more changelog

fix typos in comment

.gitignore

@@ -14,7 +14,7 @@
 *.rej
 # OSX .DS_Store files
 .DS_Store
-# version scripts (repo master only) 
+# version scripts (repo master only)
 .version*
 Thumbs.db
 
@@ -27,6 +27,7 @@ custom/
 /store/
 # site apps
 apps/
+!doc/context/*/apps
 # default startpage
 home.html
 # page header plugin

.travis.yml

@@ -81,6 +81,12 @@ matrix:
       dist: precise
       services:
         - mysql
+    # MySQL 5.7 with Docker container
+    - php: '7.1'
+      env: DB=mysql MYSQL_VERSION=5.7
+      sudo: required
+      services:
+        - docker
    # Excludes from default matrix combinations
 #  exclude:
 #    - php: hhvm
@@ -100,6 +106,8 @@ cache:
 
 before_install:
   - travis_retry composer self-update
+  # Start MySQL 5.7 Docker container, needs some time to come up
+  - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
 
 # Install composer dev libs
 install:

CHANGELOG

@@ -1,3 +1,266 @@
+Hubzilla 2.8.1 (2017-11-11)
+	- Rename channel app events to calendar and add nav_set_selected() to /cal
+	- Load notifications links to /display via ajax if we are already in /display
+	- Add location info to the navbar for remote visitors
+	- Bring back tabindex to submit comments
+	- Add spanish translations for context help
+	- Added mode to portfolio widget
+
+	Bugfixes
+	- Fix os_syspath in DAV file put operation so that photos will scale correctly
+	- Fix unicode characters in urls tripping up url regexes - github issue #901
+	- Fix wiki pages not updating after creating new page
+	- Fix notifications covered by cover photo on medium size screens - github issue #906
+	- Fix unable to change permissions on wiki with space in name
+	- Fix only show nav app link if we have a selected app
+	- Fix unable to mark all messages read
+	- Fix imagedata not set correctly if large photo and imagick is not installed
+	- Fix issues with diaspora xchans
+	- Fix profile photo issue triggered by a previous bug
+
+	Plugins/Addon
+	N-S-F-W: improve the undocumented n-s-f-w author::word feature
+	Diaspora: update the import_diaspora tool for the version 2.0 account export files
+	Diaspora: fix comments are partly containing "diaspora_handle" instead of "author" - github issue #69
+	Pubcrawl: provide feature setting for downgrade_media option
+	Pubcrawl: fix issue where replies to replies did not find its parent
+	Diaspora: fix friendica likes on comments
+	Diaspora: fix private mail
+	Diaspora: fix third party deletes/retractions not propagating
+	Diaspora: likes not working - github issue #895 in core
+	Diaspora: fix comments from unknown persons not accepted if allow public comments is enabled - github issue #68
+	XMPP: fix php warning
+
+
+Hubzilla 2.8 (2017-10-25)
+	- Redirect to be moderated items to /moderate
+	- Update notifications if notifications area remains open
+	- Create an actual logout module instead of relying on internal variables
+	- Add local_channel as a comanche condition variable
+	- Implement possibility to pin app-tray apps in the navbar via app category navbar_default
+	- Introduce custom navbars
+	- Re-implement single delivery
+	- Pdledit usability improvements
+	- Implement next generation notifications in right aside
+	- Implement single post view for /pubstream
+	- Make anonymous comments work in mod display
+	- Introduce notifications for unseen public stream posts (off by default)
+	- Preperatory work on Zot VI
+	- Add app for site admin
+	- Introduce experimental alternate channel_menu navigation (off by default)
+	- Introduce notifications for shared files
+	- Bring back notifications for account approvals
+	- Urlencode hashes from mod_acl
+	- Don't use chanlink_url() for feed mentions
+	- Design common friends widget to fit better in the app and move it to left aside
+	- Allow navbar to be used when cover photo is displayed in mod channel
+	- Implement admin setting to use imagick converter for large photos
+	- Process activity deletes from OStatus which for whatever reason do not use the industry standard tombstone mechanism
+	- Implement new css based spinner
+	- Move the link header initialisation from Router to Webserver
+	⁻ Extend activity_match() to work with arrays
+	- Updated the trusted CA cert database
+	- Ostatus - support likes of comments
+	- Provide ability to mention a forum by using !forumname as well as the traditional red style (@forumname+)
+	- Encrypt delivery reports (not backward compatible)
+	- Provide a space between link header params (draft-cavage-http-signatures-08)
+	- Turn common_friends into a widget
+	- Update to jquery-3.2.1
+	- Wiki pages sorted by name
+	- Create new hooks for permissions_accept and permissions_reject
+	- Provide rel=alternate link if no reshare content in post
+	- Add remote login button to login page
+	- DB update to add index to item.resource_id
+	- Implement wiki editing (name and acl)
+	- Provide a hook for importing a channel photo at channel creation time
+	- Implement wiki mimetype lock
+	- Bring back wiki downloads
+	- Add text/plain mimetype to wiki
+	- Implement per page mimetype selection for wikis
+	- Added english context help for apps and appman
+	- Implement owa (open web auth)
+	- Ignore diaspora_meta column on item import
+	- Check code permissions on cloud files
+	- Remove period from characters allowed in username
+	- Make comment highlighting more reliable
+	- Sign zot-info packets with httpsignatures
+	- Implement server to server magic auth
+	- Provide support for json-ld signatures
+	- Rewrite comment form open/close handling to be more reliable
+	- Radically reduce code duplication in updateConvItems()
+	- Remove discover tab in favour of the public stream app
+	- Apply autotime to all autotime classed elements when static loading a page
+	- Implement cards feature
+	- Extended support for help page translations including table of contents files at the top level
+	- Introduce util/dmkdir - a mkdir tool for DAV
+	- Various doco improvements
+	- Introduce util/dcp (DAV-copy) - copy file or directory from local system to Hubzilla
+	- Provide support for HTTPsig
+	- Implement mechanism for selective network following in protocol connectors (diaspora, ostatus, activitypub, zot, rss)
+
+	Bugfixes
+	- Fix w2w posts not removed in contact_remove() - github issue #837
+	- Fix guests not having a unique (non-existent) url
+	- Fix mod register re-using the password
+	- Fix write_storage permission not checked in /display
+	- Fix discovery of moderated items in enotify
+	- Fix profile thing image not deleted when thing deleted - github issue #868
+	- Fix deletions to comments not synced on wall posts
+	- Fix community tags not preserved on post edit - github issue #865
+	- Fix profile photo propagation issue if the local xchan_photo_[l|m|s] fields were changed from the /photo/profile/l/n form to photo/[hash] form by a clone operation
+	- Fix lockstate and current permissions not handed over to editor in mod card_edit
+	- Fix profile edit dropdown for multiple profiles
+	- Fix affinity slider spinner
+	- Fix mod pubsites broken
+	- Fix directory server admin selection includes known dead sites
+	- Fix sticky-kit issue where the bottom of left aside was not visible when section content was short
+	- Fix possibility to set bogus my_address
+	- Fix deleting of wiki pages
+	- Fix selected theme not appearing selected after change - github issue #855
+	- Fix an issue where some encoded mids were not found in /display
+	- Fix issue with mentions and xchans with @ or /
+	- Fix webfinger returns invalid XML - github issue #851
+	- Fix last remaining task in tasklist was not removed from view when completed
+
+	Plugins/Addon
+	Hubwall: Remove errant $1 string in sender name
+	Map federation protocols for zotinfo
+	Gnusoc: force ostatus profile photos to get refreshed monthly
+	Gnusoc: fix ostatus mention notifications
+	Gnusoc: unsubscribe to gnusoc feeds if connector is disabled
+	Phpmailer: not using load/unload
+	Gnusoc: don't provide some information if gnusoc is disabled by the channel
+	Diaspora: add a predelivery interval
+	Diaspora: support for likes on comments
+	Introduce the pubcrawl plugin - an unapologetically non-compliant ActivityPub Protocol implemention
+	Introduce gravatar plugin
+	Pubsubhubbub: produce much more compact PuSH feeds
+	Diaspora: support text comments on reshare posts
+	Diaspora: changes to delivery scenarios for the special handling of profile messages
+	Diaspora: put diaspora seed_location in json webfinger
+	Gnusoc: fix mis-attributed comments from mastodon
+	Gnusoc: allow discovery by url (not just reddress) and permit upgrade from 'unknown' network to gnusoc
+	Implement mechanism for selective network following in protocol connectors
+
+
+Hubzilla 2.6.3 (2017-09-18)
+	- Fix anonymous comments/likes on photos - this is not yet implemented
+	- Fix favicon not displayed on certain pages
+	- Fix hubzilla logo icon for favicon and email notifications
+	- Fix an issue with displaying selected theme in settings/display
+	- [SECURITY] Restrict the input characters we accept in token verification strings to hex digits
+	- Remove hubzilla.nl from fallback directory servers
+
+Hubzilla 2.6.2 (2017-08-31)
+	- Fix webfinger returns invalid XML (github issue #851)
+
+
+Hubzilla 2.6.1 (2017-08-18)
+	- Fix a regression with dav clients
+	- Raise install requirements
+	
+	Plugins/Addon
+	- Diaspora: fix PHP warning
+	- GNU-Social: fix PHP warning 
+
+
+Hubzilla 2.6 (2017-08-16)
+	- Upgrade to bootstrap-4 beta
+	- Consolidate disable_discover_tab config
+	- Fix some bbcode to markdown conversion issues
+	- Improved finding of recursive attachment permissions
+	- Smaller line-height for notification badges 
+	- Bluegrid schema removed - will be added again if someone is willing to maintain it
+	- Improved file_activity()
+	- DB - add index for item.obj_type
+	- Add options flag to bb_to_markdown() so we can distinguish between diaspora use and other use and therefore filter and adjust content selectively
+	- Close the apps-menu if the notifications-menu is open and vice versa 
+	- Remove redundant call to jquery ready function in photo albums view
+	- Remove borders from navbar toggler in mobile view
+	- Improve the formatting of shares when converting from bbcode to markdown
+	- Suppress fopen errors from dav
+	- Make local channel (not our own) nav menus appear similar to what we are used from remote channels
+	- Indicate the selected channel in the dropdown menu if the feature is enabled	
+	- Provide a mechanism to mark apps active in the app tray
+	- Allow wildcard tag and category searches
+	- Improved installer
+	- Update some addon docs and ensure we only generate statistics once a day
+	- Turn url requests where argv[0] is something.xyz into module='something' and $_REQUEST['module_format'] = 'xyz'; But leave modules beginning with . (like .well_known) alone (convert the initial . to _ and then strip it)
+	- Turn platform name and std_version into config variables
+	- Implement chunked uploads on the wall
+	- Prevent expiration of conversations you are involved with
+	- Update htmlpurifier to version 4.9.3
+	- Update sabre/http to version 4.2.3
+	- Add optimize-autoloader to composer config
+	- Missing abook_{my,their}_perms in pg schema and missing keys in mysql schema 
+	- Provide a gender icon on the profile sidebar within reason
+	- Provide more comprehensible information on the admin summary page
+	- Upgrade blueimp from 9.8 to 9.18
+	- Chanview - if already connected, bypass the chanview intermediary page and go straight to the remote profile.
+	- Allow poke by xchan_hash
+	- guess_image_type() - ignore scheme when checking for urls
+	- Remove unused page_widgets.php include and provide a general function for loading sql from file
+	- Migrate cdav from addons to core
+	- Address several mail issues
+	- Add files and photos to featured apps by default
+	- import_author_zot() fixes
+	- Remove deprecated app parameter from conversation()
+	- Implement anonymous comments (like wordpress)
+	- Add rel=noopener to all external target _blank links
+	- Add 'can_comment_on_post' hook so we can better deal with the complications of Diaspora policy
+	- Added Portfolio widget (requires foundation)
+	- Convert schema_mysql engine to InnoDB and charset utf8mb4
+	- Put unreachable federated connections in the archived tab of the connections list page
+	- Indicate on connections page if a federated connection from another network is unavailable from the current location
+	- Make authenticated oembeds optional, default to false.
+	- Remove text_highlight css load from core
+	- Numerous ostatus feed improvements (mastodon, gnu-social)
+	- Provide hook when deleting a connection - we need this to clean up dangling PuSH subscriptions
+	- Move code syntax highlighting to plugin
+	- Oembed: ensure that width and height are returned as type int and not float
+	- Rewrite wiki pages widget - no need for ajax on pageload, show the pages to not authenticated people.
+	- Convert randprof to use chanlink_hash() instead of chanlink_url() and filter sys channels by xchan.xchan_system instead of xchan_addr != sys@%
+	- Update Sabre libraries
+	- Only provide "connected apps" on the settings menu if techlevel > 0.
+	- Provide ability to search webpage
+	- Move disapora xrd stuff to plugin
+	- Deprecate server_role
+	- Introduce automatic language selection for help, webpages, and wiki content
+	- Provide ability to order apps in app-tray
+	- Replace Markdownify library with html-to-markdown library
+
+	Bugfixes
+	- Fix channel manager and nav channel select visible if in a delegate session
+	- Fix wrong wiki pages in the sidebar github issue #841
+	- Fix a bug where if multiple channels uploaded the same file to the same folder, the uploaded file would end up with an incremental number added to the filename for each upload even if the file did not exist yet in the channels folder
+	- Fix privacy groups not syncing across clones properly (github issue #832)
+	- Fix an issue where the ability to use a portion of the message-id to display a message wasn't honoured in all cases
+	- Fix minor issues in the bs-default schema
+	- Fix backward compatibility for album links generated in earlier times before the ambiguity of photo album names was solved (github issue #827)
+	- Fix photo item comments not ported to bs4
+	- Fix incorrect album link
+	- Fix incorrect follow url in webfinger
+	- Fix regression - allow position attributes in oembedable zcards
+	- Fix affinitiy slider settings were being updated on any submit of of settings/featured
+	- Fix minor weirdness in zot finger results after deleting a clone from a channel that was on a site which was previously migrated from http to https and still had the old hubloc
+	- Fix cloud headers already sent issue
+	- Partial fix for failure to sync photos - appears to be memory exhaustion and dependent on filesize although an unrelated issue was found with directory creation during file sync (we didn't check ownership when looking for duplicates)
+	- Fix github issue #810
+	- Don't allow negative age in directory listings
+	- Fix allow setting a default schema for the hub (github issue #797) and allow selecting of focus (hubzilla default) schema if a default is set
+	- Fix update_r1189() for mysql and postgres
+
+	Plugins/Addon
+	Diaspora: Rewrite the addon to implemented Diaspora Version 2 federation protocol
+	GNU-Social: GNU-Social and Mastodon compatibility was greatly increased and a "fetch conversations" feature added to try and locate missing contextual references and maintain conversations in posts from those networks
+	Rename statistics_json to statistics and implement nodeinfo v2
+	New authchoose addon to restrict what sites you authenticate to by default
+	Cdav addon moved to core
+	head_add_css() needs a preceding '/' to find files in the addons dir
+	New addon code syntax highlighting (moved from core to addon)
+	Pubsubhubbub: specify a minimum number of records - otherwise it defaults to zero	
+
+
 Hubzilla 2.4 (2017-05-31)
 	- Silence php warning during install
 	- Implemented switch statement logic in Comanche layout parser

Zotlabs/Access/PermissionLimits.php

@@ -10,7 +10,7 @@ class PermissionLimits {
 		$perms = Permissions::Perms();
 		$limits = array();
 		foreach($perms as $k => $v) {
-			if(strstr($k,'view'))
+			if(strstr($k,'view') || $k === 'post_comments')
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;

Zotlabs/Access/Permissions.php

@@ -1,45 +1,52 @@
 <?php
 
-
 namespace Zotlabs\Access;
 
 use Zotlabs\Lib as Zlib;
 
+/**
+ * @brief Extensible permissions.
+ *
+ * To add new permissions, add to the list of $perms below, with a simple description.
+ *
+ * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
+ * if this permission should be granted to new connections.
+ *
+ * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom
+ * permission roles. You will want to set a default PermissionLimit for each channel and also
+ * provide a sane default for any existing connections. You may or may not wish to provide a
+ * default auto permission. If in doubt, leave this alone as custom permissions by definition
+ * are the responsibility of the channel owner to manage. You just don't want to create any
+ * suprises or break things so you have an opportunity to provide sane settings.
+ *
+ * Update the version here and in PermissionRoles.
+ *
+ *
+ * Permissions with 'view' in the name are considered read permissions. Anything
+ * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
+ * is given PERMS_SPECIFIC.
+ *
+ * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
+ * MAY alter an individual setting after retrieving the Std_limits if you require
+ * something different for a specific permission within the given role.
+ *
+ */
 class Permissions {
 
-	/**
-	 * Extensible permissions.
-	 * To add new permissions, add to the list of $perms below, with a simple description.
-	 *
-	 * Also visit PermissionRoles.php and add to the $ret['perms_connect'] property for any role
-	 * if this permission should be granted to new connections.
-	 *
-	 * Next look at PermissionRoles::new_custom_perms() and provide a handler for updating custom 
-	 * permission roles. You will want to set a default PermissionLimit for each channel and also
-	 * provide a sane default for any existing connections. You may or may not wish to provide a
-	 * default auto permission. If in doubt, leave this alone as custom permissions by definition
-	 * are the responsibility of the channel owner to manage. You just don't want to create any 
-	 * suprises or break things so you have an opportunity to provide sane settings. 
-	 *
-	 * Update the version here and in PermissionRoles
-	 *
-	 *
-	 * Permissions with 'view' in the name are considered read permissions. Anything
-	 * else requires authentication. Read permission limits are PERMS_PUBLIC and anything else
-	 * is given PERMS_SPECIFIC.
-	 *
-	 * PermissionLimits::Std_limits() retrieves the standard limits. A permission role
-	 * MAY alter an individual setting after retrieving the Std_limits if you require
-	 * something different for a specific permission within the given role.  
-	 *
-	 */
-
 	static public function version() {
 		// This must match the version in PermissionRoles.php before permission updates can run.
 		return 2;
 	}
 
-
+	/**
+	 * @brief Return an array with Permissions.
+	 *
+	 * @hooks permissions_list
+	 *   * \e array \b permissions
+	 *   * \e string \b filter
+	 * @param string $filter (optional) only passed to hook permission_list
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function Perms($filter = '') {
 
 		$perms = [
@@ -63,18 +70,27 @@ class Permissions {
 			'delegate'      => t('Can administer my channel')
 		];
 
-		$x = array('permissions' => $perms, 'filter' => $filter);
-		call_hooks('permissions_list',$x);
-		return($x['permissions']);
+		$x = [
+			'permissions' => $perms,
+			'filter' => $filter
+		];
+		call_hooks('permissions_list', $x);
 
+		return($x['permissions']);
 	}
 
+	/**
+	 * @brief Perms from the above list that are blocked from anonymous observers.
+	 *
+	 * e.g. you must be authenticated.
+	 *
+	 * @hooks write_perms
+	 *   * \e array \b permissions
+	 * @return Associative array with permissions and short description.
+	 */
 	static public function BlockedAnonPerms() {
 
-		// Perms from the above list that are blocked from anonymous observers.
-		// e.g. you must be authenticated.
-
-		$res = array();
+		$res = [];
 		$perms = PermissionLimits::Std_limits();
 		foreach($perms as $perm => $limit) {
 			if($limit != PERMS_PUBLIC) {
@@ -82,17 +98,22 @@ class Permissions {
 			}
 		}
 
-		$x = array('permissions' => $res);
-		call_hooks('write_perms',$x);
-		return($x['permissions']);
+		$x = ['permissions' => $res];
+		call_hooks('write_perms', $x);
 
+		return($x['permissions']);
 	}
 
-	// converts [ 0 => 'view_stream', ... ]
-	// to [ 'view_stream' => 1 ]
-	// for any permissions in $arr;
-	// Undeclared permissions are set to 0
-
+	/**
+	 * @brief Converts indexed perms array to associative perms array.
+	 *
+	 * Converts [ 0 => 'view_stream', ... ]
+	 * to [ 'view_stream' => 1 ] for any permissions in $arr;
+	 * Undeclared permissions which exist in Perms() are added and set to 0.
+ 	 *
+	 * @param array $arr
+	 * @return array
+	 */
 	static public function FilledPerms($arr) {
 		if(is_null($arr)) {
 			btlogger('FilledPerms: null');
@@ -101,15 +122,26 @@ class Permissions {
 		$everything = self::Perms();
 		$ret = [];
 		foreach($everything as $k => $v) {
-			if(in_array($k,$arr))
+			if(in_array($k, $arr))
 				$ret[$k] = 1;
 			else
 				$ret[$k] = 0;
 		}
-		return $ret;
 
+		return $ret;
 	}
 
+	/**
+	 * @brief Convert perms array to indexed array.
+	 *
+	 * Converts [ 'view_stream' => 1 ] for any permissions in $arr
+	 * to [ 0 => ['name' => 'view_stream', 'value' => 1], ... ]
+	 *
+	 * @param array $arr associative perms array 'view_stream' => 1
+	 * @return Indexed array with elements that look like
+	 *   * \e string \b name the perm name (e.g. view_stream)
+	 *   * \e int \b value the value of the perm (e.g. 1)
+	 */
 	static public function OPerms($arr) {
 		$ret = [];
 		if($arr) {
@@ -120,7 +152,12 @@ class Permissions {
 		return $ret;
 	}
 
-
+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id
+	 * @return boolean|array
+	 */
 	static public function FilledAutoperms($channel_id) {
 		if(! intval(get_pconfig($channel_id,'system','autoperms')))
 			return false;
@@ -137,16 +174,34 @@ class Permissions {
 		return $arr;
 	}
 
-	static public function PermsCompare($p1,$p2) {
+	/**
+	 * @brief Compares that all Permissions from $p1 exist also in $p2.
+	 *
+	 * @param array $p1 The perms that have to exist in $p2
+	 * @param array $p2 The perms to compare against
+	 * @return boolean true if all perms from $p1 exist also in $p2
+	 */
+	static public function PermsCompare($p1, $p2) {
 		foreach($p1 as $k => $v) {
-			if(! array_key_exists($k,$p2))
+			if(! array_key_exists($k, $p2))
 				return false;
+
 			if($p1[$k] != $p2[$k])
 				return false;
 		}
+
 		return true;
 	}
 
+	/**
+	 * @brief
+	 *
+	 * @param int $channel_id A channel id
+	 * @return associative array
+	 *   * \e array \b perms Permission array
+	 *   * \e int \b automatic 0 or 1
+	 */
+
 	static public function connect_perms($channel_id) {
 
 		$my_perms = [];
@@ -155,7 +210,7 @@ class Permissions {
 
 		// If a default permcat exists, use that
 
-		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');		
+		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');
 		if(! in_array($pc, [ '','default' ])) {
 			$pcp = new Zlib\Permcat($channel_id);
 			$permcat = $pcp->fetch($pc);
@@ -167,7 +222,7 @@ class Permissions {
 		}
 
 		// look up the permission role to see if it specified auto-connect
-		// and if there was no permcat or a default permcat, set the perms 
+		// and if there was no permcat or a default permcat, set the perms
 		// from the role
 
 		$role = get_pconfig($channel_id,'system','permissions_role');
@@ -195,7 +250,7 @@ class Permissions {
 		}
 
 		// If we reached this point with no permissions, the channel is using
-		// custom perms but they are not automatic. They will be stored in abconfig with 
+		// custom perms but they are not automatic. They will be stored in abconfig with
 		// the channel's channel_hash (the 'self' connection).
 
 		if(! $my_perms) {

Zotlabs/Daemon/Cron.php

@@ -174,7 +174,8 @@ class Cron {
 
 		// pull in some public posts
 
-		if(! get_config('system','disable_discover_tab'))
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		if(! $disable_discover_tab)
 			Master::Summon(array('Externals'));
 
 		$generation = 0;

Zotlabs/Daemon/Cron_daily.php

@@ -51,6 +51,7 @@ class Cron_daily {
 		update_channels_active_halfyear_stat();
 		update_channels_active_monthly_stat();
 		update_local_posts_stat();
+		update_local_comments_stat();
 
 
 		// expire old delivery reports
@@ -87,7 +88,7 @@ class Cron_daily {
 
 		call_hooks('cron_daily',datetime_convert());
 
-		set_config('system','last_expire_day',$d2);
+		set_config('system','last_expire_day',intval(datetime_convert('UTC','UTC','now','d')));
 
 		/**
 		 * End Cron Daily

Zotlabs/Daemon/Deliver.php

@@ -53,6 +53,9 @@ class Deliver {
 						remove_queue_item($r[0]['outq_hash']);
 
 						if($dresult && is_array($dresult)) {
+
+							// delivery reports for local deliveries do not require encryption
+
 							foreach($dresult as $xx) {
 								if(is_array($xx) && array_key_exists('message_id',$xx)) {
 									if(delivery_report_is_storable($xx)) {

Zotlabs/Daemon/Gprobe.php

@@ -17,7 +17,7 @@ class Gprobe {
 		if(! strpos($url,'@'))
 			return;
 
-		$r = q("select * from xchan where xchan_addr = '%s' limit 1",
+		$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
 			dbesc($url)
 		);
 

Zotlabs/Daemon/Importdoc.php

@@ -21,12 +21,18 @@ class Importdoc {
 		$files = glob("$d/$f");
 		if($files) {
 			foreach($files as $fi) {
-				if($fi === 'doc/html')
+				if($fi === 'doc/html') {
 					continue;
-				if(is_dir($fi))
+				}
+				if(is_dir($fi)) {
 					self::update_docs_dir("$fi/*");
-				else
-					store_doc_file($fi);
+				}
+				else {
+					// don't update media content
+					if(strpos(z_mime_content_type($fi),'text') === 0) {
+						store_doc_file($fi);
+					}
+				}
 			}
 		}
 	}

Zotlabs/Daemon/Importfile.php

@@ -0,0 +1,47 @@
+<?php /** @file */
+
+namespace Zotlabs\Daemon;
+
+class Importfile {
+
+	static public function run($argc,$argv){
+
+		logger('Importfile: ' . print_r($argv,true));
+
+		if($argc < 3)
+			return;
+
+		$channel = channelx_by_n($argv[1]);
+		if(! $channel)
+			return;
+
+		$srcfile = $argv[2];
+		$folder  = (($argc > 3) ? $argv[3] : '');
+		$dstname = (($argc > 4) ? $argv[4] : '');
+
+		$hash = random_string();
+
+		$arr = [
+			'src'               => $srcfile,
+			'filename'          => (($dstname) ? $dstname : basename($srcfile)),
+			'hash'              => $hash,
+			'allow_cid'         => $channel['channel_allow_cid'],
+			'allow_gid'         => $channel['channel_allow_gid'],
+			'deny_cid'          => $channel['channel_deny_cid'],
+			'deny_gid'          => $channel['channel_deny_gid'],
+			'preserve_original' => true,
+			'replace'           => true
+		];
+
+		if($folder)
+			$arr['folder'] = $folder;
+
+		attach_store($channel,$channel['channel_hash'],'import',$arr);
+
+		$sync = attach_export_data($channel,$hash);
+		if($sync)
+			build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+	
+		return;
+	}
+}

Zotlabs/Daemon/Notifier.php

@@ -59,6 +59,8 @@ require_once('include/bbcode.php');
  *
  * ZOT 
  *       permission_create      abook_id
+ *       permission_accept      abook_id
+ *       permission_reject      abook_id
  *       permission_update      abook_id
  *       refresh_all            channel_id
  *       purge_all              channel_id
@@ -69,6 +71,7 @@ require_once('include/bbcode.php');
  *       location               channel_id
  *       request                channel_id            xchan_hash             message_id
  *       rating                 xlink_id
+ *       keychange              channel_id
  *
  */
 
@@ -146,7 +149,21 @@ class Notifier {
 			$packet_type = 'request';
 			$normal_mode = false;
 		}
-		elseif($cmd == 'permission_update' || $cmd == 'permission_create') {
+		elseif($cmd === 'keychange') {
+			$channel = channelx_by_n($item_id);
+			$r = q("select abook_xchan from abook where abook_channel = %d",
+				intval($item_id)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$recipients[] = $rr['abook_xchan'];
+				}
+			}
+			$private = false;
+			$packet_type = 'keychange';
+			$normal_mode = false;
+		}
+		elseif(in_array($cmd, [ 'permission_update', 'permission_reject', 'permission_accept', 'permission_create' ])) {
 			// Get the (single) recipient	
 			$r = q("select * from abook left join xchan on abook_xchan = xchan_hash where abook_id = %d and abook_self = 0",
 				intval($item_id)
@@ -158,8 +175,12 @@ class Notifier {
 				if($channel) {
 					$perm_update = array('sender' => $channel, 'recipient' => $r[0], 'success' => false, 'deliveries' => '');	
 
-					if($cmd == 'permission_create')
+					if($cmd === 'permission_create')
 						call_hooks('permissions_create',$perm_update);
+					elseif($cmd === 'permission_accept')
+						call_hooks('permissions_accept',$perm_update);
+					elseif($cmd === 'permission_reject')
+						call_hooks('permissions_reject',$perm_update);
 					else
 						call_hooks('permissions_update',$perm_update);
 
@@ -263,14 +284,15 @@ class Notifier {
 				$deleted_item = true;
 			}
 
-			if(intval($target_item['item_type']) != ITEM_TYPE_POST) {
+			if(! in_array(intval($target_item['item_type']), [ ITEM_TYPE_POST ] )) {
 				logger('notifier: target item not forwardable: type ' . $target_item['item_type'], LOGGER_DEBUG);
 				return;
 			}
 
 			// Check for non published items, but allow an exclusion for transmitting hidden file activities
 
-			if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) || 
+			if(intval($target_item['item_unpublished']) || intval($target_item['item_delayed']) ||
+				intval($target_item['item_blocked']) || 
 				( intval($target_item['item_hidden']) && ($target_item['obj_type'] !== ACTIVITY_OBJ_FILE))) {
 				logger('notifier: target item not published, so not forwardable', LOGGER_DEBUG);
 				return;
@@ -391,7 +413,6 @@ class Notifier {
 					return;
 				}
 			}
-
 		}
 
 		$walltowall = (($top_level_post && $channel['xchan_hash'] === $target_item['author_xchan']) ? true : false); 
@@ -408,11 +429,11 @@ class Notifier {
 		if(! $recipients)
 			return;
 
-//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
+		//	logger('notifier: recipients: ' . print_r($recipients,true), LOGGER_NORMAL, LOG_DEBUG);
 
 		$env_recips = (($private) ? array() : null);
 
-		$details = q("select xchan_hash, xchan_instance_url, xchan_network, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . implode(',',$recipients) . ")");
+		$details = q("select xchan_hash, xchan_instance_url, xchan_network, xchan_addr, xchan_guid, xchan_guid_sig from xchan where xchan_hash in (" . protect_sprintf(implode(',',$recipients)) . ")");
 
 
 		$recip_list = array();
@@ -421,40 +442,40 @@ class Notifier {
 			foreach($details as $d) {
 
 				$recip_list[] = $d['xchan_addr'] . ' (' . $d['xchan_hash'] . ')'; 
-				if($private)
-					$env_recips[] = array('guid' => $d['xchan_guid'],'guid_sig' => $d['xchan_guid_sig'],'hash' => $d['xchan_hash']);
-
-				if($d['xchan_network'] === 'mail' && $normal_mode) {
-					$delivery_options = get_xconfig($d['xchan_hash'],'system','delivery_mode');
-					if(! $delivery_options)
-						format_and_send_email($channel,$d,$target_item);
+				if($private) {
+					$env_recips[] = [
+						'guid'     => $d['xchan_guid'],
+						'guid_sig' => $d['xchan_guid_sig'],
+						'hash'     => $d['xchan_hash']
+					];
 				}
 			}
 		}
 
 
-		$narr = array(
-			'channel' => $channel,
-			'upstream' => $upstream,
-			'env_recips' => $env_recips,
-			'packet_recips' => $packet_recips,
-			'recipients' => $recipients,
-			'item' => $item,
-			'target_item' => $target_item,
+		$narr = [
+			'channel'        => $channel,
+			'upstream'       => $upstream,
+			'env_recips'     => $env_recips,
+			'packet_recips'  => $packet_recips,
+			'recipients'     => $recipients,
+			'item'           => $item,
+			'target_item'    => $target_item,
+			'parent_item'    => $parent_item,
 			'top_level_post' => $top_level_post,
-			'private' => $private,
+			'private'        => $private,
 			'relay_to_owner' => $relay_to_owner,
-			'uplink' => $uplink,
-			'cmd' => $cmd,
-			'mail' => $mail,
-			'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
-			'location' => $location,
-			'request' => $request,
-			'normal_mode' => $normal_mode,
-			'packet_type' => $packet_type,
-			'walltowall' => $walltowall,
-			'queued' => array()
-		);
+			'uplink'         => $uplink,
+			'cmd'            => $cmd,
+			'mail'           => $mail,
+			'single'         => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
+			'location'       => $location,
+			'request'        => $request,
+			'normal_mode'    => $normal_mode,
+			'packet_type'    => $packet_type,
+			'walltowall'     => $walltowall,
+			'queued'         => []
+		];
 
 		call_hooks('notifier_process', $narr);
 		if($narr['queued']) {
@@ -479,7 +500,7 @@ class Notifier {
 		// Now we have collected recipients (except for external mentions, FIXME)
 		// Let's reduce this to a set of hubs; checking that the site is not dead.
 
-		$r = q("select hubloc.*, site.site_crypto from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . implode(',',$recipients) . ") 
+		$r = q("select hubloc.*, site.site_crypto, site.site_flags from hubloc left join site on site_url = hubloc_url where hubloc_hash in (" . protect_sprintf(implode(',',$recipients)) . ") 
 			and hubloc_error = 0 and hubloc_deleted = 0 and ( site_dead = 0 OR site_dead is null ) "
 		);		
  
@@ -491,8 +512,6 @@ class Notifier {
 
 		$hubs = $r;
 
-
-
 		/**
 		 * Reduce the hubs to those that are unique. For zot hubs, we need to verify uniqueness by the sitekey, 
 		 * since it may have been a re-install which has not yet been detected and pruned.
@@ -522,50 +541,49 @@ class Notifier {
 
 			if($hub['hubloc_network'] == 'zot') {
 				if(! in_array($hub['hubloc_sitekey'],$keys)) {
-					$hublist[] = $hub['hubloc_host'];
-					$dhubs[] = $hub;
-					$keys[] = $hub['hubloc_sitekey'];
+					$hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network'];
+					$dhubs[]   = $hub;
+					$keys[]    = $hub['hubloc_sitekey'];
 				}
 			}
 			else {
 				if(! in_array($hub['hubloc_url'],$urls)) {
-					$hublist[] = $hub['hubloc_host'];
-					$dhubs[] = $hub;
-					$urls[] = $hub['hubloc_url'];
+					$hublist[] = $hub['hubloc_host'] . ' ' . $hub['hubloc_network'];
+					$dhubs[]   = $hub;
+					$urls[]    = $hub['hubloc_url'];
 				}
 			}
 		}
 
 		logger('notifier: will notify/deliver to these hubs: ' . print_r($hublist,true), LOGGER_DEBUG, LOG_DEBUG);
 
-
 		foreach($dhubs as $hub) {
 
 			if($hub['hubloc_network'] !== 'zot') {
-
-				$narr = array(
-					'channel' => $channel,
-					'upstream' => $upstream,
-					'env_recips' => $env_recips,
-					'packet_recips' => $packet_recips,
-					'recipients' => $recipients,
-					'item' => $item,
-					'target_item' => $target_item,
-					'hub' => $hub,
+				$narr = [
+					'channel'        => $channel,
+					'upstream'       => $upstream,
+					'env_recips'     => $env_recips,
+					'packet_recips'  => $packet_recips,
+					'recipients'     => $recipients,
+					'item'           => $item,
+					'target_item'    => $target_item,
+					'parent_item'    => $parent_item,
+					'hub'            => $hub,
 					'top_level_post' => $top_level_post,
-					'private' => $private,
+					'private'        => $private,
 					'relay_to_owner' => $relay_to_owner,
-					'uplink' => $uplink,
-					'cmd' => $cmd,
-					'mail' => $mail,
-					'single' => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
-					'location' => $location,
-					'request' => $request,
-					'normal_mode' => $normal_mode,
-					'packet_type' => $packet_type,
-					'walltowall' => $walltowall,
-					'queued' => array()
-				);
+					'uplink'         => $uplink,
+					'cmd'            => $cmd,
+					'mail'           => $mail,
+					'single'         => (($cmd === 'single_mail' || $cmd === 'single_activity') ? true : false),
+					'location'       => $location,
+					'request'        => $request,
+					'normal_mode'    => $normal_mode,
+					'packet_type'    => $packet_type,
+					'walltowall'     => $walltowall,
+					'queued'         => []
+				];
 
 
 				call_hooks('notifier_hub',$narr);
@@ -578,13 +596,13 @@ class Notifier {
 			}
 
 			// singleton deliveries by definition 'not got zot'.
-			// Single deliveries are other federated networks (plugins) and we're essentially 
+            // Single deliveries are other federated networks (plugins) and we're essentially
 			// delivering only to those that have this site url in their abook_instance
 			// and only from within a sync operation. This means if you post from a clone,
 			// and a connection is connected to one of your other clones; assuming that hub
 			// is running it will receive a sync packet. On receipt of this sync packet it
 			// will invoke a delivery to those connections which are connected to just that
-			// hub instance. 
+			// hub instance.
 
 			if($cmd === 'single_mail' || $cmd === 'single_activity') {
 				continue;
@@ -592,12 +610,17 @@ class Notifier {
 
 			// default: zot protocol
 
-			$hash = random_string();
+			$hash   = random_string();
 			$packet = null;
+			$pmsg   = '';
 
 			if($packet_type === 'refresh' || $packet_type === 'purge') {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
+			if($packet_type === 'keychange') {
+				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
+				$pmsg = get_pconfig($channel['channel_id'],'system','keychange');
+			}
 			elseif($packet_type === 'request') {
 				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
 				$packet = zot_build_packet($channel,$packet_type,$env,$hub['hubloc_sitekey'],$hub['site_crypto'],
@@ -611,20 +634,23 @@ class Notifier {
 					'account_id' => $channel['channel_account_id'],
 					'channel_id' => $channel['channel_id'],
 					'posturl'    => $hub['hubloc_callback'],
-					'notify'     => $packet
+					'notify'     => $packet,
+					'msg'        => (($pmsg) ? json_encode($pmsg) : '')
 				));
 			}
 			else {
 				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
 				$packet = zot_build_packet($channel,'notify',$env,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
-				queue_insert(array(
-					'hash'       => $hash,
-					'account_id' => $target_item['aid'],
-					'channel_id' => $target_item['uid'],
-					'posturl'    => $hub['hubloc_callback'],
-					'notify'     => $packet,
-					'msg'        => json_encode($encoded_item)
-				));
+				queue_insert(
+					[
+						'hash'       => $hash,
+						'account_id' => $target_item['aid'],
+						'channel_id' => $target_item['uid'],
+						'posturl'    => $hub['hubloc_callback'],
+						'notify'     => $packet,
+						'msg'        => json_encode($encoded_item)
+					]
+				);
 
 				// only create delivery reports for normal undeleted items
 				if(is_array($target_item) && array_key_exists('postopts',$target_item) && (! $target_item['item_deleted']) && (! get_config('system','disable_dreport'))) {
@@ -645,9 +671,9 @@ class Notifier {
 	
 		if($normal_mode) {
 			$x = q("select * from hook where hook = 'notifier_normal'");
-			if($x)
-				Master::Summon(array('Deliver_hooks',$target_item['id']));
-
+			if($x) {
+				Master::Summon( [ 'Deliver_hooks', $target_item['id'] ] );
+			}
 		}
 
 		if($deliveries)

Zotlabs/Extend/Hook.php

@@ -40,6 +40,15 @@ class Hook {
 		return $r;
 	}
 
+	static public function register_array($file,$arr) {
+		if($arr) {
+			foreach($arr as $k => $v) {
+				self::register($k,$file,$v);
+			}
+		}
+	}
+
+
 	static public function unregister($hook,$file,$function,$version = 1,$priority = 0) {
 		if(is_array($function)) {
 			$function = serialize($function);

Zotlabs/Lib/ActivityStreams.php

@@ -0,0 +1,199 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+class ActivityStreams {
+
+	public $data;
+	public $valid  = false;
+	public $id     = '';
+	public $type   = '';
+	public $actor  = null;
+	public $obj    = null;
+	public $tgt    = null;
+	public $origin = null;
+	public $owner  = null;
+	public $signer = null;
+	public $ldsig  = null;
+	public $sigok  = false;
+	public $recips = null;
+	public $raw_recips = null;
+
+	function __construct($string) {
+
+		$this->data = json_decode($string,true);
+		if($this->data) {
+			$this->valid = true;
+		}
+
+		if($this->is_valid()) {
+			$this->id     = $this->get_property_obj('id');
+			$this->type   = $this->get_primary_type();
+			$this->actor  = $this->get_compound_property('actor');
+			$this->obj    = $this->get_compound_property('object');
+			$this->tgt    = $this->get_compound_property('target');
+			$this->origin = $this->get_compound_property('origin');
+			$this->recips = $this->collect_recips();
+
+			$this->ldsig = $this->get_compound_property('signature');
+			if($this->ldsig) {
+				$this->signer = $this->get_compound_property('creator',$this->ldsig);
+				if($this->signer && $this->signer['publicKey'] && $this->signer['publicKey']['publicKeyPem']) {
+					$this->sigok = \Zotlabs\Lib\LDSignatures::verify($this->data,$this->signer['publicKey']['publicKeyPem']);
+				}
+			}
+
+			if(($this->type === 'Note') && (! $this->obj)) {
+				$this->obj = $this->data;
+				$this->type = 'Create';
+			}
+		}
+	}
+
+	function is_valid() {
+		return $this->valid;
+	}
+
+	function set_recips($arr) {
+		$this->saved_recips = $arr;
+	}
+
+	function collect_recips($base = '',$namespace = '') {
+		$x = [];
+		$fields = [ 'to','cc','bto','bcc','audience'];
+		foreach($fields as $f) {
+			$y = $this->get_compound_property($f,$base,$namespace);
+			if($y) {
+				$x = array_merge($x,$y);
+				if(! is_array($this->raw_recips))
+					$this->raw_recips = [];
+				$this->raw_recips[$f] = $x;
+			}
+		}						
+// not yet ready for prime time
+//		$x = $this->expand($x,$base,$namespace);
+		return $x;
+	}
+
+	function expand($arr,$base = '',$namespace = '') {
+		$ret = [];
+
+		// right now use a hardwired recursion depth of 5
+
+		for($z = 0; $z < 5; $z ++) {
+			if(is_array($arr) && $arr) {
+				foreach($arr as $a) {
+					if(is_array($a)) {
+						$ret[] = $a;
+					}
+					else {
+						$x = $this->get_compound_property($a,$base,$namespace);
+						if($x) {
+							$ret = array_merge($ret,$x);
+						}
+					}
+				}
+			}
+		}
+
+		// @fixme de-duplicate
+
+		return $ret;
+	}
+
+	function get_namespace($base,$namespace) {
+
+		if(! $namespace)
+			return '';
+
+		$key = null;
+
+
+		foreach( [ $this->data, $base ] as $b ) {
+			if(! $b)
+				continue;
+			if(array_key_exists('@context',$b)) {
+				if(is_array($b['@context'])) {
+					foreach($b['@context'] as $ns) {
+						if(is_array($ns)) {
+							foreach($ns as $k => $v) {
+								if($namespace === $v)
+									$key = $k;
+							}
+						}
+						else {
+							if($namespace === $ns) {
+								$key = '';
+							}
+						}
+					}
+				}
+				else {
+					if($namespace === $b['@context']) {
+						$key = '';
+					}
+				}
+			}
+		}
+		return $key;
+	}
+
+
+	function get_property_obj($property,$base = '',$namespace = '' ) {
+		$prefix = $this->get_namespace($base,$namespace);
+		if($prefix === null)
+			return null;	
+		$base = (($base) ? $base : $this->data);
+		$propname = (($prefix) ? $prefix . ':' : '') . $property;
+		return ((array_key_exists($propname,$base)) ? $base[$propname] : null);
+	}
+
+	function fetch_property($url) {
+		$redirects = 0;
+		if(! check_siteallowed($url)) {
+			logger('blacklisted: ' . $url);
+			return null;
+		}
+
+		$x = z_fetch_url($url,true,$redirects,
+			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]);
+		if($x['success'])
+			return json_decode($x['body'],true);
+		return null;
+	}
+
+	function get_compound_property($property,$base = '',$namespace = '') {
+		$x = $this->get_property_obj($property,$base,$namespace);
+		if($this->is_url($x)) {
+			$x = $this->fetch_property($x); 	
+		}
+		return $x;
+	}
+
+	function is_url($url) {
+		if(($url) && (! is_array($url)) && (strpos($url,'http') === 0)) {
+			return true;
+		}
+		return false;
+	}
+
+	function get_primary_type($base = '',$namespace = '') {
+		if(! $base)
+			$base = $this->data;
+		$x = $this->get_property_obj('type',$base,$namespace);
+		if(is_array($x)) {
+			foreach($x as $y) {
+				if(strpos($y,':') === false) {
+					return $y;
+				}
+			}
+		}
+		return $x;
+	}
+
+	function debug() {
+		$x = var_export($this,true);
+		return $x;
+	}
+
+}

Zotlabs/Lib/Apps.php

@@ -169,6 +169,14 @@ class Apps {
 			$requires = explode(',',$ret['requires']);
 			foreach($requires as $require) {
 				$require = trim(strtolower($require));
+				$config = false;
+
+				if(substr($require, 0, 7) == 'config:') {
+					$config = true;
+					$require = ltrim($require, 'config:');
+					$require = explode('=', $require);
+				}
+
 				switch($require) {
 					case 'nologin':
 						if(local_channel())
@@ -191,10 +199,13 @@ class Apps {
 							unset($ret);
 						break;
 					default:
-						if(! (local_channel() && feature_enabled(local_channel(),$require)))
+						if($config)
+							$unset = ((get_config('system', $require[0]) == $require[1]) ? false : true);
+						else
+							$unset = ((local_channel() && feature_enabled(local_channel(),$require)) ? false : true);
+						if($unset)
 							unset($ret);
 						break;
-
 				}
 			}
 		}
@@ -209,7 +220,9 @@ class Apps {
 
 	static public function translate_system_apps(&$arr) {
 		$apps = array(
-			'Site Admin' => t('Site Admin'),
+			'Apps' => t('Apps'),
+			'Cards' => t('Cards'),
+			'Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
 			'View Bookmarks' => t('View Bookmarks'),
 			'My Chatrooms' => t('My Chatrooms'),
@@ -304,8 +317,17 @@ class Apps {
 
 			if($k === 'requires') {
 				$requires = explode(',',$v);
+
 				foreach($requires as $require) {
 					$require = trim(strtolower($require));
+					$config = false;
+
+					if(substr($require, 0, 7) == 'config:') {
+						$config = true;
+						$require = ltrim($require, 'config:');
+						$require = explode('=', $require);
+					}
+
 					switch($require) {
 						case 'nologin':
 							if(local_channel())
@@ -329,10 +351,13 @@ class Apps {
 								return '';
 							break;
 						default:
-							if(! (local_channel() && feature_enabled(local_channel(),$require)))
+							if($config)
+								$unset = ((get_config('system', $require[0]) == $require[1]) ? false : true);
+							else
+								$unset = ((local_channel() && feature_enabled(local_channel(),$require)) ? false : true);
+							if($unset)
 								return '';
 							break;
-
 					}
 				}
 			}
@@ -358,6 +383,13 @@ class Apps {
 		$install_action = (($installed) ? t('Update') : t('Install'));
 		$icon = ((strpos($papp['photo'],'icon:') === 0) ? substr($papp['photo'],5) : '');
 
+		if($mode === 'navbar') {
+			return replace_macros(get_markup_template('app_nav.tpl'),array(
+				'$app' => $papp,
+				'$icon' => $icon,
+			));
+		}
+
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
@@ -371,6 +403,7 @@ class Apps {
 			'$feature' => (($papp['embed']) ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
+			'$order' => (($mode == 'nav-order') ? true : false),
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray')
 		));
@@ -539,6 +572,129 @@ class Apps {
 		return($r);
 	}
 
+	static public function app_order($uid,$apps) {
+
+		if(! $apps)
+			return $apps;
+
+		$x = (($uid) ? get_pconfig($uid,'system','app_order') : get_config('system','app_order'));
+		if(($x) && (! is_array($x))) {
+			$y = explode(',',$x);
+			$y = array_map('trim',$y);
+			$x = $y;
+		}
+
+		if(! (is_array($x) && ($x)))
+			return $apps;
+
+		$ret = [];
+		foreach($x as $xx) {
+			$y = self::find_app_in_array($xx,$apps);
+			if($y) {
+				$ret[] = $y;
+			}
+		}
+		foreach($apps as $ap) {
+			if(! self::find_app_in_array($ap['name'],$ret)) {
+				$ret[] = $ap;
+			}
+		}
+		return $ret;
+
+	}
+
+	static function find_app_in_array($name,$arr) {
+		if(! $arr)
+			return false;
+		foreach($arr as $x) {
+			if($x['name'] === $name) {
+					return $x;
+			}
+		}
+		return false;
+	}
+
+	static function moveup($uid,$guid) {
+		$syslist = array();
+		$list = self::app_list($uid, false, 'nav_featured_app');
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = self::app_encode($li);
+			}
+		}
+		self::translate_system_apps($syslist);
+
+		usort($syslist,'self::app_name_compare');
+
+		$syslist = self::app_order($uid,$syslist);
+
+		if(! $syslist)
+			return;
+
+		$newlist = [];
+
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
+		if(! $position)
+			return;
+		$dest_position = $position - 1;
+		$saved = $syslist[$dest_position];
+		$syslist[$dest_position] = $syslist[$position];
+		$syslist[$position] = $saved;
+
+		$narr = [];
+		foreach($syslist as $x) {
+			$narr[] = $x['name'];
+		}
+
+		set_pconfig($uid,'system','app_order',implode(',',$narr));
+
+	}
+
+	static function movedown($uid,$guid) {
+		$syslist = array();
+		$list = self::app_list($uid, false, 'nav_featured_app');
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = self::app_encode($li);
+			}
+		}
+		self::translate_system_apps($syslist);
+
+		usort($syslist,'self::app_name_compare');
+
+		$syslist = self::app_order($uid,$syslist);
+
+		if(! $syslist)
+			return;
+
+		$newlist = [];
+
+		foreach($syslist as $k => $li) {
+			if($li['guid'] === $guid) {
+				$position = $k;
+				break;
+			}
+		}
+		if($position >= count($syslist) - 1)
+			return;
+		$dest_position = $position + 1;
+		$saved = $syslist[$dest_position];
+		$syslist[$dest_position] = $syslist[$position];
+		$syslist[$position] = $saved;
+
+		$narr = [];
+		foreach($syslist as $x) {
+			$narr[] = $x['name'];
+		}
+
+		set_pconfig($uid,'system','app_order',implode(',',$narr));
+
+	}
 
 	static public function app_decode($s) {
 		$x = base64_decode(str_replace(array('<br />',"\r","\n",' '),array('','','',''),$s));

Zotlabs/Lib/Cache.php

@@ -9,10 +9,10 @@ namespace Zotlabs\Lib;
 class Cache {
 	public static function get($key) {
 
-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);
 
 		$r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 			
 		if ($r)
@@ -22,20 +22,20 @@ class Cache {
 		
 	public static function set($key,$value) {
 
-		$key = substr($key,0,254);
+		$hash = hash('whirlpool',$key);
 
 		$r = q("SELECT * FROM cache WHERE k = '%s' limit 1",
-			dbesc($key)
+			dbesc($hash)
 		);
 		if($r) {
 			q("UPDATE cache SET v = '%s', updated = '%s' WHERE k = '%s'",
 				dbesc($value),
 				dbesc(datetime_convert()),
-				dbesc($key));
+				dbesc($hash));
 		}
 		else {
 			q("INSERT INTO cache ( k, v, updated) VALUES ('%s','%s','%s')",
-				dbesc($key),
+				dbesc($hash),
 				dbesc($value),
 				dbesc(datetime_convert()));
 		}

Zotlabs/Lib/Config.php

@@ -53,7 +53,7 @@ class Config {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
-		if(get_config($family, $key) === false || (! self::get_from_storage($family, $key))) {
+		if(self::Get($family, $key) === false || (! self::get_from_storage($family, $key))) {
 			$ret = q("INSERT INTO config ( cat, k, v ) VALUES ( '%s', '%s', '%s' ) ",
 				dbesc($family),
 				dbesc($key),

Zotlabs/Lib/DB_Upgrade.php

@@ -10,15 +10,17 @@ class DB_Upgrade {
 
 	function __construct($db_revision) {
 
-		$update_file = 'install/' . PLATFORM_NAME . '/update.php';
+		$platform_name = System::get_platform_name();
+
+		$update_file = 'install/' . $platform_name . '/update.php';
 		if(! file_exists($update_file)) {
 			$update_file = 'install/update.php';
 			$this->config_name = 'db_version';
 			$this->func_prefix = 'update_r';
 		}
 		else {
-			$this->config_name = PLATFORM_NAME . '_db_version';
-			$this->func_prefix = PLATFORM_NAME . '_update_';
+			$this->config_name = $platform_name . '_db_version';
+			$this->func_prefix = $platform_name . '_update_';
 		}
 
 		$build = get_config('system', $this->config_name, 0);

Zotlabs/Lib/Enotify.php

@@ -130,7 +130,9 @@ class Enotify {
 	if ($params['type'] == NOTIFY_COMMENT) {
 //		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 
-		$itemlink =  $params['link'];
+		$moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false);
+
+		$itemlink = $params['link'];
 
 		// ignore like/unlike activity on posts - they probably require a separate notification preference
 
@@ -170,7 +172,6 @@ class Enotify {
 
 		xchan_query($p);
 
-
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
 		$parent_id = $p[0]['id'];
@@ -208,13 +209,21 @@ class Enotify {
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.
 
-		$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		if($moderated)
+			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		else
+			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
+		if($moderated) {
+			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
+			$hsitelink .= "<br><br>" . sprintf( t('Please visit %s to approve or reject this comment.'), '<a href="' . z_root() . '/moderate">' . z_root() . '/moderate</a>' );
+		}
+		
 	}
 
 	if ($params['type'] == NOTIFY_LIKE) {
@@ -789,7 +798,8 @@ class Enotify {
 			'url' => $item['author']['xchan_url'],
 			'photo' => $item['author']['xchan_photo_s'],
 			'when' => relative_date($item['created']), 
-			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'), 
+			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
+			'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
 			'message' => strip_tags(bbcode($itemem_text))
 		);
 

Zotlabs/Lib/JSalmon.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class JSalmon {
+
+	static function sign($data,$key_id,$key) {
+
+		$arr       = $data;
+		$data      = json_encode($data,JSON_UNESCAPED_SLASHES);
+		$data      = base64url_encode($data, false); // do not strip padding
+		$data_type = 'application/x-zot+json';
+		$encoding  = 'base64url';
+		$algorithm = 'RSA-SHA256';
+
+		$data = preg_replace('/\s+/','',$data);
+
+		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
+
+		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
+
+		$signature  = base64url_encode(rsa_sign($data . $precomputed, $key), false);
+
+		return ([
+			'signed'    => true,
+			'data'      => $data,
+			'data_type' => $data_type,
+			'encoding'  => $encoding,
+			'alg'       => $algorithm,
+			'sigs'      => [
+				'value'  => $signature,
+				'key_id' => base64url_encode($key_id)
+			]
+		]);
+
+	}
+}

Zotlabs/Lib/LDSignatures.php

@@ -0,0 +1,135 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+require_once('library/jsonld/jsonld.php');
+
+class LDSignatures {
+
+
+	static function verify($data,$pubkey) {
+
+		$ohash = self::hash(self::signable_options($data['signature']));
+		$dhash = self::hash(self::signable_data($data));
+
+		$x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+		logger('LD-verify: ' . intval($x));
+
+		return $x;
+	}
+
+	static function dopplesign(&$data,$channel) {
+	// remove for the time being - performance issues
+	//	$data['magicEnv'] = self::salmon_sign($data,$channel);
+		return self::sign($data,$channel);
+	}
+
+	static function sign($data,$channel) {
+
+		$options = [
+			'type' => 'RsaSignature2017',
+			'nonce' => random_string(64),
+			'creator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
+			'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z')
+		];
+
+		$ohash = self::hash(self::signable_options($options));
+		$dhash = self::hash(self::signable_data($data));
+		$options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey']));
+
+		$signed = array_merge([
+			'@context' => [ 
+				ACTIVITYSTREAMS_JSONLD_REV, 
+				'https://w3id.org/security/v1' ],
+			],$options);
+
+		return $signed;
+	}
+
+
+	static function signable_data($data) {
+
+		$newdata = [];
+		if($data) {
+			foreach($data as $k => $v) {
+				if(! in_array($k,[ 'signature' ])) {
+					$newdata[$k] = $v;
+				}
+			}
+		}
+		return json_encode($newdata,JSON_UNESCAPED_SLASHES);
+	}
+
+
+	static function signable_options($options) {
+
+		$newopts = [ '@context' => 'https://w3id.org/identity/v1' ];
+		if($options) {
+			foreach($options as $k => $v) {
+				if(! in_array($k,[ 'type','id','signatureValue' ])) {
+					$newopts[$k] = $v;
+				}
+			}
+		}
+		return json_encode($newopts,JSON_UNESCAPED_SLASHES);
+	}
+
+	static function hash($obj) {
+
+		return hash('sha256',self::normalise($obj));
+	}
+
+	static function normalise($data) {
+		if(is_string($data)) {
+			$data = json_decode($data);
+		}
+
+		if(! is_object($data))
+			return '';
+
+		jsonld_set_document_loader('jsonld_document_loader');
+	
+		try {
+			$d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
+		}
+		catch (\Exception $e) {
+			logger('normalise error:' . print_r($e,true));
+			logger('normalise error: ' . print_r($data,true));
+		}
+
+		return $d;
+	}
+
+	static function salmon_sign($data,$channel) {
+
+		$arr       = $data;
+		$data      = json_encode($data,JSON_UNESCAPED_SLASHES);
+		$data      = base64url_encode($data, false); // do not strip padding
+		$data_type = 'application/activity+json';
+		$encoding  = 'base64url';
+		$algorithm = 'RSA-SHA256';
+		$keyhash   = base64url_encode(z_root() . '/channel/' . $channel['channel_address']);
+
+		$data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$data);
+
+		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods
+
+		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
+
+		$signature  = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey']));
+
+		return ([
+			'id'          => $arr['id'],
+			'meData'      => $data,
+			'meDataType'  => $data_type,
+			'meEncoding'  => $encoding,
+			'meAlgorithm' => $algorithm,
+			'meCreator'   => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
+			'meSignatureValue' => $signature
+		]);
+
+	}
+
+
+
+}

Zotlabs/Lib/MarkdownSoap.php

@@ -94,7 +94,7 @@ class MarkdownSoap {
 	}
 
 	function escape($s) {
-		return htmlspecialchars($s,ENT_QUOTES);
+		return htmlspecialchars($s,ENT_QUOTES,'UTF-8',false);
 	}
 
 	static public function unescape($s) {

Zotlabs/Lib/NativeWiki.php

@@ -18,11 +18,18 @@ class NativeWiki {
 
 		if($wikis) {
 			foreach($wikis as &$w) {
+
+				$w['json_allow_cid']  = acl2json($w['allow_cid']);
+				$w['json_allow_gid']  = acl2json($w['allow_gid']);
+				$w['json_deny_cid']   = acl2json($w['deny_cid']);
+				$w['json_deny_gid']   = acl2json($w['deny_gid']);
+
 				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
 				$w['htmlName'] = escape_tags($w['rawName']);
 				$w['urlName']  = urlencode(urlencode($w['rawName']));
 				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
-				$w['lock']     = (($w['item_private'] || $w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? true : false);
+				$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
+				$w['lockstate']     = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
 			}
 		}
 		// TODO: query db for wikis the observer can access. Return with two lists, for read and write access
@@ -84,7 +91,9 @@ class NativeWiki {
 		if(! set_iconfig($arr, 'wiki', 'mimeType', $wiki['mimeType'], true)) {
 			return array('item' => null, 'success' => false);
 		}
-	
+
+		set_iconfig($arr,'wiki','typelock',$wiki['typelock'],true);
+
 		$post = item_store($arr);
 
 		$item_id = $post['item_id'];
@@ -98,6 +107,61 @@ class NativeWiki {
 		}
 	}
 
+	function update_wiki($channel_id, $observer_hash, $arr, $acl) {
+
+		$w = self::get_wiki($channel_id, $observer_hash, $arr['resource_id']);
+		$item = $w['wiki'];
+
+		if(! $item) {
+			return array('item' => null, 'success' => false);
+		}
+
+		$x = $acl->get();
+
+		$item['allow_cid']    = $x['allow_cid'];
+		$item['allow_gid']    = $x['allow_gid'];
+		$item['deny_cid']     = $x['deny_cid'];
+		$item['deny_gid']     = $x['deny_gid'];
+		$item['item_private'] = intval($acl->is_private());
+
+		$update_title = false;
+
+		if($item['title'] !== $arr['updateRawName']) {
+			$update_title = true;
+			$item['title'] = $arr['updateRawName'];
+		}
+
+		$update = item_store_update($item);
+
+		$item_id = $update['item_id'];
+
+		// update acl for any existing wiki pages
+
+		q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d where resource_type = 'nwikipage' and resource_id = '%s'",
+			dbesc($item['allow_cid']), 
+			dbesc($item['allow_gid']), 
+			dbesc($item['deny_cid']), 
+			dbesc($item['deny_gid']), 
+			dbesc($item['item_private']), 
+			dbesc($arr['resource_id'])
+		); 
+
+
+		if($update['item_id']) {
+			info( t('Wiki updated successfully'));
+			if($update_title) {
+				// Update the wiki name information using iconfig.
+				if(! set_iconfig($update['item_id'], 'wiki', 'rawName', $arr['updateRawName'], true)) {
+					return array('item' => null, 'success' => false);
+				}
+			}
+			return array('item' => $update['item'], 'item_id' => $update['item_id'], 'success' => $update['success']);
+		}
+		else {
+			return array('item' => null, 'success' => false);
+		}
+	}
+
 	static public function sync_a_wiki_item($uid,$id,$resource_id) {
 
 
@@ -108,6 +172,12 @@ class NativeWiki {
 			dbesc($resource_id)
 		);
 		if($r) {
+			$q = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s'",
+				dbesc($r[0]['resource_type'])
+			);
+			if($q) {
+				$r = array_merge($r,$q);
+			}
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
 			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
@@ -150,13 +220,15 @@ class NativeWiki {
 			// Get wiki metadata
 			$rawName  = get_iconfig($w, 'wiki', 'rawName');
 			$mimeType = get_iconfig($w, 'wiki', 'mimeType');
+			$typelock = get_iconfig($w, 'wiki', 'typelock');
 
 			return array(
-				'wiki' => $w,
-				'rawName' => $rawName,
+				'wiki'     => $w,
+				'rawName'  => $rawName,
 				'htmlName' => escape_tags($rawName),
-				'urlName' => urlencode(urlencode($rawName)),
-				'mimeType' => $mimeType
+				'urlName'  => urlencode(urlencode($rawName)),
+				'mimeType' => $mimeType,
+				'typelock' => $typelock
 			);
 		}
 	}

Zotlabs/Lib/NativeWikiPage.php

@@ -21,7 +21,7 @@ class NativeWikiPage {
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);
 
 		$r = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s' and uid = %d and item_deleted = 0 
-			$sql_extra order by created asc",
+			$sql_extra order by title asc",
 			dbesc($resource_id),
 			intval($channel_id)
 		);
@@ -44,7 +44,7 @@ class NativeWikiPage {
 					$pages[] = [
 						'resource_id' => $resource_id,
 						'title'       => escape_tags($title),
-						'url'         => urlencode(urlencode($title)),
+						'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
 						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
 					];
 				}
@@ -55,7 +55,12 @@ class NativeWikiPage {
 	}
 
 
-	static public function create_page($channel_id, $observer_hash, $name, $resource_id) {
+	static public function create_page($channel_id, $observer_hash, $name, $resource_id, $mimetype = 'text/bbcode') {
+
+		logger('mimetype: ' . $mimetype);
+
+		if(! in_array($mimetype,[ 'text/markdown','text/bbcode','text/plain','text/html' ]))
+			$mimetype = 'text/markdown';
 
 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 
@@ -68,6 +73,8 @@ class NativeWikiPage {
 		$arr = [];
 		$arr['uid']           = $channel_id;
 		$arr['author_xchan']  = $observer_hash;
+		$arr['mimetype']      = $mimetype;
+		$arr['title']         = $name;
 		$arr['resource_type'] = 'nwikipage';
 		$arr['resource_id']   = $resource_id;
 		$arr['allow_cid']     = $w['wiki']['allow_cid'];
@@ -133,8 +140,14 @@ class NativeWikiPage {
 		if($ic) {
 			foreach($ic as $c) {
 				set_iconfig($c['item_id'],'nwikipage','pagetitle',$pageNewName);
+				$ids[] = $c['item_id'];
 			}
 
+			$str_ids = implode(',', $ids);
+			q("update item set title = '%s' where id in ($str_ids)",
+				dbesc($pageNewName)
+			);
+
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
@@ -167,10 +180,11 @@ class NativeWikiPage {
 			$content = $item['body'];
 
 			return [ 
-				'content' => $content,
-				'mimeType' => $w['mimeType'], 
-				'message' => '', 
-				'success' => true
+				'content'      => $content,
+				'mimeType'     => $w['mimeType'],
+				'pageMimeType' => $item['mimetype'], 
+				'message'      => '', 
+				'success'      => true
 			];
 		}
 	
@@ -333,7 +347,6 @@ class NativeWikiPage {
 			return array('message' => t('Error reading wiki'), 'success' => false);
 		}
 
-		$mimetype = $w['mimeType'];
 	
 		// fetch the most recently saved revision. 
 
@@ -342,6 +355,8 @@ class NativeWikiPage {
 			return array('message' => t('Page not found'), 'success' => false);
 		}
 
+		$mimetype = $item['mimetype'];
+
 		// change just the fields we need to change to create a revision; 
 
 		unset($item['id']);
@@ -599,10 +614,13 @@ class NativeWikiPage {
 	}
 	
 	static public function get_file_ext($arr) {
-		if($arr['mimeType'] == 'text/bbcode')
+		if($arr['mimetype'] === 'text/bbcode')
 			return '.bb';
-		else
+		elseif($arr['mimetype'] === 'text/markdown')
 			return '.md';
+		elseif($arr['mimetype'] === 'text/plain')
+			return '.txt';
+
 	}
 	
 	// This function is derived from 

Zotlabs/Lib/PConfig.php

@@ -20,11 +20,12 @@ class PConfig {
 		if(is_null($uid) || $uid === false)
 			return false;
 
-		if(! array_key_exists($uid, \App::$config))
-			\App::$config[$uid] = array();
-
 		if(! is_array(\App::$config)) {
-			btlogger('App::$config not an array: ' . $uid);
+			btlogger('App::$config not an array');
+		}
+
+		if(! array_key_exists($uid, \App::$config)) {
+			\App::$config[$uid] = array();
 		}
 
 		if(! is_array(\App::$config[$uid])) {
@@ -119,7 +120,7 @@ class PConfig {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
-		if(get_pconfig($uid, $family, $key) === false) {
+		if(self::Get($uid, $family, $key) === false) {
 			if(! array_key_exists($uid, \App::$config))
 				\App::$config[$uid] = array();
 			if(! array_key_exists($family, \App::$config[$uid]))

Zotlabs/Lib/SConfig.php

@@ -0,0 +1,25 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+// account configuration storage is built on top of the under-utilised xconfig
+
+class SConfig {
+
+	static public function Load($server_id) {
+		return XConfig::Load('s_' . $server_id);
+	}
+
+	static public function Get($server_id,$family,$key,$default = false) {
+		return XConfig::Get('s_' . $server_id,$family,$key, $default);
+	}
+
+	static public function Set($server_id,$family,$key,$value) {
+		return XConfig::Set('s_' . $server_id,$family,$key,$value);
+	}
+
+	static public function Delete($server_id,$family,$key) {
+		return XConfig::Delete('s_' . $server_id,$family,$key);
+	}
+
+}

Zotlabs/Lib/System.php

@@ -19,6 +19,9 @@ class System {
 	static public function get_project_version() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['hide_version'])
 			return '';
+		if(is_array(\App::$config) && is_array(\App::$config['system']) && array_key_exists('std_version',\App::$config['system']))
+			return \App::$config['system']['std_version'];
+
 		return self::get_std_version();
 	}
 
@@ -54,12 +57,15 @@ class System {
 		return 'https://github.com/redmatrix/hubzilla';
 	}
 
-
-
 	static public function get_server_role() {
-		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['server_role'])
-			return \App::$config['system']['server_role'];
-		return 'standard';
+		return 'pro';
+	}
+
+
+	static public function get_zot_revision() {
+		$x = [ 'revision' => ZOT_REVISION ]; 
+		call_hooks('zot_revision',$x);
+		return $x['revision'];
 	}
 
 	static public function get_std_version() {
@@ -72,11 +78,8 @@ class System {
 
 		if(get_directory_realm() != DIRECTORY_REALM)
 			return true;
-
-		foreach(['hubzilla','zap'] as $t) {
-			if(stristr($p,$t))
-				return true;
-		}
+		if(in_array(strtolower($p),['hubzilla','zap','red']))
+			return true;
 		return false;
 	}
 }

Zotlabs/Lib/Techlevels.php

@@ -7,12 +7,12 @@ class Techlevels {
 
 	static public function levels() {
 		$techlevels = [
-			'0' => t('Beginner/Basic'),
-			'1' => t('Novice - not skilled but willing to learn'),
-			'2' => t('Intermediate - somewhat comfortable'),
-			'3' => t('Advanced - very comfortable'),
-			'4' => t('Expert - I can write computer code'),			
-			'5' => t('Wizard - I probably know more than you do')
+			'0' => t('0. Beginner/Basic'),
+			'1' => t('1. Novice - not skilled but willing to learn'),
+			'2' => t('2. Intermediate - somewhat comfortable'),
+			'3' => t('3. Advanced - very comfortable'),
+			'4' => t('4. Expert - I can write computer code'),			
+			'5' => t('5. Wizard - I probably know more than you do')
 		];
 		return $techlevels;
 	}

Zotlabs/Lib/ThreadItem.php

@@ -29,6 +29,7 @@ class ThreadItem {
 	private $visiting = false;
 	private $channel = null;
 	private $display_mode = 'normal';
+	private $reload = '';
 
 
 	public function __construct($data) {
@@ -101,10 +102,13 @@ class ThreadItem {
 		if($item['author']['xchan_network'] === 'rss')
 			$shareable = true;
 
+
 		$mode = $conv->get_mode();
 
+		$edlink = (($item['item_type'] == ITEM_TYPE_CARD) ? 'card_edit' : 'editpost');
+
 		if(local_channel() && $observer['xchan_hash'] === $item['author_xchan'])
-			$edpost = array(z_root()."/editpost/".$item['id'], t("Edit"));
+			$edpost = array(z_root() . '/' . $edlink . '/' . $item['id'], t('Edit'));
 		else
 			$edpost = false;
 
@@ -153,7 +157,7 @@ class ThreadItem {
 			$response_verbs[] = 'attendyes';
 			$response_verbs[] = 'attendno';
 			$response_verbs[] = 'attendmaybe';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$isevent = true;
 				$attend = array( t('I will attend'), t('I will not attend'), t('I might attend'));
 			}
@@ -164,7 +168,7 @@ class ThreadItem {
 			$response_verbs[] = 'agree';
 			$response_verbs[] = 'disagree';
 			$response_verbs[] = 'abstain';
-			if($this->is_commentable()) {
+			if($this->is_commentable() && $observer) {
 				$conlabels = array( t('I agree'), t('I disagree'), t('I abstain'));
 				$canvote = true;
 			}
@@ -251,8 +255,6 @@ class ThreadItem {
 			);
 		}
 
-		$server_role = get_config('system','server_role');
-
 		$has_bookmarks = false;
 		if(is_array($item['term'])) {
 			foreach($item['term'] as $t) {
@@ -265,7 +267,7 @@ class ThreadItem {
 		if(($item['obj_type'] === ACTIVITY_OBJ_EVENT) && $conv->get_profile_owner() == local_channel())
 			$has_event = true;
 
-		if($this->is_commentable()) {
+		if($this->is_commentable() && $observer) {
 			$like = array( t("I like this \x28toggle\x29"), t("like"));
 			$dislike = array( t("I don't like this \x28toggle\x29"), t("dislike"));
 		}
@@ -311,7 +313,8 @@ class ThreadItem {
 
 		$tmp_item = array(
 			'template' => $this->get_template(),
-			'mode' => $mode,			
+			'mode' => $mode,
+			'item_type' => intval($item['item_type']),			
 			'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
 			'body' => $body['html'],
 			'tags' => $body['tags'],
@@ -371,7 +374,7 @@ class ThreadItem {
 			'has_tags' => $has_tags,
 			'reactions' => $this->reactions,
 // Item toolbar buttons
-			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
+			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
 			'like'      => $like,
 			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
 			'share'     => $share,
@@ -409,8 +412,9 @@ class ThreadItem {
 			'showdislike' => $showdislike,
 			'comment' => $this->get_comment_box($indent),
 			'previewing' => ($conv->is_preview() ? true : false ),
+			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
-			'submid' => str_replace(['+','='], ['',''], base64_encode(substr($item['mid'],0,32))),
+			'submid' => str_replace(['+','='], ['',''], base64_encode($item['mid'])),
 			'thread_level' => $thread_level
 		);
 
@@ -481,6 +485,14 @@ class ThreadItem {
 		return $this->threaded;
 	}
 
+	public function set_reload($val) {
+		$this->reload = $val;
+	}
+
+	public function get_reload() {
+		return $this->reload;
+	}
+
 	public function set_commentable($val) {
 		$this->commentable = $val;
 		foreach($this->get_children() as $child)
@@ -714,11 +726,10 @@ class ThreadItem {
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
 
-
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
 			'$threaded' => $this->is_threaded(),
-			'$jsreload' => '', //(($conv->get_mode() === 'display') ? $_SESSION['return_url'] : ''),
+			'$jsreload' => $conv->reload,
 			'$type' => (($conv->get_mode() === 'channel') ? 'wall-comment' : 'net-comment'),
 			'$id' => $this->get_id(),
 			'$parent' => $this->get_id(),
@@ -736,15 +747,21 @@ class ThreadItem {
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
 			'$edimg' => t('Image'),
+			'$edatt' => t('Attach File'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
 			'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
 			'$indent' => $indent,
+			'$can_upload' => (perm_is_allowed($conv->get_profile_owner(),get_observer_hash(),'write_storage') && $conv->is_uploadable()),
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
-			'$sourceapp' => \App::$sourcename
-
+			'$sourceapp' => \App::$sourcename,
+			'$observer' => get_observer_hash(),
+			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
+			'$anonname' => [ 'anonname', t('Your full name (required)') ],
+			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
 		));
 
 		return $comment_box;

Zotlabs/Lib/ThreadStream.php

@@ -18,18 +18,21 @@ class ThreadStream {
 	private $observer = null;
 	private $writable = false;
 	private $commentable = false;
+	private $uploadable = false;
 	private $profile_owner = 0;
 	private $preview = false;
 	private $prepared_item = '';
+	public $reload = '';
 	private $cipher = 'aes256';
 
 	// $prepared_item is for use by alternate conversation structures such as photos
 	// wherein we've already prepared a top level item which doesn't look anything like
 	// a normal "post" item
 
-	public function __construct($mode, $preview, $prepared_item = '') {
+	public function __construct($mode, $preview, $uploadable, $prepared_item = '') {
 		$this->set_mode($mode);
 		$this->preview = $preview;
+		$this->uploadable = $uploadable;
 		$this->prepared_item = $prepared_item;
 		$c = ((local_channel()) ? get_pconfig(local_channel(),'system','default_cipher') : '');
 		if($c)
@@ -55,11 +58,17 @@ class ThreadStream {
 				$this->profile_owner = \App::$profile['profile_uid'];
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
 				break;
+			case 'cards':
+				$this->profile_owner = \App::$profile['profile_uid'];
+				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+				$this->reload = $_SESSION['return_url'];
+				break;
 			case 'display':
 				// in this mode we set profile_owner after initialisation (from conversation()) and then 
 				// pull some trickery which allows us to re-invoke this function afterward
 				// it's an ugly hack so @FIXME
 				$this->writable = perm_is_allowed($this->profile_owner,$ob_hash,'post_comments');
+				$this->uploadable = perm_is_allowed($this->profile_owner,$ob_hash,'write_storage');
 				break;
 			case 'page':
 				$this->profile_owner = \App::$profile['uid'];
@@ -91,6 +100,11 @@ class ThreadStream {
 		return $this->commentable;
 	}
 
+	public function is_uploadable() {
+		return $this->uploadable;
+	}
+
+
 	/**
 	 * Check if page is a preview
 	 */
@@ -158,7 +172,7 @@ class ThreadStream {
 			if(intval($item->get_data_value('item_nocomment'))) {
 				$item->set_commentable(false);
 			}
-			elseif(($this->observer) && (! $item->is_commentable())) {
+			elseif(! $item->is_commentable()) {
 				if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
 					$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
 				else

Zotlabs/Module/Acl.php

@@ -21,7 +21,7 @@ class Acl extends \Zotlabs\Web\Controller {
 
 	function init() {
 	
-		//	logger('mod_acl: ' . print_r($_REQUEST,true));
+		logger('mod_acl: ' . print_r($_REQUEST,true));
 	
 		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
 		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
@@ -33,6 +33,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		// $type = 
 		//  ''   =>  standard ACL request
 		//  'g'  =>  Groups only ACL request
+		//  'f'  =>  forums only ACL request
 		//  'c'  =>  Connections only ACL request or editor (textarea) mention request
 		// $_REQUEST['search'] contains ACL search text.
 
@@ -56,12 +57,12 @@ class Acl extends \Zotlabs\Web\Controller {
 			$search = $_REQUEST['query'];
 		}
 	
-		if( (! local_channel()) && (! ($type == 'x' || $type == 'c')))
+		if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ])))
 			killme();
 
 		$permitted = [];
 
-		if(in_array($type, [ 'm', 'a', 'c' ])) {
+		if(in_array($type, [ 'm', 'a', 'c', 'f' ])) {
 
 			// These queries require permission checking. We'll create a simple array of xchan_hash for those with
 			// the requisite permissions which we can check against. 
@@ -154,7 +155,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-		if($type == '' || $type == 'c') {
+		if($type == '' || $type == 'c' || $type === 'f') {
 
 			$extra_channels_sql  = ''; 
 
@@ -307,7 +308,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					$contacts[] = array(
 						"photo"    => $g['photo'],
 						"name"     => $g['name'],
-						"nick"     => $g['address'],
+						"nick"     => $g['address']
 					);
 				}
 			}
@@ -324,18 +325,24 @@ class Acl extends \Zotlabs\Web\Controller {
 			$r = array();
 	
 		if($r) {
-			foreach($r as $g){
+			foreach($r as $g) {
 	
-				// remove RSS feeds from ACLs - they are inaccessible
-				if(strpos($g['hash'],'/') && $type != 'a')
+				if(($g['network'] === 'rss') && ($type != 'a'))
 					continue;
-	
-				if(in_array($g['hash'],$permitted) && $type == 'c' && (! $noforums)) {
+
+				$g['hash'] = urlencode($g['hash']);
+				
+				if(! $g['nick']) {
+					$t = explode(' ',strtolower($g['name']));
+					$g['nick'] = $t[0] . '@';
+				}
+
+				if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) {
 					$contacts[] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
-						"name"     => $g['name'] . '+',
-						"id"	   => $g['id'] . '+',
+						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
+						"id"	   => urlencode($g['id']) . (($type === 'f') ? '' : '+'),
 						"xid"      => $g['hash'],
 						"link"     => $g['nick'],
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
@@ -344,18 +351,20 @@ class Acl extends \Zotlabs\Web\Controller {
 						"label"    => t('network')
 					);
 				}
-				$contacts[] = array(
-					"type"     => "c",
-					"photo"    => $g['micro'],
-					"name"     => $g['name'],
-					"id"	   => $g['id'],
-					"xid"      => $g['hash'],
-					"link"     => $g['nick'],
-					"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : t('RSS')),
-					"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-					"taggable" => '',
-					"label"    => '',
-				);
+				if($type !== 'f') {
+					$contacts[] = array(
+						"type"     => "c",
+						"photo"    => $g['micro'],
+						"name"     => $g['name'],
+						"id"	   => urlencode($g['id']),
+						"xid"      => $g['hash'],
+						"link"     => $g['nick'],
+						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
+						"taggable" => '',
+						"label"    => '',
+					);
+				}
 			}			
 		}
 			
@@ -412,10 +421,12 @@ class Acl extends \Zotlabs\Web\Controller {
 			$directory = find_upstream_directory($dirmode);
 			$url = $directory['url'] . '/dirsearch';
 		}
+
+		$token = get_config('system','realm_token');
 	
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
-			$query = $url . '?f=' ;
+			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
 			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
 	
 			$x = z_fetch_url($query);

Zotlabs/Module/Admin.php

@@ -52,6 +52,8 @@ class Admin extends \Zotlabs\Web\Controller {
 		 * Page content
 		 */
 
+		nav_set_selected('Admin');
+
 		$o = '';
 
 		if(argc() > 1) {
@@ -91,10 +93,10 @@ class Admin extends \Zotlabs\Web\Controller {
 			intval(ACCOUNT_BLOCKED)
 		);
 		if ($r) {
-			$accounts['total']    = array('label' => t('# Accounts'), 'val' => $r[0]['total']);
-			$accounts['blocked']  = array('label' => t('# blocked accounts'), 'val' => $r[0]['blocked']);
-			$accounts['expired']  = array('label' => t('# expired accounts'), 'val' => $r[0]['expired']);
-			$accounts['expiring'] = array('label' => t('# expiring accounts'), 'val' => $r[0]['expiring']);
+			$accounts['total']    = array('label' => t('Accounts'), 'val' => $r[0]['total']);
+			$accounts['blocked']  = array('label' => t('Blocked accounts'), 'val' => $r[0]['blocked']);
+			$accounts['expired']  = array('label' => t('Expired accounts'), 'val' => $r[0]['expired']);
+			$accounts['expiring'] = array('label' => t('Expiring accounts'), 'val' => $r[0]['expiring']);
 		}
 
 		// pending registrations
@@ -105,9 +107,9 @@ class Admin extends \Zotlabs\Web\Controller {
 		$channels = array();
 		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
 		if ($r) {
-			$channels['total']  = array('label' => t('# Channels'), 'val' => $r[0]['total']);
-			$channels['main']   = array('label' => t('# primary'), 'val' => $r[0]['main']);
-			$channels['clones'] = array('label' => t('# clones'), 'val' => $r[0]['clones']);
+			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
+			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
+			$channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']);
 		}
 
 		// We can do better, but this is a quick queue status
@@ -118,14 +120,11 @@ class Admin extends \Zotlabs\Web\Controller {
 		// If no plugins active return 0, otherwise list of plugin names
 		$plugins = (count(\App::$plugins) == 0) ? count(\App::$plugins) : \App::$plugins;
 
+		if(is_array($plugins))
+			sort($plugins);
+
 		// Could be extended to provide also other alerts to the admin
 		$alertmsg = '';
-		// annoy admin about upcoming unsupported PHP version
-		if (version_compare(PHP_VERSION, '5.4', '<')) {
-			$alertmsg = 'Your PHP version ' . PHP_VERSION . ' will not be supported with the next major release of $Projectname. You are strongly urged to upgrade to a current version.'
-				. '<br>PHP 5.3 has reached its <a href="http://php.net/eol.php" class="alert-link">End of Life (EOL)</a> in August 2014.'
-				. ' A list about current PHP versions can be found <a href="http://php.net/supported-versions.php" class="alert-link">here</a>.';
-		}
 
 		$vmaster = get_repository_version('master');
 		$vdev = get_repository_version('dev');

Zotlabs/Module/Admin/Site.php

@@ -17,7 +17,6 @@ class Site {
 		check_form_security_token_redirectOnErr('/admin/site', 'admin_site');
 
 		$sitename 			=	((x($_POST,'sitename'))			? notags(trim($_POST['sitename']))			: '');
-		$server_role 		=	((x($_POST,'server_role'))		? notags(trim($_POST['server_role']))		: 'standard');
 
 		$banner				=	((x($_POST,'banner'))			? trim($_POST['banner'])				: false);
 
@@ -63,12 +62,12 @@ class Site {
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
 		$techlevel_lock    = ((x($_POST,'techlock'))   ? intval($_POST['techlock'])   : 0);
+		$imagick_path      = ((x($_POST,'imagick_path'))   ? trim($_POST['imagick_path'])   : '');
 
 		$techlevel         = null;
 		if(array_key_exists('techlevel', $_POST))
 			$techlevel = intval($_POST['techlevel']);
 
-		set_config('system', 'server_role', $server_role);
 		set_config('system', 'feed_contacts', $feed_contacts);
 		set_config('system', 'delivery_interval', $delivery_interval);
 		set_config('system', 'delivery_batch_count', $delivery_batch_count);
@@ -84,6 +83,7 @@ class Site {
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
+		set_config('system', 'imagick_convert_path' , $imagick_path);
 
 
 		set_config('system', 'techlevel_lock', $techlevel_lock);
@@ -208,7 +208,7 @@ class Site {
 		// directory server should not be set or settable unless we are a directory client
 
 		if($dirmode == DIRECTORY_MODE_NORMAL) {
-			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s'",
+			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0",
 				intval(DIRECTORY_MODE_SECONDARY),
 				intval(DIRECTORY_MODE_PRIMARY),
 				dbesc($realm)
@@ -254,12 +254,6 @@ class Site {
 		// now invert the logic for the setting.
 		$discover_tab = (1 - $discover_tab);
 
-		$server_roles = [
-			'basic'    => t('Basic/Minimal Social Networking'),
-			'standard' => t('Standard Configuration (default)'),
-			'pro'      => t('Professional')
-		];
-
 		$techlevels = [
 			'0' => t('Beginner/Basic'),
 			'1' => t('Novice - not skilled but willing to learn'),
@@ -286,8 +280,6 @@ class Site {
 			// name, label, value, help string, extra data...
 			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
 
-			'$server_role' 		=> array('server_role', t("Server Configuration/Role"), get_config('system','server_role'),'',$server_roles),
-
 			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],
 
 			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
@@ -327,6 +319,7 @@ class Site {
 			'$delivery_interval'			=> array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
 			'$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
+			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
 			'$form_security_token' => get_form_security_token("admin_site"),

Zotlabs/Module/Appman.php

@@ -84,6 +84,20 @@ class Appman extends \Zotlabs\Web\Controller {
 		}
 
 		$channel = \App::get_channel();
+
+		if(argc() > 2) {
+			if(argv(2) === 'moveup') {
+				Zlib\Apps::moveup(local_channel(),argv(1));
+			}
+			if(argv(2) === 'movedown') {
+				Zlib\Apps::movedown(local_channel(),argv(1));
+			}
+			goaway(z_root() . '/apporder');
+		}
+
+
+
+
 		$app = null;
 		$embed = null;
 		if($_REQUEST['appid']) {

Zotlabs/Module/Apporder.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use \Zotlabs\Lib as Zlib;
+
+class Apporder extends \Zotlabs\Web\Controller {
+
+	function post() {
+
+	}
+
+	function get() {
+
+		if(! local_channel())
+			return;
+
+		nav_set_selected('Order Apps');
+
+		$syslist = array();
+		$list = Zlib\Apps::app_list(local_channel(), false, 'nav_featured_app');
+		if($list) {
+			foreach($list as $li) {
+				$syslist[] = Zlib\Apps::app_encode($li);
+			}
+		}
+		Zlib\Apps::translate_system_apps($syslist);
+
+		usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+
+		$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+
+		foreach($syslist as $app) {
+			$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+		}
+
+		return replace_macros(get_markup_template('apporder.tpl'),
+			[
+				'$header' => t('Change Order of Navigation Apps'),
+				'$desc' => t('Use arrows to move the corresponding app up or down in the display list'),
+				'$nav_apps' => $nav_apps
+			]
+		);
+	}
+}

Zotlabs/Module/Apps.php

@@ -7,6 +7,8 @@ use \Zotlabs\Lib as Zlib;
 class Apps extends \Zotlabs\Web\Controller {
 
 	function get() {
+
+		nav_set_selected('Apps');
 	
 		if(argc() == 2 && argv(1) == 'edit')
 			$mode = 'edit';

Zotlabs/Module/Attach.php

@@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
 	
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Module/Authorize.php

@@ -0,0 +1,71 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Authorize extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+
+			// workaround for HTTP-auth in CGI mode
+			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
+				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
+				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW'] = $password;
+				}
+			}
+
+
+
+
+	require_once('include/oauth2.php');
+
+	$request = \OAuth2\Request::createFromGlobals();
+	$response = new \OAuth2\Response();
+
+	// validate the authorize request
+	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
+	    $response->send();
+    	killme();
+	}
+
+	// display an authorization form
+	if (empty($_POST)) {
+
+	  return '
+<form method="post">
+  <label>Do You Authorize TestClient?</label><br />
+  <input type="submit" name="authorized" value="yes">
+  <input type="submit" name="authorized" value="no">
+</form>';
+	}
+
+	// print the authorization code if the user has authorized your client
+	$is_authorized = ($_POST['authorized'] === 'yes');
+	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
+	if ($is_authorized) {
+		// this is only here so that you get to see your code in the cURL request. Otherwise, 
+		// we'd redirect back to the client
+		$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
+		echo("SUCCESS! Authorization Code: $code");
+		
+	}
+
+	$response->send();
+	killme();
+	}
+
+}

Zotlabs/Module/Block.php

@@ -3,8 +3,6 @@ namespace Zotlabs\Module;
 
 require_once('include/items.php');
 require_once('include/conversation.php');
-require_once('include/page_widgets.php');
-
 
 class Block extends \Zotlabs\Web\Controller {
 

Zotlabs/Module/Bookmarks.php

@@ -7,6 +7,9 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 	function init() {
 		if(! local_channel())
 			return;
+
+		nav_set_selected('View Bookmarks');
+
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);
 	

Zotlabs/Module/Cal.php

@@ -69,6 +69,8 @@ class Cal extends \Zotlabs\Web\Controller {
 			notice( t('Permissions denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Calendar');
 	
 		$sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event');
 	

Zotlabs/Module/Card_edit.php

@@ -0,0 +1,138 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/acl_selectors.php');
+require_once('include/conversation.php');
+
+class Card_edit extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+
+		// Figure out which post we're editing
+		$post_id = ((argc() > 1) ? intval(argv(1)) : 0);
+
+		if(! $post_id) {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$itm = q("SELECT * FROM item WHERE id = %d and item_type = %d LIMIT 1",
+			intval($post_id),
+			intval(ITEM_TYPE_CARD)
+		);
+		if($itm) {
+			$item_id = q("select * from iconfig where cat = 'system' and k = 'CARD' and iid = %d limit 1",
+				intval($itm[0]['id'])
+			);
+			if($item_id)
+				$card_title = $item_id[0]['v'];
+		}
+		else {
+			notice( t('Item not found') . EOL);
+			return;
+		}
+
+		$owner = $itm[0]['uid'];
+		$uid = local_channel();
+
+		$observer = \App::get_observer();
+
+		$channel = channelx_by_n($owner);
+		if(! $channel) {
+			notice( t('Channel not found.') . EOL);
+			return;
+		}
+
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+
+		if(! perm_is_allowed($owner,$ob_hash,'write_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		$is_owner = (($uid && $uid == $owner) ? true : false);
+
+		$o = '';
+
+
+
+		$category = '';
+		$catsenabled = ((feature_enabled($owner,'categories')) ? 'categories' : '');
+
+		if ($catsenabled){
+		        $itm = fetch_post_tags($itm);
+	
+	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
+	
+		        foreach ($cats as $cat) {
+		                if (strlen($category))
+		                        $category .= ', ';
+		                $category .= $cat['term'];
+		        }
+		}
+
+		if($itm[0]['attach']) {
+			$j = json_decode($itm[0]['attach'],true);
+			if($j) {
+				foreach($j as $jj) {
+					$itm[0]['body'] .= "\n" . '[attachment]' . basename($jj['href']) . ',' . $jj['revision'] . '[/attachment]' . "\n";
+				}
+			}
+		}
+
+
+		$mimetype = $itm[0]['mimetype'];
+
+		$content = $itm[0]['body'];
+
+
+
+		$rp = 'cards/' . $channel['channel_address'];
+
+		$x = array(
+			'nickname' => $channel['channel_address'],
+			'bbco_autocomplete'=> 'bbcode',
+			'return_path' => $rp,
+			'webpage' => ITEM_TYPE_CARD,
+			'button' => t('Edit'),
+			'writefiles' => perm_is_allowed($owner, get_observer_hash(), 'write_pages'),
+			'weblink' => t('Insert web link'),
+			'hide_voting' => false,
+			'hide_future' => false,
+			'hide_location' => false,
+			'hide_expire' => false,
+			'showacl' => true,
+			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
+			'permissions' => $itm[0],
+			'lockstate' => (($itm[0]['allow_cid'] || $itm[0]['allow_gid'] || $itm[0]['deny_cid'] || $itm[0]['deny_gid']) ? 'lock' : 'unlock'),
+			'ptyp' => $itm[0]['type'],
+			'mimeselect' => false,
+			'mimetype' => $itm[0]['mimetype'],
+			'body' => undo_post_tagging($content),
+			'post_id' => $post_id,
+			'visitor' => true,
+			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
+			'placeholdertitle' => t('Title (optional)'),
+			'pagetitle' => $card_title,
+			'profile_uid' => (intval($channel['channel_id'])),
+			'catsenabled' => $catsenabled,
+			'category' => $category,
+			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
+		);
+
+		$editor = status_editor($a, $x);
+
+		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
+			'$title' => t('Edit Card'),
+			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
+			'$id' => $itm[0]['id'],
+			'$editor' => $editor
+		));
+
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Cards.php

@@ -0,0 +1,187 @@
+<?php
+namespace Zotlabs\Module;
+
+require_once('include/channel.php');
+require_once('include/conversation.php');
+require_once('include/acl_selectors.php');
+
+
+class Cards extends \Zotlabs\Web\Controller {
+
+	function init() {
+	
+		if(argc() > 1)
+			$which = argv(1);
+		else
+			return;
+	
+		profile_load($which);
+	
+	}
+	
+	function get($update = 0, $load = false) {
+	
+		if(observer_prohibited(true)) {
+			return login();
+		}
+
+		if(! \App::$profile) {
+			notice( t('Requested profile is not available.') . EOL );
+			\App::$error = 404;
+			return;
+		}
+
+		if(! feature_enabled(\App::$profile_uid,'cards')) {
+			return;
+		}
+
+		nav_set_selected(t('Cards'));
+
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
+
+		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
+					
+		if($category) {
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+		}
+
+
+		$which = argv(1);
+		
+		$selected_card = ((argc() > 2) ? argv(2) : '');
+
+		$_SESSION['return_url'] = \App::$query_string;
+	
+		$uid      = local_channel();
+		$owner    = \App::$profile_uid;
+		$observer = \App::get_observer();
+	
+		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
+		
+		if(! perm_is_allowed($owner,$ob_hash,'view_pages')) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+		
+		$is_owner = ($uid && $uid == $owner);
+	
+		$channel = channelx_by_n($owner);
+
+		if($channel) {
+			$channel_acl = array(
+				'allow_cid' => $channel['channel_allow_cid'],
+				'allow_gid' => $channel['channel_allow_gid'],
+				'deny_cid'  => $channel['channel_deny_cid'],
+				'deny_gid'  => $channel['channel_deny_gid']
+			);
+		}
+		else {
+			$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
+		}
+	
+
+
+		if(perm_is_allowed($owner,$ob_hash,'write_pages')) {
+
+			$x = [
+				'webpage'           => ITEM_TYPE_CARD,
+				'is_owner'          => true,
+				'content_label'     => t('Add Card'),
+				'button'            => t('Create'),
+				'nickname'          => $channel['channel_address'],
+				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+				'permissions'       => $channel_acl,
+				'showacl'           => (($is_owner) ? true : false),
+				'visitor'           => true,
+				'hide_location'     => false,
+				'hide_voting'       => false,
+				'profile_uid'       => intval($owner),
+				'mimetype'          => 'text/bbcode',
+				'mimeselect'        => false,
+				'layoutselect'      => false,
+				'expanded'          => false,
+				'novoting'          => false,
+				'catsenabled'       => feature_enabled($owner,'categories'),
+				'bbco_autocomplete' => 'bbcode',
+				'bbcode'            => true
+			];
+
+			if($_REQUEST['title'])
+				$x['title'] = $_REQUEST['title'];
+			if($_REQUEST['body'])
+				$x['body'] = $_REQUEST['body'];
+			$editor = status_editor($a,$x);
+
+		}
+		else {
+			$editor = '';
+		}
+		
+		
+		$sql_extra = item_permissions_sql($owner);
+
+		if($selected_card) {
+			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
+				dbesc($selected_card)
+			);
+			if($r) {
+				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+			}
+		}
+				
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($owner),
+			intval(ITEM_TYPE_CARD)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+
+			$parents_str = ids_to_querystr($r,'id');
+
+			$items = q("SELECT item.*, item.id AS item_id
+				FROM item
+				WHERE item.uid = %d $item_normal
+				AND item.parent IN ( %s )
+				$sql_extra $sql_extra2 ",
+				intval(\App::$profile['profile_uid']),
+				dbesc($parents_str)
+			);
+			if($items) {
+				xchan_query($items);
+				$items = fetch_post_tags($items, true);
+				$items = conv_sort($items,'updated');
+			}
+			else
+				$items = [];
+		}
+
+		$mode = 'cards';
+			
+     	$content = conversation($items,$mode,false,'traditional');
+
+		$o = replace_macros(get_markup_template('cards.tpl'), [
+			'$title' => t('Cards'),
+			'$editor' => $editor,
+			'$content' => $content,
+			'$pager' => alt_pager($a,count($items))
+		]);
+
+        return $o;
+    }
+
+}

Zotlabs/Module/Changeaddr.php

@@ -0,0 +1,88 @@
+<?php
+namespace Zotlabs\Module;
+
+
+class Changeaddr extends \Zotlabs\Web\Controller {
+
+	function post() {
+	
+		if(! local_channel())
+			return;
+	
+		if($_SESSION['delegate'])
+			return;
+	
+		if((! x($_POST,'qxz_password')) || (! strlen(trim($_POST['qxz_password']))))
+			return;
+	
+		if((! x($_POST,'verify')) || (! strlen(trim($_POST['verify']))))
+			return;
+	
+		if($_POST['verify'] !== $_SESSION['remove_account_verify'])
+			return;
+	
+	
+		$account = \App::get_account();
+		$channel = \App::get_channel();
+	
+		$x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+		if(! ($x && $x['account']))
+			return;
+	
+		if($account['account_password_changed'] > NULL_DATE) {
+			$d1 = datetime_convert('UTC','UTC','now - 48 hours');
+			if($account['account_password_changed'] > d1) {
+				notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL);
+				return;
+			}
+		}
+	
+		$new_address = trim($_POST['newname']);
+
+		if($new_address === $channel['channel_address'])
+			return;
+
+		if($new_address === 'sys') {
+			notice( t('Reserved nickname. Please choose another.') . EOL);
+			return;
+		}
+
+		if(check_webbie(array($new_address)) !== $new_address) {
+			notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL);
+			return $ret;
+		}
+
+		channel_change_address($channel,$new_address);
+
+		goaway(z_root() . '/changeaddr');
+	
+	}
+	
+	
+	function get() {
+	
+		if(! local_channel())
+			goaway(z_root());
+	
+		$channel = \App::get_channel();
+
+		$hash = random_string();
+	
+		$_SESSION['remove_account_verify'] = $hash;
+	
+		$tpl = get_markup_template('channel_rename.tpl');
+		$o .= replace_macros($tpl, array(
+			'$basedir' => z_root(),
+			'$hash' => $hash,
+			'$title' => t('Change channel nickname/address'),
+			'$desc' => array(t('WARNING: '), t('Any/all connections on other networks will be lost!')),
+			'$passwd' => t('Please enter your password for verification:'),
+			'$newname' => array('newname', t('New channel address'),$channel['channel_address'], ''),
+			'$submit' => t('Rename Channel')
+		));
+	
+		return $o;		
+	
+	}
+	
+}

Zotlabs/Module/Channel.php

@@ -92,11 +92,6 @@ class Channel extends \Zotlabs\Web\Controller {
 			// Ensure we've got a profile owner if updating.
 			\App::$profile['profile_uid'] = \App::$profile_uid = $update;
 		}
-		else {
-			if(\App::$profile['profile_uid'] == local_channel()) {
-				nav_set_selected('home');
-			}
-		}
 
 		$is_owner = (((local_channel()) && (\App::$profile['profile_uid'] == local_channel())) ? true : false);
 
@@ -119,11 +114,13 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if(! $update) {
 
+			nav_set_selected('Channel Home');
+
 			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
 
 			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
 
-			$o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
+			// $o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
 
 			if($channel && $is_owner) {
 				$channel_acl = array(
@@ -169,6 +166,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		 */
 
 		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
 		$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
 
 		if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid))
@@ -180,7 +178,12 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
 
 		if($update && $_SESSION['loadtime'])
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
@@ -188,12 +191,12 @@ class Channel extends \Zotlabs\Web\Controller {
 			$simple_update = '';
 
 		if($static && $simple_update)
-			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+			$simple_update .= " and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 
 		if(($update) && (! $load)) {
 
 			if($mid) {
-				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
+				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid . '%'),
 					intval(\App::$profile['profile_uid'])
@@ -203,7 +206,7 @@ class Channel extends \Zotlabs\Web\Controller {
 			else {
 				$r = q("SELECT distinct parent AS item_id, created from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
-					WHERE uid = %d $item_normal
+					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
 					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra
@@ -217,10 +220,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {
 
 			if(x($category)) {
-				$sql_extra .= protect_sprintf(term_query('item', $category, TERM_CATEGORY));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-				$sql_extra .= protect_sprintf(term_query('item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}
 
 			if($datequery) {
@@ -236,9 +239,9 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			if($load || ($checkjs->disabled())) {
 				if($mid) {
-					$r = q("SELECT parent AS item_id from item where mid = '%s' and uid = %d $item_normal
+					$r = q("SELECT distinct parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
-						dbesc($mid),
+						dbesc($mid . '%'),
 						intval(\App::$profile['profile_uid'])
 					);
 					if (! $r) {
@@ -325,8 +328,8 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$order' => '',
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
-				'$cats' => (($category) ? $category : ''),
-				'$tags' => (($hashtags) ? $hashtags : ''),
+				'$cats' => (($category) ? urlencode($category) : ''),
+				'$tags' => (($hashtags) ? urlencode($hashtags) : ''),
 				'$mid' => $mid,
 				'$verb' => '',
 				'$dend' => $datequery,
@@ -358,17 +361,21 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 
 		if($is_owner && $update_unseen) {
-			$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen",
-				intval(local_channel())
-			);
+			$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+			call_hooks('update_unseen',$x);
+			if($x['update'] === 'unset' || intval($x['update'])) {
+				$r = q("UPDATE item SET item_unseen = 0 where item_unseen = 1 and item_wall = 1 AND uid = %d $update_unseen",
+					intval(local_channel())
+				);
+			}
 		}
 
 
 		if($checkjs->disabled()) {
-			$o .= conversation($a,$items,'channel',$update,'traditional');
+			$o .= conversation($items,'channel',$update,'traditional');
 		}
 		else {
-			$o .= conversation($a,$items,'channel',$update,$page_mode);
+			$o .= conversation($items,'channel',$update,$page_mode);
 		}
 
 		if((! $update) || ($checkjs->disabled())) {

Zotlabs/Module/Chanview.php

@@ -102,27 +102,32 @@ class Chanview extends \Zotlabs\Web\Controller {
 		}
 
 		$is_zot = false;
+		$connected = false;
 	
 		if (\App::$poi) {
 			$url = \App::$poi['xchan_url'];
 			if(\App::$poi['xchan_network'] === 'zot') {
 				$is_zot = true;
 			}			
+			if(local_channel()) {
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1",
+					intval(local_channel()),
+					dbesc(\App::$poi['xchan_hash'])
+				);
+				if($c)
+					$connected = true;
+			}
 		}
-
+		
 		// We will load the chanview template if it's a foreign network, 
 		// just so that we can provide a connect button along with a profile
 		// photo. Chances are we can't load the remote profile into an iframe
 		// because of cross-domain security headers. So provide a link to
 		// the remote profile. 
-
+		// If we are already connected, just go to the profile.
 		// Zot channels will usually have a connect link.
-		// If it isn't zot, 'pro' members won't be able to use the connect
-		// button as it is a foreign network so just send them to the remote
-		// profile.  
-
 	
-		if($is_zot || \Zotlabs\Lib\System::get_server_role() === 'pro') {
+		if($is_zot || $connected) {
 			if($is_zot && $observer) {
 				$url = zid($url);
 			}

Zotlabs/Module/Chat.php

@@ -89,9 +89,11 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 	function get() {
 	
-		if(local_channel())
+		if(local_channel()) {
 			$channel = \App::get_channel();
-	
+			nav_set_selected('My Chatrooms');
+		}
+
 		$ob = \App::get_observer();
 		$observer = get_observer_hash();
 		if(! $observer) {

Zotlabs/Module/Cloud.php

@@ -86,12 +86,13 @@ class Cloud extends \Zotlabs\Web\Controller {
 	//	require_once('\Zotlabs\Storage/QuotaPlugin.php');
 	//	$server->addPlugin(new \Zotlabs\Storage\\QuotaPlugin($auth));
 
-		ob_start();
+//		ob_start();
 		// All we need to do now, is to fire up the server
 		$server->exec();
 
-		ob_end_flush();
-
+//		ob_end_flush();
+		if($browser->build_page)
+			construct_page();
 		killme();
 	}
 

Zotlabs/Module/Common.php

@@ -25,7 +25,7 @@ class Common extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$o = '';
 	
@@ -34,38 +34,37 @@ class Common extends \Zotlabs\Web\Controller {
 	
 		$observer_hash = get_observer_hash();
 	
-	
 		if(! perm_is_allowed(\App::$profile['profile_uid'],$observer_hash,'view_contacts')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 	
-		$o .= '<h2>' . t('Common connections') . '</h2>';
-	
 		$t = count_common_friends(\App::$profile['profile_uid'],$observer_hash);
 	
 		if(! $t) {
 			notice( t('No connections in common.') . EOL);
-			return $o;
+			return;
 		}
 	
 		$r = common_friends(\App::$profile['profile_uid'],$observer_hash);
 	
 		if($r) {
-	
-			$tpl = get_markup_template('common_friends.tpl');
-	
 			foreach($r as $rr) {
-				$o .= replace_macros($tpl,array(
-					'$url'   => $rr['xchan_url'],
-					'$name'  => $rr['xchan_name'],
-					'$photo' => $rr['xchan_photo_m'],
-					'$tags'  => ''
-				));
+				$items[] = [
+					'url'   => $rr['xchan_url'],
+					'name'  => $rr['xchan_name'],
+					'photo' => $rr['xchan_photo_m'],
+					'tags'  => ''
+				];
 			}
-	
-			$o .= cleardiv();
 		}
+
+		$tpl = get_markup_template('common_friends.tpl');
+
+		$o = replace_macros($tpl, [
+			'$title' => t('View Common Connections'),
+			'$items' => $items
+		]);
 	
 		return $o;
 	}

Zotlabs/Module/Connections.php

@@ -19,7 +19,7 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 	}
 	
-		function get() {
+	function get() {
 	
 		$sort_type = 0;
 		$o = '';
@@ -29,6 +29,8 @@ class Connections extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return login();
 		}
+
+		nav_set_selected('Connections');
 	
 		$blocked     = false;
 		$hidden      = false;
@@ -63,15 +65,14 @@ class Connections extends \Zotlabs\Web\Controller {
 					$hidden = true;
 					break;
 				case 'archived':
-					$search_flags = " and abook_archived = 1 ";
-					$head = t('Archived');
+					$search_flags = " and ( abook_archived = 1 OR abook_not_here = 1) ";
+					$head = t('Archived/Unreachable');
 					$archived = true;
 					break;
 				case 'pending':
 					$search_flags = " and abook_pending = 1 ";
 					$head = t('New');
 					$pending = true;
-					nav_set_selected('intros');
 					break;
 				case 'ifpending':
 					$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
@@ -81,7 +82,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
-						nav_set_selected('intros');
 						\App::$argv[1] = 'pending';
 					}
 					else {
@@ -91,7 +91,6 @@ class Connections extends \Zotlabs\Web\Controller {
 						\App::$argc = 1;
 						unset(\App::$argv[1]);
 					}
-					nav_set_selected('intros');
 					break;
 	//			case 'unconnected':
 	//				$search_flags = " and abook_unconnected = 1 ";
@@ -168,10 +167,10 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 	
 			'archived' => array(
-				'label' => t('Archived'),
+				'label' => t('Archived/Unreachable'),
 				'url'   => z_root() . '/connections/archived',
 				'sel'   => ($archived) ? 'active' : '',
-				'title' => t('Only show archived connections'),
+				'title' => t('Only show archived/unreachable connections'),
 			),
 	
 			'hidden' => array(
@@ -243,7 +242,8 @@ class Connections extends \Zotlabs\Web\Controller {
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
 						((intval($rr['abook_ignored'])) ? t('Ignored') : ''),
-						((intval($rr['abook_blocked'])) ? t('Blocked') : '')
+						((intval($rr['abook_blocked'])) ? t('Blocked') : ''),
+						((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '')
 					);
 	
 					foreach($status as $str) {
@@ -257,11 +257,12 @@ class Connections extends \Zotlabs\Web\Controller {
 					$contacts[] = array(
 						'img_hover' => sprintf( t('%1$s [%2$s]'),$rr['xchan_name'],$rr['xchan_url']),
 						'edit_hover' => t('Edit connection'),
+						'edit' => t('Edit'),
 						'delete_hover' => t('Delete connection'),
 						'id' => $rr['abook_id'],
 						'thumb' => $rr['xchan_photo_m'], 
 						'name' => $rr['xchan_name'],
-						'classes' => (intval($rr['abook_archived']) ? 'archived' : ''),
+						'classes' => ((intval($rr['abook_archived']) || intval($rr['abook_not_here'])) ? 'archived' : ''),
 						'link' => z_root() . '/connedit/' . $rr['abook_id'],
 						'deletelink' => z_root() . '/connedit/' . intval($rr['abook_id']) . '/drop',
 						'delete' => t('Delete'),

Zotlabs/Module/Connedit.php

@@ -248,6 +248,10 @@ class Connedit extends \Zotlabs\Web\Controller {
 			notice( t('Failed to update connection record.') . EOL);
 
 		if(! intval(\App::$poi['abook_self'])) {
+			if($new_friend) {
+				\Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); 
+			}
+
 			\Zotlabs\Daemon\Master::Summon( [ 
 				'Notifier', 
 				(($new_friend) ? 'permission_create' : 'permission_update'), 
@@ -841,7 +845,23 @@ class Connedit extends \Zotlabs\Web\Controller {
 				}
 			}
 			else
-				$locstr = t('none');
+				$locstr = $contact['xchan_url'];
+
+			$clone_warn = '';
+			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
+			if(! $clonable) {
+				$clone_warn = '<strong>';
+				$clone_warn .= ((intval($contact['abook_not_here'])) 
+					? t('This connection is unreachable from this location.')
+					: t('This connection may be unreachable from other channel locations.')
+				);
+				$clone_warn .= '</strong><br>' . t('Location independence is not supported by their network.');
+			}
+					
+
+
+			if(intval($contact['abook_not_here']) && $unclonable)
+				$not_here = t('This connection is unreachable from this location. Location independence is not supported by their network.');
 	
 			$o .= replace_macros($tpl, [
 				'$header'         => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
@@ -850,12 +870,14 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permcat_new'    => t('Add permission role'),
 				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
 				'$addr'           => $contact['xchan_addr'],
+				'$primeurl'       => $contact['xchan_url'],
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,
 				'$addr_text'      => t('This connection\'s primary address is'),
 				'$loc_text'       => t('Available locations:'),
 				'$locstr'         => $locstr,
+				'$unclonable'     => $clone_warn,
 				'$notself'        => (($self) ? '' : '1'),
 				'$self'           => (($self) ? '1' : ''),
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),

Zotlabs/Module/Dav.php

@@ -12,6 +12,9 @@ use \Sabre\DAV as SDAV;
 use \Zotlabs\Storage;
 
 require_once('include/attach.php');
+require_once('include/auth.php');
+require_once('include/security.php');
+
 
 class Dav extends \Zotlabs\Web\Controller {
 
@@ -21,22 +24,65 @@ class Dav extends \Zotlabs\Web\Controller {
 	 */
 	function init() {
 
-		// workaround for HTTP-auth in CGI mode
-		if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
- 			$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
+		foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
 
-		if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-			$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-			if(strlen($userpass)) {
-				list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
+			/* Basic authentication */
+
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
+				$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
+				if(strlen($userpass)) {
+					list($name, $password) = explode(':', $userpass);
+					$_SERVER['PHP_AUTH_USER'] = $name;
+					$_SERVER['PHP_AUTH_PW']   = $password;
+				}
+				break;
+			}
+
+			/* Signature authentication */
+
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+				if($head !== 'HTTP_AUTHORIZATION') {
+					$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+					continue;
+				}
+
+				$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+				if($sigblock) {
+					$keyId = $sigblock['keyId'];
+					if($keyId) {
+						$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+							dbesc($keyId)
+						);
+						if($r) {
+							$c = channelx_by_hash($r[0]['hubloc_hash']);
+							if($c) {
+								$a = q("select * from account where account_id = %d limit 1",
+									intval($c['channel_account_id'])
+								);
+								if($a) {
+									$record = [ 'channel' => $c, 'account' => $a[0] ];
+									$channel_login = $c['channel_id'];
+								}
+							}
+						}
+						if(! $record)
+							continue;
+
+						if($record) {
+							$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
+							if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
+								$record = null;
+							}
+							if($record['account']) {
+						        authenticate_success($record['account']);
+						        if($channel_login) {
+						            change_channel($channel_login);
+								}
+							}
+							break;
+						}
+					}
+				}
 			}
 		}
 

Zotlabs/Module/Directory.php

@@ -77,7 +77,7 @@ class Directory extends \Zotlabs\Web\Controller {
 		$pubforums = get_directory_setting($observer, 'pubforums');
 	
 		$o = '';
-		nav_set_selected('directory');
+		nav_set_selected('Directory');
 	
 		if(x($_POST,'search'))
 			$search = notags(trim($_POST['search']));
@@ -233,7 +233,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$age = '';
 							if(strlen($rr['birthday'])) {
-								if(($years = age($rr['birthday'],'UTC','')) != 0)
+								if(($years = age($rr['birthday'],'UTC','')) > 0)
 									$age = $years;
 							}
 	

Zotlabs/Module/Display.php

@@ -17,20 +17,18 @@ class Display extends \Zotlabs\Web\Controller {
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 	
-	
 		if(observer_prohibited()) {
 			notice( t('Public access denied.') . EOL);
 			return;
 		}
 	
-			
 		if(argc() > 1 && argv(1) !== 'load')
 			$item_hash = argv(1);
 	
 		if($_REQUEST['mid'])
 			$item_hash = $_REQUEST['mid'];
 
-			if(! $item_hash) {
+		if(! $item_hash) {
 			\App::$error = 404;
 			notice( t('Item not found.') . EOL);
 			return;
@@ -38,21 +36,18 @@ class Display extends \Zotlabs\Web\Controller {
 	
 		$observer_is_owner = false;
 		$updateable = false;
-	
-	
+
 		if(local_channel() && (! $update)) {
 	
 			$channel = \App::get_channel();
-	
-	
+
 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
 				'allow_gid' => $channel['channel_allow_gid'], 
 				'deny_cid' => $channel['channel_deny_cid'], 
 				'deny_gid' => $channel['channel_deny_gid']
 			); 
-	
-	
+
 			$x = array(
 				'is_owner' => true,
 				'allow_location' => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
@@ -76,7 +71,6 @@ class Display extends \Zotlabs\Web\Controller {
 			$o = '<div id="jot-popup">';
 			$o .= status_editor($a,$x);
 			$o .= '</div>';
-	
 		}
 	
 		// This page can be viewed by anybody so the query could be complicated
@@ -95,14 +89,18 @@ class Display extends \Zotlabs\Web\Controller {
 		if($decoded)
 			$item_hash = $decoded;
 
-		$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
-			dbesc($item_hash . '%'),
-			dbesc($decoded . '%')
+		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+			dbesc($item_hash . '%')
 		);
 	
 		if($r) {
 			$target_item = $r[0];
 		}
+
+		//if the item is to be moderated redirect to /moderate
+		if($target_item['item_blocked'] == ITEM_MODERATED) {
+			goaway(z_root() . '/moderate/' . $target_item['id']);
+		}
 	
 		$r = null;
 	
@@ -138,10 +136,16 @@ class Display extends \Zotlabs\Web\Controller {
 			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 	
 		if((! $update) && (! $load)) {
-	
 
-			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
-	
+			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1);
+
+			//if the target item is not a post (eg a like) we want to address its thread parent
+			$mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']);
+
+			//if we got a decoded hash we must encode it again before handing to javascript 
+			if($decoded)
+				$mid = 'b64.' . base64url_encode($mid);
+
 			$o .= '<div id="live-display"></div>' . "\r\n";
 			$o .= "<script> var profile_uid = " . ((intval(local_channel())) ? local_channel() : (-1))
 				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
@@ -173,25 +177,31 @@ class Display extends \Zotlabs\Web\Controller {
 				'$dend' => '',
 				'$dbegin' => '',
 				'$verb' => '',
-				'$mid' => $item_hash
+				'$mid' => $mid
 			));
-	
-	
+
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
+
 		}
-	
+
 		$observer_hash = get_observer_hash();
 		$item_normal = item_normal();
-	
+		$item_normal_update = item_normal_update();
+
 		$sql_extra = public_permissions_sql($observer_hash);
 
 		if(($update && $load) || ($checkjs->disabled())) {
-	
-	
+
 			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
-	
+
 			if($load || ($checkjs->disabled())) {
 				$r = null;
-	
+
 				require_once('include/channel.php');
 				$sys = get_sys_channel();
 				$sysid = $sys['channel_id'];
@@ -207,25 +217,22 @@ class Display extends \Zotlabs\Web\Controller {
 					);
 					if($r) {
 						$updateable = true;
-	
 					}
-	
 				}
 
 				if($r === null) {
-	
+
 					// in case somebody turned off public access to sys channel content using permissions
-					// make that content unsearchable by ensuring the owner_xchan can't match
-	
+					// make that content unsearchable by ensuring the owner uid can't match
+
 					if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 						$sysid = 0;
-	
-	
+
 					$r = q("SELECT item.id as item_id from item
 						WHERE mid = '%s'
 						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
 						AND item.deny_gid  = '' AND item_private = 0 ) 
-						and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+						and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 						OR uid = %d )
 						$sql_extra )
 						$item_normal
@@ -233,7 +240,6 @@ class Display extends \Zotlabs\Web\Controller {
 						dbesc($target_item['parent_mid']),
 						intval($sysid)
 					);
-	
 				}
 			}
 		}
@@ -249,7 +255,7 @@ class Display extends \Zotlabs\Web\Controller {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
 					and parent_mid = '%s'
-					$item_normal
+					$item_normal_update
 					$simple_update
 					limit 1",
 					intval(local_channel()),
@@ -265,15 +271,15 @@ class Display extends \Zotlabs\Web\Controller {
 				// make that content unsearchable by ensuring the owner_xchan can't match
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
 					$sysid = 0;
-	
+
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE parent_mid = '%s'
 					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
 					AND item.deny_gid  = '' AND item_private = 0 ) 
-					and owner_xchan in ( " . stream_perms_xchans(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
 					OR uid = %d )
 					$sql_extra )
-					$item_normal
+					$item_normal_update
 					$simple_update
 					limit 1",
 					dbesc($target_item['parent_mid']),
@@ -288,10 +294,8 @@ class Display extends \Zotlabs\Web\Controller {
 		}
 	
 		if($r) {
-	
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
-	
 				$items = q("SELECT item.*, item.id AS item_id 
 					FROM item
 					WHERE parent in ( %s ) $item_normal ",
@@ -302,18 +306,18 @@ class Display extends \Zotlabs\Web\Controller {
 				$items = fetch_post_tags($items,true);
 				$items = conv_sort($items,'created');
 			}
-		} else {
+		}
+		else {
 			$items = array();
 		}
 	
-	
 		if ($checkjs->disabled()) {
-			$o .= conversation($a, $items, 'display', $update, 'traditional');
+			$o .= conversation($items, 'display', $update, 'traditional');
 			if ($items[0]['title'])
 				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
 		} 
 		else {
-			$o .= conversation($a, $items, 'display', $update, 'client');
+			$o .= conversation($items, 'display', $update, 'client');
 		}
 	
 		if($updateable) {
@@ -324,17 +328,13 @@ class Display extends \Zotlabs\Web\Controller {
 		}
 
 		$o .= '<div id="content-complete"></div>';
-	
-		return $o;
-	
-	
-	/*
-		elseif((! $update) && (!  {
+
+		if((($update && $load) || $checkjs->disabled()) && (! $items))  {
 			
-			$r = q("SELECT id, item_flags FROM item WHERE id = '%s' OR mid = '%s' LIMIT 1",
-				dbesc($item_hash),
+			$r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1",
 				dbesc($item_hash)
 			);
+
 			if($r) {
 				if(intval($r[0]['item_deleted'])) {
 					notice( t('Item has been removed.') . EOL );
@@ -348,8 +348,9 @@ class Display extends \Zotlabs\Web\Controller {
 			}
 	
 		}
-	*/
+
+		return $o;
+
 	}
-	
-	
+
 }

Zotlabs/Module/Editpost.php

@@ -39,6 +39,11 @@ class Editpost extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		if($itm[0]['resource_type'] === 'photo' && $itm[0]['resource_id']) {
+			notice( t('Item is not editable') . EOL);
+			return;
+		}
+
 		if($itm[0]['resource_type'] === 'event' && $itm[0]['resource_id']) {
 			goaway(z_root() . '/events/' . $itm[0]['resource_id'] . '?expandform=1');
 		}

Zotlabs/Module/Editwebpage.php

@@ -112,7 +112,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			intval($itm[0]['id'])
 		);
 		if($item_id)
-			$page_title = $item_id[0]['v'];
+			$page_title = urldecode($item_id[0]['v']);
 
 		$mimetype = $itm[0]['mimetype'];
 

Zotlabs/Module/Events.php

@@ -272,7 +272,7 @@ class Events extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		nav_set_selected('all_events');
+		nav_set_selected('Events');
 	
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",

Zotlabs/Module/File_upload.php

@@ -34,10 +34,26 @@ class File_upload extends \Zotlabs\Web\Controller {
 		$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
 
 		if($_REQUEST['filename']) {
-			$r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
+			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
+			if($r['success']) {
+				$hash = $r['data']['hash'];
+
+				$sync = attach_export_data($channel,$hash);
+				if($sync) {
+					build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+				}
+				goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']);
+
+			}
 		}
 		else {
-			$r = attach_store($channel,get_observer_hash(), '', $_REQUEST);
+			$r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
+			if($r['success']) {
+				$sync = attach_export_data($channel,$r['data']['hash']);
+				if($sync)
+					build_sync_packet($channel['channel_id'],array('file' => array($sync)));
+
+			}
 		}
 		goaway(z_root() . '/' . $_REQUEST['return_url']);
 	

Zotlabs/Module/Filestorage.php

@@ -5,14 +5,6 @@ namespace Zotlabs\Module;
  *
  */
 
-require_once('include/attach.php');
-
-
-/**
- *
- * @param object &$a
- */
-
 class Filestorage extends \Zotlabs\Web\Controller {
 
 	function post() {
@@ -26,7 +18,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 		$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
 		$resource = ((x($_POST, 'filehash')) ? notags($_POST['filehash']) : '');
-		$notify = ((x($_POST, 'notify')) ? intval($_POST['notify']) : 0);
+		$notify = ((x($_POST, 'notify_edit')) ? intval($_POST['notify_edit']) : 0);
 
 		if(! $resource) {
 			notice(t('Item not found.') . EOL);
@@ -36,19 +28,19 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		$channel = \App::get_channel();
 
 		$acl = new \Zotlabs\Access\AccessList($channel);
-		$acl->set_from_array($_REQUEST);
+		$acl->set_from_array($_POST);
 		$x = $acl->get();
 
-		$cloudPath = get_parent_cloudpath($channel_id, $channel['channel_address'], $resource);
+		$url = get_cloud_url($channel_id, $channel['channel_address'], $resource);
 
 		//get the object before permissions change so we can catch eventual former allowed members
-		$object = get_file_activity_object($channel_id, $resource, $cloudPath);
+		$object = get_file_activity_object($channel_id, $resource, $url);
 
 		attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
 
 		file_activity($channel_id, $object, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], 'post', $notify);
 
-		goaway($cloudPath);
+		goaway(dirname($url));
 	}
 
 	function get() {
@@ -107,11 +99,11 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$f = $r[0];
 			$channel = \App::get_channel();
 
-			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
+			$url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			attach_delete($owner, $f['hash']);
 
-			goaway($parentpath);
+			goaway(dirname($url));
 		}
 
 		if(argc() > 3 && argv(3) === 'edit') {
@@ -131,7 +123,6 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			$channel = \App::get_channel();
 
 			$cloudpath = get_cloudpath($f);
-			$parentpath = get_parent_cloudpath($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			$aclselect_e = populate_acl($f, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage'));
 			$is_a_dir = (intval($f['is_dir']) ? true : false);
@@ -146,7 +137,6 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				'$header' => t('Edit file permissions'),
 				'$file' => $f,
 				'$cloudpath' => z_root() . '/' . $encoded_path,
-				'$parentpath' => $parentpath,
 				'$uid' => $channel['channel_id'],
 				'$channelnick' => $channel['channel_address'],
 				'$permissions' => t('Permissions'),
@@ -165,7 +155,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				'$submit' => t('Submit'),
 				'$attach_btn_title' => t('Share this file'),
 				'$link_btn_title' => t('Show URL to this file'),
-				'$notify' => array('notify', t('Notify your contacts about this file'), 0, '', array(t('No'), t('Yes'))),
+				'$notify' => array('notify_edit', t('Show in your contacts shared folder'), 0, '', array(t('No'), t('Yes'))),
 			));
 
 			echo $o;

Zotlabs/Module/Getfile.php

@@ -35,6 +35,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 		$sig      = $_POST['signature'];
 		$resource = $_POST['resource'];
 		$revision = intval($_POST['revision']);
+		$resolution = (-1);
 	
 		if(! $hash)
 			killme();
@@ -46,6 +47,11 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 	
+		if(substr($resource,-2,1) == '-') {
+			$resolution = intval(substr($resource,-1,1));
+			$resource = substr($resource,0,-2);
+		}			
+
 		$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
 		if($slop < 1)
 			$slop = 3;
@@ -63,6 +69,35 @@ class Getfile extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		
+
+		if($resolution > 0) {
+			$r = q("select * from photo where resource_id = '%s' and uid = %d limit 1",
+				dbesc($resource),
+				intval($channel['channel_id'])
+			);
+			if($r) {
+				header('Content-type: ' . $r[0]['mimetype']);
+
+				if(intval($r[0]['os_storage'])) {
+					$fname = dbunescbin($r[0]['content']);
+					if(strpos($fname,'store') !== false)
+						$istream = fopen($fname,'rb');
+					else
+						$istream = fopen('store/' . $channel['channel_address'] . '/' . $fname,'rb');
+					$ostream = fopen('php://output','wb');
+					if($istream && $ostream) {
+						pipe_streams($istream,$ostream);
+						fclose($istream);
+						fclose($ostream);
+					}
+				}
+				else {
+					echo dbunescbin($r[0]['content']);
+				}
+			}			
+			killme();
+		}
+
 		$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
 	
 		if(! $r['success']) {
@@ -73,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 			
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Module/Group.php

@@ -56,6 +56,7 @@ class Group extends \Zotlabs\Web\Controller {
 				);
 				if($r)
 					info( t('Privacy group updated.') . EOL );
+				build_sync_packet(local_channel(),null,true);
 			}
 	
 			goaway(z_root() . '/group/' . argv(1) . '/' . argv(2));
@@ -63,7 +64,8 @@ class Group extends \Zotlabs\Web\Controller {
 		return;	
 	}
 	
-		function get() {
+	function get() {
+
 		$change = false;
 	
 		logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG);

Zotlabs/Module/Hcard.php

@@ -14,6 +14,8 @@ class Hcard extends \Zotlabs\Web\Controller {
 	        return;
 	    }
 	
+		logger('hcard_request: ' . $which, LOGGER_DEBUG);
+
 	    $profile = '';
 	    $channel = \App::get_channel();
 	

Zotlabs/Module/Help.php

@@ -15,7 +15,7 @@ require_once('include/help.php');
 class Help extends \Zotlabs\Web\Controller {
 
 	function get() {
-		nav_set_selected('help');
+		nav_set_selected('Help');
 
 		if($_REQUEST['search']) {
 			$o .= '<div id="help-content" class="generic-content-wrapper">';
@@ -44,42 +44,42 @@ class Help extends \Zotlabs\Web\Controller {
 
 			return $o;
 		}
-                
-                
-                if(argc() > 2 && argv(argc()-2) === 'assets') {
-                        $path = '';
-                        for($x = 1; $x < argc(); $x ++) {
-                                if(strlen($path))
-                                        $path .= '/';
-                                $path .= argv($x);
-                        }
-                        $realpath = 'doc/' . $path;
-                         //Set the content-type header as appropriate
-                        $imageInfo = getimagesize($realpath);
-                        switch ($imageInfo[2]) {
-                            case IMAGETYPE_JPEG:
-                                header("Content-Type: image/jpeg");
-                                break;
-                            case IMAGETYPE_GIF:
-                                header("Content-Type: image/gif");
-                                break;
-                            case IMAGETYPE_PNG:
-                                header("Content-Type: image/png");
-                                break;
-                           default:
-                                break;
-                        }
-                        header("Content-Length: " . filesize($realpath));
+				
+				
+		if(argc() > 2 && argv(argc()-2) === 'assets') {
+			$path = '';
+			for($x = 1; $x < argc(); $x ++) {
+				if(strlen($path))
+					$path .= '/';
+				$path .= argv($x);
+			}
+			$realpath = 'doc/' . $path;
+			 //Set the content-type header as appropriate
+			$imageInfo = getimagesize($realpath);
+			switch ($imageInfo[2]) {
+				case IMAGETYPE_JPEG:
+					header("Content-Type: image/jpeg");
+					break;
+				case IMAGETYPE_GIF:
+					header("Content-Type: image/gif");
+					break;
+				case IMAGETYPE_PNG:
+					header("Content-Type: image/png");
+					break;
+			   default:
+					break;
+			}
+			header("Content-Length: " . filesize($realpath));
 
-                        // dump the picture and stop the script
-                        readfile($realpath);
-                        killme();
-                }
+			// dump the picture and stop the script
+			readfile($realpath);
+			killme();
+		}
 
 		$headings = [
-			'about' => t('About'),
-			'member' => t('Members'),
-			'admin' => t('Administrators'),
+			'about'     => t('About'),
+			'member'    => t('Members'),
+			'admin'     => t('Administrators'),
 			'developer' => t('Developers'),
 			'tutorials' => t('Tutorials')
 		];
@@ -87,13 +87,16 @@ class Help extends \Zotlabs\Web\Controller {
 		if(array_key_exists(argv(1), $headings))
 			$heading = $headings[argv(1)];
 
-                $content =  get_help_content();
+		$content =  get_help_content();
+		
+		$language = determine_help_language()['language'];
 
 		return replace_macros(get_markup_template('help.tpl'), array(
-			'$title' => t('$Projectname Documentation'),
+			'$title'      => t('$Projectname Documentation'),
 			'$tocHeading' => t('Contents'),
-			'$content' => $content,
-			'$heading' => $heading
+			'$content'    => $content,
+			'$heading'    => $heading,
+			'$language'   => $language
 		));
 	}
 

Zotlabs/Module/Import.php

@@ -121,8 +121,7 @@ class Import extends \Zotlabs\Web\Controller {
 				$t = sprintf( t('Warning: Database versions differ by %1$d updates.'), $v2 - $v1 );
 				notice($t);
 			}
-			if(array_key_exists('server_role',$data['compatibility']) && $data['compatibility']['server_role'] == 'basic')
-				$moving = true;
+
 		}
 
 		if($moving)
@@ -279,20 +278,31 @@ class Import extends \Zotlabs\Web\Controller {
 				create_table_from_array('xchan',$xchan);
 
 				require_once('include/photo/photo_driver.php');
-				$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
-				if($photos[4])
-					$photodate = NULL_DATE;
-				else
-					$photodate = $xchan['xchan_photo_date'];
 
-				$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
-					dbesc($photos[0]),
-					dbesc($photos[1]),
-					dbesc($photos[2]),
-					dbesc($photos[3]),
-					dbesc($photodate),
-					dbesc($xchan['xchan_hash'])
-				);
+				if($xchan['xchan_hash'] === $channel['channel_hash']) {
+					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s' where xchan_hash = '%s'",
+						dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']),
+						dbesc($xchan['xchan_hash'])
+					);
+				}
+				else {
+					$photos = import_xchan_photo($xchan['xchan_photo_l'],$xchan['xchan_hash']);
+					if($photos[4])
+						$photodate = NULL_DATE;
+					else
+						$photodate = $xchan['xchan_photo_date'];
+
+					$r = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s', xchan_photo_date = '%s' where xchan_hash = '%s'",
+						dbesc($photos[0]),
+						dbesc($photos[1]),
+						dbesc($photos[2]),
+						dbesc($photos[3]),
+						dbesc($photodate),
+						dbesc($xchan['xchan_hash'])
+					);
+				}
 			}
 
 			logger('import step 7');
@@ -333,6 +343,10 @@ class Import extends \Zotlabs\Web\Controller {
 					$abook['abook_feed']        = (($abook['abook_flags'] & 0x0100 ) ? 1 : 0);
 				}
 
+				if(array_key_exists('abook_instance',$abook) && $abook['abook_instance'] && strpos($abook['abook_instance'],z_root()) === false) {
+					$abook['abook_not_here'] = 1;
+				} 
+
 				if($abook['abook_self']) {
 					$role = get_pconfig($channel['channel_id'],'system','permissions_role');
 					if(($role === 'forum') || ($abook['abook_my_perms'] & PERMS_W_TAGWALL)) {

Zotlabs/Module/Invite.php

@@ -49,7 +49,7 @@ class Invite extends \Zotlabs\Web\Controller {
 			if(! $recip)
 				continue;
 	
-			if(! valid_email($recip)) {
+			if(! validate_email($recip)) {
 				notice(  sprintf( t('%s : Not a valid email address.'), $recip) . EOL);
 				continue;
 			}
@@ -88,12 +88,14 @@ class Invite extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Invite');
 	
 		$tpl = get_markup_template('invite.tpl');
 		$invonly = false;

Zotlabs/Module/Item.php

@@ -33,7 +33,7 @@ class Item extends \Zotlabs\Web\Controller {
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.
 	
-		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
+		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
 			return;
 
 		$uid = local_channel();
@@ -77,7 +77,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		call_hooks('post_local_start', $_REQUEST);
 	
-	//	 logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+		// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
 	
 		$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
 	
@@ -205,10 +205,29 @@ class Item extends \Zotlabs\Web\Controller {
 			$route = $parent_item['route'];
 	
 		}
+
+		$moderated = false;
 	
-		if(! $observer)
+		if(! $observer) {
 			$observer = \App::get_observer();
+			if(! $observer) {
+				$observer = anon_identity_init($_REQUEST);
+				if($observer) {
+					$moderated = true;
+					$remote_xchan = $remote_observer = $observer;
+				}
+			}
+		} 			
 	
+		if(! $observer) {
+			notice( t('Permission denied.') . EOL) ;
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'permission denied' ] );	
+			if(x($_REQUEST,'return')) 
+				goaway(z_root() . "/" . $return_path );
+			killme();
+		}
+
 		if($parent) {
 			logger('mod_item: item_post parent=' . $parent);
 			$can_comment = false;
@@ -312,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$walltowall = false;
 		$walltowall_comment = false;
 	
-		if($remote_xchan)
+		if($remote_xchan && ! $moderated)
 			$observer = $remote_observer;
 	
 		if($observer) {
@@ -615,7 +634,7 @@ class Item extends \Zotlabs\Web\Controller {
 					$attach_link = '';
 					$hash = substr($mtch,0,strpos($mtch,','));
 					$rev = intval(substr($mtch,strpos($mtch,',')));
-					$r = attach_by_hash_nodata($hash,$rev);
+					$r = attach_by_hash_nodata($hash, $observer['xchan_hash'], $rev);
 					if($r['success']) {
 						$attachments[] = array(
 							'href'     => z_root() . '/attach/' . $r['data']['hash'],
@@ -640,14 +659,23 @@ class Item extends \Zotlabs\Web\Controller {
 	// BBCODE end alert
 	
 		if(strlen($categories)) {
+
 			$cats = explode(',',$categories);
 			foreach($cats as $cat) {
+
+				if($webpage == ITEM_TYPE_CARD) {
+					$catlink = z_root() . '/cards/' . $channel['channel_address'] . '?f=&cat=' . urlencode(trim($cat));
+				}
+				else {
+					$catlink = $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat));
+				}
+
 				$post_tags[] = array(
 					'uid'   => $profile_uid, 
 					'ttype' => TERM_CATEGORY,
 					'otype' => TERM_OBJ_POST,
 					'term'  => trim($cat),
-					'url'   => $owner_xchan['xchan_url'] . '?f=&cat=' . urlencode(trim($cat))
+					'url'   => $catlink
 				); 				
 			}
 		}
@@ -666,7 +694,7 @@ class Item extends \Zotlabs\Web\Controller {
 				foreach($t as $t1) {
 					$post_tags[] = array(
 						'uid'   => $profile_uid, 
-						'ttype' => $t1['type'],
+						'ttype' => $t1['ttype'],
 						'otype' => TERM_OBJ_POST,
 						'term'  => $t1['term'],
 						'url'   => $t1['url'],
@@ -715,7 +743,9 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		if($parent_item)
 			$parent_mid = $parent_item['mid'];
-	
+
+
+
 		// Fallback so that we alway have a thr_parent
 	
 		if(!$thr_parent)
@@ -725,6 +755,21 @@ class Item extends \Zotlabs\Web\Controller {
 
 		$item_thread_top = ((! $parent) ? 1 : 0);
 	
+
+		// fix permalinks for cards
+	
+		if($webpage == ITEM_TYPE_CARD) {
+			$plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . (($pagetitle) ? $pagetitle : substr($mid,0,16));
+		}
+		if(($parent_item) && ($parent_item['item_type'] == ITEM_TYPE_CARD)) {
+			$r = q("select v from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.iid = %d limit 1",
+				intval($parent_item['id'])
+			);
+			if($r) {
+				$plink = z_root() . '/cards/' . $channel['channel_address'] . '/' . $r[0]['v'];
+			}
+		}
+
 		if ((! $plink) && ($item_thread_top)) {
 			$plink = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $mid;
 		}
@@ -799,7 +844,7 @@ class Item extends \Zotlabs\Web\Controller {
 			$datarray['owner'] = $owner_xchan;
 			$datarray['author'] = $observer;
 			$datarray['attach'] = json_encode($datarray['attach']);
-			$o = conversation($a,array($datarray),'search',false,'preview');
+			$o = conversation(array($datarray),'search',false,'preview');
 	//		logger('preview: ' . $o, LOGGER_DEBUG);
 			echo json_encode(array('preview' => $o));
 			killme();
@@ -842,8 +887,8 @@ class Item extends \Zotlabs\Web\Controller {
 		}
 	
 	
-		if(mb_strlen($datarray['title']) > 255)
-			$datarray['title'] = mb_substr($datarray['title'],0,255);
+		if(mb_strlen($datarray['title']) > 191)
+			$datarray['title'] = mb_substr($datarray['title'],0,191);
 	
 		if($webpage) {
 			Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
@@ -909,6 +954,11 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			if($parent) {
 	
+				// prevent conversations which you are involved from being expired
+
+				if(local_channel())
+					retain_item($parent);
+
 				// only send comment notification if this is a wall-to-wall comment,
 				// otherwise it will happen during delivery
 	
@@ -996,6 +1046,10 @@ class Item extends \Zotlabs\Web\Controller {
 			\Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id));
 	
 		logger('post_complete');
+
+		if($moderated) {
+			info(t('Your comment is awaiting approval.') . EOL);
+		}
 	
 		// figure out how to return, depending on from whence we came
 	
@@ -1051,21 +1105,28 @@ class Item extends \Zotlabs\Web\Controller {
 	
 				// if this is a different page type or it's just a local delete
 				// but not by the item author or owner, do a simple deletion
-	
+
+				$complex = false;	
+
 				if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) {
 					drop_item($i[0]['id']);
 				}
 				else {
 					// complex deletion that needs to propagate and be performed in phases
 					drop_item($i[0]['id'],true,DROPITEM_PHASE1);
-					$r = q("select * from item where id = %d",
-						intval($i[0]['id'])
-					);
-					if($r) {
-						xchan_query($r);
-						$sync_item = fetch_post_tags($r);
-						build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
-					}
+					$complex = true;
+				}
+
+				$r = q("select * from item where id = %d",
+					intval($i[0]['id'])
+				);
+				if($r) {
+					xchan_query($r);
+					$sync_item = fetch_post_tags($r);
+					build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true))));
+				}
+
+				if($complex) {
 					tag_deliver($i[0]['uid'],$i[0]['id']);
 				}
 			}

Zotlabs/Module/Lang.php

@@ -5,6 +5,7 @@ namespace Zotlabs\Module;
 class Lang extends \Zotlabs\Web\Controller {
 
 	function get() {
+		nav_set_selected('Language');
 		return lang_selector();
 	}
 	

Zotlabs/Module/Like.php

@@ -255,7 +255,7 @@ class Like extends \Zotlabs\Web\Controller {
 			// get the item. Allow linked photos (which are normally hidden) to be liked
 	
 			$r = q("SELECT * FROM item WHERE id = %d 
-				and item_type = 0 and item_deleted = 0 and item_unpublished = 0 
+				and (item_type = 0 or item_type = 6) and item_deleted = 0 and item_unpublished = 0 
 				and item_delayed = 0 and item_pending_remove = 0 and item_blocked = 0 LIMIT 1",
 				intval($item_id)
 			);
@@ -373,6 +373,10 @@ class Like extends \Zotlabs\Web\Controller {
 	
 			$links = array(array('rel' => 'alternate','type' => 'text/html', 'href' => $item['plink']));
 			$objtype = (($item['resource_type'] === 'photo') ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); 
+
+			if($objtype === ACTIVITY_OBJ_NOTE && (! intval($item['item_thread_top'])))
+				$objtype = ACTIVITY_OBJ_COMMENT;
+
 	
 			$body = $item['body'];
 	
@@ -500,6 +504,11 @@ class Like extends \Zotlabs\Web\Controller {
 	
 		$post = item_store($arr);	
 		$post_id = $post['item_id'];
+
+		// save the conversation from expiration
+
+		if(local_channel() && array_key_exists('item',$post) && (intval($post['item']['id']) != intval($post['item']['parent'])))
+			retain_item($post['item']['parent']); 
 	
 		$arr['id'] = $post_id;
 	

Zotlabs/Module/Linkinfo.php

@@ -95,7 +95,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			echo $arr['text'];
 			killme();
 		}
-	
+
 		if($process_oembed) {
 			$x = oembed_process($url);
 			if($x) {

Zotlabs/Module/Logout.php

@@ -0,0 +1,12 @@
+<?php
+
+namespace Zotlabs\Module;
+
+class Logout extends \Zotlabs\Web\Controller {
+
+	function init() {
+		\App::$session->nuke();
+		goaway(z_root());
+
+	}
+}

Zotlabs/Module/Magic.php

@@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller {
 		$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
 		$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
 		$rev  = ((x($_REQUEST,'rev'))  ? intval($_REQUEST['rev'])  : 0);
+		$owa  = ((x($_REQUEST,'owa'))  ? intval($_REQUEST['owa'])  : 0);
 		$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate']  : '');
 	
 		$parsed = parse_url($dest);
@@ -132,12 +133,32 @@ class Magic extends \Zotlabs\Web\Controller {
 		if(local_channel()) {
 			$channel = \App::get_channel();
 	
+			// OpenWebAuth
+
+			if($owa) {
+
+				$headers = [];
+				$headers['Accept'] = 'application/x-zot+json' ;
+				$headers['X-Open-Web-Auth'] = random_string();
+				$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
+					'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
+				$x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
+
+				if($x['success']) {
+					$j = json_decode($x['body'],true);
+					if($j['success'] && $j['token']) {
+						$x = strpbrk($dest,'?&');
+						$args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : '');
+						
+						goaway($dest . $args);
+					}
+				}
+				goaway($dest);
+			}
+
+
 			$token = random_string();
-			$token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
-	 
-			$channel['token'] = $token;
-			$channel['token_sig'] = $token_sig;
-	
+
 			\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
 	
 			$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))

Zotlabs/Module/Mail.php

@@ -19,35 +19,43 @@ class Mail extends \Zotlabs\Web\Controller {
 		$replyto   = ((x($_REQUEST,'replyto'))      ? notags(trim($_REQUEST['replyto']))      : '');
 		$subject   = ((x($_REQUEST,'subject'))      ? notags(trim($_REQUEST['subject']))      : '');
 		$body      = ((x($_REQUEST,'body'))         ? escape_tags(trim($_REQUEST['body']))    : '');
-		$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim($_REQUEST['messageto']))    : '');
+		$recipient = ((x($_REQUEST,'messageto'))    ? notags(trim(urldecode($_REQUEST['messageto'])))    : '');
 		$rstr      = ((x($_REQUEST,'messagerecip')) ? notags(trim($_REQUEST['messagerecip'])) : '');
 		$preview   = ((x($_REQUEST,'preview'))      ? intval($_REQUEST['preview'])            : 0);
-		$expires   = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE);
+		$expires   = ((x($_REQUEST,'expires'))      ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE);
+		$raw       = ((x($_REQUEST,'raw'))          ? intval($_REQUEST['raw'])                : 0);
+		$mimetype  = ((x($_REQUEST,'mimetype'))     ? notags(trim($_REQUEST['mimetype']))     : 'text/bbcode');
 
 		if($preview) {
 
-			$body = cleanup_bbcode($body);
-			$results = linkify_tags($a, $body, local_channel());
-
-			if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
-				$attachments = array();
-				foreach($match[2] as $mtch) {
-					$hash = substr($mtch,0,strpos($mtch,','));
-					$rev = intval(substr($mtch,strpos($mtch,',')));
-					$r = attach_by_hash_nodata($hash,get_observer_hash(),$rev);
-					if($r['success']) {
-						$attachments[] = array(
-							'href'     => z_root() . '/attach/' . $r['data']['hash'],
-							'length'   =>  $r['data']['filesize'],
-							'type'     => $r['data']['filetype'],
-							'title'    => urlencode($r['data']['filename']),
-							'revision' => $r['data']['revision']
-						);
-					}
-					$body = trim(str_replace($match[1],'',$body));
-				}
+			if($raw) {
+				$body = mail_prepare_binary(['id' => 'M0']);
+				echo json_encode(['preview' => $body]);
+			}
+			else {
+				$body = cleanup_bbcode($body);
+				$results = linkify_tags($a, $body, local_channel());
+
+				if(preg_match_all('/(\[attachment\](.*?)\[\/attachment\])/',$body,$match)) {
+					$attachments = array();
+					foreach($match[2] as $mtch) {
+						$hash = substr($mtch,0,strpos($mtch,','));
+						$rev = intval(substr($mtch,strpos($mtch,',')));
+						$r = attach_by_hash_nodata($hash,get_observer_hash(),$rev);
+						if($r['success']) {
+							$attachments[] = array(
+								'href'     => z_root() . '/attach/' . $r['data']['hash'],
+								'length'   =>  $r['data']['filesize'],
+								'type'     => $r['data']['filetype'],
+								'title'    => urlencode($r['data']['filename']),
+								'revision' => $r['data']['revision']
+							);
+						}
+						$body = trim(str_replace($match[1],'',$body));
+					}
+				}
+				echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]);
 			}
-			echo json_encode(['preview' => zidify_links(smilies(bbcode($body)))]);
 			killme();
 		} 
 
@@ -102,36 +110,10 @@ class Mail extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-	//	if(feature_enabled(local_channel(),'richtext')) {
-	//		$body = fix_mce_lf($body);
-	//	}
-	
 		require_once('include/text.php');
 		linkify_tags($a, $body, local_channel());
 	
-		// I don't think this is used any more.
 
-		if($preview) {
-			$mail = [
-				'mailbox'     => 'outbox',
-				'id'          => 0,
-				'mid'         => 'M0',
-				'from_name'   => $channel['xchan_name'],
-				'from_url'    => $channel['xchan_url'],
-				'from_photo'  => $channel['xchan_photo_s'],
-				'subject'     => zidify_links(smilies(bbcode($subject))),
-				'body'        => zidify_links(smilies(bbcode($body))),
-				'attachments' => '',
-				'can_recall'  => false,
-				'is_recalled' => '',
-				'date'        => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c')
-			];
-			
-			echo replace_macros(get_markup_template('mail_conv.tpl'), [ '$mail' => $mail ] );
-			killme();
-
-		}
-	
 		if(! $recipient) {
 			notice('No recipient found.');
 			\App::$argc = 2;
@@ -141,8 +123,8 @@ class Mail extends \Zotlabs\Web\Controller {
 	
 		// We have a local_channel, let send_message use the session channel and save a lookup
 		
-		$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires);
-	
+		$ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw);
+
 		if($ret['success']) {
 			xchan_mail_query($ret['mail']);
 			build_sync_packet(0,array('conv' => array($ret['conv']),'mail' => array(encode_mail($ret['mail'],true))));
@@ -158,7 +140,7 @@ class Mail extends \Zotlabs\Web\Controller {
 	function get() {
 	
 		$o = '';
-		nav_set_selected('messages');
+		nav_set_selected('Mail');
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);

Zotlabs/Module/Manage.php

@@ -10,6 +10,8 @@ class Manage extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Channel Manager');
 	
 		require_once('include/security.php');
 	

Zotlabs/Module/Moderate.php

@@ -0,0 +1,90 @@
+<?php
+
+namespace Zotlabs\Module;
+
+require_once('include/conversation.php');
+
+
+class Moderate extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+		//show all items
+		if(argc() == 1) {
+			$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+				intval(local_channel()),
+				intval(ITEM_MODERATED)
+			);
+		}
+
+		//show a single item
+		if(argc() == 2) {
+			$post_id = intval(argv(1));
+
+			$r = q("select item.id as item_id, item.* from item where item.id = %d and item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+				intval($post_id),
+				intval(local_channel()),
+				intval(ITEM_MODERATED)
+			);
+		}
+
+		if(argc() > 2) {
+			$post_id = intval(argv(1));
+			if(! $post_id)
+				goaway(z_root() . '/moderate');
+
+			$action = argv(2);
+
+			$r = q("select * from item where uid = %d and id = %d and item_blocked = %d limit 1",
+				intval(local_channel()),
+				intval($post_id),
+				intval(ITEM_MODERATED)
+			);
+
+			if($r) {
+				if($action === 'approve') {
+					q("update item set item_blocked = 0 where uid = %d and id = %d",
+						intval(local_channel()),
+						intval($post_id)
+					);
+					notice( t('Comment approved') . EOL);
+				}
+				elseif($action === 'drop') {
+					drop_item($post_id,false);
+					notice( t('Comment deleted') . EOL);
+				} 
+			
+				$r = q("select * from item where id = %d",
+					intval($post_id)
+				);
+				if($r) {
+					xchan_query($r);
+					$sync_item = fetch_post_tags($r);
+					build_sync_packet(local_channel(),array('item' => array(encode_item($sync_item[0],true))));
+				}
+				if($action === 'approve') {
+					\Zotlabs\Daemon\Master::Summon(array('Notifier', 'comment-new', $post_id));
+				}
+				goaway(z_root() . '/moderate');
+			}
+		}
+
+		if($r) {
+			xchan_query($r);
+			$items = fetch_post_tags($r,true);
+		}
+		else {
+			$items = array();
+		}
+
+		$o = conversation($items,'moderate',false,'traditional');
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Mood.php

@@ -110,17 +110,17 @@ class Mood extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		nav_set_selected('Mood');
+
 		$parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0');
 	
-	
-	
 		$verbs = get_mood_verbs();
 	
 		$shortlist = array();

Zotlabs/Module/Network.php

@@ -44,6 +44,7 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		$channel = \App::get_channel();
 		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
 	
 		$datequery = $datequery2 = '';
 	
@@ -116,7 +117,6 @@ class Network extends \Zotlabs\Web\Controller {
 		$spam     = ((x($_GET,'spam'))  ? intval($_GET['spam'])  : 0);
 		$cmin     = ((x($_GET,'cmin'))  ? intval($_GET['cmin'])  : 0);
 		$cmax     = ((x($_GET,'cmax'))  ? intval($_GET['cmax'])  : 99);
-		$firehose = ((x($_GET,'fh'))    ? intval($_GET['fh'])    : 0);
 		$file     = ((x($_GET,'file'))  ? $_GET['file']          : '');
 		$xchan    = ((x($_GET,'xchan')) ? $_GET['xchan']         : '');
 		
@@ -154,7 +154,7 @@ class Network extends \Zotlabs\Web\Controller {
 				));
 			}
 	
-			nav_set_selected('network');
+			nav_set_selected('Grid');
 
 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
@@ -290,9 +290,6 @@ class Network extends \Zotlabs\Web\Controller {
 			// We only launch liveUpdate if you aren't filtering in some incompatible
 			// way and also you aren't writing a comment (discovered in javascript).
 	
-			if($gid || $cid || $cmin || ($cmax != 99) || $star || $liked || $conv || $spam || $nouveau || $list)
-				$firehose = 0;
-	
 			$maxheight = get_pconfig(local_channel(),'system','network_divmore_height');
 			if(! $maxheight)
 				$maxheight = 400;
@@ -315,7 +312,7 @@ class Network extends \Zotlabs\Web\Controller {
 				'$liked'   => (($liked) ? $liked : '0'),
 				'$conv'    => (($conv) ? $conv : '0'),
 				'$spam'    => (($spam) ? $spam : '0'),
-				'$fh'      => (($firehose) ? $firehose : '0'),
+				'$fh'      => '0',
 				'$nouveau' => (($nouveau) ? $nouveau : '0'),
 				'$wall'    => '0',
 				'$static'  => $static, 
@@ -325,8 +322,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$xchan'   => $xchan,
 				'$order'   => $order,
 				'$file'    => $file,
-				'$cats'    => $category,
-				'$tags'    => $hashtags,
+				'$cats'    => urlencode($category),
+				'$tags'    => urlencode($hashtags),
 				'$dend'    => $datequery,
 				'$mid'     => '',
 				'$verb'     => $verb,
@@ -409,16 +406,7 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
-	
-		if($firehose && (! get_config('system','disable_discover_tab'))) {
-			require_once('include/channel.php');
-			$sys = get_sys_channel();
-			$uids = " and item.uid  = " . intval($sys['channel_id']) . " ";
-			\App::$data['firehose'] = intval($sys['channel_id']);
-		}
-		else {
-			$uids = " and item.uid = " . local_channel() . " ";
-		}
+		$uids = " and item.uid = " . local_channel() . " ";
 	
 		if(get_pconfig(local_channel(),'system','network_list_mode'))
 			$page_mode = 'list';
@@ -490,10 +478,11 @@ class Network extends \Zotlabs\Web\Controller {
 	
 			}
 			else {
+
 				// this is an update
 				$r = q("SELECT item.parent AS item_id FROM item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
-					WHERE true $uids $item_normal $simple_update
+					WHERE true $uids $item_normal_update $simple_update
 					and (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra3 $sql_extra $sql_nets "
 				);
@@ -515,14 +504,14 @@ class Network extends \Zotlabs\Web\Controller {
 					dbesc($parents_str)
 				);
 	
-				xchan_query($items,true,(($firehose) ? local_channel() : 0));
+				xchan_query($items,true);
 				$items = fetch_post_tags($items,true);
 				$items = conv_sort($items,$ordering);
 			}
 			else {
 				$items = array();
 			}
-	
+
 			if($page_mode === 'list') {
 	
 				/**
@@ -534,24 +523,30 @@ class Network extends \Zotlabs\Web\Controller {
 	
 				if($parents_str) {
 					$update_unseen = " AND ( id IN ( " . dbesc($parents_str) . " )";
+					$update_unseen .= " AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'";
 					$update_unseen .= " OR ( parent IN ( " . dbesc($parents_str) . " ) AND verb in ( '" . dbesc(ACTIVITY_LIKE) . "','" . dbesc(ACTIVITY_DISLIKE) . "' ))) ";
 				}
 			}
 			else {
 				if($parents_str) {
-					$update_unseen = " AND parent IN ( " . dbesc($parents_str) . " )";
+					$update_unseen = " AND parent IN ( " . dbesc($parents_str) . " ) AND obj_type != '" . dbesc(ACTIVITY_OBJ_FILE) . "'";
 				}
 			}
 		}
 	
-		if(($update_unseen) && (! $firehose))
-			$r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ",
-				intval(local_channel())
-			);
+		if($update_unseen) {
+			$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+			call_hooks('update_unseen',$x);
+			if($x['update'] === 'unset' || intval($x['update'])) {
+				$r = q("UPDATE item SET item_unseen = 0 WHERE item_unseen = 1 AND uid = %d $update_unseen ",
+					intval(local_channel())
+				);
+			}
+		}
 	
 		$mode = (($nouveau) ? 'network-new' : 'network');
 	
-		$o .= conversation($a,$items,$mode,$update,$page_mode);
+		$o .= conversation($items,$mode,$update,$page_mode);
 	
 		if(($items) && (! $update))
 			$o .= alt_pager($a,count($items));

Zotlabs/Module/New_channel.php

@@ -9,7 +9,7 @@ require_once('include/permissions.php');
 class New_channel extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		$cmd = ((argc() > 1) ? argv(1) : '');
 	
 		if($cmd === 'autofill.json') {
@@ -134,7 +134,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'), "*");
 		$nickhub = '@' . \App::get_hostname();
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub), "*");
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
 	
 		$o = replace_macros(get_markup_template('new_channel.tpl'), array(
 			'$title'        => t('Create Channel'),

Zotlabs/Module/Notifications.php

@@ -12,25 +12,44 @@ class Notifications extends \Zotlabs\Web\Controller {
 			return;
 		}
 	
-		nav_set_selected('notifications');		
+		nav_set_selected('Notifications');
 	
 		$o = '';
-		
-		$r = q("SELECT * from notify where uid = %d and seen = 0 order by created desc",
+
+		$r = q("select count(*) as total from notify where uid = %d and seen = 0",
 			intval(local_channel())
 		);
+		if($r && intval($t[0]['total']) > 49) {
+			$r = q("select * from notify where uid = %d
+				and seen = 0 order by created desc limit 50",
+				intval(local_channel())
+			);
+		} else {
+			$r1 = q("select * from notify where uid = %d
+				and seen = 0 order by created desc limit 50",
+				intval(local_channel())
+			);
+			$r2 = q("select * from notify where uid = %d
+				and seen = 1 order by created desc limit %d",
+				intval(local_channel()),
+				intval(50 - intval($t[0]['total']))
+			);
+			$r = array_merge($r1,$r2);
+		}
 			
 		if($r) {
 			$notifications_available = 1;
-			foreach ($r as $it) {
-				$x = strip_tags(bbcode($it['msg']));
+			foreach ($r as $rr) {
+				$x = strip_tags(bbcode($rr['msg']));
 				if(strpos($x,','))
 					$x = substr($x,strpos($x,',')+1);
 				$notif_content .= replace_macros(get_markup_template('notify.tpl'),array(
-					'$item_link' => z_root().'/notify/view/'. $it['id'],
-					'$item_image' => $it['photo'],
+					'$item_link' => z_root().'/notify/view/'. $rr['id'],
+					'$item_image' => $rr['photo'],
 					'$item_text' => $x,
-					'$item_when' => relative_date($it['created'])
+					'$item_when' => relative_date($rr['created']),
+					'$item_seen' => (($rr['seen']) ? true : false),
+					'$new' => t('New')
 				));
 			}
 		}

Zotlabs/Module/Notify.php

@@ -15,12 +15,16 @@ class Notify extends \Zotlabs\Web\Controller {
 				intval(local_channel())
 			);
 			if($r) {
-				q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d",
-					dbesc($r[0]['parent']),
-					dbesc($r[0]['otype']),
-					dbesc($r[0]['link']),
-					intval(local_channel())
-				);
+				$x = [ 'channel_id' => local_channel(), 'update' => 'unset' ];
+				call_hooks('update_unseen',$x);
+				if($x['update'] === 'unset' || intval($x['update'])) {
+					q("update notify set seen = 1 where (( parent != '' and parent = '%s' and otype = '%s' ) or link = '%s' ) and uid = %d",
+						dbesc($r[0]['parent']),
+						dbesc($r[0]['otype']),
+						dbesc($r[0]['link']),
+						intval(local_channel())
+					);
+				}
 				goaway($r[0]['link']);
 			}
 			goaway(z_root());

Zotlabs/Module/Oembed.php

@@ -22,7 +22,7 @@ class Oembed extends \Zotlabs\Web\Controller {
 			}
 		
 			else {
-				echo "<html><head><base target=\"_blank\" /></head><body>";
+				echo "<html><head><base target=\"_blank\" rel=\"nofollow noopener\" /></head><body>";
 				$src = base64url_decode(argv(1));
 				$j = oembed_fetch_url($src);
 				echo $j['html'];

Zotlabs/Module/Oep.php

@@ -1,6 +1,8 @@
 <?php
 namespace Zotlabs\Module;
 
+require_once('include/security.php');
+
 // oembed provider
 
 
@@ -41,6 +43,8 @@ class Oep extends \Zotlabs\Web\Controller {
 			$arr = $this->oep_profile_reply($_REQUEST);
 		elseif(fnmatch('*/profile/*',$url))
 			$arr = $this->oep_profile_reply($_REQUEST);
+		elseif(fnmatch('*/cards/*',$url))
+			$arr = $this->oep_cards_reply($_REQUEST);
 	
 		if($arr) {
 			if($html) {
@@ -66,49 +70,74 @@ class Oep extends \Zotlabs\Web\Controller {
 		$url = $args['url'];
 		$maxwidth  = intval($args['maxwidth']);
 		$maxheight = intval($args['maxheight']);
-	
-		if(preg_match('#//(.*?)/(.*?)/(.*?)/(.*?)mid\=(.*?)(&|$)#',$url,$matches)) {
-			$chn = $matches[3];
-			$res = $matches[5];
+	logger('processing display');
+		if(preg_match('#//(.*?)/display/(.*?)(&|\?|$)#',$url,$matches)) {
+			$res = $matches[2];
 		}
-	
-		if(! ($chn && $res))
-			return;
-		$c = q("select * from channel where channel_address = '%s' limit 1",
-			dbesc($chn)
+
+		if(strpos($res,'b64.') === 0) {
+			$res = base64url_decode(substr($res,4));
+		}
+
+		$item_normal = item_normal();
+
+		$p = q("select * from item where mid like '%s' limit 1",
+	  		dbesc($res . '%')
 		);
-	
-		if(! $c)
+
+		if(! $p)
 			return;
+
+		$c = channelx_by_n($p[0]['uid']);
+
 	
-		$sql_extra = item_permissions_sql($c[0]['channel_id']);
+		if(! ($c && $res))
+			return;
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
+
+		$sql_extra = item_permissions_sql($c['channel_id']);
 	
-		$p = q("select * from item where mid = '%s' and uid = %d $sql_extra limit 1",
-	  		dbesc($res),
-			intval($c[0]['channel_id'])
+		$p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1",
+			dbesc($res . '%'),
+			intval($c['channel_id'])
 		);
+
 		if(! $p)
 			return;
 		
 		xchan_query($p,true);
 		$p = fetch_post_tags($p,true);
+
+		// This function can get tripped up if the item is already a reshare
+		// (the multiple share declarations do not parse cleanly if nested) 
+		// So build a template with a known nonsense string as the content, and then
+		// replace that known string with the actual rendered content, sending
+		// each content layer through bbcode() separately.
+
+		$x = '2eGriplW^*Jmf4';
+
 	        
 		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
-	            "' profile='".$p[0]['author']['xchan_url'] .
-	            "' avatar='".$p[0]['author']['xchan_photo_s'].
-	            "' link='".$p[0]['plink'].
-	            "' posted='".$p[0]['created'].
-	            "' message_id='".$p[0]['mid']."']";
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
 	    if($p[0]['title'])
-	            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
-	        $o .= $p[0]['body'];
-	        $o .= "[/share]";
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
 		$o = bbcode($o);
 	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
-		$h = (($maxheight) ? $maxheight : $w * 2 / 3);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
 	
 		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
 		
@@ -118,6 +147,91 @@ class Oep extends \Zotlabs\Web\Controller {
 		return $ret;
 	
 	}
+
+
+	function oep_cards_reply($args) {
+	
+		$ret = [];
+		$url = $args['url'];
+		$maxwidth  = intval($args['maxwidth']);
+		$maxheight = intval($args['maxheight']);
+
+		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
+			$nick = $matches[2];
+			$res = $matches[3];
+		}
+		if(! ($nick && $res))
+			return $ret; 
+
+		$channel = channelx_by_nick($nick);
+
+		if(! $channel)
+			return $ret;
+
+
+		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
+			return $ret;
+
+		$sql_extra = item_permissions_sql($channel['channel_id'],get_observer_hash());
+
+		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
+			dbesc($res)
+		);
+		if($r) {
+			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+		}
+		else {
+			return $ret;
+		}
+
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($channel['channel_id']),
+			intval(ITEM_TYPE_CARD)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+			xchan_query($r);
+			$p = fetch_post_tags($r, true);
+		}
+
+		$x = '2eGriplW^*Jmf4';
+
+	        
+		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
+	    if($p[0]['title'])
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
+		$o = bbcode($o);
+	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
+		$ret['type'] = 'rich';
+	
+		$w = (($maxwidth) ? $maxwidth : 640);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
+	
+		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
+		
+		$ret['width'] = $w;
+		$ret['height'] = $h;
+	
+		return $ret;
+	
+	}
+
 	
 	function oep_mid_reply($args) {
 	
@@ -139,6 +253,9 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
 	
 		$sql_extra = item_permissions_sql($c[0]['channel_id']);
 	
@@ -151,23 +268,33 @@ class Oep extends \Zotlabs\Web\Controller {
 		
 		xchan_query($p,true);
 		$p = fetch_post_tags($p,true);
-	        
+
+		// This function can get tripped up if the item is already a reshare
+		// (the multiple share declarations do not parse cleanly if nested) 
+		// So build a template with a known nonsense string as the content, and then
+		// replace that known string with the actual rendered content, sending
+		// each content layer through bbcode() separately.
+
+		$x = '2eGriplW^*Jmf4';
+			
 		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
-	            "' profile='".$p[0]['author']['xchan_url'] .
-	            "' avatar='".$p[0]['author']['xchan_photo_s'].
-	            "' link='".$p[0]['plink'].
-	            "' posted='".$p[0]['created'].
-	            "' message_id='".$p[0]['mid']."']";
-	    if($p[0]['title'])
-	            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
-	        $o .= $p[0]['body'];
-	        $o .= "[/share]";
+			"' profile='".$p[0]['author']['xchan_url'] .
+			"' avatar='".$p[0]['author']['xchan_photo_s'].
+			"' link='".$p[0]['plink'].
+			"' posted='".$p[0]['created'].
+			"' message_id='".$p[0]['mid']."']";
+		if($p[0]['title'])
+			$o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+		$o .= $x; 
+		$o .= "[/share]";
 		$o = bbcode($o);
 	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+
 		$ret['type'] = 'rich';
 	
 		$w = (($maxwidth) ? $maxwidth : 640);
-		$h = (($maxheight) ? $maxheight : $w * 2 / 3);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
 	
 		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
 		
@@ -247,6 +374,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -308,6 +438,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -368,7 +501,10 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
-	
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 	

Zotlabs/Module/Ofeed.php

@@ -18,7 +18,7 @@ class Ofeed extends \Zotlabs\Web\Controller {
 		$params['pages']     = ((x($_REQUEST,'pages'))      ? intval($_REQUEST['pages'])    : 0);
 		$params['top']       = ((x($_REQUEST,'top'))        ? intval($_REQUEST['top'])      : 0);
 		$params['start']     = ((x($params,'start'))        ? intval($params['start'])      : 0);
-		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 40);
+		$params['records']   = ((x($params,'records'))      ? intval($params['records'])    : 10);
 		$params['direction'] = ((x($params,'direction'))    ? dbesc($params['direction'])   : 'desc');
 		$params['cat']       = ((x($_REQUEST,'cat'))        ? escape_tags($_REQUEST['cat']) : '');
 		$params['compat']    = ((x($_REQUEST,'compat'))     ? intval($_REQUEST['compat'])   : 1);	

Zotlabs/Module/Owa.php

@@ -0,0 +1,53 @@
+<?php
+
+namespace Zotlabs\Module;
+
+/**
+ * OpenWebAuth verifier and token generator
+ * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
+ * Requests to this endpoint should be signed using HTTP Signatures
+ * using the 'Authorization: Signature' authentication method
+ * If the signature verifies a token is returned. 
+ *
+ * This token may be exchanged for an authenticated cookie. 
+ */
+
+class Owa extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		$ret = [ 'success' => false ];
+
+		foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+			if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+				if($head !== 'HTTP_AUTHORIZATION') {
+					$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+					continue;
+				}
+
+				$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+				if($sigblock) {
+					$keyId = $sigblock['keyId'];
+
+					if($keyId) {
+						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
+							where hubloc_addr = '%s' limit 1",
+							dbesc(str_replace('acct:','',$keyId))
+						);
+						if($r) {
+							$hubloc = $r[0];
+							$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
+							if($verified && $verified['header_signed'] && $verified['header_valid']) {
+								$ret['success'] = true;
+								$token = random_string(32);
+								\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+								$ret['token'] = $token;
+							}
+						}
+					}
+				}
+			}
+		}
+		json_return_and_die($ret,'application/x-zot+json');
+	}
+}

Zotlabs/Module/Page.php

@@ -3,7 +3,6 @@ namespace Zotlabs\Module;
 
 require_once('include/items.php');
 require_once('include/conversation.php');
-require_once('include/page_widgets.php');
 
 
 class Page extends \Zotlabs\Web\Controller {
@@ -43,11 +42,31 @@ class Page extends \Zotlabs\Web\Controller {
 	
 		$channel_address = argv(1);
 	
+		// Always look first for the page name prefixed by the observer language; for instance page/nickname/de/foo
+		// followed by page/nickname/foo if that is not found.
+		// If your browser language is de and you want to access the default in this case, 
+		// use page/nickname/-/foo to over-ride the language and access only the page with pagelink of 'foo'
+
+		$page_name = '';
+		$ignore_language = false;
+
+		for($x = 2; $x < argc(); $x ++) {
+			if($page_name === '' && argv($x) === '-') {
+				$ignore_language = true;
+				continue;
+			}
+			if($page_name)
+				$page_name .= '/';
+			$page_name .= argv($x);
+		}
+
+
 		// The page link title was stored in a urlencoded format
 		// php or the browser may/will have decoded it, so re-encode it for our search
 	
-		$page_id = urlencode(argv(2));
-	
+		$page_id = urlencode($page_name);
+		$lang_page_id = urlencode(\App::$language . '/' . $page_name);
+
 		$u = q("select channel_id from channel where channel_address = '%s' limit 1",
 			dbesc($channel_address)
 		);
@@ -64,16 +83,31 @@ class Page extends \Zotlabs\Web\Controller {
 	
 		require_once('include/security.php');
 		$sql_options = item_permissions_sql($u[0]['channel_id']);
-	
-		$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
-			where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
-			and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
-			OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
-			intval($u[0]['channel_id']),
-			dbesc($page_id),
-			intval(ITEM_TYPE_WEBPAGE),
-			intval(ITEM_TYPE_PDL)
-		);
+
+		$r = null;	
+
+		if(! $ignore_language) {
+			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
+				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
+				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				intval($u[0]['channel_id']),
+				dbesc($lang_page_id),
+				intval(ITEM_TYPE_WEBPAGE),
+				intval(ITEM_TYPE_PDL)
+			);
+		}
+		if(! $r) {
+			$r = q("select item.* from item left join iconfig on item.id = iconfig.iid
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 
+				and (( iconfig.k = 'WEBPAGE' and item_type = %d ) 
+				OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1",
+				intval($u[0]['channel_id']),
+				dbesc($page_id),
+				intval(ITEM_TYPE_WEBPAGE),
+				intval(ITEM_TYPE_PDL)
+			);
+		}
 		if(! $r) {
 	
 			// Check again with no permissions clause to see if it is a permissions issue

Zotlabs/Module/Pdledit.php

@@ -14,7 +14,7 @@ class Pdledit extends \Zotlabs\Web\Controller {
 
 		if(! trim($_REQUEST['content'])) {
 			del_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl');
-			goaway(z_root() . '/pdledit/' . $_REQUEST['module']);
+			goaway(z_root() . '/pdledit');
 		}
 		set_pconfig(local_channel(),'system','mod_' . $_REQUEST['module'] . '.pdl',escape_tags($_REQUEST['content']));
 		build_sync_packet();
@@ -34,19 +34,38 @@ class Pdledit extends \Zotlabs\Web\Controller {
 			notice( t('Feature disabled.') . EOL);
 			return;
 		}
-	
+
+		if(argc() > 2 && argv(2) === 'reset') {
+			del_pconfig(local_channel(),'system','mod_' . argv(1) . '.pdl');
+			goaway(z_root() . '/pdledit');
+ 		}
+
 		if(argc() > 1)
 			$module = 'mod_' . argv(1) . '.pdl';
 		else {
 			$o .= '<div class="generic-content-wrapper-styled">';
 			$o .= '<h1>' . t('Edit System Page Description') . '</h1>';
+
+			$edited = [];
+
+			$r = q("select k from pconfig where uid = %d and cat = 'system' and k like '%s' ",
+				intval(local_channel()),
+				dbesc('mod_%.pdl')
+			);
+
+			if($r) {
+				foreach($r as $rv) {
+					$edited[] = substr(str_replace('.pdl','',$rv['k']),4);
+				}
+			}
+			
 			$files = glob('Zotlabs/Module/*.php');
 			if($files) {
 				foreach($files as $f) {
 					$name = lcfirst(basename($f,'.php'));
 					$x = theme_include('mod_' . $name . '.pdl');
 					if($x) {
-						$o .= '<a href="pdledit/' . $name . '" >' . $name . '</a><br />';
+						$o .= '<a href="pdledit/' . $name . '" >' . $name . '</a>' . ((in_array($name,$edited)) ? ' ' . t('(modified)') . ' <a href="pdledit/' . $name . '/reset" >' . t('Reset') . '</a>': '' ) . '<br />';
 					}
 				}
 			}
@@ -69,6 +88,7 @@ class Pdledit extends \Zotlabs\Web\Controller {
 			'$header' => t('Edit System Page Description'),
 			'$mname' => t('Module Name:'),
 			'$help' => t('Layout Help'),
+			'$another' => t('Edit another layout'),
 			'$module' => argv(1),
 			'$content' => htmlspecialchars($t,ENT_COMPAT,'UTF-8'),
 			'$submit' => t('Submit')

Zotlabs/Module/Photo.php

@@ -154,7 +154,9 @@ class Photo extends \Zotlabs\Web\Controller {
 					intval($resolution)
 				);
 
-				if($r && $r[0]['photo_usage'] == PHOTO_COVER)
+				// viewing cover photos is allowed unless a plugin chooses to block it. 
+
+				if($r && intval($r[0]['photo_usage']) === PHOTO_COVER && $resolution >= PHOTO_RES_COVER_1200)
 					$allowed = 1;
  
 				$d = [ 'imgscale' => $resolution, 'resource_id' => $photo, 'photo' => $r, 'allowed' => $allowed ];

Zotlabs/Module/Photos.php

@@ -554,6 +554,8 @@ class Photos extends \Zotlabs\Web\Controller {
 		$sql_item = item_permissions_sql($owner_uid,get_observer_hash());
 		$sql_extra = permissions_sql($owner_uid,get_observer_hash(),'photo');
 		$sql_attach = permissions_sql($owner_uid,get_observer_hash(),'attach');
+
+		nav_set_selected('Photos');
 	
 		$o = "";
 	
@@ -669,8 +671,13 @@ class Photos extends \Zotlabs\Web\Controller {
 		 */
 	
 		if($datatype === 'album') {
-	
-			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
+
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
 
 			if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) {
 				\App::set_pager_itemspage(60);
@@ -689,7 +696,7 @@ class Photos extends \Zotlabs\Web\Controller {
 					(SELECT resource_id, max(imgscale) imgscale FROM photo left join attach on folder = '%s' and photo.resource_id = attach.hash WHERE attach.uid = %d AND imgscale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d $sql_extra GROUP BY resource_id) ph 
 					ON (p.resource_id = ph.resource_id AND p.imgscale = ph.imgscale)
 				ORDER BY created $order LIMIT %d OFFSET %d",
-				dbesc($datum),
+				dbesc($x['hash']),
 				intval($owner_uid),
 				intval(PHOTO_NORMAL),
 				intval(PHOTO_PROFILE),
@@ -763,7 +770,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				if($photos) {
 					$o = replace_macros(get_markup_template('photosajax.tpl'),array(
 						'$photos' => $photos,
-						'$album_id' => bin2hex($album)
+						'$album_id' => $datum
 					));
 				}
 				else {
@@ -1034,7 +1041,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$likebuttons = '';
 	
-				if($can_post || $can_comment) {
+				if($observer && ($can_post || $can_comment)) {
 					$likebuttons = [
 						'id'       => $link_item['id'],
 						'likethis' => t("I like this \x28toggle\x29"),
@@ -1046,7 +1053,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 				$comments = '';
 				if(! count($r)) {
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@@ -1165,7 +1172,7 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 					}
 				
-					if($can_post || $can_comment) {
+					if($observer && ($can_post || $can_comment)) {
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '',
 							'$jsreload' => $return_url,

Zotlabs/Module/Ping.php

@@ -19,6 +19,7 @@ class Ping extends \Zotlabs\Web\Controller {
 	 * @result JSON
 	 */
 	function init() {
+
 		$result = array();
 		$notifs = array();
 
@@ -36,6 +37,11 @@ class Ping extends \Zotlabs\Web\Controller {
 		$result['all_events_today'] = 0;
 		$result['notice'] = array();
 		$result['info'] = array();
+		$result['pubs'] = 0;
+		$result['files'] = 0;
+
+		if(! $_SESSION['static_loadtime'])
+			$_SESSION['static_loadtime'] = datetime_convert();
 
 		$t0 = dba_timer();
 
@@ -134,6 +140,61 @@ class Ping extends \Zotlabs\Web\Controller {
 			db_utcnow(), db_quoteinterval('3 MINUTE')
 		);
 
+		$discover_tab_on = ((get_config('system','disable_discover_tab') != 1) ? true : false);
+		$notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on);
+
+		if($notify_pubs) {
+			$sys = get_sys_channel();
+
+			$pubs = q("SELECT count(id) as total from item
+				WHERE uid = %d
+				AND author_xchan != '%s'
+				AND obj_type != '%s'
+				AND item_unseen = 1
+				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
+				$item_normal",
+				intval($sys['channel_id']),
+				dbesc(get_observer_hash()),
+				dbesc(ACTIVITY_OBJ_FILE)
+			);
+
+			if($pubs)
+				$result['pubs'] = intval($pubs[0]['total']);
+		}
+
+		if((argc() > 1) && (argv(1) === 'pubs') && ($notify_pubs)) {
+			$sys = get_sys_channel();
+			$result = array();
+
+			$r = q("SELECT * FROM item
+				WHERE uid = %d
+				AND author_xchan != '%s'
+				AND obj_type != '%s'
+				AND item_unseen = 1
+				AND created > '" . datetime_convert('UTC','UTC',$_SESSION['static_loadtime']) . "'
+				$item_normal
+				ORDER BY created DESC
+				LIMIT 300",
+				intval($sys['channel_id']),
+				dbesc(get_observer_hash()),
+				dbesc(ACTIVITY_OBJ_FILE)
+			);
+
+			if($r) {
+				xchan_query($r);
+				foreach($r as $rr) {
+					$rr['llink'] = str_replace('display/', 'pubstream/?f=&mid=', $rr['llink']);
+					$result[] = \Zotlabs\Lib\Enotify::format($rr);
+				}
+			}
+
+//			logger('ping (network||home): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
+		$t1 = dba_timer();
+
 		if((! local_channel()) || ($result['invalid'])) {
 			echo json_encode($result);
 			killme();
@@ -160,7 +221,7 @@ class Ping extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 					break;
-				case 'messages':
+				case 'mail':
 					$r = q("update mail set mail_seen = 1 where mail_seen = 0 and channel_id = %d ",
 						intval(local_channel())
 					);
@@ -177,6 +238,9 @@ class Ping extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 					break;
+				case 'pubs':
+					unset($_SESSION['static_loadtime']);
+					break;
 				default:
 					break;
 			}
@@ -194,37 +258,20 @@ class Ping extends \Zotlabs\Web\Controller {
 		 * dropdown menu.
 		 */
 		if(argc() > 1 && argv(1) === 'notify') {
-			$t = q("select count(*) as total from notify where uid = %d and seen = 0",
+			$t = q("select * from notify where uid = %d and seen = 0 order by created desc",
 				intval(local_channel())
 			);
-			if($t && intval($t[0]['total']) > 49) {
-				$z = q("select * from notify where uid = %d
-					and seen = 0 order by created desc limit 50",
-					intval(local_channel())
-				);
-			} else {
-				$z1 = q("select * from notify where uid = %d
-					and seen = 0 order by created desc limit 50",
-					intval(local_channel())
-				);
-				$z2 = q("select * from notify where uid = %d
-					and seen = 1 order by created desc limit %d",
-					intval(local_channel()),
-					intval(50 - intval($t[0]['total']))
-				);
-				$z = array_merge($z1,$z2);
-			}
 
-			if(count($z)) {
-				foreach($z as $zz) {
+			if($t) {
+				foreach($t as $tt) {
 					$notifs[] = array(
-						'notify_link' => z_root() . '/notify/view/' . $zz['id'],
-						'name' => $zz['xname'],
-						'url' => $zz['url'],
-						'photo' => $zz['photo'],
-						'when' => relative_date($zz['created']),
-						'hclass' => (($zz['seen']) ? 'notify-seen' : 'notify-unseen'),
-						'message' => strip_tags(bbcode($zz['msg']))
+						'notify_link' => z_root() . '/notify/view/' . $tt['id'],
+						'name' => $tt['xname'],
+						'url' => $tt['url'],
+						'photo' => $tt['photo'],
+						'when' => relative_date($tt['created']),
+						'hclass' => (($tt['seen']) ? 'notify-seen' : 'notify-unseen'),
+						'message' => strip_tags(bbcode($tt['msg']))
 					);
 				}
 			}
@@ -233,7 +280,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
-		if(argc() > 1 && argv(1) === 'messages') {
+		if(argc() > 1 && argv(1) === 'mail') {
 			$channel = \App::get_channel();
 			$t = q("select mail.*, xchan.* from mail left join xchan on xchan_hash = from_xchan
 				where channel_id = %d and mail_seen = 0 and mail_deleted = 0
@@ -265,9 +312,12 @@ class Ping extends \Zotlabs\Web\Controller {
 
 			$r = q("SELECT * FROM item
 				WHERE item_unseen = 1 and uid = %d $item_normal
-				and author_xchan != '%s' ORDER BY created DESC limit 300",
+				AND author_xchan != '%s'
+				AND obj_type != '%s'
+				ORDER BY created DESC limit 300",
 				intval(local_channel()),
-				dbesc($ob_hash)
+				dbesc($ob_hash),
+				dbesc(ACTIVITY_OBJ_FILE)
 			);
 
 			if($r) {
@@ -308,6 +358,30 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
+		if((argc() > 1 && (argv(1) === 'register')) && is_site_admin()) {
+			$result = array();
+
+			$r = q("SELECT account_email, account_created from account where (account_flags & %d) > 0",
+				intval(ACCOUNT_PENDING)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$result[] = array(
+						'notify_link' => z_root() . '/admin/accounts',
+						'name' => $rr['account_email'],
+						'url' => '',
+						'photo' => get_default_profile_photo(48),
+						'when' => relative_date($rr['account_created']),
+						'hclass' => ('notify-unseen'),
+						'message' => t('requires approval')
+					);
+				}
+			}
+			logger('ping (register): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
 		if(argc() > 1 && (argv(1) === 'all_events')) {
 			$bd_format = t('g A l F d') ; // 8 AM Friday January 18
 
@@ -345,6 +419,39 @@ class Ping extends \Zotlabs\Web\Controller {
 			killme();
 		}
 
+		if(argc() > 1 && (argv(1) === 'files')) {
+			$result = array();
+
+			$r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s FROM item 
+				LEFT JOIN xchan on author_xchan = xchan_hash
+				WHERE item.verb = '%s'
+				AND item.obj_type = '%s'
+				AND item.uid = %d
+				AND item.owner_xchan != '%s'
+				AND item.item_unseen = 1",
+				dbesc(ACTIVITY_POST),
+				dbesc(ACTIVITY_OBJ_FILE),
+				intval(local_channel()),
+				dbesc($ob_hash)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$result[] = array(
+						'notify_link' => z_root() . '/sharedwithme',
+						'name' => $rr['xchan_name'],
+						'url' => $rr['xchan_url'],
+						'photo' => $rr['xchan_photo_s'],
+						'when' => relative_date($rr['created']),
+						'hclass' => ('notify-unseen'),
+						'message' => t('shared a file with you')
+					);
+				}
+			}
+			logger('ping (files): ' . print_r($result, true), LOGGER_DATA);
+			echo json_encode(array('notify' => $result));
+			killme();
+		}
+
 		/**
 		 * Normal ping - just the counts, no detail
 		 */
@@ -356,15 +463,35 @@ class Ping extends \Zotlabs\Web\Controller {
 				$result['notify'] = intval($t[0]['total']);
 		}
 
-		$t1 = dba_timer();
+		$t2 = dba_timer();
+
+		if($vnotify & VNOTIFY_FILES) {
+			$files = q("SELECT count(id) as total FROM item
+				WHERE verb = '%s'
+				AND obj_type = '%s'
+				AND uid = %d
+				AND owner_xchan != '%s'
+				AND item_unseen = 1",
+				dbesc(ACTIVITY_POST),
+				dbesc(ACTIVITY_OBJ_FILE),
+				intval(local_channel()),
+				dbesc($ob_hash)
+			);
+			if($files)
+				$result['files'] = intval($files[0]['total']);
+		}
+
+		$t3 = dba_timer();
 
 		if($vnotify & (VNOTIFY_NETWORK|VNOTIFY_CHANNEL)) {
 			$r = q("SELECT id, item_wall FROM item
 				WHERE item_unseen = 1 and uid = %d
 				$item_normal
-				and author_xchan != '%s'",
+				AND author_xchan != '%s'
+				AND obj_type != '%s'",
 				intval(local_channel()),
-				dbesc($ob_hash)
+				dbesc($ob_hash),
+				dbesc(ACTIVITY_OBJ_FILE)
 			);
 
 			if($r) {
@@ -384,20 +511,20 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(! ($vnotify & VNOTIFY_CHANNEL))
 			$result['home'] = 0;
 
-		$t2 = dba_timer();
+		$t4 = dba_timer();
 
 		if($vnotify & VNOTIFY_INTRO) {
 			$intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and abook_pending = 1 and abook_self = 0 and abook_ignored = 0 and xchan_deleted = 0 and xchan_orphan = 0 ",
 				intval(local_channel())
 			);
 
-			$t3 = dba_timer();
+			$t5 = dba_timer();
 
 			if($intr)
 				$result['intros'] = intval($intr[0]['total']);
 		}
 
-		$t4 = dba_timer();
+		$t6 = dba_timer();
 		$channel = \App::get_channel();
 
 		if($vnotify & VNOTIFY_MAIL) {
@@ -420,7 +547,7 @@ class Ping extends \Zotlabs\Web\Controller {
 			}
 		}
 
-		$t5 = dba_timer();
+		$t7 = dba_timer();
 
 		if($vnotify & (VNOTIFY_EVENT|VNOTIFY_EVENTTODAY|VNOTIFY_BIRTHDAY)) {
 			$events = q("SELECT etype, dtstart, adjust FROM event
@@ -466,9 +593,9 @@ class Ping extends \Zotlabs\Web\Controller {
 
 		$x = json_encode($result);
 
-		$t6 = dba_timer();
+		$t8 = dba_timer();
 
-//		logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
+//		logger('ping timer: ' . sprintf('%01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f %01.4f',$t8 - $t7, $t7 - $t6, $t6 - $t5, $t5 - $t4, $t4 - $t3, $t3 - $t2, $t2 - $t1, $t1 - $t0));
 
 		echo $x;
 		killme();

Zotlabs/Module/Poke.php

@@ -41,7 +41,10 @@ class Poke extends \Zotlabs\Web\Controller {
 		$activity = ACTIVITY_POKE . '#' . urlencode($verbs[$verb][0]);
 	
 		$contact_id = intval($_REQUEST['cid']);
-		if(! $contact_id)
+
+		$xchan = trim($_REQUEST['xchan']);
+
+		if(! ($contact_id || $xchan))
 			return;
 	
 		$parent = ((x($_REQUEST,'parent')) ? intval($_REQUEST['parent']) : 0);
@@ -49,13 +52,20 @@ class Poke extends \Zotlabs\Web\Controller {
 		logger('poke: verb ' . $verb . ' contact ' . $contact_id, LOGGER_DEBUG);
 	
 	
-		$r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1",
-			intval($contact_id),
-			intval($uid)
-		);
-	
+		if($contact_id) {
+			$r = q("SELECT * FROM abook left join xchan on xchan_hash = abook_xchan where abook_id = %d and abook_channel = %d LIMIT 1",
+				intval($contact_id),
+				intval($uid)
+			);
+		}
+		if($xchan) {
+			$r = q("SELECT * FROM xchan where xchan_hash like ( '%s' ) LIMIT 1",
+				dbesc($xchan . '%')
+			);
+		}
+			
 		if(! $r) {
-			logger('poke: no target ' . $contact_id);
+			logger('poke: no target.');
 			return;
 		}
 	
@@ -79,7 +89,7 @@ class Poke extends \Zotlabs\Web\Controller {
 				$deny_gid     = $r[0]['deny_gid'];
 			}
 		}
-		else {
+		elseif($contact_id) {
 	
 			$item_private = ((x($_GET,'private')) ? intval($_GET['private']) : 0);
 	
@@ -92,9 +102,11 @@ class Poke extends \Zotlabs\Web\Controller {
 	
 		$arr = array();
 	
+
+
 		$arr['item_wall']     = 1;
 		$arr['owner_xchan']   = (($parent_item) ? $parent_item['owner_xchan'] : $channel['channel_hash']);
-		$arr['parent_mid']    = (($parent_mid) ? $parent_mid : $mid);
+		$arr['parent_mid']    = (($parent_mid) ? $parent_mid : '');
 		$arr['title']         = '';
 		$arr['allow_cid']     = $allow_cid;
 		$arr['allow_gid']     = $allow_gid;
@@ -131,12 +143,14 @@ class Poke extends \Zotlabs\Web\Controller {
 	
 	
 	
-		function get() {
+	function get() {
 	
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		nav_set_selected('Poke');
 	
 		$name = '';
 		$id = '';

Zotlabs/Module/Post.php

@@ -19,16 +19,16 @@ class Post extends \Zotlabs\Web\Controller {
 	function init() {
 		if(array_key_exists('auth', $_REQUEST)) {
 			$x = new \Zotlabs\Zot\Auth($_REQUEST);
-
 			exit;
 		}
 	}
 
 	function post() {
-		$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler());
+		if(array_key_exists('data',$_REQUEST)) {
+			$z = new \Zotlabs\Zot\Receiver($_REQUEST['data'], get_config('system', 'prvkey'), new \Zotlabs\Zot\ZotHandler());
+			exit;
+		}
 
-		// notreached;
-		exit;
 	}
 
 }

Zotlabs/Module/Probe.php

@@ -7,7 +7,9 @@ require_once('include/zot.php');
 class Probe extends \Zotlabs\Web\Controller {
 
 	function get() {
-	
+
+		nav_set_selected('Remote Diagnostics');
+
 		$o .= '<h3>Probe Diagnostic</h3>';
 	
 		$o .= '<form action="probe" method="get">';

Zotlabs/Module/Profile.php

@@ -21,6 +21,8 @@ class Profile extends \Zotlabs\Web\Controller {
 			\App::$error = 404;
 			return;
 		}
+
+		nav_set_selected('Profile');
 	
 		$profile = '';
 		$channel = \App::get_channel();
@@ -92,7 +94,6 @@ class Profile extends \Zotlabs\Web\Controller {
 			echo \App::$profile['profile_vcard'];
 			killme();
 		}
-
 	
 		$is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false);
 	
@@ -100,11 +101,14 @@ class Profile extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
-		//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
-	
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
-	
+		
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
 		$o .= advanced_profile($a);
 		call_hooks('profile_advanced',$o);
 		return $o;

Zotlabs/Module/Profile_photo.php

@@ -150,6 +150,14 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 					// If setting for the default profile, unset the profile photo flag from any other photos I own
 	
 					if($is_default_profile) {
+
+						$r = q("update profile set photo = '%s', thumb = '%s' where is_default = 1 and uid = %d",
+							dbesc(z_root() . '/photo/profile/l/' . local_channel()),
+							dbesc(z_root() . '/photo/profile/m/' . local_channel()),
+							intval(local_channel())
+						);
+
+
 						$r = q("UPDATE photo SET photo_usage = %d WHERE photo_usage = %d
 							AND resource_id != '%s' AND uid = %d",
 							intval(PHOTO_NORMAL),
@@ -158,6 +166,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 							intval(local_channel())
 						);
 	
+
 						send_profile_photo_activity($channel,$base_image,$profile);
 	
 					}
@@ -174,12 +183,17 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 	
 					// We'll set the updated profile-photo timestamp even if it isn't the default profile,
 					// so that browsers will do a cache update unconditionally
+					// Also set links back to site-specific profile photo url in case it was
+					// changed to a generic URL by a clone operation. Otherwise the new photo may 
+					// not get pushed to other sites correctly.
 	
-	
-					$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s' 
+					$r = q("UPDATE xchan set xchan_photo_mimetype = '%s', xchan_photo_date = '%s', xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s'  
 						where xchan_hash = '%s'",
 						dbesc($im->getType()),
 						dbesc(datetime_convert()),
+						dbesc(z_root() . '/photo/profile/l/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/m/' . $channel['channel_id']),
+						dbesc(z_root() . '/photo/profile/s/' . $channel['channel_id']),
 						dbesc($channel['xchan_hash'])
 					);
 
@@ -190,7 +204,7 @@ class Profile_photo extends \Zotlabs\Web\Controller {
 						build_sync_packet($channel['channel_id'],array('file' => array($sync)));
 
 
-					// Similarly, tell the nav bar to bypass the cache and update the avater image.
+					// Similarly, tell the nav bar to bypass the cache and update the avatar image.
 					$_SESSION['reload_avatar'] = true;
 	
 					info( t('Shift-reload the page or clear browser cache if the new photo does not display immediately.') . EOL);

Zotlabs/Module/Profiles.php

@@ -9,7 +9,7 @@ class Profiles extends \Zotlabs\Web\Controller {
 
 	function init() {
 	
-		nav_set_selected('profiles');
+		nav_set_selected('Profiles');
 	
 		if(! local_channel()) {
 			return;

Zotlabs/Module/Pubsites.php

@@ -30,13 +30,14 @@ class Pubsites extends \Zotlabs\Web\Controller {
 		if($ret['success']) {
 			$j = json_decode($ret['body'],true);
 			if($j) {
-				$o .= '<table class="table table-striped table-hover"><tr><td>' . t('Hub URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><td>' . t('Stats') . '</td><td>' . t('Software') . '</td>';
+				$o .= '<table class="table table-striped table-hover"><tr><td>' . t('Hub URL') . '</td><td>' . t('Access Type') . '</td><td>' . t('Registration Policy') . '</td><!--td>' . t('Stats') . '</td--><td>' . t('Software') . '</td>';
 				if($rating_enabled)
 					$o .= '<td colspan="2">' . t('Ratings') . '</td>';
 				$o .= '</tr>';
 				if($j['sites']) {
 					foreach($j['sites'] as $jj) {
-						if(! \Zotlabs\Lib\System::compatible_project($jj['project']))
+						$projectname = explode(' ',$jj['project']);
+						if(! \Zotlabs\Lib\System::compatible_project($projectname[0]))
 							continue;
 						if(strpos($jj['version'],' ')) {
 							$x = explode(' ', $jj['version']);
@@ -54,7 +55,7 @@ class Pubsites extends \Zotlabs\Web\Controller {
 							$location = '<br />&nbsp;';
 							}
 						$urltext = str_replace(array('https://'), '', $jj['url']);
-						$o .= '<tr><td><a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" ><i class="fa fa-link"></i> ' . $urltext . '</a>' . $location . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><td>' . '<a target="stats" href="https://hubchart-tarine.rhcloud.com/hub.jsp?hubFqdn=' . $m['host'] . '"><i class="fa fa-area-chart"></i></a></td><td>' . ucwords($jj['project']) . (($jj['version']) ? ' ' . $jj['version'] : '') . '</td>';
+						$o .= '<tr><td><a href="'. (($jj['sellpage']) ? $jj['sellpage'] : $jj['url'] . '/register' ) . '" ><i class="fa fa-link"></i> ' . $urltext . '</a>' . $location . '</td><td>' . $jj['access'] . '</td><td>' . $jj['register'] . '</td><!--td>' . '<a target="stats" href="https://hubchart-tarine.rhcloud.com/hub.jsp?hubFqdn=' . $m['host'] . '"><i class="fa fa-area-chart"></i></a></td--><td>' . ucwords($jj['project']) . (($jj['version']) ? ' ' . $jj['version'] : '') . '</td>';
 						if($rating_enabled)
 							$o .= '<td><a href="ratings/' . $host . '" class="btn-btn-default"><i class="fa fa-eye"></i> ' . t('View') . '</a></td>' . $rate_links ;
 						$o .=  '</tr>';

Zotlabs/Module/Pubstream.php

@@ -7,27 +7,40 @@ require_once('include/conversation.php');
 class Pubstream extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
-	
+
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
-	
+
 	
 		if(observer_prohibited(true)) {
 				return login();
 		}
 	
-	
-		if(get_config('system','disable_discover_tab'))
+		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
+		if($disable_discover_tab)
 			return;
-	
+
+		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
+
+		if(strpos($mid,'b64.') === 0)
+			$decoded = @base64url_decode(substr($mid,4));
+		if($decoded)
+			$mid = $decoded;
+
 		$item_normal = item_normal();
+		$item_normal_update = item_normal_update();
 
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 
 	
-		if(! $update) {
+		if(! $update && !$load) {
 
-			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 0);
+			nav_set_selected(t('Public Stream'));
+
+			if(!$mid)
+				$_SESSION['static_loadtime'] = datetime_convert();
+
+			$static  = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1);
 	
 			$maxheight = get_config('system','home_divmore_height');
 			if(! $maxheight)
@@ -38,6 +51,10 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				. "; var profile_page = " . \App::$pager['page'] 
 				. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
 	
+			//if we got a decoded hash we must encode it again before handing to javascript 
+			if($decoded)
+				$mid = 'b64.' . base64url_encode($mid);
+
 			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
 				'$baseurl' => z_root(),
 				'$pgtype'  => 'pubstream',
@@ -63,7 +80,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 				'$cats'    => '',
 				'$tags'    => '',
 				'$dend'    => '',
-				'$mid'     => '',
+				'$mid'     => $mid,
 				'$verb'     => '',
 				'$dbegin'  => ''
 			));
@@ -105,7 +122,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$simple_update = '';
 
 		if($static && $simple_update)
-            $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
+			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";
 
 		//logger('update: ' . $update . ' load: ' . $load);
 	
@@ -114,29 +131,46 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			$ordering = "commented";
 	
 			if($load) {
-	
-				// Fetch a page full of parent items for this page
-	
-				$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
-					left join abook on item.author_xchan = abook.abook_xchan
-					WHERE true $uids $item_normal
-					AND item.parent = item.id
-					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets
-					ORDER BY $ordering DESC $pager_sql "
-				);
-	
-	
+				if($mid) {
+					$r = q("SELECT parent AS item_id FROM item
+						left join abook on item.author_xchan = abook.abook_xchan
+						WHERE mid like '%s' $uids $item_normal
+						and (abook.abook_blocked = 0 or abook.abook_flags is null)
+						$sql_extra3 $sql_extra $sql_nets LIMIT 1",
+						dbesc($mid . '%')
+					);
+				}
+				else {
+					// Fetch a page full of parent items for this page
+					$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
+						left join abook on item.author_xchan = abook.abook_xchan
+						WHERE true $uids $item_normal
+						AND item.parent = item.id
+						and (abook.abook_blocked = 0 or abook.abook_flags is null)
+						$sql_extra3 $sql_extra $sql_nets
+						ORDER BY $ordering DESC $pager_sql "
+					);
+				}
 			}
 			elseif($update) {
-	
-				$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
-					left join abook on item.author_xchan = abook.abook_xchan
-					WHERE true $uids $item_normal
-					AND item.parent = item.id $simple_update
-					and (abook.abook_blocked = 0 or abook.abook_flags is null)
-					$sql_extra3 $sql_extra $sql_nets"
-				);
+				if($mid) {
+					$r = q("SELECT parent AS item_id FROM item
+						left join abook on item.author_xchan = abook.abook_xchan
+						WHERE mid like '%s' $uids $item_normal_update $simple_update
+						and (abook.abook_blocked = 0 or abook.abook_flags is null)
+						$sql_extra3 $sql_extra $sql_nets LIMIT 1",
+						dbesc($mid . '%')
+					);
+				}
+				else {
+					$r = q("SELECT distinct item.id AS item_id, $ordering FROM item
+						left join abook on item.author_xchan = abook.abook_xchan
+						WHERE true $uids $item_normal_update
+						AND item.parent = item.id $simple_update
+						and (abook.abook_blocked = 0 or abook.abook_flags is null)
+						$sql_extra3 $sql_extra $sql_nets"
+					);
+				}
 				$_SESSION['loadtime'] = datetime_convert();
 			}
 			// Then fetch all the children of the parents that are on this page
@@ -167,7 +201,10 @@ class Pubstream extends \Zotlabs\Web\Controller {
 		// fake it
 		$mode = ('network');
 	
-		$o .= conversation($a,$items,$mode,$update,$page_mode);
+		$o .= conversation($items,$mode,$update,$page_mode);
+
+		if($mid)
+			$o .= '<div id="content-complete"></div>';
 	
 		if(($items) && (! $update))
 			$o .= alt_pager($a,count($items));

Zotlabs/Module/Randprof.php

@@ -8,7 +8,7 @@ class Randprof extends \Zotlabs\Web\Controller {
 	function init() {
 		$x = random_profile();
 		if($x)
-			goaway(chanlink_url($x));
+			goaway(chanlink_hash($x));
 	
 		/** FIXME this doesn't work at the moment as a fallback */
 		goaway(z_root() . '/profile');

Zotlabs/Module/React.php

@@ -39,6 +39,10 @@ class React extends \Zotlabs\Web\Controller {
 			$n['author_xchan'] = $channel['channel_hash'];
 
 			$x = item_store($n); 
+
+			if(local_channel())
+				retain_item($postid);
+
 			if($x['success']) {
 				$nid = $x['item_id'];
 				 \Zotlabs\Daemon\Master::Summon(array('Notifier','like',$nid));

Zotlabs/Module/Register.php

@@ -27,7 +27,7 @@ class Register extends \Zotlabs\Web\Controller {
 				$result = check_account_email($_REQUEST['email']);
 				break;
 			case 'password_check.json':
-				$result = check_account_password($_REQUEST['password']);
+				$result = check_account_password($_REQUEST['password1']);
 				break;
 			default: 
 				break;
@@ -123,12 +123,19 @@ class Register extends \Zotlabs\Web\Controller {
 		if($policy == REGISTER_OPEN ) {
 			if($email_verify) {
 				$res = verify_email_address($result);
+				if($res) {
+					info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ;
+				}
 			}
 			else {
 				$res = send_register_success_email($result['email'],$result['password']);
 			}
 			if($res) {
-				info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ;
+				if($invite_code) {
+					info( t('Registration successful. Continue to create your first channel...') . EOL ) ;
+				} else {
+					info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ;
+				}
 			}
 		}
 		elseif($policy == REGISTER_APPROVE) {
@@ -151,7 +158,7 @@ class Register extends \Zotlabs\Web\Controller {
 		$new_channel = false;
 		$next_page = 'new_channel';
 	
-		if(get_config('system','auto_channel_create') || get_config('system','server_role') == 'basic') {
+		if(get_config('system','auto_channel_create')) {
 			$new_channel = auto_channel_create($result['account']['account_id']);
 			if($new_channel['success']) {
 				$channel_id = $new_channel['channel']['channel_id'];
@@ -167,7 +174,8 @@ class Register extends \Zotlabs\Web\Controller {
 			$next_page = $x;
 			$_SESSION['workflow'] = true;
 		}
-	
+
+		unset($_SESSION['login_return_url']);
 		goaway(z_root() . '/' . $next_page);
 	
 	}
@@ -231,20 +239,18 @@ class Register extends \Zotlabs\Web\Controller {
 		$enable_tos = 1 - intval(get_config('system','no_termsofservice'));
 	
 		$email        = array('email', t('Your email address'), ((x($_REQUEST,'email')) ? strip_tags(trim($_REQUEST['email'])) : ""));
-		$password     = array('password', t('Choose a password'), ((x($_REQUEST,'password')) ? trim($_REQUEST['password']) : ""));
-		$password2    = array('password2', t('Please re-enter your password'), ((x($_REQUEST,'password2')) ? trim($_REQUEST['password2']) : ""));
+		$password     = array('password', t('Choose a password'), ''); 
+		$password2    = array('password2', t('Please re-enter your password'), ''); 
 		$invite_code  = array('invite_code', t('Please enter your invitation code'), ((x($_REQUEST,'invite_code')) ? strip_tags(trim($_REQUEST['invite_code'])) : ""));
 		$name = array('name', t('Name or caption'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), t('Examples: "Bob Jameson", "Lisa and her Horses", "Soccer", "Aviation Group"'));
 		$nickhub = '@' . str_replace(array('http://','https://','/'), '', get_config('system','baseurl'));
 		$nickname = array('nickname', t('Choose a short nickname'), ((x($_REQUEST,'nickname')) ? $_REQUEST['nickname'] : ''), sprintf( t('Your nickname will be used to create an easy to remember channel address e.g. nickname%s'), $nickhub));
-		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
+		$role = array('permissions_role' , t('Channel role and privacy'), ($privacy_role) ? $privacy_role : 'social', t('Select a channel role with your privacy requirements.') . ' <a href="help/member/member_guide#Account_Permission_Roles" target="_blank">' . t('Read more about roles') . '</a>',$perm_roles);
 		$tos = array('tos', $label_tos, '', '', array(t('no'),t('yes')));
 
-		$server_role = get_config('system','server_role');	
 
-
-		$auto_create  = (($server_role == 'basic') || (get_config('system','auto_channel_create')) ? true : false);
-		$default_role = (($server_role == 'basic') ? 'social' : get_config('system','default_permissions_role'));
+		$auto_create  = (get_config('system','auto_channel_create') ? true : false);
+		$default_role = get_config('system','default_permissions_role');
 	
 		require_once('include/bbcode.php');