commit 1.4

Merge branch 'master' into dev

.homeinstall/README.md

@@ -2,7 +2,10 @@
 
 Run hubzilla-setup.sh for an unattended installation of hubzilla.
 
-The script is known to work with Debian stable (Jessie).
+The script is known to work with Debian 8.3 stable (Jessie)
+
++ Home-PC (Debian-8.3.0-amd64)
++ DigitalOcean droplet (Debian 8.3 x64 / 512 MB Memory / 20 GB Disk / NYC3)
 
 # Step-by-Step Overwiew
 
@@ -19,13 +22,20 @@ Software
 + Fresh installation of Debian on your mini-pc
 + Router with open ports 80 and 443 for your Debian
 
-## The basic steps
+## The basic steps (quick overview)
 
 + Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS)
-+ Clone hubzilla to /var/www/html
-+ Copy hubzilla-config.txt and hubzilla-setup.sh to your Debian (future hub)
-+ Edit hubzilla-config.txt. Enter your values there: db pass, domain, values for dyn DNS
-+ Run hubzilla-setup.sh as root ... wait, wait, wait until the script is finised
++ Log on to your new debian (server)
+  - apt-get install git
+  - mkdir -p /var/www/html
+  - cd /var/www/html
+  - git clone https://github.com/redmatrix/hubzilla.git .
+  - cp .homeinstall/hubzilla-config.txt.template .homeinstall/hubzilla-config.txt
+  - nano .homeinstall/hubzilla-config.txt
+    - Enter your values there: db pass, domain, values for dyn DNS
+  - hubzilla-setup.sh as root
+    - ... wait, wait, wait until the script is finised
+  - reboot
 + Open your domain with a browser and step throught the initial configuration of hubzilla.
 
 # Step-by-Step in Detail
@@ -76,6 +86,8 @@ There are two way to get a domain
 
 ### Method 1: Get yourself an own Domain (recommended)
 
+...for example at selfHOST.de
+
 ### Method 2 Register a (free) Subdomain
 
 Register a free subdomain for example at
@@ -118,8 +130,12 @@ Clone hubzilla from git ("git pull" will update it later)
 Change to the install script
 
     cd html/.homeinstall/
+    
+Copy the template file
+    
+    cp hubzilla-config.txt.template hubzilla-config.txt
 
-Change the file "hubzilla-config.txt". Enter your values there.
+Change the file "hubzilla-config.txt". Read the instructions there and enter your values.
 
     nano hubzilla-config.txt
 
@@ -146,10 +162,3 @@ Leave db type "MySQL" untouched.
 
 Follow the instructions in the next pages.
 
-# The Script explained
-
-This chapter shows you
-
-- What the script does exactly
-- Explanations on technical details. May be this will encourage you to play with bash scripts?
-

.homeinstall/hubzilla-setup.sh

@@ -224,6 +224,19 @@ function print_warn {
     echo -e '\e[0m'
 }
 
+function stop_hubzilla {
+    if [ -d /etc/apache2 ]
+    then
+        print_info "stopping apache webserver..."
+        service apache2 stop
+    fi
+    if [ -f /etc/init.d/mysql ]
+    then
+        print_info "stopping mysql db..."
+        /etc/init.d/mysql stop
+    fi
+}
+
 function install_apache {
     print_info "installing apache..."
     nocheck_install "apache2 apache2-utils"
@@ -236,7 +249,7 @@ function install_curl {
 
 function install_sendmail {
     print_info "installing sendmail..."
-    nocheck_install "sendmail"
+    nocheck_install "sendmail sendmail-bin"
 }
 
 function install_php {
@@ -561,7 +574,8 @@ function install_hubzilla {
     chmod -R 777 store
     touch .htconfig.php
     chmod ou+w .htconfig.php
-    cd ..
+    install_hubzilla_plugins
+    cd /var/www/
     chown -R www-data:www-data html
 	chown root:www-data /var/www/html/
 	chown root:www-data /var/www/html/.htaccess
@@ -575,6 +589,73 @@ function install_hubzilla {
     print_info "installed hubzilla"
 }
 
+function install_hubzilla_plugins {
+    print_info "installing hubzilla plugins..."
+    cd /var/www/html
+    plugin_install=.homeinstall/plugin_install.txt
+    theme_install=.homeinstall/theme_install.txt
+    # overwrite script to update the plugin and themes
+    rm -f $plugins_update
+    echo "cd /var/www/html" >> $plugins_update
+    ###################
+    # write plugin file
+    if [ ! -f "$plugin_install" ]
+    then
+        echo "# To install a plugin" >> $plugin_install
+        echo "# 1. add the plugin in a new line and run" >> $plugin_install
+        echo "# 2. run" >> $plugin_install
+        echo "#   cd /var/www/html/.homeinstall" >> $plugin_install
+        echo "#   ./hubzilla-setup.sh" >> $plugin_install
+        echo "https://gitlab.com/zot/ownmapp.git ownMapp" >> $plugin_install
+        echo "https://gitlab.com/zot/hubzilla-chess.git chess" >> $plugin_install
+    fi
+    # install plugins
+    while read -r line; do
+        [[ "$line" =~ ^#.*$ ]] && continue
+        p_url=$(echo $line | awk -F' ' '{print $1}')
+        p_name=$(echo $line | awk -F' ' '{print $2}')
+        # basic check of format
+	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
+	    then
+            # install addon
+            util/add_addon_repo $line
+            util/update_addon_repo $p_name # not sure if this line is neccessary
+            echo "util/update_addon_repo $p_name" >> $plugins_update
+        else
+            print_info "skipping installation of a plugin from file $plugin_install - something wrong with format in line: $line"
+	    fi
+    done < "$plugin_install"
+    ###################
+    # write theme file
+    if [ ! -f "$theme_install" ]
+    then
+        echo "# To install a theme" >> $theme_install
+        echo "# 1. add the theme in a new line and run" >> $theme_install
+        echo "# 2. run" >> $theme_install
+        echo "#   cd /var/www/html/.homeinstall" >> $theme_install
+        echo "#   ./hubzilla-setup.sh" >> $theme_install
+        echo "https://github.com/DeadSuperHero/hubzilla-themes.git DeadSuperHeroThemes" >> $theme_install
+
+    fi
+    # install plugins
+    while read -r line; do
+        [[ "$line" =~ ^#.*$ ]] && continue
+        p_url=$(echo $line | awk -F' ' '{print $1}')
+        p_name=$(echo $line | awk -F' ' '{print $2}')
+        # basic check of format
+	    if [ ${#p_url} -ge 1 ] && [ ${#p_name} -ge 1 ]
+	    then
+            # install addon
+            util/add_theme_repo $line
+            util/update_theme_repo $p_name # not sure if this line is neccessary
+            echo "util/update_theme_repo $p_name" >> $plugins_update
+        else
+            print_info "skipping installation of a theme from file $theme_install - something wrong with format in line: $line"
+	    fi
+    done < "$theme_install"
+    print_info "installed hubzilla plugins and themes"
+}
+
 function rewrite_to_https {
     print_info "configuring apache to redirect http to httpS ..."
     htaccessfile=/var/www/html/.htaccess
@@ -762,6 +843,7 @@ echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/html/ pull" >> /var/www/$hubzilladaily
 echo "echo \"\$(date) - updating hubhilla addons...\"" >> /var/www/$hubzilladaily
 echo "git -C /var/www/html/addon/ pull" >> /var/www/$hubzilladaily
+echo "bash /var/www/html/$plugins_update" >> /var/www/$hubzilladaily
 echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
 echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
 echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
@@ -827,6 +909,7 @@ source $configfile
 selfhostdir=/etc/selfhost
 selfhostscript=selfhost-updater.sh
 hubzilladaily=hubzilla-daily.sh
+plugins_update=.homeinstall/plugins_update.sh
 snapshotconfig=/etc/rsnapshot_hubzilla.conf
 snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf
 backup_mount_point=/media/hubzilla_backup
@@ -836,6 +919,7 @@ sslconf=/etc/apache2/sites-available/default-ssl.conf
 #set -x    # activate debugging from here
 
 check_config
+stop_hubzilla
 update_upgrade
 install_curl
 install_sendmail

.openshift/action_hooks/deploy

@@ -181,6 +181,7 @@ echo "chmod done, permissions set to 777 on poller script."
 # to make Hubzilla on OpenShift a more pleasant experience 
 echo "Changing default configuration to conserve space and autocreate a social private channel upon account registration"
 cd ${OPENSHIFT_REPO_DIR}
+util/config system auto_channel_create
 util/config system default_permissions_role social_private
 util/config system workflow_channel_next channel
 util/config system expire_delivery_reports 3

CHANGELOG

@@ -1,3 +1,79 @@
+Hubzilla 1.4
+	[This list may appear brief, but encompasses a huge amount of re-writing and re-factoring
+	of the internal code structure to gain long-term performance and stability and provide a standard
+	interface to alternate protocol federation plugins which were made possible by the UNO configuration.
+	UNO is a configuration of hubzilla introduced in 1.3 with reduced complexity and which provides 
+	improved protocol federation potential to other networks by virtue of removing nomadic identity 
+	(which is not possible to model or work around using other network protocols).]  
+
+	Implement channel move operation for UNO configuration
+	Remove bookmark references in UNO (which has no bookmarks by default)
+	UI cleanup profiles/chat/manage
+	Refactor webfinger probes and salmon backend for GNU-social federation
+	SECURITY: DAV authentication exploit
+	Context help added
+	More help pages
+	Provide 'posts only' feed
+	Refactor App to remove globals
+	Refactor Session to remove globals
+	provide a fullscreen mode for selected modules and functions
+	Regression: some addon routes broken
+	fix "remember me"
+	Autocomplete tool extended to bbcode/comanche
+	Clone sync of file/photo updates
+	system rename (e.g. http to https or DNS name change) missing some connection photos
+	calendar module not blocked to public whhen block_public enabled
+	Use timeago.js in reshare content so that timestamps will be correct on federated reshares
+	Rework detection of JavaScript to avoid reload penalty under normal operation
+	Changed primary directory server to a hubzilla server
+	Plugins:
+		Diaspora - switch to alternate XML parser to avoid storing compound objects	
+		GNU-Social - Huge amounts of work, federation somewhat working now, several issues remain
+		Friendica - Initial federation work (not yet published)
+		
+Hubzilla 1.3
+	Admin Security configuration page created which consolidates several previously hidden settings:
+		Communication white/black lists
+		Channel white/black lists
+		OEmbed white/black lists
+	Admin Profile Fields page created which manages the availability and order of standard profile fields and allows new fields to be created/managed
+	"Poke" module reworked - page UI updated and "poke basic" setting introduced which limits the available poke "verbs".
+	"Mood" module UI reworked
+	"profile_photo" module UI reworked
+	"cover_photo" module UI reworked
+	"new_channel" module UI reworked
+	"register" module UI reworked
+	"pubsites" module UI reworked
+	item-meta ("iconfig") created which implements arbitrary storage for item metadata for plugins
+	abook-meta ("abconfig") created which implements arbitrary storage for connection metadata for plugins
+	"Strict transport security header" made optional as it conflicts with some existing Apache/nginx configurations 
+	"Hubzilla UNO" (Hubzilla with radically simplified and locked site settings) implemented as an install configuration. 
+	.well-known directory conflict worked out to support LetsEncrypt cert ownership checks without disrupting webfinger and other internal uses of .well-known
+	Lots of work on 'zcards' which are self-contained HTML representations of a channel including cover photos, profile photos, and some text information
+	Long standing bug uncovered which failed to properly restrict the lower time limit for public feed requests
+	A number of fixes to "readmore" to fix page jumping
+	Bugfix: persons other than the channel owner who have permission to upload photos to a channel could not do so if the js_upload plugin/addon was enabled
+	Siteinfo incorrectly identifying secondary directory servers
+	Allow admin to set and lock features when UNO is configured 
+	Atom feeds: alter how events are formatted to be compatible with GNU-social
+	Allow guest/visitor access to view personal calendar
+	Moved several more classes to "composer format" and provided an autoloader.
+	Bugfix: require existing password to change password
+	Bugfix: allow relative_date() to be translated to Polish which has more than two plural forms. 
+	Plugin API: add "requires" keyword to module header to indicate dependent addons
+	ActivityStreams improvements and cleanup: photo and file activities
+	UI cleanup for editing profile when multiple profiles enabled
+	Removed the "markdown" feature as there are numerous issues and no maintainer.
+	Provide "footer" bbcode to ease theming of post footer content
+	Bugfix: install issues caused by composer code refactor and typo in postgres load file 
+	Plugins:
+		keepout - "block public on steroids"
+		pubsubhubbub - provides PuSH support to Atom feeds, required for GNU-social federation
+		GNUsocial protocol - under development
+		Diaspora protocol - some work to ease migration to the new signing format
+		Diaspost - disabled; numerous issues and no maintainer
+		smileybutton - theme work and fixed compatibility with other jot-tools plugins
+		
 
 Hubzilla 1.2
 	Provide extra HTTP security headers (several of them).

README.md

@@ -3,26 +3,26 @@
 Hubzilla - Community Server
 ===========================
 
-Help us redefine the web - using integrated and united community websites. 
---------------------------------------------------------------------------
+Connected and linked web communities. 
+-------------------------------------
 
 <p align="center" markdown="1">
 <em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
 </p>
 
-**What are Hubs?**
+**What are Hubz?**
 
-Hubs are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
+Hubz are independent general-purpose websites that not only connect with their associated members and viewers, but also connect together to exchange personal communications and other information with each other.  
 This allows hub members on any hub to securely and privately share anything; with anybody, on any hub - anywhere; or share stuff publicly with anybody on the internet if desired. 
 
-**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache, although Mariadb or Postgres and Nginx could also be used - we're pretty easy). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
+**Hubzilla** is the server software which makes this possible. It is a sophisticated and unique combination of an open source content management system and a decentralised identity, communications, and permissions framework and protocol suite, built using common webserver technology (PHP/MySQL/Apache and popular variants). The end result is a level of systems integration, privacy control, and communications features that you wouldn't think are possible in either a content management system or a decentralised communications network. It also brings a new level of cooperation and privacy to the web and introduces the concept of personally owned "single sign-on" to web services across the entire internet. 
 
-Hubzilla hubs are
+Hubzilla hubz are
 
 * decentralised
 * inherently social
-* optionally inter-networked with other hubs
-* privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubs)
+* optionally inter-networked with other hubz
+* privacy-enabled (privacy exclusions work across the entire internet to any registered identity on any compatible hubz)
 
 Possible website applications include
 

Zotlabs/Project/System.php

@@ -5,38 +5,39 @@ namespace Zotlabs\Project;
 class System {
 
 	function get_platform_name() {
-		$a = get_app();
-		if(is_array($a->config) && is_array($a->config['system']) && $a->config['system']['platform_name'])
-			return $a->config['system']['platform_name'];
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['platform_name'])
+			return \App::$config['system']['platform_name'];
 		return PLATFORM_NAME;
 	}
 
+	function get_site_name() {
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['sitename'])
+			return \App::$config['system']['sitename'];
+		return '';
+	}
+
 	function get_project_version() {
-		$a = get_app();
-		if(is_array($a->config) && is_array($a->config['system']) && $a->config['system']['hide_version'])
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
 		return RED_VERSION;
 	}
 
 	function get_update_version() {
-		$a = get_app();
-		if(is_array($a->config) && is_array($a->config['system']) && $a->config['system']['hide_version'])
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
 		return DB_UPDATE_VERSION;
 	}
 
 
 	function get_notify_icon() {
-		$a = get_app();
-		if(is_array($a->config) && is_array($a->config['system']) && $a->config['system']['email_notify_icon_url'])
-			return $a->config['system']['email_notify_icon_url'];
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['email_notify_icon_url'])
+			return \App::$config['system']['email_notify_icon_url'];
 		return z_root() . '/images/hz-white-32.png';
 	}
 
 	function get_site_icon() {
-		$a = get_app();
-		if(is_array($a->config) && is_array($a->config['system']) && $a->config['system']['site_icon_url'])
-			return $a->config['system']['site_icon_url'];
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['site_icon_url'])
+			return \App::$config['system']['site_icon_url'];
 		return z_root() . '/images/hz-32.png';
 	}
 

Zotlabs/Storage/BasicAuth.php

@@ -110,7 +110,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 			if ($x) {
 				// @fixme this foreach should not be needed?
 				foreach ($x as $record) {
-					if (($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
 						return $this->setAuthenticated($r[0]);

Zotlabs/Storage/Browser.php

@@ -243,7 +243,7 @@ class Browser extends DAV\Browser\Plugin {
 			));
 
 		$a = get_app();
-		$a->page['content'] = $html;
+		\App::$page['content'] = $html;
 		load_pdl($a);
 
 		$theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";

Zotlabs/Storage/Directory.php

@@ -53,7 +53,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 		logger('directory ' . $ext_path, LOGGER_DATA);
 		$this->ext_path = $ext_path;
 		// remove "/cloud" from the beginning of the path
-		$modulename = get_app()->module; 
+		$modulename = \App::$module; 
 		$this->red_path = ((strpos($ext_path, '/' . $modulename) === 0) ? substr($ext_path, strlen($modulename) + 1) : $ext_path);
 		if (! $this->red_path) {
 			$this->red_path = '/';
@@ -114,7 +114,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			throw new DAV\Exception\Forbidden('Permission denied.');
 		}
 
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 		if ($this->red_path === '/' && $name === $modulename) {
 			return new Directory('/' . $modulename, $this->auth);
 		}
@@ -168,6 +168,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 			intval($this->auth->owner_id)
 		);
 
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
 		$this->red_path = $new_path;
 	}
 
@@ -332,9 +340,15 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 			require_once('include/photos.php');
 			$args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct);
-			$p = photo_upload($c[0],get_app()->get_observer(),$args);
+			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
+		$sync = attach_export_data($c[0],$hash);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
+
 	}
 
 	/**
@@ -356,7 +370,14 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		if ($r) {
 			$result = attach_mkdir($r[0], $this->auth->observer, array('filename' => $name, 'folder' => $this->folder_hash));
-			if (! $result['success']) {
+
+			if($result['success']) {
+				$sync = attach_export_data($r[0],$ret['data']['hash']);
+				if($sync) {
+					build_sync_packet($r[0]['channel_id'],array('file' => array($sync)));
+				}
+			}
+			else {		
 				logger('error ' . print_r($result, true), LOGGER_DEBUG);
 			}
 		}
@@ -380,6 +401,15 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 		}
 
 		attach_delete($this->auth->owner_id, $this->folder_hash);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->folder_hash,true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
+
+
 	}
 
 
@@ -393,7 +423,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 	public function childExists($name) {
 		// On /cloud we show a list of available channels.
 		// @todo what happens if no channels are available?
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 		if ($this->red_path === '/' && $name === $modulename) {
 			//logger('We are at ' $modulename . ' show a channel list', LOGGER_DEBUG);
 			return true;
@@ -417,7 +447,7 @@ class Directory extends DAV\Node implements DAV\ICollection, DAV\IQuota {
 
 		logger('GetDir: ' . $this->ext_path, LOGGER_DEBUG);
 		$this->auth->log();
-		$modulename = get_app()->module;
+		$modulename = \App::$module;
 
 		$file = $this->ext_path;
 

Zotlabs/Storage/File.php

@@ -84,6 +84,20 @@ class File extends DAV\Node implements DAV\IFile {
 			dbesc($this->data['hash']),
 			intval($this->data['id'])
 		);
+
+		if($this->data->is_photo) {
+			$r = q("update photo set filename = '%s' where resource_id = '%s' and uid = %d",
+				dbesc($newName),
+				dbesc($this->data['hash']),
+				intval($this->auth->owner_id)
+			);
+		}
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash']);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 
 	/**
@@ -173,7 +187,7 @@ class File extends DAV\Node implements DAV\IFile {
 		if($is_photo) {
 			require_once('include/photos.php');
 			$args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct );
-			$p = photo_upload($c[0],get_app()->get_observer(),$args);
+			$p = photo_upload($c[0],\App::get_observer(),$args);
 		}
 
 		// update the folder's lastmodified timestamp
@@ -205,6 +219,12 @@ class File extends DAV\Node implements DAV\IFile {
 				return;
 			}
 		}
+
+		$sync = attach_export_data($c[0],$this->data['hash']);
+
+		if($sync) 
+			build_sync_packet($c[0]['channel_id'],array('file' => array($sync)));
+
 	}
 
 	/**
@@ -318,5 +338,12 @@ class File extends DAV\Node implements DAV\IFile {
 		}
 
 		attach_delete($this->auth->owner_id, $this->data['hash']);
+
+		$ch = channelx_by_n($this->auth->owner_id);
+		if($ch) {
+			$sync = attach_export_data($ch,$this->data['hash'],true);
+			if($sync) 
+				build_sync_packet($ch['channel_id'],array('file' => array($sync)));
+		}
 	}
 }

Zotlabs/Web/CheckJS.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class CheckJS {
+
+	private static $jsdisabled = 0;
+
+	function __construct($test = 0) {
+		if(intval($_REQUEST['jsdisabled']))
+			$this->jsdisabled = 1;
+		if(intval($_COOKIE['jsdisabled']))
+			$this->jsdisabled = 1;
+
+		if(! $this->jsdisabled) {
+			$page = urlencode(\App::$query_string);
+
+			if($test) {
+				\App::$page['htmlhead'] .= "\r\n" . '<meta http-equiv="refresh" content="0; url=' . z_root() . '/nojs?f=&redir=' . $page . '">' . "\r\n";
+			}
+			else {
+				\App::$page['htmlhead'] .= "\r\n" . '<noscript><meta http-equiv="refresh" content="0; url=' . z_root() . '/nojs?f=&redir=' . $page . '"></noscript>' . "\r\n";
+			}
+		}
+
+	}
+
+	function disabled() {
+		return self::$jsdisabled;
+	}
+
+
+}
+
+

Zotlabs/Web/HttpMeta.php

@@ -0,0 +1,66 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class HttpMeta {
+
+	private $vars = null;
+	private $og = null;
+
+	function __construct() {
+
+		$this->vars = array();
+		$this->og = array();
+
+	}
+
+	function set($property,$value) {
+		if(strpos($property,'og:') === 0)
+			$this->og[$property] = $value;
+		else
+			$this->vars[$property] = $value;
+	}
+
+	function check_required() {
+		if(
+			($this->og) 
+			&& array_key_exists('og:title',$this->og) 
+			&& array_key_exists('og:type', $this->og) 
+			&& array_key_exists('og:image',$this->og) 
+			&& array_key_exists('og:url',  $this->og)
+		)
+			return true;
+		return false;
+	}
+
+	function get_field($field) {
+		if(strpos($field,'og:') === 0)
+			$arr = $this->og;
+		else
+			$arr = $this->vars;
+
+		if($arr && array_key_exists($field,$arr) && $arr[$field])
+			return $arr[$field];
+		return false;
+	}
+
+
+	function get() {
+		$o = '';
+		if($this->vars) {
+			foreach($this->vars as $k => $v) {
+				$o .= '<meta property="' . $k . '" content="' . urlencode($v) . '" />' . "\r\n" ;
+			}
+		}
+		if($this->check_required()) {
+			foreach($this->og as $k => $v) {
+				$o .= '<meta property="' . $k . '" content="' . urlencode($v) . '" />' . "\r\n" ;
+			}
+		}
+		if($o)
+			return "\r\n" . $o;
+		return $o;
+	}
+
+}

Zotlabs/Web/Router.php

@@ -9,9 +9,9 @@ class Router {
 
 		/**
 		 *
-		 * We have already parsed the server path into $a->argc and $a->argv
+		 * We have already parsed the server path into App::$argc and App::$argv
 		 *
-		 * $a->argv[0] is our module name. We will load the file mod/{$a->argv[0]}.php
+		 * App::$argv[0] is our module name. We will load the file mod/{App::$argv[0]}.php
 		 * and use it for handling our URL request.
 		 * The module file contains a few functions that we call in various circumstances
 		 * and in the following order:
@@ -25,7 +25,9 @@ class Router {
 		 * further processing.
 		 */
 
-		if(strlen($a->module)) {
+		$module = \App::$module;
+
+		if(strlen($module)) {
 
 			/**
 			 *
@@ -34,14 +36,14 @@ class Router {
 			 *
 			 */
 
-			if(is_array($a->plugins) && in_array($a->module,$a->plugins) && file_exists("addon/{$a->module}/{$a->module}.php")) {
-				include_once("addon/{$a->module}/{$a->module}.php");
-				if(function_exists($a->module . '_module'))
-					$a->module_loaded = true;
+			if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
+				include_once("addon/{$module}/{$module}.php");
+				if(function_exists($module . '_module'))
+					\App::$module_loaded = true;
 			}
 
-			if((strpos($a->module,'admin') === 0) && (! is_site_admin())) {
-				$a->module_loaded = false;
+			if((strpos($module,'admin') === 0) && (! is_site_admin())) {
+				\App::$module_loaded = false;
 				notice( t('Permission denied.') . EOL);
 				goaway(z_root());
 			}
@@ -51,17 +53,19 @@ class Router {
 			 * Otherwise, look for the standard program module in the 'mod' directory
 			 */
 
-			if(! $a->module_loaded) {
-				if(file_exists("mod/site/{$a->module}.php")) {
-					include_once("mod/site/{$a->module}.php");
-					$a->module_loaded = true;
+			if(! (\App::$module_loaded)) {
+				if(file_exists("mod/site/{$module}.php")) {
+					include_once("mod/site/{$module}.php");
+					\App::$module_loaded = true;
 				}
-				elseif(file_exists("mod/{$a->module}.php")) {
-					include_once("mod/{$a->module}.php");
-					$a->module_loaded = true;
+				elseif(file_exists("mod/{$module}.php")) {
+					include_once("mod/{$module}.php");
+					\App::$module_loaded = true;
 				}
+				else logger("mod/{$module}.php not found.");
 			}
 
+
 			/**
 			 * This provides a place for plugins to register module handlers which don't otherwise exist on the system.
 			 * If the plugin sets 'installed' to true we won't throw a 404 error for the specified module even if
@@ -69,10 +73,10 @@ class Router {
 			 * The plugin should catch at least one of the module hooks for this URL. 
 			 */
 
-			$x = array('module' => $a->module, 'installed' => false);
+			$x = array('module' => $module, 'installed' => false);
 			call_hooks('module_loaded', $x);
 			if($x['installed'])
-				$a->module_loaded = true;
+				\App::$module_loaded = true;
 
 			/**
 			 * The URL provided does not resolve to a valid module.
@@ -85,28 +89,28 @@ class Router {
 			 * Otherwise we are going to emit a 404 not found.
 	 		 */
 
-			if(! $a->module_loaded) {
+			if(! (\App::$module_loaded)) {
 
 				// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
 				if((x($_SERVER, 'QUERY_STRING')) && preg_match('/{[0-9]}/', $_SERVER['QUERY_STRING']) !== 0) {
 					killme();
 				}
 
-				if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && $a->config['system']['dreamhost_error_hack']) {
+				if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && \App::$config['system']['dreamhost_error_hack']) {
 					logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
-					goaway($a->get_baseurl() . $_SERVER['REQUEST_URI']);
+					goaway(z_root() . $_SERVER['REQUEST_URI']);
 				}
 
 				logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
 				header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
 				$tpl = get_markup_template('404.tpl');
-				$a->page['content'] = replace_macros($tpl, array(
+				\App::$page['content'] = replace_macros($tpl, array(
 						'$message' => t('Page not found.')
 				));
 
 				// pretend this is a module so it will initialise the theme
-				$a->module = '404';
-				$a->module_loaded = true;
+				\App::$module = '404';
+				\App::$module_loaded = true;
 			}
 		}
 	}
@@ -118,8 +122,8 @@ class Router {
 		 * Call module functions
 		 */
 
-		if($a->module_loaded) {
-			$a->page['page_title'] = $a->module;
+		if(\App::$module_loaded) {
+			\App::$page['page_title'] = \App::$module;
 			$placeholder = '';
 
 			/**
@@ -129,11 +133,11 @@ class Router {
 			 * to over-ride them.
 			 */
 
-			if(function_exists($a->module . '_init')) {
+			if(function_exists(\App::$module . '_init')) {
 				$arr = array('init' => true, 'replace' => false);		
-				call_hooks($a->module . '_mod_init', $arr);
+				call_hooks(\App::$module . '_mod_init', $arr);
 				if(! $arr['replace']) {
-					$func = $a->module . '_init';
+					$func = \App::$module . '_init';
 					$func($a);
 				}
 			}
@@ -167,32 +171,32 @@ class Router {
 				$func = str_replace('-', '_', current_theme()) . '_init';
 				$func($a);
 			}
-			elseif (x($a->theme_info, 'extends') && file_exists('view/theme/' . $a->theme_info['extends'] . '/php/theme.php')) {
-				require_once('view/theme/' . $a->theme_info['extends'] . '/php/theme.php');
-				if(function_exists(str_replace('-', '_', $a->theme_info['extends']) . '_init')) {
-					$func = str_replace('-', '_', $a->theme_info['extends']) . '_init';
+			elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) {
+				require_once('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php');
+				if(function_exists(str_replace('-', '_', \App::$theme_info['extends']) . '_init')) {
+					$func = str_replace('-', '_', \App::$theme_info['extends']) . '_init';
 					$func($a);
 				}
 			}
 
-			if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
-				&& (function_exists($a->module . '_post'))
+			if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error)
+				&& (function_exists(\App::$module . '_post'))
 				&& (! x($_POST, 'auth-params'))) {		
-				call_hooks($a->module . '_mod_post', $_POST);
-				$func = $a->module . '_post';
+				call_hooks(\App::$module . '_mod_post', $_POST);
+				$func = \App::$module . '_post';
 				$func($a);
 			}
 
-			if((! $a->error) && (function_exists($a->module . '_content'))) {
-				$arr = array('content' => $a->page['content'], 'replace' => false);
-				call_hooks($a->module . '_mod_content', $arr);
-				$a->page['content'] = $arr['content'];
+			if((! \App::$error) && (function_exists(\App::$module . '_content'))) {
+				$arr = array('content' => \App::$page['content'], 'replace' => false);
+				call_hooks(\App::$module . '_mod_content', $arr);
+				\App::$page['content'] = $arr['content'];
 				if(! $arr['replace']) {
-					$func = $a->module . '_content';
+					$func = \App::$module . '_content';
 					$arr = array('content' => $func($a));
 				}
-				call_hooks($a->module . '_mod_aftercontent', $arr);
-				$a->page['content'] .= $arr['content'];
+				call_hooks(\App::$module . '_mod_aftercontent', $arr);
+				\App::$page['content'] .= $arr['content'];
 			}
 		}
 	}

Zotlabs/Web/Session.php

@@ -0,0 +1,160 @@
+<?php
+
+namespace Zotlabs\Web;
+
+/**
+ *
+ * @brief This file includes session related functions.
+ *
+ * Session management functions. These provide database storage of PHP
+ * session info.
+ */
+
+
+class Session {
+
+	private static $handler = null;
+	private static $session_started = false;
+
+	function init() {
+
+		$gc_probability = 50;
+
+		ini_set('session.gc_probability', $gc_probability);
+		ini_set('session.use_only_cookies', 1);
+		ini_set('session.cookie_httponly', 1);
+	
+		/*
+		 * Set our session storage functions.
+		 */
+
+		$handler = new \Zotlabs\Web\SessionHandler();
+		self::$handler = $handler;
+
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
+
+		// Force cookies to be secure (https only) if this site is SSL enabled. 
+		// Must be done before session_start().
+
+		$arr = session_get_cookie_params();
+		session_set_cookie_params(
+			((isset($arr['lifetime']))   ? $arr['lifetime'] : 0),
+			((isset($arr['path']))      ? $arr['path']     : '/'),
+			((isset($arr['domain']))    ? $arr['domain']   : App::get_hostname()),
+			((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+			((isset($arr['httponly']))  ? $arr['httponly'] : true)
+		);
+	}
+
+	function start() {
+		session_start();
+		self::$session_started = true;
+	}
+
+	/**
+	 * @brief Resets the current session.
+	 *
+	 * @return void
+	 */
+
+	function nuke() {
+		self::new_cookie(0); // 0 means delete on browser exit
+		if($_SESSION && count($_SESSION)) {
+			foreach($_SESSION as $k => $v) {
+				unset($_SESSION[$k]);
+			}
+		}
+	}
+
+	function new_cookie($xtime) {
+
+		$newxtime = (($xtime> 0) ? (time() + $xtime) : 0);
+
+		$old_sid = session_id();
+
+		if(self::$handler && self::$session_started) {
+			session_regenerate_id(true);
+
+			// force SessionHandler record creation with the new session_id
+			// which occurs as a side effect of read()
+
+			self::$handler->read(session_id());
+		}
+		else 
+			logger('no session handler');
+
+		if (x($_COOKIE, 'jsdisabled')) {
+			setcookie('jsdisabled', $_COOKIE['jsdisabled'], $newxtime);
+		}
+		setcookie(session_name(),session_id(),$newxtime);
+
+		$arr = array('expire' => $xtime);
+		call_hooks('new_cookie', $arr);
+
+	}
+
+	function extend_cookie() {
+
+		// if there's a long-term cookie, extend it
+
+		$xtime = (($_SESSION['remember_me']) ? (60 * 60 * 24 * 365) : 0 );
+
+		if($xtime)
+			setcookie(session_name(),session_id(),(time() + $xtime));
+		$arr = array('expire' => $xtime);
+		call_hooks('extend_cookie', $arr);
+
+	}
+
+
+	function return_check() {
+
+		// check a returning visitor against IP changes.
+		// If the change results in being blocked from re-entry with the current cookie
+		// nuke the session and logout.
+		// Returning at all indicates the session is still valid.
+
+		// first check if we're enforcing that sessions can't change IP address
+		// @todo what to do with IPv6 addresses
+
+		if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
+			logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+
+			$partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); 
+			$partial2 = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], '.')); 
+
+			$paranoia = intval(get_pconfig($_SESSION['uid'], 'system', 'paranoia'));
+
+			if(! $paranoia)
+				$paranoia = intval(get_config('system', 'paranoia'));
+
+			switch($paranoia) {
+				case 0:
+					// no IP checking
+					break;
+				case 2:
+					// check 2 octets
+					$partial1 = substr($partial1, 0, strrpos($partial1, '.'));
+					$partial2 = substr($partial2, 0, strrpos($partial2, '.'));
+					if($partial1 == $partial2)
+						break;
+				case 1:
+					// check 3 octets
+					if($partial1 == $partial2)
+						break;
+				case 3:
+				default:
+					// check any difference at all
+					logger('Session address changed. Paranoid setting in effect, blocking session. '
+					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
+					self::nuke();
+					goaway(z_root());
+					break;
+			}
+		}
+		return true;
+	}
+
+}

Zotlabs/Web/SessionHandler.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace Zotlabs\Web;
+
+
+class SessionHandler implements \SessionHandlerInterface {
+
+
+	function open ($s, $n) {
+		return true;
+	}
+
+	// IMPORTANT: if we read the session and it doesn't exist, create an empty record.
+	// We rely on this due to differing PHP implementation of session_regenerate_id()
+	// some which call read explicitly and some that do not. So we call it explicitly
+	// just after sid regeneration to force a record to exist.
+
+	function read ($id) {
+
+		if($id) {
+			$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
+
+			if($r) {
+				return $r[0]['data'];
+			}
+			else {
+				q("INSERT INTO `session` (sid, expire) values ('%s', '%s')",
+					dbesc($id),
+					dbesc(time() + 300)
+				);
+			}
+		}
+
+		return '';
+	}
+
+
+	function write ($id, $data) {
+
+		if(! $id || ! $data) {
+			return false;
+		}
+
+		// Unless we authenticate somehow, only keep a session for 5 minutes
+		// The viewer can extend this by performing any web action using the
+		// original cookie, but this allows us to cleanup the hundreds or 
+		// thousands of empty sessions left around from web crawlers which are
+		// assigned cookies on each page that they never use. 
+
+		$expire = time() + 300;
+
+		if($_SESSION) {
+			if(array_key_exists('remember_me',$_SESSION) && intval($_SESSION['remember_me']))
+				$expire = time() + (60 * 60 * 24 * 365);
+			elseif(local_channel())
+				$expire = time() + (60 * 60 * 24 * 3);
+			elseif(remote_channel())
+				$expire = time() + (60 * 60 * 24 * 1);
+		}
+
+		q("UPDATE `session`
+			SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
+			dbesc($data),
+			dbesc($expire),
+			dbesc($id)
+		);
+
+		return true;
+	}
+
+	
+	function close() {
+		return true;
+	}
+
+
+	function destroy ($id) {
+		q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
+		return true;
+	}
+
+
+	function gc($expire) {
+		q("DELETE FROM session WHERE expire < %d", dbesc(time()));
+		return true;
+	}
+
+}

Zotlabs/Zot/Auth.php

@@ -132,7 +132,7 @@ class Auth {
 			// tell them to logout if they're logged in locally as anything but the target remote account
 			// in which case just shut up because they don't need to be doing this at all.
 
-			if (get_app()->channel['channel_hash'] == $hubloc['xchan_hash']) {
+			if (\App::$channel['channel_hash'] == $hubloc['xchan_hash']) {
 				return true;
 			}
 			else {
@@ -242,9 +242,9 @@ class Auth {
 
 		$arr = array('xchan' => $hubloc, 'url' => $this->desturl, 'session' => $_SESSION);
 		call_hooks('magic_auth_success',$arr);
-		get_app()->set_observer($hubloc);
+		\App::set_observer($hubloc);
 		require_once('include/security.php');
-		get_app()->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+		\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
 		info(sprintf( t('Welcome %s. Remote authentication successful.'),$hubloc['xchan_name']));
 		logger('mod_zot: auth success from ' . $hubloc['xchan_addr']);
 		$this->success = true;
@@ -341,5 +341,5 @@ class Auth {
  * Service_class can be used by cooperating sites to provide different access rights based on account rights and subscription plans. It is 
  * a string whose contents are not defined by protocol. Example: "basic" or "gold".
  *
- * @param[in,out] App &$a
+ * @param[in,out] \App &$a
  */

Zotlabs/Zot/Verify.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace Zotlabs\Zot;
+
+
+class Verify {
+
+	function create($type,$channel_id,$token,$meta) {
+		return q("insert into verify ( type, channel, token, meta, created ) values ( '%s', %d, '%s', '%s', '%s' )",
+			dbesc($type),
+			intval($channel_id),
+			dbesc($token),
+			dbesc($meta),
+			dbesc(datetime_convert())
+		);
+	}
+
+	function match($type,$channel_id,$token,$meta) {
+		$r = q("select id from verify where type = '%s' and channel = %d and token = '%s' and meta = '%s' limit 1",
+			dbesc($type),
+			intval($channel_id),
+			dbesc($token),
+			dbesc($meta)
+		);
+		if($r) {
+			q("delete from verify where id = %d",
+				intval($r[0]['id'])
+			);
+			return true; 
+		}
+		return false;
+	}
+
+	function purge($type,$interval) {
+		q("delete from verify where type = '%s' and created < %s - INTERVAL %s",
+			dbesc($type),
+			db_utcnow(),
+			db_quoteinterval($interval)
+		);
+	}
+
+}

doc/Creating-Templates.md

@@ -18,7 +18,7 @@ view/php/default.php
 	<html>
 	<head>
 		<title><?php if(x($page,'title')) echo $page['title'] ?></title>
-		<script>var baseurl="<?php echo $a->get_baseurl() ?>";</script>
+		<script>var baseurl="<?php echo z_root() ?>";</script>
 		<?php if(x($page,'htmlhead')) echo $page['htmlhead'] ?>
 	</head>
 	<body>

doc/DerivedTheme1.md

@@ -38,7 +38,7 @@ Inside it, put the following information - edit as needed
 
     function mytheme_init(&$a) {
 
-        $a->theme_info['extends'] = 'redbasic';
+        App::$theme_info['extends'] = 'redbasic';
 
 
     }
@@ -63,7 +63,6 @@ In it, put the following:
 
 That's it. This tells the software to read the PCSS information for the redbasic theme first, and then read our CSS file which will just consist of changes we want to make from our parent theme (redbasic). 
 
-
 Now create the actual CSS file for your theme.  Put it in view/theme/mytheme/css/style.css (where we just told the software to look for it). For our example, we'll just change the body background color so you can see that it works. You can use any CSS you'd like. 
 
 
@@ -74,4 +73,29 @@ Now create the actual CSS file for your theme.  Put it in view/theme/mytheme/css
 
 You've just successfully created a derived theme. This needs to be enabled in the admin "themes" panel, and then anybody on the site can use it by selecting it in Settings->Display Settings as their default theme.  
 
+**Lesson 2**
+
+If you want to use the redbasic schemas for your derived theme, you have to do a bit more.
+
+Do everything as above, but don't create view/theme/mytheme/php/style.php, but copy instead  view/theme/redbasic/php/style.php to view/theme/mytheme/php/style.php. Modify that file and remove (or comment out) these two lines:
+
+	if(local_channel() && App::$channel && App::$channel['channel_theme'] != 'redbasic')
+		set_pconfig(local_channel(), 'redbasic', 'schema', '---');
+	
+Also add this line at the bottom:
+
+	echo @file_get_contents('view/theme/mytheme/css/style.css');
+
+To show the schema selector you have to copy view/theme/redbasic/tpl/theme_settings.tpl to  view/theme/mytheme/tpl/theme_settings.tpl. Modify that file and replace the lines:
+
+	{{if $theme == redbasic}}
+	{{include file="field_select.tpl" field=$schema}}
+	{{/if}}
+
+with:
+
+	{{include file="field_select.tpl" field=$schema}}
+	
+
+
 #include doc/macros/main_footer.bb;

doc/Primary-Directory.md

@@ -12,7 +12,7 @@ There are certain scenarios where you might want your own directory-server that
 
 *   On the hub that will be the Directory Server, open the .htconfig.php file and set:
 
-    `$a->config['system']['directory_mode'] = DIRECTORY_MODE_PRIMARY;`
+    `App::$config['system']['directory_mode'] = DIRECTORY_MODE_PRIMARY;`
 
 
     By default it should already be set as **DIRECTORY_MODE_NORMAL**, so just edit that line to say **DIRECTORY_MODE_PRIMARY**

doc/cloud.bb

@@ -10,7 +10,7 @@ On many public servers there may be limits on disk usage.
 
 The quickest and easiest way to share files is through file attachments. In the row of icons below the status post editor is a tool to upload attachments. Click the tool, select a file and submit. After the file is uploaded, you will see an attachment code placed inside the text region. Do not edit this line or it may break the ability for your friends to see the attachment. You can use the post permissions dialogue box or privacy hashtags to restrict the visibility of the file - which will be set to match the permissions of the post your are sending.
 
-To delete attachments or change the permissions on the stored files, visit [observer.baseurl]/filestorage/{{username}}" replacing {{username}} with the nickname you provided during channel creation.
+To delete attachments or change the permissions on the stored files, visit [observer.baseurl]/cloud/{{username}}" replacing {{username}} with the nickname you provided during channel creation.
 
 [b]Web Access[/b]
 

doc/context/admin/security/help.html

@@ -0,0 +1,3 @@
+<h3>Security Settings</h3>
+<p>This page contains various administrator settings related to security.</p>
+<p>To save any changes you make to these settings, you must press the Submit button.</p>

doc/context/channel/help.html

@@ -0,0 +1,24 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This is the home page of a channel. It is similar to someone's profile "wall" in a social network context. Posts created by the channel are displayed according to the observer's viewing permissions.</dd>
+  <dt>Create a Post</dt>
+  <dd>If you have permission to create posts on the channel page, then you will see the post editor at the top.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/cloud/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This page displays a channel's "cloud" files. The files visible to the observer depend on the individual file permissions set by the channel owner. If you have permission to create/upload files you will see control buttons above the file list.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/mail/help.html

@@ -0,0 +1,10 @@
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>The messages displayed in private mail are visible only to you and the single recipient. </dd>
+  <dt>Combined View</dt>
+  <dd>Complete conversations can be viewed in a continuous thread by selecting <b>Combined View</b>. Available conversations are displayed beneath the menu in the side panel.</dd>
+  <dt>Inbox/Outbox</dt>
+  <dd>Individual sent messages are viewed by selecting <b>Outbox</b>, and incoming messages are viewed using the <b>Inbox</b> filter.</dd>
+  <dt>New Message</dt>
+  <dd>Individual messages have delivery reports that can be viewed using the drop-down menu. Messages can also be recalled from the same menu, which can prevent the recipient from viewing the message <i>if they have not already read it</i>.</dd>
+</dl>

doc/context/network/help.html

@@ -0,0 +1,26 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>The network page displays a stream of posts and conversations, typically ordered by the most recently updated. This page is highly customizable.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#profile-jot-wrapper", 0); return false;' title="Click to highlight element...">Create a Post</a></dt>
+  <dd>At the top of the page there is a text box that says "Share". Clicking this box opens a new post editor. The post editor is customizable, but the basic editor provides fields for a post body and an optional post <b>Title</b>. Buttons below the text area to the left provide shortcuts to text formatting and inserting links, images, and other data into the post. The buttons to the right provide a post preview, the post permissions setting, and a <b>Submit</b> button to send the post.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#group-sidebar", 1); return false;' title="Click to highlight element...">Privacy Groups</a></dt>
+  <dd>The privacy groups you have created are displayed in the side panel. Selecting them filters posts to those created by channels in the chosen group.</dd>
+  <dt><a href='#' onclick='$("#dbtn-acl").click(); return false;' title="Click to highlight element...">Post Permissions</a></dt>
+  <dd>The access control list (ACL) is what you use to set who can see your new post. Pressing the ACL button beside the Submit button will display a dialog in which you can select what channels and/or privacy groups can see the post. You can also select who is explicitly denied access. For example, say you are planning a surprise party for a friend. You can send an invitation post to everyone in your <b>Friends</b> group <i>except</i> the friend you are surprising. In this case you "show" the <b>Friends</b> group but "don't show" that one person.</dd>
+</dl>

doc/context/photos/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This page displays a channel's photo albums. The images visible to the observer depend on the individual image permissions.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/context/profile/help.html

@@ -0,0 +1,22 @@
+<script>
+    var contextualHelp1 = function (target, openSidePanel) {
+        $("#help-content").removeClass('help-content-open');  // Close the help panel
+        $("#navbar-collapse-1").removeClass('in');  // Collapse the navbar for small screens
+        if (openSidePanel) {
+            $("main").addClass('region_1-on');  // Open the side panel to highlight element 
+        } else {
+            $("main").removeClass('region_1-on');
+        }
+        // Animate the page scroll to the element and then pulse the element to direct attention
+        $('html,body').animate({scrollTop: $(target).offset().top - $('#navbar-collapse-1').height() - 20}, 'slow');
+        for (i = 0; i < 3; i++) {
+            $(target).fadeTo('slow', 0.1).fadeTo('slow', 1.0);
+        }
+    }
+</script>
+<dl class="dl-horizontal">
+  <dt>General</dt>
+  <dd>This is the profile page of a channel. It typically displays information describing the channel. If the channel represents a person in a social network, for example, then the profile might provide contact information and other personal details about the person. Channels can have multiple profiles, where the displayed profile depends on the observer.</dd>
+  <dt><a href='#' onclick='contextualHelp1("#tabs-collapse-1", 0); return false;' title="Click to highlight element...">Channel Content Tabs</a></dt>
+  <dd>The channel content tabs are links to other content published by the channel. The <b>About</b> tab links to the channel profile. The <b>Photos</b> tab links to the channel photo galleries. The <b>Files</b> tab links to the general shared files published by the channel.</dd>
+</dl>

doc/de/general.bb

@@ -7,8 +7,8 @@
 [h3]Externe Ressourcen[/h3]
 [zrl=[baseurl]/help/external-resource-links]Links zu externen Ressourcen[/zrl]
 
-[url=https://github.com/redmatrix/redmatrix]Haupt-Website[/url]
-[url=https://github.com/redmatrix/redmatrix-addons]Addons-Website[/url]
+[url=https://github.com/redmatrix/hubzilla]Haupt-Website[/url]
+[url=https://github.com/redmatrix/hubzilla-addons]Addons-Website[/url]
 
 [url=[baseurl]/help/credits]$Projectname Credits[/url]
 

doc/dev-function-overview.md

@@ -21,7 +21,7 @@ Returns the global app structure ($a).
 
 * App::get_observer()
 
-(App:: is usually assigned to the global $a), so $a->get_observer() or get_app()->get_observer() - returns an xchan structure representing the current viewer if authenticated (locally or remotely).
+(App:: is usually assigned to the global $a), so App::get_observer() or App::get_observer() - returns an xchan structure representing the current viewer if authenticated (locally or remotely).
 
 * get_config($family,$key), get_pconfig($uid,$family,$key)
 

doc/dev_beginner.bb

@@ -242,7 +242,7 @@ Befor you register a first user switch off the registration mails.
 Open /var/www/.htconfig.php
 and make sure "0" is set in this line
 [code]
-$a->config['system']['verify_email'] = 0;
+App::$config['system']['verify_email'] = 0;
 [/code]
 You should be able to change the file as "yourself" (instead of using root or www-data).
 

doc/directories.bb

@@ -30,7 +30,7 @@ To configure this, please look in your .htconfig.php file for the following text
 // DIRECTORY_MODE_PRIMARY    = main directory server
 // DIRECTORY_MODE_STANDALONE = "off the grid" or private directory services
 
-$a->config['system']['directory_mode']  = DIRECTORY_MODE_STANDALONE;
+App::$config['system']['directory_mode']  = DIRECTORY_MODE_STANDALONE;
 [/code]
 
 

doc/faq_developers.bb

@@ -8,22 +8,22 @@ $a is a class defined in boot.php and passed all around $Projectname as a global
 
 We don't ever create more than one instance and always modify the elements of the single instance. The mechanics of this are somewhat tricky. If you have a function that is passed $a and needs to modify $a you need to declare it as a reference with '&' e.g. 
 
-[code]function foo(&$a) { $a->something = 'x'; // whatever };
+[code]function foo(&$a) { App::$something = 'x'; // whatever };
 
 *or* access it within your function  as a global variable via get_app()
 
 function foo() {
     $a = get_app();
-    $a->something = 'x';
+    App::$something = 'x';
 }
 
 
-function foo($a) { $a->something = 'x'; }; 
+function foo($a) { App::$something = 'x'; }; 
 
 will *not* change the global app state. 
 
 function foo() {
-   get_app()->something = 'x';
+   App::$something = 'x';
 }
 [/code]
 

doc/faq_members.bb

@@ -8,7 +8,7 @@ Short anser: No, there isn't. There are reasons. You are able to change permisso
 If a posting is public this is even harder, as the $Projectname is a global network and there is no way to follow a post, let alone reclaim it reliably. Other networks that may receive your post have no reliable way to delete or reclaim the post.
 
 [h3]I downloaded my channel and imported it (cloned my identity) to another site but there is no content, no posts, no photos. What is wrong???[/h3]
-To be honest: Nothing. That's the way it is right now. Technically it is surely possible to take at least your own posts and maybe even files with you, but this has simply put not implemented yet. When creating this feature we thought that keeping all your contacts was more important. Your friends have already seen your old content. Once we find someone willing to implement this, it will be done. :)
+Posts and photos/files are provided separately from the channel basic information. This is due to memory limitations dealing with years of conversations and photo archives. Posts and conversations can be synced separately from the basic channel information. Photos and file archives can be transferred using a plugin tool such as 'redfiles', which is currently listed as "experimental".  When creating this feature we thought that keeping all your contacts was the most important task. Your friends have already seen your old content. Posts/conversations were next in priority and these may now be synced. Files and photos are the last bit to get completely working. Once we find someone willing to finish implementing this, it will be done. :)
 [h3]I can't see private resources[/h3]
 You have probably disabled third party cookies.  You need to enable them for remote authentication to work.
 [h3]There are a lot of foreign language posts. Let's auto-translate them.[/h3]

doc/federate.bb

@@ -0,0 +1,71 @@
+[h2]Creating protocol federation services[/h2]
+
+There are three main components to writing federation plugins. These are:
+
+[1] Channel discovery and making connections
+[2] Sending posts/messages
+[3] Receiving posts/messages
+
+In addition, federation drivers must handle
+
+[4] differences in privacy policies (and content formats)
+
+
+[h3]Making connections[/h3]
+
+The core application provides channel discovery in the following sequence:
+
+[1] Zot channel discovery
+[2] Webfinger (channel@hub) lookup
+	[2.1] RFC7033 webfinger
+	[2.2] XRD based webfinger (old style)
+[3] URL discovery (currently only used to discover RSS feeds)
+[4] If all of these fail, the network is "unknown" and we are unable to communicate with or connect with the channel. An 'xchan' record [i]may[/i] still be created [b]if[/b] there is enough information known to identify a unique channel.   
+
+Any of the lookup services may be bound to a plugin and extended. When a channel is discovered, we create an 'xchan' record which is a platform neutral representation of the channel identity. If we need to send information to the channel, a 'hubloc' (hub location) record is also generally required. A 'follow' plugin hook is provided to bypass webfinger and this discovery sequence completely. 
+
+The final step in gluing this together is to create an 'abook' record, which attaches an xchan in a relationship to a local channel with a given set of permissions. 
+
+For networks which do not support nomadic identity, your plugin must also set "abook_instance" which is a comma-separated list of local URLs that the remote channel is connected with. For instance if your member was connected to my channel clone at https://example.com, the abook_instance for that connection would read 'https://example.com'. If you also connected to my clone at https://abc.example.com, the string would be changed to 'https://example.com,https://abc.example.com'. This allows local channels to differentiate which instance a given remote channel is connected with and avoid delivery failures to those channels from other clone instances. 
+
+A federation plugin for a webfinger based system needs only to examine the webfinger or XRD results and identify a protocol stack which can be used to connect or communicate. Then create an xchan record with the given 'xchan_network' type and a hubloc record with the same 'hubloc_network' with the information given. Currently the plugin will need to create the entire record, but in the future this will be extended so that the plugin only need identify a network name and the record will be populated with all other known values.
+
+An xchan record is always required in order to connect. To connect, create an abook record with the desired permissions. 
+
+Additional information that your plugin requires for communication can be stored in the xconfig table and/or abconfig table if there is no convenient or appropriate table column in the xchan or hubloc tables.
+
+When a connection is made, we generally call the notifier (include/notifier.php) to send a message to the remote channel. This is bound to the hook 'permissions_create'. Your plugin will need to handle this in order to send a "follow" or "make friends" message to the other network.
+
+Notes: The first stage zot lookup will be replaced with a webfinger lookup. This work is in progress. A separate lookup was required initially as webfinger does not allow non-SSL connections. We will provide non-SSL zot lookups (usually test and development sites) via the "old" XRD based webfinger to avoid this limitation. 
+
+The core application will attempt to create xchan records for projects identified as members of the "open web"; currently Hubzilla, Friendica, Diaspora, GNU-Social and Pump.io. This is so that comments can be passed amongst project sites and the network correctly identified. A federation plugin is required to fully federate with other networks, but comments may be passed to sites without such a plugin installed so that there are no unexplained holes in conversations.
+
+The core application must also provide signing ability for Diaspora comments since they require a special signing format and must be signed by the comment author regardless of whether that channel federates with Diaspora. The owner of the conversation may federate with Diaspora so the comments must be signed. This is unfortunate but necessary.   
+
+
+[h3]Sending Messages[/h3]
+
+Whenever any message is sent (with the sole exception of directory communications), we invoke the notifier (include/notifier.php), and pass it the type of message and generally an identifier to lookup the information being sent from the database (items or conversational things, private mail, permissions updates, etc.). 
+
+The notifier has several hooks which may be used by plugins in different ways, depending on how their delivery loop works. For different message types and complex delivery situations you may need to tie into multiple hooks. The 'permissions_create' hook was mentioned in the first section. There is also a 'permissions_update' message if permissions have changed and the other end of the link needs to be advised. Few services will provide or handle this (as their permissions are static), but it is also used for instance to send profile and profile photo update messages and you may wish to handle this.
+
+The next plugin hook is 'notifier_process'. It is passed an array providing the complete state of the notifier and is called once per notifier invocation. It contains the complete list of recipients (with xchan_network set for each).
+
+There is also 'notifier_hub' which like 'notifier_process' is passed the complete state of the notifier, but the difference is that it is called for each individual hub or distinct URL delivery and may be matched on the hubloc_network type. Hub delivery is much more efficient than recipient delivery but may not be suitable for all protocol stacks. 
+
+
+Your plugin will be required to understand the message state and recipients and translate the sent item to the desired format. You will also be required to check privacy and block communication to anybody but the intended recipients - *if* it is a private communication. The plugin will often at this point stick the message into the queue and return the queue id to the notifier.
+
+
+Queue handlers exist already for simple posted data. If you create a queue entry with 'post' type we'll open an HTTP POST request and post the data provided and acknowledge success or failure. You can create other forms of communication by providing a different outq_driver type and handling the processing of queue requests yourself. Delivery reporting is available if you wish to acknowledge different error conditions, or anything beyond success/failure. Advanced delivery reporting will also require a custom queue type. The basic 'post' type only deals with success (communication successful with the remote site) and failure.   
+
+
+    
+[h3]Receiving Messages[/h3]
+
+
+Receiving messages from the remote network will probably require a 'receive' endpoint or module dedicated to your network communication protocol. This is a URL route that your plugin may need to register with the'module_loaded' hook. You module will then take responsibility for importing any data which arrives at that endpoint and translating it to the format required for this project and storing the resulting data. The basic structure we use is an extensible activitystream item but with slightly different field names and several optional fields. It can be easily mapped to an activitystream. Additional data can be stored in the "iconfig" table. item_store() and item_store_update() are generally used to store the data and send appropriate notifications. Similiar facilities are available for private mail and profile information.
+
+
+
+  

doc/filesync.md

@@ -0,0 +1,61 @@
+File Sync and Clone
+===================
+
+
+
+File cloning across multiple instances of a channel is a very hard problem, due to the nature of PHP memory allocation. This needs to be handled dramatically differently than cloning or syncing of other information. (Processing one large video file or 40-50 photos could exhaust memory). Therefore we can't easily just dump all the data to a dump file and sequentially process it. Loading the dump file itself is likely to exhaust memory.
+
+There are also two primary operations we are considering. The first is the hardest - saving and then importing all your channel information into a new channel clone. The second is synchronising file changes as they occur across two or more "active" clones.
+
+For the first cut at this tool we will concentrate on the second case, while trying to maintain some measure of compatibility with the first case so that we can re-use the same tools.
+
+Meta Data
+=========
+
+
+First we need the metadata for the file in order to precisely re-construct its structure on another site. This requires the following information:
+
+'attach' structure (without file contents - which is the default) for the file itself **and** its parent directories so that we can re-create its precise place in the file system, since we do not know if the parent directory has been imported previously or ever. 
+
+'photo' structure for any photo elements which were created as a result of uploading this file into the system. This typically contains several different 'scales' or thumbnail images, some of which may be cropped for profile photo use or cover photo use. We need to retain the cropping information which is not present in the metadata, but only in the stored data. The actual thumbnail image data may or may not be included in the metadata. A cover photo of large scale (scale #7) could potentially cause memory issues. Not as bad as a 100M video, but if you have several of these they could add up.  
+
+'item' entries which are linked to this file. These can be file share activities, the "parent item" linked to photos, and any attached conversation items (photo likes, comments, etc.) 
+
+All of these items will require URL replacement and re-signing of the item as they are relocated to another site.
+
+
+File Data
+=========
+
+Then we have the actual file data we need to reconstruct the file. This needs to be stored separately from the meta-data to avoid memory exhaustion when processing. The actual file data can be used to reconstruct the attach structure and the first four photo scales. If this is a photo, we need access to the "#4 scale" (profile photo) and the #7 scale (cover photo) as they were originally cropped. All other thumbnails can be generated from these. 
+
+
+
+File Sync
+=========
+
+
+We will consider this operation first because it is probably the most straightforward to implement. When a photo is added to or removed or changed from the source system, we will send a clone sync packet to all known clones containing the metadata - but **no file data** . We can only send one sync packet per file operation that needs to be synced. 
+
+The receiving end will create and perform URL translation on all the metadata structures and store them. Then it will need to fetch the actual data. Assuming CURL supports streaming, an authenticated request is sent to the original site and the original file is requested and streamed directly to disk (bypassing all processing). If photo scale #4 or scale #7 is required, these are requested and stored into their respective structures. We're assuming in this case that the cover photo large scale will not exhaust memory. If CURL cannot be made to support streaming, request packets need to be queued and sent to the origination site to obtain "chunks" of the file and re-assembled once all chunks have been retrieved.
+
+The authenticated request depends on the mechanism. For CURL streaming, some signed secret with a timestamp will probably need to be generated and posted to the file origination site. Then the data can be retrieved with minimal internal processing and dumped directly to disk using stdio buffering. In the case of a zot request, the zot request packet will be validated, however scheduling chunk batches and re-assembling them could be tricky.
+
+
+File Backup/Restore
+===================
+
+This is much more complicated as we do not have an authenticate web server to request data from. The metadata can be mostly the same, but we need some form of signalling that we will not be fetching the file via the web. This will likely require a client side process to parse each metadata file and locate a file on disk which it is associated with. Then the data would need to be streamed to the destination server with a special endpoint designed for this task. A java app might be the best option here to retain platform neutrality.
+
+Another option would be to use WebDAV for this step. The metadata files would be uploaded first, and then the data files. If a data file corresponded to an existing metadata file, the metadata would be processed; the file stored appropriately, and the metadata file then removed. In this case, photos of scales 4 and 7 would need to be provided in the metadata.  
+ 
+
+Optionally, this step could also be performed with a filesystem local to the destination server. This would be the highest performance, and a suite of shell-based tools (in the case of Linux) could perform the "client-side" of the task.
+
+The complexity of this task mandates careful planning into how the data is organised and stored and if necessary backed up remotely or transmitted for backup by the source website.
+
+
+Backward Compatibility
+======================
+
+There are some obvious issues with making data available for backup or cloning which existed on the system prior to the existence of restore/sync tools. To keep the tools themselves relatively uncomplicated (to the extent possible given the constraints) backward compatibility may have to be preformed by dedicated plugin or addon.        

doc/git_for_non_developers.bb

@@ -14,7 +14,7 @@ Once you've done that, cd into the directory, and add an upstream.
 
 [code]
 cd red
-git remote add upstream https://github.com/redmatrix/redmatrix
+git remote add upstream https://github.com/redmatrix/hubzilla
 [/code]
 
 From now on, you can pull upstream changes with the command

doc/hook/discover_by_webbie.bb

@@ -1 +0,0 @@
-[h2]discover_by_webbie[/h2]

doc/hook/discover_channel_webfinger.bb

@@ -0,0 +1,14 @@
+[h2]discover_channel_webfinger[/h2]
+
+Called after performing channel discovery using RFC7033 webfinger and where the channel is not recognised as zot. 
+
+Passed an array:
+
+	address: URL or address that is being discovered
+	success: set to true if the plugin discovers something
+	webfinger: array of webfinger links (output of webfinger_rfc7033())
+
+
+	if your plugin indicates success you are expected to generate and populate an xchan (and hubloc) record prior to returning. 
+
+	

doc/hook/module_mod_aftercontent.bb

@@ -8,5 +8,5 @@ The hook data for this call consists of an array
 
 This element contains the HTML content which was prepared for this page by calling the module_content() function. It is invoked after the content has been created. It does not contain the result of AJAX or asynchronous page load calls.
 
-	The current module may be determined by lookin at $a->module  
+	The current module may be determined by lookin at App::$module  
 

doc/hook/module_mod_content.bb

@@ -6,5 +6,5 @@ The hook data for this call consists of an array
 
 This element contains the HTML content before calling the module_content() function. It is invoked before the content region has been populated. This may  or may not be empty as there may be other processes or addons generating content prior to your hook handler is run. Be certain to preserve any current content. Typically anything you add here will be placed at the top of the content region of the page, but in any event prior to the main content region being generated. 
 
-	The current module may be determined by lookin at $a->module  
+	The current module may be determined by lookin at App::$module  
 

doc/hooklist.bb

@@ -127,7 +127,7 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the
 [zrl=[baseurl]/help/hook/directory_item]directory_item[/zrl]
 	Called when generating a directory listing for display
 
-[zrl=[baseurl]/help/hook/discover_by_webbie]discover_by_webbie[/zrl]
+[zrl=[baseurl]/help/hook/discover_channel_webfinger]discover_channel_webfinger[/zrl]
 	Called when performing a webfinger lookup
 
 [zrl=[baseurl]/help/hook/display_item]display_item[/zrl]

include/BaseObject.php

@@ -1,4 +1,5 @@
 <?php /** @file */
+
 if(class_exists('BaseObject'))
 	return;
 

include/Contact.php

@@ -75,12 +75,12 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 	$a = get_app();
 
 	if(! $xchan) {
-		if($a->poi) {
-			$xchan = $a->poi;
+		if(App::$poi) {
+			$xchan = App::$poi;
 		}
-		elseif(is_array($a->profile) && $a->profile['channel_hash']) {
+		elseif(is_array(App::$profile) && App::$profile['channel_hash']) {
 			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
-				dbesc($a->profile['channel_hash'])
+				dbesc(App::$profile['channel_hash'])
 			);
 			if($r)
 				$xchan = $r[0];
@@ -102,7 +102,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 	}
 
 	if(array_key_exists('channel_id',$xchan))
-		$a->profile_uid = $xchan['channel_id'];
+		App::$profile_uid = $xchan['channel_id'];
 
 	$url = (($observer) 
 		? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] 
@@ -111,7 +111,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
 					
 	return replace_macros(get_markup_template('xchan_vcard.tpl'),array(
 		'$name'    => $xchan['xchan_name'],
-		'$photo'   => ((is_array($a->profile) && array_key_exists('photo',$a->profile)) ? $a->profile['photo'] : $xchan['xchan_photo_l']),
+		'$photo'   => ((is_array(App::$profile) && array_key_exists('photo',App::$profile)) ? App::$profile['photo'] : $xchan['xchan_photo_l']),
 		'$follow'  => $xchan['xchan_addr'],
 		'$link'    => zid($xchan['xchan_url']),
 		'$connect' => $connect,
@@ -235,7 +235,7 @@ function account_remove($account_id,$local = true,$unset_session=true) {
 		unset($_SESSION['authenticated']);
 		unset($_SESSION['uid']);
 		notice( sprintf(t("User '%s' deleted"),$account_email) . EOL);
-		goaway(get_app()->get_baseurl());
+		goaway(z_root());
 	}
 	return $r;
 
@@ -263,7 +263,7 @@ function rrmdir($path)
     return false;
 }
 
-function channel_remove($channel_id, $local = true, $unset_session=true) {
+function channel_remove($channel_id, $local = true, $unset_session=false) {
 
 	if(! $channel_id)
 		return;
@@ -333,19 +333,19 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
 	);
 
 	// if this was the default channel, set another one as default
-	if($a->account['account_default_channel'] == $channel_id) {
+	if(App::$account['account_default_channel'] == $channel_id) {
 		$r = q("select channel_id from channel where channel_account_id = %d and channel_removed = 0 limit 1",
-            intval($a->account['account_id']),
+            intval(App::$account['account_id']),
             intval(PAGE_REMOVED));
 		if ($r) {
 			$rr = q("update account set account_default_channel = %d where account_id = %d",
 				intval($r[0]['channel_id']),
-				intval($a->account['account_id']));
+				intval(App::$account['account_id']));
 			logger("Default channel deleted, changing default to channel_id " . $r[0]['channel_id']);
 		}
 		else {
 			$rr = q("update account set account_default_channel = 0 where account_id = %d",
-				intval($a->account['account_id'])
+				intval(App::$account['account_id'])
 			);
 		}
 	}
@@ -389,9 +389,8 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
 	proc_run('php','include/directory.php',$channel_id);
 
 	if($channel_id == local_channel() && $unset_session) {
-		unset($_SESSION['authenticated']);
-		unset($_SESSION['uid']);
-		goaway($a->get_baseurl());
+		\Zotlabs\Web\Session::nuke();
+		goaway(z_root());
 	}
 
 }

include/ConversationObject.php

@@ -15,6 +15,7 @@ require_once('include/items.php');
  */
 
 class Conversation extends BaseObject {
+
 	private $threads = array();
 	private $mode = null;
 	private $observer = null;
@@ -47,33 +48,26 @@ class Conversation extends BaseObject {
 
 		$a = $this->get_app();
 
-		$this->observer = $a->get_observer();
+		$this->observer = App::get_observer();
 		$ob_hash = (($this->observer) ? $this->observer['xchan_hash'] : '');
 
 		switch($mode) {
 			case 'network':
-//				if(array_key_exists('firehose',$a->data) && intval($a->data['firehose'])) {
-//					$this->profile_owner = intval($a->data['firehose']);
-//					$this->writable = false;
-//				}
-//				else {
-					$this->profile_owner = local_channel();
-					$this->writable = true;
-//				}
+				$this->profile_owner = local_channel();
+				$this->writable = true;
 				break;
 			case 'channel':
-				$this->profile_owner = $a->profile['profile_uid'];
+				$this->profile_owner = App::$profile['profile_uid'];
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
 			case 'display':
 				// in this mode we set profile_owner after initialisation (from conversation()) and then 
 				// pull some trickery which allows us to re-invoke this function afterward
 				// it's an ugly hack so FIXME
-//				$this->profile_owner = $a->profile['uid'];
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
 			case 'page':
-				$this->profile_owner = $a->profile['uid'];
+				$this->profile_owner = App::$profile['uid'];
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
 			default:
@@ -142,11 +136,11 @@ class Conversation extends BaseObject {
 	public function add_thread($item) {
 		$item_id = $item->get_id();
 		if(!$item_id) {
-			logger('[ERROR] Conversation::add_thread : Item has no ID!!', LOGGER_DEBUG);
+			logger('Item has no ID!!', LOGGER_DEBUG, LOG_ERR);
 			return false;
 		}
 		if($this->get_thread($item->get_id())) {
-			logger('[WARN] Conversation::add_thread : Thread already exists ('. $item->get_id() .').', LOGGER_DEBUG);
+			logger('Thread already exists ('. $item->get_id() .').', LOGGER_DEBUG, LOG_WARNING);
 			return false;
 		}
 
@@ -177,11 +171,6 @@ class Conversation extends BaseObject {
 			}
 		}
 		require_once('include/identity.php');
-//		$sys = get_sys_channel();
-
-//		if($sys && $item->get_data_value('uid') == $sys['channel_id']) {
-//			$item->set_commentable(false);
-//		}
 
 		$item->set_conversation($this);
 		$this->threads[] = $item;
@@ -209,7 +198,7 @@ class Conversation extends BaseObject {
 				$item_data = $item->get_template_data($conv_responses);
 			}
 			if(!$item_data) {
-				logger('[ERROR] Conversation::get_template_data : Failed to get item template data ('. $item->get_id() .').', LOGGER_DEBUG);
+				logger('Failed to get item template data ('. $item->get_id() .').', LOGGER_DEBUG, LOG_ERR);
 				return false;
 			}
 			$result[] = $item_data;

include/Import/import_diaspora.php

@@ -8,7 +8,7 @@ require_once('include/photo/photo_driver.php');
 function import_diaspora($data) {
 	$a = get_app();
 
-	$account = $a->get_account();
+	$account = App::get_account();
 	if(! $account)
 		return false;
 

include/ItemObject.php

@@ -97,7 +97,7 @@ class Item extends BaseObject {
 		$mode = $conv->get_mode();
 
 		if(local_channel() && $observer['xchan_hash'] === $item['author_xchan'])
-			$edpost = array($a->get_baseurl($ssl_state)."/editpost/".$item['id'], t("Edit"));
+			$edpost = array(z_root()."/editpost/".$item['id'], t("Edit"));
 		else
 			$edpost = false;
 
@@ -241,7 +241,7 @@ class Item extends BaseObject {
 		$has_bookmarks = false;
 		if(is_array($item['term'])) {
 			foreach($item['term'] as $t) {
-				if($t['type'] == TERM_BOOKMARK)
+				if(!UNO && $t['type'] == TERM_BOOKMARK)
 					$has_bookmarks = true;
 			}
 		}
@@ -689,7 +689,7 @@ class Item extends BaseObject {
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
-			'$jsreload' => (($conv->get_mode() === 'display') ? $_SESSION['return_url'] : ''),
+			'$jsreload' => '', //(($conv->get_mode() === 'display') ? $_SESSION['return_url'] : ''),
 			'$type' => (($conv->get_mode() === 'channel') ? 'wall-comment' : 'net-comment'),
 			'$id' => $this->get_id(),
 			'$parent' => $this->get_id(),
@@ -714,7 +714,7 @@ class Item extends BaseObject {
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
-			'$sourceapp' => get_app()->sourcename
+			'$sourceapp' => App::$sourcename
 
 		));
 

include/account.php

@@ -248,7 +248,7 @@ function verify_email_address($arr) {
 
 	$res = mail($arr['email'], email_header_encode(sprintf( t('Registration confirmation for %s'), get_config('system','sitename'))),
 		$email_msg,
-		'From: ' . 'Administrator' . '@' . get_app()->get_hostname() . "\n"
+		'From: ' . 'Administrator' . '@' . App::get_hostname() . "\n"
 		. 'Content-type: text/plain; charset=UTF-8' . "\n"
 		. 'Content-transfer-encoding: 8bit' 
 	);
@@ -314,7 +314,7 @@ function send_reg_approval_email($arr) {
 
 		$res = mail($admin['email'], sprintf( t('Registration request at %s'), get_config('system','sitename')),
 			$email_msg,
-			'From: ' . t('Administrator') . '@' . get_app()->get_hostname() . "\n"
+			'From: ' . t('Administrator') . '@' . App::get_hostname() . "\n"
 			. 'Content-type: text/plain; charset=UTF-8' . "\n"
 			. 'Content-transfer-encoding: 8bit' 
 		);
@@ -341,7 +341,7 @@ function send_register_success_email($email,$password) {
 
 	$res = mail($email, sprintf( t('Registration details for %s'), get_config('system','sitename')),
 		$email_msg, 
-		'From: ' . t('Administrator') . '@' . get_app()->get_hostname() . "\n"
+		'From: ' . t('Administrator') . '@' . App::get_hostname() . "\n"
 		. 'Content-type: text/plain; charset=UTF-8' . "\n"
 		. 'Content-transfer-encoding: 8bit' 
 	);
@@ -655,7 +655,7 @@ function account_service_class_allows($aid, $property, $usage = false) {
 function service_class_fetch($uid, $property) {
 	$a = get_app();
 	if($uid == local_channel()) {
-		$service_class = $a->account['account_service_class'];
+		$service_class = App::$account['account_service_class'];
 	}
 	else {
 		$r = q("select account_service_class as service_class 

include/acl_selectors.php

@@ -23,7 +23,7 @@ function group_select($selname,$selclass,$preselected = false,$size = 4) {
 
 	// e.g. 'network_pre_group_deny', 'profile_pre_group_allow'
 
-	call_hooks($a->module . '_pre_' . $selname, $arr);
+	call_hooks(App::$module . '_pre_' . $selname, $arr);
 
 	if($r) {
 		foreach($r as $rr) {
@@ -39,7 +39,7 @@ function group_select($selname,$selclass,$preselected = false,$size = 4) {
 	}
 	$o .= "</select>\r\n";
 
-	call_hooks($a->module . '_post_' . $selname, $o);
+	call_hooks(App::$module . '_post_' . $selname, $o);
 
 
 	return $o;
@@ -127,7 +127,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) {
 
 	// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
 
-	call_hooks($a->module . '_pre_' . $selname, $arr);
+	call_hooks(App::$module . '_pre_' . $selname, $arr);
 
 	if(count($r)) {
 		foreach($r as $rr) {
@@ -145,7 +145,7 @@ function contact_selector($selname, $selclass, $preselected = false, $options) {
 
 	$o .= "</select>\r\n";
 
-	call_hooks($a->module . '_post_' . $selname, $o);
+	call_hooks(App::$module . '_post_' . $selname, $o);
 
 	return $o;
 }*/
@@ -182,7 +182,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
 
 	// e.g. 'network_pre_contact_deny', 'profile_pre_contact_allow'
 
-	call_hooks($a->module . '_pre_' . $selname, $arr);
+	call_hooks(App::$module . '_pre_' . $selname, $arr);
 
 	if($r) {
 		foreach($r as $rr) {
@@ -200,7 +200,7 @@ function contact_select($selname, $selclass, $preselected = false, $size = 4, $p
 
 	$o .= "</select>\r\n";
 
-	call_hooks($a->module . '_post_' . $selname, $o);
+	call_hooks(App::$module . '_post_' . $selname, $o);
 
 	return $o;
 }

include/activities.php

@@ -11,7 +11,7 @@ function profile_activity($changed, $value) {
 
 	require_once('include/items.php');
 
-	$self = $a->get_channel();
+	$self = App::get_channel();
 
 	if(! count($self))
 		return;

include/api.php

@@ -34,7 +34,7 @@ require_once('include/api_auth.php');
 
 	function api_user() {
 		$aid = get_account_id();
-		$channel = get_app()->get_channel();
+		$channel = App::get_channel();
 		
 		if(($aid) && (x($_REQUEST,'channel'))) {
 
@@ -79,7 +79,7 @@ require_once('include/api_auth.php');
 		$type="json";
 
 		foreach ($API as $p=>$info){
-			if (strpos($a->query_string, $p)===0){
+			if (strpos(App::$query_string, $p)===0){
 				$called_api= explode("/",$p);
 				//unset($_SERVER['PHP_AUTH_USER']);
 				if ($info['auth'] === true && api_user() === false) {
@@ -88,18 +88,18 @@ require_once('include/api_auth.php');
 
 				load_contact_links(api_user());
 
-				$channel = $a->get_channel();
+				$channel = App::get_channel();
 
-				logger('API call for ' . $channel['channel_name'] . ': ' . $a->query_string);
+				logger('API call for ' . $channel['channel_name'] . ': ' . App::$query_string);
 				logger('API parameters: ' . print_r($_REQUEST,true));
 
 				$type="json";
 
-				if (strpos($a->query_string, ".xml")>0) $type="xml";
-				if (strpos($a->query_string, ".json")>0) $type="json";
-				if (strpos($a->query_string, ".rss")>0) $type="rss";
-				if (strpos($a->query_string, ".atom")>0) $type="atom";
-				if (strpos($a->query_string, ".as")>0) $type="as";
+				if (strpos(App::$query_string, ".xml")>0) $type="xml";
+				if (strpos(App::$query_string, ".json")>0) $type="json";
+				if (strpos(App::$query_string, ".rss")>0) $type="rss";
+				if (strpos(App::$query_string, ".atom")>0) $type="atom";
+				if (strpos(App::$query_string, ".as")>0) $type="as";
 
 				$r = call_user_func($info['func'], $a, $type);
 				if ($r===false) return;
@@ -141,7 +141,7 @@ require_once('include/api_auth.php');
 			}
 		}
 		header("HTTP/1.1 404 Not Found");
-		logger('API call not implemented: '.$a->query_string." - ".print_r($_REQUEST,true));
+		logger('API call not implemented: '.App::$query_string." - ".print_r($_REQUEST,true));
 		$r = '<status><error>not implemented</error></status>';
 		switch($type){
 			case "xml":
@@ -171,12 +171,12 @@ require_once('include/api_auth.php');
 		$arr['$user'] = $user_info;
 		$arr['$rss'] = array(
 			'alternate' => $user_info['url'],
-			'self' => $a->get_baseurl(). "/". $a->query_string,
-			'base' => $a->get_baseurl(),
+			'self' => z_root(). "/". App::$query_string,
+			'base' => z_root(),
 			'updated' => api_date(null),
 			'atom_updated' => datetime_convert('UTC','UTC','now',ATOM_TIME),
 			'language' => $user_info['language'],
-			'logo'	=> $a->get_baseurl()."/images/rm-64.png",
+			'logo'	=> z_root()."/images/rm-64.png",
 		);
 		
 		return $arr;
@@ -213,7 +213,7 @@ require_once('include/api_auth.php');
 					$extra_query .= " AND abook_channel = ".intval(api_user());
 			}
 		
-			if (is_null($user) && argc() > (count($called_api)-1) && (strstr($a->cmd,'/users'))){
+			if (is_null($user) && argc() > (count($called_api)-1) && (strstr(App::$cmd,'/users'))){
 				$argid = count($called_api);
 				list($xx, $null) = explode(".",argv($argid));
 				if(is_numeric($xx)){
@@ -318,7 +318,7 @@ require_once('include/api_auth.php');
 			'location' => ($usr) ? $usr[0]['channel_location'] : '',
 			'profile_image_url' => $uinfo[0]['xchan_photo_l'],
 			'url' => $uinfo[0]['xchan_url'],
-			'contact_url' => $a->get_baseurl() . "/connections/".$uinfo[0]['abook_id'],
+			'contact_url' => z_root() . "/connections/".$uinfo[0]['abook_id'],
 			'protected' => false,	
 			'friends_count' => intval($countfriends),
 			'created_at' => api_date($uinfo[0]['abook_created']),
@@ -326,7 +326,7 @@ require_once('include/api_auth.php');
 			'time_zone' => 'UTC', //$uinfo[0]['timezone'],
 			'geo_enabled' => false,
 			'statuses_count' => intval($countitms), //#XXX: fix me 
-			'lang' => get_app()->language,
+			'lang' => App::$language,
 			'description' => (($profile) ? $profile[0]['pdesc'] : ''),
 			'followers_count' => intval($countfollowers),
 			'favourites_count' => intval($starred),
@@ -486,7 +486,7 @@ require_once('include/api_auth.php');
 
 	function api_account_logout(&$a, $type){
 		require_once('include/auth.php');
-		nuke_session();
+		\Zotlabs\Web\Session::nuke();
 		return api_apply_template("user", $type, array('$user' => null));
 
 	}
@@ -635,13 +635,13 @@ require_once('include/api_auth.php');
 
 
 	function api_albums(&$a,$type) {
-		json_return_and_die(photos_albums_list($a->get_channel(),$a->get_observer()));
+		json_return_and_die(photos_albums_list(App::get_channel(),App::get_observer()));
 	}
 	api_register_func('api/red/albums','api_albums', true);
 
 	function api_photos(&$a,$type) {
 		$album = $_REQUEST['album'];
-		json_return_and_die(photos_list_photos($a->get_channel(),$a->get_observer(),$album));
+		json_return_and_die(photos_list_photos(App::get_channel(),App::get_observer(),$album));
 	}
 	api_register_func('api/red/photos','api_photos', true);
 
@@ -768,7 +768,7 @@ require_once('include/api_auth.php');
 		}
 		$txt = html2bbcode($txt);
 		
-		$a->argv[1] = $user_info['screen_name'];
+		App::$argv[1] = $user_info['screen_name'];
 		
 		$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
 		$_FILES['userfile'] = $_FILES['media'];
@@ -872,7 +872,7 @@ require_once('include/api_auth.php');
 						// upload each image if we have any
 						$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
 						require_once('mod/wall_attach.php');
-						$a->data['api_info'] = $user_info;
+						App::$data['api_info'] = $user_info;
 						$media = wall_attach_post($a);
 
 						if(strlen($media)>0)
@@ -885,7 +885,7 @@ require_once('include/api_auth.php');
 					// upload each image if we have any
 					$_REQUEST['silent']='1'; //tell wall_upload function to return img info instead of echo
 					require_once('mod/wall_attach.php');
-					$a->data['api_info'] = $user_info;
+					App::$data['api_info'] = $user_info;
 					$media = wall_attach_post($a);
 
 					if(strlen($media)>0)
@@ -960,7 +960,7 @@ require_once('include/api_auth.php');
 		$arr['records'] = 999999;
 		$arr['item_type'] = '*';
 
-		$i = items_fetch($arr,$a->get_channel(),get_observer_hash());
+		$i = items_fetch($arr,App::get_channel(),get_observer_hash());
 
 		if(! $i)
 			json_return_and_die(array());
@@ -1230,7 +1230,7 @@ require_once('include/api_auth.php');
 			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
 
 		if (api_user() != $user_info['uid']) {
-			$observer = get_app()->get_observer();
+			$observer = App::get_observer();
 			require_once('include/permissions.php');
 			if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
 				return '';
@@ -1272,8 +1272,8 @@ require_once('include/api_auth.php');
 				break;
 			case "as":
 				$as = api_format_as($a, $ret, $user_info);
-				$as['title'] = $a->config['sitename']." Home Timeline";
-				$as['link']['url'] = $a->get_baseurl()."/".$user_info["screen_name"]."/all";
+				$as['title'] = App::$config['sitename']." Home Timeline";
+				$as['link']['url'] = z_root()."/".$user_info["screen_name"]."/all";
 				return($as);
 				break;
 		}
@@ -1333,8 +1333,8 @@ require_once('include/api_auth.php');
 				break;
 			case "as":
 				$as = api_format_as($a, $ret, $user_info);
-				$as['title'] = $a->config['sitename']. " " . t('Public Timeline');
-				$as['link']['url'] = $a->get_baseurl()."/";
+				$as['title'] = App::$config['sitename']. " " . t('Public Timeline');
+				$as['link']['url'] = z_root()."/";
 				return($as);
 				break;
 		}
@@ -1409,7 +1409,7 @@ require_once('include/api_auth.php');
 
 		//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
 
-		$observer = get_app()->get_observer();
+		$observer = App::get_observer();
 
 		$item_normal = item_normal();
 
@@ -1526,7 +1526,7 @@ require_once('include/api_auth.php');
 
 		//$include_entities = (x($_REQUEST,'include_entities')?$_REQUEST['include_entities']:false);
 
-		$myurl = $a->get_baseurl() . '/channel/'. $a->user['nickname'];
+		$myurl = z_root() . '/channel/'. App::$user['nickname'];
 		$myurl = substr($myurl,strpos($myurl,'://')+3);
 		$myurl = str_replace(array('www.','.'),array('','\\.'),$myurl);
 		$diasp_url = str_replace('/channel/','/u/',$myurl);
@@ -1561,8 +1561,8 @@ require_once('include/api_auth.php');
 				break;
 			case "as":
 				$as = api_format_as($a, $ret, $user_info);
-				$as["title"] = $a->config['sitename']." Mentions";
-				$as['link']['url'] = $a->get_baseurl()."/";
+				$as["title"] = App::$config['sitename']." Mentions";
+				$as['link']['url'] = z_root()."/";
 				return($as);
 				break;
 		}
@@ -1633,7 +1633,7 @@ require_once('include/api_auth.php');
 			$arr['cid'] = $user_info['id'];
 
 
-		$r = items_fetch($arr,get_app()->get_channel(),get_observer_hash());
+		$r = items_fetch($arr,App::get_channel(),get_observer_hash());
 		
 		$ret = api_format_items($r,$user_info);
 
@@ -1752,7 +1752,7 @@ require_once('include/api_auth.php');
 			$sql_extra .= ' AND `item`.`parent` = `item`.`id`';
 
 		if (api_user() != $user_info['uid']) {
-			$observer = get_app()->get_observer();
+			$observer = App::get_observer();
 			require_once('include/permissions.php');
 			if(! perm_is_allowed($user_info['uid'],(($observer) ? $observer['xchan_hash'] : ''),'view_stream'))
 				return '';
@@ -1783,8 +1783,8 @@ require_once('include/api_auth.php');
 				break;
 			case "as":
 				$as = api_format_as($a, $ret, $user_info);
-				$as['title'] = $a->config['sitename']." Home Timeline";
-				$as['link']['url'] = $a->get_baseurl()."/".$user_info["screen_name"]."/all";
+				$as['title'] = App::$config['sitename']." Home Timeline";
+				$as['link']['url'] = z_root()."/".$user_info["screen_name"]."/all";
 				return($as);
 				break;
 		}
@@ -1801,7 +1801,7 @@ require_once('include/api_auth.php');
 	function api_format_as($a, $ret, $user_info) {
 
 		$as = array();
-		$as['title'] = $a->config['sitename']." Public Timeline";
+		$as['title'] = App::$config['sitename']." Public Timeline";
 		$items = array();
 		foreach ($ret as $item) {
 			$singleitem["actor"]["displayName"] = $item["user"]["name"];
@@ -1857,7 +1857,7 @@ require_once('include/api_auth.php');
 				$items[] = $singleitem;
 		}
 		$as['items'] = $items;
-		$as['link']['url'] = $a->get_baseurl()."/".$user_info["screen_name"]."/all";
+		$as['link']['url'] = z_root()."/".$user_info["screen_name"]."/all";
 		$as['link']['rel'] = "alternate";
 		$as['link']['type'] = "text/html";
 		return($as);
@@ -1978,8 +1978,8 @@ require_once('include/api_auth.php');
 					'entities'     => '',
 					'objecttype'   => (($item['obj_type']) ? $item['obj_type'] : ACTIVITY_OBJ_NOTE),
 					'verb'         => (($item['verb']) ? $item['verb'] : ACTIVITY_POST),
-					'self'         => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
-					'edit'         => $a->get_baseurl()."/api/statuses/show/".$item['id'].".".$type,
+					'self'         => z_root()."/api/statuses/show/".$item['id'].".".$type,
+					'edit'         => z_root()."/api/statuses/show/".$item['id'].".".$type,
 				);
 
 				$status = array_merge($status, $status2);
@@ -2088,8 +2088,8 @@ require_once('include/api_auth.php');
 		load_config('system');
 
 		$name   = get_config('system','sitename');
-		$server = $a->get_hostname();
-		$logo   = $a->get_baseurl() . '/images/rm-64.png';
+		$server = App::get_hostname();
+		$logo   = z_root() . '/images/rm-64.png';
 		$email  = get_config('system','admin_email');
 		$closed = ((get_config('system','register_policy') == REGISTER_CLOSED) ? 'true' : 'false');
 		$private = ((get_config('system','block_public')) ? 'true' : 'false');
@@ -2097,7 +2097,7 @@ require_once('include/api_auth.php');
 		if(get_config('system','api_import_size'))
 			$texlimit = string(get_config('system','api_import_size'));
 		$ssl = ((get_config('system','have_ssl')) ? 'true' : 'false');
-		$sslserver = (($ssl === 'true') ? str_replace('http:','https:',$a->get_baseurl()) : '');
+		$sslserver = (($ssl === 'true') ? str_replace('http:','https:',z_root()) : '');
 
 		$config = array(
 			'site' => array('name' => $name,'server' => $server, 'theme' => 'default', 'path' => '',
@@ -2270,9 +2270,9 @@ require_once('include/api_auth.php');
 		if ($page<0) $page=0;
 		
 		$start = $page*$count;
-		$channel = $a->get_channel();		
+		$channel = App::get_channel();		
 
-		$profile_url = $a->get_baseurl() . '/channel/' . $channel['channel_address'];
+		$profile_url = z_root() . '/channel/' . $channel['channel_address'];
 		if ($box=="sentbox") {
 			$sql_extra = "`from_xchan`='".dbesc( $channel['channel_hash'] )."'";
 		}

include/api_auth.php

@@ -20,9 +20,9 @@ function api_login(&$a){
 		if (!is_null($token)){
 			$oauth->loginUser($token->uid);
 
-			$a->set_oauth_key($consumer->key);
+			App::set_oauth_key($consumer->key);
 
-			call_hooks('logged_in', $a->user);
+			call_hooks('logged_in', App::$user);
 			return;
 		}
 		killme();

include/apps.php

@@ -48,12 +48,12 @@ function parse_app_description($f) {
 	$ret = array();
 
 	$baseurl = z_root();
-	$channel = get_app()->get_channel();
+	$channel = App::get_channel();
 	$address = (($channel) ? $channel['channel_address'] : '');
 		
 	//future expansion
 
-	$observer = get_app()->get_observer();
+	$observer = App::get_observer();
 	
 
 	$lines = @file($f);
@@ -217,7 +217,7 @@ function app_render($papp,$mode = 'view') {
 							return '';
 						break;
 					case 'observer':
-						$observer = get_app()->get_observer();
+						$observer = App::get_observer();
 						if(! $observer)
 							return '';
 						break;
@@ -239,7 +239,7 @@ function app_render($papp,$mode = 'view') {
 		$hosturl = z_root() . '/';
 	}
 	elseif(remote_channel()) {
-		$observer = get_app()->get_observer();
+		$observer = App::get_observer();
 		if($observer && $observer['xchan_network'] === 'zot') {
 			// some folks might have xchan_url redirected offsite, use the connurl
 			$x = parse_url($observer['xchan_connurl']);
@@ -354,7 +354,7 @@ function app_store($arr) {
 	}
 
 
-	$darray['app_id']       = ((x($arr,'guid'))     ? $arr['guid'] : random_string(). '.' . get_app()->get_hostname());
+	$darray['app_id']       = ((x($arr,'guid'))     ? $arr['guid'] : random_string(). '.' . App::get_hostname());
 	$darray['app_sig']      = ((x($arr,'sig'))      ? $arr['sig'] : '');
 	$darray['app_author']   = ((x($arr,'author'))   ? $arr['author'] : get_observer_hash());
 	$darray['app_name']     = ((x($arr,'name'))     ? escape_tags($arr['name']) : t('Unknown'));

include/attach.php

@@ -846,7 +846,7 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 
 	// Caution: This re-uses $sql_options set further above
 
-	$r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' $sql_options limit 1",
+	$r = q("select * from attach where uid = %d and hash = '%s' $sql_options limit 1",
 		intval($channel_id),
 		dbesc($hash)
 	);
@@ -864,6 +864,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) {
 		// This would've been called already with a success result in photos_upload() if it was a photo.
 		call_hooks('photo_upload_end',$ret);
 	}
+
+	$sync = attach_export_data($channel,$hash);
+
+	if($sync) 
+		build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+
 	return $ret;
 }
 
@@ -1477,7 +1483,7 @@ function file_activity($channel_id, $object, $allow_cid, $allow_gid, $deny_cid,
 
 	require_once('include/items.php');
 
-	$poster = get_app()->get_observer();
+	$poster = App::get_observer();
 
 	//if we got no object something went wrong
 	if(!$object)
@@ -1696,7 +1702,7 @@ function recursive_activity_recipients($arr_allow_cid, $arr_allow_gid, $arr_deny
 	$ret = array();
 	$parent_arr = array();
 	$count_values = array();
-	$poster = get_app()->get_observer();
+	$poster = App::get_observer();
 
 	//turn allow_gid into allow_cid's
 	foreach($arr_allow_gid as $gid) {
@@ -1814,3 +1820,89 @@ function filepath_macro($s) {
 
 }
 
+function attach_export_data($channel, $resource_id, $deleted = false) {
+
+	$ret = array();
+
+	$paths = array();
+
+	$hash_ptr = $resource_id;
+
+	$ret['fetch_url'] = z_root() . '/getfile';
+	$ret['original_channel'] = $channel['channel_address'];
+
+
+	if($deleted) {
+		$ret['attach'] = array(array('hash' => $resource_id, 'deleted' => 1));
+		return $ret;
+	}
+
+	do {
+		$r = q("select * from attach where hash = '%s' and uid = %d limit 1",
+			dbesc($hash_ptr),
+			intval($channel['channel_id'])
+		);
+		if(! $r)
+			break;
+
+		if($hash_ptr === $resource_id) {
+			$attach_ptr = $r[0];
+		}
+
+		$hash_ptr = $r[0]['folder'];
+		$paths[] = $r[0];
+	} while($hash_ptr);
+
+
+
+
+	$paths = array_reverse($paths);
+
+	$ret['attach'] = $paths;
+
+
+	if($attach_ptr['is_photo']) {
+		$r = q("select * from photo where resource_id = '%s' and uid = %d order by scale asc",
+			dbesc($resource_id),
+			intval($channel['channel_id'])
+		);
+		if($r) {
+			for($x = 0; $x < count($r); $x ++) {
+				$r[$x]['data'] = base64_encode($r[$x]['data']);
+			}
+			$ret['photo'] = $r;
+		}
+
+		$r = q("select * from item where resource_id = '%s' and resource_type = 'photo' and uid = %d ",
+			dbesc($resource_id),
+			intval($channel['channel_id'])
+		);
+		if($r) {
+			$ret['item'] = array();
+			$items = q("select item.*, item.id as item_id from item where item.parent = %d ",
+				intval($r[0]['id'])
+			);
+			if($items) {
+				xchan_query($items);
+				$items = fetch_post_tags($items,true);
+				foreach($items as $rr)
+					$ret['item'][] = encode_item($rr,true);
+			}
+		}
+	}
+
+	return $ret;
+
+}
+
+
+/* strip off 'store/nickname/' from the provided path */
+
+function get_attach_binname($s) {
+	$p = $s;
+	if(strpos($s,'store/') === 0) {
+		$p = substr($s,6);
+		$p = substr($p,strpos($p,'/')+1);
+	}
+	return $p;
+}

include/auth.php

@@ -12,33 +12,6 @@
 require_once('include/api_auth.php');
 require_once('include/security.php');
 
-/**
- * @brief Resets the current session.
- *
- * @return void
- */
-function nuke_session() {
-	new_cookie(0); // 0 means delete on browser exit
-
-	unset($_SESSION['authenticated']);
-	unset($_SESSION['account_id']);
-	unset($_SESSION['uid']);
-	unset($_SESSION['visitor_id']);
-	unset($_SESSION['administrator']);
-	unset($_SESSION['cid']);
-	unset($_SESSION['theme']);
-	unset($_SESSION['mobile_theme']);
-	unset($_SESSION['show_mobile']);
-	unset($_SESSION['page_flags']);
-	unset($_SESSION['delegate']);
-	unset($_SESSION['delegate_channel']);
-	unset($_SESSION['my_url']);
-	unset($_SESSION['my_address']);
-	unset($_SESSION['addr']);
-	unset($_SESSION['return_url']);
-	unset($_SESSION['remote_service_class']);
-	unset($_SESSION['remote_hub']);
-}
 
 /**
  * @brief Verify login credentials.
@@ -124,11 +97,11 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 
 	// process a logout request
 
-	if(((x($_POST, 'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
+	if(((x($_POST, 'auth-params')) && ($_POST['auth-params'] === 'logout')) || (App::$module === 'logout')) {
 		// process logout request
 		$args = array('channel_id' => local_channel());
 		call_hooks('logging_out', $args);
-		nuke_session();
+		\Zotlabs\Web\Session::nuke();
 		info( t('Logged out.') . EOL);
 		goaway(z_root());
 	}
@@ -144,7 +117,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 				intval(ACCOUNT_ROLE_ADMIN)
 			);
 			if($x) {
-				new_cookie(60 * 60 * 24); // one day
+				\Zotlabs\Web\Session::new_cookie(60 * 60 * 24); // one day
 				$_SESSION['last_login_date'] = datetime_convert();
 				unset($_SESSION['visitor_id']); // no longer a visitor
 				authenticate_success($x[0], true, true);
@@ -155,75 +128,41 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 			dbesc($_SESSION['visitor_id'])
 		);
 		if($r) {
-			get_app()->set_observer($r[0]);
+			App::set_observer($r[0]);
 		}
 		else {
 			unset($_SESSION['visitor_id']);
 			unset($_SESSION['authenticated']);
 		}
-		$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
+		App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
 	}
 
 	// already logged in user returning
 
 	if(x($_SESSION, 'uid') || x($_SESSION, 'account_id')) {
 
-		// first check if we're enforcing that sessions can't change IP address
-		// @todo what to do with IPv6 addresses
-		if($_SESSION['addr'] && $_SESSION['addr'] != $_SERVER['REMOTE_ADDR']) {
-			logger('SECURITY: Session IP address changed: ' . $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-
-			$partial1 = substr($_SESSION['addr'], 0, strrpos($_SESSION['addr'], '.')); 
-			$partial2 = substr($_SERVER['REMOTE_ADDR'], 0, strrpos($_SERVER['REMOTE_ADDR'], '.')); 
-
-			$paranoia = intval(get_pconfig($_SESSION['uid'], 'system', 'paranoia'));
-			if(! $paranoia)
-				$paranoia = intval(get_config('system', 'paranoia'));
-
-			switch($paranoia) {
-				case 0:
-					// no IP checking
-					break;
-				case 2:
-					// check 2 octets
-					$partial1 = substr($partial1, 0, strrpos($partial1, '.'));
-					$partial2 = substr($partial2, 0, strrpos($partial2, '.'));
-					if($partial1 == $partial2)
-						break;
-				case 1:
-					// check 3 octets
-					if($partial1 == $partial2)
-						break;
-				case 3:
-				default:
-					// check any difference at all
-					logger('Session address changed. Paranoid setting in effect, blocking session. '
-					. $_SESSION['addr'] . ' != ' . $_SERVER['REMOTE_ADDR']);
-					nuke_session();
-					goaway(z_root());
-					break;
-			}
-		}
+		Zotlabs\Web\Session::return_check();
 
 		$r = q("select * from account where account_id = %d limit 1",
 			intval($_SESSION['account_id'])
 		);
 
 		if(($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED))) {
-			get_app()->account = $r[0];
+			App::$account = $r[0];
 			$login_refresh = false;
 			if(! x($_SESSION,'last_login_date')) {
 				$_SESSION['last_login_date'] = datetime_convert('UTC','UTC');
 			}
 			if(strcmp(datetime_convert('UTC','UTC','now - 12 hours'), $_SESSION['last_login_date']) > 0 ) {
 				$_SESSION['last_login_date'] = datetime_convert();
+				Zotlabs\Web\Session::extend_cookie();
 				$login_refresh = true;
 			}
 			authenticate_success($r[0], false, false, false, $login_refresh);
 		}
 		else {
 			$_SESSION['account_id'] = 0;
-			nuke_session();
+			\Zotlabs\Web\Session::nuke();
 			goaway(z_root());
 		}
 	} // end logged in user returning
@@ -231,7 +170,7 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
 else {
 
 	if(isset($_SESSION)) {
-		nuke_session();
+		\Zotlabs\Web\Session::nuke();
 	}
 
 	// handle a fresh login request
@@ -264,16 +203,16 @@ else {
 			$record = $addon_auth['user_record'];
 		}
 		else {
-			$record = get_app()->account = account_verify_password($_POST['username'], $_POST['password']);
+			$record = App::$account = account_verify_password($_POST['username'], $_POST['password']);
 
-			if(get_app()->account) {
-				$_SESSION['account_id'] = get_app()->account['account_id'];
+			if(App::$account) {
+				$_SESSION['account_id'] = App::$account['account_id'];
 			}
 			else {
 				notice( t('Failed authentication') . EOL);
 			}
 
-			logger('authenticate: ' . print_r(get_app()->account, true), LOGGER_DEBUG);
+			logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
 		}
 
 		if((! $record) || (! count($record))) {
@@ -301,11 +240,13 @@ else {
 		// (i.e. expire when the browser is closed), even when there's a time expiration
 		// on the cookie
 
-		if($_POST['remember']) {
-			new_cookie(31449600); // one year
+		if($_POST['remember_me']) {
+			$_SESSION['remember_me'] = 1;
+			\Zotlabs\Web\Session::new_cookie(31449600); // one year
 		}
 		else {
-			new_cookie(0); // 0 means delete on browser exit
+			$_SESSION['remember_me'] = 0;
+			\Zotlabs\Web\Session::new_cookie(0); // 0 means delete on browser exit
 		}
 
 		// if we haven't failed up this point, log them in.

include/bb2diaspora.php

@@ -473,7 +473,7 @@ function format_event_diaspora($ev) {
 			$ev['start'] , $bd_format ))
 			:  day_translate(datetime_convert('UTC', 'UTC', 
 			$ev['start'] , $bd_format)))
-		.  '](' . $a->get_baseurl() . '/localtime/?f=&time=' . urlencode(datetime_convert('UTC','UTC',$ev['start'])) . ")\n";
+		.  '](' . z_root() . '/localtime/?f=&time=' . urlencode(datetime_convert('UTC','UTC',$ev['start'])) . ")\n";
 
 	if(! $ev['nofinish'])
 		$o .= t('Finishes:') . ' ' . '[' 
@@ -481,7 +481,7 @@ function format_event_diaspora($ev) {
 				$ev['finish'] , $bd_format ))
 				:  day_translate(datetime_convert('UTC', 'UTC', 
 				$ev['finish'] , $bd_format )))
-			. '](' . $a->get_baseurl() . '/localtime/?f=&time=' . urlencode(datetime_convert('UTC','UTC',$ev['finish'])) . ")\n";
+			. '](' . z_root() . '/localtime/?f=&time=' . urlencode(datetime_convert('UTC','UTC',$ev['finish'])) . ")\n";
 
 	if(strlen($ev['location']))
 		$o .= t('Location:') . bb2diaspora($ev['location']) 

include/bbcode.php

@@ -37,7 +37,7 @@ function tryzrlvideo($match) {
 	if($zrl)
 		$link = zid($link);
 
-	return '<video controls="controls" preload="none" src="' . str_replace(' ','%20',$link) . '" style="width:100%; max-width:' . get_app()->videowidth . 'px"><a href="' . str_replace(' ','%20',$link) . '">' . $link . '</a></video>';
+	return '<video controls="controls" preload="none" src="' . str_replace(' ','%20',$link) . '" style="width:100%; max-width:' . App::$videowidth . 'px"><a href="' . str_replace(' ','%20',$link) . '">' . $link . '</a></video>';
 }
 
 // [noparse][i]italic[/i][/noparse] turns into
@@ -243,9 +243,7 @@ function bb_ShareAttributes($match) {
 	if ($matches[1] != "")
 		$message_id = $matches[1];
 
-
-	/** @FIXME - this should really be a wall-item-ago so it will get updated on the client */
-	$reldate = (($posted) ? relative_date($posted) : ''); 
+	$reldate = '<span class="autotime" title="' . datetime_convert('UTC', date_default_timezone_get(), $posted, 'c') . '" >' . datetime_convert('UTC', date_default_timezone_get(), $posted, 'r') . '</span>';
 
 	$headline = '<div class="shared_container"> <div class="shared_header">';
 
@@ -280,9 +278,9 @@ function bb_location($match) {
 function bb_iframe($match) {
 	$a = get_app();
 
-	$sandbox = ((strpos($match[1], $a->get_hostname())) ? ' sandbox="allow-scripts" ' : '');
+	$sandbox = ((strpos($match[1], App::get_hostname())) ? ' sandbox="allow-scripts" ' : '');
 
-	return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+	return '<iframe ' . $sandbox . ' src="' . $match[1] . '" width="' . App::$videowidth . '" height="' . App::$videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
 }
 
 function bb_ShareAttributesSimple($match) {
@@ -315,9 +313,9 @@ function bb_ShareAttributesSimple($match) {
 
 function rpost_callback($match) {
 	if ($match[2]) {
-		return str_replace($match[0], get_rpost_path(get_app()->get_observer()) . '&title=' . urlencode($match[2]) . '&body=' . urlencode($match[3]), $match[0]);
+		return str_replace($match[0], get_rpost_path(App::get_observer()) . '&title=' . urlencode($match[2]) . '&body=' . urlencode($match[3]), $match[0]);
 	} else {
-		return str_replace($match[0], get_rpost_path(get_app()->get_observer()) . '&body=' . urlencode($match[3]), $match[0]);
+		return str_replace($match[0], get_rpost_path(App::get_observer()) . '&body=' . urlencode($match[3]), $match[0]);
 	}
 }
 
@@ -401,7 +399,7 @@ function bb_observer($Text) {
 
 	$a = get_app();
 
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 
 	if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) {
 		if ($observer) {
@@ -415,7 +413,7 @@ function bb_observer($Text) {
 		}
 	}
 
-	$channel = $a->get_channel();
+	$channel = App::get_channel();
 
 	if (strpos($Text,'[/channel]') !== false) {
 		if ($channel) {
@@ -477,7 +475,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 	if($cache)
 		$observer = false;
 	else
-		$observer = $a->get_observer();
+		$observer = App::get_observer();
 
 	if ((strpos($Text,'[/observer]') !== false) || (strpos($Text,'[/rpost]') !== false)) {
 		if ($observer) {
@@ -494,7 +492,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 	if($cache)
 		$channel = false;
 	else
-		$channel = $a->get_channel();
+		$channel = App::get_channel();
 
 	if (strpos($Text,'[/channel]') !== false) {
 		if ($channel) {
@@ -593,6 +591,11 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 		$Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<a class="zrl" href="$1" target="_blank" >$1</a>', $Text);
 		$Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<a class="zrl" href="$1" target="_blank" >$2</a>', $Text);
 	}
+
+	// Remove bookmarks from UNO
+	if (UNO)
+		$Text = str_replace('<span class="bookmark-identifier">#^</span>', '', $Text);
+
 	// Perform MAIL Search
 	if (strpos($Text,'[/mail]') !== false) {
 		$Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1" target="_blank" >$1</a>', $Text);
@@ -845,7 +848,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 	// crypt
 	if (strpos($Text,'[/crypt]') !== false) {
 		$x = random_string();
-		$Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br /><div id="' . $x . '"><img src="' .$a->get_baseurl() . '/images/lock_icon.gif" onclick="red_decrypt(\'rot13\',\'\',\'$1\',\'#' . $x . '\');" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br /></div>', $Text);
+		$Text = preg_replace("/\[crypt\](.*?)\[\/crypt\]/ism",'<br /><div id="' . $x . '"><img src="' .z_root() . '/images/lock_icon.gif" onclick="red_decrypt(\'rot13\',\'\',\'$1\',\'#' . $x . '\');" alt="' . t('Encrypted content') . '" title="' . t('Encrypted content') . '" /><br /></div>', $Text);
 		$Text = preg_replace_callback("/\[crypt (.*?)\](.*?)\[\/crypt\]/ism", 'bb_parse_crypt', $Text);
 	}
 
@@ -925,7 +928,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 //			$Text = preg_replace("/\[youtube\]https?:\/\/youtu.be\/(.*?)\[\/youtube\]/ism", '[youtube]$1[/youtube]', $Text);
 
 //		if ($tryoembed)
-//			$Text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", '<iframe width="' . $a->videowidth . '" height="' . $a->videoheight . '" src="http://www.youtube.com/embed/$1" frameborder="0"></iframe>', $Text);
+//			$Text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", '<iframe width="' . App::$videowidth . '" height="' . App::$videoheight . '" src="http://www.youtube.com/embed/$1" frameborder="0"></iframe>', $Text);
 //		else
 //			$Text = preg_replace("/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", "http://www.youtube.com/watch?v=$1", $Text);
 //	}
@@ -939,7 +942,7 @@ function bbcode($Text, $preserve_nl = false, $tryoembed = true, $cache = false)
 //		$Text = preg_replace("/\[vimeo\]https?:\/\/vimeo.com\/([0-9]+)(.*?)\[\/vimeo\]/ism", '[vimeo]$1[/vimeo]', $Text);
 
 //		if ($tryoembed)
-//			$Text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", '<iframe width="' . $a->videowidth . '" height="' . $a->videoheight . '" src="http://player.vimeo.com/video/$1" frameborder="0" ></iframe>', $Text);
+//			$Text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", '<iframe width="' . App::$videowidth . '" height="' . App::$videoheight . '" src="http://player.vimeo.com/video/$1" frameborder="0" ></iframe>', $Text);
 //		else
 //			$Text = preg_replace("/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", "http://vimeo.com/$1", $Text);
 //	}

include/chat.php

@@ -202,7 +202,7 @@ function chatroom_list($uid) {
 	require_once('include/security.php');
 	$sql_extra = permissions_sql($uid);
 
-	$r = q("select cr_name, cr_id, count(cp_id) as cr_inroom from chatroom left join chatpresence on cr_id = cp_room where cr_uid = %d $sql_extra group by cr_name, cr_id order by cr_name",
+	$r = q("select allow_cid, allow_gid, deny_cid, deny_gid, cr_name, cr_expire, cr_id, count(cp_id) as cr_inroom from chatroom left join chatpresence on cr_id = cp_room where cr_uid = %d $sql_extra group by cr_name, cr_id order by cr_name",
 		intval($uid)
 	);
 

include/cli_startup.php

@@ -9,28 +9,32 @@ function cli_startup() {
 	global $a, $db, $default_timezone;
 
 	if(is_null($a)) {
-		$a = new App;
+		$a = new miniApp;
 	}
+
+	App::init();
   
 	if(is_null($db)) {
 	    @include(".htconfig.php");
 
+		$a->convert();
+
 		if(! defined('UNO'))
 			define('UNO', 0);
 
-		$a->timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
-		date_default_timezone_set($a->timezone);
+		App::$timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
+		date_default_timezone_set(App::$timezone);
 
     	require_once('include/dba/dba_driver.php');
 	    $db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
     	unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
   	};
 
-	require_once('include/session.php');
+	\Zotlabs\Web\Session::init();
 
 	load_config('system');
 
-	$a->set_baseurl(get_config('system','baseurl'));
+	App::set_baseurl(get_config('system','baseurl'));
 
 	load_hooks();
 

include/comanche.php

@@ -56,34 +56,34 @@ function comanche_parser(&$a, $s, $pass = 0) {
 	if($pass == 0) {
 		$cnt = preg_match("/\[layout\](.*?)\[\/layout\]/ism", $s, $matches);
 		if($cnt)
-			$a->page['template'] = trim($matches[1]);
+			App::$page['template'] = trim($matches[1]);
 
 		$cnt = preg_match("/\[template=(.*?)\](.*?)\[\/template\]/ism", $s, $matches);
 		if($cnt) {
-			$a->page['template'] = trim($matches[2]);
-			$a->page['template_style'] = trim($matches[2]) . '_' . $matches[1]; 
+			App::$page['template'] = trim($matches[2]);
+			App::$page['template_style'] = trim($matches[2]) . '_' . $matches[1]; 
 		}
 
 		$cnt = preg_match("/\[template\](.*?)\[\/template\]/ism", $s, $matches);
 		if($cnt) {
-			$a->page['template'] = trim($matches[1]);
+			App::$page['template'] = trim($matches[1]);
 		}
 
 		$cnt = preg_match("/\[theme=(.*?)\](.*?)\[\/theme\]/ism", $s, $matches);
 		if($cnt) {
-			$a->layout['schema'] = trim($matches[1]);
-			$a->layout['theme'] = trim($matches[2]);
+			App::$layout['schema'] = trim($matches[1]);
+			App::$layout['theme'] = trim($matches[2]);
 		}
 
 		$cnt = preg_match("/\[theme\](.*?)\[\/theme\]/ism", $s, $matches);
 		if($cnt)
-			$a->layout['theme'] = trim($matches[1]);
+			App::$layout['theme'] = trim($matches[1]);
 
 		$cnt = preg_match_all("/\[webpage\](.*?)\[\/webpage\]/ism", $s, $matches, PREG_SET_ORDER);
 		if($cnt) {
 			// only the last webpage definition is used if there is more than one
 			foreach($matches as $mtch) {
-				$a->layout['webpage'] = comanche_webpage($a,$mtch[1]);
+				App::$layout['webpage'] = comanche_webpage($a,$mtch[1]);
 			}
 		}
 
@@ -92,7 +92,7 @@ function comanche_parser(&$a, $s, $pass = 0) {
 		$cnt = preg_match_all("/\[region=(.*?)\](.*?)\[\/region\]/ism", $s, $matches, PREG_SET_ORDER);
 		if($cnt) {
 			foreach($matches as $mtch) {
-				$a->layout['region_' . $mtch[1]] = comanche_region($a,$mtch[2]);
+				App::$layout['region_' . $mtch[1]] = comanche_region($a,$mtch[2]);
 			}
 		}
 
@@ -122,8 +122,8 @@ function comanche_menu($s, $class = '') {
 
 function comanche_replace_region($match) {
 	$a = get_app();
-	if (array_key_exists($match[1], $a->page)) {
-		return $a->page[$match[1]];
+	if (array_key_exists($match[1], App::$page)) {
+		return App::$page[$match[1]];
 	}
 }
 
@@ -136,7 +136,7 @@ function comanche_replace_region($match) {
  * @return channel_id
  */
 function comanche_get_channel_id() {
-	$channel_id = ((is_array(get_app()->profile)) ? get_app()->profile['profile_uid'] : 0);
+	$channel_id = ((is_array(App::$profile)) ? App::$profile['profile_uid'] : 0);
 
 	if ((! $channel_id) && (local_channel()))
 		$channel_id = local_channel();
@@ -190,7 +190,7 @@ function comanche_block($s, $class = '') {
 			}
 
 			if(trim($r[0]['body']) === '$content') {
-				$o .= get_app()->page['content'];
+				$o .= App::$page['content'];
 			}
 			else {
 				$o .= prepare_text($r[0]['body'], $r[0]['mimetype']);
@@ -378,6 +378,6 @@ function comanche_region(&$a, $s) {
 
 
 function register_page_template($arr) {
-	get_app()->page_layouts[$arr['template']] = array($arr['variant']);
+	App::$page_layouts[$arr['template']] = array($arr['variant']);
 	return;
 }

include/config.php

@@ -22,7 +22,7 @@
  * an identifier. This is for example for people who do not have a local account.
  * The storage is of size MEDIUMTEXT.
  * @code{.php}
- * $observer = $a->get_observer_hash();
+ * $observer = App::get_observer_hash();
  * if ($observer) {
  *     $var = get_xconfig($observer, 'category', 'key');
  * }@endcode
@@ -38,7 +38,7 @@
  * @brief Loads the hub's configuration from database to a cached storage.
  *
  * Retrieve a category ($family) of config variables from database to a cached
- * storage in the global $a->config[$family].
+ * storage in the global App::$config[$family].
  *
  * @param string $family
  *  The category of the configuration value
@@ -46,19 +46,19 @@
 function load_config($family) {
 	global $a;
 
-	if(! array_key_exists($family, $a->config))
-		$a->config[$family] = array();
+	if(! array_key_exists($family, App::$config))
+		App::$config[$family] = array();
 
-	if(! array_key_exists('config_loaded', $a->config[$family])) {
+	if(! array_key_exists('config_loaded', App::$config[$family])) {
 		$r = q("SELECT * FROM config WHERE cat = '%s'", dbesc($family));
 		if($r !== false) {
 			if($r) {
 				foreach($r as $rr) {
 					$k = $rr['k'];
-					$a->config[$family][$k] = $rr['v'];
+					App::$config[$family][$k] = $rr['v'];
 				}
 			}
-			$a->config[$family]['config_loaded'] = true;
+			App::$config[$family]['config_loaded'] = true;
 		}
 	} 
 }
@@ -68,7 +68,7 @@ function load_config($family) {
  * and a key.
  *
  * Get a particular config variable from the given category ($family) and the
- * $key from a cached storage in $a->config[$family]. If a key is found in the
+ * $key from a cached storage in App::$config[$family]. If a key is found in the
  * DB but does not exist in local config cache, pull it into the cache so we
  * do not have to hit the DB again for this item.
  * 
@@ -83,16 +83,16 @@ function load_config($family) {
 function get_config($family, $key) {
 	global $a;
 
-	if((! array_key_exists($family, $a->config)) || (! array_key_exists('config_loaded', $a->config[$family])))
+	if((! array_key_exists($family, App::$config)) || (! array_key_exists('config_loaded', App::$config[$family])))
 		load_config($family);
 
-	if(array_key_exists('config_loaded', $a->config[$family])) {
-		if(! array_key_exists($key, $a->config[$family])) {
+	if(array_key_exists('config_loaded', App::$config[$family])) {
+		if(! array_key_exists($key, App::$config[$family])) {
 			return false;		
 		}
-		return ((! is_array($a->config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', $a->config[$family][$key])) 
-			? unserialize($a->config[$family][$key])
-			: $a->config[$family][$key]
+		return ((! is_array(App::$config[$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', App::$config[$family][$key])) 
+			? unserialize(App::$config[$family][$key])
+			: App::$config[$family][$key]
 		);
 	}
 	return false;
@@ -148,7 +148,7 @@ function set_config($family, $key, $value) {
 			dbesc($dbvalue)
 		);
 		if($ret) {
-			$a->config[$family][$key] = $value;
+			App::$config[$family][$key] = $value;
 			$ret = $value;
 		}
 		return $ret;
@@ -161,7 +161,7 @@ function set_config($family, $key, $value) {
 	);
 
 	if($ret) {
-		$a->config[$family][$key] = $value;
+		App::$config[$family][$key] = $value;
 		$ret = $value;
 	}
 	return $ret;
@@ -170,7 +170,7 @@ function set_config($family, $key, $value) {
 /**
  * @brief Deletes the given key from the hub's configuration database.
  *
- * Removes the configured value from the stored cache in $a->config[$family]
+ * Removes the configured value from the stored cache in App::$config[$family]
  * and removes it from the database.
  *
  * @param string $family
@@ -183,8 +183,8 @@ function del_config($family, $key) {
 	global $a;
 	$ret = false;
 
-	if(array_key_exists($family, $a->config) && array_key_exists($key, $a->config[$family]))
-		unset($a->config[$family][$key]);
+	if(array_key_exists($family, App::$config) && array_key_exists($key, App::$config[$family]))
+		unset(App::$config[$family][$key]);
 		$ret = q("DELETE FROM config WHERE cat = '%s' AND k = '%s'",
 		dbesc($family),
 		dbesc($key)
@@ -197,7 +197,7 @@ function del_config($family, $key) {
  * @brief Loads all configuration values of a channel into a cached storage.
  *
  * All configuration values of the given channel are stored in global cache
- * which is available under the global variable $a->config[$uid].
+ * which is available under the global variable App::$config[$uid].
  *
  * @param string $uid
  *  The channel_id
@@ -209,8 +209,8 @@ function load_pconfig($uid) {
 	if($uid === false)
 		return false;
 
-	if(! array_key_exists($uid, $a->config))
-		$a->config[$uid] = array();
+	if(! array_key_exists($uid, App::$config))
+		App::$config[$uid] = array();
 
 	$r = q("SELECT * FROM pconfig WHERE uid = %d",
 		intval($uid)
@@ -220,11 +220,11 @@ function load_pconfig($uid) {
 		foreach($r as $rr) {
 			$k = $rr['k'];
 			$c = $rr['cat'];
-			if(! array_key_exists($c, $a->config[$uid])) {
-				$a->config[$uid][$c] = array();
-				$a->config[$uid][$c]['config_loaded'] = true;
+			if(! array_key_exists($c, App::$config[$uid])) {
+				App::$config[$uid][$c] = array();
+				App::$config[$uid][$c]['config_loaded'] = true;
 			}
-			$a->config[$uid][$c][$k] = $rr['v'];
+			App::$config[$uid][$c][$k] = $rr['v'];
 		}
 	}
 }
@@ -234,7 +234,7 @@ function load_pconfig($uid) {
  * ($family) and a key.
  *
  * Get a particular channel's config value from the given category ($family)
- * and the $key from a cached storage in $a->config[$uid].
+ * and the $key from a cached storage in App::$config[$uid].
  *
  * Returns false if not set.
  *
@@ -254,15 +254,15 @@ function get_pconfig($uid, $family, $key, $instore = false) {
 	if($uid === false)
 		return false;
 
-	if(! array_key_exists($uid, $a->config))
+	if(! array_key_exists($uid, App::$config))
 		load_pconfig($uid);
 
-	if((! array_key_exists($family, $a->config[$uid])) || (! array_key_exists($key, $a->config[$uid][$family])))
+	if((! array_key_exists($family, App::$config[$uid])) || (! array_key_exists($key, App::$config[$uid][$family])))
 		return false;
 
-	return ((! is_array($a->config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', $a->config[$uid][$family][$key])) 
-		? unserialize($a->config[$uid][$family][$key])
-		: $a->config[$uid][$family][$key]
+	return ((! is_array(App::$config[$uid][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', App::$config[$uid][$family][$key])) 
+		? unserialize(App::$config[$uid][$family][$key])
+		: App::$config[$uid][$family][$key]
 	);
 }
 
@@ -287,27 +287,38 @@ function get_pconfig($uid, $family, $key, $instore = false) {
 function set_pconfig($uid, $family, $key, $value) {
 	global $a;
 
+	// this catches subtle errors where this function has been called 
+	// with local_channel() when not logged in (which returns false)
+	// and throws an error in array_key_exists below. 
+	// we provide a function backtrace in the logs so that we can find
+	// and fix the calling function.
+
+	if($uid === false) {
+		btlogger('UID is FALSE!', LOGGER_NORMAL, LOG_ERR);
+		return;
+	}
+
 	// manage array value
 	$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 	$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
 	if(get_pconfig($uid, $family, $key) === false) {
-		if(! array_key_exists($uid, $a->config))
-			$a->config[$uid] = array();
-		if(! array_key_exists($family, $a->config[$uid]))
-			$a->config[$uid][$family] = array();
+		if(! array_key_exists($uid, App::$config))
+			App::$config[$uid] = array();
+		if(! array_key_exists($family, App::$config[$uid]))
+			App::$config[$uid][$family] = array();
 
 		// keep a separate copy for all variables which were
 		// set in the life of this page. We need this to
 		// synchronise channel clones.
 
-		if(! array_key_exists('transient', $a->config[$uid]))
-			$a->config[$uid]['transient'] = array();
-		if(! array_key_exists($family, $a->config[$uid]['transient']))
-			$a->config[$uid]['transient'][$family] = array();
+		if(! array_key_exists('transient', App::$config[$uid]))
+			App::$config[$uid]['transient'] = array();
+		if(! array_key_exists($family, App::$config[$uid]['transient']))
+			App::$config[$uid]['transient'][$family] = array();
 
-		$a->config[$uid][$family][$key] = $value;
-		$a->config[$uid]['transient'][$family][$key] = $value;
+		App::$config[$uid][$family][$key] = $value;
+		App::$config[$uid]['transient'][$family][$key] = $value;
 
 		$ret = q("INSERT INTO pconfig ( uid, cat, k, v ) VALUES ( %d, '%s', '%s', '%s' ) ",
 			intval($uid),
@@ -332,13 +343,13 @@ function set_pconfig($uid, $family, $key, $value) {
 	// set in the life of this page. We need this to
 	// synchronise channel clones.
 
-	if(! array_key_exists('transient', $a->config[$uid]))
-		$a->config[$uid]['transient'] = array();
-	if(! array_key_exists($family, $a->config[$uid]['transient']))
-		$a->config[$uid]['transient'][$family] = array();
+	if(! array_key_exists('transient', App::$config[$uid]))
+		App::$config[$uid]['transient'] = array();
+	if(! array_key_exists($family, App::$config[$uid]['transient']))
+		App::$config[$uid]['transient'][$family] = array();
 
-	$a->config[$uid][$family][$key] = $value;
-	$a->config[$uid]['transient'][$family][$key] = $value;
+	App::$config[$uid][$family][$key] = $value;
+	App::$config[$uid]['transient'][$family][$key] = $value;
 
 	if($ret)
 		return $value;
@@ -349,7 +360,7 @@ function set_pconfig($uid, $family, $key, $value) {
 /**
  * @brief Deletes the given key from the channel's configuration.
  *
- * Removes the configured value from the stored cache in $a->config[$uid]
+ * Removes the configured value from the stored cache in App::$config[$uid]
  * and removes it from the database.
  *
  * @param string $uid
@@ -364,8 +375,8 @@ function del_pconfig($uid, $family, $key) {
 	global $a;
 	$ret = false;
 
-	if (x($a->config[$uid][$family], $key))
-		unset($a->config[$uid][$family][$key]);
+	if (x(App::$config[$uid][$family], $key))
+		unset(App::$config[$uid][$family][$key]);
 		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
 		intval($uid),
 		dbesc($family),
@@ -380,7 +391,7 @@ function del_pconfig($uid, $family, $key) {
  * @brief Loads a full xchan's configuration into a cached storage.
  *
  * All configuration values of the given observer hash are stored in global
- * cache which is available under the global variable $a->config[$xchan].
+ * cache which is available under the global variable App::$config[$xchan].
  *
  * @param string $xchan
  *  The observer's hash
@@ -392,8 +403,8 @@ function load_xconfig($xchan) {
 	if(! $xchan)
 		return false;
 
-	if(! array_key_exists($xchan, $a->config))
-		$a->config[$xchan] = array();
+	if(! array_key_exists($xchan, App::$config))
+		App::$config[$xchan] = array();
 
 	$r = q("SELECT * FROM xconfig WHERE xchan = '%s'",
 		dbesc($xchan)
@@ -403,11 +414,11 @@ function load_xconfig($xchan) {
 		foreach($r as $rr) {
 			$k = $rr['k'];
 			$c = $rr['cat'];
-			if(! array_key_exists($c, $a->config[$xchan])) {
-				$a->config[$xchan][$c] = array();
-				$a->config[$xchan][$c]['config_loaded'] = true;
+			if(! array_key_exists($c, App::$config[$xchan])) {
+				App::$config[$xchan][$c] = array();
+				App::$config[$xchan][$c]['config_loaded'] = true;
 			}
-			$a->config[$xchan][$c][$k] = $rr['v'];
+			App::$config[$xchan][$c][$k] = $rr['v'];
 		}
 	}
 }
@@ -417,7 +428,7 @@ function load_xconfig($xchan) {
  * name ($family) and a key.
  *
  * Get a particular observer's config value from the given category ($family)
- * and the $key from a cached storage in $a->config[$xchan].
+ * and the $key from a cached storage in App::$config[$xchan].
  *
  * Returns false if not set.
  *
@@ -435,15 +446,15 @@ function get_xconfig($xchan, $family, $key) {
 	if(! $xchan)
 		return false;
 
-	if(! array_key_exists($xchan, $a->config))
+	if(! array_key_exists($xchan, App::$config))
 		load_xconfig($xchan);
 
-	if((! array_key_exists($family, $a->config[$xchan])) || (! array_key_exists($key, $a->config[$xchan][$family])))
+	if((! array_key_exists($family, App::$config[$xchan])) || (! array_key_exists($key, App::$config[$xchan][$family])))
 		return false;
 
-	return ((! is_array($a->config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', $a->config[$xchan][$family][$key])) 
-		? unserialize($a->config[$xchan][$family][$key])
-		: $a->config[$xchan][$family][$key]
+	return ((! is_array(App::$config[$xchan][$family][$key])) && (preg_match('|^a:[0-9]+:{.*}$|s', App::$config[$xchan][$family][$key])) 
+		? unserialize(App::$config[$xchan][$family][$key])
+		: App::$config[$xchan][$family][$key]
 	);
 }
 
@@ -473,12 +484,12 @@ function set_xconfig($xchan, $family, $key, $value) {
 	$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
 	if(get_xconfig($xchan, $family, $key) === false) {
-		if(! array_key_exists($xchan, $a->config))
-			$a->config[$xchan] = array();
-		if(! array_key_exists($family, $a->config[$xchan]))
-			$a->config[$xchan][$family] = array();
+		if(! array_key_exists($xchan, App::$config))
+			App::$config[$xchan] = array();
+		if(! array_key_exists($family, App::$config[$xchan]))
+			App::$config[$xchan][$family] = array();
 
-		$a->config[$xchan][$family][$key] = $value;
+		App::$config[$xchan][$family][$key] = $value;
 		$ret = q("INSERT INTO xconfig ( xchan, cat, k, v ) VALUES ( '%s', '%s', '%s', '%s' ) ",
 			dbesc($xchan),
 			dbesc($family),
@@ -497,7 +508,7 @@ function set_xconfig($xchan, $family, $key, $value) {
 		dbesc($key)
 	);
 
-	$a->config[$xchan][$family][$key] = $value;
+	App::$config[$xchan][$family][$key] = $value;
 
 	if($ret)
 		return $value;
@@ -507,7 +518,7 @@ function set_xconfig($xchan, $family, $key, $value) {
 /**
  * @brief Deletes the given key from the observer's config.
  *
- * Removes the configured value from the stored cache in $a->config[$xchan]
+ * Removes the configured value from the stored cache in App::$config[$xchan]
  * and removes it from the database.
  *
  * @param string $xchan
@@ -522,8 +533,8 @@ function del_xconfig($xchan, $family, $key) {
 	global $a;
 	$ret = false;
 
-	if(x($a->config[$xchan][$family], $key))
-		unset($a->config[$xchan][$family][$key]);
+	if(x(App::$config[$xchan][$family], $key))
+		unset(App::$config[$xchan][$family][$key]);
 	$ret = q("DELETE FROM xconfig WHERE xchan = '%s' AND cat = '%s' AND k = '%s'",
 		dbesc($xchan),
 		dbesc($family),

include/contact_selectors.php

@@ -73,16 +73,18 @@ function contact_poll_interval($current, $disabled = false) {
 function network_to_name($s) {
 
 	$nets = array(
-		NETWORK_DFRN     => t('Friendica'),
-		NETWORK_OSTATUS  => t('OStatus'),
-		NETWORK_FEED     => t('RSS/Atom'),
-		NETWORK_MAIL     => t('Email'),
-		NETWORK_DIASPORA => t('Diaspora'),
-		NETWORK_FACEBOOK => t('Facebook'),
-		NETWORK_ZOT      => t('Zot'),
-		NETWORK_LINKEDIN => t('LinkedIn'),
-		NETWORK_XMPP     => t('XMPP/IM'),
-		NETWORK_MYSPACE  => t('MySpace'),
+		NETWORK_DFRN      => t('Friendica'),
+		NETWORK_FRND      => t('Friendica'),
+		NETWORK_OSTATUS   => t('OStatus'),
+		NETWORK_GNUSOCIAL => t('GNU-Social'),
+		NETWORK_FEED      => t('RSS/Atom'),
+		NETWORK_MAIL      => t('Email'),
+		NETWORK_DIASPORA  => t('Diaspora'),
+		NETWORK_FACEBOOK  => t('Facebook'),
+		NETWORK_ZOT       => t('Zot'),
+		NETWORK_LINKEDIN  => t('LinkedIn'),
+		NETWORK_XMPP      => t('XMPP/IM'),
+		NETWORK_MYSPACE   => t('MySpace'),
 	);
 
 	call_hooks('network_to_name', $nets);

include/contact_widgets.php

@@ -10,7 +10,7 @@ function findpeople_widget() {
 	if(get_config('system','invitation_only')) {
 		$x = get_pconfig(local_channel(),'system','invites_remaining');
 		if($x || is_site_admin()) {
-			$a->page['aside'] .= '<div class="side-link" id="side-invite-remain">' 
+			App::$page['aside'] .= '<div class="side-link" id="side-invite-remain">' 
 			. sprintf( tt('%d invitation available','%d invitations available',$x), $x) 
 			. '</div>' . $inv;
 		}
@@ -68,7 +68,7 @@ function categories_widget($baseurl,$selected = '') {
 
 	$a = get_app();
 	
-	if(! feature_enabled($a->profile['profile_uid'],'categories'))
+	if(! feature_enabled(App::$profile['profile_uid'],'categories'))
 		return '';
 
 	$item_normal = item_normal();
@@ -83,9 +83,9 @@ function categories_widget($baseurl,$selected = '') {
 				and item.item_wall = 1
 				$item_normal
                 order by term.term asc",
-		intval($a->profile['profile_uid']),
+		intval(App::$profile['profile_uid']),
 	        intval(TERM_CATEGORY),
-	        dbesc($a->profile['channel_hash'])
+	        dbesc(App::$profile['channel_hash'])
 	);
 	if($r && count($r)) {
 		foreach($r as $rr)
@@ -126,7 +126,7 @@ function common_friends_visitor_widget($profile_uid) {
 
 	return replace_macros(get_markup_template('remote_friends_common.tpl'), array(
 		'$desc' =>  sprintf( tt("%d connection in common", "%d connections in common", $t), $t),
-		'$base' => $a->get_baseurl(),
+		'$base' => z_root(),
 		'$uid' => $profile_uid,
 		'$cid' => $observer,
 		'$linkmore' => (($t > 5) ? 'true' : ''),

include/conversation.php

@@ -54,7 +54,7 @@ function item_redir_and_replace_images($body, $images, $cid) {
 	$origbody = $body;
 	$newbody = '';
 
-	$observer = get_app()->get_observer();
+	$observer = App::get_observer();
 	$obhash = (($observer) ? $observer['xchan_hash'] : '');
 	$obaddr = (($observer) ? $observer['xchan_addr'] : '');
 
@@ -489,7 +489,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 
 			$live_update_div = '<div id="live-network"></div>' . "\r\n"
 				. "<script> var profile_uid = " . $_SESSION['uid']
-				. "; var netargs = '" . substr($a->cmd,8)
+				. "; var netargs = '" . substr(App::$cmd,8)
 				. '?f='
 				. ((x($_GET,'cid'))    ? '&cid='    . $_GET['cid']    : '')
 				. ((x($_GET,'search')) ? '&search=' . $_GET['search'] : '')
@@ -504,12 +504,12 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 				. ((x($_GET,'cmax'))   ? '&cmax='   . $_GET['cmax']   : '')
 				. ((x($_GET,'file'))   ? '&file='   . $_GET['file']   : '')
 				. ((x($_GET,'uri'))    ? '&uri='    . $_GET['uri']   : '')
-				. "'; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
+				. "'; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
 		}
 	}
 
 	elseif ($mode === 'channel') {
-		$profile_owner = $a->profile['profile_uid'];
+		$profile_owner = App::$profile['profile_uid'];
 		$page_writeable = ($profile_owner == local_channel());
 
 		if (!$update) {
@@ -519,8 +519,8 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 				// because browser prefetching might change it on us. We have to deliver it with the page.
 
 				$live_update_div = '<div id="live-channel"></div>' . "\r\n"
-					. "<script> var profile_uid = " . $a->profile['profile_uid']
-					. "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
+					. "<script> var profile_uid = " . App::$profile['profile_uid']
+					. "; var netargs = '?f='; var profile_page = " . App::$pager['page'] . "; </script>\r\n";
 			}
 		}
 	}
@@ -532,7 +532,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 	}
 
 	elseif ($mode === 'page') {
-		$profile_owner = $a->profile['uid'];
+		$profile_owner = App::$profile['uid'];
 		$page_writeable = ($profile_owner == local_channel());
 		$live_update_div = '<div id="live-page"></div>' . "\r\n";
 	}
@@ -542,11 +542,11 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 	}
 
 	elseif ($mode === 'photos') {
-		$profile_onwer = $a->profile['profile_uid'];
+		$profile_onwer = App::$profile['profile_uid'];
 		$page_writeable = ($profile_owner == local_channel());
 		$live_update_div = '<div id="live-photos"></div>' . "\r\n";
 		// for photos we've already formatted the top-level item (the photo)
-		$content_html = $a->data['photo_html'];
+		$content_html = App::$data['photo_html'];
 	}
 
 	$page_dropping = ((local_channel() && local_channel() == $profile_owner) ? true : false);
@@ -555,13 +555,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 		$page_dropping = false;
 
 
-	$channel = $a->get_channel();
-	$observer = $a->get_observer();
+	$channel = App::get_channel();
+	$observer = App::get_observer();
 
 	if($update)
 		$return_url = $_SESSION['return_url'];
 	else
-		$return_url = $_SESSION['return_url'] = $a->query_string;
+		$return_url = $_SESSION['return_url'] = App::$query_string;
 
 	load_contact_links(local_channel());
 
@@ -623,7 +623,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 					$nickname = $item['nickname'];
 				}
 				else
-					$nickname = $a->user['nickname'];
+					$nickname = App::$user['nickname'];
 
 				$profile_name   = ((strlen($item['author-name']))   ? $item['author-name']   : $item['name']);
 				if($item['author-link'] && (! $item['author-name']))
@@ -844,12 +844,12 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
 
 
 	$o .= replace_macros($page_template, array(
-		'$baseurl' => $a->get_baseurl($ssl_state),
+		'$baseurl' => z_root(),
 		'$photo_item' => $content_html,
 		'$live_update' => $live_update_div,
 		'$remove' => t('remove'),
 		'$mode' => $mode,
-		'$user' => $a->user,
+		'$user' => App::$user,
 		'$threads' => $threads,
 		'$wait' => t('Loading...'),
 		'$dropping' => ($page_dropping?t('Delete Selected Items'):False),
@@ -869,13 +869,13 @@ function best_link_url($item) {
 	$clean_url = normalise_link($item['author-link']);
 
 	if((local_channel()) && (local_channel() == $item['uid'])) {
-		if(isset($a->contacts) && x($a->contacts,$clean_url)) {
-			if($a->contacts[$clean_url]['network'] === NETWORK_DFRN) {
-				$best_url = $a->get_baseurl($ssl_state) . '/redir/' . $a->contacts[$clean_url]['id'];
+		if(isset(App::$contacts) && x(App::$contacts,$clean_url)) {
+			if(App::$contacts[$clean_url]['network'] === NETWORK_DFRN) {
+				$best_url = z_root() . '/redir/' . App::$contacts[$clean_url]['id'];
 				$sparkle = true;
 			}
 			else
-				$best_url = $a->contacts[$clean_url]['url'];
+				$best_url = App::$contacts[$clean_url]['url'];
 		}
 	}
 	if(! $best_url) {
@@ -907,9 +907,9 @@ function item_photo_menu($item){
 
 	if($local_channel) {
 		$ssl_state = true;
-		if(! count($a->contacts))
+		if(! count(App::$contacts))
 			load_contact_links($local_channel);
-		$channel = $a->get_channel();
+		$channel = App::get_channel();
 		$channel_hash = (($channel) ? $channel['channel_hash'] : '');
 	}
 
@@ -925,19 +925,19 @@ function item_photo_menu($item){
 
 	$profile_link = chanlink_hash($item['author_xchan']);
 	if($item['uid'] > 0)
-		$pm_url = $a->get_baseurl($ssl_state) . '/mail/new/?f=&hash=' . $item['author_xchan'];
+		$pm_url = z_root() . '/mail/new/?f=&hash=' . $item['author_xchan'];
 
-	if($a->contacts && array_key_exists($item['author_xchan'],$a->contacts))
-		$contact = $a->contacts[$item['author_xchan']];
+	if(App::$contacts && array_key_exists($item['author_xchan'],App::$contacts))
+		$contact = App::$contacts[$item['author_xchan']];
 	else
 		if($local_channel && $item['author']['xchan_addr'])
 			$follow_url = z_root() . '/follow/?f=&url=' . $item['author']['xchan_addr'];
 
 	if($contact) {
-		$poke_link = $a->get_baseurl($ssl_state) . '/poke/?f=&c=' . $contact['abook_id'];
+		$poke_link = z_root() . '/poke/?f=&c=' . $contact['abook_id'];
 		if (! intval($contact['abook_self']))  
-			$contact_url = $a->get_baseurl($ssl_state) . '/connedit/' . $contact['abook_id'];
-		$posts_link = $a->get_baseurl($ssl_state) . '/network/?cid=' . $contact['abook_id'];
+			$contact_url = z_root() . '/connedit/' . $contact['abook_id'];
+		$posts_link = z_root() . '/network/?cid=' . $contact['abook_id'];
 
 		$clean_url = normalise_link($item['author-link']);
 	}
@@ -1110,6 +1110,11 @@ function status_editor($a, $x, $popup = false) {
 
 	$o = '';
 
+	require_once('include/Contact.php');
+	$c = channelx_by_n($x['profile_uid']);
+	if($c && $c['channel_moved'])
+		return $o;
+
 	$geotag = (($x['allow_location']) ? replace_macros(get_markup_template('jot_geotag.tpl'), array()) : '');
 
 	$plaintext = true;
@@ -1154,9 +1159,9 @@ function status_editor($a, $x, $popup = false) {
 
 	$tpl = get_markup_template('jot-header.tpl');
 
-	$a->page['htmlhead'] .= replace_macros($tpl, array(
+	App::$page['htmlhead'] .= replace_macros($tpl, array(
 		'$newpost' => 'true',
-		'$baseurl' => $a->get_baseurl(true),
+		'$baseurl' => z_root(),
 		'$editselect' => (($plaintext) ? 'none' : '/(profile-jot-text|prvmail-text)/'),
 		'$pretext' => ((x($x,'pretext')) ? $x['pretext'] : ''),
 		'$geotag' => $geotag,
@@ -1168,7 +1173,9 @@ function status_editor($a, $x, $popup = false) {
 		'$term' => t('Tag term:'),
 		'$fileas' => t('Save to Folder:'),
 		'$whereareu' => t('Where are you right now?'),
-		'$expireswhen' => t('Expires YYYY-MM-DD HH:MM')
+		'$expireswhen' => t('Expires YYYY-MM-DD HH:MM'),
+		'$editor_autocomplete'=> ((x($x,'editor_autocomplete')) ? $x['editor_autocomplete'] : ''),
+		'$bbco_autocomplete'=> ((x($x,'bbco_autocomplete')) ? $x['bbco_autocomplete'] : ''),
 	));
 
 	$tpl = get_markup_template('jot.tpl');
@@ -1197,8 +1204,8 @@ function status_editor($a, $x, $popup = false) {
 	call_hooks('jot_networks', $jotnets);
 
 	$o .= replace_macros($tpl, array(
-		'$return_path' => ((x($x, 'return_path')) ? $x['return_path'] : $a->query_string),
-		'$action' =>  $a->get_baseurl(true) . '/item',
+		'$return_path' => ((x($x, 'return_path')) ? $x['return_path'] : App::$query_string),
+		'$action' =>  z_root() . '/item',
 		'$share' => (x($x,'button') ? $x['button'] : t('Share')),
 		'$webpage' => $webpage,
 		'$placeholdpagetitle' => ((x($x,'ptlabel')) ? $x['ptlabel'] : t('Page link name')),
@@ -1241,7 +1248,7 @@ function status_editor($a, $x, $popup = false) {
 		'$content' => ((x($x,'body')) ? htmlspecialchars($x['body'], ENT_COMPAT,'UTF-8') : ''),
 		'$attachment' => ((x($x, 'attachment')) ? $x['attachment'] : ''),
 		'$post_id' => '',
-		'$baseurl' => $a->get_baseurl(true),
+		'$baseurl' => z_root(),
 		'$defloc' => $x['default_location'],
 		'$visitor' => $x['visitor'],
 		'$public' => t('Public post'),
@@ -1269,6 +1276,7 @@ function status_editor($a, $x, $popup = false) {
 		'$expiryModalOK' => t('OK'),
 		'$expiryModalCANCEL' => t('Cancel'),
 		'$expanded' => ((x($x, 'expanded')) ? $x['expanded'] : false),
+		'$bbcode' => ((x($x, 'bbcode')) ? $x['bbcode'] : false)
 	));
 
 	if ($popup === true) {
@@ -1419,12 +1427,12 @@ function prepare_page($item) {
 	$a = get_app();
 	$naked = 1;
 //	$naked = ((get_pconfig($item['uid'],'system','nakedpage')) ? 1 : 0);
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 	//240 chars is the longest we can have before we start hitting problems with suhosin sites
 	$preview = substr(urlencode($item['body']), 0, 240);
-	$link = z_root() . '/' . $a->cmd;
-	if(array_key_exists('webpage',$a->layout) && array_key_exists('authored',$a->layout['webpage'])) {
-		if($a->layout['webpage']['authored'] === 'none')
+	$link = z_root() . '/' . App::$cmd;
+	if(array_key_exists('webpage',App::$layout) && array_key_exists('authored',App::$layout['webpage'])) {
+		if(App::$layout['webpage']['authored'] === 'none')
 			$naked = 1;
 		// ... other possible options
 	}
@@ -1503,7 +1511,7 @@ function network_tabs() {
 
 	if ($no_active=='active') $all_active='active';
 
-	$cmd = $a->cmd;
+	$cmd = App::$cmd;
 
 	// tabs
 	$tabs = array();
@@ -1587,16 +1595,17 @@ function network_tabs() {
 function profile_tabs($a, $is_owner = false, $nickname = null){
 
 	// Don't provide any profile tabs if we're running as the sys channel
-	if ($a->is_sys)
+
+	if (App::$is_sys)
 		return;
 
-	$channel = $a->get_channel();
+	$channel = App::get_channel();
 
 	if (is_null($nickname))
 		$nickname  = $channel['channel_address'];
 
 
-	$uid = (($a->profile['profile_uid']) ? $a->profile['profile_uid'] : local_channel());
+	$uid = ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : local_channel());
 
 	if($uid == local_channel()) {
 		$cal_link = '';
@@ -1612,8 +1621,8 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	if (x($_GET, 'tab'))
 		$tab = notags(trim($_GET['tab']));
 
-	$url = $a->get_baseurl() . '/channel/' . $nickname;
-	$pr  = $a->get_baseurl() . '/profile/' . $nickname;
+	$url = z_root() . '/channel/' . $nickname;
+	$pr  = z_root() . '/profile/' . $nickname;
 
 	$tabs = array(
 		array(
@@ -1639,14 +1648,14 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	if ($p['view_storage']) {
 		$tabs[] = array(
 			'label' => t('Photos'),
-			'url'   => $a->get_baseurl() . '/photos/' . $nickname,
+			'url'   => z_root() . '/photos/' . $nickname,
 			'sel'   => ((argv(0) == 'photos') ? 'active' : ''),
 			'title' => t('Photo Albums'),
 			'id'    => 'photo-tab',
 		);
 		$tabs[] = array(
 			'label' => t('Files'),
-			'url'   => $a->get_baseurl() . '/cloud/' . $nickname,
+			'url'   => z_root() . '/cloud/' . $nickname,
 			'sel'   => ((argv(0) == 'cloud' || argv(0) == 'sharedwithme') ? 'active' : ''),
 			'title' => t('Files and Storage'),
 			'id'    => 'files-tab',
@@ -1656,7 +1665,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	if($p['view_stream'] && $cal_link) {
 		$tabs[] = array(
 			'label' => t('Events'),
-			'url'   => $a->get_baseurl() . $cal_link,
+			'url'   => z_root() . $cal_link,
 			'sel'   => ((argv(0) == 'cal' || argv(0) == 'events') ? 'active' : ''),
 			'title' => t('Events'),
 			'id'    => 'event-tab',
@@ -1664,13 +1673,13 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	}
 
 
-	if ($p['chat']) {
+	if ($p['chat'] && feature_enabled($uid,'ajaxchat')) {
 		require_once('include/chat.php');
 		$has_chats = chatroom_list_count($uid);
 		if ($has_chats) {
 			$tabs[] = array(
 				'label' => t('Chatrooms'),
-				'url'   => $a->get_baseurl() . '/chat/' . $nickname,
+				'url'   => z_root() . '/chat/' . $nickname,
 				'sel'   => ((argv(0) == 'chat') ? 'active' : '' ),
 				'title' => t('Chatrooms'),
 				'id'    => 'chat-tab',
@@ -1683,7 +1692,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	if ($is_owner && $has_bookmarks) {
 		$tabs[] = array(
 			'label' => t('Bookmarks'),
-			'url'   => $a->get_baseurl() . '/bookmarks',
+			'url'   => z_root() . '/bookmarks',
 			'sel'   => ((argv(0) == 'bookmarks') ? 'active' : ''),
 			'title' => t('Saved Bookmarks'),
 			'id'    => 'bookmarks-tab',
@@ -1693,7 +1702,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){
 	if ($p['write_pages'] && feature_enabled($uid,'webpages')) {
 		$tabs[] = array(
 			'label' => t('Webpages'),
-			'url'   => $a->get_baseurl() . '/webpages/' . $nickname,
+			'url'   => z_root() . '/webpages/' . $nickname,
 			'sel'   => ((argv(0) == 'webpages') ? 'active' : ''),
 			'title' => t('Manage Webpages'),
 			'id'    => 'webpages-tab',

include/crypto.php

@@ -23,17 +23,9 @@ function rsa_verify($data,$sig,$key,$alg = 'sha256') {
 	$verify = @openssl_verify($data,$sig,$key,$alg);
 
 	if(! $verify) {
-		logger('openssl_verify: ' . openssl_error_string(),LOGGER_NORMAL,LOG_ERR);
-		logger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); 
-		// provide a backtrace so that we can debug key issues
-		if(version_compare(PHP_VERSION, '5.4.0') >= 0) {
-        	$stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
-			if($stack) {
-				foreach($stack as $s) {
-					logger('stack: ' . basename($s['file']) . ':' . $s['line'] . ':' . $s['function'] . '()',LOGGER_DEBUG,LOG_ERR);
-			    }
-			}
-		}
+		while($msg = openssl_error_string())
+			logger('openssl_verify: ' . $msg,LOGGER_NORMAL,LOG_ERR);
+		btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR); 
 	}
 
 	return $verify;
@@ -256,6 +248,7 @@ function pkcs1_encode($Modulus,$PublicExponent) {
 }
 
 
+// http://stackoverflow.com/questions/27568570/how-to-convert-raw-modulus-exponent-to-rsa-public-key-pem-format
 function metopem($m,$e) {
 	$der = pkcs8_encode($m,$e);
 	$key = DerToPem($der,false);
@@ -306,11 +299,33 @@ function metorsa($m,$e) {
 	return $key;
 }	
 
+
+
 function salmon_key($pubkey) {
 	pemtome($pubkey,$m,$e);
 	return 'RSA' . '.' . base64url_encode($m,true) . '.' . base64url_encode($e,true) ;
 }
 
+
+function convert_salmon_key($key) {
+
+	if(strstr($key,','))
+		$rawkey = substr($key,strpos($key,',')+1);
+	else
+		$rawkey = substr($key,5);
+
+	$key_info = explode('.',$rawkey);
+
+	$m = base64url_decode($key_info[1]);
+	$e = base64url_decode($key_info[2]);
+
+	logger('key details: ' . print_r($key_info,true), LOGGER_DATA);
+	$salmon_key = metopem($m,$e);
+	return $salmon_key;
+
+}
+
+
 function z_obscure($s) {
 	return json_encode(crypto_encapsulate($s,get_config('system','pubkey')));
 }
@@ -320,3 +335,4 @@ function z_unobscure($s) {
 		return $s;
 	return crypto_unencapsulate(json_decode($s,true),get_config('system','prvkey'));
 }
+

include/datetime.php

@@ -119,6 +119,8 @@ function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d
  * @return string
  */
 function dob($dob) {
+	$a = get_app();
+
 	list($year, $month, $day) = sscanf($dob, '%4d-%2d-%2d');
 	$f = get_config('system', 'birthday_input_format');
 	if (! $f)
@@ -129,7 +131,15 @@ function dob($dob) {
 	else
 		$value = (($year) ? datetime_convert('UTC','UTC',$dob,'Y-m-d') : datetime_convert('UTC','UTC',$dob,'m-d'));
 
-	$o = '<input type="text" name="dob" value="' . $value . '" placeholder="' . t('YYYY-MM-DD or MM-DD') . '" />';
+	$o = replace_macros(get_markup_template("field_input.tpl"), array('$field' => array(
+		'dob',
+		t('Birthday'),
+		$value,
+		((intval($value)) ? t('Age: ') . age($value,App::$user['timezone'],App::$user['timezone']) : ''),
+		'',
+		'placeholder="' . t('YYYY-MM-DD or MM-DD') .'"'
+	)));
+
 
 //	if ($dob && $dob != '0000-00-00')
 //		$o = datesel($f,mktime(0,0,0,0,0,1900),mktime(),mktime(0,0,0,$month,$day,$year),'dob');

include/dba/dba_driver.php

@@ -303,9 +303,9 @@ function q($sql) {
 		if($stmt === false) {
 			if(version_compare(PHP_VERSION, '5.4.0') >= 0)
 				logger('dba: vsprintf error: ' .
-					print_r(debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 1), true));
+					print_r(debug_backtrace(DEBUG_BACKTRACE_PROVIDE_OBJECT, 1), true),LOGGER_NORMAL,LOG_CRIT);
 			else
-				logger('dba: vsprintf error: ' . print_r(debug_backtrace(), true));
+				logger('dba: vsprintf error: ' . print_r(debug_backtrace(), true),LOGGER_NORMAL,LOG_CRIT);
 		}
 		return $db->q($stmt);
 	}
@@ -314,7 +314,7 @@ function q($sql) {
 	 * This will happen occasionally trying to store the 
 	 * session data after abnormal program termination 
 	 */
-	logger('dba: no database: ' . print_r($args,true));
+	logger('dba: no database: ' . print_r($args,true),LOGGER_NORMAL,LOG_CRIT);
 
 	return false;
 }
@@ -385,7 +385,7 @@ function db_getfunc($f) {
 	if(isset($lookup[$f]) && isset($lookup[$f][ACTIVE_DBTYPE]))
 		return $lookup[$f][ACTIVE_DBTYPE];
 
-	logger('Unable to abstract DB function "'. $f . '" for dbtype ' . ACTIVE_DBTYPE, LOGGER_DEBUG);
+	logger('Unable to abstract DB function "'. $f . '" for dbtype ' . ACTIVE_DBTYPE, LOGGER_DEBUG, LOG_ERR);
 	return $f;
 }
 

include/dba/dba_mysqli.php

@@ -32,7 +32,7 @@ class dba_mysqli extends dba_driver {
 
 
 		if($this->error) {
-			logger('dba_mysqli: ERROR: ' . printable($sql) . "\n" . $this->error);
+			logger('dba_mysqli: ERROR: ' . printable($sql) . "\n" . $this->error, LOGGER_NORMAL, LOG_ERR);
 			if(file_exists('dbfail.out')) {
 				file_put_contents('dbfail.out', datetime_convert() . "\n" . printable($sql) . "\n" . $this->error . "\n", FILE_APPEND);
 			}
@@ -40,13 +40,13 @@ class dba_mysqli extends dba_driver {
 
 		if(($result === true) || ($result === false)) {
 			if($this->debug) {
-				logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returns ' . (($result) ? 'true' : 'false'));
+				logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returns ' . (($result) ? 'true' : 'false'), LOGGER_NORMAL,(($result) ? LOG_INFO : LOG_ERR));
 			}
 			return $result;
 		}
 
 		if($this->debug) {
-			logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returned ' . $result->num_rows . ' results.'); 
+			logger('dba_mysqli: DEBUG: ' . printable($sql) . ' returned ' . $result->num_rows . ' results.', LOGGER_NORMAL, LOG_INFO); 
 		}
 
 		$r = array();
@@ -55,7 +55,7 @@ class dba_mysqli extends dba_driver {
 				$r[] = $x;
 			$result->free_result();
 			if($this->debug) {
-				logger('dba_mysqli: ' . printable(print_r($r,true)));
+				logger('dba_mysqli: ' . printable(print_r($r,true)), LOGGER_NORMAL, LOG_INFO);
 			}
 		}
 		return $r;

include/dir_fns.php

@@ -421,7 +421,7 @@ function local_dir_update($uid, $force) {
 		$arr = array('channel_id' => $uid, 'hash' => $hash, 'profile' => $profile);
 		call_hooks('local_dir_update', $arr);
 
-		$address = $p[0]['channel_address'] . '@' . get_app()->get_hostname();
+		$address = $p[0]['channel_address'] . '@' . App::get_hostname();
 
 		if (perm_is_allowed($uid, '', 'view_profile')) {
 			import_directory_profile($hash, $arr['profile'], $address, 0);
@@ -436,6 +436,6 @@ function local_dir_update($uid, $force) {
 		}
 	}
 
-	$ud_hash = random_string() . '@' . get_app()->get_hostname();
-	update_modtime($hash, $ud_hash, $p[0]['channel_address'] . '@' . get_app()->get_hostname(),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+	$ud_hash = random_string() . '@' . App::get_hostname();
+	update_modtime($hash, $ud_hash, $p[0]['channel_address'] . '@' . App::get_hostname(),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
 }

include/enotify.php

@@ -56,13 +56,13 @@ function notification($params) {
 
 	$banner     = t('$Projectname Notification');
 	$product    = t('$projectname'); // PLATFORM_NAME;
-	$siteurl    = $a->get_baseurl(true);
+	$siteurl    = z_root();
 	$thanks     = t('Thank You,');
 	$sitename   = get_config('system','sitename');
 	$site_admin = sprintf( t('%s Administrator'), $sitename);
 
 	$sender_name = $product;
-	$hostname = $a->get_hostname();
+	$hostname = App::get_hostname();
 	if(strpos($hostname,':'))
 		$hostname = substr($hostname,0,strpos($hostname,':'));
 
@@ -419,12 +419,12 @@ function notification($params) {
 		return;
 	}
 
-	$itemlink = $a->get_baseurl() . '/notify/view/' . $notify_id;
+	$itemlink = z_root() . '/notify/view/' . $notify_id;
 	$msg = str_replace('$itemlink',$itemlink,$epreamble);
 
 	// wretched hack, but we don't want to duplicate all the preamble variations and we also don't want to screw up a translation
 
-	if (($a->language === 'en' || (! $a->language)) && strpos($msg,', '))
+	if ((App::$language === 'en' || (! App::$language)) && strpos($msg,', '))
 		$msg = substr($msg,strpos($msg,', ')+1);	
 
 	$r = q("update notify set msg = '%s' where id = %d and uid = %d",
@@ -441,7 +441,7 @@ function notification($params) {
 		logger('notification: sending notification email');
 
 		$hn = get_pconfig($recip['channel_id'],'system','email_notify_host');
-		if($hn && (! stristr(get_app()->get_hostname(),$hn))) {
+		if($hn && (! stristr(App::get_hostname(),$hn))) {
 			// this isn't the email notification host
 			pop_lang();
 			return;
@@ -455,7 +455,7 @@ function notification($params) {
 		// use $_SESSION['zid_override'] to force zid() to use 
 		// the recipient address instead of the current observer
 
-		$_SESSION['zid_override'] = $recip['channel_address'] . '@' . get_app()->get_hostname();
+		$_SESSION['zid_override'] = $recip['channel_address'] . '@' . App::get_hostname();
 		$_SESSION['zrl_override'] = z_root() . '/channel/' . $recip['channel_address'];
 		
 		$textversion = zidify_links($textversion);

include/event.php

@@ -67,7 +67,7 @@ function ical_wrapper($ev) {
 	$o .= "BEGIN:VCALENDAR";
 	$o .= "\r\nVERSION:2.0";
 	$o .= "\r\nMETHOD:PUBLISH";
-	$o .= "\r\nPRODID:-//" . get_config('system','sitename') . "//" . Zotlabs\Project\System::get_platform_name() . "//" . strtoupper(get_app()->language). "\r\n";
+	$o .= "\r\nPRODID:-//" . get_config('system','sitename') . "//" . Zotlabs\Project\System::get_platform_name() . "//" . strtoupper(App::$language). "\r\n";
 	if(array_key_exists('start', $ev))
 		$o .= format_event_ical($ev);
 	else {
@@ -361,7 +361,7 @@ function event_store_event($arr) {
 		if(array_key_exists('external_id',$arr))
 			$hash = $arr['external_id'];
 		else
-			$hash = random_string() . '@' . get_app()->get_hostname();
+			$hash = random_string() . '@' . App::get_hostname();
 
 		$r = q("INSERT INTO event ( uid,aid,event_xchan,event_hash,created,edited,start,finish,summary,description,location,type,
 			adjust,nofinish, event_status, event_status_date, event_percent, event_repeat, event_sequence, event_priority, allow_cid,allow_gid,deny_cid,deny_gid)

include/features.php

@@ -56,7 +56,7 @@ function get_features($filtered = true) {
 			array('private_notes',       t('Private Notes'),          t('Enables a tool to store notes and reminders (note: not encrypted)'),false,get_config('feature_lock','private_notes')),
 			array('nav_channel_select',  t('Navigation Channel Select'), t('Change channels directly from within the navigation dropdown menu'),false,get_config('feature_lock','nav_channel_select')),
 			array('photo_location',       t('Photo Location'),          t('If location data is available on uploaded photos, link this to a map.'),false,get_config('feature_lock','photo_location')),
-
+			array('ajaxchat',       t('Access Controlled Chatrooms'),          t('Provide chatrooms and chat services with access control.'),true,get_config('feature_lock','ajaxchat')),
 			array('smart_birthdays',       t('Smart Birthdays'),          t('Make birthday events timezone aware in case your friends are scattered across the planet.'),true,get_config('feature_lock','smart_birthdays')),
 			array('expert',       t('Expert Mode'),                 t('Enable Expert Mode to provide advanced configuration options'),false,get_config('feature_lock','expert')),
 			array('premium_channel', t('Premium Channel'), t('Allows you to set restrictions and terms on those that connect with your channel'),false,get_config('feature_lock','premium_channel')),

include/follow.php

@@ -134,26 +134,29 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 		$their_perms = 0;
 		$xchan_hash = '';
 
-
 		$r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1",
 			dbesc($url),
 			dbesc($url)
 		);
 
-
 		if(! $r) {
 			// attempt network auto-discovery
-			if(strpos($url,'@') && (! $is_http)) {
-				$d = discover_by_webbie($url);
-			}
-			elseif($is_http) {
-				if(get_config('system','feed_contacts'))
+
+			$d = discover_by_webbie($url);
+
+			if((! $d) && ($is_http)) {
+
+				// try RSS discovery
+
+				if(get_config('system','feed_contacts')) {
 					$d = discover_by_url($url);
+				}
 				else {
 					$result['message'] = t('Protocol disabled.');
 					return $result;
 				}
 			}
+
 			if($d) {
 				$r = q("select * from xchan where xchan_hash = '%s' or xchan_url = '%s' limit 1",
 					dbesc($url),
@@ -161,6 +164,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 				);
 			}
 		}
+
+		// if discovery was a success we should have an xchan record in $r
+
 		if($r) {
 			$xchan = $r[0];
 			$xchan_hash = $r[0]['xchan_hash'];
@@ -175,7 +181,9 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 		return $result;
 	}
 
-	$x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => 1, 'singleton' => 0);
+	$allowed = (($is_red || $r[0]['xchan_network'] === 'rss') ? 1 : 0);
+
+	$x = array('channel_id' => $uid, 'follow_address' => $url, 'xchan' => $r[0], 'allowed' => $allowed, 'singleton' => 0);
 
 	call_hooks('follow_allow',$x);
 
@@ -185,28 +193,13 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 	}
 	$singleton = intval($x['singleton']);
 
-	if((local_channel()) && $uid == local_channel()) {
-		$aid = get_account_id();
-		$hash = get_observer_hash();
-		$ch = $a->get_channel();
-		$default_group = $ch['channel_default_group'];
-	}
-	else {
-		$r = q("select * from channel where channel_id = %d limit 1",
-			intval($uid)
-		);
-		if(! $r) {
-			$result['message'] = t('local account not found.');
-			return $result;
-		}
-		$aid = $r[0]['channel_account_id'];
-		$hash = $r[0]['channel_hash'];			
-		$default_group = $r[0]['channel_default_group'];
-	}
+	$aid = $channel['channel_account_id'];
+	$hash = get_observer_hash();
+	$default_group = $channel['channel_default_group'];
 
+	if($xchan['xchan_network'] === 'rss') {
 
-	if($is_http) {
-
+		// check service class feed limits
 
 		$r = q("select count(*) as total from abook where abook_account = %d and abook_feed = 1 ",
 			intval($aid)
@@ -230,7 +223,6 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 		intval($uid)
 	);
 
-
 	if($r) {
 		$abook_instance = $r[0]['abook_instance'];
 
@@ -280,7 +272,7 @@ function new_contact($uid,$url,$channel,$interactive = false, $confirm = false)
 		proc_run('php', 'include/notifier.php', 'permission_create', $result['abook']['abook_id']);
 	}
 
-	$arr = array('channel_id' => $uid, 'abook' => $result['abook']);
+	$arr = array('channel_id' => $uid, 'channel' => $channel, 'abook' => $result['abook']);
 
 	call_hooks('follow', $arr);
 

include/group.php

@@ -211,6 +211,22 @@ function group_get_members($gid) {
 	return $ret;
 }
 
+function group_get_members_xchan($gid) {
+	$ret = array();
+	if(intval($gid)) {
+		$r = q("SELECT xchan FROM group_member WHERE gid = %d AND uid = %d",
+			intval($gid),
+			intval(local_channel())
+		);
+		if(count($r)) {
+			foreach($r as $rr) {
+				$ret[] = $rr['xchan'];
+			}
+		}
+	}
+	return $ret;
+}
+
 function mini_group_select($uid,$group = '') {
 	
 	$grps = array();

include/hubloc.php

@@ -134,10 +134,17 @@ function hubloc_change_primary($hubloc) {
 	$r = q("select channel_id, channel_primary from channel where channel_hash = '%s' limit 1",
 		dbesc($hubloc['hubloc_hash'])
 	);
-	if(($r) && (! $r[0]['channel_primary'])) {
-		q("update channel set channel_primary = 1 where channel_id = %d",
-			intval($r[0]['channel_id'])
-		);
+	if($r) {
+		if(! $r[0]['channel_primary']) {
+			q("update channel set channel_primary = 1 where channel_id = %d",
+				intval($r[0]['channel_id'])
+			);
+		}
+		else {
+			q("update channel set channel_primary = 0 where channel_id = %d",
+				intval($r[0]['channel_id'])
+			);
+		}
 	}
 
 	// do we even have an xchan for this hubloc and if so is it already set as primary?

include/identity.php

@@ -174,7 +174,6 @@ function channel_total() {
  */
 function create_identity($arr) {
 
-	$a = get_app();
 	$ret = array('success' => false);
 
 	if(! $arr['account_id']) {
@@ -275,7 +274,7 @@ function create_identity($arr) {
 		intval($pageflags),
 		intval($system),
 		intval($expire),
-		dbesc($a->timezone)
+		dbesc(App::$timezone)
 	);
 
 	$r = q("select * from channel where channel_account_id = %d 
@@ -302,11 +301,11 @@ function create_identity($arr) {
 		dbesc($guid),
 		dbesc($sig),
 		dbesc($hash),
-		dbesc($ret['channel']['channel_address'] . '@' . get_app()->get_hostname()),
+		dbesc($ret['channel']['channel_address'] . '@' . App::get_hostname()),
 		intval($primary),
 		dbesc(z_root()),
 		dbesc(base64url_encode(rsa_sign(z_root(),$ret['channel']['channel_prvkey']))),
-		dbesc(get_app()->get_hostname()),
+		dbesc(App::get_hostname()),
 		dbesc(z_root() . '/post'),
 		dbesc(get_config('system','pubkey')),
 		dbesc('zot')
@@ -321,10 +320,10 @@ function create_identity($arr) {
 		dbesc($guid),
 		dbesc($sig),
 		dbesc($key['pubkey']),
-		dbesc($a->get_baseurl() . "/photo/profile/l/{$newuid}"),
-		dbesc($a->get_baseurl() . "/photo/profile/m/{$newuid}"),
-		dbesc($a->get_baseurl() . "/photo/profile/s/{$newuid}"),
-		dbesc($ret['channel']['channel_address'] . '@' . get_app()->get_hostname()),
+		dbesc(z_root() . "/photo/profile/l/{$newuid}"),
+		dbesc(z_root() . "/photo/profile/m/{$newuid}"),
+		dbesc(z_root() . "/photo/profile/s/{$newuid}"),
+		dbesc($ret['channel']['channel_address'] . '@' . App::get_hostname()),
 		dbesc(z_root() . '/channel/' . $ret['channel']['channel_address']),
 		dbesc(z_root() . '/follow?f=&url=%s'),
 		dbesc(z_root() . '/poco/' . $ret['channel']['channel_address']),
@@ -347,8 +346,8 @@ function create_identity($arr) {
 		1,
 		$publish,
 		dbesc($ret['channel']['channel_name']),
-		dbesc($a->get_baseurl() . "/photo/profile/l/{$newuid}"),
-		dbesc($a->get_baseurl() . "/photo/profile/m/{$newuid}")
+		dbesc(z_root() . "/photo/profile/l/{$newuid}"),
+		dbesc(z_root() . "/photo/profile/m/{$newuid}")
 	);
 
 	if($role_permissions) {
@@ -410,7 +409,15 @@ function create_identity($arr) {
 			set_pconfig($ret['channel']['channel_id'],'system','photo_path', '%Y-%m');
 			set_pconfig($ret['channel']['channel_id'],'system','attach_path','%Y-%m');
 		}
-
+		
+		// UNO: channel defaults, incl addons (addons specific pconfig will only work after the relevant addon is enabled by the admin). It's located here, so members can modify these defaults after the channel is created.
+		if(UNO) {
+			//diaspora protocol addon
+			set_pconfig($ret['channel']['channel_id'],'system','diaspora_allowed', '1');
+			set_pconfig($ret['channel']['channel_id'],'system','diaspora_public_comments', '1');
+			set_pconfig($ret['channel']['channel_id'],'system','prevent_tag_hijacking', '0');
+		}
+		
 		// auto-follow any of the hub's pre-configured channel choices.
 		// Only do this if it's the first channel for this account;
 		// otherwise it could get annoying. Don't make this list too big
@@ -543,7 +550,8 @@ function identity_basic_export($channel_id, $items = false) {
 	if($r)
 		$ret['config'] = $r;
 
-	$r = q("select type, data, os_storage from photo where scale = 4 and profile = 1 and uid = %d limit 1",
+	$r = q("select type, data, os_storage from photo where scale = 4 and photo_usage = %d and uid = %d limit 1",
+		intval(PHOTO_PROFILE),
 		intval($channel_id)
 	);
 
@@ -772,14 +780,14 @@ function profile_load(&$a, $nickname, $profile = '') {
 	);
 
 	if(! $user) {
-		logger('profile error: ' . $a->query_string, LOGGER_DEBUG);
+		logger('profile error: ' . App::$query_string, LOGGER_DEBUG);
 		notice( t('Requested channel is not available.') . EOL );
-		$a->error = 404;
+		App::$error = 404;
 		return;
 	}
 
 	// get the current observer
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 
 	$can_view_profile = true;
 
@@ -818,9 +826,9 @@ function profile_load(&$a, $nickname, $profile = '') {
 	}
 
 	if(! $p) {
-		logger('profile error: ' . $a->query_string, LOGGER_DEBUG);
+		logger('profile error: ' . App::$query_string, LOGGER_DEBUG);
 		notice( t('Requested profile is not available.') . EOL );
-		$a->error = 404;
+		App::$error = 404;
 		return;
 	}
 
@@ -866,9 +874,8 @@ function profile_load(&$a, $nickname, $profile = '') {
 	// fetch user tags if this isn't the default profile
 
 	if(! $p[0]['is_default']) {
-		/** @BUG $profile_uid is undefinded for this query, so should not work. */
 		$x = q("select `keywords` from `profile` where uid = %d and `is_default` = 1 limit 1",
-				intval($profile_uid)
+				intval($p[0]['profile_uid'])
 		);
 		if($x && $can_view_profile)
 			$p[0]['keywords'] = $x[0]['keywords'];
@@ -877,23 +884,23 @@ function profile_load(&$a, $nickname, $profile = '') {
 	if($p[0]['keywords']) {
 		$keywords = str_replace(array('#',',',' ',',,'),array('',' ',',',','),$p[0]['keywords']);
 		if(strlen($keywords) && $can_view_profile)
-			$a->page['htmlhead'] .= '<meta name="keywords" content="' . htmlentities($keywords,ENT_COMPAT,'UTF-8') . '" />' . "\r\n" ;
+			App::$page['htmlhead'] .= '<meta name="keywords" content="' . htmlentities($keywords,ENT_COMPAT,'UTF-8') . '" />' . "\r\n" ;
 	}
 
-	$a->profile = $p[0];
-	$a->profile_uid = $p[0]['profile_uid'];
-	$a->page['title'] = $a->profile['channel_name'] . " - " . $a->profile['channel_address'] . "@" . $a->get_hostname();
+	App::$profile = $p[0];
+	App::$profile_uid = $p[0]['profile_uid'];
+	App::$page['title'] = App::$profile['channel_name'] . " - " . App::$profile['channel_address'] . "@" . App::get_hostname();
 
-	$a->profile['permission_to_view'] = $can_view_profile;
+	App::$profile['permission_to_view'] = $can_view_profile;
 
 	if($can_view_profile) {
 		$online = get_online_status($nickname);
-		$a->profile['online_status'] = $online['result'];
+		App::$profile['online_status'] = $online['result'];
 	}
 
 	if(local_channel()) {
-		$a->profile['channel_mobile_theme'] = get_pconfig(local_channel(),'system', 'mobile_theme');
-		$_SESSION['mobile_theme'] = $a->profile['channel_mobile_theme'];
+		App::$profile['channel_mobile_theme'] = get_pconfig(local_channel(),'system', 'mobile_theme');
+		$_SESSION['mobile_theme'] = App::$profile['channel_mobile_theme'];
 	}
 
 	/*
@@ -906,7 +913,6 @@ function profile_load(&$a, $nickname, $profile = '') {
 
 function profile_edit_menu($uid) {
 
-	$a = get_app();
 	$ret = array();
 
 	$is_owner = (($uid == local_channel()) ? true : false);
@@ -921,11 +927,11 @@ function profile_edit_menu($uid) {
 		$multi_profiles = feature_enabled(local_channel(), 'multi_profiles');
 		if($multi_profiles) {
 			$ret['multi'] = 1;
-			$ret['edit'] = array($a->get_baseurl(). '/profiles', t('Edit Profiles'), '', t('Edit'));
+			$ret['edit'] = array(z_root(). '/profiles', t('Edit Profiles'), '', t('Edit'));
 			$ret['menu']['cr_new'] = t('Create New Profile');
 		}
 		else {
-			$ret['edit'] = array($a->get_baseurl() . '/profiles/' . $uid, t('Edit Profile'), '', t('Edit'));
+			$ret['edit'] = array(z_root() . '/profiles/' . $uid, t('Edit Profile'), '', t('Edit'));
 		}
 
 		$r = q("SELECT * FROM profile WHERE uid = %d",
@@ -968,9 +974,7 @@ function profile_edit_menu($uid) {
  */
 function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = false) {
 
-	$a = get_app();
-
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 
 	$o = '';
 	$location = false;
@@ -1002,7 +1006,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 		$connect_url = rconnect_url($profile['uid'],get_observer_hash());
 		$connect = (($connect_url) ? t('Connect') : '');
 		if($connect_url) 
-			$connect_url = sprintf($connect_url,urlencode($profile['channel_address'] . '@' . $a->get_hostname()));
+			$connect_url = sprintf($connect_url,urlencode($profile['channel_address'] . '@' . App::get_hostname()));
 
 		// premium channel - over-ride
 
@@ -1104,7 +1108,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
  */
 	function get_birthdays() {
 
-		$a = get_app();
 		$o = '';
 
 		if(! local_channel())
@@ -1151,12 +1154,12 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 					$url = $rr['url'];
 					if($rr['network'] === NETWORK_DFRN) {
 						$sparkle = " sparkle";
-						$url = $a->get_baseurl() . '/redir/'  . $rr['cid'];
+						$url = z_root() . '/redir/'  . $rr['cid'];
 					}
 	
 					$rr['link'] = $url;
 					$rr['title'] = $rr['name'];
-					$rr['date'] = day_translate(datetime_convert('UTC', $a->timezone, $rr['start'], $rr['adjust'] ? $bd_format : $bd_short)) . (($today) ?  ' ' . t('[today]') : '');
+					$rr['date'] = day_translate(datetime_convert('UTC', App::$timezone, $rr['start'], $rr['adjust'] ? $bd_format : $bd_short)) . (($today) ?  ' ' . t('[today]') : '');
 					$rr['startime'] = Null;
 					$rr['today'] = $today;
 				}
@@ -1164,7 +1167,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 		}
 		$tpl = get_markup_template("birthdays_reminder.tpl");
 		return replace_macros($tpl, array(
-			'$baseurl' => $a->get_baseurl(),
+			'$baseurl' => z_root(),
 			'$classtoday' => $classtoday,
 			'$count' => $total,
 			'$event_reminders' => t('Birthday Reminders'),
@@ -1183,8 +1186,6 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 
 		require_once('include/bbcode.php');
 
-		$a = get_app();
-
 		if(! local_channel())
 			return $o;
 
@@ -1206,15 +1207,15 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 				if(strlen($rr['name']))
 					$total ++;
 
-				$strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start'],'Y-m-d');
-				if($strt === datetime_convert('UTC',$a->timezone,'now','Y-m-d'))
+				$strt = datetime_convert('UTC',$rr['convert'] ? App::$timezone : 'UTC',$rr['start'],'Y-m-d');
+				if($strt === datetime_convert('UTC',App::$timezone,'now','Y-m-d'))
 					$istoday = true;
 			}
 			$classtoday = (($istoday) ? 'event-today' : '');
 
 			foreach($r as &$rr) {
 				if($rr['adjust'])
-					$md = datetime_convert('UTC',$a->timezone,$rr['start'],'Y/m');
+					$md = datetime_convert('UTC',App::$timezone,$rr['start'],'Y/m');
 				else
 					$md = datetime_convert('UTC','UTC',$rr['start'],'Y/m');
 				$md .= "/#link-".$rr['id'];
@@ -1223,12 +1224,12 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 				if(! $title)
 					$title = t('[No description]');
 
-				$strt = datetime_convert('UTC',$rr['convert'] ? $a->timezone : 'UTC',$rr['start']);
-				$today = ((substr($strt,0,10) === datetime_convert('UTC',$a->timezone,'now','Y-m-d')) ? true : false);
+				$strt = datetime_convert('UTC',$rr['convert'] ? App::$timezone : 'UTC',$rr['start']);
+				$today = ((substr($strt,0,10) === datetime_convert('UTC',App::$timezone,'now','Y-m-d')) ? true : false);
 				
 				$rr['link'] = $md;
 				$rr['title'] = $title;
-				$rr['date'] = day_translate(datetime_convert('UTC', $rr['adjust'] ? $a->timezone : 'UTC', $rr['start'], $bd_format)) . (($today) ?  ' ' . t('[today]') : '');
+				$rr['date'] = day_translate(datetime_convert('UTC', $rr['adjust'] ? App::$timezone : 'UTC', $rr['start'], $bd_format)) . (($today) ?  ' ' . t('[today]') : '');
 				$rr['startime'] = $strt;
 				$rr['today'] = $today;
 			}
@@ -1236,7 +1237,7 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 
 		$tpl = get_markup_template("events_reminder.tpl");
 		return replace_macros($tpl, array(
-			'$baseurl' => $a->get_baseurl(),
+			'$baseurl' => z_root(),
 			'$classtoday' => $classtoday,
 			'$count' => count($r),
 			'$event_reminders' => t('Event Reminders'),
@@ -1248,15 +1249,15 @@ function profile_sidebar($profile, $block = 0, $show_connect = true, $zcard = fa
 
 function advanced_profile(&$a) {
 	require_once('include/text.php');
-	if(! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_profile'))
+	if(! perm_is_allowed(App::$profile['profile_uid'],get_observer_hash(),'view_profile'))
 		return '';
 
-	if($a->profile['name']) {
+	if(App::$profile['name']) {
 
 		$profile_fields_basic    = get_profile_fields_basic();
 		$profile_fields_advanced = get_profile_fields_advanced();
 
-		$advanced = ((feature_enabled($a->profile['profile_uid'],'advanced_profiles')) ? true : false);
+		$advanced = ((feature_enabled(App::$profile['profile_uid'],'advanced_profiles')) ? true : false);
 		if($advanced)
 			$fields = $profile_fields_advanced;
 		else
@@ -1275,19 +1276,19 @@ function advanced_profile(&$a) {
 
 		$profile = array();
 
-		$profile['fullname'] = array( t('Full Name:'), $a->profile['name'] ) ;
+		$profile['fullname'] = array( t('Full Name:'), App::$profile['name'] ) ;
 
-		if($a->profile['gender']) $profile['gender'] = array( t('Gender:'),  $a->profile['gender'] );
+		if(App::$profile['gender']) $profile['gender'] = array( t('Gender:'),  App::$profile['gender'] );
 
 		$ob_hash = get_observer_hash();
-		if($ob_hash && perm_is_allowed($a->profile['profile_uid'],$ob_hash,'post_like')) {
+		if($ob_hash && perm_is_allowed(App::$profile['profile_uid'],$ob_hash,'post_like')) {
 			$profile['canlike'] = true;
 			$profile['likethis'] = t('Like this channel');
-			$profile['profile_guid'] = $a->profile['profile_guid'];
+			$profile['profile_guid'] = App::$profile['profile_guid'];
 		}
 
 		$likers = q("select liker, xchan.*  from likes left join xchan on liker = xchan_hash where channel_id = %d and target_type = '%s' and verb = '%s'",
-			intval($a->profile['profile_uid']),
+			intval(App::$profile['profile_uid']),
 			dbesc(ACTIVITY_OBJ_PROFILE),
 			dbesc(ACTIVITY_LIKE)
 		);
@@ -1299,87 +1300,87 @@ function advanced_profile(&$a) {
 				$profile['likers'][] = array('name' => $l['xchan_name'],'photo' => zid($l['xchan_photo_s']), 'url' => zid($l['xchan_url']));
 		}
 
-		if(($a->profile['dob']) && ($a->profile['dob'] != '0000-00-00')) {
+		if((App::$profile['dob']) && (App::$profile['dob'] != '0000-00-00')) {
 
 			$val = '';
 
-			if((substr($a->profile['dob'],5,2) === '00') || (substr($a->profile['dob'],8,2) === '00'))
-				$val = substr($a->profile['dob'],0,4);
+			if((substr(App::$profile['dob'],5,2) === '00') || (substr(App::$profile['dob'],8,2) === '00'))
+				$val = substr(App::$profile['dob'],0,4);
 		
 			$year_bd_format = t('j F, Y');
 			$short_bd_format = t('j F');
 
 			if(! $val) {
-				$val = ((intval($a->profile['dob'])) 
-					? day_translate(datetime_convert('UTC','UTC',$a->profile['dob'] . ' 00:00 +00:00',$year_bd_format))
-					: day_translate(datetime_convert('UTC','UTC','2001-' . substr($a->profile['dob'],5) . ' 00:00 +00:00',$short_bd_format)));
+				$val = ((intval(App::$profile['dob'])) 
+					? day_translate(datetime_convert('UTC','UTC',App::$profile['dob'] . ' 00:00 +00:00',$year_bd_format))
+					: day_translate(datetime_convert('UTC','UTC','2001-' . substr(App::$profile['dob'],5) . ' 00:00 +00:00',$short_bd_format)));
 			}
 			$profile['birthday'] = array( t('Birthday:'), $val);
 		}
 
-		if($age = age($a->profile['dob'],$a->profile['timezone'],''))
+		if($age = age(App::$profile['dob'],App::$profile['timezone'],''))
 			$profile['age'] = array( t('Age:'), $age );
 
-		if($a->profile['marital'])
-			$profile['marital'] = array( t('Status:'), $a->profile['marital']);
+		if(App::$profile['marital'])
+			$profile['marital'] = array( t('Status:'), App::$profile['marital']);
 
-		if($a->profile['with'])
-			$profile['marital']['with'] = bbcode($a->profile['with']);
+		if(App::$profile['with'])
+			$profile['marital']['with'] = bbcode(App::$profile['with']);
 
-		if(strlen($a->profile['howlong']) && $a->profile['howlong'] !== NULL_DATE) {
-			$profile['howlong'] = relative_date($a->profile['howlong'], t('for %1$d %2$s'));
+		if(strlen(App::$profile['howlong']) && App::$profile['howlong'] !== NULL_DATE) {
+			$profile['howlong'] = relative_date(App::$profile['howlong'], t('for %1$d %2$s'));
 		}
 
-		if($a->profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), $a->profile['sexual'] );
+		if(App::$profile['sexual']) $profile['sexual'] = array( t('Sexual Preference:'), App::$profile['sexual'] );
 
-		if($a->profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify($a->profile['homepage']) );
+		if(App::$profile['homepage']) $profile['homepage'] = array( t('Homepage:'), linkify(App::$profile['homepage']) );
 
-		if($a->profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify($a->profile['hometown']) );
+		if(App::$profile['hometown']) $profile['hometown'] = array( t('Hometown:'), linkify(App::$profile['hometown']) );
 
-		if($a->profile['keywords']) $profile['keywords'] = array( t('Tags:'), $a->profile['keywords']);
+		if(App::$profile['keywords']) $profile['keywords'] = array( t('Tags:'), App::$profile['keywords']);
 
-		if($a->profile['politic']) $profile['politic'] = array( t('Political Views:'), $a->profile['politic']);
+		if(App::$profile['politic']) $profile['politic'] = array( t('Political Views:'), App::$profile['politic']);
 
-		if($a->profile['religion']) $profile['religion'] = array( t('Religion:'), $a->profile['religion']);
+		if(App::$profile['religion']) $profile['religion'] = array( t('Religion:'), App::$profile['religion']);
 
-		if($txt = prepare_text($a->profile['about'])) $profile['about'] = array( t('About:'), $txt );
+		if($txt = prepare_text(App::$profile['about'])) $profile['about'] = array( t('About:'), $txt );
 
-		if($txt = prepare_text($a->profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt);
+		if($txt = prepare_text(App::$profile['interest'])) $profile['interest'] = array( t('Hobbies/Interests:'), $txt);
 
-		if($txt = prepare_text($a->profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt);
+		if($txt = prepare_text(App::$profile['likes'])) $profile['likes'] = array( t('Likes:'), $txt);
 
-		if($txt = prepare_text($a->profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt);
+		if($txt = prepare_text(App::$profile['dislikes'])) $profile['dislikes'] = array( t('Dislikes:'), $txt);
 
-		if($txt = prepare_text($a->profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt);
+		if($txt = prepare_text(App::$profile['contact'])) $profile['contact'] = array( t('Contact information and Social Networks:'), $txt);
 
-		if($txt = prepare_text($a->profile['channels'])) $profile['channels'] = array( t('My other channels:'), $txt);
+		if($txt = prepare_text(App::$profile['channels'])) $profile['channels'] = array( t('My other channels:'), $txt);
 
-		if($txt = prepare_text($a->profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt);
+		if($txt = prepare_text(App::$profile['music'])) $profile['music'] = array( t('Musical interests:'), $txt);
 		
-		if($txt = prepare_text($a->profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt);
+		if($txt = prepare_text(App::$profile['book'])) $profile['book'] = array( t('Books, literature:'), $txt);
 
-		if($txt = prepare_text($a->profile['tv'])) $profile['tv'] = array( t('Television:'), $txt);
+		if($txt = prepare_text(App::$profile['tv'])) $profile['tv'] = array( t('Television:'), $txt);
 
-		if($txt = prepare_text($a->profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt);
+		if($txt = prepare_text(App::$profile['film'])) $profile['film'] = array( t('Film/dance/culture/entertainment:'), $txt);
 
-		if($txt = prepare_text($a->profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt);
+		if($txt = prepare_text(App::$profile['romance'])) $profile['romance'] = array( t('Love/Romance:'), $txt);
 		
-		if($txt = prepare_text($a->profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt);
+		if($txt = prepare_text(App::$profile['work'])) $profile['work'] = array( t('Work/employment:'), $txt);
 
-		if($txt = prepare_text($a->profile['education'])) $profile['education'] = array( t('School/education:'), $txt );
+		if($txt = prepare_text(App::$profile['education'])) $profile['education'] = array( t('School/education:'), $txt );
 
-		if($a->profile['extra_fields']) {
-			foreach($a->profile['extra_fields'] as $f) {
+		if(App::$profile['extra_fields']) {
+			foreach(App::$profile['extra_fields'] as $f) {
 				$x = q("select * from profdef where field_name = '%s' limit 1",
 					dbesc($f)
 				);
-				if($x && $txt = prepare_text($a->profile[$f]))
+				if($x && $txt = prepare_text(App::$profile[$f]))
 					$profile[$f] = array( $x[0]['field_desc'] . ':',$txt);
 			}
-			$profile['extra_fields'] = $a->profile['extra_fields'];
+			$profile['extra_fields'] = App::$profile['extra_fields'];
 		}
 
-		$things = get_things($a->profile['profile_guid'],$a->profile['profile_uid']);
+		$things = get_things(App::$profile['profile_guid'],App::$profile['profile_uid']);
 
 //		logger('mod_profile: things: ' . print_r($things,true), LOGGER_DATA); 
 
@@ -1389,7 +1390,7 @@ function advanced_profile(&$a) {
 			'$likethis' => t('Like this thing'),
 			'$profile' => $profile,
 			'$fields' => $clean_fields,
-			'$editmenu' => profile_edit_menu($a->profile['profile_uid']),
+			'$editmenu' => profile_edit_menu(App::$profile['profile_uid']),
 			'$things' => $things
 		));
 	}
@@ -1432,7 +1433,7 @@ function zid_init(&$a) {
 	$tmp_str = get_my_address();
 	if(validate_email($tmp_str)) {
 		proc_run('php','include/gprobe.php',bin2hex($tmp_str));
-		$arr = array('zid' => $tmp_str, 'url' => $a->cmd);
+		$arr = array('zid' => $tmp_str, 'url' => App::$cmd);
 		call_hooks('zid_init',$arr);
 		if(! local_channel()) {
 			$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1",
@@ -1442,7 +1443,7 @@ function zid_init(&$a) {
 				return;
 			logger('zid_init: not authenticated. Invoking reverse magic-auth for ' . $tmp_str);
 			// try to avoid recursion - but send them home to do a proper magic auth
-			$query = $a->query_string;
+			$query = App::$query_string;
 			$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
 			$dest = '/' . urlencode($query);
 			if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
@@ -1623,7 +1624,7 @@ function identity_selector() {
 			intval(get_account_id())
 		);
 		if (count($r) > 1) {
-			//$account = get_app()->get_account();
+			//$account = App::get_account();
 			$o = replace_macros(get_markup_template('channel_id_select.tpl'), array(
 				'$channels' => $r,
 				'$selected' => local_channel()
@@ -1641,7 +1642,7 @@ function is_public_profile() {
 		return false;
 	if(intval(get_config('system','block_public')))
 		return false;
-	$channel = get_app()->get_channel();
+	$channel = App::get_channel();
 	if($channel && $channel['channel_r_profile'] == PERMS_PUBLIC)
 		return true;
 
@@ -1847,7 +1848,7 @@ function get_zcard($channel,$observer_hash = '',$args = array()) {
 //	$translate = intval(($scale / 1.0) * 100);
 
 
-	$channel['channel_addr'] = $channel['channel_address'] . '@' . get_app()->get_hostname();
+	$channel['channel_addr'] = $channel['channel_address'] . '@' . App::get_hostname();
 	$zcard = array('chan' => $channel);
 
 	$r = q("select height, width, resource_id, scale, type from photo where uid = %d and scale = %d and photo_usage = %d",

include/import.php

@@ -636,6 +636,7 @@ function sync_events($channel,$events) {
 
 function import_menus($channel,$menus) {
 
+
 	if($channel && $menus) {
 		foreach($menus as $menu) {
 			$m = array();
@@ -681,6 +682,8 @@ function import_menus($channel,$menus) {
 			}
 		}
 	}
+
+
 }
 
 
@@ -867,6 +870,257 @@ function import_mail($channel,$mails) {
 
 
 
+function sync_files($channel,$files) {
+
+	require_once('include/attach.php');
+
+	if($channel && $files) {
+		foreach($files as $f) {
+			if(! $f)
+				continue;
+
+			$fetch_url = $f['fetch_url'];
+			$oldbase = dirname($fetch_url);
+			$original_channel = $f['original_channel'];
+
+			if(! ($fetch_url && $original_channel))
+				continue;		
+
+			if($f['attach']) {
+				$attachment_stored = false;
+				foreach($f['attach'] as $att) {
+
+					if($att['deleted']) {
+						attach_delete($channel,$att['hash']);
+						continue;
+					}
+
+					$attach_exists = false;
+					$x = attach_by_hash($att['hash']);
+
+					if($x) {
+						$attach_exists = true;
+						$attach_id = $x[0]['id'];
+					}
+
+					$newfname = 'store/' . $channel['channel_address'] . '/' . get_attach_binname($att['data']);
+
+ 					unset($att['id']);
+					$att['aid'] = $channel['channel_account_id'];
+					$att['uid'] = $channel['channel_id'];
 
 
+					// check for duplicate folder names with the same parent. 
+					// If we have a duplicate that doesn't match this hash value
+					// change the name so that the contents won't be "covered over" 
+					// by the existing directory. Use the same logic we use for 
+					// duplicate files. 
+
+					if(strpos($att['filename'],'.') !== false) {
+						$basename = substr($att['filename'],0,strrpos($att['filename'],'.'));
+						$ext = substr($att['filename'],strrpos($att['filename'],'.'));
+					}
+					else {
+						$basename = $att['filename'];
+						$ext = '';
+					}
+
+					$r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' and hash != '%s' ",
+						dbesc($basename . $ext),
+						dbesc($basename . '(%)' . $ext),
+						dbesc($att['folder']),
+						dbesc($att['hash'])
+					);
+
+					if($r) {
+						$x = 1;
+
+						do {
+							$found = false;
+							foreach($r as $rr) {
+								if($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
+									$found = true;
+									break;
+								}
+							}
+							if($found)
+								$x++;
+						}			
+						while($found);
+						$att['filename'] = $basename . '(' . $x . ')' . $ext;
+					}
+					else
+						$att['filename'] = $basename . $ext;
+
+					// end duplicate detection
+
+// @fixme - update attachment structures if they are modified rather than created
+
+					$att['data'] = $newfname;
+
+					// Note: we use $att['hash'] below after it has been escaped to
+					// fetch the file contents. 
+					// If the hash ever contains any escapable chars this could cause
+					// problems. Currently it does not. 
+
+					dbesc_array($att);
+
+
+					if($attach_exists) {
+					    $str = '';
+    					foreach($att as $k => $v) {
+				        	if($str)
+            					$str .= ",";
+        					$str .= " `" . $k . "` = '" . $v . "' ";
+    					}
+					    $r = dbq("update `attach` set " . $str . " where id = " . intval($attach_id) );
+					}
+					else {
+						$r = dbq("INSERT INTO attach (`" 
+							. implode("`, `", array_keys($att)) 
+							. "`) VALUES ('" 
+							. implode("', '", array_values($att)) 
+							. "')" );
+					}
+
+
+					// is this a directory?
+
+					if($att['filetype'] === 'multipart/mixed' && $att['is_dir']) {
+						os_mkdir($newfname, STORAGE_DEFAULT_PERMISSIONS,true);
+						continue;
+					}
+					else {
+
+						// it's a file
+						// for the sync version of this algorithm (as opposed to 'offline import')
+						// we will fetch the actual file from the source server so it can be 
+						// streamed directly to disk and avoid consuming PHP memory if it's a huge
+						// audio/video file or something. 
+
+						$time = datetime_convert();
+
+						$parr = array('hash' => $channel['channel_hash'], 
+							'time' => $time, 
+							'resource' => $att['hash'],
+							'revision' => 0,
+							'signature' => base64url_encode(rsa_sign($channel['channel_hash'] . '.' . $time, $channel['channel_prvkey']))
+						);
+
+						$store_path = $newfname;
+
+						$fp = fopen($newfname,'w');
+						if(! $fp) {
+							logger('failed to open storage file.',LOGGER_NORMAL,LOG_ERR);
+							continue;
+						}
+						$redirects = 0;
+						$x = z_post_url($fetch_url,$parr,$redirects,array('filep' => $fp));
+						fclose($fp);
+
+						if($x['success']) {
+							$attachment_stored = true;
+						}
+						continue;
+					}
+				}
+			}
+			if(! $attachment_stored) {
+				// @TODO should we queue this and retry or delete everything or what? 
+				logger('attachment store failed',LOGGER_NORMAL,LOG_ERR);
+			}
+			if($f['photo']) {
+				foreach($f['photo'] as $p) {
+ 					unset($p['id']);
+					$p['aid'] = $channel['channel_account_id'];
+					$p['uid'] = $channel['channel_id'];
+
+					// if this is a profile photo, undo the profile photo bit
+					// for any other photo which previously held it.
+
+					if($p['photo_usage'] == PHOTO_PROFILE) {
+						$e = q("update photo set photo_usage = %d where photo_usage = %d
+							and resource_id != '%s' and uid = %d ",
+							intval(PHOTO_NORMAL),
+							intval(PHOTO_PROFILE),
+							dbesc($p['resource_id']),
+							intval($channel['channel_id'])
+						);
+					}
+
+					// same for cover photos
+
+					if($p['photo_usage'] == PHOTO_COVER) {
+						$e = q("update photo set photo_usage = %d where photo_usage = %d
+							and resource_id != '%s' and uid = %d ",
+							intval(PHOTO_NORMAL),
+							intval(PHOTO_COVER),
+							dbesc($p['resource_id']),
+							intval($channel['channel_id'])
+						);
+					}
+
+					if($p['scale'] === 0 && $p['os_storage'])
+						$p['data'] = $store_path;
+					else
+						$p['data'] = base64_decode($p['data']);
+
+
+					$exists = q("select * from photo where resource_id = '%s' and scale = %d and uid = %d limit 1",
+						dbesc($p['resource_id']),
+						intval($p['scale']),
+						intval($channel['channel_id'])
+					);
+
+					dbesc_array($p);
+
+					if($exists) {
+					    $str = '';
+    					foreach($p as $k => $v) {
+				        	if($str)
+            					$str .= ",";
+        					$str .= " `" . $k . "` = '" . $v . "' ";
+    					}
+					    $r = dbq("update `photo` set " . $str . " where id = " . intval($exists[0]['id']) );
+					}
+					else {
+						$r = dbq("INSERT INTO photo (`" 
+							. implode("`, `", array_keys($p)) 
+							. "`) VALUES ('" 
+							. implode("', '", array_values($p)) 
+							. "')" );
+					}
+				}
+			}
+			if($f['item']) {
+				sync_items($channel,$f['item']);
+				foreach($f['item'] as $i) {
+					if($i['message_id'] !== $i['message_parent'])
+						continue;
+					$r = q("select * from item where mid = '%s' and uid = %d limit 1",
+						dbesc($i['message_id']),
+						intval($channel['channel_id'])
+					);
+					if($r) {
+						$item = $r[0];
+						item_url_replace($channel,$item,$oldbase,z_root(),$original_channel);
+
+						dbesc_array($item);
+						$item_id = $item['id'];
+						unset($item['id']);
+					    $str = '';
+    					foreach($item as $k => $v) {
+				        	if($str)
+            					$str .= ",";
+        					$str .= " `" . $k . "` = '" . $v . "' ";
+    					}
+
+					    $r = dbq("update `item` set " . $str . " where id = " . $item_id );
+					}
+				}
+			}
+		}
+	}
+}
+
 

include/items.php

@@ -274,7 +274,7 @@ function can_comment_on_post($observer_xchan, $item) {
 		return true;
 	if(strstr($item['comment_policy'],'network:') && strstr($item['comment_policy'],'diaspora'))
 		return true;
-	if(strstr($item['comment_policy'],'site:') && strstr($item['comment_policy'],get_app()->get_hostname()))
+	if(strstr($item['comment_policy'],'site:') && strstr($item['comment_policy'],App::get_hostname()))
 		return true;
 
 	return false;
@@ -413,8 +413,8 @@ function post_activity_item($arr) {
 	if(! array_key_exists('item_thread_top',$arr) && (! $is_comment))
 		$arr['item_thread_top'] = 1;
 
-	$channel  = get_app()->get_channel();
-	$observer = get_app()->get_observer();
+	$channel  = App::get_channel();
+	$observer = App::get_observer();
 
 	$arr['aid'] = ((x($arr,'aid')) ? $arr['aid'] : $channel['channel_account_id']);
 	$arr['uid'] = ((x($arr,'uid')) ? $arr['uid'] : $channel['channel_id']);
@@ -602,7 +602,7 @@ function get_feed_for($channel, $observer_hash, $params) {
 		'order' => 'post',
 		'top'   => $params['top'],
 		'cat'   => $params['cat']
-		), $channel, $observer_hash, CLIENT_MODE_NORMAL, get_app()->module);
+		), $channel, $observer_hash, CLIENT_MODE_NORMAL, App::$module);
 	
 
 	$feed_template = get_markup_template('atom_feed.tpl');
@@ -1144,9 +1144,8 @@ function import_author_rss($x) {
 		$photos = import_xchan_photo($x['photo']['src'],$x['url']);
 
 		if($photos) {
-			/** @bug $arr is undefined in this SQL query */
 			$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'rss'",
-				dbesc(datetime_convert('UTC', 'UTC', $arr['photo_updated'])),
+				dbesc(datetime_convert()),
 				dbesc($photos[0]),
 				dbesc($photos[1]),
 				dbesc($photos[2]),
@@ -1189,9 +1188,8 @@ function import_author_unknown($x) {
 		$photos = import_xchan_photo($x['photo']['src'],$x['url']);
 
 		if($photos) {
-			/** @bug $arr is undefined in this SQL query */
 			$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_url = '%s' and xchan_network = 'unknown'",
-				dbesc(datetime_convert('UTC','UTC',$arr['photo_updated'])),
+				dbesc(datetime_convert()),
 				dbesc($photos[0]),
 				dbesc($photos[1]),
 				dbesc($photos[2]),
@@ -1364,7 +1362,7 @@ function map_scope($scope, $strip = false) {
 		case PERMS_AUTHED:
 			return 'authenticated';
 		case PERMS_SITE:
-			return 'site: ' . get_app()->get_hostname();
+			return 'site: ' . App::get_hostname();
 		case PERMS_PENDING:
 			return 'any connections';
 		case PERMS_CONTACTS:
@@ -2093,6 +2091,10 @@ function get_atom_elements($feed, $item, &$author) {
 			$res['obj_type'] = $child[NAMESPACE_ACTIVITY]['obj_type'][0]['data'];
 			$obj['type'] = $child[NAMESPACE_ACTIVITY]['obj_type'][0]['data'];
 		}
+		if($child[NAMESPACE_ACTIVITY]['object-type'][0]['data']) {
+			$res['obj_type'] = $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'];
+			$obj['type'] = $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'];
+		}
 		if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'id') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'])
 			$obj['id'] = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'];
 		if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'link') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['link'])
@@ -2126,6 +2128,10 @@ function get_atom_elements($feed, $item, &$author) {
 			$res['tgt_type'] = $child[NAMESPACE_ACTIVITY]['obj_type'][0]['data'];
 			$obj['type'] = $child[NAMESPACE_ACTIVITY]['obj_type'][0]['data'];
 		}
+		if($child[NAMESPACE_ACTIVITY]['object-type'][0]['data']) {
+			$res['tgt_type'] = $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'];
+			$obj['type'] = $child[NAMESPACE_ACTIVITY]['object-type'][0]['data'];
+		}
 		if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'id') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'])
 			$obj['id'] = $child[SIMPLEPIE_NAMESPACE_ATOM_10]['id'][0]['data'];
 		if(x($child[SIMPLEPIE_NAMESPACE_ATOM_10], 'link') && $child[SIMPLEPIE_NAMESPACE_ATOM_10]['link'])
@@ -2150,9 +2156,6 @@ function get_atom_elements($feed, $item, &$author) {
 		$res['target'] = $obj;
 	}
 
-	$res['public_policy'] = 'specific';
-	$res['comment_policy'] = 'none';
-
 	$arr = array('feed' => $feed, 'item' => $item, 'result' => $res);
 
 	call_hooks('parse_atom', $arr);
@@ -2164,26 +2167,27 @@ function get_atom_elements($feed, $item, &$author) {
 }
 
 function encode_rel_links($links) {
-	$o = '';
+	$o = array();
 	if(! ((is_array($links)) && (count($links))))
 		return $o;
 
 	foreach($links as $link) {
-		$o .= '<link ';
+		$l = array();
 		if($link['attribs']['']['rel'])
-			$o .= 'rel="' . $link['attribs']['']['rel'] . '" ';
+			$l['rel'] =  $link['attribs']['']['rel'];
 		if($link['attribs']['']['type'])
-			$o .= 'type="' . $link['attribs']['']['type'] . '" ';
+			$l['type'] =  $link['attribs']['']['type'];
 		if($link['attribs']['']['href'])
-			$o .= 'href="' . $link['attribs']['']['href'] . '" ';
+			$l['href'] = $link['attribs']['']['href'];
 		if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['width'])
-			$o .= 'media:width="' . $link['attribs'][NAMESPACE_MEDIA]['width'] . '" ';
+			$l['width'] = $link['attribs'][NAMESPACE_MEDIA]['width'];
 		if( (x($link['attribs'],NAMESPACE_MEDIA)) && $link['attribs'][NAMESPACE_MEDIA]['height'])
-			$o .= 'media:height="' . $link['attribs'][NAMESPACE_MEDIA]['height'] . '" ';
-		$o .= ' />' . "\n" ;
-	}
+			$l['height'] = $link['attribs'][NAMESPACE_MEDIA]['height'];
 
-	return xmlify($o);
+		if($l)
+			$o[] = $l;
+	}
+	return $o;
 }
 
 /**
@@ -2261,7 +2265,7 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 		$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
 
 		if(local_channel() && (! $arr['sig'])) {
-			$channel = get_app()->get_channel();
+			$channel = App::get_channel();
 			if($channel['channel_hash'] === $arr['author_xchan']) {
 				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
 				$arr['item_verified'] = 1;
@@ -2657,7 +2661,7 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
         $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
 
         if(local_channel() && (! $arr['sig'])) {
-            $channel = get_app()->get_channel();
+            $channel = App::get_channel();
             if($channel['channel_hash'] === $arr['author_xchan']) {
                 $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
                 $arr['item_verified'] = 1;
@@ -2883,7 +2887,7 @@ function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id,
 
 	logger('storing diaspora comment signature',LOGGER_DEBUG);
 
-	$diaspora_handle = $channel['channel_address'] . '@' . get_app()->get_hostname();
+	$diaspora_handle = $channel['channel_address'] . '@' . App::get_hostname();
 
 	$signed_text = $datarray['mid'] . ';' . $parent_item['mid'] . ';' . $signed_body . ';' . $diaspora_handle;
 
@@ -2962,7 +2966,7 @@ function send_status_notifications($post_id,$item) {
 	if($unfollowed)
 		return;
 
-	$link =  get_app()->get_baseurl() . '/display/' . $item['mid'];
+	$link =  z_root() . '/display/' . $item['mid'];
 
 	$y = q("select id from notify where link = '%s' and uid = %d limit 1",
 		dbesc($link),
@@ -3843,6 +3847,11 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) {
 				$author = array();
 				$datarray = get_atom_elements($feed,$item,$author);
 
+				if($contact['xchan_network'] === 'rss') {
+					$datarray['public_policy'] = 'specific';
+					$datarray['comment_policy'] = 'none';
+				}
+
 				if((! x($author,'author_name')) || ($author['author_is_feed']))
 					$author['author_name'] = $contact['xchan_name'];
 				if((! x($author,'author_link')) || ($author['author_is_feed']))
@@ -3884,6 +3893,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) {
 				}
 
 				$datarray['parent_mid'] = $parent_mid;
+				$datarray['aid'] = $importer['channel_account_id'];
 				$datarray['uid'] = $importer['channel_id'];
 
 				logger('consume_feed: ' . print_r($datarray,true),LOGGER_DATA);
@@ -3900,6 +3910,12 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) {
 				$author = array();
 				$datarray = get_atom_elements($feed,$item,$author);
 
+				if($contact['xchan_network'] === 'rss') {
+					$datarray['public_policy'] = 'specific';
+					$datarray['comment_policy'] = 'none';
+				}
+
+
 				if(is_array($contact)) {
 					if((! x($author,'author_name')) || ($author['author_is_feed']))
 						$author['author_name'] = $contact['xchan_name'];
@@ -3916,6 +3932,16 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) {
 
 				$datarray['author_xchan'] = '';
 
+				if(activity_match($datarray['verb'],ACTIVITY_FOLLOW) && $datarray['obj_type'] === ACTIVITY_OBJ_PERSON) {
+					$cb = array('item' => $datarray,'channel' => $importer, 'xchan' => null, 'author' => $author, 'caught' => false);
+					call_hooks('follow_from_feed',$cb);
+					if($cb['caught']) {
+						if($cb['return_code'])
+							http_status_exit($cb['return_code']);
+						continue;
+					}
+				}
+
 				if($author['author_link'] != $contact['xchan_url']) {
 					$x = import_author_unknown(array('name' => $author['author_name'],'url' => $author['author_link'],'photo' => array('src' => $author['author_photo'])));
 					if($x)
@@ -3960,6 +3986,7 @@ function consume_feed($xml, $importer, &$contact, $pass = 0) {
 
 				$datarray['parent_mid'] = $item_id;
 				$datarray['uid'] = $importer['channel_id'];
+				$datarray['aid'] = $importer['channel_account_id'];
 
 				if(! link_compare($author['owner_link'],$contact['xchan_url'])) {
 					logger('consume_feed: Correcting item owner.', LOGGER_DEBUG);
@@ -4035,12 +4062,17 @@ function process_salmon_feed($xml, $importer) {
 			}
 
 			if($is_reply)
-				$ret['is_reply'] = true;
+				$ret['parent_mid'] = $parent_mid;
 
 			$ret['author'] = array();
 
 			$datarray = get_atom_elements($feed,$item,$ret['author']);
 
+			// reset policies which are restricted by default for RSS connections
+			// This item is likely coming from GNU-social via salmon and allows public interaction 
+			$datarray['public_policy'] = '';
+			$datarray['comment_policy'] = '';
+
 			$ret['item'] = $datarray;			
 		}
 	}
@@ -4048,6 +4080,73 @@ function process_salmon_feed($xml, $importer) {
 	return $ret;
 }
 
+/*
+ * Given an xml (atom) feed, find author and hub links
+ */
+
+
+function feed_meta($xml) {
+	require_once('library/simplepie/simplepie.inc');
+
+	$ret = array();
+
+    if(! strlen($xml)) {
+        logger('empty input');
+        return $ret;
+    }
+
+    $feed = new SimplePie();
+    $feed->set_raw_data($xml);
+    $feed->init();
+
+    if($feed->error()) {
+        logger('Error parsing XML: ' . $feed->error());
+		return $ret;
+	}
+
+    $ret['hubs'] = $feed->get_links('hub');
+
+//     logger('consume_feed: hubs: ' . print_r($hubs,true), LOGGER_DATA);
+	
+	$author = array();
+
+    $found_author = $feed->get_author();
+    if($found_author) {
+        $author['author_name'] = unxmlify($found_author->get_name());
+        $author['author_link'] = unxmlify($found_author->get_link());
+
+    	$rawauthor = $feed->get_feed_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
+		logger('rawauthor: ' . print_r($rawauthor,true));
+
+	    if($rawauthor) {
+			if($rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link']) {
+	    	    $base = $rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'];
+    	    	foreach($base as $link) {
+        	    	if(!x($author, 'author_photo') || ! $author['author_photo']) {
+            	    	if($link['attribs']['']['rel'] === 'photo' || $link['attribs']['']['rel'] === 'avatar') {
+                	    	$author['author_photo'] = unxmlify($link['attribs']['']['href']);
+							break;
+						}
+    	        	}
+        		}
+			}
+			if($rawauthor[0]['child'][NAMESPACE_POCO]['displayName'][0]['data'])
+				$author['full_name'] = unxmlify($rawauthor[0]['child'][NAMESPACE_POCO]['displayName'][0]['data']);
+			if($rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data'])
+				$author['author_uri'] = unxmlify($rawauthor[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']);
+			
+		}
+    }
+
+    if(substr($author['author_link'],-1,1) == '/')
+        $author['author_link'] = substr($author['author_link'],0,-1);
+
+	$ret['author'] = $author; 
+
+	return $ret;
+}
+
+
 
 function update_feed_item($uid,$datarray) {
 	logger('update_feed_item: not implemented! ' . $uid . ' ' . print_r($datarray,true), LOGGER_DATA);
@@ -4072,8 +4171,8 @@ function handle_feed($uid,$abook_id,$url) {
 //logger('handle_feed:' . print_r($z,true));
 
 	if($z['success']) {
-		consume_feed($z['body'],$channel,$x[0],0);
 		consume_feed($z['body'],$channel,$x[0],1);
+		consume_feed($z['body'],$channel,$x[0],2);
 	}
 }
 
@@ -4129,7 +4228,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
 
 	if(($item['parent'] != $item['id']) || ($item['parent_mid'] !== $item['mid']) || (($item['thr_parent'] !== '') && ($item['thr_parent'] !== $item['mid']))) {
 		$parent_item = (($item['thr_parent']) ? $item['thr_parent'] : $item['parent_mid']);
-		$o .= '<thr:in-reply-to ref="' . xmlify($parent_item) . '" type="text/html" href="' .  xmlify($item['plink']) . '" />' . "\r\n";
+		$o .= '<thr:in-reply-to ref="' . z_root() . '/display/' . xmlify($parent_item) . '" type="text/html" href="' .  xmlify($item['plink']) . '" />' . "\r\n";
 	}
 
 	if(activity_match($item['obj_type'],ACTIVITY_OBJ_EVENT) && activity_match($item['verb'],ACTIVITY_POST)) {
@@ -4147,7 +4246,7 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
 		$o .= '<content type="' . $type . '" >' . xmlify(prepare_text($body,$item['mimetype'])) . '</content>' . "\r\n";
 	}
 
-	$o .= '<id>' . xmlify($item['mid']) . '</id>' . "\r\n";
+	$o .= '<id>' . z_root() . '/display/' . xmlify($item['mid']) . '</id>' . "\r\n";
 	$o .= '<published>' . xmlify(datetime_convert('UTC','UTC',$item['created'] . '+00:00',ATOM_TIME)) . '</published>' . "\r\n";
 	$o .= '<updated>' . xmlify(datetime_convert('UTC','UTC',$item['edited'] . '+00:00',ATOM_TIME)) . '</updated>' . "\r\n";
 
@@ -4199,10 +4298,9 @@ function atom_entry($item,$type,$author,$owner,$comment = false,$cid = 0) {
 }
 
 function fix_private_photos($s, $uid, $item = null, $cid = 0) {
-	$a = get_app();
 
 	logger('fix_private_photos', LOGGER_DEBUG);
-	$site = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://'));
+	$site = substr(z_root(),strpos(z_root(),'://'));
 
 	$orig_body = $s;
 	$new_body = '';
@@ -4482,8 +4580,6 @@ function drop_items($items) {
 
 function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL,$force = false) {
 
-	$a = get_app();
-
 	// locate item to be deleted
 
 	$r = q("SELECT * FROM item WHERE id = %d LIMIT 1",
@@ -4494,7 +4590,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL,$force = fal
 		if(! $interactive)
 			return 0;
 		notice( t('Item not found.') . EOL);
-		goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+		goaway(z_root() . '/' . $_SESSION['return_url']);
 	}
 
 	$item = $r[0];
@@ -4517,7 +4613,7 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL,$force = fal
 		$ok_to_delete = true;
 
 	// author deletion
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 	if($observer && $observer['xchan_hash'] && ($observer['xchan_hash'] === $item['author_xchan']))
 		$ok_to_delete = true;
 
@@ -4567,13 +4663,13 @@ function drop_item($id,$interactive = true,$stage = DROPITEM_NORMAL,$force = fal
 		if((intval($item['item_wall']) && ($stage != DROPITEM_PHASE2)) || ($stage == DROPITEM_PHASE1))
 			proc_run('php','include/notifier.php','drop',$notify_id);
 
-		goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+		goaway(z_root() . '/' . $_SESSION['return_url']);
 	}
 	else {
 		if(! $interactive)
 			return 0;
 		notice( t('Permission denied.') . EOL);
-		goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
+		goaway(z_root() . '/' . $_SESSION['return_url']);
 	}
 }
 
@@ -4982,8 +5078,6 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 
 	$result = array('success' => false);
 
-	$a = get_app();
-
 	$sql_extra = '';
 	$sql_nets = '';
 	$sql_options = '';
@@ -5106,8 +5200,8 @@ function items_fetch($arr,$channel = null,$observer_hash = null,$client_mode = C
 		$pager_sql = '';
 	} else {
 		$itemspage = (($channel) ? get_pconfig($uid,'system','itemspage') : 20);
-		$a->set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(get_app()->pager['itemspage']), intval(get_app()->pager['start']));
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
 	}
 
 	if (isset($arr['start']) && isset($arr['records']))
@@ -5377,7 +5471,7 @@ function set_linkified_perms($linkified, &$str_contact_allow, &$str_group_allow,
  * @return boolean
  */
 function comment_local_origin($item) {
-	if(stripos($item['mid'], get_app()->get_hostname()) && ($item['parent'] != $item['id']))
+	if(stripos($item['mid'], App::get_hostname()) && ($item['parent'] != $item['id']))
 		return true;
 
 	return false;

include/language.php

@@ -83,38 +83,38 @@ function get_best_language() {
 		return $arr['preferred'];
 
 	$a = get_app();
-	return ((isset($a->config['system']['language'])) ? $a->config['system']['language'] : 'en');
+	return ((isset(App::$config['system']['language'])) ? App::$config['system']['language'] : 'en');
 }
 
 
 function push_lang($language) {
 	global $a;
 
-	$a->langsave = $a->language;
+	App::$langsave = App::$language;
 
-	if($language === $a->language)
+	if($language === App::$language)
 		return;
 
-	if(isset($a->strings) && count($a->strings)) {
-		$a->stringsave = $a->strings;
+	if(isset(App::$strings) && count(App::$strings)) {
+		App::$stringsave = App::$strings;
 	}
-	$a->strings = array();
+	App::$strings = array();
 	load_translation_table($language);
-	$a->language = $language;
+	App::$language = $language;
 }
 
 function pop_lang() {
 	global $a;
 
-	if($a->language === $a->langsave)
+	if(App::$language === App::$langsave)
 		return;
 
-	if(isset($a->stringsave))
-		$a->strings = $a->stringsave;
+	if(isset(App::$stringsave) && is_array(App::$stringsave))
+		App::$strings = App::$stringsave;
 	else
-		$a->strings = array();
+		App::$strings = array();
 
-	$a->language = $a->langsave;
+	App::$language = App::$langsave;
 }
 
 /**
@@ -126,7 +126,7 @@ function pop_lang() {
 function load_translation_table($lang, $install = false) {
 	global $a;
 
-	$a->strings = array();
+	App::$strings = array();
 
 	if(file_exists("view/$lang/hstrings.php")) {
 		include("view/$lang/hstrings.php");
@@ -173,8 +173,8 @@ function t($s, $ctx = '') {
 	global $a;
 
 	$cs = $ctx ? '__ctx:' . $ctx . '__ ' . $s : $s;
-	if (x($a->strings, $cs)) {
-		$t = $a->strings[$cs];
+	if (x(App::$strings, $cs)) {
+		$t = App::$strings[$cs];
 
 		return ((is_array($t)) ? translate_projectname($t[0]) : translate_projectname($t));
 	}
@@ -208,9 +208,9 @@ function tt($singular, $plural, $count, $ctx = ''){
 	$a = get_app();
 
 	$cs = $ctx ? "__ctx:" . $ctx . "__ " . $singular : $singular;
-	if (x($a->strings,$cs)) {
-		$t = $a->strings[$cs];
-		$f = 'string_plural_select_' . str_replace('-', '_', $a->language);
+	if (x(App::$strings,$cs)) {
+		$t = App::$strings[$cs];
+		$f = 'string_plural_select_' . str_replace('-', '_', App::$language);
 		if (! function_exists($f))
 			$f = 'string_plural_select_default';
 

include/menu.php

@@ -35,11 +35,11 @@ function menu_element($menu) {
 	$arr['edited'] = $menu['menu']['menu_edited'];
 
 	$arr['baseurl'] = z_root();
-	if($menu['menu_flags']) {
+	if($menu['menu']['menu_flags']) {
 		$arr['flags'] = array();
-		if($menu['menu_flags'] & MENU_BOOKMARK)
+		if($menu['menu']['menu_flags'] & MENU_BOOKMARK)
 			$arr['flags'][] = 'bookmark';
-		if($menu['menu_flags'] & MENU_SYSTEM)
+		if($menu['menu']['menu_flags'] & MENU_SYSTEM)
 			$arr['flags'][] = 'system';
 	}
 	if($menu['items']) {
@@ -72,7 +72,7 @@ function menu_render($menu, $class='', $edit = false, $var = array()) {
 	if(! $menu)
 		return '';
 
-	$channel_id = ((is_array(get_app()->profile)) ? get_app()->profile['profile_uid'] : 0);
+	$channel_id = ((is_array(App::$profile)) ? App::$profile['profile_uid'] : 0);
 	if ((! $channel_id) && (local_channel()))
 		$channel_id = local_channel();
 
@@ -296,7 +296,7 @@ function menu_add_item($menu_id, $uid, $arr) {
 	$mitem_flags = intval($arr['mitem_flags']);
 
 	if(local_channel() == $uid) {
-		$channel = get_app()->get_channel();	
+		$channel = App::get_channel();	
 	}
 
 	$acl = new Zotlabs\Access\AccessList($channel);
@@ -337,7 +337,7 @@ function menu_edit_item($menu_id, $uid, $arr) {
 
 
 	if(local_channel() == $uid) {
-		$channel = get_app()->get_channel();	
+		$channel = App::get_channel();	
 	}
 
 	$acl = new Zotlabs\Access\AccessList($channel);

include/message.php

@@ -38,7 +38,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 			$channel = $r[0];
 	}
 	else {
-		$channel = get_app()->get_channel();
+		$channel = App::get_channel();
 	}
 
 	if(! $channel) {
@@ -75,7 +75,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 		if($recip)
 			$recip_handle = $recip[0]['xchan_addr'];
 
-		$sender_handle = $channel['channel_address'] . '@' . get_app()->get_hostname();
+		$sender_handle = $channel['channel_address'] . '@' . App::get_hostname();
 
 		$handles = $recip_handle . ';' . $sender_handle;
 
@@ -124,7 +124,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 		$dups = false;
 		$hash = random_string();
 
-		$mid = $hash . '@' . get_app()->get_hostname();
+		$mid = $hash . '@' . App::get_hostname();
 
 		$r = q("SELECT id FROM mail WHERE mid = '%s' LIMIT 1",
 			dbesc($mid));
@@ -169,7 +169,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 			$r = attach_by_hash_nodata($hash,$rev);
 			if($r['success']) {
 				$attachments[] = array(
-					'href'     => $a->get_baseurl() . '/attach/' . $r['data']['hash'],
+					'href'     => z_root() . '/attach/' . $r['data']['hash'],
 					'length'   =>  $r['data']['filesize'],
 					'type'     => $r['data']['filetype'],
 					'title'    => urlencode($r['data']['filename']),
@@ -225,7 +225,7 @@ function send_message($uid = 0, $recipient='', $body='', $subject='', $replyto='
 
 	if(count($images)) {
 		foreach($images as $image) {
-			if(! stristr($image,$a->get_baseurl() . '/photo/'))
+			if(! stristr($image,z_root() . '/photo/'))
 				continue;
 			$image_uri = substr($image,strrpos($image,'/') + 1);
 			$image_uri = substr($image_uri,0, strpos($image_uri,'-'));

include/nav.php

@@ -8,11 +8,11 @@ function nav(&$a) {
 	 *
 	 */
 
-	if(!(x($a->page,'nav')))
-		$a->page['nav'] = '';
+	if(!(x(App::$page,'nav')))
+		App::$page['nav'] = '';
 
 	$base = z_root();
-    $a->page['htmlhead'] .= <<< EOT
+    App::$page['htmlhead'] .= <<< EOT
 
 <script>$(document).ready(function() {
 	$("#nav-search-text").search_autocomplete('$base/acl');
@@ -24,8 +24,8 @@ EOT;
 
 
 	if(local_channel()) {
-		$channel = $a->get_channel();
-		$observer = $a->get_observer();
+		$channel = App::get_channel();
+		$observer = App::get_observer();
 		$prof = q("select id from profile where uid = %d and is_default = 1",
 			intval($channel['channel_id'])
 		);
@@ -35,12 +35,12 @@ EOT;
 		);
 	}
 	elseif(remote_channel())
-		$observer = $a->get_observer();
+		$observer = App::get_observer();
 	
 
 	$myident = (($channel) ? $channel['xchan_addr'] : '');
 		
-	$sitelocation = (($myident) ? $myident : $a->get_hostname());
+	$sitelocation = (($myident) ? $myident : App::get_hostname());
 
 
 
@@ -55,8 +55,8 @@ EOT;
 	if($banner === false) 
 		$banner = get_config('system','sitename');
 
-	$a->page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array(
-        '$baseurl' => $a->get_baseurl(),
+	App::$page['header'] .= replace_macros(get_markup_template('hdr.tpl'), array(
+        '$baseurl' => z_root(),
 		'$sitelocation' => $sitelocation,
 		'$banner' =>  $banner
 	));
@@ -92,10 +92,8 @@ EOT;
 		$nav['usermenu'][] = Array('photos/' . $channel['channel_address'], t('Photos'), "", t('Your photos'),'photos_nav_btn');
 		$nav['usermenu'][] = Array('cloud/' . $channel['channel_address'],t('Files'),"",t('Your files'),'cloud_nav_btn');
 
-		require_once('include/chat.php');
-		$has_chats = chatroom_list_count(local_channel());
-		if(! UNO)
-			$nav['usermenu'][] = Array('chat/' . $channel['channel_address'] . (($has_chats) ? '' : '/new'), t('Chat'),"",t('Your chatrooms'),'chat_nav_btn');
+		if((! UNO) && feature_enabled(local_channel(),'ajaxchat'))
+			$nav['usermenu'][] = Array('chat/' . $channel['channel_address'], t('Chat'),"",t('Your chatrooms'),'chat_nav_btn');
 
 
 		require_once('include/menu.php');
@@ -138,22 +136,24 @@ EOT;
 
 	$homelink = get_my_url();
 	if(! $homelink) {
-		$observer = $a->get_observer();
+		$observer = App::get_observer();
 		$homelink = (($observer) ? $observer['xchan_url'] : '');
 	}
 
-	if(($a->module != 'home') && (! (local_channel()))) 
+	if((App::$module != 'home') && (! (local_channel()))) 
 		$nav['home'] = array($homelink, t('Home'), "", t('Home Page'),'home_nav_btn');
 
 
-	if(($a->config['system']['register_policy'] == REGISTER_OPEN) && (! local_channel()) && (! remote_channel()))
+	if((App::$config['system']['register_policy'] == REGISTER_OPEN) && (! local_channel()) && (! remote_channel()))
 		$nav['register'] = array('register',t('Register'), "", t('Create an account'),'register_nav_btn');
 
-	$help_url = z_root() . '/help?f=&cmd=' . $a->cmd;
-
-	if(! get_config('system','hide_help'))
-		$nav['help'] = array($help_url, t('Help'), "", t('Help and documentation'),'help_nav_btn');
+	$help_url = z_root() . '/help?f=&cmd=' . App::$cmd;
 
+	if(! get_config('system','hide_help')) {
+		require_once('mod/help.php');
+		$context_help = load_context_help();
+		$nav['help'] = array($help_url, t('Help'), "", t('Help and documentation'),'help_nav_btn',$context_help);
+	}
 
 	if(! UNO)
 		$nav['apps'] = array('apps', t('Apps'), "", t('Applications, utilities, links, games'),'apps_nav_btn');
@@ -232,25 +232,25 @@ EOT;
 // turned off until somebody discovers this and figures out a good location for it. 
 $powered_by = '';
 
-//	$powered_by = '<strong>red<img class="smiley" src="' . $a->get_baseurl() . '/images/rm-16.png" alt="r#" />matrix</strong>';
+//	$powered_by = '<strong>red<img class="smiley" src="' . z_root() . '/images/rm-16.png" alt="r#" />matrix</strong>';
 
 	$tpl = get_markup_template('nav.tpl');
 
-	$a->page['nav'] .= replace_macros($tpl, array(
-        '$baseurl' => $a->get_baseurl(),
+	App::$page['nav'] .= replace_macros($tpl, array(
+        '$baseurl' => z_root(),
 		'$sitelocation' => $sitelocation,
 		'$nav' => $x['nav'],
 		'$banner' =>  $banner,
 		'$emptynotifications' => t('Loading...'),
 		'$userinfo' => $x['usermenu'],
 		'$localuser' => local_channel(),
-		'$sel' => 	$a->nav_sel,
+		'$sel' => 	App::$nav_sel,
 		'$powered_by' => $powered_by,
 		'$help' => t('@name, #tag, ?doc, content'),
 		'$pleasewait' => t('Please wait...')
 	));
 
-	call_hooks('page_header', $a->page['nav']);
+	call_hooks('page_header', App::$page['nav']);
 }
 
 /*
@@ -258,8 +258,7 @@ $powered_by = '';
  * 
  */
 function nav_set_selected($item){
-	$a = get_app();
-    $a->nav_sel = array(
+    App::$nav_sel = array(
 		'community' 	=> null,
 		'network' 		=> null,
 		'home'			=> null,
@@ -273,5 +272,5 @@ function nav_set_selected($item){
 		'manage'        => null,
 		'register'      => null,
 	);
-	$a->nav_sel[$item] = 'active';
+	App::$nav_sel[$item] = 'active';
 }

include/network.php

@@ -27,11 +27,12 @@ function get_capath() {
  *  * \b http_auth => username:password
  *  * \b novalidate => do not validate SSL certs, default is to validate using our CA list
  *  * \b nobody => only return the header
+ *  * \b filep => stream resource to write body to. header and body are not returned when using this option.
  *
  * @return array an assoziative array with:
  *  * \e int \b return_code => HTTP return code or 0 if timeout or failure
  *  * \e boolean \b success => boolean true (if HTTP 2xx result) or false
- *  * \e string \b header => HTTP headers
+ *  * \e string \b header => HTTP headers 
  *  * \e string \b body => fetched content
  */
 function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
@@ -53,6 +54,11 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
 	if($ciphers)
 		@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
 
+	if(x($opts,'filep')) {
+		@curl_setopt($ch, CURLOPT_FILE, $opts['filep']);
+		@curl_setopt($ch, CURLOPT_HEADER, $false);
+	}
+
 	if(x($opts,'headers'))
 		@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
 
@@ -158,6 +164,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
  *    'timeout' => int seconds, default system config value or 60 seconds
  *    'http_auth' => username:password
  *    'novalidate' => do not validate SSL certs, default is to validate using our CA list
+ *    'filep' => stream resource to write body to. header and body are not returned when using this option.
  * @return array an assoziative array with:
  *  * \e int \b return_code => HTTP return code or 0 if timeout or failure
  *  * \e boolean \b success => boolean true (if HTTP 2xx result) or false
@@ -185,9 +192,16 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
 	if($ciphers)
 		@curl_setopt($ch, CURLOPT_SSL_CIPHER_LIST, $ciphers);
 
-	if(x($opts,'headers'))
-		@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
+	if(x($opts,'filep')) {
+		@curl_setopt($ch, CURLOPT_FILE, $opts['filep']);
+		@curl_setopt($ch, CURLOPT_HEADER, $false);
+	}
 
+	if(x($opts,'headers')) {
+		@curl_setopt($ch, CURLOPT_HTTPHEADER, $opts['headers']);
+logger('headers: ' . print_r($opts['headers'],true) . 'redir: ' . $redirects);
+	}
+ 
 	if(x($opts,'nobody'))
 		@curl_setopt($ch, CURLOPT_NOBODY, $opts['nobody']);
 
@@ -236,6 +250,21 @@ function z_post_url($url,$params, $redirects = 0, $opts = array()) {
 		$base = substr($base,strlen($chunk));
 	}
 
+	// would somebody take lighttpd and just shoot it?
+
+	if($http_code == 417) {
+		curl_close($ch);
+		if($opts) {
+			if($opts['headers'])
+				$opts['headers'][] = 'Expect:';
+			else
+				$opts['headers'] = array('Expect:');
+		}
+		else
+			$opts = array('headers' => array('Expect:'));
+		return z_post_url($url,$params,++$redirects,$opts);
+	}
+
 	if($http_code == 301 || $http_code == 302 || $http_code == 303 || $http_code == 307 || $http_code == 308) {
 		$matches = array();
 		preg_match('/(Location:|URI:)(.*?)\n/', $header, $matches);
@@ -585,7 +614,7 @@ function scale_external_images($s, $include_link = true, $scale_replace = false)
 					continue;
 			}
 
-			$hostname = str_replace('www.','',substr($a->get_baseurl(),strpos($a->get_baseurl(),'://')+3));
+			$hostname = str_replace('www.','',substr(z_root(),strpos(z_root(),'://')+3));
 			if(stristr($mtch[3],$hostname))
 				continue;
 
@@ -1043,267 +1072,436 @@ function discover_by_url($url,$arr = null) {
 
 }
 
+
 function discover_by_webbie($webbie) {
 	require_once('library/HTML5/Parser.php');
 
+	$result   = array();
+
+	$network  = null;
+
+	$diaspora = false;
+	$gnusoc   = false;
+	$dfrn     = false;
+	
+	$has_salmon = false;
+	$salmon_key = false;
+	$atom_feed = false;
+	$diaspora_base = '';
+	$diaspora_guid = '';
+	$diaspora_key = '';
+
 	$webbie = strtolower($webbie);
 
 	$x = webfinger_rfc7033($webbie,true);
 	if($x && array_key_exists('links',$x) && $x['links']) {
 		foreach($x['links'] as $link) {
-			if(array_key_exists('rel',$link) && $link['rel'] == 'http://purl.org/zot/protocol') {
-				logger('discover_by_webbie: zot found for ' . $webbie, LOGGER_DEBUG);
-				if(array_key_exists('zot',$x) && $x['zot']['success'])
-					$i = import_xchan($x['zot']);
-				else {
-					$z = z_fetch_url($link['href']);
-					if($z['success']) {
-						$j = json_decode($z['body'],true);
-						$i = import_xchan($j);
-						return true;
+			if(array_key_exists('rel',$link)) {
+
+				// If we discover zot - don't search further; grab the info and get out of
+				// here. 
+
+				if($link['rel'] === PROTOCOL_ZOT) {
+					logger('discover_by_webbie: zot found for ' . $webbie, LOGGER_DEBUG);
+					if(array_key_exists('zot',$x) && $x['zot']['success'])
+						$i = import_xchan($x['zot']);
+					else {
+						$z = z_fetch_url($link['href']);
+						if($z['success']) {
+							$j = json_decode($z['body'],true);
+							$i = import_xchan($j);
+							return true;
+						}
 					}
 				}
+				if($link['rel'] == NAMESPACE_DFRN) {
+					 $dfrn = $link['href'];
+				}
+				if($link['rel'] == 'magic-public-key') {
+        			if(substr($link['href'],0,5) === 'data:') {
+						$salmon_key = convert_salmon_key($link['href']);
+					}
+				}
+				if($link['rel'] == 'salmon') {
+					$has_salmon = true;
+					$salmon = $link['href'];
+				}
+				if($link['rel'] == 'http://schemas.google.com/g/2010#updates-from') {
+					$atom_feed = $link['href'];
+				}
 			}
 		}
 	}
 
-	$arr = array('address' => $webbie, 'success' => false);
-	call_hooks('discover_by_webbie', $arr);
+	logger('webfinger: ' . print_r($x,true), LOGGER_DATA, LOG_INFO);
+
+	$arr = array('address' => $webbie, 'success' => false, 'webfinger' => $x);
+	call_hooks('discover_channel_webfinger', $arr);
 	if($arr['success'])
 		return true;
 
-	$result = array();
-	$network = null;
-	$diaspora = false;
+	$aliases = array();
 
-	$diaspora_base = '';
-	$diaspora_guid = '';
-	$diaspora_key = '';
-	$dfrn = false;
+	// Now let's make some decisions on what we may need
+	// to obtain further info
 
-	$x = old_webfinger($webbie);			
-	if($x) {
-		logger('old_webfinger: ' . print_r($x,true));
-		foreach($x as $link) {
-			if($link['@attributes']['rel'] === NAMESPACE_DFRN)
-				$dfrn = unamp($link['@attributes']['href']);				
-			if($link['@attributes']['rel'] === 'salmon')
-				$notify = unamp($link['@attributes']['href']);
- 			if($link['@attributes']['rel'] === NAMESPACE_FEED)
-				$poll = unamp($link['@attributes']['href']);
-			if($link['@attributes']['rel'] === 'http://microformats.org/profile/hcard')
-				$hcard = unamp($link['@attributes']['href']);
-			if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
-				$profile = unamp($link['@attributes']['href']);
-			if($link['@attributes']['rel'] === 'http://portablecontacts.net/spec/1.0')
-				$poco = unamp($link['@attributes']['href']);
-			if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') {
-				$diaspora_base = unamp($link['@attributes']['href']);
-				$diaspora = true;
+	$probe_atom  = false;
+	$probe_old   = false;
+	$probe_hcard = false;
+
+	$address  = '';
+	$location = '';
+	$nickname = '';
+	$fullname = '';
+	$avatar   = '';
+	$pubkey   = '';
+
+	if(is_array($x)) {
+		if(array_key_exists('address',$x)) 
+			$address = $x['address'];
+		if(array_key_exists('location',$x)) 
+			$location = $x['location'];
+		if(array_key_exists('nickname',$x)) 
+			$nickname = $x['nickname'];
+	}
+
+	if(! $x)
+		$probe_old = true;
+
+	if($probe_old) {
+		$y = old_webfinger($webbie);			
+		if($y) {
+			logger('old_webfinger: ' . print_r($x,true));
+			foreach($y as $link) {
+				if($link['@attributes']['rel'] === NAMESPACE_DFRN)
+					$dfrn = unamp($link['@attributes']['href']);				
+				if($link['@attributes']['rel'] === 'salmon')
+					$notify = unamp($link['@attributes']['href']);
+	 			if($link['@attributes']['rel'] === NAMESPACE_FEED)
+					$poll = unamp($link['@attributes']['href']);
+				if($link['@attributes']['rel'] === 'http://microformats.org/profile/hcard')
+					$hcard = unamp($link['@attributes']['href']);
+				if($link['@attributes']['rel'] === 'http://webfinger.net/rel/profile-page')
+					$profile = unamp($link['@attributes']['href']);
+				if($link['@attributes']['rel'] === 'http://portablecontacts.net/spec/1.0')
+					$poco = unamp($link['@attributes']['href']);
+				if($link['@attributes']['rel'] === 'http://joindiaspora.com/seed_location') {
+					$diaspora_base = unamp($link['@attributes']['href']);
+					$diaspora = true;
+				}
+				if($link['@attributes']['rel'] === 'http://joindiaspora.com/guid') {
+					$diaspora_guid = unamp($link['@attributes']['href']);
+					$diaspora = true;
+				}
+				if($link['@attributes']['rel'] === 'diaspora-public-key') {
+					$diaspora_key = base64_decode(unamp($link['@attributes']['href']));
+					if(strstr($diaspora_key,'RSA '))
+						$pubkey = rsatopem($diaspora_key);
+					else
+						$pubkey = $diaspora_key;
+					$diaspora = true;
+				}
+				if($link['@attributes']['rel'] == 'magic-public-key') {
+        			if(substr($link['@attributes']['href'],0,5) === 'data:') {
+						$salmon_key = convert_salmon_key($link['@attributes']['href']);
+					}
+				}
+				if($link['@attributes']['rel'] == 'salmon') {
+					$has_salmon = true;
+					$salmon = $link['@attributes']['href'];
+				}
+
+				if($link['@attributes']['rel'] == 'http://schemas.google.com/g/2010#updates-from') {
+					$atom_feed = $link['@attributes']['href'];
+				}
+				if($link['@attributes']['rel'] === 'alias') {
+					$aliases[] = $link['@attributes']['href'];
+				}
+				if($link['@attributes']['rel'] === 'subject') {
+					$subject = $link['@attributes']['href'];
+				}
 			}
-			if($link['@attributes']['rel'] === 'http://joindiaspora.com/guid') {
-				$diaspora_guid = unamp($link['@attributes']['href']);
-				$diaspora = true;
-			}
-			if($link['@attributes']['rel'] === 'diaspora-public-key') {
-				$diaspora_key = base64_decode(unamp($link['@attributes']['href']));
-				if(strstr($diaspora_key,'RSA '))
-					$pubkey = rsatopem($diaspora_key);
-				else
-					$pubkey = $diaspora_key;
-				$diaspora = true;
+		}
+	}
+
+	if($subject || $aliases) {
+		if(strpos($webbie,'@')) {
+			$rhs = substr($webbie,strpos($webbie,'@')+1);
+		}
+		else {
+			$m = parse_url($webbie);
+			if($m) {
+				$rhs = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
 			}
 		}
 
-		if($diaspora && $diaspora_base && $diaspora_guid) {
-			$guid = $diaspora_guid;
-			$diaspora_base = trim($diaspora_base,'/');
-
-			$notify = $diaspora_base . '/receive';
-
-			if(strpos($webbie,'@')) {
-				$addr = str_replace('acct:', '', $webbie);
-				$hostname = substr($webbie,strpos($webbie,'@')+1);
-			}
-			$network = 'diaspora';
-			// until we get a dfrn layer, we'll use diaspora protocols for Friendica,
-			// but give it a different network so we can go back and fix these when we get proper support. 
-			// It really should be just 'friendica' but we also want to distinguish
-			// between Friendica sites that we can use D* protocols with and those we can't.
-			// Some Friendica sites will have Diaspora disabled. 
-			if($dfrn)
-				$network = 'friendica-over-diaspora';
-			if($hcard) {
-				$vcard = scrape_vcard($hcard);
-				$vcard['nick'] = substr($webbie,0,strpos($webbie,'@'));
-				if(! $vcard['fn'])
-					$vcard['fn'] = $webbie;
-			} 
-
-			$r = q("select * from xchan where xchan_hash = '%s' limit 1",
-				dbesc($addr)
-			);
-
-			// fix relative urls
-			if($vcard['photo'] && (strpos($vcard['photo'],'http') !== 0))
-				$vcard['photo'] = $diaspora_base . '/' . $vcard['photo'];			
-
-			/**
-			 *
-			 * Diaspora communications are notoriously unreliable and receiving profile update messages (indeed any messages) 
-			 * are pretty much random luck. We'll check the timestamp of the xchan_name_date at a higher level and refresh
-			 * this record once a month; because if you miss a profile update message and they update their profile photo or name 
-			 * you're otherwise stuck with stale info until they change their profile again - which could be years from now. 
-			 *
-			 */  			
-
-			if($r) {
-				$r = q("update xchan set xchan_name = '%s', xchan_network = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1",
-					dbesc($vcard['fn']),
-					dbesc($network),
-					dbesc(datetime_convert()),
-					dbesc($addr)
-				);
-			}
-			else {
-
-				$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_pubkey, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_instance_url, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
-					dbesc($addr),
-					dbesc($guid),
-					dbesc($pubkey),
-					dbesc($addr),
-					dbesc($profile),
-					dbesc($vcard['fn']),
-					dbesc($network),
-					dbesc(z_root()),
-					dbescdate(datetime_convert())
-				);
-			}
-
-			$r = q("select * from hubloc where hubloc_hash = '%s' limit 1",
-				dbesc($webbie)
-			);
-
-			if(! $r) {
-
-				$r = q("insert into hubloc ( hubloc_guid, hubloc_hash, hubloc_addr, hubloc_network, hubloc_url, hubloc_host, hubloc_callback, hubloc_updated, hubloc_primary ) values ('%s','%s','%s','%s','%s','%s','%s','%s', 1)",
-					dbesc($guid),
-					dbesc($addr),
-					dbesc($addr),
-					dbesc($network),
-					dbesc(trim($diaspora_base,'/')),
-					dbesc($hostname),
-					dbesc($notify),
-					dbescdate(datetime_convert())
-				);
-			}
-			$photos = import_xchan_photo($vcard['photo'],$addr);
-			$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
-				dbescdate(datetime_convert('UTC','UTC',$arr['photo_updated'])),
-				dbesc($photos[0]),
-				dbesc($photos[1]),
-				dbesc($photos[2]),
-				dbesc($photos[3]),
-				dbesc($addr)
-			);
-			return true;
-
-		}
-
-	return false;
-
-/*
-	$vcard['fn'] = notags($vcard['fn']);
-	$vcard['nick'] = str_replace(' ','',notags($vcard['nick']));
-
-	$result['name'] = $vcard['fn'];
-	$result['nick'] = $vcard['nick'];
-	$result['guid'] = $guid;
-	$result['url'] = $profile;
-	$result['hostname'] = $hostname;
-	$result['addr'] = $addr;
-	$result['batch'] = $batch;
-	$result['notify'] = $notify;
-	$result['poll'] = $poll;
-	$result['request'] = $request;
-	$result['confirm'] = $confirm;
-	$result['poco'] = $poco;
-	$result['photo'] = $vcard['photo'];
-	$result['priority'] = $priority;
-	$result['network'] = $network;
-	$result['alias'] = $alias;
-	$result['pubkey'] = $pubkey;
-
-	logger('probe_url: ' . print_r($result,true), LOGGER_DEBUG);
-
-	return $result;
-
-*/
-
-/* Sample Diaspora result.
-
-Array
-(
-	[name] => Mike Macgirvin
-	[nick] => macgirvin
-	[guid] => a9174a618f8d269a
-	[url] => https://joindiaspora.com/u/macgirvin
-	[hostname] => joindiaspora.com
-	[addr] => macgirvin@joindiaspora.com
-	[batch] => 
-	[notify] => https://joindiaspora.com/receive
-	[poll] => https://joindiaspora.com/public/macgirvin.atom
-	[request] => 
-	[confirm] => 
-	[poco] => 
-	[photo] => https://joindiaspora.s3.amazonaws.com/uploads/images/thumb_large_fec4e6eef13ae5e56207.jpg
-	[priority] => 
-	[network] => diaspora
-	[alias] => 
-	[pubkey] => -----BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtihtyIuRDWkDpCA+I1UaQ
-jI4S7k625+A7EEJm+pL2ZVSJxeCKiFeEgHBQENjLMNNm8l8F6blxgQqE6ZJ9Spa7f
-tlaXYTRCrfxKzh02L3hR7sNA+JS/nXJaUAIo+IwpIEspmcIRbD9GB7Wv/rr+M28uH
-31EeYyDz8QL6InU/bJmnCdFvmEMBQxJOw1ih9tQp7UNJAbUMCje0WYFzBz7sfcaHL
-OyYcCOqOCBLdGucUoJzTQ9iDBVzB8j1r1JkIHoEb2moUoKUp+tkCylNfd/3IVELF9
-7w1Qjmit3m50OrJk2DQOXvCW9KQxaQNdpRPSwhvemIt98zXSeyZ1q/YjjOwG0DWDq
-AF8aLj3/oQaZndTPy/6tMiZogKaijoxj8xFLuPYDTw5VpKquriVC0z8oxyRbv4t9v
-8JZZ9BXqzmayvY3xZGGp8NulrfjW+me2bKh0/df1aHaBwpZdDTXQ6kqAiS2FfsuPN
-vg57fhfHbL1yJ4oDbNNNeI0kJTGchXqerr8C20khU/cQ2Xt31VyEZtnTB665Ceugv
-kp3t2qd8UpAVKl430S5Quqx2ymfUIdxdW08CEjnoRNEL3aOWOXfbf4gSVaXmPCR4i
-LSIeXnd14lQYK/uxW/8cTFjcmddsKxeXysoQxbSa9VdDK+KkpZdgYXYrTTofXs6v+
-4afAEhRaaY+MCAwEAAQ==
------END PUBLIC KEY-----
-
-)
-*/
-
-
-
+		$v = array('subject' => $subject,'aliases' => $aliases);
+		$address = find_webfinger_address($v,$rhs);
+		$location = find_webfinger_location($v,$rhs);
+		if($address)
+			$nickname = substr($address,0,strpos($address,'@'));
 
 	}
+
+	if($salmon_key && $has_salmon && $atom_feed && (! $dfrn) && (! $diaspora)) {
+		$gnusoc = true;
+		$probe_atom = true;
+	}
+
+	if(! $pubkey)
+		$pubkey = $salmon_key;
+
+	if(($dfrn || $diaspora) && $hcard)
+		$probe_hcard = true;
+
+	if(! $fullname)
+		$fullname = $nickname;
+
+	if($probe_atom) {
+		$k = z_fetch_url($atom_feed);
+		if($k['success'])
+			$feed_meta = feed_meta($k['body']);
+		if($feed_meta) {
+
+			// stash any discovered pubsubhubbub hubs in case we need to follow them
+			// this will save an expensive lookup later
+
+			if($feed_meta['hubs'] && $address) {
+				set_xconfig($address,'system','push_hubs',$feed_meta['hubs']);
+				set_xconfig($address,'system','feed_url',$atom_feed);
+			}
+			if($feed_meta['author']['author_name']) {
+				$fullname = $feed_meta['author']['author_name'];
+			}
+			if(! $avatar) {
+				if($feed_meta['author']['author_photo'])
+					$avatar = $feed_meta['author']['author_photo'];
+			}
+
+			// for GNU-social over-ride any url aliases we may have picked up in webfinger
+			// The author.uri element in the feed is likely to be more accurate
+
+			if($gnusoc && $feed_meta['author']['author_uri'])
+				$location = $feed_meta['author']['author_uri'];
+		}
+	}
+	else {
+		if($probe_hcard) {
+			$vcard = scrape_vcard($hcard);
+			if($vcard) {
+				logger('vcard: ' . print_r($vcard,true), LOGGER_DATA);
+				if($vcard['fn'])
+					$fullname = $vcard['fn'];
+				if($vcard['photo'] && (strpos($vcard['photo'],'http') !== 0))
+					$vcard['photo'] = $diaspora_base . '/' . $vcard['photo'];			
+				if(! $avatar)
+					$avatar = $vcard['photo'];
+
+			}
+		}
+	}
+
+	if(($profile) && (! $location))
+		$location = $profile;
+
+	if($location) { 
+		$m = parse_url($location);
+		$base = $m['scheme'] . '://' . $m['host'];
+		$host = $m['host'];
+	}
+
+
+	if($diaspora && $diaspora_base && $diaspora_guid) {
+		if($dfrn)
+			$network = 'friendica-over-diaspora';
+		else
+			$network = 'diaspora';
+
+		$base = trim($diaspora_base,'/');
+		$notify = $base . '/receive';
+
+	}
+	else {
+		if($gnusoc) {
+			$network = 'gnusoc';
+			$notify = $salmon;
+		}
+	}
+
+
+	logger('network: ' . $network);
+	logger('address: ' . $address);
+	logger('fullname: ' . $fullname);
+	logger('pubkey: ' . $pubkey);
+	logger('location: ' . $location);
+
+
+
+	// if we have everything we need, let's create the records
+
+	if($network && $address && $fullname && $pubkey && $location) {	
+		$r = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($address)
+		);
+		if($r) {
+			$r = q("update xchan set xchan_name = '%s', xchan_network = '%s', xchan_name_date = '%s' where xchan_hash = '%s' limit 1",
+				dbesc($fullname),
+				dbesc($network),
+				dbesc(datetime_convert()),
+				dbesc($address)
+			);
+		}
+		else {
+			$r = q("insert into xchan ( xchan_hash, xchan_guid, xchan_pubkey, xchan_addr, xchan_url, xchan_name, xchan_network, xchan_name_date ) values ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+				dbesc($address),
+				dbesc(($diaspora_guid) ? $diaspora_guid : $location),
+				dbesc($pubkey),
+				dbesc($address),
+				dbesc($location),
+				dbesc($fullname),
+				dbesc($network),
+				dbescdate(datetime_convert())
+			);
+		}
+
+		$r = q("select * from hubloc where hubloc_hash = '%s' limit 1",
+			dbesc($address)
+		);
+
+		if(! $r) {
+			$r = q("insert into hubloc ( hubloc_guid, hubloc_hash, hubloc_addr, hubloc_network, hubloc_url, hubloc_host, hubloc_callback, hubloc_updated, hubloc_primary ) values ('%s','%s','%s','%s','%s','%s','%s','%s', 1)",
+				dbesc(($diaspora_guid) ? $diaspora_guid : $location),
+				dbesc($address),
+				dbesc($address),
+				dbesc($network),
+				dbesc($base),
+				dbesc($host),
+				dbesc($notify),
+				dbescdate(datetime_convert())
+			);
+		}
+		$photos = import_xchan_photo($avatar,$address);
+		$r = q("update xchan set xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'",
+			dbescdate(datetime_convert()),
+			dbesc($photos[0]),
+			dbesc($photos[1]),
+			dbesc($photos[2]),
+			dbesc($photos[3]),
+			dbesc($address)
+		);
+		return true;
+	}
+	return false;
 }
 
 
+
 function webfinger_rfc7033($webbie,$zot = false) {
 
 
-	if(! strpos($webbie,'@'))
-		return false;
-	$lhs = substr($webbie,0,strpos($webbie,'@'));
-	$rhs = substr($webbie,strpos($webbie,'@')+1);
-
-	$resource = 'acct:' . $webbie;
+	if(strpos($webbie,'@')) {
+		$lhs = substr($webbie,0,strpos($webbie,'@'));
+		$rhs = substr($webbie,strpos($webbie,'@')+1);
+		$resource = 'acct:' . $webbie;
+	}
+	else {
+		$m = parse_url($webbie);
+		if($m) {
+			if($m['scheme'] !== 'https')
+				return false;
+			$rhs = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
+			$resource = urlencode($webbie);
+		}
+		else
+			return false;
+	}
+	logger('fetching url from resource: ' . $rhs . ':' . $webbie);
 
 	$s = z_fetch_url('https://' . $rhs . '/.well-known/webfinger?f=&resource=' . $resource . (($zot) ? '&zot=1' : ''));
 
-	if($s['success'])
+	if($s['success']) {
 		$j = json_decode($s['body'],true);
+
+		// We could have a number of URL aliases and webbies
+		// make an executive decision about the most likely "best" of each
+		// by comparing against some examples from known networks we're likely to encounter.
+		// Otherwise we have to store every alias that we may ever encounter and 
+		// validate every URL we ever find against every possible alias
+
+		// @fixme pump.io is going to be a real bugger since it doesn't return subject or aliases
+		// or provide lookup by url
+
+		$j['address'] = find_webfinger_address($j,$rhs);
+		$j['location'] = find_webfinger_location($j,$rhs);
+		if($j['address'])
+			$j['nickname'] = substr($j['address'],0,strpos($j['address'],'@'));
+	}
 	else
 		return false;
+
 	return($j);
 }
 
+function find_webfinger_address($j,$rhs) {
+	if(is_array($j) && ($j)) {
+		if(strpos($j['subject'],'acct:') !== false && strpos($j['subject'],'@' . $rhs))
+			return str_replace('acct:','',$j['subject']);
+		if($j['aliases']) {
+			foreach($j['aliases'] as $alias) {
+				if(strpos($alias,'acct:') !== false && strpos($alias,'@' . $rhs)) {
+					return str_replace('acct:','',$alias);
+				}
+			}
+		}
+	}
+	return '';
+}
+
+
+function find_webfinger_location($j,$rhs) {
+	if(is_array($j) && ($j)) {
+		if(strpos($j['subject'],'http') === 0) {
+			$x = match_webfinger_location($j['subject'],$rhs);
+			if($x)
+				return $x;
+		}
+		if($j['aliases']) {
+			foreach($j['aliases'] as $alias) {
+				if(strpos($alias,'http') === 0) {
+					$x = match_webfinger_location($alias,$rhs);
+					if($x)
+						return($x);
+				}
+			}
+		}
+	}
+	return '';
+}
+
+function match_webfinger_location($s,$h) {
+
+	// GNU-social and the older StatusNet - the $host/user/123 form doesn't work
+	if(preg_match('|' . $h . '/index.php/user/([0-9]*?)$|',$s))
+		return $s;
+	// Redmatrix / hubzilla
+	if(preg_match('|' . $h . '/channel/|',$s))
+		return $s;
+	// Friendica
+	if(preg_match('|' . $h . '/profile/|',$s))
+		return $s;
+
+	$arr = array('test' => $s, 'host' => $h, 'success' => false);
+	call_hooks('match_webfinger_location',$arr);
+	if($arr['success'])
+		return $s;
+	return '';
+}
+	
+
+
+
+
+
 
 function old_webfinger($webbie) {
 
@@ -1358,7 +1556,7 @@ function fetch_lrdd_template($host) {
 
 function fetch_xrd_links($url) {
 
-logger('fetch_xrd_links: ' . $url);
+	logger('fetch_xrd_links: ' . $url, LOGGER_DEBUG);
 
 	$redirects = 0;
 	$x = z_fetch_url($url,false,$redirects,array('timeout' => 20));
@@ -1404,6 +1602,10 @@ logger('fetch_xrd_links: ' . $url);
 		}
 	}
 
+	if(isset($arr['xrd']['subject'])) {
+		$links[]['@attributes'] = array('rel' => 'subject' , 'href' => $arr['xrd']['subject']);
+	}
+
 	logger('fetch_xrd_links: ' . print_r($links,true), LOGGER_DATA);
 
 	return $links;
@@ -1455,8 +1657,25 @@ function scrape_vcard($url) {
 		if(attribute_contains($item->getAttribute('class'), 'vcard')) {
 			$level2 = $item->getElementsByTagName('*');
 			foreach($level2 as $x) {
+				if(attribute_contains($x->getAttribute('id'),'pod_location'))
+					$ret['pod_location'] = $x->textContent;
 				if(attribute_contains($x->getAttribute('class'),'fn'))
 					$ret['fn'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'uid'))
+					$ret['uid'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'nickname'))
+					$ret['nick'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'searchable'))
+					$ret['searchable'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'key'))
+					$ret['public_key'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'given_name'))
+					$ret['given_name'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'family_name'))
+					$ret['family_name'] = $x->textContent;
+				if(attribute_contains($x->getAttribute('class'),'url'))
+					$ret['url'] = $x->textContent;
+
 				if((attribute_contains($x->getAttribute('class'),'photo'))
 					|| (attribute_contains($x->getAttribute('class'),'avatar'))) {
 					$size = intval($x->getAttribute('width'));
@@ -1465,10 +1684,6 @@ function scrape_vcard($url) {
 						$largest_photo = $size;
 					}
 				}
-				if((attribute_contains($x->getAttribute('class'),'nickname'))
-					|| (attribute_contains($x->getAttribute('class'),'uid'))) {
-					$ret['nick'] = $x->textContent;
-				}
 			}
 		}
 	}
@@ -1659,7 +1874,7 @@ function format_and_send_email($sender,$xchan,$item) {
 
 		$sender_name = t('Administrator');
 		
-  		$hostname = get_app()->get_hostname();
+  		$hostname = App::get_hostname();
 	    if(strpos($hostname,':'))
     	    $hostname = substr($hostname,0,strpos($hostname,':'));
 		$sender_email = 'noreply' . '@' . $hostname;
@@ -1733,11 +1948,11 @@ function get_site_info() {
 		$admin = array();
 		foreach($r as $rr) {
 			if($rr['channel_pageflags'] & PAGE_HUBADMIN)
-				$admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . get_app()->get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']);
+				$admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . App::get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']);
 		}
 		if(! $admin) {
 			foreach($r as $rr) {
-				$admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . get_app()->get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']);
+				$admin[] = array( 'name' => $rr['channel_name'], 'address' => $rr['channel_address'] . '@' . App::get_hostname(), 'channel' => z_root() . '/channel/' . $rr['channel_address']);
 			}
 		}
 	}
@@ -1752,7 +1967,7 @@ function get_site_info() {
 		$service_class = false;
 
 	$visible_plugins = array();
-	if(is_array($a->plugins) && count($a->plugins)) {
+	if(is_array(App::$plugins) && count(App::$plugins)) {
 		$r = q("select * from addon where hidden = 0");
 		if(count($r))
 			foreach($r as $rr)
@@ -1792,8 +2007,8 @@ function get_site_info() {
 
 	load_config('feature_lock');
 	$locked_features = array();
-	if(is_array($a->config['feature_lock']) && count($a->config['feature_lock'])) {
-		foreach($a->config['feature_lock'] as $k => $v) {
+	if(is_array(App::$config['feature_lock']) && count(App::$config['feature_lock'])) {
+		foreach(App::$config['feature_lock'] as $k => $v) {
 			if($k === 'config_loaded')
 				continue;
 			$locked_features[$k] = intval($v);

include/oauth.php

@@ -27,7 +27,7 @@ class ZotOAuth1DataStore extends OAuth1DataStore {
 		);
 
 		if($r) {
-			get_app()->set_oauth_key($consumer_key);
+			App::set_oauth_key($consumer_key);
 			return new OAuth1Consumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
 		}
 		return null;

include/oembed.php

@@ -85,7 +85,7 @@ function oembed_fetch_url($embedurl){
 
 // logger('fetch: ' . $embedurl);
 
-	$txt = Cache::get($a->videowidth . $embedurl);
+	$txt = Cache::get(App::$videowidth . $embedurl);
 
 	if(strstr($txt,'youtu') && strstr(z_root(),'https:')) {
 		$txt = str_replace('http:','https:',$txt);
@@ -124,7 +124,7 @@ function oembed_fetch_url($embedurl){
 					$entries = $xpath->query("//link[@type='application/json+oembed']");
 					foreach($entries as $e){
 						$href = $e->getAttributeNode("href")->nodeValue;
-						$x = z_fetch_url($href . '&maxwidth=' . $a->videowidth);
+						$x = z_fetch_url($href . '&maxwidth=' . App::$videowidth);
 						$txt = $x['body'];
 						break;
 					}
@@ -133,7 +133,7 @@ function oembed_fetch_url($embedurl){
 					$entries = $xpath->query("//link[@type='text/json+oembed']");
 					foreach($entries as $e){
 						$href = $e->getAttributeNode("href")->nodeValue;
-						$x = z_fetch_url($href . '&maxwidth=' . $a->videowidth);
+						$x = z_fetch_url($href . '&maxwidth=' . App::$videowidth);
 						$txt = $x['body'];
 						break;
 					}
@@ -142,7 +142,7 @@ function oembed_fetch_url($embedurl){
 		}
 		
 		if ($txt==false || $txt=="") {
-			$x = array('url' => $embedurl,'videowidth' => $a->videowidth);
+			$x = array('url' => $embedurl,'videowidth' => App::$videowidth);
 			call_hooks('oembed_probe',$x);
 			if(array_key_exists('embed',$x))
 				$txt = $x['embed'];
@@ -154,7 +154,7 @@ function oembed_fetch_url($embedurl){
 		//save in cache
 
 		if(! get_config('system','oembed_cache_disable'))
-			Cache::set($a->videowidth . $embedurl,$txt);
+			Cache::set(App::$videowidth . $embedurl,$txt);
 
 	}
 
@@ -195,7 +195,7 @@ function oembed_format_object($j){
 				
 				}
 				$ret.=replace_macros($tpl, array(
-                    '$baseurl' => $a->get_baseurl(),
+                    '$baseurl' => z_root(),
 					'$embedurl'=>$embedurl,
 					'$escapedhtml'=>base64_encode($jhtml),
 					'$tw'=>$tw,

include/permissions.php

@@ -63,7 +63,7 @@ function get_perms() {
  */
 function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
-	$api = get_app()->get_oauth_key();
+	$api = App::get_oauth_key();
 	if($api)
 		return get_all_api_perms($uid,$api);	
 
@@ -151,9 +151,13 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
 		// Check if this $uid is actually the $observer_xchan - if it's your content
 		// you always have permission to do anything
+		// if you've moved elsewhere, you will only have read only access
 
 		if(($observer_xchan) && ($r[0]['channel_hash'] === $observer_xchan)) {
-			$ret[$perm_name] = true;
+			if($r[0]['channel_moved'] && (! $permission[2]))
+				$ret[$perm_name] = false;
+			else
+				$ret[$perm_name] = true;
 			continue;
 		}
 
@@ -266,7 +270,7 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
  */
 function perm_is_allowed($uid, $observer_xchan, $permission) {
 
-	$api = get_app()->get_oauth_key();
+	$api = App::get_oauth_key();
 	if($api)
 		return api_perm_is_allowed($uid,$api,$permission);
 
@@ -286,7 +290,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
 
 	$channel_perm = $global_perms[$permission][0];
 
-	$r = q("select %s, channel_pageflags, channel_hash from channel where channel_id = %d limit 1",
+	$r = q("select %s, channel_pageflags, channel_moved, channel_hash from channel where channel_id = %d limit 1",
 		dbesc($channel_perm),
 		intval($uid)
 	);
@@ -325,9 +329,15 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
 		return false;
 
 	// Check if this $uid is actually the $observer_xchan
+	// you will have full access unless the channel was moved - 
+	// in which case you will have read_only access
 
-	if($r[0]['channel_hash'] === $observer_xchan)
-		return true;
+	if($r[0]['channel_hash'] === $observer_xchan) {
+		if($r[0]['channel_moved'] && (! $global_perms[$permission][2]))
+			return false;
+		else
+			return true;
+	}
 
 	if($r[0][$channel_perm] & PERMS_PUBLIC)
 		return true;

include/photo/photo_driver.php

@@ -679,9 +679,9 @@ function import_xchan_photo($photo,$xchan,$thing = false) {
 			if($r === false)
 				$photo_failure = true;
 
-			$photo = $a->get_baseurl() . '/photo/' . $hash . '-4';
-			$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5';
-			$micro = $a->get_baseurl() . '/photo/' . $hash . '-6';
+			$photo = z_root() . '/photo/' . $hash . '-4';
+			$thumb = z_root() . '/photo/' . $hash . '-5';
+			$micro = z_root() . '/photo/' . $hash . '-6';
 		}
 		else {
 			logger('import_xchan_photo: invalid image from ' . $photo);	
@@ -689,9 +689,9 @@ function import_xchan_photo($photo,$xchan,$thing = false) {
 		}
 	}
 	if($photo_failure) {
-		$photo = $a->get_baseurl() . '/' . get_default_profile_photo();
-		$thumb = $a->get_baseurl() . '/' . get_default_profile_photo(80);
-		$micro = $a->get_baseurl() . '/' . get_default_profile_photo(48);
+		$photo = z_root() . '/' . get_default_profile_photo();
+		$thumb = z_root() . '/' . get_default_profile_photo(80);
+		$micro = z_root() . '/' . get_default_profile_photo(48);
 		$type = 'image/png';
 	}
 

include/photos.php

@@ -194,7 +194,7 @@ function photo_upload($channel, $observer, $args) {
 	$link[0] = array(
 		'rel'  => 'alternate',
 		'type' => 'text/html',
-		'href' => $url = rawurlencode(z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt()),
+		'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(),
 		'width' => $ph->getWidth(),
 		'height' => $ph->getHeight()
 	);
@@ -212,7 +212,7 @@ function photo_upload($channel, $observer, $args) {
 	$link[1] = array(
 		'rel'  => 'alternate',
 		'type' => 'text/html',
-		'href' => $url = rawurlencode(z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt()),
+		'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(),
 		'width' => $ph->getWidth(),
 		'height' => $ph->getHeight()
 	);
@@ -227,7 +227,7 @@ function photo_upload($channel, $observer, $args) {
 	$link[2] = array(
 		'rel'  => 'alternate',
 		'type' => 'text/html',
-		'href' => $url = rawurlencode(z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt()),
+		'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(),
 		'width' => $ph->getWidth(),
 		'height' => $ph->getHeight()
 	);
@@ -242,7 +242,7 @@ function photo_upload($channel, $observer, $args) {
 	$link[3] = array(
 		'rel'  => 'alternate',
 		'type' => 'text/html',
-		'href' => $url = rawurlencode(z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt()),
+		'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(),
 		'width' => $ph->getWidth(),
 		'height' => $ph->getHeight()
 	);
@@ -312,7 +312,7 @@ function photo_upload($channel, $observer, $args) {
 		'title'   => $title,
 		'created' => $p['created'],
 		'edited'  => $p['edited'],
-		'id'      => rawurlencode(z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash),
+		'id'      => z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash,
 		'link'    => $link,
 		'body'    => $obj_body
 	);
@@ -320,7 +320,7 @@ function photo_upload($channel, $observer, $args) {
 	$target = array(
 		'type'    => ACTIVITY_OBJ_ALBUM,
 		'title'   => (($album) ? $album : '/'),
-		'id'      => rawurlencode(z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album))
+		'id'      => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album)
 	);
 
 	// Create item container
@@ -490,12 +490,12 @@ function photos_album_widget($channelx,$observer,$albums = null) {
 	$o = '';
 
 	// If we weren't passed an album list, see if the photos module
-	// dropped one for us to find in $a->data['albums']. 
+	// dropped one for us to find in App::$data['albums']. 
 	// If all else fails, load it.
 
 	if(! $albums) {
-		if(array_key_exists('albums', get_app()->data))
-			$albums = get_app()->data['albums'];
+		if(array_key_exists('albums', App::$data))
+			$albums = App::$data['albums'];
 		else
 			$albums = photos_albums_list($channelx,$observer);
 	}

include/plugin.php

@@ -219,7 +219,7 @@ function unregister_hook($hook, $file, $function) {
 
 
 //
-// It might not be obvious but themes can manually add hooks to the $a->hooks
+// It might not be obvious but themes can manually add hooks to the App::$hooks
 // array in their theme_init() and use this to customise the app behaviour.  
 // UPDATE: use insert_hook($hookname,$function_name) to do this
 //
@@ -227,19 +227,19 @@ function unregister_hook($hook, $file, $function) {
 
 function load_hooks() {
 	$a = get_app();
-//	if(! is_array($a->hooks))
-		$a->hooks = array();
+//	if(! is_array(App::$hooks))
+		App::$hooks = array();
 
 	$r = q("SELECT * FROM hook WHERE true ORDER BY priority DESC");
 	if($r) {
 		foreach($r as $rr) {
-			if(! array_key_exists($rr['hook'],$a->hooks))
-				$a->hooks[$rr['hook']] = array();
+			if(! array_key_exists($rr['hook'],App::$hooks))
+				App::$hooks[$rr['hook']] = array();
 
-			$a->hooks[$rr['hook']][] = array($rr['file'],$rr['function']);
+			App::$hooks[$rr['hook']][] = array($rr['file'],$rr['function']);
 		}
 	}
-//logger('hooks: ' . print_r($a->hooks,true));
+//logger('hooks: ' . print_r(App::$hooks,true));
 }
 
 /**
@@ -261,13 +261,13 @@ function load_hooks() {
  */ 
 function insert_hook($hook, $fn) {
 	$a = get_app();
-	if(! is_array($a->hooks))
-		$a->hooks = array();
+	if(! is_array(App::$hooks))
+		App::$hooks = array();
 
-	if(! array_key_exists($hook, $a->hooks))
-		$a->hooks[$hook] = array();
+	if(! array_key_exists($hook, App::$hooks))
+		App::$hooks[$hook] = array();
 
-	$a->hooks[$hook][] = array('', $fn);
+	App::$hooks[$hook][] = array('', $fn);
 }
 
 /**
@@ -282,8 +282,8 @@ function insert_hook($hook, $fn) {
 function call_hooks($name, &$data = null) {
 	$a = get_app();
 
-	if((is_array($a->hooks)) && (array_key_exists($name, $a->hooks))) {
-		foreach($a->hooks[$name] as $hook) {
+	if((is_array(App::$hooks)) && (array_key_exists($name, App::$hooks))) {
+		foreach(App::$hooks[$name] as $hook) {
 			if($hook[0])
 				@include_once($hook[0]);
 
@@ -392,7 +392,7 @@ function check_plugin_versions($info) {
 				$test = trim($test);
 				if(! $test)
 					continue;
-				if(! in_array($test,get_app()->plugins))
+				if(! in_array($test,App::$plugins))
 					$found = false;				
 			}
 		}
@@ -495,10 +495,10 @@ function get_theme_screenshot($theme) {
 	$exts = array('.png', '.jpg');
 	foreach($exts as $ext) {
 		if(file_exists('view/theme/' . $theme . '/img/screenshot' . $ext))
-			return($a->get_baseurl() . '/view/theme/' . $theme . '/img/screenshot' . $ext);
+			return(z_root() . '/view/theme/' . $theme . '/img/screenshot' . $ext);
 	}
 
-	return($a->get_baseurl() . '/images/blank.png');
+	return(z_root() . '/images/blank.png');
 }
 
 /**
@@ -508,19 +508,19 @@ function get_theme_screenshot($theme) {
  * @param string $media change media attribute (default to 'screen')
  */
 function head_add_css($src, $media = 'screen') {
-	get_app()->css_sources[] = array($src, $media);
+	App::$css_sources[] = array($src, $media);
 }
 
 function head_remove_css($src, $media = 'screen') {
 	$a = get_app();
-	$index = array_search(array($src, $media), $a->css_sources);
+	$index = array_search(array($src, $media), App::$css_sources);
 	if ($index !== false)
-		unset($a->css_sources[$index]);
+		unset(App::$css_sources[$index]);
 }
 
 function head_get_css() {
 	$str = '';
-	$sources = get_app()->css_sources;
+	$sources = App::$css_sources;
 	if (count($sources)) {
 		foreach ($sources as $source)
 			$str .= format_css_if_exists($source);
@@ -560,7 +560,7 @@ function script_path() {
 	
 	// Some proxy setups may require using http_host
 
-	if(intval(get_app()->config['system']['script_path_use_http_host']))
+	if(intval(App::$config['system']['script_path_use_http_host']))
 		$server_var = 'HTTP_HOST';
 	else
 		$server_var = 'SERVER_NAME';
@@ -576,19 +576,19 @@ function script_path() {
 }
 
 function head_add_js($src) {
-	get_app()->js_sources[] = $src;
+	App::$js_sources[] = $src;
 }
 
 function head_remove_js($src) {
 	$a = get_app();
-	$index = array_search($src, $a->js_sources);
+	$index = array_search($src, App::$js_sources);
 	if($index !== false)
-		unset($a->js_sources[$index]);
+		unset(App::$js_sources[$index]);
 }
 
 function head_get_js() {
 	$str = '';
-	$sources = get_app()->js_sources;
+	$sources = App::$js_sources;
 	if(count($sources)) 
 		foreach($sources as $source) {
 			if($source === 'main.js')
@@ -624,7 +624,7 @@ function theme_include($file, $root = '') {
 	if($root !== '' && $root[strlen($root)-1] !== '/')
 		$root = $root . '/';
 
-	$theme_info = $a->theme_info;
+	$theme_info = App::$theme_info;
 
 	if(array_key_exists('extends',$theme_info))
 		$parent = $theme_info['extends'];
@@ -656,7 +656,7 @@ function theme_include($file, $root = '') {
 
 function get_intltext_template($s, $root = '') {
 	$a = get_app();
-	$t = $a->template_engine();
+	$t = App::template_engine();
 
 	$template = $t->get_intltext_template($s, $root);
 	return $template;
@@ -665,7 +665,7 @@ function get_intltext_template($s, $root = '') {
 
 function get_markup_template($s, $root = '') {
 	$a = get_app();
-	$t = $a->template_engine();
+	$t = App::template_engine();
 	$template = $t->get_markup_template($s, $root);
 	return $template;
 }

include/profile_selectors.php

@@ -7,7 +7,7 @@ function gender_selector($current="",$suffix="") {
 
 	call_hooks('gender_selector', $select);
 
-	$o .= "<select name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');
@@ -24,7 +24,7 @@ function gender_selector_min($current="",$suffix="") {
 
 	call_hooks('gender_selector_min', $select);
 
-	$o .= "<select name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"gender$suffix\" id=\"gender-select$suffix\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');
@@ -44,7 +44,7 @@ function sexpref_selector($current="",$suffix="") {
 
 	call_hooks('sexpref_selector', $select);
 
-	$o .= "<select name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');
@@ -62,7 +62,7 @@ function sexpref_selector_min($current="",$suffix="") {
 
 	call_hooks('sexpref_selector_min', $select);
 
-	$o .= "<select name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"sexual$suffix\" id=\"sexual-select$suffix\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');
@@ -81,7 +81,7 @@ function marital_selector($current="",$suffix="") {
 
 	call_hooks('marital_selector', $select);
 
-	$o .= "<select name=\"marital\" id=\"marital-select\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"marital\" id=\"marital-select\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');
@@ -98,7 +98,7 @@ function marital_selector_min($current="",$suffix="") {
 
 	call_hooks('marital_selector_min', $select);
 
-	$o .= "<select name=\"marital\" id=\"marital-select\" size=\"1\" >";
+	$o .= "<select class=\"form-control\" name=\"marital\" id=\"marital-select\" size=\"1\" >";
 	foreach($select as $selection) {
 		if($selection !== 'NOTRANSLATION') {
 			$selected = (($selection == $current) ? ' selected="selected" ' : '');

include/reddav.php

@@ -23,9 +23,6 @@ use Zotlabs\Storage;
 
 require_once('vendor/autoload.php');
 require_once('include/attach.php');
-//require_once('Zotlabs/Storage/File.php');
-//require_once('Zotlabs/Storage/Directory.php');
-//require_once('Zotlabs/Storage/BasicAuth.php');
 
 /**
  * @brief Returns an array with viewable channels.

include/security.php

@@ -14,21 +14,19 @@
  */
 function authenticate_success($user_record, $login_initial = false, $interactive = false, $return = false, $update_lastlog = false) {
 
-	$a = get_app();
-
 	$_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
 
 	$lastlog_updated = false;
 
 	if(x($user_record, 'account_id')) {
-		$a->account = $user_record;
+		App::$account = $user_record;
 		$_SESSION['account_id'] = $user_record['account_id'];
 		$_SESSION['authenticated'] = 1;
 
 
 		$uid_to_load = (((x($_SESSION,'uid')) && (intval($_SESSION['uid']))) 
 			? intval($_SESSION['uid']) 
-			: intval($a->account['account_default_channel'])
+			: intval(App::$account['account_default_channel'])
 		);
 
 		if($uid_to_load) {
@@ -40,9 +38,9 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 				dbesc(datetime_convert()),
 				intval($_SESSION['account_id'])
 			);
-			$a->account['account_lastlog'] = datetime_convert();
+			App::$account['account_lastlog'] = datetime_convert();
 			$lastlog_updated = true;
-			call_hooks('logged_in', $a->account);
+			call_hooks('logged_in', App::$account);
 		}
 
 	}
@@ -59,7 +57,7 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 		return;
 	}
 
-	if(($a->module !== 'home') && x($_SESSION,'login_return_url') && strlen($_SESSION['login_return_url'])) {
+	if((App::$module !== 'home') && x($_SESSION,'login_return_url') && strlen($_SESSION['login_return_url'])) {
 		$return_url = $_SESSION['login_return_url'];
 
 		// don't let members get redirected to a raw ajax page update - this can happen
@@ -68,14 +66,14 @@ function authenticate_success($user_record, $login_initial = false, $interactive
 			$return_url = '';
 
 		unset($_SESSION['login_return_url']);
-		goaway($a->get_baseurl() . '/' . $return_url);
+		goaway(z_root() . '/' . $return_url);
 	}
 
 	/* This account has never created a channel. Send them to new_channel by default */
 
-	if($a->module === 'login') {
+	if(App::$module === 'login') {
 		$r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0 ",
-			intval($a->account['account_id'])
+			intval(App::$account['account_id'])
 		);
 		if(($r) && (! $r[0]['total']))
 			goaway(z_root() . '/new_channel');
@@ -116,7 +114,7 @@ function change_channel($change_channel) {
 		if($r) {
 			$hash = $r[0]['channel_hash'];
 			$_SESSION['uid'] = intval($r[0]['channel_id']);
-			get_app()->set_channel($r[0]);
+			App::set_channel($r[0]);
 			$_SESSION['theme'] = $r[0]['channel_theme'];
 			$_SESSION['mobile_theme'] = get_pconfig(local_channel(),'system', 'mobile_theme');
 			date_default_timezone_set($r[0]['channel_timezone']);
@@ -127,10 +125,10 @@ function change_channel($change_channel) {
 		);
 		if($x) {
 			$_SESSION['my_url'] = $x[0]['xchan_url'];
-			$_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(get_app()->get_baseurl(), strpos(get_app()->get_baseurl(), '://') + 3);
+			$_SESSION['my_address'] = $r[0]['channel_address'] . '@' . substr(z_root(), strpos(z_root(), '://') + 3);
 
-			get_app()->set_observer($x[0]);
-			get_app()->set_perms(get_all_perms(local_channel(), $hash));
+			App::set_observer($x[0]);
+			App::set_perms(get_all_perms(local_channel(), $hash));
 		}
 		if(! is_dir('store/' . $r[0]['channel_address']))
 			@os_mkdir('store/' . $r[0]['channel_address'], STORAGE_DEFAULT_PERMISSIONS,true);
@@ -293,7 +291,7 @@ function scopes_sql($uid,$observer) {
 	if(! is_foreigner($observer))
 		$str .= " or public_policy = 'network: red' ";
 	if(local_channel())
-		$str .= " or public_policy = 'site: " . get_app()->get_hostname() . "' ";
+		$str .= " or public_policy = 'site: " . App::get_hostname() . "' ";
 
 	$ab = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
 		dbesc($observer),
@@ -320,7 +318,7 @@ function scopes_sql($uid,$observer) {
  */
 function public_permissions_sql($observer_hash) {
 
-	//$observer = get_app()->get_observer();
+	//$observer = App::get_observer();
 	$groups = init_groups_visitor($observer_hash);
 
 	$gs = '<<>>'; // should be impossible to match
@@ -360,10 +358,9 @@ function public_permissions_sql($observer_hash) {
  *    so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
  */ 
 function get_form_security_token($typename = '') {
-	$a = get_app();
 
 	$timestamp = time();
-	$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $timestamp . $typename);
+	$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $timestamp . $typename);
 
 	return $timestamp . '.' . $sec_hash;
 }
@@ -374,12 +371,10 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
 
 	$max_livetime = 10800; // 3 hours
 
-	$a = get_app();
-
 	$x = explode('.', $hash);
 	if (time() > (IntVal($x[0]) + $max_livetime)) return false;
 
-	$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
+	$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename);
 
 	return ($sec_hash == $x[1]);
 }
@@ -389,17 +384,15 @@ function check_form_security_std_err_msg() {
 }
 function check_form_security_token_redirectOnErr($err_redirect, $typename = '', $formname = 'form_security_token') {
 	if (!check_form_security_token($typename, $formname)) {
-		$a = get_app();
-		logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+		logger('check_form_security_token failed: user ' . App::$observer['xchan_name'] . ' - form element ' . $typename);
 		logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
 		notice( check_form_security_std_err_msg() );
-		goaway($a->get_baseurl() . $err_redirect );
+		goaway(z_root() . $err_redirect );
 	}
 }
 function check_form_security_token_ForbiddenOnErr($typename = '', $formname = 'form_security_token') {
 	if (!check_form_security_token($typename, $formname)) {
-		$a = get_app();
-		logger('check_form_security_token failed: user ' . $a->user['guid'] . ' - form element ' . $typename);
+		logger('check_form_security_token failed: user ' . App::$observer['xchan_name'] . ' - form element ' . $typename);
 		logger('check_form_security_token failed: _REQUEST data: ' . print_r($_REQUEST, true), LOGGER_DATA);
 		header('HTTP/1.1 403 Forbidden');
 		killme();
@@ -415,7 +408,7 @@ function init_groups_visitor($contact_id) {
 	$r = q("SELECT hash FROM `groups` left join group_member on groups.id = group_member.gid WHERE xchan = '%s' ",
 		dbesc($contact_id)
 	);
-	if(count($r)) {
+	if($r) {
 		foreach($r as $rr)
 			$groups[] = $rr['hash'];
 	}

include/session.php

@@ -1,135 +0,0 @@
-<?php
-
-/**
- * @file include/session.php
- *
- * @brief This file includes session related functions.
- *
- * Session management functions. These provide database storage of PHP
- * session info.
- */
-
-$session_exists = 0;
-$session_expire = 180000;
-
-function new_cookie($time) {
-	$old_sid = session_id();
-
-	// ??? This shouldn't have any effect if called after session_start()
-	// We probably need to set the session expiration and change the PHPSESSID cookie.
-
-	session_set_cookie_params($time);
-	session_regenerate_id(false);
-
-	q("UPDATE session SET sid = '%s' WHERE sid = '%s'",
-			dbesc(session_id()),
-			dbesc($old_sid)
-	);
-
-	if (x($_COOKIE, 'jsAvailable')) {
-		if ($time) {
-			$expires = time() + $time;
-		} else {
-			$expires = 0;
-		}
-		setcookie('jsAvailable', $_COOKIE['jsAvailable'], $expires);
-	}
-}
-
-
-function ref_session_open ($s, $n) {
-	return true;
-}
-
-
-function ref_session_read ($id) {
-	global $session_exists;
-	if(x($id))
-		$r = q("SELECT `data` FROM `session` WHERE `sid`= '%s'", dbesc($id));
-
-	if(count($r)) {
-		$session_exists = true;
-		return $r[0]['data'];
-	}
-
-	return '';
-}
-
-
-function ref_session_write ($id, $data) {
-	global $session_exists, $session_expire;
-
-	if(! $id || ! $data) {
-		return false;
-	}
-
-	$expire = time() + $session_expire;
-	$default_expire = time() + 300;
-
-	if($session_exists) {
-		q("UPDATE `session`
-				SET `data` = '%s', `expire` = '%s' WHERE `sid` = '%s'",
-				dbesc($data),
-				dbesc($expire),
-				dbesc($id)
-		);
-	} else {
-		q("INSERT INTO `session` (sid, expire, data) values ('%s', '%s', '%s')",
-				//SET `sid` = '%s', `expire` = '%s', `data` = '%s'",
-				dbesc($id),
-				dbesc($default_expire),
-				dbesc($data)
-		);
-	}
-
-	return true;
-}
-
-
-function ref_session_close() {
-	return true;
-}
-
-
-function ref_session_destroy ($id) {
-	q("DELETE FROM `session` WHERE `sid` = '%s'", dbesc($id));
-	return true;
-}
-
-
-function ref_session_gc($expire) {
-	q("DELETE FROM session WHERE expire < %d", dbesc(time()));
-	return true;
-}
-
-$gc_probability = 50;
-
-ini_set('session.gc_probability', $gc_probability);
-ini_set('session.use_only_cookies', 1);
-ini_set('session.cookie_httponly', 1);
-
-/*
- * Set our session storage functions.
- */
-
-session_set_save_handler(
-		'ref_session_open',
-		'ref_session_close',
-		'ref_session_read',
-		'ref_session_write',
-		'ref_session_destroy',
-		'ref_session_gc'
-);
-
-
-   // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
-
-    if(intval(get_app()->config['system']['ssl_cookie_protection'])) {
-        $arr = session_get_cookie_params();
-        session_set_cookie_params(
-            ((isset($arr['lifetime']))  ? $arr['lifetime'] : 0),
-            ((isset($arr['path']))      ? $arr['path']     : '/'),
-            ((isset($arr['domain']))    ? $arr['domain']   : get_app()->get_hostname()),
-            ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
-            ((isset($arr['httponly']))  ? $arr['httponly'] : true));
-    }

include/smarty.php

@@ -16,19 +16,19 @@ class FriendicaSmarty extends Smarty {
 		// setTemplateDir can be set to an array, which Smarty will parse in order.
 		// The order is thus very important here
 		$template_dirs = array('theme' => "view/theme/$theme/tpl/");
-		if( x($a->theme_info,"extends") )
-			$template_dirs = $template_dirs + array('extends' => "view/theme/".$a->theme_info["extends"]."/tpl/");
+		if( x(App::$theme_info,"extends") )
+			$template_dirs = $template_dirs + array('extends' => "view/theme/".App::$theme_info["extends"]."/tpl/");
 		$template_dirs = $template_dirs + array('base' => 'view/tpl/');
 		$this->setTemplateDir($template_dirs);
 
-        $basecompiledir = $a->config['system']['smarty3_folder'];
+        $basecompiledir = App::$config['system']['smarty3_folder'];
         
 		$this->setCompileDir($basecompiledir.'/compiled/');
 		$this->setConfigDir($basecompiledir.'/config/');
 		$this->setCacheDir($basecompiledir.'/cache/');
 
-		$this->left_delimiter = $a->get_template_ldelim('smarty3');
-		$this->right_delimiter = $a->get_template_rdelim('smarty3');
+		$this->left_delimiter = App::get_template_ldelim('smarty3');
+		$this->right_delimiter = App::get_template_rdelim('smarty3');
 
 		// Don't report errors so verbosely
 		$this->error_reporting = E_ALL & ~E_NOTICE;
@@ -53,7 +53,7 @@ class FriendicaSmartyEngine implements ITemplateEngine {
 		// Cannot use get_config() here because it is called during installation when there is no DB.
 		// FIXME: this may leak private information such as system pathnames.
 
-        $basecompiledir = ((array_key_exists('smarty3_folder',$a->config['system'])) ? $a->config['system']['smarty3_folder'] : '');
+        $basecompiledir = ((array_key_exists('smarty3_folder',App::$config['system'])) ? App::$config['system']['smarty3_folder'] : '');
         if (!$basecompiledir) $basecompiledir = dirname(__dir__) . "/" . TEMPLATE_BUILD_PATH;
         if (!is_dir($basecompiledir)) {
             echo "<b>ERROR:</b> folder <tt>$basecompiledir</tt> does not exist."; killme();
@@ -61,7 +61,7 @@ class FriendicaSmartyEngine implements ITemplateEngine {
 		if(!is_writable($basecompiledir)){
 			echo "<b>ERROR:</b> folder <tt>$basecompiledir</tt> must be writable by webserver."; killme();
 		}
-         $a->config['system']['smarty3_folder'] = $basecompiledir;
+         App::$config['system']['smarty3_folder'] = $basecompiledir;
 	}
 	
 	// ITemplateEngine interface
@@ -94,8 +94,8 @@ class FriendicaSmartyEngine implements ITemplateEngine {
 	public function get_intltext_template($file, $root='') {
 		$a = get_app();
     
-		if(file_exists("view/{$a->language}/$file"))
-        	$template_file = "view/{$a->language}/$file";
+		if(file_exists("view/{App::$language}/$file"))
+        	$template_file = "view/{App::$language}/$file";
 	    elseif(file_exists("view/en/$file"))
         	$template_file = "view/en/$file";
     	else

include/socgraph.php

@@ -409,7 +409,7 @@ function poco($a,$extended = false) {
 		http_status_exit(401);
 	}
 
-	$observer = $a->get_observer();
+	$observer = App::get_observer();
 
 	if(argc() > 1) {
 		$user = notags(trim(argv(1)));

include/taxonomy.php

@@ -299,7 +299,7 @@ function dir_tagblock($link,$r) {
 
 
 	if(! $r)
-		$r = get_app()->data['directory_keywords'];
+		$r = App::$data['directory_keywords'];
 
 	if($r) {
 		$o = '<div class="dirtagblock widget"><h3>' . t('Keywords') . '</h3><div class="tags" align="center">';

include/text.php

@@ -27,7 +27,7 @@ function replace_macros($s, $r) {
 	$arr = array('template' => $s, 'params' => $r);
 	call_hooks('replace_macros', $arr);
 
-	$t = $a->template_engine();
+	$t = App::template_engine();
 	$output = $t->replace_macros($arr['template'],$arr['params']);
 
 	return $output;
@@ -99,7 +99,7 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
 		return escape_tags($s);
 
 	$a = get_app();
-	if($a->is_sys) {
+	if(App::$is_sys) {
 		return $s;
 	}
 
@@ -368,34 +368,34 @@ function hex2bin($s) {
 
 // Automatic pagination.
 // To use, get the count of total items.
-// Then call $a->set_pager_total($number_items);
-// Optionally call $a->set_pager_itemspage($n) to the number of items to display on each page
+// Then call App::set_pager_total($number_items);
+// Optionally call App::set_pager_itemspage($n) to the number of items to display on each page
 // Then call paginate($a) after the end of the display loop to insert the pager block on the page
 // (assuming there are enough items to paginate).
-// When using with SQL, the setting LIMIT %d, %d => $a->pager['start'],$a->pager['itemspage']
+// When using with SQL, the setting LIMIT %d, %d => App::$pager['start'],App::$pager['itemspage']
 // will limit the results to the correct items for the current page. 
 // The actual page handling is then accomplished at the application layer. 
 
 
 function paginate(&$a) {
 	$o = '';
-	$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
+	$stripped = preg_replace('/(&page=[0-9]*)/','',App::$query_string);
 
 //	$stripped = preg_replace('/&zid=(.*?)([\?&]|$)/ism','',$stripped);
 
 	$stripped = str_replace('q=','',$stripped);
 	$stripped = trim($stripped,'/');
-	$pagenum = $a->pager['page'];
-	$url = $a->get_baseurl() . '/' . $stripped;
+	$pagenum = App::$pager['page'];
+	$url = z_root() . '/' . $stripped;
 
-	if($a->pager['total'] > $a->pager['itemspage']) {
+	if(App::$pager['total'] > App::$pager['itemspage']) {
 		$o .= '<div class="pager">';
-		if($a->pager['page'] != 1)
-			$o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.($a->pager['page'] - 1).'">' . t('prev') . '</a></span> ';
+		if(App::$pager['page'] != 1)
+			$o .= '<span class="pager_prev">'."<a href=\"$url".'&page='.(App::$pager['page'] - 1).'">' . t('prev') . '</a></span> ';
 
 		$o .=  "<span class=\"pager_first\"><a href=\"$url"."&page=1\">" . t('first') . "</a></span> ";
 
-			$numpages = $a->pager['total'] / $a->pager['itemspage'];
+			$numpages = App::$pager['total'] / App::$pager['itemspage'];
 
 			$numstart = 1;
 			$numstop = $numpages;
@@ -406,15 +406,15 @@ function paginate(&$a) {
 			}
 
 		for($i = $numstart; $i <= $numstop; $i++){
-			if($i == $a->pager['page'])
+			if($i == App::$pager['page'])
 				$o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
 			else
 				$o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
 			$o .= '</span> ';
 		}
 
-		if(($a->pager['total'] % $a->pager['itemspage']) != 0) {
-			if($i == $a->pager['page'])
+		if((App::$pager['total'] % App::$pager['itemspage']) != 0) {
+			if($i == App::$pager['page'])
 				$o .= '<span class="pager_current">'.(($i < 10) ? '&nbsp;'.$i : $i);
 			else
 				$o .= "<span class=\"pager_n\"><a href=\"$url"."&page=$i\">".(($i < 10) ? '&nbsp;'.$i : $i)."</a>";
@@ -424,8 +424,8 @@ function paginate(&$a) {
 		$lastpage = (($numpages > intval($numpages)) ? intval($numpages)+1 : $numpages);
 		$o .= "<span class=\"pager_last\"><a href=\"$url"."&page=$lastpage\">" . t('last') . "</a></span> ";
 
-		if(($a->pager['total'] - ($a->pager['itemspage'] * $a->pager['page'])) > 0)
-			$o .= '<span class="pager_next">'."<a href=\"$url"."&page=".($a->pager['page'] + 1).'">' . t('next') . '</a></span>';
+		if((App::$pager['total'] - (App::$pager['itemspage'] * App::$pager['page'])) > 0)
+			$o .= '<span class="pager_next">'."<a href=\"$url"."&page=".(App::$pager['page'] + 1).'">' . t('next') . '</a></span>';
 		$o .= '</div>'."\r\n";
 	}
 	return $o;
@@ -439,20 +439,20 @@ function alt_pager(&$a, $i, $more = '', $less = '') {
 	if(! $less)
 		$less = t('newer');
 
-	$stripped = preg_replace('/(&page=[0-9]*)/','',$a->query_string);
+	$stripped = preg_replace('/(&page=[0-9]*)/','',App::$query_string);
 	$stripped = str_replace('q=','',$stripped);
 	$stripped = trim($stripped,'/');
-	//$pagenum = $a->pager['page'];
-	$url = $a->get_baseurl() . '/' . $stripped;
+	//$pagenum = App::$pager['page'];
+	$url = z_root() . '/' . $stripped;
 
 	return replace_macros(get_markup_template('alt_pager.tpl'), array(
-		'$has_less' => (($a->pager['page'] > 1) ? true : false),
-		'$has_more' => (($i > 0 && $i >= $a->pager['itemspage']) ? true : false),
+		'$has_less' => ((App::$pager['page'] > 1) ? true : false),
+		'$has_more' => (($i > 0 && $i >= App::$pager['itemspage']) ? true : false),
 		'$less' => $less,
 		'$more' => $more,
 		'$url' => $url,
-		'$prevpage' => $a->pager['page'] - 1,
-		'$nextpage' => $a->pager['page'] + 1,
+		'$prevpage' => App::$pager['page'] - 1,
+		'$nextpage' => App::$pager['page'] + 1,
 	));
 
 }
@@ -470,7 +470,7 @@ function item_message_id() {
 	do {
 		$dups = false;
 		$hash = random_string();
-		$mid = $hash . '@' . get_app()->get_hostname();
+		$mid = $hash . '@' . App::get_hostname();
 
 		$r = q("SELECT id FROM item WHERE mid = '%s' LIMIT 1",
 			dbesc($mid));
@@ -544,7 +544,7 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) {
 	global $a;
 	global $db;
 
-	if(($a->module == 'install') || (! ($db && $db->connected)))
+	if((App::$module == 'install') || (! ($db && $db->connected)))
 		return;
 
 	$debugging = get_config('system', 'debugging');
@@ -569,6 +569,25 @@ function logger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) {
 		@file_put_contents($pluginfo['filename'], $pluginfo['message'], FILE_APPEND);
 }
 
+// like logger() but with a function backtrace to pinpoint certain classes
+// of problems which show up deep in the calling stack
+
+
+function btlogger($msg, $level = LOGGER_NORMAL, $priority = LOG_INFO) {
+
+	logger($msg, $level, $priority);
+	if(version_compare(PHP_VERSION, '5.4.0') >= 0) {
+       	$stack = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS);
+		if($stack) {
+			for($x = 1; $x < count($stack); $x ++) {
+				logger('stack: ' . basename($stack[$x]['file']) . ':' . $stack[$x]['line'] . ':' . $stack[$x]['function'] . '()',$level, $priority);
+		    }
+		}
+	}
+}
+
+
+
 function log_priority_str($priority) {
 	$parr = array(
 		LOG_EMERG   => 'LOG_EMERG',
@@ -606,7 +625,7 @@ function dlogger($msg, $level = 0) {
 	global $a;
 	global $db;
 
-	if(($a->module == 'install') || (! ($db && $db->connected)))
+	if((App::$module == 'install') || (! ($db && $db->connected)))
 		return;
 
 	$debugging = get_config('system','debugging');
@@ -766,20 +785,20 @@ function contact_block() {
 	$o = '';
 	$a = get_app();
 
-	if(! $a->profile['uid'])
+	if(! App::$profile['uid'])
 		return;
 
-	if(! perm_is_allowed($a->profile['uid'],get_observer_hash(),'view_contacts'))
+	if(! perm_is_allowed(App::$profile['uid'],get_observer_hash(),'view_contacts'))
 		return;
 
-	$shown = get_pconfig($a->profile['uid'],'system','display_friend_count');
+	$shown = get_pconfig(App::$profile['uid'],'system','display_friend_count');
 
 	if($shown === false)
 		$shown = 25;
 	if($shown == 0)
 		return;
 
-	$is_owner = ((local_channel() && local_channel() == $a->profile['uid']) ? true : false);
+	$is_owner = ((local_channel() && local_channel() == App::$profile['uid']) ? true : false);
 	$sql_extra = '';
 
 	$abook_flags = " and abook_pending = 0 and abook_self = 0 ";
@@ -789,12 +808,12 @@ function contact_block() {
 		$sql_extra = " and xchan_hidden = 0 ";
 	}
 
-	if((! is_array($a->profile)) || ($a->profile['hide_friends']))
+	if((! is_array(App::$profile)) || (App::$profile['hide_friends']))
 		return $o;
 
 	$r = q("SELECT COUNT(abook_id) AS total FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d
 		$abook_flags and xchan_orphan = 0 and xchan_deleted = 0 $sql_extra",
-		intval($a->profile['uid'])
+		intval(App::$profile['uid'])
 	);
 	if(count($r)) {
 		$total = intval($r[0]['total']);
@@ -807,7 +826,7 @@ function contact_block() {
 		$randfunc = db_getfunc('RAND');
 	
 		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash WHERE abook_channel = %d $abook_flags and abook_archived = 0 and xchan_orphan = 0 and xchan_deleted = 0 $sql_extra ORDER BY $randfunc LIMIT %d",
-			intval($a->profile['uid']),
+			intval(App::$profile['uid']),
 			intval($shown)
 		);
 
@@ -824,7 +843,7 @@ function contact_block() {
 	$tpl = get_markup_template('contact_block.tpl');
 	$o = replace_macros($tpl, array(
 		'$contacts' => $contacts,
-		'$nickname' => $a->profile['channel_address'],
+		'$nickname' => App::$profile['channel_address'],
 		'$viewconnections' => (($total > $shown) ? sprintf(t('View all %s connections'),$total) : ''),
 		'$micropro' => $micropro,
 	));
@@ -881,7 +900,7 @@ function search($s,$id='search-box',$url='/search',$save = false) {
 	return replace_macros(get_markup_template('searchbox.tpl'),array(
 		'$s' => $s,
 		'$id' => $id,
-		'$action_url' => $a->get_baseurl((stristr($url,'network')) ? true : false) . $url,
+		'$action_url' => z_root() . $url,
 		'$search_label' => t('Search'),
 		'$save_label' => t('Save'),
 		'$savedsearch' => feature_enabled(local_channel(),'savedsearch')
@@ -1062,41 +1081,41 @@ function list_smilies() {
 	);
 
 	$icons = array(
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="&lt;3" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="&lt;/3" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-brokenheart.gif" alt="&lt;\\3" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-smile.gif" alt=":-)" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-wink.gif" alt=";-)" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-frown.gif" alt=":-(" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-P" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-tongue-out.gif" alt=":-p" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-\"" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-x" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-kiss.gif" alt=":-X" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-laughing.gif" alt=":-D" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-|" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt="8-O" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-surprised.gif" alt=":-O" />',                
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-thumbsup.gif" alt="\\o/" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="o.O" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="O.o" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="o_O" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-Oo.gif" alt="O_o" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-cry.gif" alt=":\'(" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-foot-in-mouth.gif" alt=":-!" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-undecided.gif" alt=":-/" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-embarassed.gif" alt=":-[" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-cool.gif" alt="8-)" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":beer" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/beer_mug.gif" alt=":homebrew" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/coffee.gif" alt=":coffee" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-facepalm.gif" alt=":facepalm" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/like.gif" alt=":like" />',
-		'<img class="smiley" src="' . $a->get_baseurl() . '/images/dislike.gif" alt=":dislike" />',
-		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . $a->get_baseurl() . '/images/rm-32.png" alt="' . urlencode('red#matrix') . '" />matrix</strong></a>',
-		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . $a->get_baseurl() . '/images/rm-32.png" alt="' . urlencode('red#') . '" />matrix</strong></a>',
-		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . $a->get_baseurl() . '/images/rm-32.png" alt="r#" />matrix</strong></a>'
+		'<img class="smiley" src="' . z_root() . '/images/smiley-heart.gif" alt="&lt;3" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-brokenheart.gif" alt="&lt;/3" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-brokenheart.gif" alt="&lt;\\3" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-smile.gif" alt=":-)" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-wink.gif" alt=";-)" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-frown.gif" alt=":-(" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-tongue-out.gif" alt=":-P" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-tongue-out.gif" alt=":-p" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-kiss.gif" alt=":-\"" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-kiss.gif" alt=":-\"" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-kiss.gif" alt=":-x" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-kiss.gif" alt=":-X" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-laughing.gif" alt=":-D" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-surprised.gif" alt="8-|" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-surprised.gif" alt="8-O" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-surprised.gif" alt=":-O" />',                
+		'<img class="smiley" src="' . z_root() . '/images/smiley-thumbsup.gif" alt="\\o/" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-Oo.gif" alt="o.O" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-Oo.gif" alt="O.o" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-Oo.gif" alt="o_O" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-Oo.gif" alt="O_o" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-cry.gif" alt=":\'(" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-foot-in-mouth.gif" alt=":-!" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-undecided.gif" alt=":-/" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-embarassed.gif" alt=":-[" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-cool.gif" alt="8-)" />',
+		'<img class="smiley" src="' . z_root() . '/images/beer_mug.gif" alt=":beer" />',
+		'<img class="smiley" src="' . z_root() . '/images/beer_mug.gif" alt=":homebrew" />',
+		'<img class="smiley" src="' . z_root() . '/images/coffee.gif" alt=":coffee" />',
+		'<img class="smiley" src="' . z_root() . '/images/smiley-facepalm.gif" alt=":facepalm" />',
+		'<img class="smiley" src="' . z_root() . '/images/like.gif" alt=":like" />',
+		'<img class="smiley" src="' . z_root() . '/images/dislike.gif" alt=":dislike" />',
+		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . z_root() . '/images/rm-32.png" alt="' . urlencode('red#matrix') . '" />matrix</strong></a>',
+		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . z_root() . '/images/rm-32.png" alt="' . urlencode('red#') . '" />matrix</strong></a>',
+		'<a href="http://getzot.com"><strong>red<img class="smiley bb_rm-logo" src="' . z_root() . '/images/rm-32.png" alt="r#" />matrix</strong></a>'
 
 	);
 
@@ -1173,7 +1192,7 @@ function preg_heart($x) {
 
 	$t = '';
 	for($cnt = 0; $cnt < strlen($x[1]); $cnt ++)
-		$t .= '<img class="smiley" src="' . $a->get_baseurl() . '/images/smiley-heart.gif" alt="&lt;3" />';
+		$t .= '<img class="smiley" src="' . z_root() . '/images/smiley-heart.gif" alt="&lt;3" />';
 
 	$r =  str_replace($x[0],$t,$x[0]);
 
@@ -1701,12 +1720,12 @@ function feed_hublinks() {
 function feed_salmonlinks($nick) {
 	$a = get_app();
 
-	$salmon  = '<link rel="salmon" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ;
+	$salmon  = '<link rel="salmon" href="' . xmlify(z_root() . '/salmon/' . $nick) . '" />' . "\n" ;
 
 	// old style links that status.net still needed as of 12/2010 
 
-	$salmon .= '  <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; 
-	$salmon .= '  <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify($a->get_baseurl() . '/salmon/' . $nick) . '" />' . "\n" ; 
+	$salmon .= '  <link rel="http://salmon-protocol.org/ns/salmon-replies" href="' . xmlify(z_root() . '/salmon/' . $nick) . '" />' . "\n" ; 
+	$salmon .= '  <link rel="http://salmon-protocol.org/ns/salmon-mention" href="' . xmlify(z_root() . '/salmon/' . $nick) . '" />' . "\n" ; 
 
 	return $salmon;
 }
@@ -1768,7 +1787,7 @@ function mimetype_select($channel_id, $current = 'text/bbcode') {
 	);
 
 	$a = get_app();
-	if($a->is_sys) {
+	if(App::$is_sys) {
 		$x[] = 'application/x-php';
 	}
 	else {
@@ -1819,7 +1838,7 @@ function lang_selector() {
 			}
 			$ll = substr($l,5);
 			$ll = substr($ll,0,strrpos($ll,'/'));
-			$selected = (($ll === $a->language && (x($_SESSION, 'language'))) ? $ll : $selected);
+			$selected = (($ll === App::$language && (x($_SESSION, 'language'))) ? $ll : $selected);
 			$lang_options[$ll] = get_language_name($ll, $ll) . " ($ll)";
 		}
 	}
@@ -2241,10 +2260,10 @@ function json_decode_plus($s) {
  */
 function design_tools() {
 
-	$channel  = get_app()->get_channel();
+	$channel  = App::get_channel();
 	$sys = false;
 
-	if(get_app()->is_sys && is_site_admin()) {
+	if(App::$is_sys && is_site_admin()) {
 		require_once('include/identity.php');
 		$channel = get_sys_channel();
 		$sys = true;
@@ -2354,8 +2373,8 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d
 				$basetag = str_replace('_',' ',substr($tag,1));
 
 			//create text for link
-			$url = $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag);
-			$newtag = '#[zrl=' . $a->get_baseurl() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]';
+			$url = z_root() . '/search?tag=' . rawurlencode($basetag);
+			$newtag = '#[zrl=' . z_root() . '/search?tag=' . rawurlencode($basetag) . ']' . $basetag . '[/zrl]';
 			//replace tag by the link. Make sure to not replace something in the middle of a word
 			// The '=' is needed to not replace color codes if the code is also used as a tag
 			// Much better would be to somehow completely avoiding things in e.g. [color]-tags.
@@ -2501,7 +2520,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d
 
 		// $r is set if we found something
 
-		$channel = get_app()->get_channel();
+		$channel = App::get_channel();
 
 		if($r) {
 			$profile = $r[0]['xchan_url'];
@@ -2531,7 +2550,7 @@ function handle_tag($a, &$body, &$access_tag, &$str_tags, $profile_uid, $tag, $d
 					if($g && $exclusive) {
 						$access_tag .= 'gid:' . $g[0]['hash'];
 					}
-					$channel = get_app()->get_channel();
+					$channel = App::get_channel();
 					if($channel) {
 						$newtag = '@' . (($exclusive) ? '!' : '') . '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $newname . '[/zrl]';
 						$body = str_replace('@' . (($exclusive) ? '!' : '') . $name, $newtag, $body);
@@ -2589,7 +2608,7 @@ function linkify_tags($a, &$body, $uid, $diaspora = false) {
 			if($fullnametagged)
 				continue;
 
-			$success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : $a->profile_uid , $tag, $diaspora); 
+			$success = handle_tag($a, $body, $access_tag, $str_tags, ($uid) ? $uid : App::$profile_uid , $tag, $diaspora); 
 			$results[] = array('success' => $success, 'access_tag' => $access_tag);
 			if($success['replaced']) $tagged[] = $tag;
 		}
@@ -2711,22 +2730,37 @@ function json_url_replace($old,$new,&$s) {
 }
 		
 
-function item_url_replace($channel,&$item,$old,$new) {
+function item_url_replace($channel,&$item,$old,$new,$oldnick = '') {
 	
-	if($item['attach'])
+	if($item['attach']) {
 		json_url_replace($old,$new,$item['attach']);
-	if($item['object'])
+		if($oldnick)
+			json_url_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['attach']);
+	}
+	if($item['object']) {
 		json_url_replace($old,$new,$item['object']);
-	if($item['target'])
+		if($oldnick)
+			json_url_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['object']);
+	}
+	if($item['target']) {
 		json_url_replace($old,$new,$item['target']);
+		if($oldnick)
+			json_url_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['target']);
+	}
 
 	if(string_replace($old,$new,$item['body'])) {
 		$item['sig'] = base64url_encode(rsa_sign($item['body'],$channel['channel_prvkey']));
 		$item['item_verified']  = 1;
 	}
 	
-	// @fixme item['plink'] and item['llink']
+	$item['plink'] = str_replace($old,$new,$item['plink']);
+	if($oldnick)
+		$item['plink'] = str_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['plink']);
 
+	$item['llink'] = str_replace($old,$new,$item['llink']);
+	if($oldnick)
+		$item['llink'] = str_replace('/' . $oldnick . '/' ,'/' . $channel['channel_address'] . '/' ,$item['llink']);
+	
 }
 
 

include/widgets.php

@@ -11,15 +11,15 @@ require_once('include/attach.php');
 require_once('include/Contact.php');
 
 function widget_profile($args) {
-	$a = get_app();
+
 	$block = (((get_config('system', 'block_public')) && (! local_channel()) && (! remote_channel())) ? true : false);
-	return profile_sidebar($a->profile, $block, true);
+	return profile_sidebar(App::$profile, $block, true);
 }
 
 function widget_zcard($args) {
-	$a = get_app();
+
 	$block = (((get_config('system', 'block_public')) && (! local_channel()) && (! remote_channel())) ? true : false);
-	$channel = channelx_by_n($a->profile_uid);
+	$channel = channelx_by_n(App::$profile_uid);
 	return get_zcard($channel,get_observer_hash(),array('width' => 875));
 }
 
@@ -33,8 +33,8 @@ function widget_tagcloud($args) {
 
 	$o = '';
 	//$tab = 0;
-	$a = get_app();
-	$uid = $a->profile_uid;
+
+	$uid = App::$profile_uid;
 	$count = ((x($args,'count')) ? intval($args['count']) : 24);
 	$flags = 0;
 	$type = TERM_CATEGORY;
@@ -85,7 +85,7 @@ function widget_collections($args) {
 				$each = 'group';
 				$edit = false;
 				$current = 0;
-				$abook_id = get_app()->poi['abook_xchan'];
+				$abook_id = App::$poi['abook_xchan'];
 				$wmode = 1;
 				break;
 		default:
@@ -164,8 +164,7 @@ function widget_follow($args) {
 	if(! local_channel())
 		return '';
 
-	$a = get_app();
-	$uid =$a->channel['channel_id'];
+	$uid = App::$channel['channel_id'];
 	$r = q("select count(*) as total from abook where abook_channel = %d and abook_self = 0 ",
 		intval($uid)
 	);
@@ -210,8 +209,6 @@ function widget_savedsearch($arr) {
 	if((! local_channel()) || (! feature_enabled(local_channel(),'savedsearch')))
 		return '';
 
-	$a = get_app();
-
 	$search = ((x($_GET,'search')) ? $_GET['search'] : '');
 	
 	if(x($_GET,'searchsave') && $search) {
@@ -238,7 +235,7 @@ function widget_savedsearch($arr) {
 		$search = '';
 	}
 
-	$srchurl = $a->query_string;
+	$srchurl = App::$query_string;
 
 	$srchurl =  rtrim(preg_replace('/searchsave\=[^\&].*?(\&|$)/is','',$srchurl),'&');
 	$hasq = ((strpos($srchurl,'?') !== false) ? true : false);
@@ -295,7 +292,6 @@ function widget_filer($arr) {
 	if(! local_channel())
 		return '';
 
-	$a = get_app();
 
 	$selected = ((x($_REQUEST,'file')) ? $_REQUEST['file'] : '');
 
@@ -316,20 +312,19 @@ function widget_filer($arr) {
 		'$sel_all' => (($selected == '') ? 'selected' : ''),
 		'$all' => t('Everything'),
 		'$terms' => $terms,
-		'$base' => z_root() . '/' . $a->cmd
+		'$base' => z_root() . '/' . App::$cmd
 	));
 }
 
 function widget_archive($arr) {
 
 	$o = '';
-	$a = get_app();
 
-	if(! $a->profile_uid) {
+	if(! App::$profile_uid) {
 		return '';
 	}
 
-	$uid = $a->profile_uid;
+	$uid = App::$profile_uid;
 
 	if(! feature_enabled($uid,'archives'))
 		return '';
@@ -345,7 +340,7 @@ function widget_archive($arr) {
 	if(! $visible_years)
 		$visible_years = 5;
 
-	$url = z_root() . '/' . $a->cmd;
+	$url = z_root() . '/' . App::$cmd;
 
 	$ret = list_post_dates($uid,$wall,$mindate);
 
@@ -370,34 +365,34 @@ function widget_archive($arr) {
 
 
 function widget_fullprofile($arr) {
-	$a = get_app();
-	if(! $a->profile['profile_uid'])
+
+	if(! App::$profile['profile_uid'])
 		return;
 
 	$block = (((get_config('system', 'block_public')) && (! local_channel()) && (! remote_channel())) ? true : false);
 
-	return profile_sidebar($a->profile, $block);
+	return profile_sidebar(App::$profile, $block);
 }
 
 function widget_shortprofile($arr) {
-	$a = get_app();
-	if(! $a->profile['profile_uid'])
+
+	if(! App::$profile['profile_uid'])
 		return;
 
 	$block = (((get_config('system', 'block_public')) && (! local_channel()) && (! remote_channel())) ? true : false);
 
-	return profile_sidebar($a->profile, $block, true, true);
+	return profile_sidebar(App::$profile, $block, true, true);
 }
 
 
 function widget_categories($arr) {
-	$a = get_app();
 
-	if($a->profile['profile_uid'] && (! perm_is_allowed($a->profile['profile_uid'],get_observer_hash(),'view_stream')))
+
+	if(App::$profile['profile_uid'] && (! perm_is_allowed(App::$profile['profile_uid'],get_observer_hash(),'view_stream')))
 		return '';
 
 	$cat = ((x($_REQUEST,'cat')) ? htmlspecialchars($_REQUEST['cat'],ENT_COMPAT,'UTF-8') : '');
-	$srchurl = $a->query_string;
+	$srchurl = App::$query_string;
 	$srchurl =  rtrim(preg_replace('/cat\=[^\&].*?(\&|$)/is','',$srchurl),'&');
 	$srchurl = str_replace(array('?f=','&f='),array('',''),$srchurl);
 
@@ -406,31 +401,31 @@ function widget_categories($arr) {
 }
 
 function widget_tagcloud_wall($arr) {
-	$a = get_app();
 
-	if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
+
+	if((! App::$profile['profile_uid']) || (! App::$profile['channel_hash']))
 		return '';
-	if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream'))
+	if(! perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_stream'))
 		return '';
 
 	$limit = ((array_key_exists('limit', $arr)) ? intval($arr['limit']) : 50);
-	if(feature_enabled($a->profile['profile_uid'], 'tagadelic'))
-		return wtagblock($a->profile['profile_uid'], $limit, '', $a->profile['channel_hash'], 'wall');
+	if(feature_enabled(App::$profile['profile_uid'], 'tagadelic'))
+		return wtagblock(App::$profile['profile_uid'], $limit, '', App::$profile['channel_hash'], 'wall');
 
 	return '';
 }
 
 function widget_catcloud_wall($arr) {
-	$a = get_app();
 
-	if((! $a->profile['profile_uid']) || (! $a->profile['channel_hash']))
+
+	if((! App::$profile['profile_uid']) || (! App::$profile['channel_hash']))
 		return '';
-	if(! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_stream'))
+	if(! perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_stream'))
 		return '';
 
 	$limit = ((array_key_exists('limit',$arr)) ? intval($arr['limit']) : 50);
 
-	return catblock($a->profile['profile_uid'], $limit, '', $a->profile['channel_hash'], 'wall');
+	return catblock(App::$profile['profile_uid'], $limit, '', App::$profile['channel_hash'], 'wall');
 }
 
 
@@ -486,8 +481,8 @@ function widget_settings_menu($arr) {
 	if(! local_channel())
 		return;
 
-	$a = get_app();
-	$channel = $a->get_channel();
+
+	$channel = App::get_channel();
 
 	$abook_self_id = 0;
 
@@ -501,16 +496,22 @@ function widget_settings_menu($arr) {
 	if($abk)
 		$abook_self_id = $abk[0]['abook_id'];
 
+	$hublocs = q("select count(*) as total from hubloc where hubloc_hash = '%s'",
+		dbesc($channel['channel_hash'])
+	);
+
+	$hublocs = (($hublocs[0]['total'] > 1) ? true : false);
+
 	$tabs = array(
 		array(
 			'label'	=> t('Account settings'),
-			'url' 	=> $a->get_baseurl(true).'/settings/account',
+			'url' 	=> z_root().'/settings/account',
 			'selected'	=> ((argv(1) === 'account') ? 'active' : ''),
 		),
 
 		array(
 			'label'	=> t('Channel settings'),
-			'url' 	=> $a->get_baseurl(true).'/settings/channel',
+			'url' 	=> z_root().'/settings/channel',
 			'selected'	=> ((argv(1) === 'channel') ? 'active' : ''),
 		),
 
@@ -519,42 +520,50 @@ function widget_settings_menu($arr) {
 	if(get_features()) {
 		$tabs[] = 	array(
 				'label'	=> t('Additional features'),
-				'url' 	=> $a->get_baseurl(true).'/settings/features',
+				'url' 	=> z_root().'/settings/features',
 				'selected'	=> ((argv(1) === 'features') ? 'active' : ''),
 		);
 	}
 
 	$tabs[] =	array(
 		'label'	=> t('Feature/Addon settings'),
-		'url' 	=> $a->get_baseurl(true).'/settings/featured',
+		'url' 	=> z_root().'/settings/featured',
 		'selected'	=> ((argv(1) === 'featured') ? 'active' : ''),
 	);
 
 	$tabs[] =	array(
 		'label'	=> t('Display settings'),
-		'url' 	=> $a->get_baseurl(true).'/settings/display',
+		'url' 	=> z_root().'/settings/display',
 		'selected'	=> ((argv(1) === 'display') ? 'active' : ''),
-	);	
-
-	$tabs[] =	array(
-		'label' => t('Connected apps'),
-		'url' => $a->get_baseurl(true) . '/settings/oauth',
-		'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
 	);
 
+	if($hublocs) {
+		$tabs[] = array(
+			'label' => t('Manage locations'),
+			'url' => z_root() . '/locs',
+			'selected' => ((argv(1) === 'locs') ? 'active' : ''),
+		);
+	}
+
 	// IF can go away when UNO export and import is fully functional
 	if(! UNO) {
 		$tabs[] =	array(
 			'label' => t('Export channel'),
-			'url' => $a->get_baseurl(true) . '/uexport',
+			'url' => z_root() . '/uexport',
 			'selected' => ''
 		);
 	}
 
+	$tabs[] =	array(
+		'label' => t('Connected apps'),
+		'url' => z_root() . '/settings/oauth',
+		'selected' => ((argv(1) === 'oauth') ? 'active' : ''),
+	);
+
 	if($role === false || $role === 'custom') {
 		$tabs[] = array(
 			'label' => t('Connection Default Permissions'),
-			'url' => $a->get_baseurl(true) . '/connedit/' . $abook_self_id,
+			'url' => z_root() . '/connedit/' . $abook_self_id,
 			'selected' => ''
 		);
 	}
@@ -562,7 +571,7 @@ function widget_settings_menu($arr) {
 	if(feature_enabled(local_channel(),'premium_channel')) {
 		$tabs[] = array(
 			'label' => t('Premium Channel Settings'),
-			'url' => $a->get_baseurl(true) . '/connect/' . $channel['channel_address'],
+			'url' => z_root() . '/connect/' . $channel['channel_address'],
 			'selected' => ''
 		);
 	}
@@ -570,7 +579,7 @@ function widget_settings_menu($arr) {
 	if(feature_enabled(local_channel(),'channel_sources')) {
 		$tabs[] = array(
 			'label' => t('Channel Sources'),
-			'url' => $a->get_baseurl(true) . '/sources',
+			'url' => z_root() . '/sources',
 			'selected' => ''
 		);
 	}
@@ -588,28 +597,27 @@ function widget_mailmenu($arr) {
 	if (! local_channel())
 		return;
 
-	$a = get_app();
 
 	return replace_macros(get_markup_template('message_side.tpl'), array(
 		'$title' => t('Private Mail Menu'),
 		'$combined'=>array(
 			'label' => t('Combined View'),
-			'url' => $a->get_baseurl(true) . '/mail/combined',
+			'url' => z_root() . '/mail/combined',
 			'sel' => (argv(1) == 'combined'),
 		),
 		'$inbox'=>array(
 			'label' => t('Inbox'),
-			'url' => $a->get_baseurl(true) . '/mail/inbox',
+			'url' => z_root() . '/mail/inbox',
 			'sel' => (argv(1) == 'inbox'),
 		),
 		'$outbox'=>array(
 			'label' => t('Outbox'),
-			'url' => $a->get_baseurl(true) . '/mail/outbox',
+			'url' => z_root() . '/mail/outbox',
 			'sel' => (argv(1) == 'outbox'),
 		),
 		'$new'=>array(
 			'label' => t('New Message'),
-			'url' => $a->get_baseurl(true) . '/mail/new',
+			'url' => z_root() . '/mail/new',
 			'sel'=> (argv(1) == 'new'),
 		)
 	));
@@ -620,8 +628,6 @@ function widget_conversations($arr) {
 	if (! local_channel())
 		return;
 
-	$a = get_app();
-
 	if(argc() > 1) {
 
 		switch(argv(1)) {
@@ -646,7 +652,7 @@ function widget_conversations($arr) {
 		require_once('include/message.php');
 
 		// private_messages_list() can do other more complicated stuff, for now keep it simple
-		$r = private_messages_list(local_channel(), $mailbox, $a->pager['start'], $a->pager['itemspage']);
+		$r = private_messages_list(local_channel(), $mailbox, App::$pager['start'], App::$pager['itemspage']);
 
 		if(! $r) {
 			info( t('No messages.') . EOL);
@@ -721,8 +727,8 @@ function widget_design_tools($arr) {
 	// mod menu doesn't load a profile. For any modules which load a profile, check it.
 	// otherwise local_channel() is sufficient for permissions.
 
-	if($a->profile['profile_uid']) 
-		if(($a->profile['profile_uid'] != local_channel()) && (! $a->is_sys))
+	if(App::$profile['profile_uid']) 
+		if((App::$profile['profile_uid'] != local_channel()) && (! App::$is_sys))
 			return '';
  
 	if(! local_channel())
@@ -738,22 +744,21 @@ function widget_findpeople($arr) {
 
 
 function widget_photo_albums($arr) {
-	$a = get_app();
 
-	if(! $a->profile['profile_uid'])
+	if(! App::$profile['profile_uid'])
 		return '';
-	$channelx = channelx_by_n($a->profile['profile_uid']);
-	if((! $channelx) || (! perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'view_storage')))
+	$channelx = channelx_by_n(App::$profile['profile_uid']);
+	if((! $channelx) || (! perm_is_allowed(App::$profile['profile_uid'], get_observer_hash(), 'view_storage')))
 		return '';
 	require_once('include/photos.php');
 
-	return photos_album_widget($channelx, $a->get_observer());
+	return photos_album_widget($channelx, App::get_observer());
 }
 
 
 function widget_vcard($arr) {
 	require_once ('include/Contact.php');
-	return vcard_from_xchan('', get_app()->get_observer());
+	return vcard_from_xchan('', App::get_observer());
 }
 
 
@@ -771,27 +776,43 @@ function widget_dirtags($arr) {
 }
 
 function widget_menu_preview($arr) {
-	if(! get_app()->data['menu_item'])
+	if(! App::$data['menu_item'])
 		return;
 	require_once('include/menu.php');
 
-	return menu_render(get_app()->data['menu_item']);
+	return menu_render(App::$data['menu_item']);
 }
 
 function widget_chatroom_list($arr) {
-	$a = get_app();
+
 
 	require_once("include/chat.php");
-	$r = chatroom_list($a->profile['profile_uid']);
-	return replace_macros(get_markup_template('chatroomlist.tpl'), array(
-		'$header' => t('Chat Rooms'),
-		'$baseurl' => z_root(),
-		'$nickname' => $a->profile['channel_address'],
-		'$items' => $r,
+	$r = chatroom_list(App::$profile['profile_uid']);
+
+	if($r) {
+		return replace_macros(get_markup_template('chatroomlist.tpl'), array(
+			'$header' => t('Chatrooms'),
+			'$baseurl' => z_root(),
+			'$nickname' => App::$profile['channel_address'],
+			'$items' => $r,
+			'$overview' => t('Overview')
+		));
+	}
+}
+
+function widget_chatroom_members() {
+	$o = replace_macros(get_markup_template('chatroom_members.tpl'), array(
+		'$header' => t('Chat Members')
 	));
+
+	return $o;
 }
 
 function widget_bookmarkedchats($arr) {
+
+	if(! feature_enabled(App::$profile['profile_uid'],'ajaxchat'))
+		return '';
+
 	$h = get_observer_hash();
 	if(! $h)
 		return;
@@ -811,6 +832,9 @@ function widget_bookmarkedchats($arr) {
 
 function widget_suggestedchats($arr) {
 
+	if(! feature_enabled(App::$profile['profile_uid'],'ajaxchat'))
+		return '';
+
 	// probably should restrict this to your friends, but then the widget will only work
 	// if you are logged in locally.
 
@@ -835,7 +859,7 @@ function widget_item($arr) {
 	if(array_key_exists('channel_id',$arr) && intval($arr['channel_id']))
 		$channel_id = intval($arr['channel_id']);
 	if(! $channel_id)
-		$channel_id = get_app()->profile_uid;
+		$channel_id = App::$profile_uid;
 	if(! $channel_id)
 		return '';
 
@@ -981,14 +1005,15 @@ function widget_cover_photo($arr) {
 
 	require_once('include/identity.php');
 	$o = '';
-
-	$a = get_app();
+	
+	if(App::$module == 'channel' && $_REQUEST['mid'])
+		return '';
 
 	$channel_id = 0;
 	if(array_key_exists('channel_id', $arr) && intval($arr['channel_id']))
 		$channel_id = intval($arr['channel_id']);
 	if(! $channel_id)
-		$channel_id = $a->profile_uid;
+		$channel_id = App::$profile_uid;
 	if(! $channel_id)
 		return '';
 
@@ -1023,6 +1048,7 @@ function widget_cover_photo($arr) {
 			'$photo_html'	=> $photo_html,
 			'$title'	=> $title,
 			'$subtitle'	=> $subtitle,
+			'$hovertitle' => t('Click to show more'),
 		));
 	}
 	return $o;
@@ -1043,13 +1069,13 @@ function widget_photo_rand($arr) {
 	if(array_key_exists('channel_id', $arr) && intval($arr['channel_id']))
 		$channel_id = intval($arr['channel_id']);
 	if(! $channel_id)
-		$channel_id = get_app()->profile_uid;
+		$channel_id = App::$profile_uid;
 	if(! $channel_id)
 		return '';
 
 	$scale = ((array_key_exists('scale',$arr)) ? intval($arr['scale']) : 0);
 
-	$ret = photos_list_photos(array('channel_id' => $channel_id),get_app()->get_observer(),$album);
+	$ret = photos_list_photos(array('channel_id' => $channel_id),App::get_observer(),$album);
 
 	$filtered = array();
 	if($ret['success'] && $ret['photos'])
@@ -1093,7 +1119,7 @@ function widget_random_block($arr) {
 	if(array_key_exists('channel_id',$arr) && intval($arr['channel_id']))
 		$channel_id = intval($arr['channel_id']);
 	if(! $channel_id)
-		$channel_id = get_app()->profile_uid;
+		$channel_id = App::$profile_uid;
 	if(! $channel_id)
 		return '';
 
@@ -1129,7 +1155,7 @@ function widget_random_block($arr) {
 
 
 function widget_rating($arr) {
-	$a = get_app();
+
 
 	$poco_rating = get_config('system','poco_rating_enable');
 	if((! $poco_rating) && ($poco_rating !== false)) {
@@ -1139,7 +1165,7 @@ function widget_rating($arr) {
 	if($arr['target'])
 		$hash = $arr['target'];
 	else
-		$hash = $a->poi['xchan_hash'];
+		$hash = App::$poi['xchan_hash'];
 
 	if(! $hash)
 		return;
@@ -1148,7 +1174,7 @@ function widget_rating($arr) {
 	$remote = false;
 
 	if(remote_channel() && ! local_channel()) {
-		$ob = $a->get_observer();
+		$ob = App::get_observer();
 		if($ob && $ob['xchan_url']) {
 			$p = parse_url($ob['xchan_url']);
 			if($p) {
@@ -1162,7 +1188,7 @@ function widget_rating($arr) {
 	$self = false;
 
 	if(local_channel()) {
-		$channel = $a->get_channel();
+		$channel = App::get_channel();
 
 		if($hash == $channel['channel_hash'])
 			$self = true;
@@ -1191,7 +1217,7 @@ function widget_rating($arr) {
 
 // used by site ratings pages to provide a return link
 function widget_pubsites($arr) {
-	if(get_app()->poi)
+	if(App::$poi)
 		return;
 	return '<div class="widget"><ul class="nav nav-pills"><li><a href="pubsites">' . t('Public Hubs') . '</a></li></ul></div>';
 }
@@ -1199,8 +1225,6 @@ function widget_pubsites($arr) {
 
 function widget_forums($arr) {
 
-	$a = get_app();
-
 	if(! local_channel())
 		return '';
 
@@ -1302,15 +1326,13 @@ function widget_admin($arr) {
 		return login(false);
 	}
 
-
-	$a = get_app();
 	$o = '';
 
 	// array( url, name, extra css classes )
 
 	$aside = array(
 		'site'      => array(z_root() . '/admin/site/',     t('Site'),           'site'),
-		'users'     => array(z_root() . '/admin/users/',    t('Accounts'),       'users'),
+		'users'     => array(z_root() . '/admin/users/',    t('Accounts'),       'users', 'pending-update', t('Member registrations waiting for confirmation')),
 		'channels'  => array(z_root() . '/admin/channels/', t('Channels'),       'channels'),
 		'security'  => array(z_root() . '/admin/security/', t('Security'),       'security'),
 		'features'  => array(z_root() . '/admin/features/', t('Features'),       'features'),
@@ -1326,24 +1348,29 @@ function widget_admin($arr) {
 
 	$r = q("SELECT * FROM addon WHERE plugin_admin = 1");
 
-	$aside['plugins_admin'] = array();
+	$plugins = array();
 	if($r) {
 		foreach ($r as $h){
 			$plugin = $h['name'];
-			$aside['plugins_admin'][] = array(z_root() . '/admin/plugins/' . $plugin, $plugin, 'plugin');
+			$plugins[] = array(z_root() . '/admin/plugins/' . $plugin, $plugin, 'plugin');
 			// temp plugins with admin
-			$a->plugins_admin[] = $plugin;
+			App::$plugins_admin[] = $plugin;
 		}
 	}
 
-	$aside['logs'] = array(z_root() . '/admin/logs/', t('Logs'), 'logs');
+	$logs = array(z_root() . '/admin/logs/', t('Logs'), 'logs');
+
+	$arr = array('links' => $aside,'plugins' => $plugins,'logs' => $logs);
+	call_hooks('admin_aside',$arr);
 
 	$o .= replace_macros(get_markup_template('admin_aside.tpl'), array(
 			'$admin' => $aside, 
 			'$admtxt' => t('Admin'),
 			'$plugadmtxt' => t('Plugin Features'),
+			'$plugins' => $plugins,
 			'$logtxt' => t('Logs'),
-			'$h_pending' => t('User registrations waiting for confirmation'),
+			'$logs' => $logs,
+			'$h_pending' => t('Member registrations waiting for confirmation'),
 			'$admurl'=> z_root() . '/admin/'
 	));
 
@@ -1355,7 +1382,7 @@ function widget_admin($arr) {
 
 function widget_album($args) {
 
-	$owner_uid = get_app()->profile_uid;
+	$owner_uid = App::$profile_uid;
 	$sql_extra = permissions_sql($owner_uid);
 
 
@@ -1414,7 +1441,7 @@ function widget_album($args) {
 			$imgalt_e = $rr['filename'];
 			$desc_e = $rr['description'];
 
-			$imagelink = (z_root() . '/photos/' . get_app()->profile['channel_address'] . '/image/' . $rr['resource_id']);
+			$imagelink = (z_root() . '/photos/' . App::$profile['channel_address'] . '/image/' . $rr['resource_id']);
 
 
 			$photos[] = array(
@@ -1440,7 +1467,7 @@ function widget_album($args) {
 		'$album_id' => rand(),
 		'$album_edit' => array(t('Edit Album'), $album_edit),
 		'$can_post' => false,
-		'$upload' => array(t('Upload'), z_root() . '/photos/' . get_app()->profile['channel_address'] . '/upload/' . bin2hex($album)),
+		'$upload' => array(t('Upload'), z_root() . '/photos/' . App::$profile['channel_address'] . '/upload/' . bin2hex($album)),
 		'$order' => false,
 		'$upload_form' => $upload_form,
 		'$usage' => $usage_message

include/zot.php

@@ -181,7 +181,7 @@ function zot_finger($webbie, $channel = null, $autofallback = true) {
 
 	if (strpos($webbie,'@') === false) {
 		$address = $webbie;
-		$host = get_app()->get_hostname();
+		$host = App::get_hostname();
 	} else {
 		$address = substr($webbie,0,strpos($webbie,'@'));
 		$host = substr($webbie,strpos($webbie,'@')+1);
@@ -941,7 +941,7 @@ function import_xchan($arr,$ud_flags = UPDATE_FLAGS_UPDATED, $ud_arr = null) {
 	}
 
 	if(($changed) || ($ud_flags == UPDATE_FLAGS_FORCED)) {
-		$guid = random_string() . '@' . get_app()->get_hostname();
+		$guid = random_string() . '@' . App::get_hostname();
 		update_modtime($xchan_hash,$guid,$address,$ud_flags);
 		logger('import_xchan: changed: ' . $what,LOGGER_DEBUG);
 	}
@@ -1527,7 +1527,7 @@ function allowed_public_recips($msg) {
 		return $recips;
 
 	if(strpos($scope,'site:') === 0) {
-		if(($scope === 'site: ' . get_app()->get_hostname()) && ($msg['notify']['sender']['url'] === z_root()))
+		if(($scope === 'site: ' . App::get_hostname()) && ($msg['notify']['sender']['url'] === z_root()))
 			return $recips;
 		else
 			return array();
@@ -1606,7 +1606,7 @@ function process_delivery($sender, $arr, $deliveries, $relay, $public = false, $
 		}
 
 		$channel = $r[0];
-		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
+		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . App::get_hostname() . '>');
 
 		/* blacklisted channels get a permission denied, no special message to tip them off */
 
@@ -2085,7 +2085,7 @@ function process_mail_delivery($sender, $arr, $deliveries) {
 		}
 
 		$channel = $r[0];
-		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
+		$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . App::get_hostname() . '>');
 
 		/* blacklisted channels get a permission denied, no special message to tip them off */
 
@@ -2227,12 +2227,68 @@ function process_location_delivery($sender,$arr,$deliveries) {
 		$x = sync_locations($sender,$arr,true);
 		logger('process_location_delivery: results: ' . print_r($x,true), LOGGER_DEBUG);
 		if($x['changed']) {
-			$guid = random_string() . '@' . get_app()->get_hostname();
+			$guid = random_string() . '@' . App::get_hostname();
 			update_modtime($sender['hash'],$sender['guid'],$arr['locations'][0]['address'],UPDATE_FLAGS_UPDATED);
 		}
 	}
 }
 
+/**
+ * @brief checks for a moved UNO channel and sets the channel_moved flag
+ *   
+ * Currently the effect of this flag is to turn the channel into 'read-only' mode.
+ * New content will not be processed (there was still an issue with blocking the 
+ * ability to post comments as of 10-Mar-2016).
+ * We do not physically remove the channel at this time. The hub admin may choose 
+ * to do so, but is encouraged to allow a grace period of several days in case there
+ * are any issues migrating content. This packet will generally be received by the
+ * original site when the basic channel import has been processed.
+ * 
+ * This will only be executed on the UNO system which is the old location
+ * if a new location is reported and there is only one location record.
+ * The rest of the hubloc syncronisation will be handled within
+ * sync_locations
+ */
+
+
+
+function check_location_move($sender_hash,$locations) {
+
+	if(! $locations)
+		return;	
+
+	if(! UNO)
+		return;
+
+	if(count($locations) != 1)
+		return;
+
+	$loc = $locations[0];
+
+	$r = q("select * from channel where channel_hash = '%s' limit 1",
+		dbesc($sender_hash)
+	);
+
+	if(! $r)
+		return;
+
+	if($loc['url'] !== z_root()) {
+		$x = q("update channel set channel_moved = '%s' where channel_hash = '%s' limit 1",
+			dbesc($loc['url']),
+			dbesc($sender_hash)
+		);
+
+		// federation plugins may wish to notify connections 
+		// of the move on singleton networks
+
+		$arr = array('channel' => $r[0],'locations' => $locations);
+		call_hooks('location_move',$arr);
+
+	}		
+
+}
+
+
 /**
  * @brief Synchronises locations.
  *
@@ -2247,6 +2303,10 @@ function sync_locations($sender, $arr, $absolute = false) {
 
 	if($arr['locations']) {
 
+		if($absolute)
+			check_location_move($sender['hash'],$arr['locations']);
+
+
 		$xisting = q("select hubloc_id, hubloc_url, hubloc_sitekey from hubloc where hubloc_hash = '%s'",
 			dbesc($sender['hash'])
 		);
@@ -2630,7 +2690,7 @@ function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLA
 	call_hooks('import_directory_profile', $d);
 
 	if (($d['update']) && (! $suppress_update))
-		update_modtime($arr['xprof_hash'],random_string() . '@' . get_app()->get_hostname(), $addr, $ud_flags);
+		update_modtime($arr['xprof_hash'],random_string() . '@' . App::get_hostname(), $addr, $ud_flags);
 
 	return $d['update'];
 }
@@ -2909,7 +2969,7 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
 	$synchubs = array();
 
 	foreach($h as $x) {
-		if($x['hubloc_host'] == $a->get_hostname())
+		if($x['hubloc_host'] == App::get_hostname())
 			continue;
 
 		$synchubs[] = $x;
@@ -2931,8 +2991,8 @@ function build_sync_packet($uid = 0, $packet = null, $groups_changed = false) {
 	$info['type'] = 'channel_sync';
 	$info['encoding'] = 'red'; // note: not zot, this packet is very red specific
 
-	if(array_key_exists($uid,$a->config) && array_key_exists('transient',$a->config[$uid])) {
-		$settings = $a->config[$uid]['transient'];
+	if(array_key_exists($uid,App::$config) && array_key_exists('transient',App::$config[$uid])) {
+		$settings = App::$config[$uid]['transient'];
 		if($settings) {
 			$info['config'] = $settings;
 		}
@@ -3078,6 +3138,9 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
 		if(array_key_exists('menu',$arr) && $arr['menu'])
 			sync_menus($channel,$arr['menu']);
 
+		if(array_key_exists('file',$arr) && $arr['file'])
+			sync_files($channel,$arr['file']);
+
 		if(array_key_exists('channel',$arr) && is_array($arr['channel']) && count($arr['channel'])) {
 
 			if(array_key_exists('channel_pageflags',$arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
@@ -3430,7 +3493,7 @@ function process_channel_sync_delivery($sender, $arr, $deliveries) {
 
 		if(array_key_exists('item',$arr) && is_array($arr['item'][0])) {
 			$DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],$arr['item'][0]['message_id'],'channel sync processed');
-			$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
+			$DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . App::get_hostname() . '>');
 		}
 		else
 			$DR = new Zotlabs\Zot\DReport(z_root(),$d['hash'],$d['hash'],'sync packet','channel sync delivered');
@@ -3858,7 +3921,7 @@ function zotinfo($arr) {
 		$a = get_app();
 
 		$visible_plugins = array();
-		if(is_array($a->plugins) && count($a->plugins)) {
+		if(is_array(App::$plugins) && count(App::$plugins)) {
 			$r = q("select * from addon where hidden = 0");
 			if($r)
 				foreach($r as $rr)
@@ -3923,11 +3986,11 @@ function check_zotinfo($channel,$locations,&$ret) {
 				dbesc($channel['channel_guid']),
 				dbesc($channel['channel_guid_sig']),
 				dbesc($channel['channel_hash']),
-				dbesc($channel['channel_address'] . '@' . get_app()->get_hostname()),
+				dbesc($channel['channel_address'] . '@' . App::get_hostname()),
 				intval(1),
 				dbesc(z_root()),
 				dbesc(base64url_encode(rsa_sign(z_root(),$channel['channel_prvkey']))),
-				dbesc(get_app()->get_hostname()),
+				dbesc(App::get_hostname()),
 				dbesc(z_root() . '/post'),
 				dbesc(get_config('system','pubkey')),
 				dbesc('zot')
@@ -4226,9 +4289,7 @@ function zot_reply_auth_check($data,$encrypted_packet) {
 	// the web server. We should probably convert this to webserver time rather than DB time so 
 	// that the different clocks won't affect it and allow us to keep the time short. 
 
-	q("delete from verify where type = 'auth' and created < %s - INTERVAL %s",
-		db_utcnow(), db_quoteinterval('30 MINUTE')
-	);
+	Zotlabs\Zot\Verify::purge('auth','30 MINUTE');
 
 	$y = q("select xchan_pubkey from xchan where xchan_hash = '%s' limit 1",
 		dbesc($sender_hash)
@@ -4267,19 +4328,13 @@ function zot_reply_auth_check($data,$encrypted_packet) {
 		// This additionally checks for forged sites since we already stored the expected result in meta
 		// and we've already verified that this is them via zot_gethub() and that their key signed our token
 
-		$z = q("select id from verify where channel = %d and type = 'auth' and token = '%s' and meta = '%s' limit 1",
-			intval($c[0]['channel_id']),
-			dbesc($data['secret']),
-			dbesc($data['sender']['url'])
-		);
+
+		$z = Zotlabs\Zot\Verify::match('auth',$c[0]['channel_id'],$data['secret'],$data['sender']['url']);
 		if (! $z) {
 			logger('mod_zot: auth_check: verification key not found.');
 			$ret['message'] .= 'verification key not found' . EOL;
 			json_return_and_die($ret);
 		}
-		$r = q("delete from verify where id = %d",
-			intval($z[0]['id'])
-		);
 
 		$u = q("select account_service_class from account where account_id = %d limit 1",
 			intval($c[0]['channel_account_id'])