
 		$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
 		$resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : '');
 		$notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0);
-	
+
 		if(! $resource) {
 			notice(t('Item not found.') . EOL);
 			return;
 		}
-	
+
 		$channel = \App::get_channel();
-	
+
 		$acl = new \Zotlabs\Access\AccessList($channel);
 		$acl->set_from_array($_REQUEST);
 		$x = $acl->get();
-	
+
 		$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
-	
+
 		//get the object before permissions change so we can catch eventual former allowed members
 		$object = get_file_activity_object($channel_id, $resource, $cloudPath);
-	
-		attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse);
-	
+
+		attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
+
 		file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
-	
+
 		goaway($cloudPath);
 	}
-	
-		function get() {
-	
+
+	function get() {
+
 		if(argc() > 1)
 			$which = argv(1);
 		else {
@@ -60,7 +60,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			\App::$error = 404;
 			return;
 		}
-	
+
 		$r = q("select * from channel where channel_address = '%s'",
 			dbesc($which)
 		);
@@ -68,32 +68,32 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$channel = $r[0];
 			$owner = intval($r[0]['channel_id']);
 		}
-	
+
 		$observer = \App::get_observer();
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
-	
+
 		$perms = get_all_perms($owner, $ob_hash);
-	
+
 		if(! $perms['view_storage']) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
 		// Since we have ACL'd files in the wild, but don't have ACL here yet, we
 		// need to return for anyone other than the owner, despite the perms check for now.
-	
+
 		$is_owner = (((local_channel()) && ($owner  == local_channel())) ? true : false);
 		if(! $is_owner) {
 			info( t('Permission Denied.') . EOL );
 			return;
 		}
-	
+
 		if(argc() > 3 && argv(3) === 'delete') {
 			if(! $perms['write_storage']) {
 				notice( t('Permission denied.') . EOL);
 				return;
 			}
-	
+
 			$file = intval(argv(2));
 			$r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1",
 				dbesc($file),
@@ -103,17 +103,17 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				notice( t('File not found.') . EOL);
 				goaway(z_root() . '/cloud/' . $which);
 			}
-	
+
 			$f = $r[0];
 			$channel = \App::get_channel();
-	
+
 			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
-	
+
 			attach_delete($owner, $f['hash']);
-	
+
 			goaway($parentpath);
 		}
-	
+
 		if(argc() > 3 && argv(3) === 'edit') {
 			require_once('include/acl_selectors.php');
 			if(! $perms['write_storage']) {
@@ -121,23 +121,23 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				return;
 			}
 			$file = intval(argv(2));
-	
+
 			$r = q("select id, uid, folder, filename, revision, flags, is_dir, os_storage, hash, allow_cid, allow_gid, deny_cid, deny_gid from attach where id = %d and uid = %d limit 1",
 				intval($file),
 				intval($owner)
 			);
-	
+
 			$f = $r[0];
 			$channel = \App::get_channel();
-	
+
 			$cloudpath = get_cloudpath($f) . (intval($f['is_dir']) ? '?f=&davguest=1' : '');
 			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
-	
+
 			$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
 			$is_a_dir = (intval($f['is_dir']) ? true : false);
-	
-			$lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock'); 
-	
+
+			$lockstate = (($f['allow_cid'] || $f['allow_gid'] || $f['deny_cid'] || $f['deny_gid']) ? 'lock' : 'unlock');
+
 			// Encode path that is used for link so it's a valid URL
 			// Keep slashes as slashes, otherwise mod_rewrite doesn't work correctly
 			$encoded_path = str_replace('%2F', '/', rawurlencode($cloudpath));
@@ -167,12 +167,12 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				'$link_btn_title' => t('Show URL to this file'),
 				'$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))),
 			));
-	
+
 			echo $o;
 			killme();
 		}
-	
+
 		goaway(z_root() . '/cloud/' . $which);
 	}
-	
+
 }

Zotlabs/Module/Follow.php

@@ -20,9 +20,6 @@ class Follow extends \Zotlabs\Web\Controller {
 	
 		$channel = \App::get_channel();
 
-		// Warning: Do not edit the following line. The first symbol is UTF-8 ＠ 
-		$url = str_replace('@','@',$url);	
-
 		$result = new_contact($uid,$url,$channel,true,$confirm);
 		
 		if($result['success'] == false) {

Zotlabs/Module/Getfile.php

@@ -27,10 +27,12 @@ require_once('include/attach.php');
 class Getfile extends \Zotlabs\Web\Controller {
 
 	function post() {
+
+		logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
 	
-		$hash = $_POST['hash'];
-		$time = $_POST['time'];
-		$sig = $_POST['signature'];
+		$hash     = $_POST['hash'];
+		$time     = $_POST['time'];
+		$sig      = $_POST['signature'];
 		$resource = $_POST['resource'];
 		$revision = intval($_POST['revision']);
 	
@@ -38,9 +40,11 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 	
 		$channel = channelx_by_hash($hash);
-	
-		if((! $channel) || (! $time) || (! $sig))
+
+		if((! $channel) || (! $time) || (! $sig)) {
+			logger('error: missing info');
 			killme();
+		}
 	
 		$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
 		if($slop < 1)
@@ -58,16 +62,15 @@ class Getfile extends \Zotlabs\Web\Controller {
 			logger('verify failed.');
 			killme();
 		}
-	
-	
-		$r = attach_by_hash($resource,$revision);
+		
+		$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
 	
 		if(! $r['success']) {
+			logger('attach_by_hash failed: ' . $r['message']);
 			notice( $r['message'] . EOL);
 			return;
 		}
-		
-	
+			
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
 		if(in_array($r['data']['filetype'],$unsafe_types)) {
@@ -76,10 +79,10 @@ class Getfile extends \Zotlabs\Web\Controller {
 		else {
 			header('Content-type: ' . $r['data']['filetype']);
 		}
-	
+
 		header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
 		if(intval($r['data']['os_storage'])) {
-			$fname = dbunescbin($r['data']['data']);
+			$fname = dbunescbin($r['data']['content']);
 			if(strpos($fname,'store') !== false)
 				$istream = fopen($fname,'rb');
 			else
@@ -91,11 +94,9 @@ class Getfile extends \Zotlabs\Web\Controller {
 				fclose($ostream);
 			}
 		}
-		else
-			echo dbunescbin($r['data']['data']);
+		else {
+			echo dbunescbin($r['data']['content']);
+		}
 		killme();
-	
-	
-	
 	}
 }

Zotlabs/Module/Group.php

@@ -34,7 +34,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() == 2) && (intval(argv(1)))) {
 			check_form_security_token_redirectOnErr('/group', 'group_edit');
 			
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -48,7 +48,7 @@ class Group extends \Zotlabs\Web\Controller {
 			$public = intval($_POST['public']);
 	
 			if((strlen($groupname))  && (($groupname != $group['gname']) || ($public != $group['visible']))) {
-				$r = q("UPDATE `groups` SET `gname` = '%s', visible = %d  WHERE `uid` = %d AND `id` = %d",
+				$r = q("UPDATE groups SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
 					dbesc($groupname),
 					intval($public),
 					intval(local_channel()),
@@ -101,7 +101,7 @@ class Group extends \Zotlabs\Web\Controller {
 			check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
 			
 			if(intval(argv(2))) {
-				$r = q("SELECT `gname` FROM `groups` WHERE `id` = %d AND `uid` = %d LIMIT 1",
+				$r = q("SELECT gname FROM groups WHERE id = %d AND uid = %d LIMIT 1",
 					intval(argv(2)),
 					intval(local_channel())
 				);
@@ -133,7 +133,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() > 1) && (intval(argv(1)))) {
 	
 			require_once('include/acl_selectors.php');
-			$r = q("SELECT * FROM `groups` WHERE `id` = %d AND `uid` = %d AND `deleted` = 0 LIMIT 1",
+			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -212,7 +212,7 @@ class Group extends \Zotlabs\Web\Controller {
 				group_rmv_member(local_channel(),$group['gname'],$member['xchan_hash']);
 		}
 	
-		$r = q("SELECT abook.*, xchan.* FROM `abook` left join xchan on abook_xchan = xchan_hash WHERE `abook_channel` = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
+		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d AND abook_self = 0 and abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 order by xchan_name asc",
 			intval(local_channel())
 		);
 	

Zotlabs/Module/Hcard.php

@@ -29,7 +29,20 @@ class Hcard extends \Zotlabs\Web\Controller {
 	        $profile = $r[0]['profile_guid'];
 	    }
 	
-	    \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which .'" />' . "\r\n" ;
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'title' => t('Posts and comments'),
+			'href'  => z_root() . '/feed/' . $which
+		]);
+
+		head_add_link( [ 
+			'rel'   => 'alternate', 
+			'type'  => 'application/atom+xml',
+			'title' => t('Only posts'),
+			'href'  => z_root() . '/feed/' . $which . '?f=&top=1'
+		]);
+
 	
 	    if(! $profile) {
 	        $x = q("select channel_id as profile_uid from channel where channel_address = '%s' limit 1",

Zotlabs/Module/Help.php

@@ -1,146 +1,100 @@
 <?php
 namespace Zotlabs\Module;
 
-
 require_once('include/help.php');
 
 /**
  * You can create local site resources in doc/Site.md and either link to doc/Home.md for the standard resources
  * or use our include mechanism to include it on your local page.
- *
+ *@code
  * #include doc/Home.md;
+ *@endcode
  *
- * The syntax is somewhat strict. 
- *
+ * The syntax is somewhat strict.
  */
-
 class Help extends \Zotlabs\Web\Controller {
 
 	function get() {
 		nav_set_selected('help');
-	
+
 		if($_REQUEST['search']) {
-		
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
 			$o .= '<div class="section-title-wrapper">';
 			$o .= '<h2>' . t('Documentation Search') . ' - ' . htmlspecialchars($_REQUEST['search']) . '</h2>';
 			$o .= '</div>';
 			$o .= '<div class="section-content-wrapper">';
-	
+
 			$r = search_doc_files($_REQUEST['search']);
 			if($r) {
 				$o .= '<ul class="help-searchlist">';
 				foreach($r as $rr) {
-					$dirname = dirname($rr['sid']);
-					$fname = basename($rr['sid']);
-					$fname = substr($fname,0,strrpos($fname,'.'));
-					$path = trim(substr($dirname,4),'/');
-	
-					$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br />' . 
-					str_replace('$Projectname',\Zotlabs\Lib\System::get_platform_name(),substr($rr['text'],0,200)) . '...<br /><br /></li>';
-	
+					$dirname = dirname($rr['v']);
+					$fname = basename($rr['v']);
+					$fname = substr($fname, 0, strrpos($fname, '.'));
+					$path = trim(substr($dirname, 4), '/');
+
+					$o .= '<li><a href="help/' . (($path) ? $path . '/' : '') . $fname . '" >' . ucwords(str_replace('_',' ',notags($fname))) . '</a><br>'
+						. '<b><i>' . 'help/' . (($path) ? $path . '/' : '') . $fname . '</i></b><br>'
+						. '...' . str_replace('$Projectname', \Zotlabs\Lib\System::get_platform_name(), $rr['text']) . '...<br><br></li>';
 				}
 				$o .= '</ul>';
 				$o .= '</div>';
 				$o .= '</div>';
 			}
+
 			return $o;
 		}
-	
-	
-		global $lang;
-	
-		$doctype = 'markdown';
-	
-		$text = '';
-	
-		if(argc() > 1) {
-			$path = '';
-			for($x = 1; $x < argc(); $x ++) {
-				if(strlen($path))
-					$path .= '/';
-				$path .= argv($x);
-			}
-			$title = basename($path);
-	
-			$text = load_doc_file('doc/' . $path . '.md');
-			\App::$page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title)));
-	
-			if(! $text) {
-				$text = load_doc_file('doc/' . $path . '.bb');
-				if($text)
-					$doctype = 'bbcode';
-				\App::$page['title'] = t('Help:') . ' ' . ucwords(str_replace('_',' ',notags($title)));
-			}
-			if(! $text) {
-				$text = load_doc_file('doc/' . $path . '.html');
-				if($text)
-					$doctype = 'html';
-				\App::$page['title'] = t('Help:') . ' ' . ucwords(str_replace('-',' ',notags($title)));
-			}
-		}
-	
-		if(! $text) {
-			$text = load_doc_file('doc/Site.md');
-			\App::$page['title'] = t('Help');
-		}
-		if(! $text) {
-			$doctype = 'bbcode';
-			$text = load_doc_file('doc/main.bb');
-			\App::$page['title'] = t('Help');
-		}
-		
-		if(! strlen($text)) {
-			header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
-			$tpl = get_markup_template("404.tpl");
-			return replace_macros($tpl, array(
-				'$message' =>  t('Page not found.' )
-			));
-		}
-	
-		if($doctype === 'html')
-			$content = $text;
-		if($doctype === 'markdown')	{
-			require_once('library/markdown.php');
-			# escape #include tags
-			$text = preg_replace('/#include/ism', '%%include', $text);
-			$content = Markdown($text);
-			$content = preg_replace('/%%include/ism', '#include', $content);
-		}
-		if($doctype === 'bbcode') {
-			require_once('include/bbcode.php');
-			$content = bbcode($text);
-			// bbcode retargets external content to new windows. This content is internal.
-			$content = str_replace(' target="_blank"','',$content);		
-		} 
-	
-		$content = preg_replace_callback("/#include (.*?)\;/ism", 'self::preg_callback_help_include', $content);
-	
-		return replace_macros(get_markup_template("help.tpl"), array(
+                
+                
+                if(argc() > 2 && argv(argc()-2) === 'assets') {
+                        $path = '';
+                        for($x = 1; $x < argc(); $x ++) {
+                                if(strlen($path))
+                                        $path .= '/';
+                                $path .= argv($x);
+                        }
+                        $realpath = 'doc/' . $path;
+                         //Set the content-type header as appropriate
+                        $imageInfo = getimagesize($realpath);
+                        switch ($imageInfo[2]) {
+                            case IMAGETYPE_JPEG:
+                                header("Content-Type: image/jpeg");
+                                break;
+                            case IMAGETYPE_GIF:
+                                header("Content-Type: image/gif");
+                                break;
+                            case IMAGETYPE_PNG:
+                                header("Content-Type: image/png");
+                                break;
+                           default:
+                                break;
+                        }
+                        header("Content-Length: " . filesize($realpath));
+
+                        // dump the picture and stop the script
+                        readfile($realpath);
+                        killme();
+                }
+
+		$headings = [
+			'about' => t('About'),
+			'member' => t('Members'),
+			'admin' => t('Administrators'),
+			'developer' => t('Developers'),
+			'tutorials' => t('Tutorials')
+		];
+
+		if(array_key_exists(argv(1), $headings))
+			$heading = $headings[argv(1)];
+
+                $content =  get_help_content();
+
+		return replace_macros(get_markup_template('help.tpl'), array(
 			'$title' => t('$Projectname Documentation'),
-			'$content' => translate_projectname($content)
+			'$tocHeading' => t('Contents'),
+			'$content' => $content,
+			'$heading' => $heading
 		));
-	
 	}
-	
-	
-	private static function preg_callback_help_include($matches) {
-	
-		if($matches[1]) {
-			$include = str_replace($matches[0],load_doc_file($matches[1]),$matches[0]);
-			if(preg_match('/\.bb$/', $matches[1]) || preg_match('/\.txt$/', $matches[1])) {
-				require_once('include/bbcode.php');
-				$include = bbcode($include);
-				$include = str_replace(' target="_blank"','',$include);		
-			} 
-			elseif(preg_match('/\.md$/', $matches[1])) {
-				require_once('library/markdown.php');
-				$include = Markdown($include);
-			}
-			return $include;
-		}
-	
-	}
-	
-	
+
 }

Zotlabs/Module/Hostxrd.php

@@ -5,6 +5,7 @@ namespace Zotlabs\Module;
 class Hostxrd extends \Zotlabs\Web\Controller {
 
 	function init() {
+		session_write_close();
 		header('Access-Control-Allow-Origin: *');
 		header("Content-type: application/xrd+xml");
 		logger('hostxrd',LOGGER_DEBUG);

Zotlabs/Module/Import.php

@@ -1,4 +1,5 @@
 <?php
+
 namespace Zotlabs\Module;
 
 // Import a channel, either by direct file upload or via
@@ -21,33 +22,18 @@ class Import extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		$max_identities = account_service_class_fetch($account_id,'total_identities');
-		$max_friends = account_service_class_fetch($account_id,'total_channels');
-		$max_feeds = account_service_class_fetch($account_id,'total_feeds');
-	
-		if($max_identities !== false) {
-			$r = q("select channel_id from channel where channel_account_id = %d",
-				intval($account_id)
-			);
-			if($r && count($r) > $max_identities) {
-				notice( sprintf( t('Your service plan only allows %d channels.'), $max_identities) . EOL);
-				return;
-			}
-		}
-	
-	
-		$data     = null;
-		$seize    = ((x($_REQUEST,'make_primary')) ? intval($_REQUEST['make_primary']) : 0);
-		$import_posts = ((x($_REQUEST,'import_posts')) ? intval($_REQUEST['import_posts']) : 0);
-		$src      = $_FILES['filename']['tmp_name'];
-		$filename = basename($_FILES['filename']['name']);
-		$filesize = intval($_FILES['filename']['size']);
-		$filetype = $_FILES['filename']['type'];
-	
-		$completed = ((array_key_exists('import_step',$_SESSION)) ? intval($_SESSION['import_step']) : 0);
-		if($completed)
-			logger('saved import step: ' . $_SESSION['import_step']);
+		$max_friends    = account_service_class_fetch($account_id,'total_channels');
+		$max_feeds      = account_service_class_fetch($account_id,'total_feeds');
+		$data           = null;
+		$seize          = ((x($_REQUEST,'make_primary')) ? intval($_REQUEST['make_primary']) : 0);
+		$import_posts   = ((x($_REQUEST,'import_posts')) ? intval($_REQUEST['import_posts']) : 0);
+		$moving         = intval($_REQUEST['moving']);
+		$src            = $_FILES['filename']['tmp_name'];
+		$filename       = basename($_FILES['filename']['name']);
+		$filesize       = intval($_FILES['filename']['size']);
+		$filetype       = $_FILES['filename']['type'];
 	
+
 		if($src) {
 	
 			// This is OS specific and could also fail if your tmpdir isn't very large
@@ -77,23 +63,27 @@ class Import extends \Zotlabs\Web\Controller {
 	
 			$channelname = substr($old_address,0,strpos($old_address,'@'));
 			$servername  = substr($old_address,strpos($old_address,'@')+1);
-	
-			$scheme = 'https://';
-			$api_path = '/api/red/channel/export/basic?f=&channel=' . $channelname;
+
+			$api_path = probe_api_path($servername);
+			if(! $api_path) {
+				notice( t('Unable to download data from old server') . EOL);
+				return;
+			}
+
+			$api_path .= 'channel/export/basic?f=&channel=' . $channelname;
 			if($import_posts)
 				$api_path .= '&posts=1';
 			$binary = false;
 			$redirects = 0;
 			$opts = array('http_auth' => $email . ':' . $password);
-			$url = $scheme . $servername . $api_path;
-			$ret = z_fetch_url($url, $binary, $redirects, $opts);
-			if(! $ret['success'])
-				$ret = z_fetch_url('http://' . $servername . $api_path, $binary, $redirects, $opts);
-			if($ret['success'])
+			$ret = z_fetch_url($api_path, $binary, $redirects, $opts);
+			if($ret['success']) {
 				$data = $ret['body'];
-			else
+			}
+			else {
 				notice( t('Unable to download data from old server') . EOL);
-	
+				return;
+			}
 		}
 	
 		if(! $data) {
@@ -108,14 +98,12 @@ class Import extends \Zotlabs\Web\Controller {
 	//	print_r($data);
 	
 	
-		if(array_key_exists('user',$data) && array_key_exists('version',$data)) {
-			require_once('include/Import/import_diaspora.php');
-			import_diaspora($data);
-			return;
+		if(! array_key_exists('compatibility',$data)) {
+			call_hooks('import_foreign_channel_data',$data);
+			if($data['handled'])
+				return;
 		}
-		
-		$moving = false;
-		
+
 		if(array_key_exists('compatibility',$data) && array_key_exists('database',$data['compatibility'])) {
 			$v1 = substr($data['compatibility']['database'],-4);
 			$v2 = substr(DB_UPDATE_VERSION,-4);
@@ -136,28 +124,26 @@ class Import extends \Zotlabs\Web\Controller {
 
 		if(array_key_exists('channel',$data)) {
 	
-			if($completed < 1) {
-				$channel = import_channel($data['channel'], $account_id, $seize);
+			$max_identities = account_service_class_fetch($account_id,'total_identities');
 	
-			}
-			else {
-				$r = q("select * from channel where channel_account_id = %d and channel_guid = '%s' limit 1",
-					intval($account_id),
-					dbesc($channel['channel_guid'])
+			if($max_identities !== false) {
+				$r = q("select channel_id from channel where channel_account_id = %d",
+					intval($account_id)
 				);
-				if($r)
-					$channel = $r[0];
-			}
-			if(! $channel) {
-				logger('mod_import: channel not found. ', print_r($channel,true));
-				notice( t('Cloned channel not found. Import failed.') . EOL);
-				return;
+				if($r && count($r) > $max_identities) {
+					notice( sprintf( t('Your service plan only allows %d channels.'), $max_identities) . EOL);
+					return;
+				}
 			}
+
+			$channel = import_channel($data['channel'], $account_id, $seize);
+	
+		}
+		else {
+			$moving  = false;
+			$channel = \App::get_channel();
 		}
 	
-		if(! $channel)
-			$channel = \App::get_channel();
-		
 		if(! $channel) {
 			logger('mod_import: channel not found. ', print_r($channel,true));
 			notice( t('No channel. Import failed.') . EOL);
@@ -165,18 +151,17 @@ class Import extends \Zotlabs\Web\Controller {
 		}
 	
 	
-		if($completed < 2) {
-			if(is_array($data['config'])) {
-				import_config($channel,$data['config']);
-			}
-	
-			logger('import step 2');
-			$_SESSION['import_step'] = 2;
+
+		if(is_array($data['config'])) {
+			import_config($channel,$data['config']);
 		}
 	
+		logger('import step 2');
 	
-		if($completed < 3) {
 	
+
+	
+		if(array_key_exists('channel',$data)) {
 			if($data['photo']) {
 				require_once('include/photo/photo_driver.php');
 				import_channel_photo(base64url_decode($data['photo']['data']),$data['photo']['type'],$account_id,$channel['channel_id']);
@@ -184,41 +169,36 @@ class Import extends \Zotlabs\Web\Controller {
 	
 			if(is_array($data['profile']))
 				import_profiles($channel,$data['profile']);
-	
-			logger('import step 3');
-			$_SESSION['import_step'] = 3;
 		}
+			
+		logger('import step 3');
 	
-	
-		if($completed < 4) {
-	
-			if(is_array($data['hubloc']) && (! $moving)) {
-				import_hublocs($channel,$data['hubloc'],$seize);
-	
-			}
-			logger('import step 4');
-			$_SESSION['import_step'] = 4;
+		if(is_array($data['hubloc'])) {
+			import_hublocs($channel,$data['hubloc'],$seize,$moving);
 		}
-	
-		if($completed < 5) {
-			// create new hubloc for the new channel at this site
-	
-			$r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_hash, hubloc_addr, hubloc_network, hubloc_primary, 
-				hubloc_url, hubloc_url_sig, hubloc_host, hubloc_callback, hubloc_sitekey )
-				values ( '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )",
-				dbesc($channel['channel_guid']),
-				dbesc($channel['channel_guid_sig']),
-				dbesc($channel['channel_hash']),
-				dbesc($channel['channel_address'] . '@' . \App::get_hostname()),
-				dbesc('zot'),
-				intval(($seize) ? 1 : 0),
-				dbesc(z_root()),
-				dbesc(base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']))),
-				dbesc(\App::get_hostname()),
-				dbesc(z_root() . '/post'),
-				dbesc(get_config('system','pubkey'))
+			
+		logger('import step 4');
+
+		// create new hubloc for the new channel at this site
+
+		if(array_key_exists('channel',$data)) {
+			$r = hubloc_store_lowlevel(
+				[
+					'hubloc_guid'     => $channel['channel_guid'],
+					'hubloc_guid_sig' => $channel['channel_guid_sig'],
+					'hubloc_hash'     => $channel['channel_hash'],
+					'hubloc_addr'     => channel_reddress($channel),
+					'hubloc_network'  => 'zot',
+					'hubloc_primary'  => (($seize) ? 1 : 0),
+					'hubloc_url'      => z_root(),
+					'hubloc_url_sig'  => base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey'])),
+					'hubloc_host'     => \App::get_hostname(),
+					'hubloc_callback' => z_root() . '/post',
+					'hubloc_sitekey'  => get_config('system','pubkey'),
+					'hubloc_updated'  => datetime_convert()
+				]
 			);
-		
+
 			// reset the original primary hubloc if it is being seized
 	
 			if($seize) {
@@ -227,242 +207,206 @@ class Import extends \Zotlabs\Web\Controller {
 					dbesc(z_root())
 				);
 			}
-			logger('import step 5');
-			$_SESSION['import_step'] = 5;
 		}
+
+		logger('import step 5');
 	 
 	
-		if($completed < 6) {
 	
-			// import xchans and contact photos
+		// import xchans and contact photos
 	
-			if($seize) {
+		if(array_key_exists('channel',$data) && $seize) {
 	
-				// replace any existing xchan we may have on this site if we're seizing control
+			// replace any existing xchan we may have on this site if we're seizing control
 	
-				$r = q("delete from xchan where xchan_hash = '%s'",
-					dbesc($channel['channel_hash'])
-				);
-	
-				$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_guid_sig, xchan_pubkey, xchan_photo_l, xchan_photo_m, xchan_photo_s, xchan_addr, xchan_url, xchan_follow, xchan_connurl, xchan_name, xchan_network, xchan_photo_date, xchan_name_date, xchan_hidden, xchan_orphan, xchan_censored, xchan_selfcensored, xchan_system, xchan_pubforum, xchan_deleted ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, %d, %d, %d )",
-					dbesc($channel['channel_hash']),
-					dbesc($channel['channel_guid']),
-					dbesc($channel['channel_guid_sig']),
-					dbesc($channel['channel_pubkey']),
-					dbesc(z_root() . "/photo/profile/l/" . $channel['channel_id']),
-					dbesc(z_root() . "/photo/profile/m/" . $channel['channel_id']),
-					dbesc(z_root() . "/photo/profile/s/" . $channel['channel_id']),
-					dbesc($channel['channel_address'] . '@' . \App::get_hostname()),
-					dbesc(z_root() . '/channel/' . $channel['channel_address']),
-					dbesc(z_root() . '/follow?f=&url=%s'),
-					dbesc(z_root() . '/poco/' . $channel['channel_address']),
-					dbesc($channel['channel_name']),
-					dbesc('zot'),
-					dbesc(datetime_convert()),
-					dbesc(datetime_convert()),
-					0,0,0,0,0,0,0
-				);
-			}
-			logger('import step 6');
-			$_SESSION['import_step'] = 6;
+			$r = q("delete from xchan where xchan_hash = '%s'",
+				dbesc($channel['channel_hash'])
+			);
+
+
+			$r = xchan_store_lowlevel(
+				[
+					'xchan_hash'           => $channel['channel_hash'],
+					'xchan_guid'           => $channel['channel_guid'],
+					'xchan_guid_sig'       => $channel['channel_guid_sig'],
+					'xchan_pubkey'         => $channel['channel_pubkey'],
+					'xchan_photo_l'        => z_root() . "/photo/profile/l/" . $channel['channel_id'],
+					'xchan_photo_m'        => z_root() . "/photo/profile/m/" . $channel['channel_id'],
+					'xchan_photo_s'        => z_root() . "/photo/profile/s/" . $channel['channel_id'],
+					'xchan_addr'           => channel_reddress($channel),
+					'xchan_url'            => z_root() . '/channel/' . $channel['channel_address'],
+					'xchan_connurl'        => z_root() . '/poco/' . $channel['channel_address'],
+					'xchan_follow'         => z_root() . '/follow?f=&url=%s',
+					'xchan_name'           => $channel['channel_name'],
+					'xchan_network'        => 'zot',
+					'xchan_photo_date'     => datetime_convert(),
+					'xchan_name_date'      => datetime_convert()
+				]
+			);	
 		}
 	
-		if($completed < 7) {
+		logger('import step 6');
+
 	
-			$xchans = $data['xchan'];
-			if($xchans) {
-				foreach($xchans as $xchan) {
 	
-					$hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']);
-					if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) {
-						logger('forged xchan: ' . print_r($xchan,true));
-						continue;
-					}
+		$xchans = $data['xchan'];
+		if($xchans) {
+			foreach($xchans as $xchan) {
 	
-					if(! array_key_exists('xchan_hidden',$xchan)) {
-						$xchan['xchan_hidden']       = (($xchan['xchan_flags'] & 0x0001) ? 1 : 0);
-						$xchan['xchan_orphan']       = (($xchan['xchan_flags'] & 0x0002) ? 1 : 0);
-						$xchan['xchan_censored']     = (($xchan['xchan_flags'] & 0x0004) ? 1 : 0);
-						$xchan['xchan_selfcensored'] = (($xchan['xchan_flags'] & 0x0008) ? 1 : 0);
-						$xchan['xchan_system']       = (($xchan['xchan_flags'] & 0x0010) ? 1 : 0);
-						$xchan['xchan_pubforum']     = (($xchan['xchan_flags'] & 0x0020) ? 1 : 0);
-						$xchan['xchan_deleted']      = (($xchan['xchan_flags'] & 0x1000) ? 1 : 0);
-					}
+				$hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']);
+				if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) {
+					logger('forged xchan: ' . print_r($xchan,true));
+					continue;
+				}
 	
-					$r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1",
-						dbesc($xchan['xchan_hash'])
-					);
-					if($r)
-						continue;
-	
-					dbesc_array($xchan);
-			
-					$r = dbq("INSERT INTO xchan (`" 
-						. implode("`, `", array_keys($xchan)) 
-						. "`) VALUES ('" 
-						. implode("', '", array_values($xchan)) 
-						. "')" );
+				if(! array_key_exists('xchan_hidden',$xchan)) {
+					$xchan['xchan_hidden']       = (($xchan['xchan_flags'] & 0x0001) ? 1 : 0);
+					$xchan['xchan_orphan']       = (($xchan['xchan_flags'] & 0x0002) ? 1 : 0);
+					$xchan['xchan_censored']     = (($xchan['xchan_flags'] & 0x0004) ? 1 : 0);
+					$xchan['xchan_selfcensored'] = (($xchan['xchan_flags'] & 0x0008) ? 1 : 0);
+					$xchan['xchan_system']       = (($xchan['xchan_flags'] & 0x0010) ? 1 : 0);
+					$xchan['xchan_pubforum']     = (($xchan['xchan_flags'] & 0x0020) ? 1 : 0);
+					$xchan['xchan_deleted']      = (($xchan['xchan_flags'] & 0x1000) ? 1 : 0);
+				}
 	
+				$r = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1",
+					dbesc($xchan['xchan_hash'])
+				);
+				if($r)
+					continue;
+
+				create_table_from_array('xchan',$xchan);	
 		
-					require_once('include/photo/photo_driver.php');
-					$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
-					if($photos[4])
-						$photodate = NULL_DATE;
-					else
-						$photodate = $xchan['xchan_photo_date'];
+				require_once('include/photo/photo_driver.php');
+				$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
+				if($photos[4])
+					$photodate = NULL_DATE;
+				else
+					$photodate = $xchan['xchan_photo_date'];
 	
-					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s'
-						where xchan_hash = '%s'",
-						dbesc($photos[0]),
-						dbesc($photos[1]),
-						dbesc($photos[2]),
-						dbesc($photos[3]),
-						dbesc($photodate),
-						dbesc($xchan['xchan_hash'])
-					);
-				
-				}
-			}
-			logger('import step 7');
-			$_SESSION['import_step'] = 7;
-	
-		}
-	
-	
-	
-		// FIXME - ensure we have an xchan if somebody is trying to pull a fast one
-	
-		if($completed < 8) {	
-			$friends = 0;
-			$feeds = 0;
-	
-			// import contacts
-			$abooks = $data['abook'];
-			if($abooks) {
-				foreach($abooks as $abook) {
-
-					$abook_copy = $abook;
-	
-					$abconfig = null;
-					if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
-						$abconfig = $abook['abconfig'];
-	
-					unset($abook['abook_id']);
-					unset($abook['abook_rating']);
-					unset($abook['abook_rating_text']);
-					unset($abook['abconfig']);
-					unset($abook['abook_their_perms']);
-					unset($abook['abook_my_perms']);
-
-					$abook['abook_account'] = $account_id;
-					$abook['abook_channel'] = $channel['channel_id'];
-					if(! array_key_exists('abook_blocked',$abook)) {
-						$abook['abook_blocked']     = (($abook['abook_flags'] & 0x0001 ) ? 1 : 0);
-						$abook['abook_ignored']     = (($abook['abook_flags'] & 0x0002 ) ? 1 : 0);
-						$abook['abook_hidden']      = (($abook['abook_flags'] & 0x0004 ) ? 1 : 0);
-						$abook['abook_archived']    = (($abook['abook_flags'] & 0x0008 ) ? 1 : 0);
-						$abook['abook_pending']     = (($abook['abook_flags'] & 0x0010 ) ? 1 : 0);
-						$abook['abook_unconnected'] = (($abook['abook_flags'] & 0x0020 ) ? 1 : 0);
-						$abook['abook_self']        = (($abook['abook_flags'] & 0x0080 ) ? 1 : 0);
-						$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0);
-					}
-	
-					if($abook['abook_self']) {
-						$role = get_pconfig($channel['channel_id'],'system','permissions_role');
-						if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) {
-							q("update xchan set xchan_pubforum = 1 where xchan_hash = '%s' ",
-								dbesc($abook['abook_xchan'])
-							);
-						}
-					} 
-					else {
-						if($max_friends !== false && $friends > $max_friends)
-							continue;
-						if($max_feeds !== false && intval($abook['abook_feed']) && ($feeds > $max_feeds))
-							continue;
-					}
-	
-					dbesc_array($abook);
-					$r = dbq("INSERT INTO abook (`" 
-						. implode("`, `", array_keys($abook)) 
-						. "`) VALUES ('" 
-						. implode("', '", array_values($abook)) 
-						. "')" );
-	
-					$friends ++;
-					if(intval($abook['abook_feed']))
-						$feeds ++;
-
-					translate_abook_perms_inbound($channel,$abook_copy);
-	
-					if($abconfig) {
-						// @fixme does not handle sync of del_abconfig
-						foreach($abconfig as $abc) {
-							set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']);
-						}
-					}
-	
-	
-	
-				}
-			}
-			logger('import step 8');
-			$_SESSION['import_step'] = 8;
-		}
-	
-	
-	
-		if($completed < 9) {
-			$groups = $data['group'];
-			if($groups) {
-				$saved = array();
-				foreach($groups as $group) {
-					$saved[$group['hash']] = array('old' => $group['id']);
-					if(array_key_exists('name',$group)) {
-						$group['gname'] = $group['name'];
-						unset($group['name']);
-					}
-					unset($group['id']);
-					$group['uid'] = $channel['channel_id'];					
-					dbesc_array($group);
-					$r = dbq("INSERT INTO groups (`" 
-						. implode("`, `", array_keys($group)) 
-						. "`) VALUES ('" 
-						. implode("', '", array_values($group)) 
-						. "')" );
-				}
-				$r = q("select * from `groups` where uid = %d",
-					intval($channel['channel_id'])
+				$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
+					dbesc($photos[0]),
+					dbesc($photos[1]),
+					dbesc($photos[2]),
+					dbesc($photos[3]),
+					dbesc($photodate),
+					dbesc($xchan['xchan_hash'])
 				);
-				if($r) {
-					foreach($r as $rr) {
-						$saved[$rr['hash']]['new'] = $rr['id'];
+				
+			}
+
+			logger('import step 7');	
+		}
+		
+
+		$friends = 0;
+		$feeds = 0;
+	
+		// import contacts
+		$abooks = $data['abook'];
+		if($abooks) {
+			foreach($abooks as $abook) {
+
+				$abook_copy = $abook;
+	
+				$abconfig = null;
+				if(array_key_exists('abconfig',$abook) && is_array($abook['abconfig']) && count($abook['abconfig']))
+					$abconfig = $abook['abconfig'];
+	
+				unset($abook['abook_id']);
+				unset($abook['abook_rating']);
+				unset($abook['abook_rating_text']);
+				unset($abook['abconfig']);
+				unset($abook['abook_their_perms']);
+				unset($abook['abook_my_perms']);
+
+				$abook['abook_account'] = $account_id;
+				$abook['abook_channel'] = $channel['channel_id'];
+				if(! array_key_exists('abook_blocked',$abook)) {
+					$abook['abook_blocked']     = (($abook['abook_flags'] & 0x0001 ) ? 1 : 0);
+					$abook['abook_ignored']     = (($abook['abook_flags'] & 0x0002 ) ? 1 : 0);
+					$abook['abook_hidden']      = (($abook['abook_flags'] & 0x0004 ) ? 1 : 0);
+					$abook['abook_archived']    = (($abook['abook_flags'] & 0x0008 ) ? 1 : 0);
+					$abook['abook_pending']     = (($abook['abook_flags'] & 0x0010 ) ? 1 : 0);
+					$abook['abook_unconnected'] = (($abook['abook_flags'] & 0x0020 ) ? 1 : 0);
+					$abook['abook_self']        = (($abook['abook_flags'] & 0x0080 ) ? 1 : 0);
+					$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0);
+				}
+	
+				if($abook['abook_self']) {
+					$role = get_pconfig($channel['channel_id'],'system','permissions_role');
+					if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) {
+						q("update xchan set xchan_pubforum = 1 where xchan_hash = '%s' ",
+							dbesc($abook['abook_xchan'])
+						);
 					}
 				} 
-			}
+				else {
+					if($max_friends !== false && $friends > $max_friends)
+						continue;
+					if($max_feeds !== false && intval($abook['abook_feed']) && ($feeds > $max_feeds))
+						continue;
+				}
 	
+				create_table_from_array('abook',$abook);
+
+				$friends ++;
+				if(intval($abook['abook_feed']))
+					$feeds ++;
+
+				translate_abook_perms_inbound($channel,$abook_copy);
 	
-			$group_members = $data['group_member'];
-			if($group_members) {
-				foreach($group_members as $group_member) {
-					unset($group_member['id']);
-					$group_member['uid'] = $channel['channel_id'];
-					foreach($saved as $x) {
-						if($x['old'] == $group_member['gid'])
-							$group_member['gid'] = $x['new'];
+				if($abconfig) {
+					// @fixme does not handle sync of del_abconfig
+					foreach($abconfig as $abc) {
+						set_abconfig($channel['channel_id'],$abc['xchan'],$abc['cat'],$abc['k'],$abc['v']);
 					}
-					dbesc_array($group_member);
-					$r = dbq("INSERT INTO group_member (`" 
-						. implode("`, `", array_keys($group_member)) 
-						. "`) VALUES ('" 
-						. implode("', '", array_values($group_member)) 
-						. "')" );
 				}
 			}
-			logger('import step 9');
-			$_SESSION['import_step'] = 9;
+
+			logger('import step 8');
 		}
 	
+		$groups = $data['group'];
+		if($groups) {
+			$saved = array();
+			foreach($groups as $group) {
+				$saved[$group['hash']] = array('old' => $group['id']);
+				if(array_key_exists('name',$group)) {
+					$group['gname'] = $group['name'];
+					unset($group['name']);
+				}
+				unset($group['id']);
+				$group['uid'] = $channel['channel_id'];
+
+				create_table_from_array('groups',$group);
+			}
+			$r = q("select * from groups where uid = %d",
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$saved[$rr['hash']]['new'] = $rr['id'];
+				}
+			} 
+		}
+	
+	
+		$group_members = $data['group_member'];
+		if($group_members) {
+			foreach($group_members as $group_member) {
+				unset($group_member['id']);
+				$group_member['uid'] = $channel['channel_id'];
+				foreach($saved as $x) {
+					if($x['old'] == $group_member['gid'])
+						$group_member['gid'] = $x['new'];
+				}
+				create_table_from_array('group_member',$group_member);
+			}
+		}
+
+		logger('import step 9');
+	
 		if(is_array($data['obj']))
 			import_objs($channel,$data['obj']);
 	
@@ -489,6 +433,12 @@ class Import extends \Zotlabs\Web\Controller {
 	
 		if(is_array($data['menu']))
 			import_menus($channel,$data['menu']);
+
+		if(is_array($data['wiki']))
+			import_items($channel,$data['wiki'],false,$relocate);
+
+		if(is_array($data['webpages']))
+			import_items($channel,$data['webpages'],false,$relocate);
 		
 		$addon = array('channel' => $channel,'data' => $data);
 		call_hooks('import_channel',$addon);
@@ -504,9 +454,6 @@ class Import extends \Zotlabs\Web\Controller {
 		if(array_key_exists('item_id',$data) && $data['item_id'])
 			import_item_ids($channel,$data['item_id']);
 	
-	
-		// FIXME - ensure we have a self entry if somebody is trying to pull a fast one
-	
 		// send out refresh requests
 		// notify old server that it may no longer be primary.
 	
@@ -521,7 +468,6 @@ class Import extends \Zotlabs\Web\Controller {
 	
 		change_channel($channel['channel_id']);
 	
-		unset($_SESSION['import_step']);
 		goaway(z_root() . '/network' );
 	
 	}
@@ -553,7 +499,8 @@ class Import extends \Zotlabs\Web\Controller {
 			'$label_old_pass' => t('Your old login password'),
 			'$common' => t('For either option, please choose whether to make this hub your new primary address, or whether your old location should continue this role. You will be able to post from either location, but only one can be marked as the primary location for files, photos, and media.'),
 			'$label_import_primary' => t('Make this hub my primary location'),
-			'$label_import_posts' => t('Import existing posts if possible (experimental - limited by available memory'),
+			'$label_import_moving' => t('Move this channel (disable all previous locations)'),
+			'$label_import_posts' => t('Import a few months of posts if possible (limited by available memory'),
 			'$pleasewait' => t('This process may take several minutes to complete. Please submit the form only once and leave this page open until finished.'), 
 			'$email' => '',
 			'$pass' => '',

Zotlabs/Module/Invite.php

@@ -59,12 +59,15 @@ class Invite extends \Zotlabs\Web\Controller {
 	
 			$account = \App::get_account();
 	
-	
-			$res = mail($recip, sprintf( t('Please join us on $Projectname'), \App::$config['sitename']),
-				$nmessage,
-				"From: " . $account['account_email'] . "\n"
-				. 'Content-type: text/plain; charset=UTF-8' . "\n"
-				. 'Content-transfer-encoding: 8bit' );
+			$res = z_mail(
+				[ 
+				'toEmail'        => $recip,
+				'fromName'       => ' ',
+				'fromEmail'      => $account['account_email'],
+				'messageSubject' => t('Please join us on $Projectname'),
+				'textVersion'    => $nmessage,
+				]
+			);
 	
 			if($res) {
 				$total ++;
@@ -108,7 +111,7 @@ class Invite extends \Zotlabs\Web\Controller {
 				$invite_code = autoname(8) . rand(1000,9999);
 				$nmessage = str_replace('$invite_code',$invite_code,$message);
 	
-				$r = q("INSERT INTO `register` (`hash`,`created`) VALUES ('%s', '%s') ",
+				$r = q("INSERT INTO register (hash,created) VALUES ('%s', '%s') ",
 					dbesc($invite_code),
 					dbesc(datetime_convert())
 				);

Zotlabs/Module/Item.php

@@ -20,6 +20,9 @@ namespace Zotlabs\Module;
 require_once('include/crypto.php');
 require_once('include/items.php');
 require_once('include/attach.php');
+require_once('include/bbcode.php');
+require_once('include/security.php');
+
 
 use \Zotlabs\Lib as Zlib;
 
@@ -32,9 +35,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
 			return;
-	
-		require_once('include/security.php');
-	
+
 		$uid = local_channel();
 		$channel = null;
 		$observer = null;
@@ -81,6 +82,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
 	
 		$consensus = intval($_REQUEST['consensus']);
+		$nocomment = intval($_REQUEST['nocomment']);
 	
 		// 'origin' (if non-zero) indicates that this network is where the message originated,
 		// for the purpose of relaying comments to other conversation members. 
@@ -123,6 +125,8 @@ class Item extends \Zotlabs\Web\Controller {
 			$ret = $this->item_check_service_class($uid,(($_REQUEST['webpage'] == ITEM_TYPE_WEBPAGE) ? true : false));
 			if (!$ret['success']) { 
 				notice( t($ret['message']) . EOL) ;
+				if($api_source)
+					return ( [ 'success' => false, 'message' => 'service class exception' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -136,6 +140,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 	
 		$item_flags = $item_restrict = 0;
+		$expires = NULL_DATE;
 	
 		$route = '';
 		$parent_item = null;
@@ -153,13 +158,13 @@ class Item extends \Zotlabs\Web\Controller {
 				$obj_type = ACTIVITY_OBJ_COMMENT;
 	
 			if($parent) {
-				$r = q("SELECT * FROM `item` WHERE `id` = %d LIMIT 1",
+				$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
 					intval($parent)
 				);
 			}
 			elseif($parent_mid && $uid) {
 				// This is coming from an API source, and we are logged in
-				$r = q("SELECT * FROM `item` WHERE `mid` = '%s' AND `uid` = %d LIMIT 1",
+				$r = q("SELECT * FROM item WHERE mid = '%s' AND uid = %d LIMIT 1",
 					dbesc($parent_mid),
 					intval($uid)
 				);
@@ -169,7 +174,7 @@ class Item extends \Zotlabs\Web\Controller {
 				$parid = $r[0]['parent'];
 				$parent_mid = $r[0]['mid'];
 				if($r[0]['id'] != $r[0]['parent']) {
-					$r = q("SELECT * FROM `item` WHERE `id` = `parent` AND `parent` = %d LIMIT 1",
+					$r = q("SELECT * FROM item WHERE id = parent AND parent = %d LIMIT 1",
 						intval($parid)
 					);
 				}
@@ -177,6 +182,8 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			if(($r === false) || (! count($r))) {
 				notice( t('Unable to locate original post.') . EOL);
+				if($api_source)
+					return ( [ 'success' => false, 'message' => 'invalid post id' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -211,6 +218,8 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			if(! $can_comment) {
 				notice( t('Permission denied.') . EOL) ;
+				if($api_source)
+					return ( [ 'success' => false, 'message' => 'permission denied' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -219,6 +228,8 @@ class Item extends \Zotlabs\Web\Controller {
 		else {
 			if(! perm_is_allowed($profile_uid,$observer['xchan_hash'],($webpage) ? 'write_pages' : 'post_wall')) {
 				notice( t('Permission denied.') . EOL) ;
+				if($api_source)
+					return ( [ 'success' => false, 'message' => 'permission denied' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -243,7 +254,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$iconfig = null;
 	
 		if($post_id) {
-			$i = q("SELECT * FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
+			$i = q("SELECT * FROM item WHERE uid = %d AND id = %d LIMIT 1",
 				intval($profile_uid),
 				intval($post_id)
 			);
@@ -273,6 +284,8 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		if(! $channel) {
 			logger("mod_item: no channel.");
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'no channel' ] );	
 			if(x($_REQUEST,'return')) 
 				goaway(z_root() . "/" . $return_path );
 			killme();
@@ -288,6 +301,8 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 		else {
 			logger("mod_item: no owner.");
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'no owner' ] );	
 			if(x($_REQUEST,'return')) 
 				goaway(z_root() . "/" . $return_path );
 			killme();
@@ -380,6 +395,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			$postopts          = $orig_post['postopts'];
 			$created           = $orig_post['created'];
+			$expires           = $orig_post['expires'];
 			$mid               = $orig_post['mid'];
 			$parent_mid        = $orig_post['parent_mid'];
 			$plink             = $orig_post['plink'];
@@ -413,7 +429,9 @@ class Item extends \Zotlabs\Web\Controller {
 			$body              = trim($_REQUEST['body']);
 			$body              .= trim($_REQUEST['attachment']);
 			$postopts          = '';
-	
+
+			$allow_empty       = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0);	
+
 			$private = intval($acl->is_private() || ($public_policy));
 	
 			// If this is a comment, set the permissions from the parent.
@@ -426,10 +444,12 @@ class Item extends \Zotlabs\Web\Controller {
 				$owner_hash        = $parent_item['owner_xchan'];
 			}
 		
-			if(! strlen($body)) {
+			if((! $allow_empty) && (! strlen($body))) {
 				if($preview)
 					killme();
 				info( t('Empty post discarded.') . EOL );
+				if($api_source)
+					return ( [ 'success' => false, 'message' => 'no content' ] );	
 				if(x($_REQUEST,'return')) 
 					goaway(z_root() . "/" . $return_path );
 				killme();
@@ -437,7 +457,6 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 		
 	
-		$expires = NULL_DATE;
 	
 		if(feature_enabled($profile_uid,'content_expire')) {
 			if(x($_REQUEST,'expire')) {
@@ -446,7 +465,8 @@ class Item extends \Zotlabs\Web\Controller {
 					$expires = NULL_DATE;
 			}
 		}
-	
+
+
 		$mimetype = notags(trim($_REQUEST['mimetype']));
 		if(! $mimetype)
 			$mimetype = 'text/bbcode';
@@ -470,6 +490,8 @@ class Item extends \Zotlabs\Web\Controller {
 				}
 				else {
 					notice( t('Executable content type not permitted to this channel.') . EOL);
+					if($api_source)
+						return ( [ 'success' => false, 'message' => 'forbidden content type' ] );	
 					if(x($_REQUEST,'return')) 
 						goaway(z_root() . "/" . $return_path );
 					killme();
@@ -501,11 +523,11 @@ class Item extends \Zotlabs\Web\Controller {
 			// <img src="javascript:alert('hacked');" />
 	
 	//		if($uid && $uid == $profile_uid && feature_enabled($uid,'markdown')) {
-	//			require_once('include/bb2diaspora.php');
+	//			require_once('include/markdown.php');
 	//			$body = escape_tags(trim($body));
 	//			$body = str_replace("\n",'<br />', $body);
 	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_shield',$body);			
-	//			$body = diaspora2bb($body,true);
+	//			$body = markdown_to_bb($body,true);
 	//			$body = preg_replace_callback('/\[share(.*?)\]/ism','\share_unshield',$body);
 	//		}
 	
@@ -537,40 +559,8 @@ class Item extends \Zotlabs\Web\Controller {
 				if($x)
 					$body .= "\n\n@group+" . $x[0]['abook_id'] . "\n";
 			}
-	
-			/**
-			 * fix naked links by passing through a callback to see if this is a hubzilla site
-			 * (already known to us) which will get a zrl, otherwise link with url, add bookmark tag to both.
-			 * First protect any url inside certain bbcode tags so we don't double link it.
-			 */
-	
-	
-			$body = preg_replace_callback('/\[code(.*?)\[\/(code)\]/ism','\red_escape_codeblock',$body);
-			$body = preg_replace_callback('/\[url(.*?)\[\/(url)\]/ism','\red_escape_codeblock',$body);
-			$body = preg_replace_callback('/\[zrl(.*?)\[\/(zrl)\]/ism','\red_escape_codeblock',$body);
-	
-			$body = preg_replace_callback("/([^\]\='".'"'."\/]|^|\#\^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]+)/ism", '\red_zrl_callback', $body);
-	
-			$body = preg_replace_callback('/\[\$b64zrl(.*?)\[\/(zrl)\]/ism','\red_unescape_codeblock',$body);
-			$body = preg_replace_callback('/\[\$b64url(.*?)\[\/(url)\]/ism','\red_unescape_codeblock',$body);
-			$body = preg_replace_callback('/\[\$b64code(.*?)\[\/(code)\]/ism','\red_unescape_codeblock',$body);
-	
-	
-			// fix any img tags that should be zmg
-	
-			$body = preg_replace_callback('/\[img(.*?)\](.*?)\[\/img\]/ism','\red_zrlify_img_callback',$body);
-	
-	
-			$body = bb_translate_video($body);
-	
-			/**
-			 * Fold multi-line [code] sequences
-			 */
-	
-			$body = preg_replace('/\[\/code\]\s*\[code\]/ism',"\n",$body); 
-	
-			$body = scale_external_images($body,false);
-	
+
+			$body = cleanup_bbcode($body);
 	
 			// Look for tags and linkify them
 			$results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid);
@@ -625,9 +615,9 @@ class Item extends \Zotlabs\Web\Controller {
 			 */
 	
 			if(! $preview) {
-				$this->fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+				fix_attached_photo_permissions($profile_uid,$owner_xchan['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 	
-				$this->fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
+				fix_attached_file_permissions($channel,$observer['xchan_hash'],((strpos($body,'[/crypt]')) ? $_POST['media_str'] : $body),$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny);
 	
 			}
 	
@@ -707,6 +697,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$item_wall = (($post_type === 'wall' || $post_type === 'wall-comment') ? 1 : 0);
 		$item_origin = (($origin) ? 1 : 0);
 		$item_consensus = (($consensus) ? 1 : 0);
+		$item_nocomment = (($nocomment) ? 1 : 0);
 	
 	
 		// determine if this is a wall post
@@ -733,6 +724,8 @@ class Item extends \Zotlabs\Web\Controller {
 		if(! $mid) {
 			$mid = (($message_id) ? $message_id : item_message_id());
 		}
+
+
 		if(! $parent_mid) {
 			$parent_mid = $mid;
 		}
@@ -746,78 +739,71 @@ class Item extends \Zotlabs\Web\Controller {
 			$thr_parent = $mid;
 	
 		$datarray = array();
-	
+
 		$item_thread_top = ((! $parent) ? 1 : 0);
 	
 		if ((! $plink) && ($item_thread_top)) {
 			$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
 		}
 		
-	
-	
-	
-	
-		$datarray['aid']            = $channel['channel_account_id'];
-		$datarray['uid']            = $profile_uid;
-		
-		$datarray['owner_xchan']    = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']);
-		$datarray['author_xchan']   = $observer['xchan_hash'];
-		$datarray['created']        = $created;
-		$datarray['edited']         = (($orig_post) ? datetime_convert() : $created);
-		$datarray['expires']        = $expires;
-		$datarray['commented']      = (($orig_post) ? datetime_convert() : $created);
-		$datarray['received']       = (($orig_post) ? datetime_convert() : $created);
-		$datarray['changed']        = (($orig_post) ? datetime_convert() : $created);
-		$datarray['mid']            = $mid;
-		$datarray['parent_mid']     = $parent_mid;
-		$datarray['mimetype']       = $mimetype;
-		$datarray['title']          = $title;
-		$datarray['body']           = $body;
-		$datarray['app']            = $app;
-		$datarray['location']       = $location;
-		$datarray['coord']          = $coord;
-		$datarray['verb']           = $verb;
-		$datarray['obj_type']       = $obj_type;
-		$datarray['allow_cid']      = $str_contact_allow;
-		$datarray['allow_gid']      = $str_group_allow;
-		$datarray['deny_cid']       = $str_contact_deny;
-		$datarray['deny_gid']       = $str_group_deny;
-		$datarray['item_private']   = $private;
-		$datarray['item_wall']      = $item_wall;
-		$datarray['attach']         = $attachments;
-		$datarray['thr_parent']     = $thr_parent;
-		$datarray['postopts']       = $postopts;
-		$datarray['item_unseen']    = $item_unseen;
-		$datarray['item_wall']      = $item_wall;
-		$datarray['item_origin']    = $item_origin;
-		$datarray['item_type']      = $webpage;
-		$datarray['item_thread_top'] = $item_thread_top;
-		$datarray['item_unseen']    = $item_unseen;
-		$datarray['item_starred']    = $item_starred;
-		$datarray['item_uplink']    = $item_uplink;
-		$datarray['item_consensus']    = $item_consensus;
-		$datarray['item_notshown']    = $item_notshown;
-		$datarray['item_nsfw']    = $item_nsfw;
-		$datarray['item_relay']    = $item_relay;
-		$datarray['item_mentionsme']    = $item_mentionsme;
-		$datarray['item_nocomment']    = $item_nocomment;
-		$datarray['item_obscured']    = $item_obscured;
-		$datarray['item_verified']    = $item_verified;
-		$datarray['item_retained']    = $item_retained;
-		$datarray['item_rss']    = $item_rss;
-		$datarray['item_deleted']    = $item_deleted;
-		$datarray['item_hidden']    = $item_hidden;
-		$datarray['item_unpublished']    = $item_unpublished;
-		$datarray['item_delayed']    = $item_delayed;
-		$datarray['item_pending_remove']    = $item_pending_remove;
-		$datarray['item_blocked']    = $item_blocked;
-	
-		$datarray['layout_mid']     = $layout_mid;
-		$datarray['public_policy']  = $public_policy;
-		$datarray['comment_policy'] = map_scope($comment_policy); 
-		$datarray['term']           = $post_tags;
-		$datarray['plink']          = $plink;
-		$datarray['route']          = $route;
+		$datarray['aid']                 = $channel['channel_account_id'];
+		$datarray['uid']                 = $profile_uid;
+		$datarray['owner_xchan']         = (($owner_hash) ? $owner_hash : $owner_xchan['xchan_hash']);
+		$datarray['author_xchan']        = $observer['xchan_hash'];
+		$datarray['created']             = $created;
+		$datarray['edited']              = (($orig_post) ? datetime_convert() : $created);
+		$datarray['expires']             = $expires;
+		$datarray['commented']           = (($orig_post) ? datetime_convert() : $created);
+		$datarray['received']            = (($orig_post) ? datetime_convert() : $created);
+		$datarray['changed']             = (($orig_post) ? datetime_convert() : $created);
+		$datarray['mid']                 = $mid;
+		$datarray['parent_mid']          = $parent_mid;
+		$datarray['mimetype']            = $mimetype;
+		$datarray['title']               = $title;
+		$datarray['body']                = $body;
+		$datarray['app']                 = $app;
+		$datarray['location']            = $location;
+		$datarray['coord']               = $coord;
+		$datarray['verb']                = $verb;
+		$datarray['obj_type']            = $obj_type;
+		$datarray['allow_cid']           = $str_contact_allow;
+		$datarray['allow_gid']           = $str_group_allow;
+		$datarray['deny_cid']            = $str_contact_deny;
+		$datarray['deny_gid']            = $str_group_deny;
+		$datarray['attach']              = $attachments;
+		$datarray['thr_parent']          = $thr_parent;
+		$datarray['postopts']            = $postopts;
+		$datarray['item_unseen']         = intval($item_unseen);
+		$datarray['item_wall']           = intval($item_wall);
+		$datarray['item_origin']         = intval($item_origin);
+		$datarray['item_type']           = $webpage;
+		$datarray['item_private']        = intval($private);
+		$datarray['item_thread_top']     = intval($item_thread_top);
+		$datarray['item_unseen']         = intval($item_unseen);
+		$datarray['item_starred']        = intval($item_starred);
+		$datarray['item_uplink']         = intval($item_uplink);
+		$datarray['item_consensus']      = intval($item_consensus);
+		$datarray['item_notshown']       = intval($item_notshown);
+		$datarray['item_nsfw']           = intval($item_nsfw);
+		$datarray['item_relay']          = intval($item_relay);
+		$datarray['item_mentionsme']     = intval($item_mentionsme);
+		$datarray['item_nocomment']      = intval($item_nocomment);
+		$datarray['item_obscured']       = intval($item_obscured);
+		$datarray['item_verified']       = intval($item_verified);
+		$datarray['item_retained']       = intval($item_retained);
+		$datarray['item_rss']            = intval($item_rss);
+		$datarray['item_deleted']        = intval($item_deleted);
+		$datarray['item_hidden']         = intval($item_hidden);
+		$datarray['item_unpublished']    = intval($item_unpublished);
+		$datarray['item_delayed']        = intval($item_delayed);
+		$datarray['item_pending_remove'] = intval($item_pending_remove);
+		$datarray['item_blocked']        = intval($item_blocked);	
+		$datarray['layout_mid']          = $layout_mid;
+		$datarray['public_policy']       = $public_policy;
+		$datarray['comment_policy']      = map_scope($comment_policy); 
+		$datarray['term']                = $post_tags;
+		$datarray['plink']               = $plink;
+		$datarray['route']               = $route;
 	
 		if($iconfig)
 			$datarray['iconfig'] = $iconfig;
@@ -864,7 +850,8 @@ class Item extends \Zotlabs\Web\Controller {
 			logger('mod_item: post cancelled by plugin or duplicate suppressed.');
 			if($return_path)
 				goaway(z_root() . "/" . $return_path);
-	
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'operation cancelled' ] );	
 			$json = array('cancel' => 1);
 			$json['reload'] = z_root() . '/' . $_REQUEST['jsreload'];
 			echo json_encode($json);
@@ -902,6 +889,8 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			$x = item_store_update($datarray,$execflag);
 			
+			item_create_edit_activity($x);			
+
 			if(! $parent) {
 				$r = q("select * from item where id = %d",
 					intval($post_id)
@@ -915,6 +904,10 @@ class Item extends \Zotlabs\Web\Controller {
 			if(! $nopush)
 				\Zotlabs\Daemon\Master::Summon(array('Notifier', 'edit_post', $post_id));
 	
+
+			if($api_source)
+				return($x);
+
 			if((x($_REQUEST,'return')) && strlen($return_path)) {
 				logger('return: ' . $return_path);
 				goaway(z_root() . "/" . $return_path );
@@ -927,7 +920,9 @@ class Item extends \Zotlabs\Web\Controller {
 		$post = item_store($datarray,$execflag);
 	
 		$post_id = $post['item_id'];
-	
+
+		$datarray = $post['item'];
+
 		if($post_id) {
 			logger('mod_item: saved item ' . $post_id);
 	
@@ -942,7 +937,7 @@ class Item extends \Zotlabs\Web\Controller {
 						'from_xchan'   => $datarray['author_xchan'],
 						'to_xchan'     => $datarray['owner_xchan'],
 						'item'         => $datarray,
-						'link'		   => z_root() . '/display/' . $datarray['mid'],
+						'link'		   => z_root() . '/display/' . gen_link_id($datarray['mid']),
 						'verb'         => ACTIVITY_POST,
 						'otype'        => 'item',
 						'parent'       => $parent,
@@ -960,7 +955,7 @@ class Item extends \Zotlabs\Web\Controller {
 						'from_xchan'   => $datarray['author_xchan'],
 						'to_xchan'     => $datarray['owner_xchan'],
 						'item'         => $datarray,
-						'link'		   => z_root() . '/display/' . $datarray['mid'],
+						'link'		   => z_root() . '/display/' . gen_link_id($datarray['mid']),
 						'verb'         => ACTIVITY_POST,
 						'otype'        => 'item'
 					));
@@ -987,8 +982,11 @@ class Item extends \Zotlabs\Web\Controller {
 		else {
 			logger('mod_item: unable to retrieve post that was just stored.');
 			notice( t('System error. Post not saved.') . EOL);
-			goaway(z_root() . "/" . $return_path );
-			// NOTREACHED
+			if($return_path)
+				goaway(z_root() . "/" . $return_path );
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'system error' ] );
+			killme();
 		}
 		
 		if(($parent) && ($parent != $post_id)) {
@@ -1009,7 +1007,7 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 	
 		$datarray['id']    = $post_id;
-		$datarray['llink'] = z_root() . '/display/' . $channel['channel_address'] . '/' . $post_id;
+		$datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']);
 	
 		call_hooks('post_local_end', $datarray);
 	
@@ -1043,9 +1041,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		if((! local_channel()) && (! remote_channel()))
 			return;
-	
-		require_once('include/security.php');
-	
+		
 		if((argc() == 3) && (argv(1) === 'drop') && intval(argv(2))) {
 	
 			require_once('include/items.php');
@@ -1081,6 +1077,14 @@ class Item extends \Zotlabs\Web\Controller {
 				else {
 					// complex deletion that needs to propagate and be performed in phases
 					drop_item($i[0]['id'],true,DROPITEM_PHASE1);
+					$r = q("select * from item where id = %d",
+						intval($i[0]['id'])
+					);
+					if($r) {
+						xchan_query($r);
+						$sync_item = fetch_post_tags($r);
+						build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
+					}
 					tag_deliver($i[0]['uid'],$i[0]['id']);
 				}
 			}
@@ -1088,138 +1092,6 @@ class Item extends \Zotlabs\Web\Controller {
 	}
 	
 	
-	function fix_attached_photo_permissions($uid,$xchan_hash,$body,
-			$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
-	
-		if(get_pconfig($uid,'system','force_public_uploads')) {
-			$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
-		}
-	
-		$match = null;
-		// match img and zmg image links
-		if(preg_match_all("/\[[zi]mg(.*?)\](.*?)\[\/[zi]mg\]/",$body,$match)) {
-			$images = $match[2];
-			if($images) {
-				foreach($images as $image) {
-					if(! stristr($image,z_root() . '/photo/'))
-						continue;
-					$image_uri = substr($image,strrpos($image,'/') + 1);
-					if(strpos($image_uri,'-') !== false)
-						$image_uri = substr($image_uri,0, strpos($image_uri,'-'));
-					if(strpos($image_uri,'.') !== false)
-						$image_uri = substr($image_uri,0, strpos($image_uri,'.'));
-					if(! strlen($image_uri))
-						continue;
-					$srch = '<' . $xchan_hash . '>';
-						
-					$r = q("select folder from attach where hash = '%s' and uid = %d limit 1",
-						dbesc($image_uri),
-						intval($uid)
-					);
-					if($r && $r[0]['folder']) {
-						$f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1",
-							dbesc($r[0]['folder']),
-							intval($uid)
-						);
-						if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) {
-							$str_contact_allow = $f[0]['allow_cid'];
-							$str_group_allow = $f[0]['allow_gid'];
-							$str_contact_deny = $f[0]['deny_cid'];
-							$str_group_deny = $f[0]['deny_gid'];
-						}
-					}
-	
-					$r = q("SELECT id FROM photo 
-						WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
-						AND resource_id = '%s' AND uid = %d LIMIT 1",
-						dbesc($srch),
-						dbesc($image_uri),
-						intval($uid)
-					);
-	
-					if($r) {
-						$r = q("UPDATE photo SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
-							WHERE resource_id = '%s' AND uid = %d ",
-							dbesc($str_contact_allow),
-							dbesc($str_group_allow),
-							dbesc($str_contact_deny),
-							dbesc($str_group_deny),
-							dbesc($image_uri),
-							intval($uid)
-						);
-	
-						// also update the linked item (which is probably invisible)
-	
-						$r = q("select id from item
-							WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = ''
-							AND resource_id = '%s' and resource_type = 'photo' AND uid = %d LIMIT 1",
-							dbesc($srch),
-							dbesc($image_uri),
-							intval($uid)
-						);
-						if($r) {
-							$private = (($str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny) ? true : false);
-	
-							$r = q("UPDATE item SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d
-								WHERE id = %d AND uid = %d",
-								dbesc($str_contact_allow),
-								dbesc($str_group_allow),
-								dbesc($str_contact_deny),
-								dbesc($str_group_deny),
-								intval($private),
-								intval($r[0]['id']),
-								intval($uid)
-							);
-						}
-						$r = q("select id from attach where hash = '%s' and uid = %d limit 1",
-							dbesc($image_uri),
-							intval($uid)
-						);
-						if($r) {
-							q("update attach SET allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s'
-								WHERE id = %d AND uid = %d",
-								dbesc($str_contact_allow),
-								dbesc($str_group_allow),
-								dbesc($str_contact_deny),
-								dbesc($str_group_deny),
-								intval($r[0]['id']),
-								intval($uid)
-							);
-						} 
-					}
-				}
-			}
-		}
-	}
-	
-	
-	function fix_attached_file_permissions($channel,$observer_hash,$body,
-			$str_contact_allow,$str_group_allow,$str_contact_deny,$str_group_deny) {
-	
-		if(get_pconfig($channel['channel_id'],'system','force_public_uploads')) {
-			$str_contact_allow = $str_group_allow = $str_contact_deny = $str_group_deny = '';
-		}
-	
-		$match = false;
-	
-		if(preg_match_all("/\[attachment\](.*?)\[\/attachment\]/",$body,$match)) {
-			$attaches = $match[1];
-			if($attaches) {
-				foreach($attaches as $attach) {
-					$hash = substr($attach,0,strpos($attach,','));
-					$rev = intval(substr($attach,strpos($attach,',')));
-					attach_store($channel,$observer_hash,$options = 'update', array(
-						'hash'      => $hash,
-						'revision'  => $rev,
-						'allow_cid' => $str_contact_allow,
-						'allow_gid'  => $str_group_allow,
-						'deny_cid'  => $str_contact_deny,
-						'deny_gid'  => $str_group_deny
-					));
-				}
-			}
-		}
-	}
 	
 	function item_check_service_class($channel_id,$iswebpage) {
 		$ret = array('success' => false, 'message' => '');

Zotlabs/Module/Like.php

@@ -226,7 +226,7 @@ class Like extends \Zotlabs\Web\Controller {
 				$z[0]['deleted'] = 1;
 				build_sync_packet($ch[0]['channel_id'],array('likes' => $z));
 	
-				q("delete from likes where id = %d limit 1",
+				q("delete from likes where id = %d",
 					intval($z[0]['id'])
 				);
 				if($z[0]['i_mid']) {
@@ -447,7 +447,7 @@ class Like extends \Zotlabs\Web\Controller {
 			$arr['thr_parent']   = $item['mid'];
 			$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
 			$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
-			$plink = '[zrl=' . z_root() . '/display/' . $item['mid'] . ']' . $post_type . '[/zrl]';
+			$plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]';
 			$allow_cid       = $item['allow_cid'];
 			$allow_gid       = $item['allow_gid'];
 			$deny_cid        = $item['deny_cid'];

Zotlabs/Module/Linkinfo.php

@@ -13,7 +13,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 	
 		$text = null;
 		$str_tags = '';
-	
+		$process_oembed = true;	
 	
 		$br = "\n";
 	
@@ -22,6 +22,11 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 		else
 			$url = trim($_GET['url']);
 	
+		if(substr($url,0,1) === '!') {
+			$process_oembed = false;
+			$url = substr($url,1);
+		}
+
 		$url = strip_zids($url);
 	
 		if((substr($url,0,1) != '/') && (substr($url,0,4) != 'http'))
@@ -91,10 +96,12 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			killme();
 		}
 	
-		$x = oembed_process($url);
-		if($x) {
-			echo $x;
-			killme();
+		if($process_oembed) {
+			$x = oembed_process($url);
+			if($x) {
+				echo $x;
+				killme();
+			}
 		}
 	
 		if($url && $title && $text) {

Zotlabs/Module/Lockview.php

@@ -32,10 +32,10 @@ class Lockview extends \Zotlabs\Web\Controller {
 		if(! $item_id)
 			killme();
 	
-		if (!in_array($type, array('item','photo','event', 'menu_item', 'chatroom')))
+		if (! in_array($type, array('item', 'photo', 'attach', 'event', 'menu_item', 'chatroom')))
 			killme();
 	
-		//we have different naming in in menu_item table and chatroom table
+		// we have different naming in in menu_item table and chatroom table
 		switch($type) {
 			case 'menu_item':
 				$id = 'mitem_id';
@@ -101,8 +101,24 @@ class Lockview extends \Zotlabs\Web\Controller {
 		stringify_array_elms($deny_groups,true);
 		stringify_array_elms($deny_users,true);
 	
+
+		$profile_groups = [];
+		if($allowed_groups) {
+			foreach($allowed_groups as $g) {
+				if(substr($g,0,4) === '\'vp.') {
+					$profile_groups[] = '\'' . substr($g,4);
+				}
+			}
+		}
+		if(count($profile_groups)) {
+			$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
+			if($r)
+				foreach($r as $rr) 
+					$l[] = '<li><b>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</b></li>';
+		}
+
 		if(count($allowed_groups)) {
-			$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
+			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<li><b>' . $rr['gname'] . '</b></li>';
@@ -120,8 +136,27 @@ class Lockview extends \Zotlabs\Web\Controller {
 				}
 			}
 		}
+
+
+		$profile_groups = [];
+		if($deny_groups) {
+			foreach($deny_groups as $g) {
+				if(substr($g,0,4) === '\'vp.') {
+					$profile_groups[] = '\'' . substr($g,4);
+				}
+			}
+		}
+		if(count($profile_groups)) {
+			$r = q("SELECT profile_name FROM profile WHERE profile_guid IN ( " . implode(', ', $profile_groups) . " )");
+			if($r)
+				foreach($r as $rr) 
+					$l[] = '<li><b><strike>' . t('Profile','acl') . ' ' . $rr['profile_name'] . '</strike></b></li>';
+		}
+
+
+
 		if(count($deny_groups)) {
-			$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
+			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<li><b><strike>' . $rr['gname'] . '</strike></b></li>';

Zotlabs/Module/Locs.php

@@ -80,7 +80,7 @@ class Locs extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 	
 		if(! local_channel()) {

Zotlabs/Module/Lostpass.php

@@ -43,18 +43,19 @@ class Lostpass extends \Zotlabs\Web\Controller {
 	
 		$subject = email_header_encode(sprintf( t('Password reset requested at %s'),get_config('system','sitename')), 'UTF-8');
 	
-		$res = mail($email, $subject ,
-				$message,
-				'From: Administrator@' . $_SERVER['SERVER_NAME'] . "\n"
-				. 'Content-type: text/plain; charset=UTF-8' . "\n"
-				. 'Content-transfer-encoding: 8bit' );
-	
-	
+		$res = z_mail(
+			[ 
+			'toEmail' => $email,
+			'messageSubject' => sprintf( t('Password reset requested at %s'), get_config('system','sitename')),
+			'textVersion' => $message,
+			]
+		);
+
 		goaway(z_root());
 	}
 	
 	
-		function get() {
+	function get() {
 	
 	
 		if(x($_GET,'verify')) {
@@ -102,20 +103,22 @@ class Lostpass extends \Zotlabs\Web\Controller {
 	
 				$email_tpl = get_intltext_template("passchanged_eml.tpl");
 				$message = replace_macros($email_tpl, array(
-				'$sitename' => \App::$config['sitename'],
-				'$siteurl' =>  z_root(),
-				'$username' => sprintf( t('Site Member (%s)'), $email),
-				'$email' => $email,
-				'$new_password' => $new_password,
-				'$uid' => $newuid ));
-	
-				$subject = email_header_encode( sprintf( t('Your password has changed at %s'), get_config('system','sitename')), 'UTF-8');
-	
-				$res = mail($email,$subject,$message,
-					'From: ' . 'Administrator@' . $_SERVER['SERVER_NAME'] . "\n"
-					. 'Content-type: text/plain; charset=UTF-8' . "\n"
-					. 'Content-transfer-encoding: 8bit' );
+					'$sitename' => \App::$config['sitename'],
+					'$siteurl' =>  z_root(),
+					'$username' => sprintf( t('Site Member (%s)'), $email),
+					'$email' => $email,
+					'$new_password' => $new_password,
+					'$uid' => $newuid )
+				);
 	
+				$res = z_mail(
+					[ 
+					'toEmail'        => $email,
+					'messageSubject' => sprintf( t('Your password has changed at %s'), get_config('system','sitename')),
+					'textVersion'    => $message,
+					]
+				);
+
 				return $o;
 			}
 		

Zotlabs/Module/Magic.php

@@ -140,7 +140,7 @@ class Magic extends \Zotlabs\Web\Controller {
 	
 			\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
 	
-			$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode($channel['channel_address'] . '@' . \App::get_hostname())
+			$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))
 				. '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION;
 	
 			if($delegate)