Merge branch '3.8RC'

(cherry picked from commit 2583270774)

.gitignore

@@ -37,7 +37,7 @@ pageheader.html
 doc/SiteTOS.md
 # themes except for redbasic
 view/theme/*
-! view/theme/redbasic
+!view/theme/redbasic
 # site theme schemas
 view/theme/redbasic/schema/default.php
 # Doxygen API documentation, run 'doxygen util/Doxyfile' to generate it

.gitlab-ci.yml

@@ -0,0 +1,36 @@
+# Select image from https://hub.docker.com/_/php/
+image: php:7.1
+
+# Select what we should cache
+cache:
+  paths:
+  - vendor/
+
+variables:
+  # Configure mysql service (https://hub.docker.com/_/mysql/)
+  MYSQL_DATABASE: hello_world_test
+  MYSQL_ROOT_PASSWORD: mysql
+
+
+services:
+- mysql:5.7
+
+before_script:
+- apt-get update -yqq
+- apt-get install -yqq git mysql-server mysql-client libmcrypt-dev libpq-dev libcurl4-gnutls-dev libicu-dev libvpx-dev libjpeg-dev libpng-dev libxpm-dev zlib1g-dev libfreetype6-dev libxml2-dev libexpat1-dev libbz2-dev libgmp3-dev libldap2-dev unixodbc-dev libsqlite3-dev libaspell-dev libsnmp-dev libpcre3-dev libtidy-dev
+# Install PHP extensions
+- docker-php-ext-install mbstring mcrypt pdo_mysql pdo_pgsql curl json intl gd xml zip bz2 opcache
+# Install & enable Xdebug for code coverage reports
+- pecl install xdebug
+- docker-php-ext-enable xdebug
+# Install and run Composer
+- curl -sS https://getcomposer.org/installer | php
+- php composer.phar install
+
+# We test PHP7 with MySQL, but we allow it to fail
+test:php:mysql:
+  script:
+  - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text

.homeinstall/README.md

@@ -34,22 +34,36 @@ Software
 ## The basic steps (quick overview)
 
 + Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS)
-+ Log on to your new debian (server)
++ Log on to your fresh Debian
   - apt-get install git
   - mkdir -p /var/www
   - cd /var/www
   - git clone https://github.com/redmatrix/hubzilla.git html
-  - cd /html/.homeinstall
+  - cd html/.homeinstall
   - cp hubzilla-config.txt.template hubzilla-config.txt
   - nano hubzilla-config.txt
     - Read the comments carefully
     - Enter your values: db pass, domain, values for dyn DNS
-  - Make sure your your external drive (for backups) is mounted
+  - Make sure your external drive (for backups) is mounted
   - hubzilla-setup.sh as root
     - ... wait, wait, wait until the script is finised
   - reboot
 + Open your domain with a browser and step throught the initial configuration of hubzilla.
 
+## Troubleshooting
+
+If the check of the mail address fails when you try to register the very first user in the browser. Do...
+
+    cd /var/www/html
+    util/config system.do_not_check_dns 1
+
+## Optional - Set path to imagemagick
+
+In Admin settings of hubzilla or via terminal
+
+    cd /var/www/html
+    util/config system.imagick_convert_path /usr/bin/convert
+
 # Step-by-Step in Detail
 
 ## Preparations Hardware
@@ -120,7 +134,7 @@ There are two ways to get a domain...
 
 The cost are around 10,- € once and 1,50 € per month (2017).
 
-The cost are around 10,- € once and 1,50 € per month (2017).
+### Method 2: Register a free subdomain
 
 ...for example register at freedns.afraid.org
 
@@ -150,7 +164,7 @@ Make the directory for apache and change diretory to it
 
 Clone hubzilla from git ("git pull" will update it later)
 
-    git clone https://github.com/redmatrix/hubzilla html
+    git clone https://framagit.org/hubzilla/core html
 
 Change to the install script
 
@@ -189,9 +203,16 @@ Leave db type "MySQL" untouched.
 
 Follow the instructions in the next pages.
 
+Recommended: Set path to imagemagick
+
+- in admin settings of hubzilla or 
+- via terminal
+
+    util/config system.imagick_convert_path /usr/bin/convert
+
 After the daily script was executed at 05:30 (am)
 
-- look at var/www/html/hubzilla-daily.log
+- look at /var/www/html/hubzilla-daily.log
 - check your backup on the external drive
 - optionally view the daily log under yourdomain.org/admin/logs/
   - set the logfile to var/www/html/hubzilla-daily.log
@@ -213,4 +234,12 @@ to boot the Rapsi to the client console.
 
 DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!
 
+On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user.
+This used to happen on some *bsd distros but there was some work to fix that a year ago (2017).
+
+So if your system isn't registered in DNS or DNS isn't active do
+
+    cd /var/www/html
+    util/config system.do_not_check_dns 1
+
 

.homeinstall/hubzilla-setup.sh

@@ -136,17 +136,17 @@ function check_config {
     # backup is important and should be checked
 	if [ -n "$backup_device_name" ]
 	then
-        device_mounted=0
+            if [ ! -d "$backup_mount_point" ]
+            then
+                mkdir "$backup_mount_point"
+	    fi
+            device_mounted=0
 		if fdisk -l | grep -i "$backup_device_name.*linux"
 		then
 		    print_info "ok - filesystem of external device is linux"
 	        if [ -n "$backup_device_pass" ]
 	        then
 	            echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
-	            if [ ! -d /media/hubzilla_backup ]
-	            then
-	                mkdir /media/hubzilla_backup
-	            fi
 	            if mount /dev/mapper/cryptobackup /media/hubzilla_backup
 	            then
                     device_mounted=1
@@ -246,6 +246,11 @@ function install_apache {
     nocheck_install "apache2 apache2-utils"
 }
 
+function install_imagemagick {
+    print_info "installing imagemagick..."
+    nocheck_install "imagemagick"
+}
+
 function install_curl {
     print_info "installing curl..."
     nocheck_install "curl"
@@ -567,7 +572,7 @@ function check_https {
 function install_hubzilla {
     print_info "installing hubzilla addons..."
     cd /var/www/html/
-    util/add_addon_repo https://github.com/redmatrix/hubzilla-addons.git hzaddons
+    util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons
     mkdir -p "store/[data]/smarty3"
     chmod -R 777 store
     touch .htconfig.php
@@ -641,7 +646,7 @@ function configure_cron_daily {
     # every 10 min for poller.php
     if [ -z "`grep 'poller.php' /etc/crontab`" ]
     then
-        echo "*/10 * * * * www-data cd /var/www/html; php include/poller.php >> /dev/null 2>&1" >> /etc/crontab
+        echo "*/10 * * * * www-data cd /var/www/html; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab
     fi
     # Run external script daily at 05:30
     # - stop apache and mysql-server
@@ -801,6 +806,7 @@ update_upgrade
 install_curl
 install_sendmail
 install_apache
+install_imagemagick
 install_php
 install_mysql
 install_phpmyadmin

.travis.yml

@@ -62,28 +62,34 @@ matrix:
   fast_finish: true
   # Additional check combinations
   include:
-    # PHP7.1, mariadb 10.1
-    - php: '7.1'
-      env: DB=mariadb MARIADB_VERSION=10.1 CODECOV=1
+    # PHP7.2, mariadb 10.2
+    - php: '7.2'
+      env: DB=mariadb MARIADB_VERSION=10.2 CODECOV=1
       # use mariadb instead of MySQL
       addons:
-        mariadb: '10.1'
-    # PHP7.1, PostgreSQL 9.6
-    - php: '7.1'
+        mariadb: '10.2'
+    # PHP7.2, PostgreSQL 9.6
+    - php: '7.2'
       env: DB=pgsql POSTGRESQL_VERSION=9.6 PHPUNITFILE=phpunit-pgsql.xml
       # Use newer postgres than 9.2 default
       addons:
         postgresql: '9.6'
       services:
         - postgresql
-    # PHP7.1, old precise distribution with MySQL 5.5
-    - php: '7.1'
+    # PostgreSQL 10 with Docker container
+    - php: '7.2'
+      env: DB=pgsql POSTGRESQL_VERSION=10 PHPUNITFILE=phpunit-pgsql.xml
+      sudo: required
+      services:
+        - docker
+    # PHP7.2, old precise distribution with MySQL 5.5
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.5
       dist: precise
       services:
         - mysql
     # MySQL 5.7 with Docker container
-    - php: '7.1'
+    - php: '7.2'
       env: DB=mysql MYSQL_VERSION=5.7
       sudo: required
       services:
@@ -109,6 +115,8 @@ before_install:
   - travis_retry composer self-update
   # Start MySQL 5.7 Docker container, needs some time to come up
   - if [[ "$MYSQL_VERSION" == "5.7" ]]; then sudo service mysql stop; docker run -d -p 3306:3306 -e MYSQL_ALLOW_EMPTY_PASSWORD=yes mysql:5.7 && sleep 25 && docker ps; fi
+  # Start PostgreSQL 10 Docker container, needs some time to come up
+  - if [[ "$POSTGRESQL_VERSION" == "10" ]]; then sudo service postgresql stop; docker run -d -p 5432:5432 postgres:10-alpine && sleep 35 && docker ps; fi
 
 # Install composer dev libs
 install:

CHANGELOG

@@ -1,3 +1,423 @@
+Hubzilla 3.8 (2018-10-19)
+	- Re-implement basic build test via gitlab-ci
+	- Rework wiki encoding/decoding
+	- Implement improved worker (experimental - off by default)
+	- Rework hubzilla settings infrastructure
+	- Port the features to stand-alone apps
+	- Add app_destroy hook
+	- Improve mod network search
+	- Extend app_install() to allow installing by app name
+	- Remove tech levels
+	- Hide channel creation form when at or over service_class['limit_identities']
+	- Rename groups and group_members tables for MySQL 8 compatibility
+	- Improve checks for image magick and pdo at setup
+	- Allow a second url in apd files for settings
+	- Add contact autocomplete to mod photo comments
+	- Add hook to allow addons to filter the list returned by app_list
+	- Do not sync channel moved field
+	- Add attach_delete hook
+	- Catch errors in template rendering
+	- Provide a noscript_content switch for mod channel and display
+	- Install and update bootstrap via composer
+	- Improve cover-photo handling
+	- Improve notification handling on small screens
+	- Detect and automatically repair duplicate plugin hook scenarios
+	- Add dreport_process hook
+	- Redirect stdout/stderr on cron command
+	- Update composer libs and add ramsey/uuid
+	- Add hook to extend conv_item cog dropdown menu
+	- Trigger the query options off of the active module rather than passed parameters in first_post_date()
+	- Tweak archive widget for articles
+	- Add api_not_found hook
+	- Ignore deleted hublocs in zot finger
+	- Don't use "checkjs" with an associated page reload - wrap a static copy of the content in noscript tags instead
+	- Add possibility to override helpfiles
+	- Add support for overriding the default template location and individual templates via .htconfig.php
+	- Add table support to markdown
+	- Make channel_remove less memory hungry
+	- Prevent json-ld bombing
+	- Turn off browser autocomplete on channel sources creation
+	- Add alter_pdl hook
+	- Add ability for addons to create .pdl files and load them automatically
+	- Sanitise vcard fields
+	- Don't sync system apps
+
+	
+	Bugfixes
+	- Fix issue with timeago plurals
+	- Fix issue with HTTP signatures
+	- Fix issues with channel import
+	- Fix double linebreaks in viewsrc output
+	- Fix jsonld signature issue (library is using sha1, spec requires sha256)
+	- Fix bookmarks not syncing between clones
+	- Fix combined view getting lost when deleting first message in pm thread
+	- Fix authors unable to comment on posts they authored when owned by others in certain circumstances
+	- Fix syschannel included in total channels count
+	- Fix html-to-markdown adds a backslash infront of a hash after each new line
+	- Fix profile likes dropdown
+	- Fix tags corruption when editing posts
+	- Fix duplicate info() messages
+	- Fix zid leaking to nonzot sites if markdown is enabled
+	- Fix app delete issue with base installed apps and app photo being reloaded uneccessarily
+	- Fix app update and ownership issues
+
+	Addons
+	- Upgrade Info: new addon to inform channel owners about system upgrades
+	- Superblock: fix issue with not removeable channels
+	- Cart: fix subscription table not created on install
+	- Hsse: new addon - a WYSIWYG editor for certain modules
+	- Rainbowtag: convert to app infrastructure
+	- Superblock: convert to app infrastructure
+	- Send ZID: convert to app infrastructure
+	- Adultphotoflag: move setting to mod photos
+	- GNU-Social: convert to app infrastructure
+	- Pubcrawl: convert to app infrastructure
+	- Startpage: convert to app infrastructure
+	- Wppost: convert to app infrastructure
+	- Diaspora: convert to app infrastructure
+	- Mdpost: move setting to editor settings
+	- Cart: convert to app infrastructure
+	- Cart: reflect renaming of groups table
+	- Authchoose: convert to app infrastructure
+	- Channelreputation: new addon - reputation system for community channels (forums, etc.)
+	- Diaspora: fix commenting on diaspora reshares
+	- Gallery: convert to app infrastructure
+	- Nsfw: convert to app infrastructure
+	- Diaspora: change top level retraction type from StatusMessage to Post
+	- Delivery Notice: new addon - display delivery status information at the top of items
+	- Diaspora: exclude xchan_networks rss, anon and unknown from the query to make the results more reliable
+	- Diaspora: provide xchan_url if we have no xchan_addr for mentions
+	- Diaspora: fix x-social-relay tags converted to associative array
+	- Twitter API: improvements for the twidere client
+	- Pubcrawl: partial support for inbound AP events
+	- Pubcrawl: add support for image objects
+	- Gallery: provide a way to direct link to a photo album gallery
+	- Pubcrawl: improve can_comment_on_post handler
+	- Pubcrawl: implement pleroma quirks regarding follow activities
+	- Cart: add ability to create catalog entries for physical and/or manually fulfilled items
+	- Cart: add subscriptions submodule
+
+
+Hubzilla 3.6 (2018-07-25)
+	- Update jquery.timeago library
+	- Implement Hookable CSP
+	- ActivityStreams: accept header changes to support plume 
+	- Streamline inconsistencies in addon naming
+	- SECURITY: hash the session_id in logs
+	- Update justified gallery library
+	- Hide channel in /cloud root if channel is hidden in directory
+	- Add resend option to channel sources tp discard original author.
+	- Provide flag to exclude privacy groups for federation plugin use in collect_recipients()
+	- Upgrading from redmatrix is no longer supported
+	- Deal with htmlentity encoding during authentication workflow
+	- Rework mod group
+	- Make droping posts of removed connections more memory efficient
+	- Refactor getOutainfo() for DAV storage
+	- Optionally report total available space when uploading
+	- SECURITY: provide option to disable the cloud 'root' directory and make the cloud module require a target channel nickname 
+	- Add plink and llink to viewsource
+	- Add new 'filter by name' feature 
+	- Remove network tabs
+	- New activity filter widget
+	- New activity order widget
+	- Make menus editable by visitors with webpage write permissions
+	- Move forum notifications to notifications
+	- Move manage privacy groups to the panel channel menu
+	- Don't remove items that are starred, filed, or that you replied to when removing a connection
+	- Don't deliver local items more than once
+	- Make navbar search use the module search function in /network and /channel
+	- Paint the locks on private activitypub items red. Their privacy model is "slightly" different from hubzillas
+	- Improve new channel creation workflow
+	- Add hook 'get_system_apps'
+	- Implement reset button for jot
+	- Adjust accept header to make pleroma happy
+	- Provide a general purpose GDPR document
+	- Provide function to fetch photo contents from url
+	- Make get_default_profile_photo() pluggable
+	- Refactor tags/mentions
+	- Refactor autocomplete mechanism
+	- Display pubsites link in info area if invite only
+	- Add cancel button to editor
+	- Implement MessageFilter for pubstream and sourced messages
+	- Add supported protocols to siteinfo
+	- Allow pdf embeds
+	- Allow uninstall of plugins which no longer exists via cmdline tool
+	- Improve the homeinstall script
+	- Provide easy access to the autoperms setting for forum and repository channels
+	- Implement admin delete of files, photos and posts
+	- Allow a different username to be used when importing a channel
+	- Provide warnings about profile photo and cover photo permissions
+	- Set the 'force' flag on attach_mkdir when initiated from a DAV operation
+
+	Bugfixes
+	- Fix double file uploads when dropping files into jot
+	- Fix jot collapsing when drag and drop to open jot
+	- Fix wrong album name when moving photos
+	- Fix wrong timestamp localization before first update in mod mail
+	- Fix post exiration not propagated to other networks (which support it)
+	- Fix sys channels visible in dirsearch
+	- Fix remote_self not working correctly
+	- Fix photos not syncing properly if destination is a postgres site
+	- Fix wrong hubloc_url for activitypub hublocs 
+	- Fix z_check_dns() for BSD 
+	- Fix not null violation in oauth1
+	- Fix DB issues with oauth2 on postgresql
+	- Fix 'anybody authenticated' not correctly handled in can_comment_on_post()
+	- Fix postgres issue if register mode is set to yes - with approval
+	- Fix tag search not finding articles
+	- Fix issue with mentions when markdown post addon is enabled
+	- Fix duplicate addressbook entries on repeated channel imports
+
+	Addons
+	- Cart: various display improvements
+	- Cart: make cart work with postgresql DB backend
+	- Cart: add new hzservice for service_classes
+	- Cart: add storewide currency settings
+	- Cart: provide channel app 'Shop' for cart addon
+	- Cart: implement order updating
+	- Cart: use CSP hook for paypals checkout.js
+	- Cart: provide a cancel mechanism for orders
+	- Cart: add paypal button
+	- Gallery: new addon to display photo albums with the photoswipe library
+	- Ldapauth: optionally auto create channel
+	- Pubcrawl: new setting to ignore ActivityPub recipients in privacy groups
+	- Diaspora: fix issue with displaying multiple photos
+	- Pubcrawl: provide plink
+	- Pubcrawl: hubloc_url should be baseurl, not actor url
+	- Pubcrawl: deliver restricted posts from hubzilla as direct messages (there is no other way to address only a subset of followers in mastodon)
+	- Pubcrawl: address comments to a restricted mastodon post to /followers
+
+
+Hubzilla 3.4.2 (2018-07-19)
+	- Compatibility fix for future versions
+
+
+Hubzilla 3.4.1 (2018-06-08)
+	- Say bye, bye to GitHub and move sourcecode repositories to #^https://framagit.org/hubzilla
+	- When removing a connection, don't remove items that are starred, filed or replied to
+	- Do not show archived forums in forum widget
+	- Fix potential XSS vulnerabilities
+	- Translation updates
+	- Fix postresql issue with oauth2
+	- Improve abconfig queries
+	- Fix postgresql issue if register mode was set to yes - with approval
+
+	Addons
+	- Diaspora: fix likes of non-contacts not allowed to like allthough diaspora_public_comments is set
+	- Pubcrawl: fix wrong hubloc url
+	- Pubcrawl: fix issues with attachments
+	- Pubcrawl: fetch required item metadata in asfetch_item()
+	- Cavatar: use cavatar for all default profile photos if enabled
+	- Pubcrawl: fix peertube video display
+	- Pubcrawl: fix incoming activitypub comments not getting propagated downstream
+	- Statistics: fix .well-known/nodeinfo
+	- Pubsubhubbub: fix postgresql related issues
+	- Pubcrawl: send the original LD-signature signed activity when distributing comments downstream if we have it
+	- Cavatar: improve the image creation process
+
+
+Hubzilla 3.4 (2018-05-04)
+	- Provide warnings about profile photo and cover photo permissions
+	- Don't duplicate addressbook entries on repeated channel imports
+	- Where possible strip zid parameter from links that get pasted into posts so that they will get a correct zid when rendered
+	- Rename boxy schema to Focus-Boxy
+	- Rename BS-Default schema to Focus-Light
+	- Mark simple_* schemas unmaintained and deprecated - they will be removed in next release if nobody steps up to maintain them.
+	- Implement trending tags for mod pubstream
+ 	- Relax restrictions to the design tools menu to allow those with write_pages permission
+	- Add alt pager to mod moderate
+	- Show existing cover photo when changing it
+	- Update to bootstrap lib to version 4.1
+	- Provide a higher accuracy method for active channels information
+	- Provide visible star status for starred posts
+	- Move the thread author menu to the wall item photo
+	- Accept system_language through either get or post
+	- Remove recipient name from stored notifications but keep them in emails
+	- Fix issue of being forced to log back in after leaving a delegated channel
+	- Implement last commented expiration setting in mod admin
+	- Create catcloud widget and provide a type option which can include 'cards' or 'articles'
+	- Modified notifications widget to add the public stream when the current user is allowed to see it only
+	- Don't provide a connect button for transient identities
+	- Merge techlevels and features
+	- Implement auto-save posts and comments in browser using localStorage
+	- Display directory server in siteinfo.json
+	- Bring back the dnt policy document
+	- Implement OAuth2/OpenIDConnect server
+	- Add basic structure for additional features documentation
+	- Community tag refactor
+	- Obscurify chats
+	- Provide a way to share wiki pages
+	- Update folder timestamp on uploaded files
+	- Code optimisations and de-duplication on updating parent commented timestamp
+	- Turn newmember widget into a feature
+	- Make list mode work in cards and articles
+	- Make alt pager work for articles and cards
+	- Initial support for alternative sort orders on the cloud pages
+	- Add Ochannel module for testing OStatus bad behaviour
+	- Add the social - federation permission role
+	- Update justified gallery lib from 3.6.3 to 3.6.5
+
+	Bugfixes
+	- Fix regression with forum widget unseen count
+	- Fix issue with imagemagick exif info
+	- Aonymous comments in StdLimits shouldn't be allowed
+	- Fix wiki pages not syncing
+	- Show "Unseen public activity" channel setting when site only public streams are activated
+	- Fix channel import failing to provide channel_password value
+	- Fix permalinks to children of articles and cards
+	- Fix missing year on profile birthday input
+	- Fix missing login/out buttons for medium screensize
+	- Preserve existing categories when updating an app from an embed source
+	- Fix app sellpage not being stored
+	- Fix tagadelic being overly protective of permissions
+	- Fix comments not displayed in single card/article view
+	- Fix anonymous comments bump thread
+	- Fix pending registrations visible in admin accounts
+
+	Addons
+	Pubcrawl: fix issues with "private" messages
+	Pubcrawl: fix issues with postgresql
+	Fuzzloc: new addon to blur your browser location
+	Pubcrawl: implement follow by webfinger
+	Cart: new addon which provides online shop functionalities (experimental)
+	Pubcrawl: implement two-way summary functionality
+	Wordpress: upgrade incutio xmlrpc library to use hubzilla curl wrapper
+	Hzfiles: various fixes
+	Diaspora: support full_name attribute in profile messages
+	Frphotos: deprecate plugin (keep it for reference)
+	Webmention: require html5 parser
+	GNU-Social: provide alternative xchan_url
+	Diaspora: fix wrong callback function
+	Diaspora: fix conversion of forum mentions to markdown by providing a !{forum@host} link syntax
+	Diaspora: fix item title not transferred
+
+
+Hubzilla 3.2 (2018-03-09)
+	- Improve rendering of Readme files in plugin settings
+	- Add pdl file for mod moderate
+	- Update redbasic theme screenshot
+	- Restrict mail messages to max_import_size
+	- Add pdl file for mod thing
+	- Add federation property to webfinger
+	- Provide new member widget which sits beneath the notifications for the first 60 days after an account creation
+	- Rename Addon/Feature settings to Addon Settings
+	- Move privacy groups to the newly created Access Control and Permissions tab
+	- Move oauth_client management and guest access tokens to features rather than auto-enabling at various feature levels
+	- Change undo_post_tagging() to emit quoted tags rather than using underscore replacement if they contain spaces
+	- Require directory servers to be using some modern form of encryption
+	- Change icon set from font-awesome to fork-awesome
+	- Provide opt-out link and text with notification emails
+	- Alter image selection widget to accept/submit on choose (github issue #979)
+	- If hide_in_statistics is set, only include the total channels count and no other statistical info in siteinfo.json
+	- Mark connections where we do not have post_comments permissions with an no entry sign
+	- Click your own profile photo to change it if loged in
+	- Remove street address info from the default basic profile fields
+	- Handle error logging in on cloud page (post method not implemented)
+	- Cloud 'view-as-tiles' toggle wasn't available for guests and they are the most likely to prefer that view
+	- Provide DB compatibility for poll and voting implementations across several platforms
+	- Remove the unused ZotDriver and ProtoDriver classes
+	- Move dreport from zot to lib
+	- Move Zotlabs\Zot\Verify to Zotlabs\Lib\Verify as part of the zot6 re-org
+	- Add event resource_id to iconfig so Diaspora can search on it without looking inside JSON objects
+	- Trim non-existent/deprecated plugins from siteinfo plugin list
+	- Add 'Validate' button to new_channel page
+	- Do not show summary if it is equal to body
+	- Update code tag styling so bbcode [code] blocks and wiki markdown inline code render nicely
+	- Crypto improvements (use pkcs1_oaep_padding instead of the older pkcs1_padding)
+	- Refactor OAuth2Server a bit
+	- Refactor of the DB update system
+	- Extend the oauth2 storage driver so that we can use our own channel table
+	- Provide option to block the public stream unless authenticated
+	- Refactor shares and urn shares into activities
+	- Show likes and dislikes in notices if always_show_in_notices is set
+	- Add hidden config to disallow anonymous comments (github issue #972)
+	- Add flexibility to prefix/suffix string translations for jquery.timeago
+	- Make post titles searchable (github issue #975)
+	- Implement zot6 delivery
+	- Remove mobile_detect library
+	- Separate the parsing of author information from the parsing of item/activity information in feedutils
+	- Provide summaries in feeds under very limited cases
+	- Redirect to the email_validation page if login was attempted after account creation but prior to successful verification
+	- Iprove workflow for form based email validation when auto_channel_create is in effect
+	- Provide a default video image if nothing else is available
+	- Surface the ability to change the landing page after channel creation
+	- Create the 'go' module to present several possible things to do after channel creation
+	- Add unit test for dba_pdo driver class
+	- Add unit test for \DBA factory
+	- Usability improvements to registration/verification workflow
+	- Don't do any bbcode translation within code blocks (except baseurl, observer, and linefeeds)
+	- Improve browser language detection
+	- Remove unused prototype importer template and obsolete reflection cms importer
+	- Update to bootstrap 4 stable
+	- Implement caching of notifications in browser session storage
+	- Code cleanup and simplification in mod_like
+	- Implement new cropper library
+	- Better notifications for edit post/comments which may have been originally posted long ago
+	- Ensure filter words are not empty in include/items.php
+	- Change query in mod search to be compatible with postgres
+	- Provide channel list function in the zot api
+	- Remove deprecated 'qcomment' feature
+	- Simplify webserver logic flow
+	- Simplify interactions with the get_features hook
+	- Provide a local pubstream option (content from this site only)
+	- Simplify dir_tagadelic dramatically
+	- Surface the article feature
+	- Add summary bbcode tag
+	- Move markdown-in-posts/comments feature to plugin
+	- Support tables in markdown posts/comments
+
+
+	Bugfixes
+	- Fix javascript error if there are no notifications
+	- Fix some issues with friend suggestions on standalone sites with no 'suggestme' volunteers
+	- Fix unable to reset profile fields to defaults in admin/profs by emptying the textarea
+	⁻ Fix issues with accordions related to bootstrap upgrade
+	- Fix empty dob is set to the date of the first profile save
+	- Fix several email validation issues
+	- Fix issue if logged in locally and mod_display returns nothing owned by your uid; retry with known public uids rather than issue 'permission denied'
+	- Fix public stream app permission check to match the recent fixes to the Module
+	- Fix issues with delivery of edited posts to forums
+	- Fix autoname test
+	- Fix issue where self and pending connections were visible in connections when not loged in
+	- Fix bad query in mod defperms
+	- Fix issue where gnusocial likes were not recognised as like activity
+	- Fix manual queue invocation
+	- Fix unable to delete accounts using tickboxes on admin/accounts
+	- Fix a PHP7.2 warning when a channel has no cards
+	- Fix unable to delete permission groups with space in name (github issue #920)
+
+	Addons
+	Statistic: fix reporting of incorrect register policy in nodeinfo
+	Diaspora: diaspora_init_relay: calls diaspora_import_author with too many arguments
+	Pubcrawl: provide a system 'allowed' for to match the system setting for other protocols
+	Diaspora: fix issue with sending diaspora profile change messages over diaspora_v2
+	Diaspora: provide limited but hopefully adequate support for new Diaspora html5 audio/video
+	Pubcrawl: send zot context with follow requests
+	Pubcrawl: add video to the set of message types we process
+	Pubcrawl: support for activitypub media
+	Openclipatar: remove extra details for each image
+	Diaspora: initial work on event participation
+	Statistic: remove the friendica protocol from nodeinfo until it is fully implemented
+	Statistic: re-arrange the order of the .host-meta/nodeinfo links
+	Pubcrawl: add share verb to activitystreams translator
+	Pubcrawl: post public posts to syschannel
+	Statistics: fix legacy statistics.json interface
+	Gnusocial: improve error checking when processing a salmon message
+	Dirstats: fix sql syntax error
+	Pubcrawl: possibly reduce constraint violations for xchan_store_lowlevel (duplicate entry)
+	Diaspora: ensure we process Friendica-over-Diaspora yearless birthdays correctly
+	Chess: added simple history browsing controls to spectator view
+	Diaspora: support post/comment edits
+	Diaspora: don't redirect fetch requests for non-Diaspora wall-to-wall and forum posts unless they can be redirected to a Diaspora protocol site
+	Chess: added support for publicly visible games
+	Phpmailer: add quickstart notes
+	Chess: choose random color if no color is chosen
+	New Plugin: mdpost - markdown in posts/comments, migrated from core to addon
+	Diaspora: provide a configuration option to import the diaspora firehose, otherwise only import content matching subscribed tags
+	NSFW: load images only after click on the button
+	Twitter: provide configurable tweet length until such time as 280 becomes universal
+
+
 Hubzilla 3.0 (2018-01-09)
 	- Updated homeinstall script
 	- Sort cloud directory by 1. is_dir and 2. name

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010-2017 the Hubzilla Community
+Copyright (c) 2010-2018 the Hubzilla Community
 All rights reserved.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy

README.md

@@ -3,18 +3,18 @@
 Hubzilla - Community Server
 ===========================
 
-<p align="center" markdown="1">
-<em><a href="https://github.com/redmatrix/hubzilla/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
-</p>
 
+<p align="center" markdown="1">
+<em><a href="https://framagit.org/hubzilla/core/blob/master/install/INSTALL.txt">Installing Hubzilla</a></em> 
+</p>
 
 **What is Hubzilla?**
 
-Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online. 
+Hubzilla is a general purpose communication server integrated with a web publishing system and a decentralised permission system. If this sounds like a bunch of technical mumbo-jumbo to you, just think of it as an independent platform for sharing stuff online (publicly or privately). 
 
 Hubzilla contains some social network bits, some cloud storage bits, some blog and forum bits, and some content management bits. These are all integrated within a common privacy framework - and it is all decentralised. 
 
-Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - even with channels on different servers or other communications services.
+Everything you publish or share can be restricted to those channels and people you wish to share them with; and these permissions work completely invisibly - **even with channels on different servers or other communications services**.
 
 Migration and live backups of your connections, settings, and everything you publish are built-in, so you never need worry about server failure. 
 
@@ -25,5 +25,8 @@ Hubzilla is completely decentralised and open source, for you modify or adapt to
 
 The Hubzilla community consists of passionate volunteers creating an open source commons of decentralised services which are highly integrated and can rival the feature set of large centralised providers. We do our best to provide ethical software which places you in control of your online communications and privacy expectations.
 
+Build status master branch:
+[![Build Status Master](https://framagit.org/hubzilla/core/badges/master/build.svg)](https://framagit.org/hubzilla/core/badges/master/build.svg)
 
-[![Build Status](https://travis-ci.org/redmatrix/hubzilla.svg)](https://travis-ci.org/redmatrix/hubzilla)
+Build status dev branch:
+[![Build Status Dev](https://framagit.org/hubzilla/core/badges/dev/build.svg)](https://framagit.org/hubzilla/core/badges/dev/build.svg)

Zotlabs/Access/AccessList.php

@@ -3,10 +3,14 @@
 namespace Zotlabs\Access;
 
 /**
- * @brief AccessList class.
+ * @brief AccessList class which represents individual content ACLs.
  *
  * A class to hold an AccessList object with allowed and denied contacts and
  * groups.
+ *
+ * After evaluating @ref ::Zotlabs::Access::PermissionLimits "PermissionLimits"
+ * and @ref ::Zotlabs::Lib::Permcat "Permcat"s individual content ACLs are evaluated.
+ * These answer the question "Can Joe view *this* album/photo?".
  */
 class AccessList {
 	/**
@@ -103,7 +107,7 @@ class AccessList {
 	 * @brief Return an array consisting of the current access list components
 	 * where the elements are directly storable.
 	 *
-	 * @return Associative array with:
+	 * @return array An associative array with:
 	 *   * \e string \b allow_cid => string of allowed cids
 	 *   * \e string \b allow_gid => string of allowed gids
 	 *   * \e string \b deny_cid  => string of denied cids

Zotlabs/Access/PermissionLimits.php

@@ -2,35 +2,90 @@
 
 namespace Zotlabs\Access;
 
-use \Zotlabs\Lib as ZLib;
+use Zotlabs\Lib\PConfig;
 
+/**
+ * @brief Permission limits.
+ *
+ * Permission limits are a very high level permission setting. They are hard
+ * limits by design.
+ * "Who can view my photos (at all)?"
+ * "Who can post photos in my albums (at all)?"
+ *
+ * For viewing permissions we generally set these to 'anybody' and for write
+ * permissions we generally set them to 'those I allow', though many people
+ * restrict the viewing permissions further for things like 'Can view my connections'.
+ *
+ * People get confused enough by permissions that we wanted a place to set their
+ * privacy expectations once and be done with it.
+ *
+ * Connection related permissions like "Can Joe view my photos?" are handled by
+ * @ref ::Zotlabs::Lib::Permcat "Permcat" and inherit from the channel's Permission
+ * limits.
+ *
+ * @see Permissions
+ */
 class PermissionLimits {
 
+	/**
+	 * @brief Get standard permission limits.
+	 *
+	 * Viewing permissions and post_comments permission are set to 'anybody',
+	 * other permissions are set to 'those I allow'.
+	 *
+	 * The list of permissions comes from Permissions::Perms().
+	 *
+	 * @return array
+	 */
 	static public function Std_Limits() {
+		$limits = [];
 		$perms = Permissions::Perms();
-		$limits = array();
+
 		foreach($perms as $k => $v) {
-			if(strstr($k,'view') || $k === 'post_comments')
+			if(strstr($k, 'view'))
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
 		}
+
 		return $limits;
 	}
 
-	static public function Set($channel_id,$perm,$perm_limit) {
-		ZLib\PConfig::Set($channel_id,'perm_limits',$perm,$perm_limit);
+	/**
+	 * @brief Sets a permission limit for a channel.
+	 *
+	 * @param int $channel_id
+	 * @param string $perm
+	 * @param int $perm_limit one of PERMS_* constants
+	 */
+	static public function Set($channel_id, $perm, $perm_limit) {
+		PConfig::Set($channel_id, 'perm_limits', $perm, $perm_limit);
 	}
 
-	static public function Get($channel_id,$perm = '') {
+	/**
+	 * @brief Get a channel's permission limits.
+	 *
+	 * Return a channel's permission limits from PConfig. If $perm is set just
+	 * return this permission limit, if not set, return an array with all
+	 * permission limits.
+	 *
+	 * @param int $channel_id
+	 * @param string $perm (optional)
+	 * @return
+	 *   * \b false if no perm_limits set for this channel
+	 *   * \b int if $perm is set, return one of PERMS_* constants for this permission, default 0
+	 *   * \b array with all permission limits, if $perm is not set
+	 */
+	static public function Get($channel_id, $perm = '') {
 		if($perm) {
-			return Zlib\PConfig::Get($channel_id,'perm_limits',$perm);
+			return intval(PConfig::Get($channel_id, 'perm_limits', $perm));
 		}
-		else {
-			Zlib\PConfig::Load($channel_id);
-			if(array_key_exists($channel_id,\App::$config) && array_key_exists('perm_limits',\App::$config[$channel_id]))
-				return \App::$config[$channel_id]['perm_limits'];
-			return false;
-		}
-	}	
-}
+
+		PConfig::Load($channel_id);
+		if(array_key_exists($channel_id, \App::$config)
+				&& array_key_exists('perm_limits', \App::$config[$channel_id]))
+			return \App::$config[$channel_id]['perm_limits'];
+
+		return false;
+	}
+}

Zotlabs/Access/PermissionRoles.php

@@ -41,6 +41,24 @@ class PermissionRoles {
 
 				break;
 
+			case 'social_federation':
+				$ret['perms_auto'] = false;
+				$ret['default_collection'] = false;
+				$ret['directory_publish'] = true;
+				$ret['online'] = true;
+				$ret['perms_connect'] = [
+					'view_stream', 'view_profile', 'view_contacts', 'view_storage',
+					'view_pages', 'view_wiki', 'send_stream', 'post_wall', 'post_comments',
+					'post_mail', 'chat', 'post_like', 'republish'
+				];
+				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['limits']['post_comments'] = PERMS_AUTHED;
+				$ret['limits']['post_mail'] = PERMS_AUTHED;
+				$ret['limits']['post_like'] = PERMS_AUTHED;
+				$ret['limits']['chat'] = PERMS_AUTHED;
+				break;
+
+
 			case 'social_restricted':
 				$ret['perms_auto'] = false;
 				$ret['default_collection'] = true;
@@ -263,6 +281,7 @@ class PermissionRoles {
 	static public function roles() {
 		$roles = [
 			t('Social Networking') => [
+				'social_federation' => t('Social - Federation'),
 				'social' => t('Social - Mostly Public'),
 				'social_restricted' => t('Social - Restricted'),
 				'social_private' => t('Social - Private')
@@ -289,6 +308,8 @@ class PermissionRoles {
 			]
 		];
 
+		call_hooks('list_permission_roles',$roles);
+
 		return $roles;
 	}
 

Zotlabs/Access/Permissions.php

@@ -67,7 +67,7 @@ class Permissions {
 			'post_comments' => t('Can comment on or like my posts'),
 			'post_mail'     => t('Can send me private mail messages'),
 			'post_like'     => t('Can like/dislike profiles and profile things'),
-			'tag_deliver'   => t('Can forward to all my channel connections via @+ mentions in posts'),
+			'tag_deliver'   => t('Can forward to all my channel connections via ! mentions in posts'),
 			'chat'          => t('Can chat with me'),
 			'republish'     => t('Can source my public posts in derived channels'),
 			'delegate'      => t('Can administer my channel')

Zotlabs/Daemon/Cron.php

@@ -50,14 +50,19 @@ class Cron {
 
 		// expire any expired items
 
-		$r = q("select id from item where expires > '2001-01-01 00:00:00' and expires < %s 
+		$r = q("select id,item_wall from item where expires > '2001-01-01 00:00:00' and expires < %s 
 			and item_deleted = 0 ",
 			db_utcnow()
 		);
 		if($r) {
 			require_once('include/items.php');
-			foreach($r as $rr)
-				drop_item($rr['id'],false);
+			foreach($r as $rr) {
+				drop_item($rr['id'],false,(($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+				if($rr['item_wall']) {
+					// The notifier isn't normally invoked unless item_drop is interactive.
+					Master::Summon( [ 'Notifier', 'drop', $rr['id'] ] );
+				}
+			}
 		}
 
 

Zotlabs/Daemon/Deliver.php

@@ -75,6 +75,8 @@ class Deliver {
 						q("delete from dreport where dreport_queue = '%s'",
 							dbesc($argv[$x])
 						);
+					
+						continue;
 					}
 				}
 

Zotlabs/Daemon/Expire.php

@@ -34,7 +34,8 @@ class Expire {
 
 		logger('expire: start', LOGGER_DEBUG);
 
-		$site_expire = get_config('system', 'default_expire_days');
+		$site_expire = intval(get_config('system', 'default_expire_days'));
+		$commented_days = intval(get_config('system','active_expire_days'));
 
 		logger('site_expire: ' . $site_expire);
 
@@ -64,7 +65,7 @@ class Expire {
 
 				// if the site or service class expiration is non-zero and less than person expiration, use that
 				logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG);
-				item_expire($rr['channel_id'], $expire_days);
+				item_expire($rr['channel_id'], $expire_days, $commented_days);
 			}
 		}
 
@@ -85,7 +86,7 @@ class Expire {
 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
 	
 			if ($expire_days)
-				item_expire($x['channel_id'], $expire_days);
+				item_expire($x['channel_id'], $expire_days, $commented_days);
 
 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}

Zotlabs/Daemon/Master.php

@@ -3,7 +3,6 @@
 namespace Zotlabs\Daemon;
 
 if(array_search( __file__ , get_included_files()) === 0) {
-
 	require_once('include/cli_startup.php');
 	array_shift($argv);
 	$argc = count($argv);
@@ -17,14 +16,134 @@ if(array_search( __file__ , get_included_files()) === 0) {
 
 class Master {
 
+	static public $queueworker = null;
+
 	static public function Summon($arr) {
 		proc_run('php','Zotlabs/Daemon/Master.php',$arr);
 	}
 
 	static public function Release($argc,$argv) {
 		cli_startup();
-		logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
-		$cls::run($argc,$argv);
+
+		$maxworkers = get_config('system','max_queue_workers');
+
+		if (!$maxworkers || $maxworkers == 0) {
+			logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+                	$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+                	$cls::run($argc,$argv);
+			self::ClearQueue();
+		} else {
+			logger('Master: enqueue: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+			$workinfo = ['argc'=>$argc,'argv'=>$argv];
+			q("insert into config (cat,k,v) values ('queuework','%s','%s')",
+				dbesc(uniqid('workitem:',true)),
+				dbesc(serialize($workinfo)));
+			self::Process();
+		}
+	}
+
+	static public function GetWorkerID() {
+		$maxworkers = get_config('system','max_queue_workers');
+		$maxworkers = ($maxworkers) ? $maxworkers : 3;
+
+		$workermaxage = get_config('system','max_queue_worker_age');
+		$workermaxage = ($workermaxage) ? $workermaxage : 300;
+
+		$workers = q("select * from config where cat='queueworkers' and k like '%s'", 'workerstarted_%');
+
+		if (count($workers) > $maxworkers) {
+			foreach ($workers as $idx => $worker) {
+                                $curtime = time();
+                                $age = (intval($curtime) - intval($worker['v']));
+                                if ( $age > $workermaxage) {
+					logger("Prune worker: ".$worker['k'], LOGGER_ALL, LOGGER_DEBUG);
+					$k = explode('_',$worker['k']);
+					q("delete from config where cat='queueworkers' and k='%s'",
+						'workerstarted_'.$k[1]);
+					q("update config set k='workitem' where cat='queuework' and k='%s'",
+						'workitem_'.$k[1]);
+					unset($workers[$idx]);
+				}
+			}
+			if (count($workers) > $maxworkers) {
+				return false;
+			}
+		}
+		return uniqid();
+
+	}
+
+	static public function Process() {
+
+		self::$queueworker = self::GetWorkerID();
+
+		if (!self::$queueworker) {
+			logger('Master: unable to obtain worker ID.');
+			killme();
+		}
+
+		set_config('queueworkers','workerstarted_'.self::$queueworker,time());
+
+		$workersleep = get_config('system','queue_worker_sleep');
+		$workersleep = ($workersleep) ? $workersleep : 5;
+		cli_startup();
+
+		$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
+			'workitem_'.self::$queueworker,
+			dbesc('workitem:%'));
+		$jobs = 0;
+		while ($work) {
+			$workitem = q("select * from config where cat='queuework' and k='%s'",
+				'workitem_'.self::$queueworker);
+
+			if (isset($workitem[0])) {
+				$jobs++;
+				$workinfo = unserialize($workitem[0]['v']);
+				$argc = $workinfo['argc'];
+				$argv = $workinfo['argv'];
+				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+
+				//Delete unclaimed duplicate workitems.
+				q("delete from config where cat='queuework' and k='workitem' and v='%s'",
+					serialize($argv));
+
+				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$cls::run($argc,$argv);
+
+				//Right now we assume that if we get a return, everything is OK.
+				//At some point we may want to test whether the run returns true/false
+				//    and requeue the work to be tried again.  But we probably want
+				//    to implement some sort of "retry interval" first.
+
+				q("delete from config where cat='queuework' and k='%s'",
+					'workitem_'.self::$queueworker);
+			} else {
+				break;
+			}
+			sleep ($workersleep);
+			$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
+				'workitem_'.self::$queueworker,
+				dbesc('workitem:%'));
+
+		}
+		logger('Master: Worker Thread: queue items processed:' . $jobs);
+		q("delete from config where cat='queueworkers' and k='%s'",
+			'workerstarted_'.self::$queueworker);
 	}	
+
+	static public function ClearQueue() {
+			$work = q("select * from config where cat='queuework' and k like '%s'",
+				dbesc('workitem%'));
+			foreach ($work as $workitem) {
+				$workinfo = unserialize($workitem['v']);
+				$argc = $workinfo['argc'];
+				$argv = $workinfo['argv'];
+				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$cls::run($argc,$argv);
+			}
+			$work = q("delete from config where cat='queuework' and k like '%s'",
+				dbesc('workitem%'));
+	}
+	
 }

Zotlabs/Daemon/Notifier.php

@@ -90,8 +90,6 @@ class Notifier {
 
 		$item_id = $argv[2];
 
-		$extra = (($argc > 3) ? $argv[3] : null);
-
 		if(! $item_id)
 			return;
 
@@ -315,7 +313,7 @@ class Notifier {
 			}
 
 
-			if($target_item['id'] == $target_item['parent']) {
+			if($target_item['mid'] === $target_item['parent_mid']) {
 				$parent_item = $target_item;
 				$top_level_post = true;
 			}
@@ -561,6 +559,8 @@ class Notifier {
 
 		foreach($dhubs as $hub) {
 
+			logger('notifier_hub: ' . $hub['hubloc_url'],LOGGER_DEBUG);
+
 			if($hub['hubloc_network'] !== 'zot') {
 				$narr = [
 					'channel'        => $channel,
@@ -620,8 +620,8 @@ class Notifier {
 				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
 			if($packet_type === 'keychange') {
-				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 				$pmsg = get_pconfig($channel['channel_id'],'system','keychange');
+				$packet = zot_build_packet($channel,$packet_type,(($packet_recips) ? $packet_recips : null));
 			}
 			elseif($packet_type === 'request') {
 				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
@@ -642,7 +642,21 @@ class Notifier {
 			}
 			else {
 				$env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : '');
-				$packet = zot_build_packet($channel,'notify',$env,(($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);	
+
+				// currently zot6 delivery is only performed on normal items and not sync items or mail or anything else
+				// Eventually we will do this for all deliveries, but for now ensure this is precisely what we are dealing 
+				// with before switching to zot6 as the primary zot6 handler checks for the existence of a message delivery report
+				// to trigger dequeue'ing
+
+				$z6 = (($encoded_item && $encoded_item['type'] === 'activity' && (! array_key_exists('allow_cid',$encoded_item))) ? true : false);
+				if($z6) {
+					$packet = zot6_build_packet($channel,'notify',$env, json_encode($encoded_item), (($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);
+				}
+				else {
+					$packet = zot_build_packet($channel,'notify',$env, (($private) ? $hub['hubloc_sitekey'] : null), $hub['site_crypto'],$hash);
+
+				}	
+
 				queue_insert(
 					[
 						'hash'       => $hash,

Zotlabs/Daemon/Poller.php

@@ -71,14 +71,18 @@ class Poller {
 
 		$randfunc = db_getfunc('RAND');
 	
-		$contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash 
+		$contacts = q("SELECT abook.abook_updated, abook.abook_connected, abook.abook_feed,
+			abook.abook_channel, abook.abook_id, abook.abook_archived, abook.abook_pending,
+			abook.abook_ignored, abook.abook_blocked,
+			xchan.xchan_network,
+			account.account_lastlog, account.account_flags 
+			FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash 
 			LEFT JOIN account on abook_account = account_id
 			where abook_self = 0
 			$sql_extra 
 			AND (( account_flags = %d ) OR ( account_flags = %d )) $abandon_sql ORDER BY $randfunc",
 			intval(ACCOUNT_OK),
 			intval(ACCOUNT_UNVERIFIED)     // FIXME
-
 		);
 
 		if($contacts) {

Zotlabs/Daemon/Queue.php

@@ -13,10 +13,10 @@ class Queue {
 		require_once('include/bbcode.php');
 
 
-		if(argc() > 1)
-			$queue_id = argv(1);
+		if($argc > 1)
+			$queue_id = $argv[1];
 		else
-			$queue_id = 0;
+			$queue_id = EMPTY_STR;
 
 		logger('queue: start');
 

Zotlabs/Extend/Route.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Zotlabs\Extend;
+
+
+class Route {
+
+	static function register($file,$modname) {
+		$rt = self::get();
+		$rt[] = [ $file, $modname ];
+		self::set($rt);
+	}
+
+	static function unregister($file,$modname) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file && $r[1] !== $modname) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function unregister_by_file($file) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function get() {
+		return get_config('system','routes',[]);
+	}
+
+	static function set($r) {
+		return set_config('system','routes',$r);
+	}
+}
+

Zotlabs/Extend/Widget.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace Zotlabs\Extend;
+
+
+class Widget {
+
+	static function register($file,$widget) {
+		$rt = self::get();
+		$rt[] = [ $file, $widget ];
+		self::set($rt);
+	}
+
+	static function unregister($file,$widget) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file && $r[1] !== $widget) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function unregister_by_file($file) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function get() {
+		return get_config('system','widgets',[]);
+	}
+
+	static function set($r) {
+		return set_config('system','widgets',$r);
+	}
+}

Zotlabs/Identity/OAuth2Server.php

@@ -0,0 +1,35 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+class OAuth2Server extends \OAuth2\Server {
+
+	public function __construct(OAuth2Storage $storage, $config = null) {
+
+		if(! is_array($config)) {
+			$config = [
+				'use_openid_connect' => true,
+				'issuer' => \Zotlabs\Lib\System::get_site_name()
+			];
+		}
+
+		parent::__construct($storage, $config);
+
+		// Add the "Client Credentials" grant type (it is the simplest of the grant types)
+		$this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
+
+		// Add the "Authorization Code" grant type (this is where the oauth magic happens)
+                // Need to use OpenID\GrantType to return id_token (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
+		$this->addGrantType(new \OAuth2\OpenID\GrantType\AuthorizationCode($storage));
+
+		$keyStorage = new \OAuth2\Storage\Memory( [
+			'keys' => [
+				'public_key'  => get_config('system', 'pubkey'),
+				'private_key' => get_config('system', 'prvkey')
+			]
+		]);
+
+		$this->addStorage($keyStorage, 'public_key');
+	}
+
+}

Zotlabs/Identity/OAuth2Storage.php

@@ -0,0 +1,139 @@
+<?php
+
+namespace Zotlabs\Identity;
+
+
+class OAuth2Storage extends \OAuth2\Storage\Pdo {
+
+    /**
+     * @param string $username
+     * @param string $password
+     * @return bool
+     */
+    public function checkUserCredentials($username, $password)
+    {
+        if ($user = $this->getUser($username)) {
+            return $this->checkPassword($user, $password);
+        }
+
+        return false;
+    }
+
+    /**
+     * @param string $username
+     * @return array|bool
+     */
+    public function getUserDetails($username)
+    {
+        return $this->getUser($username);
+    }
+
+
+    /**
+     *
+     * @param array $user
+     * @param string $password
+     * @return bool
+     */
+    protected function checkPassword($user, $password)
+    {
+
+		$x = account_verify_password($user,$password);
+		return((array_key_exists('channel',$x) && ! empty($x['channel'])) ? true : false);
+
+    }
+
+    /**
+     * @param string $username
+     * @return array|bool
+     */
+    public function getUser($username)
+    {
+
+		$x = channelx_by_n($username);
+		if(! $x) {
+			return false;
+		}
+
+		$a = q("select * from account where account_id = %d",
+			intval($x['channel_account_id'])
+		);
+
+		$n = explode(' ', $x['channel_name']);
+
+		return( [
+			'webfinger'   => channel_reddress($x),
+			'portable_id' => $x['channel_hash'],
+			'email'       => $a['account_email'],
+			'username'    => $x['channel_address'],
+			'user_id'     => $x['channel_id'],
+			'name'        => $x['channel_name'],
+			'firstName'   => ((count($n) > 1) ? $n[1] : $n[0]),
+			'lastName'    => ((count($n) > 2) ? $n[count($n) - 1] : ''),
+			'picture'     => $x['xchan_photo_l']
+		] );
+    }
+
+    public function scopeExists($scope) {
+      // Report that the scope is valid even if it's not.
+      // We will only return a very small subset no matter what.
+      // @TODO: Truly validate the scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //        vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+      //    for more info.
+      return true;
+    }
+
+    public function getDefaultScope($client_id=null) {
+      // Do not REQUIRE a scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //    for more info.
+      return null;
+    }
+
+    public function getUserClaims ($user_id, $claims) {
+      // Populate the CLAIMS requested (if any).
+      // @TODO: create a more reasonable/comprehensive list.
+      // @TODO: present claims on the AUTHORIZATION screen
+
+        $userClaims = Array();
+        $claims = explode (' ', trim($claims));
+        $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
+        $claimsmap = Array (
+                            "webfinger" => 'webfinger',
+                            "portable_id" => 'portable_id',
+                            "name" => 'name',
+							"email" => 'email',
+                            "preferred_username" => 'username',
+							"picture" => 'picture',
+							"given_name" => 'firstName',
+							"family_name" => 'lastName'
+                           );
+        $userinfo = $this->getUser($user_id);
+        foreach ($validclaims as $validclaim) {
+            if (in_array($validclaim,$claims)) {
+              $claimkey = $claimsmap[$validclaim];
+              $userClaims[$validclaim] = $userinfo[$claimkey];
+            } else {
+              $userClaims[$validclaim] = $validclaim;
+            }
+        }
+        $userClaims["sub"]=$user_id;
+        return $userClaims; 
+    }
+
+    /**
+     * plaintext passwords are bad!  Override this for your application
+     *
+     * @param string $username
+     * @param string $password
+     * @param string $firstName
+     * @param string $lastName
+     * @return bool
+     */
+    public function setUser($username, $password, $firstName = null, $lastName = null)
+    {
+        return true;
+    }
+
+}

Zotlabs/Lib/ActivityStreams.php

@@ -9,6 +9,7 @@ namespace Zotlabs\Lib;
  */
 class ActivityStreams {
 
+	public $raw    = null;
 	public $data;
 	public $valid  = false;
 	public $id     = '';
@@ -33,7 +34,9 @@ class ActivityStreams {
 	 */
 	function __construct($string) {
 
+		$this->raw  = $string;
 		$this->data = json_decode($string, true);
+
 		if($this->data) {
 			$this->valid = true;
 		}
@@ -204,7 +207,7 @@ class ActivityStreams {
 		}
 
 		$x = z_fetch_url($url, true, $redirects,
-			['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]);
+			['headers' => [ 'Accept: application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"' ]]);
 		if($x['success'])
 			return json_decode($x['body'], true);
 

Zotlabs/Lib/Apps.php

@@ -13,7 +13,12 @@ require_once('include/channel.php');
 
 class Apps {
 
-	static public $installed_system_apps = null;
+	static public $available_apps = null;
+	static public $installed_apps = null;
+
+	static public $base_apps = null;
+
+
 
 	static public function get_system_apps($translate = true) {
 
@@ -45,30 +50,64 @@ class Apps {
 			}
 		}
 
+		call_hooks('get_system_apps',$ret);
+
 		return $ret;
 
 	}
 
+	static public function get_base_apps() {
+		return get_config('system','base_apps',[ 
+			'Connections',
+			'Network',
+			'Settings',
+			'Files',
+			'Channel Home',
+			'View Profile',
+			'Photos',
+			'Events',
+			'Directory',
+			'Search',
+			'Help',
+			'Mail',
+			'Profile Photo'
+		]);
+	}
 
 	static public function import_system_apps() {
 		if(! local_channel())
 			return;
+
+		self::$base_apps = self::get_base_apps();
+ 
 		$apps = self::get_system_apps(false);
 
-		self::$installed_system_apps = q("select * from app where app_system = 1 and app_channel = %d",
+		self::$available_apps = q("select * from app where app_channel = 0");
+
+		self::$installed_apps = q("select * from app where app_channel = %d",
 			intval(local_channel())
 		);
 
 		if($apps) {
 			foreach($apps as $app) {
 				$id = self::check_install_system_app($app);
+
+				// $id will be boolean true or false to install an app, or an integer id to update an existing app
+				if($id !== false) {
+					$app['uid'] = 0;
+					$app['guid'] = hash('whirlpool',$app['name']);
+					$app['system'] = 1;
+					self::app_install(0,$app);
+				}
+
+				$id = self::check_install_personal_app($app);
 				// $id will be boolean true or false to install an app, or an integer id to update an existing app
 				if($id === false)
 					continue;
 				if($id !== true) {
 					// if we already installed this app, but it changed, preserve any categories we created
-					$s = '';
-					$r = q("select * from term where otype = %d and oid = %d",
+					$s = EMPTY_STR;
+					$r = q("select term from term where otype = %d and oid = %d",
 						intval(TERM_OBJ_APP),
 						intval($id)
 					);
@@ -85,6 +124,7 @@ class Apps {
 				$app['guid'] = hash('whirlpool',$app['name']);
 				$app['system'] = 1;
 				self::app_install(local_channel(),$app);
+
 			}
 		}					
 	}
@@ -95,17 +135,22 @@ class Apps {
 	 */
 
 	static public function check_install_system_app($app) {
-		if((! is_array(self::$installed_system_apps)) || (! count(self::$installed_system_apps))) {
+		if((! is_array(self::$available_apps)) || (! count(self::$available_apps))) {
 			return true;
 		}
 		$notfound = true;
-		foreach(self::$installed_system_apps as $iapp) {
+		foreach(self::$available_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if(($iapp['app_version'] != $app['version'])
+				if(($iapp['app_version'] !== $app['version'])
 					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
+
+				if(($iapp['app_url'] !== $app['url'])
+					|| ($iapp['app_photo'] !== $app['photo'])) {
+					return intval($iapp['app_id']);
+				}
 			}
 		}
 
@@ -113,12 +158,38 @@ class Apps {
 	}
 
 
+	/**
+	 * Install the system app if no system apps have been installed, or if a new system app 
+	 * is discovered, or if the version of a system app changes.
+	 */
+
+
+
+	static public function check_install_personal_app($app) {
+		$installed = false;
+		foreach(self::$installed_apps as $iapp) {			
+			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
+				$installed = true;
+				if(($iapp['app_version'] != $app['version'])
+					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
+					return intval($iapp['app_id']);
+				}
+			}
+		}
+		if(! $installed && in_array($app['name'],self::$base_apps)) {
+			return true;
+		}
+		return false;
+	}
+
+
 	static public function app_name_compare($a,$b) {
 		return strcasecmp($a['name'],$b['name']);
 	}
 
 
 	static public function parse_app_description($f,$translate = true) {
+
 		$ret = array();
 
 		$baseurl = z_root();
@@ -134,12 +205,11 @@ class Apps {
 		if($lines) {
 			foreach($lines as $x) {
 				if(preg_match('/^([a-zA-Z].*?):(.*?)$/ism',$x,$matches)) {
-					$ret[$matches[1]] = trim(str_replace(array('$baseurl','$nick'),array($baseurl,$address),$matches[2]));
+					$ret[$matches[1]] = trim($matches[2]);
 				}
 			}
 		}	
 
-
 		if(! $ret['photo'])
 			$ret['photo'] = $baseurl . '/' . get_default_profile_photo(80);
 
@@ -194,6 +264,14 @@ class Apps {
 						if(! is_public_profile())
 							unset($ret);
 						break;
+					case 'public_stream':
+						if(! can_view_public_stream())
+							unset($ret);
+						break;
+					case 'custom_role':
+						if(get_pconfig(local_channel(),'system','permissions_role') !== 'custom')
+							unset($ret);
+						break;
 					case 'observer':
 						if(! $observer)
 							unset($ret);
@@ -221,18 +299,18 @@ class Apps {
 	static public function translate_system_apps(&$arr) {
 		$apps = array(
 			'Apps' => t('Apps'),
+			'Articles' => t('Articles'),
 			'Cards' => t('Cards'),
 			'Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
-			'View Bookmarks' => t('View Bookmarks'),
-			'My Chatrooms' => t('My Chatrooms'),
+			'Bookmarks' => t('Bookmarks'),
+			'Chatrooms' => t('Chatrooms'),
 			'Connections' => t('Connections'),
-			'Firefox Share' => t('Firefox Share'),
 			'Remote Diagnostics' => t('Remote Diagnostics'),
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
 			'Channel Manager' => t('Channel Manager'), 
-			'Grid' => t('Activity'), 
+			'Network' => t('Stream'),
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
@@ -255,7 +333,25 @@ class Apps {
 			'Features' => t('Features'),
 			'Language' => t('Language'),
 			'Post' => t('Post'),
-			'Profile Photo' => t('Profile Photo')
+			'Profile Photo' => t('Profile Photo'),
+			'Profile' => t('Profile'),
+			'Profiles' => t('Profiles'),
+			'Privacy Groups' => t('Privacy Groups'),
+			'Notifications' => t('Notifications'),
+			'Order Apps' => t('Order Apps'),
+			'CalDAV' => t('CalDAV'),
+			'CardDAV' => t('CardDAV'),
+			'Channel Sources' => t('Channel Sources'),
+			'Guest Access' => t('Guest Access'),
+			'Notes' => t('Notes'),
+			'OAuth Apps Manager' => t('OAuth Apps Manager'),
+			'OAuth2 Apps Manager' => t('OAuth2 Apps Manager'),
+			'PDL Editor' => t('PDL Editor'),
+			'Permission Categories' => t('Permission Categories'),
+			'Premium Channel' => t('Premium Channel'),
+			'Public Stream' => t('Public Stream'),
+			'My Chatrooms' => t('My Chatrooms'),
+			'Channel Export' => t('Channel Export')
 		);
 
 		if(array_key_exists('name',$arr)) {
@@ -267,6 +363,9 @@ class Apps {
 			for($x = 0; $x < count($arr); $x++) {
 				if(array_key_exists($arr[$x]['name'],$apps)) {
 					$arr[$x]['name'] = $apps[$arr[$x]['name']];
+				} else {
+				    // Try to guess by app name if not in list
+				    $arr[$x]['name'] = t(trim($arr[$x]['name']));
 				}
 			}
 		}
@@ -282,6 +381,7 @@ class Apps {
 		 * modes:
 		 *    view: normal mode for viewing an app via bbcode from a conversation or page
 		 *       provides install/update button if you're logged in locally
+		 *    install: like view but does not display app-bin options if they are present
 		 *    list: normal mode for viewing an app on the app page
 		 *       no buttons are shown
 		 *    edit: viewing the app page in editing mode provides a delete button
@@ -294,7 +394,7 @@ class Apps {
 			return;
 
 		if(! $papp['photo'])
-			$papp['photo'] = z_root() . '/' . get_default_profile_photo(80);
+			$papp['photo'] = 'icon:gear';
 
 		self::translate_system_apps($papp);
 
@@ -303,9 +403,29 @@ class Apps {
 
 		$papp['papp'] = self::papp_encode($papp);
 
-		if(! strstr($papp['url'],'://'))
+		// This will catch somebody clicking on a system "available" app that hasn't had the path macros replaced
+		// and they are allowed to see the app
+		if(strpos($papp['url'],'$baseurl') !== false || strpos($papp['url'],'$nick') !== false || strpos($papp['photo'],'$baseurl') !== false || strpos($papp['photo'],'$nick') !== false) {
+			$view_channel = local_channel();
+			if(! $view_channel) {
+
+				$sys = get_sys_channel();
+				$view_channel = $sys['channel_id'];
+			}
+			self::app_macros($view_channel,$papp); 
+		}
+
+		if(strpos($papp['url'], ',')) {
+			$urls = explode(',', $papp['url']);
+			$papp['url'] = trim($urls[0]);
+			$papp['settings_url'] = trim($urls[1]);
+		}
+
+		if(! strpos($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 
+
+
 		foreach($papp as $k => $v) {
 			if(strpos($v,'http') === 0 && $k != 'papp') {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
@@ -345,6 +465,14 @@ class Apps {
 							if(! is_public_profile())
 								return '';
 							break;
+						case 'public_stream':
+							if(! can_view_public_stream())
+								return '';
+							break;
+						case 'custom_role':
+							if(get_pconfig(local_channel(),'system','permissions_role') != 'custom')
+								return '';
+							break;
 						case 'observer':
 							$observer = \App::get_observer();
 							if(! $observer)
@@ -366,7 +494,9 @@ class Apps {
 		$hosturl = '';
 
 		if(local_channel()) {
-			$installed = self::app_installed(local_channel(),$papp);
+			if(self::app_installed(local_channel(),$papp) && !$papp['deleted'])
+				$installed = true;
+
 			$hosturl = z_root() . '/';
 		}
 		elseif(remote_channel()) {
@@ -390,18 +520,24 @@ class Apps {
 			));
 		}
 
+		if($mode === 'install') {
+			$papp['embed'] = true;
+		}
+
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
 			'$hosturl' => $hosturl,
 			'$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''),
-			'$install' => (($hosturl && $mode == 'view') ? $install_action : ''),
+			'$installed' => $installed,
+			'$action_label' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
-			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
-			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
+			'$delete' => ((local_channel() && $mode == 'edit') ? t('Delete') : ''),
+			'$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''),
+			'$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''),
 			'$deleted' => $papp['deleted'],
-			'$feature' => (($papp['embed']) ? false : true),
-			'$pin' => (($papp['embed']) ? false : true),
+			'$feature' => (($papp['embed'] || $mode == 'edit') ? false : true),
+			'$pin' => (($papp['embed'] || $mode == 'edit') ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
@@ -409,14 +545,26 @@ class Apps {
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray'),
 			'$add_nav' => t('Pin to navbar'),
-			'$remove_nav' => t('Unpin from navbar')
+			'$remove_nav' => t('Unpin from navbar'),
+			'$rpath' => z_root() . '/apps'
 		));
 	}
 
 	static public function app_install($uid,$app) {
+
+		if(! is_array($app)) {
+			$r = q("select * from app where app_name = '%s' and app_channel = 0",
+				dbesc($app)
+			);
+			if(! $r)
+				return false;
+
+			$app = self::app_encode($r[0]);
+		}
+
 		$app['uid'] = $uid;
 
-		if(self::app_installed($uid,$app))
+		if(self::app_installed($uid,$app,true))
 			$x = self::app_update($app);
 		else
 			$x = self::app_store($app);
@@ -427,7 +575,7 @@ class Apps {
 				intval($uid)
 			);
 			if($r) {
-				if(! $r[0]['app_system']) {
+				if(($app['uid']) && (! $r[0]['app_system'])) {
 					if($app['categories'] && (! $app['term'])) {
 						$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
 							intval(TERM_OBJ_APP),
@@ -442,8 +590,25 @@ class Apps {
 		return false;
 	}
 
-	static public function app_destroy($uid,$app) {
 
+	static public function can_delete($uid,$app) {
+		if(! $uid) {
+			return false;
+		}
+
+		$base_apps = self::get_base_apps();
+		if($base_apps) {
+			foreach($base_apps as $b) {
+				if($app['guid'] === hash('whirlpool',$b)) {
+					return false;
+				}
+			}
+		}
+		return true;
+	}
+
+
+	static public function app_destroy($uid,$app) {
 
 		if($uid && $app['guid']) {
 
@@ -454,23 +619,24 @@ class Apps {
 			if($x) {
 				if(! intval($x[0]['app_deleted'])) {
 					$x[0]['app_deleted'] = 1;
-					q("delete from term where otype = %d and oid = %d",
-						intval(TERM_OBJ_APP),
-						intval($x[0]['id'])
-					);
-					if($x[0]['app_system']) {
+					if(self::can_delete($uid,$app)) {
+						$r = q("delete from app where app_id = '%s' and app_channel = %d",
+							dbesc($app['guid']),
+							intval($uid)
+						);
+						q("delete from term where otype = %d and oid = %d",
+							intval(TERM_OBJ_APP),
+							intval($x[0]['id'])
+						);
+						call_hooks('app_destroy', $x[0]);
+					}
+					else {
 						$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
 							dbesc($app['guid']),
 							intval($uid)
 						);
 					}
-					else {
-						$r = q("delete from app where app_id = '%s' and app_channel = %d",
-							dbesc($app['guid']),
-							intval($uid)
-						);
-
-						// we don't sync system apps - they may be completely different on the other system
+					if(! intval($x[0]['app_system'])) {
 						build_sync_packet($uid,array('app' => $x));
 					}
 				}
@@ -479,6 +645,7 @@ class Apps {
 				}
 			}
 		}
+
 	}
 
 	static public function app_undestroy($uid,$app) {
@@ -526,17 +693,66 @@ class Apps {
 		}
 	}
 
-	static public function app_installed($uid,$app) {
+	static public function app_installed($uid,$app,$bypass_filter=false) {
 
 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc((array_key_exists('guid',$app)) ? $app['guid'] : ''), 
 			intval($uid)
 		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
 		return(($r) ? true : false);
 
 	}
 
 
+	static public function addon_app_installed($uid,$app,$bypass_filter=false) {
+
+		$r = q("select id from app where app_plugin = '%s' and app_channel = %d limit 1",
+			dbesc($app),
+			intval($uid)
+		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('addon_app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
+		return(($r) ? true : false);
+
+	}
+
+	static public function system_app_installed($uid,$app,$bypass_filter=false) {
+
+		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
+			dbesc(hash('whirlpool',$app)),
+			intval($uid)
+		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('system_app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
+		return(($r) ? true : false);
+
+	}
+
+
+
 	static public function app_list($uid, $deleted = false, $cats = []) {
 		if($deleted) 
 			$sql_extra = "";
@@ -576,6 +792,9 @@ class Apps {
 		);
 
 		if($r) {
+                        $hookinfo = Array('uid'=>$uid,'deleted'=>$deleted,'cats'=>$cats,'apps'=>$r);
+			call_hooks('app_list',$hookinfo);
+			$r = $hookinfo['apps'];
 			for($x = 0; $x < count($r); $x ++) {
 				if(! $r[$x]['app_system'])
 					$r[$x]['type'] = 'personal';
@@ -719,6 +938,29 @@ class Apps {
 	}
 
 
+	static public function app_macros($uid,&$arr) {
+
+		if(! intval($uid))
+			return;
+
+		$baseurl = z_root();
+		$channel = channelx_by_n($uid);
+		$address = (($channel) ? $channel['channel_address'] : '');
+		
+		//future expansion
+
+		$observer = \App::get_observer();
+	
+		$arr['url'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['url']);
+		$arr['photo'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['photo']);
+
+	}
+
+
+
+
+
+
 	static public function app_store($arr) {
 
 		//logger('app_store: ' . print_r($arr,true));
@@ -726,14 +968,22 @@ class Apps {
 		$darray = array();
 		$ret = array('success' => false);
 
+		$sys = get_sys_channel();
+
+		self::app_macros($arr['uid'],$arr);
+
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
 
-		if((! $darray['app_url']) || (! $darray['app_channel']))
+		if(! $darray['app_url'])
 			return $ret;
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
-			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
+		if((! $arr['uid']) && (! $arr['author'])) {
+			$arr['author'] = $sys['channel_hash'];
+		}
+
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (strpos($arr['photo'],z_root()) !== false)) {
+			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
 
@@ -752,10 +1002,11 @@ class Apps {
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
+		$darray['app_options']  = ((x($arr,'options')) ? intval($arr['options']) : 0);
 
 		$created = datetime_convert();
 
-		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d )",
+		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted, app_options ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d, %d )",
 			dbesc($darray['app_id']),
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
@@ -773,8 +1024,10 @@ class Apps {
 			dbesc($created),
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
-			intval($darray['app_deleted'])
+			intval($darray['app_deleted']),
+			intval($darray['app_options'])
 		);
+
 		if($r) {
 			$ret['success'] = true;
 			$ret['app_id'] = $darray['app_id'];
@@ -805,15 +1058,18 @@ class Apps {
 		$darray = array();
 		$ret = array('success' => false);
 
+		self::app_macros($arr['uid'],$arr);
+
+
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
 		$darray['app_id']      = ((x($arr,'guid')) ? $arr['guid'] : 0);
 
-		if((! $darray['app_url']) || (! $darray['app_channel']) || (! $darray['app_id']))
+		if((! $darray['app_url']) || (! $darray['app_id']))
 			return $ret;
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
-			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (strpos($arr['photo'],z_root()) !== false)) {
+			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
 
@@ -830,10 +1086,11 @@ class Apps {
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
+		$darray['app_options']  = ((x($arr,'options')) ? intval($arr['options']) : 0);
 
 		$edited = datetime_convert();
 
-		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d where app_id = '%s' and app_channel = %d",
+		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d, app_options = %d where app_id = '%s' and app_channel = %d",
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
 			dbesc($darray['app_name']),
@@ -849,6 +1106,7 @@ class Apps {
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted']),
+			intval($darray['app_options']),
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
 		);
@@ -861,6 +1119,12 @@ class Apps {
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
 		);
+
+		// if updating an embed app, don't mess with any existing categories.
+
+		if(array_key_exists('embed',$arr) && intval($arr['embed']) && (intval($darray['app_channel'])))
+			return $ret;
+
 		if($x) {
 			q("delete from term where otype = %d and oid = %d",
 				intval(TERM_OBJ_APP),
@@ -890,9 +1154,6 @@ class Apps {
 
 		$ret['type'] = 'personal';
 	
-		if($app['app_id'])
-			$ret['guid'] = $app['app_id'];
-
 		if($app['app_id'])
 			$ret['guid'] = $app['app_id'];
 
@@ -935,6 +1196,9 @@ class Apps {
 		if($app['app_system'])
 			$ret['system'] = $app['app_system'];
 
+		if($app['app_options'])
+			$ret['options'] = $app['app_options'];
+
 		if($app['app_plugin'])
 			$ret['plugin'] = trim($app['app_plugin']);
 

Zotlabs/Lib/Chatroom.php

@@ -266,7 +266,7 @@ class Chatroom {
 			intval($room_id),
 			dbesc($xchan),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))
 		);
 
 		$ret['success'] = true;

Zotlabs/Lib/Config.php

@@ -142,9 +142,9 @@ class Config {
 
 
 	/**
-	 * @brief Returns a value directly from the database configuration storage.
+	 * @brief Returns a record directly from the database configuration storage.
 	 *
-	 * This function queries directly the database and bypasses the chached storage
+	 * This function queries directly the database and bypasses the cached storage
 	 * from get_config($family, $key).
 	 *
 	 * @param string $family

Zotlabs/Lib/DB_Upgrade.php

@@ -10,22 +10,12 @@ class DB_Upgrade {
 
 	function __construct($db_revision) {
 
-		$platform_name = System::get_platform_name();
+		$this->config_name = 'db_version';
+		$this->func_prefix = '_';
 
-		$update_file = 'install/' . $platform_name . '/update.php';
-		if(! file_exists($update_file)) {
-			$update_file = 'install/update.php';
-			$this->config_name = 'db_version';
-			$this->func_prefix = 'update_r';
-		}
-		else {
-			$this->config_name = $platform_name . '_db_version';
-			$this->func_prefix = $platform_name . '_update_';
-		}
-
-		$build = get_config('system', $this->config_name, 0);
+		$build = get_config('system', 'db_version', 0);
 		if(! intval($build))
-			$build = set_config('system', $this->config_name, $db_revision);
+			$build = set_config('system', 'db_version', $db_revision);
 
 		if($build == $db_revision) {
 			// Nothing to be done.
@@ -40,82 +30,78 @@ class DB_Upgrade {
 		
 			$current = intval($db_revision);
 
-			if(($stored < $current) && file_exists($update_file)) {
+			if($stored < $current) {
 
-				Config::Load('database');
+				// The last update we performed was $stored.
+				// Start at $stored + 1 and continue until we have completed $current
 
-				// We're reporting a different version than what is currently installed.
-				// Run any existing update scripts to bring the database up to current.
-				
-				require_once($update_file);
-
-				// make sure that boot.php and update.php are the same release, we might be
-				// updating from git right this very second and the correct version of the update.php
-				// file may not be here yet. This can happen on a very busy site.
-
-				if($db_revision == UPDATE_VERSION) {
-					for($x = $stored; $x < $current; $x ++) {
-						$func = $this->func_prefix . $x;
-						if(function_exists($func)) {
-							// There could be a lot of processes running or about to run.
-							// We want exactly one process to run the update command.
-							// So store the fact that we're taking responsibility
-							// after first checking to see if somebody else already has.
-
-							// If the update fails or times-out completely you may need to
-							// delete the config entry to try again.
-
-							if(get_config('database', $func))
-								break;
-							set_config('database',$func, '1');
-							// call the specific update
-
-							$retval = $func();
-							if($retval) {
-
-								// Prevent sending hundreds of thousands of emails by creating
-								// a lockfile.  
-
-								$lockfile = 'store/[data]/mailsent';
-
-								if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 86400)))
-									return;
-								@unlink($lockfile);
-								//send the administrator an e-mail
-								file_put_contents($lockfile, $x);
-							
-								$r = q("select account_language from account where account_email = '%s' limit 1",
-									dbesc(\App::$config['system']['admin_email'])
-								);
-								push_lang(($r) ? $r[0]['account_language'] : 'en');
-
-								z_mail(
-									[
-										'toEmail'        => \App::$config['system']['admin_email'],
-										'messageSubject' => sprintf( t('Update Error at %s'), z_root()),
-										'textVersion'    => replace_macros(get_intltext_template('update_fail_eml.tpl'), 
-											[
-												'$sitename' => \App::$config['system']['sitename'],
-												'$siteurl' =>  z_root(),
-												'$update' => $x,
-												'$error' => sprintf( t('Update %s failed. See error logs.'), $x)
-											]
-										)
-									]
-								);
-
-								//try the logger
-								logger('CRITICAL: Update Failed: ' . $x);
-								pop_lang();
-							}
-							else {
-								set_config('database',$func, 'success');
-							}
-						}
+				for($x = $stored + 1; $x <= $current; $x ++) {
+					$s = '_' . $x;
+					$cls = '\\Zotlabs\Update\\' . $s ;
+					if(! class_exists($cls)) {					
+						return;
+					}
+
+					// There could be a lot of processes running or about to run.
+					// We want exactly one process to run the update command.
+					// So store the fact that we're taking responsibility
+					// after first checking to see if somebody else already has.
+
+					// If the update fails or times-out completely you may need to
+					// delete the config entry to try again.
+
+					Config::Load('database');
+
+					if(get_config('database', $s))
+						break;
+					set_config('database',$s, '1');
+					
+
+					$c =  new $cls();
+					$retval = $c->run();
+
+					if($retval != UPDATE_SUCCESS) {
+
+						// Prevent sending hundreds of thousands of emails by creating
+						// a lockfile.  
+
+						$lockfile = 'store/[data]/mailsent';
+
+						if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 86400)))
+							return;
+						@unlink($lockfile);
+						//send the administrator an e-mail
+						file_put_contents($lockfile, $x);
+							
+						$r = q("select account_language from account where account_email = '%s' limit 1",
+							dbesc(\App::$config['system']['admin_email'])
+						);
+						push_lang(($r) ? $r[0]['account_language'] : 'en');
+						z_mail(
+							[
+								'toEmail'        => \App::$config['system']['admin_email'],
+								'messageSubject' => sprintf( t('Update Error at %s'), z_root()),
+								'textVersion'    => replace_macros(get_intltext_template('update_fail_eml.tpl'), 
+									[
+										'$sitename' => \App::$config['system']['sitename'],
+										'$siteurl' =>  z_root(),
+										'$update' => $x,
+										'$error' => sprintf( t('Update %s failed. See error logs.'), $x)
+									]
+								)
+							]
+						);
+
+						//try the logger
+						logger('CRITICAL: Update Failed: ' . $x);
+						pop_lang();
+					}
+					else {
+						set_config('database',$s, 'success');
 					}
-					set_config('system', $this->config_name, $db_revision);
 				}
 			}
+			set_config('system', 'db_version', $db_revision);
 		}
 	}
 }

Zotlabs/Lib/DReport.php

@@ -1,5 +1,5 @@
 <?php
-namespace Zotlabs\Zot;
+namespace Zotlabs\Lib;
 
 class DReport {
 

Zotlabs/Lib/Enotify.php

@@ -63,7 +63,9 @@ class Enotify {
 		$thanks     = t('Thank You,');
 		$sitename   = get_config('system','sitename');
 		$site_admin = sprintf( t('%s Administrator'), $sitename);
-
+		$opt_out1   = sprintf( t('This email was sent by %1$s at %2$s.'), t('$Projectname'), \App::get_hostname());
+		$opt_out2   = sprintf( t('To stop receiving these messages, please adjust your Notification Settings at %s'), z_root() . '/settings');		
+		$hopt_out2  = sprintf( t('To stop receiving these messages, please adjust your %s.'), '<a href="' . z_root() . '/settings' . '">' . t('Notification Settings')  . '</a>');
 		$sender_name = $product;
 		$hostname = \App::get_hostname();
 		if(strpos($hostname,':'))
@@ -112,6 +114,11 @@ class Enotify {
 		}
 
 
+	$always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices');
+	$vnotify = get_pconfig($recip['channel_id'],'system','vnotify');
+
+	$salutation = $recip['channel_name'];
+
 	// e.g. "your post", "David's photo", etc.
 	$possess_desc = t('%s <!item_type!>');
 
@@ -119,7 +126,7 @@ class Enotify {
 		logger('notification: mail');
 		$subject = 	sprintf( t('[$Projectname:Notify] New mail received at %s'),$sitename);
 
-		$preamble = sprintf( t('%1$s, %2$s sent you a new private message at %3$s.'),$recip['channel_name'], $sender['xchan_name'],$sitename);
+		$preamble = sprintf( t('%1$s sent you a new private message at %2$s.'), $sender['xchan_name'],$sitename);
 		$epreamble = sprintf( t('%1$s sent you %2$s.'),'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]', '[zrl=$itemlink]' . t('a private message') . '[/zrl]');
 		$sitelink = t('Please visit %s to view and/or reply to your private messages.');
 		$tsitelink = sprintf( $sitelink, $siteurl . '/mail/' . $params['item']['id'] );
@@ -128,18 +135,28 @@ class Enotify {
 	}
 
 	if ($params['type'] == NOTIFY_COMMENT) {
-//		logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
+		//logger("notification: params = " . print_r($params, true), LOGGER_DEBUG);
 
 		$moderated = (($params['item']['item_blocked'] == ITEM_MODERATED) ? true : false);
 
 		$itemlink = $params['link'];
 
-		// ignore like/unlike activity on posts - they probably require a separate notification preference
+		$action = t('commented on');
+
+		if(array_key_exists('item',$params) && in_array($params['item']['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
+
+			if(! $always_show_in_notices || !($vnotify & VNOTIFY_LIKE)) {
+				logger('notification: not a visible activity. Ignoring.');
+				pop_lang();
+				return;
+			}
+
+			if(activity_match($params['verb'], ACTIVITY_LIKE))
+				$action = t('liked');
+
+			if(activity_match($params['verb'], ACTIVITY_DISLIKE))
+				$action = t('disliked');
 
-		if (array_key_exists('item',$params) && (! visible_activity($params['item']))) {
-			logger('notification: not a visible activity. Ignoring.');
-			pop_lang();
-			return;
 		}
 
 		$parent_mid = $params['parent_mid'];
@@ -181,26 +198,26 @@ class Enotify {
 		//$possess_desc = str_replace('<!item_type!>',$possess_desc);
 
 		// "a post"
-		$dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]a %4$s[/zrl]'),
-			$recip['channel_name'],
+		$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]a %4$s[/zrl]'),
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
+			$action,
 			$itemlink,
 			$item_post_type);
 
 		// "George Bull's post"
 		if($p)
-			$dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]%4$s\'s %5$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
+				$action,
 				$itemlink,
 				$p[0]['author']['xchan_name'],
 				$item_post_type);
 		
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s commented on [zrl=%3$s]your %4$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
+				$action,
 				$itemlink,
 				$item_post_type);
 
@@ -213,7 +230,7 @@ class Enotify {
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -231,12 +248,12 @@ class Enotify {
 
 		$itemlink =  $params['link'];
 
-		// ignore like/unlike activity on posts - they probably require a separate notification preference
-
 		if (array_key_exists('item',$params) && (! activity_match($params['item']['verb'],ACTIVITY_LIKE))) {
-			logger('notification: not a like activity. Ignoring.');
-			pop_lang();
-			return;
+			if(! $always_show_in_notices  || !($vnotify & VNOTIFY_LIKE)) {
+				logger('notification: not a visible activity. Ignoring.');
+				pop_lang();
+				return;
+			}
 		}
 
 		$parent_mid = $params['parent_mid'];
@@ -279,8 +296,7 @@ class Enotify {
 
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
-			$dest_str = sprintf(t('%1$s, %2$s liked [zrl=%3$s]your %4$s[/zrl]'),
-				$recip['channel_name'],
+			$dest_str = sprintf(t('%1$s liked [zrl=%2$s]your %3$s[/zrl]'),
 				'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 				$itemlink,
 				$item_post_type);
@@ -295,7 +311,7 @@ class Enotify {
 		// differents subjects for messages on the same thread.
 
 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s liked an item/conversation you created.'), $recip['channel_name'], $sender['xchan_name']); 
+		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
@@ -308,10 +324,9 @@ class Enotify {
 	if($params['type'] == NOTIFY_WALL) {
 		$subject = sprintf( t('[$Projectname:Notify] %s posted to your profile wall') , $sender['xchan_name']);
 
-		$preamble = sprintf( t('%1$s, %2$s posted to your profile wall at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
+		$preamble = sprintf( t('%1$s posted to your profile wall at %2$s') , $sender['xchan_name'], $sitename);
 
-		$epreamble = sprintf( t('%1$s, %2$s posted to [zrl=%3$s]your wall[/zrl]') ,
-			$recip['channel_name'], 
+		$epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -335,9 +350,8 @@ class Enotify {
 		}
 	
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%3$s]tagged you[/zrl].') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -349,9 +363,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_POKE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %1$s poked you') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s poked you at %3$s') , $recip['channel_name'], $sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s [zrl=%2$s]poked you[/zrl].') ,
-			$recip['channel_name'], 
+		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$params['link']); 
 
@@ -367,9 +380,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_TAGSHARE) {
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged your post') , $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s, %2$s tagged your post at %3$s') , $recip['channel_name'],$sender['xchan_name'], $sitename);
-		$epreamble = sprintf( t('%1$s, %2$s tagged [zrl=%3$s]your post[/zrl]') ,
-			$recip['channel_name'],
+		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
+		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
 			$itemlink); 
 
@@ -381,9 +393,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('%1$s, you\'ve received an new connection request from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a new connection request[/zrl] from %3$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
 		$body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']);
@@ -396,9 +407,8 @@ class Enotify {
 
 	if ($params['type'] == NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
-		$preamble = sprintf( t('%1$s, you\'ve received a friend suggestion from \'%2$s\' at %3$s'), $recip['channel_name'], $sender['xchan_name'], $sitename); 
-		$epreamble = sprintf( t('%1$s, you\'ve received [zrl=%2$s]a friend suggestion[/zrl] for %3$s from %4$s.'),
-			$recip['channel_name'],
+		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
 			$itemlink,
 			'[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]',
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
@@ -496,8 +506,6 @@ class Enotify {
 	// Another option would be to not add them to the DB, and change how emails are handled 
 	// (probably would be better that way)
 
-	$always_show_in_notices = get_pconfig($recip['channel_id'],'system','always_show_in_notices');
-
 	if (!$always_show_in_notices) {
 		if (($params['type'] == NOTIFY_WALL) || ($params['type'] == NOTIFY_MAIL) || ($params['type'] == NOTIFY_INTRO)) {
 			$seen = 1;
@@ -600,6 +608,9 @@ class Enotify {
 		$datarray['titemlink']    = $itemlink;
 		$datarray['thanks']       = $thanks;
 		$datarray['site_admin']   = $site_admin;
+		$datarray['opt_out1']     = $opt_out1;
+		$datarray['opt_out2']     = $opt_out2;
+		$datarray['hopt_out2']    = $hopt_out2;
 		$datarray['title']        = stripslashes($title);
 		$datarray['htmlversion']  = $htmlversion;
 		$datarray['textversion']  = $textversion;
@@ -646,7 +657,7 @@ class Enotify {
 			'$banner'       => $datarray['banner'],
 			'$notify_icon'  => \Zotlabs\Lib\System::get_notify_icon(),
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . '<br><br>' . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -657,6 +668,8 @@ class Enotify {
 			'$hitemlink'    => $datarray['hitemlink'],
 			'$thanks'       => $datarray['thanks'],
 			'$site_admin'   => $datarray['site_admin'],
+			'$opt_out1'     => $datarray['opt_out1'],
+			'$opt_out2'     => $datarray['hopt_out2'],
 			'$title'        => $datarray['title'],
 			'$htmlversion'  => $datarray['htmlversion'],
 		));
@@ -666,7 +679,7 @@ class Enotify {
 		$email_text_body = replace_macros($tpl, array(
 			'$banner'       => $datarray['banner'],
 			'$product'      => $datarray['product'],
-			'$preamble'     => $datarray['preamble'],
+			'$preamble'     => $salutation . "\n\n" . $datarray['preamble'],
 			'$sitename'     => $datarray['sitename'],
 			'$siteurl'      => $datarray['siteurl'],
 			'$source_name'  => $datarray['source_name'],
@@ -677,6 +690,8 @@ class Enotify {
 			'$titemlink'    => $datarray['titemlink'],
 			'$thanks'       => $datarray['thanks'],
 			'$site_admin'   => $datarray['site_admin'],
+			'$opt_out1'     => $datarray['opt_out1'],
+			'$opt_out2'     => $datarray['opt_out2'],
 			'$title'        => $datarray['title'],
 			'$textversion'  => $datarray['textversion'],
 		));
@@ -732,8 +747,8 @@ class Enotify {
 
 		// generate a mime boundary
 		$mimeBoundary = rand(0, 9) . "-"
-				.rand(10000000000, 9999999999) . "-"
-				.rand(10000000000, 9999999999) . "=:"
+				.rand(100000000, 999999999) . "-"
+				.rand(100000000, 999999999) . "=:"
 				.rand(10000, 99999);
 
 		// generate a multipart/alternative message header
@@ -794,6 +809,20 @@ class Enotify {
 				: sprintf( t('commented on %s\'s post'), $item['owner']['xchan_name']));
 		}
 
+		$edit = false;
+
+		if($item['edited'] > $item['created']) {
+			if($item['item_thread_top']) {
+				$itemem_text = sprintf( t('edited a post dated %s'), relative_date($item['created']));
+				$edit = true;
+			}
+			else {
+				$itemem_text = sprintf( t('edited a comment dated %s'), relative_date($item['created']));
+				$edit = true;
+			}
+		}
+
+
 		// convert this logic into a json array just like the system notifications
 
 		return array(
@@ -801,7 +830,7 @@ class Enotify {
 			'name' => $item['author']['xchan_name'],
 			'url' => $item['author']['xchan_url'],
 			'photo' => $item['author']['xchan_photo_s'],
-			'when' => relative_date($item['created']), 
+			'when' => relative_date(($edit)? $item['edited'] : $item['created']), 
 			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
 			'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
 			'notify_id' => 'undefined',

Zotlabs/Lib/Group.php

@@ -0,0 +1,405 @@
+<?php 
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libsync;
+
+
+class Group {
+	
+	static function add($uid,$name,$public = 0) {
+
+		$ret = false;
+		if(x($uid) && x($name)) {
+			$r = self::byname($uid,$name); // check for dups
+			if($r !== false) {
+
+				// This could be a problem. 
+				// Let's assume we've just created a group which we once deleted
+				// all the old members are gone, but the group remains so we don't break any security
+				// access lists. What we're doing here is reviving the dead group, but old content which
+				// was restricted to this group may now be seen by the new group members. 
+
+				$z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1",
+					intval($r)
+				);
+				if(($z) && $z[0]['deleted']) {
+					q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id']));
+					notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); 
+				}
+				return true;
+			}
+
+			do {
+				$dups = false;
+				$hash = random_string(32) . str_replace(['<','>'],['.','.'], $name);
+
+				$r = q("SELECT id FROM pgrp WHERE hash = '%s' LIMIT 1", dbesc($hash));
+				if($r)
+					$dups = true;
+			} while($dups == true);
+
+
+			$r = q("INSERT INTO pgrp ( hash, uid, visible, gname )
+				VALUES( '%s', %d, %d, '%s' ) ",
+				dbesc($hash),
+				intval($uid),
+				intval($public),
+				dbesc($name)
+			);
+			$ret = $r;
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+		return $ret;
+	}
+
+
+	static function remove($uid,$name) {
+		$ret = false;
+		if(x($uid) && x($name)) {
+			$r = q("SELECT id, hash FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+				intval($uid),
+				dbesc($name)
+			);
+			if($r) {
+				$group_id = $r[0]['id'];
+				$group_hash = $r[0]['hash'];
+			}
+
+			if(! $group_id)
+				return false;
+
+			// remove group from default posting lists
+			$r = q("SELECT channel_default_group, channel_allow_gid, channel_deny_gid FROM channel WHERE channel_id = %d LIMIT 1",
+			       intval($uid)
+			);
+			if($r) {
+				$user_info = $r[0];
+				$change = false;
+
+				if($user_info['channel_default_group'] == $group_hash) {
+					$user_info['channel_default_group'] = '';
+					$change = true;
+				}
+				if(strpos($user_info['channel_allow_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_allow_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_allow_gid']);
+					$change = true;
+				}
+				if(strpos($user_info['channel_deny_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_deny_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_deny_gid']);
+					$change = true;
+				}
+
+				if($change) {
+					q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' 
+						WHERE channel_id = %d",
+						intval($user_info['channel_default_group']),
+						dbesc($user_info['channel_allow_gid']),
+						dbesc($user_info['channel_deny_gid']),
+						intval($uid)
+					);
+				}
+			}
+
+			// remove all members
+			$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d ",
+				intval($uid),
+				intval($group_id)
+			);
+
+			// remove group
+			$r = q("UPDATE pgrp SET deleted = 1 WHERE uid = %d AND gname = '%s'",
+				intval($uid),
+				dbesc($name)
+			);
+
+			$ret = $r;
+
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $ret;
+	}
+
+
+	static function byname($uid,$name) {
+		if((! $uid) || (! strlen($name)))
+			return false;
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($name)
+		);
+		if($r)
+			return $r[0]['id'];
+		return false;
+	}
+
+
+	static function rec_byhash($uid,$hash) {
+		if((! $uid) || (! strlen($hash)))
+			return false;
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND hash = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($hash)
+		);
+		if($r)
+			return $r[0];
+		return false;
+	}
+
+
+	static function member_remove($uid,$name,$member) {
+		$gid = self::byname($uid,$name);
+		if(! $gid)
+			return false;
+		if(! ( $uid && $gid && $member))
+			return false;
+		$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' ",
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function member_add($uid,$name,$member,$gid = 0) {
+		if(! $gid)
+			$gid = self::byname($uid,$name);
+		if((! $gid) || (! $uid) || (! $member))
+			return false;
+
+		$r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1",	
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+		if($r)
+			return true;	// You might question this, but 
+				// we indicate success because the group member was in fact created
+				// -- It was just created at another time
+	 	if(! $r)
+			$r = q("INSERT INTO pgrp_member (uid, gid, xchan)
+				VALUES( %d, %d, '%s' ) ",
+				intval($uid),
+				intval($gid),
+				dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function members($gid) {
+		$ret = array();
+		if(intval($gid)) {
+			$r = q("SELECT * FROM pgrp_member 
+				LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan
+				WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ",
+				intval($gid),
+				intval(local_channel()),
+				intval(local_channel())
+			);
+			if($r)
+				$ret = $r;
+		}
+		return $ret;
+	}
+
+	static function members_xchan($gid) {
+		$ret = [];
+		if(intval($gid)) {
+			$r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND uid = %d",
+				intval($gid),
+				intval(local_channel())
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+	static function members_profile_xchan($uid,$gid) {
+		$ret = [];
+
+		if(intval($gid)) {
+			$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
+				intval($gid),
+				intval($uid)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+
+
+	static function select($uid,$group = '') {
+	
+		$grps = [];
+		$o = '';
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($uid)
+		);
+		$grps[] = array('name' => '', 'hash' => '0', 'selected' => '');
+		if($r) {
+			foreach($r as $rr) {
+				$grps[] = array('name' => $rr['gname'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : ''));
+			}
+
+		}
+		logger('select: ' . print_r($grps,true), LOGGER_DATA);
+
+		$o = replace_macros(get_markup_template('group_selection.tpl'), array(
+			'$label' => t('Add new connections to this privacy group'),
+			'$groups' => $grps 
+		));
+		return $o;
+	}
+
+
+
+
+	static function widget($every="connections",$each="group",$edit = false, $group_id = 0, $cid = '',$mode = 1) {
+
+		$o = '';
+
+		if(! (local_channel() && feature_enabled(local_channel(),'groups'))) {
+			return '';
+		}
+
+		$groups = array();
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($_SESSION['uid'])
+		);
+		$member_of = array();
+		if($cid) {
+			$member_of = self::containing(local_channel(),$cid);
+		} 
+
+		if($r) {
+			foreach($r as $rr) {
+				$selected = (($group_id == $rr['id']) ? ' group-selected' : '');
+			
+				if ($edit) {
+					$groupedit = [ 'href' => "group/".$rr['id'], 'title' => t('edit') ];
+				} 
+				else {
+					$groupedit = null;
+				}
+			
+				$groups[] = [
+					'id'		=> $rr['id'],
+					'enc_cid'   => base64url_encode($cid),
+					'cid'		=> $cid,
+					'text' 		=> $rr['gname'],
+					'selected' 	=> $selected,
+					'href'		=> (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']) . ((x($_GET,'new')) ? '&new=' . $_GET['new'] : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''),
+					'edit'		=> $groupedit,
+					'ismember'	=> in_array($rr['id'],$member_of),
+				];
+			}
+		}
+	
+	
+		$tpl = get_markup_template("group_side.tpl");
+		$o = replace_macros($tpl, array(
+			'$title'		=> t('Privacy Groups'),
+			'$edittext'     => t('Edit group'),
+			'$createtext' 	=> t('Add privacy group'),
+			'$ungrouped'    => (($every === 'contacts') ? t('Channels not in any privacy group') : ''),
+			'$groups'		=> $groups,
+			'$add'			=> t('add'),
+		));
+		
+	
+		return $o;
+	}
+
+
+	static function expand($g) {
+		if(! (is_array($g) && count($g)))
+			return array();
+
+		$ret = [];
+		$x   = [];
+
+		// private profile linked virtual groups
+
+		foreach($g as $gv) {
+			if(substr($gv,0,3) === 'vp.') {
+				$profile_hash = substr($gv,3);
+				if($profile_hash) {
+					$r = q("select abook_xchan from abook where abook_profile = '%s'",
+						dbesc($profile_hash)
+					);
+					if($r) {
+						foreach($r as $rv) {
+							$ret[] = $rv['abook_xchan'];
+						}
+					}
+				}
+			}
+			else {
+				$x[] = $gv;
+			}
+		}								 
+
+		if($x) {
+			stringify_array_elms($x,true);
+			$groups = implode(',', $x);
+			if($groups) {
+				$r = q("SELECT xchan FROM pgrp_member WHERE gid IN ( select id from pgrp where hash in ( $groups ))");
+				if($r) {
+					foreach($r as $rr) {
+						$ret[] = $rr['xchan'];
+					}
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+	static function member_of($c) {
+		$r = q("SELECT pgrp.gname, pgrp.id FROM pgrp LEFT JOIN pgrp_member ON pgrp_member.gid = pgrp.id WHERE pgrp_member.xchan = '%s' AND pgrp.deleted = 0 ORDER BY pgrp.gname  ASC ",
+			dbesc($c)
+		);
+
+		return $r;
+
+	}
+
+	static function containing($uid,$c) {
+
+		$r = q("SELECT gid FROM pgrp_member WHERE uid = %d AND pgrp_member.xchan = '%s' ",
+			intval($uid),
+			dbesc($c)
+		);
+
+		$ret = array();
+		if($r) {
+			foreach($r as $rr)
+				$ret[] = $rr['gid'];
+		}
+	
+		return $ret;
+	}
+}

Zotlabs/Lib/Img_filesize.php

@@ -0,0 +1,122 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+class Img_filesize {
+
+	private $url;
+
+	function __construct($url) {
+		$this->url = $url;
+	}
+
+	function getSize() {
+		$size = null;
+
+		if(stripos($this->url,z_root() . '/photo') !== false) {
+			$size = self::getLocalFileSize($this->url);
+		}
+		if(! $size) {
+			$size = getRemoteFileSize($this->url);
+		}
+
+		return $size;
+	}
+
+
+	static function getLocalFileSize($url) {
+	
+		$fname = basename($url);
+		$resolution = 0;
+	
+		if(strpos($fname,'.') !== false)
+			$fname = substr($fname,0,strpos($fname,'.'));
+	
+		if(substr($fname,-2,1) == '-') {
+			$resolution = intval(substr($fname,-1,1));
+			$fname = substr($fname,0,-2);
+		}
+			
+		$r = q("SELECT filesize FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
+			dbesc($fname),
+			intval($resolution)
+		);
+		if($r) {
+			return $r[0]['filesize'];
+		}
+		return null;
+	}
+
+}
+
+/**
+ * Try to determine the size of a remote file by making an HTTP request for
+ * a byte range, or look for the content-length header in the response.
+ * The function aborts the transfer as soon as the size is found, or if no
+ * length headers are returned, it aborts the transfer.
+ *
+ * @return int|null null if size could not be determined, or length of content
+ */
+function getRemoteFileSize($url)
+{
+    $ch = curl_init($url);
+
+    $headers = array(
+        'Range: bytes=0-1',
+        'Connection: close',
+    );
+
+    $in_headers = true;
+    $size       = null;
+
+    curl_setopt($ch, CURLOPT_HEADER, 1);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2450.0 Iron/46.0.2450.0');
+    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
+    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
+    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
+    curl_setopt($ch, CURLOPT_VERBOSE, 0); // set to 1 to debug
+    curl_setopt($ch, CURLOPT_STDERR, fopen('php://output', 'r'));
+
+    curl_setopt($ch, CURLOPT_HEADERFUNCTION, function($curl, $line) use (&$in_headers, &$size) {
+        $length = strlen($line);
+
+        if (trim($line) == '') {
+            $in_headers = false;
+        }
+
+        list($header, $content) = explode(':', $line, 2);
+        $header = strtolower(trim($header));
+
+        if ($header == 'content-range') {
+            // found a content-range header
+            list($rng, $s) = explode('/', $content, 2);
+            $size = (int)$s;
+            return 0; // aborts transfer
+        } else if ($header == 'content-length' && 206 != curl_getinfo($curl, CURLINFO_HTTP_CODE)) {
+            // found content-length header and this is not a 206 Partial Content response (range response)
+            $size = (int)$content;
+            return 0;
+        } else {
+            // continue
+            return $length;
+        }
+    });
+
+    curl_setopt($ch, CURLOPT_WRITEFUNCTION, function($curl, $data) use ($in_headers) {
+        if (!$in_headers) {
+            // shouldn't be here unless we couldn't determine file size
+            // abort transfer
+            return 0;
+        }
+
+        // write function is also called when reading headers
+        return strlen($data);
+    });
+
+    curl_exec($ch);
+    curl_getinfo($ch);
+	curl_close($ch);
+
+    return $size;
+}

Zotlabs/Lib/Libzotdir.php

@@ -0,0 +1,654 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libzot;
+
+require_once('include/permissions.php');
+
+
+class Libzotdir {
+
+	/**
+	 * @brief
+	 *
+	 * @param int $dirmode
+	 * @return array
+	 */
+
+	static function find_upstream_directory($dirmode) {
+		global $DIRECTORY_FALLBACK_SERVERS;
+
+		$preferred = get_config('system','directory_server');
+
+		// Thwart attempts to use a private directory
+
+		if(($preferred) && ($preferred != z_root())) {
+			$r = q("select * from site where site_url = '%s' limit 1",
+				dbesc($preferred)
+			);
+			if(($r) && ($r[0]['site_flags'] & DIRECTORY_MODE_STANDALONE)) {
+				$preferred = '';
+			}		
+		}
+
+
+		if (! $preferred) {
+
+			/*
+			 * No directory has yet been set. For most sites, pick one at random
+			 * from our list of directory servers. However, if we're a directory
+			 * server ourself, point at the local instance
+			 * We will then set this value so this should only ever happen once.
+			 * Ideally there will be an admin setting to change to a different 
+			 * directory server if you don't like our choice or if circumstances change.
+			 */
+
+			$dirmode = intval(get_config('system','directory_mode'));
+			if ($dirmode == DIRECTORY_MODE_NORMAL) {
+				$toss = mt_rand(0,count($DIRECTORY_FALLBACK_SERVERS));
+				$preferred = $DIRECTORY_FALLBACK_SERVERS[$toss];
+				if(! $preferred) {
+					$preferred = DIRECTORY_FALLBACK_MASTER;
+				}
+				set_config('system','directory_server',$preferred);
+			} 
+			else {
+				set_config('system','directory_server',z_root());
+			}
+		}
+		if($preferred) {
+			return [ 'url' => $preferred ];
+		}
+		else {
+			return [];
+		}
+	}
+
+
+	/**
+	 * Directories may come and go over time. We will need to check that our
+	 * directory server is still valid occasionally, and reset to something that
+	 * is if our directory has gone offline for any reason
+	 */
+
+	static function check_upstream_directory() {
+
+		$directory = get_config('system', 'directory_server');
+
+		// it's possible there is no directory server configured and the local hub is being used.
+		// If so, default to preserving the absence of a specific server setting.
+
+		$isadir = true;
+
+		if ($directory) {
+			$j = Zotfinger::exec($directory);
+			if(array_path_exists('data/directory_mode',$j)) {
+				if ($j['data']['directory_mode'] === 'normal') {
+					$isadir = false;
+				}
+			}
+		}
+
+		if (! $isadir)
+			set_config('system', 'directory_server', '');
+	}
+
+
+	static function get_directory_setting($observer, $setting) {
+
+		if ($observer)
+			$ret = get_xconfig($observer, 'directory', $setting);
+		else
+			$ret = ((array_key_exists($setting,$_SESSION)) ? intval($_SESSION[$setting]) : false);
+
+		if($ret === false)
+			$ret = get_config('directory', $setting);
+
+
+		// 'safemode' is the default if there is no observer or no established preference. 
+
+		if($setting === 'safemode' && $ret === false)
+			$ret = 1;
+
+		if($setting === 'globaldir' && intval(get_config('system','localdir_hide')))
+			$ret = 1;
+
+		return $ret;
+	}
+
+	/**
+	 * @brief Called by the directory_sort widget.
+	 */
+	static function dir_sort_links() {
+
+		$safe_mode = 1;
+
+		$observer = get_observer_hash();
+
+		$safe_mode = self::get_directory_setting($observer, 'safemode');
+		$globaldir = self::get_directory_setting($observer, 'globaldir');
+		$pubforums = self::get_directory_setting($observer, 'pubforums');
+
+		$hide_local = intval(get_config('system','localdir_hide'));
+		if($hide_local)
+			$globaldir = 1;
+
+
+		// Build urls without order and pubforums so it's easy to tack on the changed value
+		// Probably there's an easier way to do this
+
+		$directory_sort_order = get_config('system','directory_sort_order');
+		if(! $directory_sort_order)
+			$directory_sort_order = 'date';
+
+		$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : $directory_sort_order);
+		$suggest = (($_REQUEST['suggest']) ? '&suggest=' . $_REQUEST['suggest'] : '');
+
+		$url = 'directory?f=';
+
+		$tmp = array_merge($_GET,$_POST);
+		unset($tmp['suggest']);
+		unset($tmp['pubforums']);
+		unset($tmp['global']);
+		unset($tmp['safe']);
+		unset($tmp['q']);
+		unset($tmp['f']);
+		$forumsurl = $url . http_build_query($tmp) . $suggest;
+
+		$o = replace_macros(get_markup_template('dir_sort_links.tpl'), [
+			'$header'    => t('Directory Options'),
+			'$forumsurl' => $forumsurl,
+			'$safemode'  => array('safemode', t('Safe Mode'),$safe_mode,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&safe="+(this.checked ? 1 : 0)\''),
+			'$pubforums' => array('pubforums', t('Public Forums Only'),$pubforums,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&pubforums="+(this.checked ? 1 : 0)\''),
+			'$hide_local' => $hide_local,
+			'$globaldir' => array('globaldir', t('This Website Only'), 1-intval($globaldir),'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&global="+(this.checked ? 0 : 1)\''),
+		]);
+
+		return $o;
+	}
+
+	/**
+	 * @brief Checks the directory mode of this hub.
+	 *
+	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
+	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
+	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB. 
+	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored 
+	 * directly if the rater's signature matches.
+	 *
+	 * @param int $dirmode;
+	 */
+
+	static function sync_directories($dirmode) {
+
+		if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		$realm = get_directory_realm();
+		if ($realm == DIRECTORY_REALM) {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT),
+				dbesc($realm)
+			);
+		} 
+		else {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				dbesc(protect_sprintf('%' . $realm . '%')),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+
+		// If there are no directory servers, setup the fallback master
+		/** @FIXME What to do if we're in a different realm? */
+
+		if ((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) {
+
+			$x = site_store_lowlevel(
+				[
+					'site_url'       => DIRECTORY_FALLBACK_MASTER,
+					'site_flags'     => DIRECTORY_MODE_PRIMARY,
+					'site_update'    => NULL_DATE, 
+					'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
+					'site_realm'     => DIRECTORY_REALM,
+					'site_valid'     => 1,
+				]
+			);
+
+			$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY),
+				intval(DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+		if (! $r)
+			return;
+
+		foreach ($r as $rr) {
+			if (! $rr['site_directory'])
+				continue;
+
+			logger('sync directories: ' . $rr['site_directory']);
+
+			// for brand new directory servers, only load the last couple of days.
+			// It will take about a month for a new directory to obtain the full current repertoire of channels.
+			/** @FIXME Go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. */
+
+			$token = get_config('system','realm_token');
+
+			$syncdate = (($rr['site_sync'] <= NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
+			$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));
+
+			if (! $x['success'])
+				continue;
+
+			$j = json_decode($x['body'],true);
+			if (!($j['transactions']) || ($j['ratings']))
+				continue;
+
+			q("update site set site_sync = '%s' where site_url = '%s'",
+				dbesc(datetime_convert()),
+				dbesc($rr['site_url'])
+			);
+
+			logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j,true), LOGGER_DATA);
+
+			if (is_array($j['transactions']) && count($j['transactions'])) {
+				foreach ($j['transactions'] as $t) {
+					$r = q("select * from updates where ud_guid = '%s' limit 1",
+						dbesc($t['transaction_id'])
+					);
+					if($r)
+						continue;
+
+					$ud_flags = 0;
+					if (is_array($t['flags']) && in_array('deleted',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_DELETED;
+					if (is_array($t['flags']) && in_array('forced',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_FORCED;
+	
+					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
+						values ( '%s', '%s', '%s', %d, '%s' ) ",
+						dbesc($t['hash']),
+						dbesc($t['transaction_id']),
+						dbesc($t['timestamp']),
+						intval($ud_flags),
+						dbesc($t['address'])
+					);
+				}
+			}
+		}
+	}
+
+
+
+	/**
+	 * @brief
+	 *
+	 * Given an update record, probe the channel, grab a zot-info packet and refresh/sync the data.
+	 *
+	 * Ignore updating records marked as deleted.
+	 *
+	 * If successful, sets ud_last in the DB to the current datetime for this
+	 * reddress/webbie.
+	 *
+	 * @param array $ud Entry from update table
+	 */
+
+	static function update_directory_entry($ud) {
+
+		logger('update_directory_entry: ' . print_r($ud,true), LOGGER_DATA);
+
+		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
+			$success = false;
+
+			$href = \Zotlabs\Lib\Webfinger::zot_url(punify($url));
+			if($href) {
+				$zf = \Zotlabs\Lib\Zotfinger::exec($href);
+			}
+			if(is_array($zf) && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
+			}
+			else {
+				q("update updates set ud_last = '%s' where ud_addr = '%s'",
+					dbesc(datetime_convert()),
+					dbesc($ud['ud_addr'])
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief Push local channel updates to a local directory server.
+	 *
+	 * This is called from include/directory.php if a profile is to be pushed to the
+	 * directory and the local hub in this case is any kind of directory server.
+	 *
+	 * @param int $uid
+	 * @param boolean $force
+	 */
+
+	static function local_dir_update($uid, $force) {
+
+	
+		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);
+
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+			intval($uid)
+		);
+
+		$profile = array();
+		$profile['encoding'] = 'zot';
+
+		if ($p) {
+			$hash = $p[0]['channel_hash'];
+
+			$profile['description'] = $p[0]['pdesc'];
+			$profile['birthday']    = $p[0]['dob'];
+			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))  
+				$profile['age'] = $age;
+
+			$profile['gender']      = $p[0]['gender'];
+			$profile['marital']     = $p[0]['marital'];
+			$profile['sexual']      = $p[0]['sexual'];
+			$profile['locale']      = $p[0]['locality'];
+			$profile['region']      = $p[0]['region'];
+			$profile['postcode']    = $p[0]['postal_code'];
+			$profile['country']     = $p[0]['country_name'];
+			$profile['about']       = $p[0]['about'];
+			$profile['homepage']    = $p[0]['homepage'];
+			$profile['hometown']    = $p[0]['hometown'];
+
+			if ($p[0]['keywords']) {
+				$tags = array();
+				$k = explode(' ', $p[0]['keywords']);
+				if ($k)
+					foreach ($k as $kk)
+						if (trim($kk))
+							$tags[] = trim($kk);
+
+				if ($tags)
+					$profile['keywords'] = $tags;
+			}
+
+			$hidden = (1 - intval($p[0]['publish']));
+
+			logger('hidden: ' . $hidden);
+
+			$r = q("select xchan_hidden from xchan where xchan_hash = '%s' limit 1",
+				dbesc($p[0]['channel_hash'])
+			);
+
+			if(intval($r[0]['xchan_hidden']) != $hidden) {
+				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+					intval($hidden),
+					dbesc($p[0]['channel_hash'])
+				);
+			}
+
+			$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
+			call_hooks('local_dir_update', $arr);
+
+			$address = channel_reddress($p[0]);
+
+			if (perm_is_allowed($uid, '', 'view_profile')) {
+				self::import_directory_profile($hash, $arr['profile'], $address, 0);
+			}
+			else {
+				// they may have made it private
+				$r = q("delete from xprof where xprof_hash = '%s'",
+					dbesc($hash)
+				);
+				$r = q("delete from xtag where xtag_hash = '%s'",
+					dbesc($hash)
+				);
+			}
+	
+		}
+
+		$ud_hash = random_string() . '@' . \App::get_hostname();
+		self::update_modtime($hash, $ud_hash, channel_reddress($p[0]),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+	}
+
+
+
+	/**
+	 * @brief Imports a directory profile.
+	 *
+	 * @param string $hash
+	 * @param array $profile
+	 * @param string $addr
+	 * @param number $ud_flags (optional) UPDATE_FLAGS_UPDATED
+	 * @param number $suppress_update (optional) default 0
+	 * @return boolean $updated if something changed
+	 */
+
+	static function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) {
+
+		logger('import_directory_profile', LOGGER_DEBUG);
+		if (! $hash)
+			return false;
+
+		$arr = array();
+
+		$arr['xprof_hash']         = $hash;
+		$arr['xprof_dob']          = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year
+		$arr['xprof_age']          = (($profile['age'])         ? intval($profile['age']) : 0);
+		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');	
+		$arr['xprof_gender']       = (($profile['gender'])      ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_marital']      = (($profile['marital'])     ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_sexual']       = (($profile['sexual'])      ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_locale']       = (($profile['locale'])      ? htmlspecialchars($profile['locale'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_region']       = (($profile['region'])      ? htmlspecialchars($profile['region'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_country']      = (($profile['country'])     ? htmlspecialchars($profile['country'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_about']        = (($profile['about'])       ? htmlspecialchars($profile['about'],       ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_homepage']     = (($profile['homepage'])    ? htmlspecialchars($profile['homepage'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_hometown']     = (($profile['hometown'])    ? htmlspecialchars($profile['hometown'],    ENT_COMPAT,'UTF-8',false) : '');
+
+		$clean = array();
+		if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) {
+			self::import_directory_keywords($hash,$profile['keywords']);
+			foreach ($profile['keywords'] as $kw) {
+				$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+				$kw = trim($kw, ',');
+				$clean[] = $kw;
+			}
+		}
+
+		$arr['xprof_keywords'] = implode(' ',$clean);
+
+		// Self censored, make it so
+		// These are not translated, so the German "erwachsenen" keyword will not censor the directory profile. Only the English form - "adult".
+
+
+		if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) {
+			q("update xchan set xchan_selfcensored = 1 where xchan_hash = '%s'",
+				dbesc($hash)
+			);
+		}
+
+		$r = q("select * from xprof where xprof_hash = '%s' limit 1",
+			dbesc($hash)
+		);
+
+		if ($arr['xprof_age'] > 150)
+			$arr['xprof_age'] = 150;
+		if ($arr['xprof_age'] < 0)
+			$arr['xprof_age'] = 0;
+
+		if ($r) {
+			$update = false;
+			foreach ($r[0] as $k => $v) {
+				if ((array_key_exists($k,$arr)) && ($arr[$k] != $v)) {
+					logger('import_directory_profile: update ' . $k . ' => ' . $arr[$k]);
+					$update = true;
+					break;
+				}
+			}
+			if ($update) {
+				q("update xprof set
+					xprof_desc = '%s',
+					xprof_dob = '%s',
+					xprof_age = %d,
+					xprof_gender = '%s',
+					xprof_marital = '%s',
+					xprof_sexual = '%s',
+					xprof_locale = '%s',
+					xprof_region = '%s',
+					xprof_postcode = '%s',
+					xprof_country = '%s',
+					xprof_about = '%s',
+					xprof_homepage = '%s',
+					xprof_hometown = '%s',
+					xprof_keywords = '%s'
+					where xprof_hash = '%s'",
+					dbesc($arr['xprof_desc']),
+					dbesc($arr['xprof_dob']),
+					intval($arr['xprof_age']),
+					dbesc($arr['xprof_gender']),
+					dbesc($arr['xprof_marital']),
+					dbesc($arr['xprof_sexual']),
+					dbesc($arr['xprof_locale']),
+					dbesc($arr['xprof_region']),
+					dbesc($arr['xprof_postcode']),
+					dbesc($arr['xprof_country']),
+					dbesc($arr['xprof_about']),
+					dbesc($arr['xprof_homepage']),
+					dbesc($arr['xprof_hometown']),
+					dbesc($arr['xprof_keywords']),
+					dbesc($arr['xprof_hash'])
+				);
+			}
+		} else {
+			$update = true;
+			logger('New profile');
+			q("insert into xprof (xprof_hash, xprof_desc, xprof_dob, xprof_age, xprof_gender, xprof_marital, xprof_sexual, xprof_locale, xprof_region, xprof_postcode, xprof_country, xprof_about, xprof_homepage, xprof_hometown, xprof_keywords) values ('%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+				dbesc($arr['xprof_hash']),
+				dbesc($arr['xprof_desc']),
+				dbesc($arr['xprof_dob']),
+				intval($arr['xprof_age']),
+				dbesc($arr['xprof_gender']),
+				dbesc($arr['xprof_marital']),
+				dbesc($arr['xprof_sexual']),
+				dbesc($arr['xprof_locale']),
+				dbesc($arr['xprof_region']),
+				dbesc($arr['xprof_postcode']),
+				dbesc($arr['xprof_country']),
+				dbesc($arr['xprof_about']),
+				dbesc($arr['xprof_homepage']),
+				dbesc($arr['xprof_hometown']),
+				dbesc($arr['xprof_keywords'])
+			);
+		}
+
+		$d = [
+			'xprof' => $arr,
+			'profile' => $profile,
+			'update' => $update
+		];
+		/**
+		 * @hooks import_directory_profile
+		 *   Called when processing delivery of a profile structure from an external source (usually for directory storage).
+		 *   * \e array \b xprof
+		 *   * \e array \b profile
+		 *   * \e boolean \b update
+		 */
+		call_hooks('import_directory_profile', $d);
+
+		if (($d['update']) && (! $suppress_update))
+			self::update_modtime($arr['xprof_hash'],random_string() . '@' . \App::get_hostname(), $addr, $ud_flags);
+
+		return $d['update'];
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash An xtag_hash
+	 * @param array $keywords
+	 */
+
+	static function import_directory_keywords($hash, $keywords) {
+
+		$existing = array();
+		$r = q("select * from xtag where xtag_hash = '%s' and xtag_flags = 0",
+			dbesc($hash)
+		);
+
+		if($r) {
+			foreach($r as $rr)
+				$existing[] = $rr['xtag_term'];
+		}
+
+		$clean = array();
+		foreach($keywords as $kw) {
+			$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+			$kw = trim($kw, ',');
+			$clean[] = $kw;
+		}
+
+		foreach($existing as $x) {
+			if(! in_array($x, $clean))
+				$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' and xtag_flags = 0",
+					dbesc($hash),
+					dbesc($x)
+				);
+		}
+		foreach($clean as $x) {
+			if(! in_array($x, $existing)) {
+				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', 0 )",
+					dbesc($hash),
+					dbesc($x)
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash
+	 * @param string $guid
+	 * @param string $addr
+	 * @param int $flags (optional) default 0
+	 */
+
+	static function update_modtime($hash, $guid, $addr, $flags = 0) {
+
+		$dirmode = intval(get_config('system', 'directory_mode'));
+
+		if($dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		if($flags) {
+			q("insert into updates (ud_hash, ud_guid, ud_date, ud_flags, ud_addr ) values ( '%s', '%s', '%s', %d, '%s' )",
+				dbesc($hash),
+				dbesc($guid),
+				dbesc(datetime_convert()),
+				intval($flags),
+				dbesc($addr)
+			);	
+		}
+		else {
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
+				intval(UPDATE_FLAGS_UPDATED),
+				dbesc($addr),
+				intval(UPDATE_FLAGS_UPDATED)
+			);
+		}
+	}
+
+
+
+
+
+
+}

Zotlabs/Lib/MarkdownSoap.php

@@ -3,51 +3,66 @@
 namespace Zotlabs\Lib;
 
 /**
- * MarkdownSoap
+ * @brief MarkdownSoap class.
+ *
  * Purify Markdown for storage
+ * @code{.php}
  *   $x = new MarkdownSoap($string_to_be_cleansed);
  *   $text = $x->clean();
- *
+ * @endcode
  * What this does:
  * 1. extracts code blocks and privately escapes them from processing
  * 2. Run html purifier on the content
  * 3. put back the code blocks
  * 4. run htmlspecialchars on the entire content for safe storage
  *
- * At render time: 
+ * At render time:
+ * @code{.php}
  *    $markdown = \Zotlabs\Lib\MarkdownSoap::unescape($text);
  *    $html = \Michelf\MarkdownExtra::DefaultTransform($markdown);
+ * @endcode
  */
-
-
-
 class MarkdownSoap {
 
+	/**
+	 * @var string
+	 */
+	private $str;
+	/**
+	 * @var string
+	 */
 	private $token;
 
-	private $str;
 
 	function __construct($s) {
-		$this->str  = $s;
+		$this->str   = $s;
 		$this->token = random_string(20);
 	}
 
-
 	function clean() {
 
 		$x = $this->extract_code($this->str);
 
 		$x = $this->purify($x);
 
-		$x = $this->putback_code($x);		
+		$x = $this->putback_code($x);
 
 		$x = $this->escape($x);
-		
+
 		return $x;
 	}
 
+	/**
+	 * @brief Extracts code blocks and privately escapes them from processing.
+	 *
+	 * @see encode_code()
+	 * @see putback_code()
+	 *
+	 * @param string $s
+	 * @return string
+	 */
 	function extract_code($s) {
-			
+
 		$text = preg_replace_callback('{
 					(?:\n\n|\A\n?)
 					(	            # $1 = the code block -- one or more lines, starting with a space/tab
@@ -62,7 +77,7 @@ class MarkdownSoap {
 
 		return $text;
 	}
-	
+
 	function encode_code($matches) {
 		return $this->token . ';' . base64_encode($matches[0]) . ';' ;
 	}
@@ -71,8 +86,17 @@ class MarkdownSoap {
 		return base64_decode($matches[1]);
 	}
 
+	/**
+	 * @brief Put back the code blocks.
+	 *
+	 * @see extract_code()
+	 * @see decode_code()
+	 *
+	 * @param string $s
+	 * @return string
+	 */
 	function putback_code($s) {
-		$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm',[ $this, 'decode_code' ], $s);
+		$text = preg_replace_callback('{' . $this->token . '\;(.*?)\;}xm', [ $this, 'decode_code' ], $s);
 		return $text;
 	}
 
@@ -84,20 +108,25 @@ class MarkdownSoap {
 	}
 
 	function protect_autolinks($s) {
-		$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/','[$1$2]($1$2)',$s);
+		$s = preg_replace('/\<(https?\:\/\/)(.*?)\>/', '[$1$2]($1$2)', $s);
 		return $s;
 	}
 
 	function unprotect_autolinks($s) {
 		return $s;
-
 	}
 
 	function escape($s) {
-		return htmlspecialchars($s,ENT_QUOTES,'UTF-8',false);
+		return htmlspecialchars($s, ENT_QUOTES, 'UTF-8', false);
 	}
 
+	/**
+	 * @brief Converts special HTML entities back to characters.
+	 *
+	 * @param string $s
+	 * @return string
+	 */
 	static public function unescape($s) {
-		return htmlspecialchars_decode($s,ENT_QUOTES);
+		return htmlspecialchars_decode($s, ENT_QUOTES);
 	}
 }

Zotlabs/Lib/MessageFilter.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+
+class MessageFilter {
+
+
+	static public function evaluate($item,$incl,$excl) {
+
+		require_once('include/html2plain.php');
+
+		unobscure($item);
+
+		$text = prepare_text($item['body'],$item['mimetype']);
+		$text = html2plain(($item['title']) ? $item['title'] . ' ' . $text : $text);
+
+
+		$lang = null;
+
+		if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false)) {
+			$lang = detect_language($text);
+		}
+
+		$tags = ((is_array($item['term']) && count($item['term'])) ? $item['term'] : false);
+
+		// exclude always has priority
+
+		$exclude = (($excl) ? explode("\n",$excl) : null);
+
+		if($exclude) {
+			foreach($exclude as $word) {
+				$word = trim($word);
+				if(! $word)
+					continue;
+				if(substr($word,0,1) === '#' && $tags) {
+					foreach($tags as $t)
+						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return false;
+				}
+				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
+					return false;
+				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
+					return false;
+				elseif(stristr($text,$word) !== false)
+					return false;
+			}
+		}
+
+		$include = (($incl) ? explode("\n",$incl) : null);
+
+		if($include) {
+			foreach($include as $word) {
+				$word = trim($word);
+				if(! $word)
+					continue;
+				if(substr($word,0,1) === '#' && $tags) {
+					foreach($tags as $t)
+						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return true;
+				}
+				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
+					return true;
+				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
+					return true;
+				elseif(stristr($text,$word) !== false)
+					return true;
+			}
+		}
+		else {
+			return true;
+		}
+
+		return false;
+	}
+
+
+}

Zotlabs/Lib/NativeWiki.php

@@ -26,7 +26,8 @@ class NativeWiki {
 
 				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
 				$w['htmlName'] = escape_tags($w['rawName']);
-				$w['urlName']  = urlencode(urlencode($w['rawName']));
+				//$w['urlName']  = urlencode(urlencode($w['rawName']));
+				$w['urlName']  = self::name_encode($w['rawName']);
 				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
 				$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
 				$w['lockstate']     = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
@@ -171,16 +172,23 @@ class NativeWiki {
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE),
 			dbesc($resource_id)
 		);
+
 		if($r) {
 			$q = q("select * from item where resource_type = 'nwikipage' and resource_id = '%s'",
-				dbesc($r[0]['resource_type'])
+				dbesc($r[0]['resource_id'])
 			);
 			if($q) {
 				$r = array_merge($r,$q);
 			}
 			xchan_query($r);
 			$sync_item = fetch_post_tags($r);
-			build_sync_packet($uid,array('wiki' => array(encode_item($sync_item[0],true))));
+			if($sync_item) {
+				$pkt = [];
+				foreach($sync_item as $w) {
+					$pkt[] = encode_item($w,true);
+				}
+				build_sync_packet($uid,array('wiki' => $pkt));
+			}
 		}
 	}
 
@@ -226,7 +234,8 @@ class NativeWiki {
 				'wiki'     => $w,
 				'rawName'  => $rawName,
 				'htmlName' => escape_tags($rawName),
-				'urlName'  => urlencode(urlencode($rawName)),
+				//'urlName'  => urlencode(urlencode($rawName)),
+				'urlName'  => self::name_encode($rawName),
 				'mimeType' => $mimeType,
 				'typelock' => $typelock
 			);
@@ -242,7 +251,8 @@ class NativeWiki {
 			WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d 
 			AND item_deleted = 0 $sql_extra limit 1", 
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
-			dbesc(urldecode($urlName)), 
+			//dbesc(urldecode($urlName)), 
+			dbesc(self::name_decode($urlName)),
 			intval($uid)
 		);
 
@@ -279,4 +289,32 @@ class NativeWiki {
 			return array('read' => true, 'write' => $write, 'success' => true);
 		}
 	}
+
+	public static function name_encode ($string) {
+
+		$string = html_entity_decode($string);
+		$encoding = mb_internal_encoding();
+		mb_internal_encoding("UTF-8");
+		$ret = mb_ereg_replace_callback ('[^A-Za-z0-9\-\_\.\~]',function ($char) {
+	                $charhex = unpack('H*',$char[0]);
+                	$ret = '('.$charhex[1].')';
+                	return $ret;
+ 			}
+			,$string);
+		mb_internal_encoding($encoding);
+		return $ret;
+	}
+
+	public static function name_decode ($string) {
+
+		$encoding = mb_internal_encoding();
+		mb_internal_encoding("UTF-8");
+		$ret = mb_ereg_replace_callback ('(\(([0-9a-f]+)\))',function ($chars) {
+			return pack('H*',$chars[2]);
+			}
+			,$string);
+		mb_internal_encoding($encoding);
+		return $ret;
+	}
+
 }

Zotlabs/Lib/NativeWikiPage.php

@@ -44,7 +44,8 @@ class NativeWikiPage {
 					$pages[] = [
 						'resource_id' => $resource_id,
 						'title'       => escape_tags($title),
-						'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+						//'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+						'url'		=> Zlib\NativeWiki::name_encode($title),
 						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
 					];
 				}
@@ -98,7 +99,8 @@ class NativeWikiPage {
 			$page = [ 
 				'rawName'  => $name,
 				'htmlName' => escape_tags($name),
-				'urlName'  => urlencode($name), 
+				//'urlName'  => urlencode($name), 
+				'urlName' => Zlib\NativeWiki::name_encode($name)
 
 			];
 
@@ -154,7 +156,8 @@ class NativeWikiPage {
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
-				'urlName'  => urlencode(escape_tags($pageNewName))
+				//'urlName'  => urlencode(escape_tags($pageNewName))
+				'urlName' => Zlib\NativeWiki::name_encode($pageNewName)
 			];
 
 			return [ 'success' => true, 'page' => $page ];
@@ -365,7 +368,6 @@ class NativeWikiPage {
 
 		unset($item['id']);
 		unset($item['author']);
-
 		$item['parent']       = 0;
 		$item['body']         = $content;
 		$item['author_xchan'] = $observer_hash;
@@ -527,7 +529,8 @@ class NativeWikiPage {
 			$pages = $pageURLs = array();
 			foreach ($match[1] as $m) {
 				// TODO: Why do we need to double urlencode for this to work?
-				$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+				//$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+				$pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($m));
 				$pages[] = $m;
 			}
 			$idx = 0;
@@ -556,7 +559,10 @@ class NativeWikiPage {
 			'$pageHistory' => $pageHistory['history'],
 			'$permsWrite'  => $arr['permsWrite'],
 			'$name_lbl'    => t('Name'),
-			'$msg_label'   => t('Message','wiki_history')
+			'$msg_label'   => t('Message','wiki_history'),
+			'$date_lbl'    => t('Date'),
+			'$revert_btn'  => t('Revert'),
+			'$compare_btn' => t('Compare')
 		));
 
 	}
@@ -613,7 +619,7 @@ class NativeWikiPage {
 			$s = str_replace('[observer.webname]', '', $s);
 			$s = str_replace('[observer.photo]', '', $s);
 		}
-	
+
 		return $s;
 	}
 	

Zotlabs/Lib/Permcat.php

@@ -2,12 +2,36 @@
 
 namespace Zotlabs\Lib;
 
-use \Zotlabs\Access as Zaccess;
+use Zotlabs\Access\PermissionRoles;
+use Zotlabs\Access\Permissions;
 
+/**
+ * @brief Permission Categories. Permission rules for various classes of connections.
+ *
+ * Connection permissions answer the question "Can Joe view my photos?"
+ *
+ * Some permissions may be inherited from the channel's "privacy settings"
+ * (@ref ::Zotlabs::Access::PermissionLimits "PermissionLimits") "Who can view my
+ * photos (at all)?" which have higher priority than individual connection settings.
+ * We evaluate permission limits first, and then fall through to connection
+ * permissions if the permission limits didn't already make a definitive decision.
+ *
+ * After PermissionLimits and connection permissions are evaluated, individual
+ * content ACLs are evaluated (@ref ::Zotlabs::Access::AccessList "AccessList").
+ * These answer the question "Can Joe view *this* album/photo?".
+ */
 class Permcat {
 
+	/**
+	 * @var array
+	 */
 	private $permcats = [];
 
+	/**
+	 * @brief Permcat constructor.
+	 *
+	 * @param int $channel_id
+	 */
 	public function __construct($channel_id) {
 
 		$perms = [];
@@ -16,16 +40,16 @@ class Permcat {
 
 		$role = get_pconfig($channel_id,'system','permissions_role');
 		if($role) {
-			$x = Zaccess\PermissionRoles::role_perms($role);
+			$x = PermissionRoles::role_perms($role);
 			if($x['perms_connect']) {
-				$perms = Zaccess\Permissions::FilledPerms($x['perms_connect']);
+				$perms = Permissions::FilledPerms($x['perms_connect']);
 			}
 		}
 
 		// if no role perms it may be a custom role, see if there any autoperms
 
 		if(! $perms) {
-			$perms = Zaccess\Permissions::FilledAutoPerms($channel_id);
+			$perms = Permissions::FilledAutoPerms($channel_id);
 		}
 
 		// if no autoperms it may be a custom role with manual perms
@@ -50,13 +74,13 @@ class Permcat {
 		// nothing was found - create a filled permission array where all permissions are 0
 
 		if(! $perms) {
-			$perms = Zaccess\Permissions::FilledPerms([]);
+			$perms = Permissions::FilledPerms([]);
 		}
 
 		$this->permcats[] = [
 			'name'      => 'default',
 			'localname' => t('default','permcat'),
-			'perms'     => Zaccess\Permissions::Operms($perms),
+			'perms'     => Permissions::Operms($perms),
 			'system'    => 1
 		];
 
@@ -67,26 +91,39 @@ class Permcat {
 				$this->permcats[] = [
 					'name'      => $p[$x][0],
 					'localname' => $p[$x][1],
-					'perms'     => Zaccess\Permissions::Operms(Zaccess\Permissions::FilledPerms($p[$x][2])),
+					'perms'     => Permissions::Operms(Permissions::FilledPerms($p[$x][2])),
 					'system'    => intval($p[$x][3])
 				];
 			}
 		}
 	}
 
-
+	/**
+	 * @brief Return array with permcats.
+	 *
+	 * @return array
+	 */
 	public function listing() {
 		return $this->permcats;
 	}
 
+	/**
+	 * @brief
+	 *
+	 * @param string $name
+	 * @return array
+	 *   * \e array with permcats
+	 *   * \e bool \b error if $name not found in permcats true
+	 */
 	public function fetch($name) {
 		if($name && $this->permcats) {
 			foreach($this->permcats as $permcat) {
-				if(strcasecmp($permcat['name'],$name) === 0) {
+				if(strcasecmp($permcat['name'], $name) === 0) {
 					return $permcat;
 				}
 			}
 		}
+
 		return ['error' => true];
 	}
 
@@ -118,29 +155,32 @@ class Permcat {
 					$permcats[] = [ $xv['k'], $xv['k'], $value, 0 ];
 				}
 			}
-		}					
+		}
 
-		call_hooks('permcats',$permcats);
+		/**
+		 * @hooks permcats
+		 *   * \e array
+		 */
+		call_hooks('permcats', $permcats);
 
 		return $permcats;
-
 	}
 
-	static public function find_permcat($arr,$name) {
+	static public function find_permcat($arr, $name) {
 		if((! $arr) || (! $name))
 			return false;
+
 		foreach($arr as $p)
 			if($p['name'] == $name)
 				return $p['value'];
 	}
 
-	static public function update($channel_id, $name,$permarr) {
-		PConfig::Set($channel_id,'permcat',$name,$permarr);
+	static public function update($channel_id, $name, $permarr) {
+		PConfig::Set($channel_id, 'permcat', $name, $permarr);
 	}
 
-	static public function delete($channel_id,$name) {
-		PConfig::Delete($channel_id,'permcat',$name);
+	static public function delete($channel_id, $name) {
+		PConfig::Delete($channel_id, 'permcat', $name);
 	}
 
-
 }

Zotlabs/Lib/ProtoDriver.php

@@ -1,19 +0,0 @@
-<?php /** @file */
-
-namespace Zotlabs\Lib;
-
-/*
- * Abstraction class for dealing with alternate networks (which of course do not exist, hence the abstraction)
- */
-
-
-abstract class ProtoDriver {
-	abstract protected function discover($channel,$location);
-	abstract protected function deliver($item,$channel,$recipients);
-	abstract protected function collect($channel,$connection);
-	abstract protected function change_permissions($permissions,$channel,$recipient);
-	abstract protected function acknowledge_permissions($permissions,$channel,$recipient);
-	abstract protected function deliver_private($item,$channel,$recipients);
-	abstract protected function collect_private($channel,$connection);
-
-}

Zotlabs/Lib/Queue.php

@@ -0,0 +1,278 @@
+<?php /** @file */
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libzot;
+
+
+class Queue {
+
+	static function update($id, $add_priority = 0) {
+
+		logger('queue: requeue item ' . $id,LOGGER_DEBUG);
+		$x = q("select outq_created, outq_posturl from outq where outq_hash = '%s' limit 1",
+			dbesc($id)
+		);
+		if(! $x)
+			return;
+
+
+		$y = q("select min(outq_created) as earliest from outq where outq_posturl = '%s'",
+			dbesc($x[0]['outq_posturl'])
+		);
+
+		// look for the oldest queue entry with this destination URL. If it's older than a couple of days,
+		// the destination is considered to be down and only scheduled once an hour, regardless of the
+		// age of the current queue item.
+
+		$might_be_down = false;
+
+		if($y)
+			$might_be_down = ((datetime_convert('UTC','UTC',$y[0]['earliest']) < datetime_convert('UTC','UTC','now - 2 days')) ? true : false);
+
+
+		// Set all other records for this destination way into the future. 
+		// The queue delivers by destination. We'll keep one queue item for
+		// this destination (this one) with a shorter delivery. If we succeed
+		// once, we'll try to deliver everything for that destination.
+		// The delivery will be set to at most once per hour, and if the 
+		// queue item is less than 12 hours old, we'll schedule for fifteen
+		// minutes. 
+
+		$r = q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_posturl = '%s'",
+			dbesc(datetime_convert('UTC','UTC','now + 5 days')),
+			dbesc($x[0]['outq_posturl'])
+		);
+ 
+		$since = datetime_convert('UTC','UTC',$x[0]['outq_created']);
+
+		if(($might_be_down) || ($since < datetime_convert('UTC','UTC','now - 12 hour'))) {
+			$next = datetime_convert('UTC','UTC','now + 1 hour');
+		}
+		else {
+			$next = datetime_convert('UTC','UTC','now + ' . intval($add_priority) . ' minutes');
+		}
+
+		q("UPDATE outq SET outq_updated = '%s', 
+			outq_priority = outq_priority + %d, 
+			outq_scheduled = '%s' 
+			WHERE outq_hash = '%s'",
+
+			dbesc(datetime_convert()),
+			intval($add_priority),
+			dbesc($next),
+			dbesc($id)
+		);
+	}
+
+
+	static function remove($id,$channel_id = 0) {
+		logger('queue: remove queue item ' . $id,LOGGER_DEBUG);
+		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
+		
+		q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+			dbesc($id)
+		);
+	}
+
+
+	static function remove_by_posturl($posturl) {
+		logger('queue: remove queue posturl ' . $posturl,LOGGER_DEBUG);
+		
+		q("DELETE FROM outq WHERE outq_posturl = '%s' ",
+			dbesc($posturl)
+		);
+	}
+
+
+
+	static function set_delivered($id,$channel = 0) {
+		logger('queue: set delivered ' . $id,LOGGER_DEBUG);
+		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
+
+		// Set the next scheduled run date so far in the future that it will be expired
+		// long before it ever makes it back into the delivery chain. 
+
+		q("update outq set outq_delivered = 1, outq_updated = '%s', outq_scheduled = '%s' where outq_hash = '%s' $sql_extra ",
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert('UTC','UTC','now + 5 days')),
+			dbesc($id)
+		);
+	}
+
+
+
+	static function insert($arr) {
+
+		// do not queue anything with no destination
+
+		if(! (array_key_exists('posturl',$arr) && trim($arr['posturl']))) {
+			return false;
+		}
+
+		$x = q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_priority,
+			outq_created, outq_updated, outq_scheduled, outq_notify, outq_msg ) 
+			values ( '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s' )",
+			dbesc($arr['hash']),
+			intval($arr['account_id']),
+			intval($arr['channel_id']),
+			dbesc(($arr['driver']) ? $arr['driver'] : 'zot'),
+			dbesc($arr['posturl']),
+			intval(1),
+			intval(($arr['priority']) ? $arr['priority'] : 0),
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert()),
+			dbesc($arr['notify']),
+			dbesc(($arr['msg']) ? $arr['msg'] : '')
+		);
+		return $x;
+
+	}
+
+
+
+	static function deliver($outq, $immediate = false) {
+
+		$base = null;
+		$h = parse_url($outq['outq_posturl']);
+		if($h !== false) 
+			$base = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : '');
+
+		if(($base) && ($base !== z_root()) && ($immediate)) {
+			$y = q("select site_update, site_dead from site where site_url = '%s' ",
+				dbesc($base)
+			);
+			if($y) {
+				if(intval($y[0]['site_dead'])) {
+					self::remove_by_posturl($outq['outq_posturl']);
+					logger('dead site ignored ' . $base);
+					return;
+				}
+				if($y[0]['site_update'] < datetime_convert('UTC','UTC','now - 1 month')) {
+					self::update($outq['outq_hash'],10);
+					logger('immediate delivery deferred for site ' . $base);
+					return;
+				}
+			}
+			else {
+
+				// zot sites should all have a site record, unless they've been dead for as long as
+				// your site has existed. Since we don't know for sure what these sites are,
+				// call them unknown
+
+				site_store_lowlevel( 
+					[
+						'site_url'    => $base,
+						'site_update' => datetime_convert(),
+						'site_dead'   => 0,
+						'site_type'   => intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN),
+						'site_crypto' => ''
+					]
+				);
+			}
+		}
+
+		$arr = array('outq' => $outq, 'base' => $base, 'handled' => false, 'immediate' => $immediate);
+		call_hooks('queue_deliver',$arr);
+		if($arr['handled'])
+			return;
+
+		// "post" queue driver - used for diaspora and friendica-over-diaspora communications.
+
+		if($outq['outq_driver'] === 'post') {
+			$result = z_post_url($outq['outq_posturl'],$outq['outq_msg']);
+			if($result['success'] && $result['return_code'] < 300) {
+				logger('deliver: queue post success to ' . $outq['outq_posturl'], LOGGER_DEBUG);
+				if($base) {
+					q("update site set site_update = '%s', site_dead = 0 where site_url = '%s' ",
+						dbesc(datetime_convert()),
+						dbesc($base)
+					);
+				}
+				q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'",
+					dbesc('accepted for delivery'),
+					dbesc(datetime_convert()),
+					dbesc($outq['outq_hash'])
+				);
+				self::remove($outq['outq_hash']);
+
+				// server is responding - see if anything else is going to this destination and is piled up 
+				// and try to send some more. We're relying on the fact that do_delivery() results in an 
+				// immediate delivery otherwise we could get into a queue loop. 
+
+				if(! $immediate) {
+					$x = q("select outq_hash from outq where outq_posturl = '%s' and outq_delivered = 0",
+						dbesc($outq['outq_posturl'])
+					);
+	
+					$piled_up = array();
+					if($x) {
+						foreach($x as $xx) {
+							 $piled_up[] = $xx['outq_hash'];
+						}
+					}
+					if($piled_up) {
+						// call do_delivery() with the force flag
+						do_delivery($piled_up, true);
+					}
+				}
+			}
+			else {
+				logger('deliver: queue post returned ' . $result['return_code'] 
+					. ' from ' . $outq['outq_posturl'],LOGGER_DEBUG);
+					self::update($outq['outq_hash'],10);
+			}
+			return;
+		}
+
+		// normal zot delivery
+
+		logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);
+
+
+		if($outq['outq_posturl'] === z_root() . '/zot') {
+			// local delivery
+			$zot = new \Zotlabs\Zot6\Receiver(new \Zotlabs\Zot6\Zot6Handler(),$outq['outq_notify']);
+			$result = $zot->run(true);
+			logger('returned_json: ' . json_encode($result,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DATA);
+			logger('deliver: local zot delivery succeeded to ' . $outq['outq_posturl']);
+			Libzot::process_response($outq['outq_posturl'],[ 'success' => true, 'body' => json_encode($result) ], $outq);
+		}
+		else {
+			logger('remote');
+			$channel = null;
+
+			if($outq['outq_channel']) {
+				$channel = channelx_by_n($outq['outq_channel']);
+			}
+
+			$host_crypto = null;
+
+			if($channel && $base) {
+				$h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1",
+					dbesc($base)
+				);
+				if($h) {
+					$host_crypto = $h[0];
+				}
+			}
+
+			$msg = $outq['outq_notify'];
+
+			$result = Libzot::zot($outq['outq_posturl'],$msg,$channel,$host_crypto);
+
+			if($result['success']) {
+				logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
+				Libzot::process_response($outq['outq_posturl'],$result, $outq);
+			}
+			else {
+				logger('deliver: remote zot delivery failed to ' . $outq['outq_posturl']);
+				logger('deliver: remote zot delivery fail data: ' . print_r($result,true), LOGGER_DATA);
+				self::update($outq['outq_hash'],10);
+			}
+		}
+		return;
+	}
+}
+

Zotlabs/Lib/Share.php

@@ -0,0 +1,143 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+
+class Share {
+
+	private $item = null;
+
+
+	public function __construct($post_id) {
+	
+		if(! $post_id)
+			return;
+	
+		if(! (local_channel() || remote_channel()))
+			return;
+	
+		$r = q("SELECT * from item left join xchan on author_xchan = xchan_hash WHERE id = %d  LIMIT 1",
+			intval($post_id)
+		);
+		if(! $r)
+			return;
+
+		if(($r[0]['item_private']) && ($r[0]['xchan_network'] !== 'rss'))
+			return;
+	
+		$sql_extra = item_permissions_sql($r[0]['uid']);
+	
+		$r = q("select * from item where id = %d $sql_extra",
+			intval($post_id)
+		);
+		if(! $r)
+			return;
+	
+		if($r[0]['mimetype'] !== 'text/bbcode')
+			return;
+	
+		/** @FIXME eventually we want to post remotely via rpost on your home site */
+		// When that works remove this next bit:
+	
+		if(! local_channel())
+			return;
+
+		xchan_query($r);
+	
+		$this->item = $r[0];
+		return;
+	}
+
+	public function obj() {
+		$obj = [];
+
+		if(! $this->item)
+			return $obj;
+
+		$obj['type']         = $this->item['obj_type'];
+		$obj['id']           = $this->item['mid'];
+		$obj['content']      = $this->item['body'];
+		$obj['content_type'] = $this->item['mimetype'];
+		$obj['title']        = $this->item['title'];
+		$obj['created']      = $this->item['created'];
+		$obj['edited']       = $this->item['edited'];
+		$obj['author'] = [
+			'name'     => $this->item['author']['xchan_name'],
+			'address'  => $this->item['author']['xchan_addr'],
+			'network'  => $this->item['author']['xchan_network'],
+			'link'     => [
+				[ 
+					'rel'  => 'alternate', 
+					'type' => 'text/html', 
+					'href' => $this->item['author']['xchan_url']
+				],
+				[
+					'rel'  => 'photo', 
+					'type' => $this->item['author']['xchan_photo_mimetype'], 
+					'href' => $this->item['author']['xchan_photo_m']
+				]
+			]
+		];
+
+		$obj['owner'] = [
+			'name'     => $this->item['owner']['xchan_name'],
+			'address'  => $this->item['owner']['xchan_addr'],
+			'network'  => $this->item['owner']['xchan_network'],
+			'link'     => [
+				[ 
+					'rel'  => 'alternate', 
+					'type' => 'text/html', 
+					'href' => $this->item['owner']['xchan_url']
+				],
+				[
+					'rel'  => 'photo', 
+					'type' => $this->item['owner']['xchan_photo_mimetype'], 
+					'href' => $this->item['owner']['xchan_photo_m']
+				]
+			]
+		];
+
+		$obj['link'] = [
+			'rel'  => 'alternate',
+			'type' => 'text/html',
+			'href' => $this->item['plink']
+		];
+
+		return $obj;
+	}
+
+	public function bbcode() {
+		$bb = EMPTY_STR;
+
+		if(! $this->item)
+			return $bb;
+
+		$is_photo = (($this->item['obj_type'] === ACTIVITY_OBJ_PHOTO) ? true : false);
+		if($is_photo) {
+			$object = json_decode($this->item['obj'],true);
+			$photo_bb = $object['body'];
+		}
+	
+		if (strpos($this->item['body'], "[/share]") !== false) {
+			$pos = strpos($this->item['body'], "[share");
+			$bb = substr($this->item['body'], $pos);
+		} else {
+			$bb = "[share author='".urlencode($this->item['author']['xchan_name']).
+				"' profile='"    . $this->item['author']['xchan_url'] .
+				"' avatar='"     . $this->item['author']['xchan_photo_s'] .
+				"' link='"       . $this->item['plink'] .
+				"' auth='"       . (($this->item['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' posted='"     . $this->item['created'] .
+				"' message_id='" . $this->item['mid'] .
+			"']";
+			if($this->item['title'])
+				$bb .= '[b]'.$this->item['title'].'[/b]'."\r\n";
+			$bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']);
+			$bb .= "[/share]";
+		}
+
+		return $bb;
+
+	}
+
+}

Zotlabs/Lib/System.php

@@ -54,7 +54,7 @@ class System {
 	static public function get_project_srclink() {
 		if(is_array(\App::$config) && is_array(\App::$config['system']) && \App::$config['system']['project_srclink'])
 			return \App::$config['system']['project_srclink'];
-		return 'https://github.com/redmatrix/hubzilla';
+		return 'https://framagit.org/hubzilla/core.git';
 	}
 
 	static public function get_server_role() {

Zotlabs/Lib/ThreadItem.php

@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Lib;
 
+use Zotlabs\Lib\Apps;
+
 require_once('include/text.php');
 
 /**
@@ -102,6 +104,13 @@ class ThreadItem {
 		if($item['author']['xchan_network'] === 'rss')
 			$shareable = true;
 
+		$privacy_warning = false;
+		if(($item['item_private'] == 1) && ($item['owner']['xchan_network'] === 'activitypub')) {
+			$recips = get_iconfig($item['parent'], 'activitypub', 'recips');
+
+			if(! in_array($observer['xchan_url'], $recips['to']))
+				$privacy_warning = true;
+		}
 
 		$mode = $conv->get_mode();
 
@@ -141,6 +150,10 @@ class ThreadItem {
 				'delete' => t('Delete'),
 			);
 		}		
+		elseif(is_site_admin()) {
+			$drop = [ 'dropping' => true, 'delete' => t('Admin Delete') ];
+		}
+
 // FIXME
 		if($observer_is_pageowner) {		
 			$multidrop = array(
@@ -232,16 +245,9 @@ class ThreadItem {
 			// FIXME check this permission
 			if(($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) {
 
-// FIXME we don't need all this stuff, some can be done in the template
-
 				$star = array(
-					'do' => t("Add Star"),
-					'undo' => t("Remove Star"),
 					'toggle' => t("Toggle Star Status"),
-					'classdo' => (intval($item['item_starred']) ? "hidden" : ""),
-					'classundo' => (intval($item['item_starred']) ? "" : "hidden"),
-					'isstarred' => (intval($item['item_starred']) ? "starred fa-star" : "unstarred fa-star-o"),
-					'starred' =>  t('starred'),
+					'isstarred' => ((intval($item['item_starred'])) ? true : false),
 				);
 
 			}
@@ -255,7 +261,7 @@ class ThreadItem {
 		$forged = ((($item['sig']) && (! intval($item['item_verified']))) ? t('Message signature incorrect') : '');
 		$unverified = '' ; // (($this->is_wall_to_wall() && (! intval($item['item_verified']))) ? t('Message cannot be verified') : '');
 
-
+		$settings = '';
 
 		// FIXME - check this permission
 		if($conv->get_profile_owner() == local_channel()) {
@@ -263,12 +269,14 @@ class ThreadItem {
 				'tagit' => t("Add Tag"),
 				'classtagger' => "",
 			);
+
+			$settings = t('Conversation Tools');
 		}
 
 		$has_bookmarks = false;
-		if(is_array($item['term'])) {
+		if(Apps::system_app_installed(local_channel(), 'Bookmarks') && is_array($item['term'])) {
 			foreach($item['term'] as $t) {
-				if((get_account_techlevel() > 0) && ($t['ttype'] == TERM_BOOKMARK))
+				if(($t['ttype'] == TERM_BOOKMARK))
 					$has_bookmarks = true;
 			}
 		}
@@ -321,6 +329,10 @@ class ThreadItem {
 
 		$has_tags = (($body['tags'] || $body['categories'] || $body['mentions'] || $body['attachments'] || $body['folders']) ? true : false);
 
+                $dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
+                call_hooks('dropdown_extras',$dropdown_extras_arr);
+                $dropdown_extras = $dropdown_extras_arr['dropdown_extras'];
+
 		$tmp_item = array(
 			'template' => $this->get_template(),
 			'mode' => $mode,
@@ -366,6 +378,7 @@ class ThreadItem {
 			'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r')) : ''),
 			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
 			'lock' => $lock,
+			'privacy_warning' => $privacy_warning,
 			'verified' => $verified,
 			'unverified' => $unverified,
 			'forged' => $forged,
@@ -399,6 +412,7 @@ class ThreadItem {
 			'addtocal'  => (($has_event) ? t('Add to Calendar') : ''),
 			'drop'      => $drop,
 			'multidrop' => ((feature_enabled($conv->get_profile_owner(),'multi_delete')) ? $multidrop : ''),
+                        'dropdown_extras' => $dropdown_extras,
 // end toolbar buttons
 
 			'unseen_comments' => $unseen_comments,
@@ -426,7 +440,8 @@ class ThreadItem {
 			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
 			'submid' => str_replace(['+','='], ['',''], base64_encode($item['mid'])),
-			'thread_level' => $thread_level
+			'thread_level' => $thread_level,
+			'settings' => $settings
 		);
 
 		$arr = array('item' => $item, 'output' => $tmp_item);
@@ -730,12 +745,11 @@ class ThreadItem {
 
 		$observer = $conv->get_observer();
 
-		$qc = ((local_channel()) ? get_pconfig(local_channel(),'system','qcomment') : null);
-		$qcomment = (($qc) ? explode("\n",$qc) : null);
-
 		$arr = array('comment_buttons' => '','id' => $this->get_id());
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
+		
+		$feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");
 
 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
@@ -744,7 +758,6 @@ class ThreadItem {
 			'$type' => (($conv->get_mode() === 'channel') ? 'wall-comment' : 'net-comment'),
 			'$id' => $this->get_id(),
 			'$parent' => $this->get_id(),
-			'$qcomment' => $qcomment,
 			'$comment_buttons' => $comment_buttons,
 			'$profile_uid' =>  $conv->get_profile_owner(),
 			'$mylink' => $observer['xchan_url'],
@@ -758,7 +771,7 @@ class ThreadItem {
 			'$edquote' => t('Quote'),
 			'$edcode' => t('Code'),
 			'$edimg' => t('Image'),
-			'$edatt' => t('Attach File'),
+			'$edatt' => t('Attach/Upload file'),
 			'$edurl' => t('Insert Link'),
 			'$edvideo' => t('Video'),
 			'$preview' => t('Preview'), // ((feature_enabled($conv->get_profile_owner(),'preview')) ? t('Preview') : ''),
@@ -772,7 +785,8 @@ class ThreadItem {
 			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)') ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ],
+			'$auto_save_draft' => $feature_auto_save_draft,
 		));
 
 		return $comment_box;

Zotlabs/Lib/ThreadStream.php

@@ -196,7 +196,6 @@ class ThreadStream {
 			$item->set_commentable(false);
 		} 
 
-		require_once('include/channel.php');
 
 		$item->set_conversation($this);
 		$this->threads[] = $item;

Zotlabs/Lib/Verify.php

@@ -1,6 +1,6 @@
 <?php
 
-namespace Zotlabs\Zot;
+namespace Zotlabs\Lib;
 
 
 class Verify {

Zotlabs/Lib/Webfinger.php

@@ -0,0 +1,109 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * @brief Fetch and return a webfinger for a resource
+ *
+ * @param string $resource - The resource
+ * @return boolean|string false or associative array from result JSON
+ */
+
+class Webfinger {
+
+	static private $server   = EMPTY_STR;
+	static private $resource = EMPTY_STR;
+
+	static function exec($resource) {
+
+		if(! $resource) {
+			return false;
+		}
+
+		self::parse_resource($resource);
+
+		if(! ( self::$server && self::$resource)) {
+			return false;
+		}
+
+		if(! check_siteallowed(self::$server)) {
+			logger('blacklisted: ' . self::$server);
+			return false;
+		}
+
+		btlogger('fetching resource: ' . self::$resource . ' from ' . self::$server, LOGGER_DEBUG, LOG_INFO);
+
+		$url = 'https://' . self::$server . '/.well-known/webfinger?f=&resource=' . self::$resource ;
+
+		$counter = 0;
+		$s = z_fetch_url($url, false, $counter, [ 'headers' => [ 'Accept: application/jrd+json, */*' ] ]);
+
+		if($s['success']) {
+			$j = json_decode($s['body'], true);
+			return($j);
+		}
+
+		return false;
+	}
+
+	static function parse_resource($resource) {
+
+		self::$resource = urlencode($resource);
+
+		if(strpos($resource,'http') === 0) {
+			$m = parse_url($resource);
+			if($m) {
+				if($m['scheme'] !== 'https') {
+					return false;
+				}
+				self::$server = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
+			}
+			else {
+				return false;
+			}
+		}
+		elseif(strpos($resource,'tag:') === 0) {
+			$arr = explode(':',$resource); // split the tag
+			$h = explode(',',$arr[1]); // split the host,date
+			self::$server = $h[0];
+		}
+		else {
+			$x = explode('@',$resource);
+			$username = $x[0];
+			if(count($x) > 1) {
+				self::$server = $x[1];
+			}
+			else {
+				return false;
+			}
+			if(strpos($resource,'acct:') !== 0) {
+				self::$resource = urlencode('acct:' . $resource);
+			}
+		}
+
+	}
+
+	/**
+	 * @brief fetch a webfinger resource and return a zot6 discovery url if present
+	 *
+	 */ 
+
+	static function zot_url($resource) {
+
+		$arr = self::exec($resource);
+
+		if(is_array($arr) && array_key_exists('links',$arr)) {
+			foreach($arr['links'] as $link) {
+				if(array_key_exists('rel',$link) && $link['rel'] === PROTOCOL_ZOT6) {
+					if(array_key_exists('href',$link) && $link['href'] !== EMPTY_STR) {
+						return $link['href'];
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+
+
+}

Zotlabs/Lib/ZotDriver.php

@@ -1,30 +0,0 @@
-<?php /** @file */
-
-namespace Zotlabs\Lib;
-
-
-class ZotDriver extends ProtoDriver {
-
-	protected function discover($channel,$location) {
-
-	}
-	protected function deliver($item,$channel,$recipients) {
-
-	}
-	protected function collect($channel,$connection) {
-
-	}
-	protected function change_permissions($permissions,$channel,$recipient) {
-
-	}
-	protected function acknowledge_permissions($permissions,$channel,$recipient) {
-
-	}
-	protected function deliver_private($item,$channel,$recipients) {
-
-	}
-	protected function collect_private($channel,$connection) {
-
-	}
-
-}

Zotlabs/Lib/Zotfinger.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Web\HTTPSig;
+
+class Zotfinger {
+
+	static function exec($resource,$channel = null) {
+
+		if(! $resource) {
+			return false;
+		}
+
+		if($channel) {
+			$headers = [ 
+				'Accept'      => 'application/x-zot+json', 
+				'X-Zot-Token' => random_string(),
+			];
+			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
+		}
+		else {
+			$h = [ 'Accept: application/x-zot+json' ]; 
+		}
+				
+		$result = [];
+
+
+		$redirects = 0;
+		$x = z_fetch_url($resource,false,$redirects, [ 'headers' => $h  ] );
+
+		if($x['success']) {
+			
+			$result['signature'] = HTTPSig::verify($x);
+    
+			$result['data'] = json_decode($x['body'],true);
+
+			if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) {
+				$result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true);
+			}
+
+			return $result;
+		}
+
+		return false;
+	}
+
+
+
+}

Zotlabs/Module/Acl.php

@@ -1,36 +1,39 @@
 <?php
+
 namespace Zotlabs\Module;
 
-/*
- * ACL selector json backend 
+require_once 'include/acl_selectors.php';
+require_once 'include/group.php';
+
+/**
+ * @brief ACL selector json backend.
+ *
  * This module provides JSON lists of connections and local/remote channels
  * (xchans) to populate various tools such as the ACL (AccessControlList) popup
- * and various auto-complete functions (such as email recipients, search, and 
+ * and various auto-complete functions (such as email recipients, search, and
  * mention targets.
+ *
  * There are two primary output structural formats. One for the ACL widget and
  * the other for auto-completion.
- * Many of the  behaviour variations are triggered on the use of single character keys
- * however this functionality has grown in an ad-hoc manner and has gotten quite messy over time.    
+ *
+ * Many of the behaviour variations are triggered on the use of single character
+ * keys however this functionality has grown in an ad-hoc manner and has gotten
+ * quite messy over time.
  */
-
-require_once("include/acl_selectors.php");
-require_once("include/group.php");
-
-
 class Acl extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
-		logger('mod_acl: ' . print_r($_REQUEST,true));
-	
+
+		// logger('mod_acl: ' . print_r($_GET,true),LOGGER_DATA);
+
 		$start    = (x($_REQUEST,'start')  ? $_REQUEST['start']  : 0);
 		$count    = (x($_REQUEST,'count')  ? $_REQUEST['count']  : 500);
 		$search   = (x($_REQUEST,'search') ? $_REQUEST['search'] : '');
 		$type     = (x($_REQUEST,'type')   ? $_REQUEST['type']   : '');
-		$noforums = (x($_REQUEST,'n')      ? $_REQUEST['n']      : false);	
+		$noforums = (x($_REQUEST,'n')      ? $_REQUEST['n']      : false);
 
 
-		// $type = 
+		// $type =
 		//  ''   =>  standard ACL request
 		//  'g'  =>  Groups only ACL request
 		//  'f'  =>  forums only ACL request
@@ -78,8 +81,8 @@ class Acl extends \Zotlabs\Web\Controller {
 
 
 		if($search) {
-			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
-			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc($search) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
+			$sql_extra = " AND pgrp.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
 	
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
 			// Would be MUCH easier if it instead returned a very large value
@@ -89,10 +92,9 @@ class Acl extends \Zotlabs\Web\Controller {
 			$order_extra2 = "CASE WHEN xchan_name LIKE " 
 					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
 					. " then POSITION('" . protect_sprintf(dbesc($search)) 
-					. "' IN xchan_name) else position('" . protect_sprintf(dbesc($search)) . "' IN xchan_addr) end, ";
+					. "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, ";
 
-			$col = ((strpos($search,'@') !== false) ? 'xchan_addr' : 'xchan_name' );
-			$sql_extra3 = "AND $col like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra3 = "AND ( xchan_addr like " . protect_sprintf( "'%" . dbesc(punify($search)) . "%'" ) . " OR xchan_name like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ) ";
 	
 		}
 		else {
@@ -126,13 +128,13 @@ class Acl extends \Zotlabs\Web\Controller {
 
 			// Normal privacy groups
 
-			$r = q("SELECT groups.id, groups.hash, groups.gname
-					FROM groups, group_member 
-					WHERE groups.deleted = 0 AND groups.uid = %d 
-					AND group_member.gid = groups.id
+			$r = q("SELECT pgrp.id, pgrp.hash, pgrp.gname
+					FROM pgrp, pgrp_member 
+					WHERE pgrp.deleted = 0 AND pgrp.uid = %d 
+					AND pgrp_member.gid = pgrp.id
 					$sql_extra
-					GROUP BY groups.id
-					ORDER BY groups.gname 
+					GROUP BY pgrp.id
+					ORDER BY pgrp.gname 
 					LIMIT %d OFFSET %d",
 				intval(local_channel()),
 				intval($count),
@@ -265,15 +267,15 @@ class Acl extends \Zotlabs\Web\Controller {
 					});
 				}
 			}
-			if(intval(get_config('system','taganyone')) || intval(get_pconfig(local_channel(),'system','taganyone'))) {
-				if((count($r) < 100) && $type == 'c') {
-					$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
-						FROM xchan 
-						WHERE xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" 
-					);
-					if($r2)
-						$r = array_merge($r,$r2);
-				}
+			if((count($r) < 100) && $type == 'c') {
+				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
+					FROM xchan 
+					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2 order by $order_extra2 xchan_name asc" 
+				);
+				if($r2) {
+					$r = array_merge($r,$r2);
+					$r = unique_multidim_array($r,'hash');
+				}		
 			}
 		}
 		elseif($type == 'm') {
@@ -334,24 +336,23 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($r) {
 			foreach($r as $g) {
 	
-				if(($g['network'] === 'rss') && ($type != 'a'))
+				if(in_array($g['network'],['rss','anon','unknown']) && ($type != 'a'))
 					continue;
 
 				$g['hash'] = urlencode($g['hash']);
 				
 				if(! $g['nick']) {
-					$t = explode(' ',strtolower($g['name']));
-					$g['nick'] = $t[0] . '@';
+					$g['nick'] = $g['url'];
 				}
 
-				if(in_array($g['hash'],$permitted) && in_array($type, [ 'c', 'f' ]) && (! $noforums)) {
+				if(in_array($g['hash'],$permitted) && $type === 'f' && (! $noforums)) {
 					$contacts[] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
-						"name"     => $g['name'] . (($type === 'f') ? '' : '+'),
-						"id"	   => urlencode($g['id']) . (($type === 'f') ? '' : '+'),
+						"name"     => $g['name'],
+						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => $g['nick'],
+						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => 'taggable',
@@ -365,8 +366,8 @@ class Acl extends \Zotlabs\Web\Controller {
 						"name"     => $g['name'],
 						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => $g['nick'],
-						"nick"     => (($g['nick']) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
+						"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => '',
 						"label"    => '',
@@ -382,15 +383,13 @@ class Acl extends \Zotlabs\Web\Controller {
 			'count'	=> $count,
 			'items'	=> $items,
 		);
-	
-	
-		
+
 		echo json_encode($o);
-	
+
 		killme();
 	}
-	
-	
+
+
 	function navbar_complete(&$a) {
 	
 	//	logger('navbar_complete');
@@ -434,7 +433,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
 			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
-			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode($search) : '');
+			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
 	
 			$x = z_fetch_url($query);
 			if($x['success']) {
@@ -447,5 +446,5 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		return array();
 	}
-	
+
 }

Zotlabs/Module/Admin.php

@@ -100,12 +100,16 @@ class Admin extends \Zotlabs\Web\Controller {
 		}
 
 		// pending registrations
-		$r = q("SELECT COUNT(id) AS rtotal FROM register WHERE uid != '0'");
-		$pending = $r[0]['rtotal'];
+
+		$pdg = q("SELECT account.*, register.hash from account left join register on account_id = register.uid where (account_flags & %d ) > 0 ",
+			intval(ACCOUNT_PENDING)
+		);
+
+		$pending = (($pdg) ? count($pdg) : 0);
 
 		// available channels, primary and clones
 		$channels = array();
-		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
+		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0 and channel_system = 0");
 		if ($r) {
 			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
 			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
@@ -140,7 +144,7 @@ class Admin extends \Zotlabs\Web\Controller {
 			'$accounts' => array( t('Registered accounts'), $accounts),
 			'$pending'  => array( t('Pending registrations'), $pending),
 			'$channels' => array( t('Registered channels'), $channels),
-			'$plugins'  => array( t('Active plugins'), $plugins ),
+			'$plugins'  => array( t('Active addons'), $plugins ),
 			'$version'  => array( t('Version'), STD_VERSION),
 			'$vmaster'  => array( t('Repository version (master)'), $vmaster),
 			'$vdev'     => array( t('Repository version (dev)'), $vdev),

Zotlabs/Module/Admin/Account_edit.php

@@ -31,7 +31,7 @@ class Account_edit {
 		}
 
 		$service_class = trim($_REQUEST['service_class']);
-		$account_level = intval(trim($_REQUEST['account_level']));
+		$account_level = 5;
 		$account_language = trim($_REQUEST['account_language']);
 
 		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
@@ -68,7 +68,6 @@ class Account_edit {
 			'$title' => t('Account Edit'),
 			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
 			'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
-			'$account_level' => [ 'account_level', t('Technical skill level'), $x[0]['account_level'], '', \Zotlabs\Lib\Techlevels::levels() ],
 			'$account_language' => [ 'account_language' , t('Account language (for emails)'), $x[0]['account_language'], '', language_list() ],
 			'$service_class' => [ 'service_class', t('Service class'), $x[0]['account_service_class'], '' ],
 			'$submit' => t('Submit'),
@@ -81,4 +80,4 @@ class Account_edit {
 	}
 
 
-}
+}

Zotlabs/Module/Admin/Accounts.php

@@ -16,6 +16,7 @@ class Accounts {
 	 */
 
 	function post() {
+
 		$pending = ( x($_POST, 'pending') ? $_POST['pending'] : array() );
 		$users   = ( x($_POST, 'user')    ? $_POST['user']    : array() );
 		$blocked = ( x($_POST, 'blocked') ? $_POST['blocked'] : array() );
@@ -24,7 +25,7 @@ class Accounts {
 	
 		// change to switch structure?
 		// account block/unblock button was submitted
-		if (x($_POST, 'page_users_block')) {
+		if (x($_POST, 'page_accounts_block')) {
 			for ($i = 0; $i < count($users); $i++) {
 				// if account is blocked remove blocked bit-flag, otherwise add blocked bit-flag
 				$op = ($blocked[$i]) ? '& ~' : '| ';
@@ -43,13 +44,13 @@ class Accounts {
 			notice( sprintf( tt("%s account deleted", "%s accounts deleted", count($users)), count($users)) );
 		}
 		// registration approved button was submitted
-		if (x($_POST, 'page_users_approve')) {
+		if (x($_POST, 'page_accounts_approve')) {
 			foreach ($pending as $hash) {
 				account_allow($hash);
 			}
 		}
 		// registration deny button was submitted
-		if (x($_POST, 'page_users_deny')) {
+		if (x($_POST, 'page_accounts_deny')) {
 			foreach ($pending as $hash) {
 				account_deny($hash);
 			}
@@ -132,12 +133,13 @@ class Accounts {
 
 		$base = z_root() . '/admin/accounts?f=';
 		$odir = (($dir === 'asc') ? '0' : '1');
-	
+
 		$users = q("SELECT account_id , account_email, account_lastlog, account_created, account_expires, account_service_class, ( account_flags & %d ) > 0 as blocked, 
 			(SELECT %s FROM channel as ch WHERE ch.channel_account_id = ac.account_id and ch.channel_removed = 0 ) as channels FROM account as ac 
-			where true $serviceclass order by $key $dir limit %d offset %d ",
+			where true $serviceclass and account_flags != %d order by $key $dir limit %d offset %d ",
 			intval(ACCOUNT_BLOCKED),
 			db_concat('ch.channel_address', ' '),
+			intval(ACCOUNT_BLOCKED | ACCOUNT_PENDING),
 			intval(\App::$pager['itemspage']),
 			intval(\App::$pager['start'])
 		);
@@ -202,4 +204,4 @@ class Accounts {
 	}
 	
 
-}
+}

Zotlabs/Module/Admin/Addons.php

@@ -0,0 +1,479 @@
+<?php
+
+namespace Zotlabs\Module\Admin;
+
+use \Zotlabs\Storage\GitRepo;
+use \Michelf\MarkdownExtra;
+
+class Addons {
+
+	/**
+	 * @brief
+	 *
+	 */
+	function post() {
+
+		if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) {
+			@include_once("addon/" . argv(2) . "/" . argv(2) . ".php");
+			if(function_exists(argv(2).'_plugin_admin_post')) {
+				$func = argv(2) . '_plugin_admin_post';
+				$func($a);
+			}
+
+			goaway(z_root() . '/admin/addons/' . argv(2) );
+		}
+		elseif(argc() > 2) {
+			switch(argv(2)) {
+				case 'updaterepo':
+					if (array_key_exists('repoName', $_REQUEST)) {
+						$repoName = $_REQUEST['repoName'];
+					}
+					else {
+						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
+					}
+					$extendDir = 'store/[data]/git/sys/extend';
+					$addonDir = $extendDir . '/addon';
+					if (!file_exists($extendDir)) {
+						if (!mkdir($extendDir, 0770, true)) {
+							logger('Error creating extend folder: ' . $extendDir);
+							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+						}
+						else {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
+								logger('Error creating symlink to addon folder: ' . $addonDir);
+								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+							}
+						}
+					}
+					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
+					if (!is_dir($repoDir)) {
+						logger('Repo directory does not exist: ' . $repoDir);
+						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
+					}
+					if (!is_writable($repoDir)) {
+						logger('Repo directory not writable to web server: ' . $repoDir);
+						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
+					}
+					$git = new GitRepo('sys', null, false, $repoName, $repoDir);
+					try {
+						if ($git->pull()) {
+							$files = array_diff(scandir($repoDir), array('.', '..'));
+							foreach ($files as $file) {
+								if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
+									$source = '../extend/addon/' . $repoName . '/' . $file;
+									$target = realpath('addon/') . '/' . $file;
+									unlink($target);
+									if (!symlink($source, $target)) {
+										logger('Error linking addons to /addon');
+										json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
+									}
+								}
+							}
+							json_return_and_die(array('message' => 'Repo updated.', 'success' => true));
+						} else {
+							json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
+						}
+					} catch (\PHPGit\Exception\GitException $e) {
+						json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
+					}
+				case 'removerepo':
+					if (array_key_exists('repoName', $_REQUEST)) {
+						$repoName = $_REQUEST['repoName'];
+					} else {
+						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
+					}
+					$extendDir = 'store/[data]/git/sys/extend';
+					$addonDir = $extendDir . '/addon';
+					if (!file_exists($extendDir)) {
+						if (!mkdir($extendDir, 0770, true)) {
+							logger('Error creating extend folder: ' . $extendDir);
+							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+						} else {
+							if (!symlink(realpath('extend/addon'), $addonDir)) {
+								logger('Error creating symlink to addon folder: ' . $addonDir);
+								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+							}
+						}
+					}
+					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
+					if (!is_dir($repoDir)) {
+						logger('Repo directory does not exist: ' . $repoDir);
+						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
+					}
+					if (!is_writable($repoDir)) {
+						logger('Repo directory not writable to web server: ' . $repoDir);
+						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
+					}
+					/// @TODO remove directory and unlink /addon/files
+					if (rrmdir($repoDir)) {
+						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
+					} else {
+						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
+					}
+				case 'installrepo':
+					if (array_key_exists('repoURL', $_REQUEST)) {
+						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
+						$repoURL = $_REQUEST['repoURL'];
+						$extendDir = 'store/[data]/git/sys/extend';
+						$addonDir = $extendDir . '/addon';
+						if (!file_exists($extendDir)) {
+							if (!mkdir($extendDir, 0770, true)) {
+								logger('Error creating extend folder: ' . $extendDir);
+								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+							} else {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
+									logger('Error creating symlink to addon folder: ' . $addonDir);
+									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+								}
+							}
+						}
+						if (!is_writable($extendDir)) {
+							logger('Directory not writable to web server: ' . $extendDir);
+							json_return_and_die(array('message' => 'Directory not writable to web server.', 'success' => false));
+						}
+						$repoName = null;
+						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
+							$repoName = $_REQUEST['repoName'];
+						} else {
+							$repoName = GitRepo::getRepoNameFromURL($repoURL);
+						}
+						if (!$repoName) {
+							logger('Invalid git repo');
+							json_return_and_die(array('message' => 'Invalid git repo', 'success' => false));
+						}
+						$repoDir = $addonDir . '/' . $repoName;
+						$tempRepoBaseDir = 'store/[data]/git/sys/temp/';
+						$tempAddonDir = $tempRepoBaseDir . $repoName;
+
+						if (!is_writable($addonDir) || !is_writable($tempAddonDir)) {
+							logger('Temp repo directory or /extend/addon not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => 'Temp repo directory not writable to web server.', 'success' => false));
+						}
+						rename($tempAddonDir, $repoDir);
+
+						if (!is_writable(realpath('addon/'))) {
+							logger('/addon directory not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => '/addon directory not writable to web server.', 'success' => false));
+						}
+						$files = array_diff(scandir($repoDir), array('.', '..'));
+						foreach ($files as $file) {
+							if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
+								$source = '../extend/addon/' . $repoName . '/' . $file;
+								$target = realpath('addon/') . '/' . $file;
+								unlink($target);
+								if (!symlink($source, $target)) {
+									logger('Error linking addons to /addon');
+									json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
+								}
+							}
+						}
+						$git = new GitRepo('sys', $repoURL, false, $repoName, $repoDir);
+						$repo = $git->probeRepo();
+						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
+					}
+				case 'addrepo':
+					if (array_key_exists('repoURL', $_REQUEST)) {
+						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies
+						$repoURL = $_REQUEST['repoURL'];
+						$extendDir = 'store/[data]/git/sys/extend';
+						$addonDir = $extendDir . '/addon';
+						$tempAddonDir = realpath('store/[data]') . '/git/sys/temp';
+						if (!file_exists($extendDir)) {
+							if (!mkdir($extendDir, 0770, true)) {
+								logger('Error creating extend folder: ' . $extendDir);
+								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
+							} else {
+								if (!symlink(realpath('extend/addon'), $addonDir)) {
+									logger('Error creating symlink to addon folder: ' . $addonDir);
+									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
+								}
+							}
+						}
+						if (!is_dir($tempAddonDir)) {
+							if (!mkdir($tempAddonDir, 0770, true)) {
+								logger('Error creating temp plugin repo folder: ' . $tempAddonDir);
+								json_return_and_die(array('message' => 'Error creating temp plugin repo folder: ' . $tempAddonDir, 'success' => false));
+							}
+						}
+						$repoName = null;
+						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
+							$repoName = $_REQUEST['repoName'];
+						} else {
+							$repoName = GitRepo::getRepoNameFromURL($repoURL);
+						}
+						if (!$repoName) {
+							logger('Invalid git repo');
+							json_return_and_die(array('message' => 'Invalid git repo: ' . $repoName, 'success' => false));
+						}
+						$repoDir = $tempAddonDir . '/' . $repoName;
+						if (!is_writable($tempAddonDir)) {
+							logger('Temporary directory for new addon repo is not writable to web server: ' . $tempAddonDir);
+							json_return_and_die(array('message' => 'Temporary directory for new addon repo is not writable to web server.', 'success' => false));
+						}
+						// clone the repo if new automatically
+						$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
+
+						$remotes = $git->git->remote();
+						$fetchURL = $remotes['origin']['fetch'];
+						if ($fetchURL !== $git->url) {
+							if (rrmdir($repoDir)) {
+								$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
+							} else {
+								json_return_and_die(array('message' => 'Error deleting existing addon repo.', 'success' => false));
+							}
+						}
+						$repo = $git->probeRepo();
+						$repo['readme'] = $repo['manifest'] = null;
+						foreach ($git->git->tree('master') as $object) {
+							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
+								$repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash']));
+							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
+								$repo['manifest'] = $git->git->cat->blob($object['hash']);
+							}
+						}
+						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
+					} else {
+						json_return_and_die(array('message' => 'No repo URL provided', 'success' => false));
+					}
+					break;
+				default:
+					break;
+			}
+		}
+	}
+
+	/**
+	 * @brief Addons admin page.
+	 *
+	 * @return string with parsed HTML
+	 */
+	function get() {
+
+		/*
+		 * Single plugin
+		 */
+
+		if (\App::$argc == 3){
+			$plugin = \App::$argv[2];
+			if (!is_file("addon/$plugin/$plugin.php")){
+				notice( t("Item not found.") );
+				return '';
+			}
+
+			$enabled = in_array($plugin,\App::$plugins);
+			$info = get_plugin_info($plugin);
+			$x = check_plugin_versions($info);
+
+			// disable plugins which are installed but incompatible versions
+
+			if($enabled && ! $x) {
+				$enabled = false;
+				$idz = array_search($plugin, \App::$plugins);
+				if ($idz !== false) {
+					unset(\App::$plugins[$idz]);
+					uninstall_plugin($plugin);
+					set_config("system","addon", implode(", ",\App::$plugins));
+				}
+			}
+			$info['disabled'] = 1-intval($x);
+
+			if (x($_GET,"a") && $_GET['a']=="t"){
+				check_form_security_token_redirectOnErr('/admin/addons', 'admin_addons', 't');
+				$pinstalled = false;
+				// Toggle plugin status
+				$idx = array_search($plugin, \App::$plugins);
+				if ($idx !== false){
+					unset(\App::$plugins[$idx]);
+					uninstall_plugin($plugin);
+					$pinstalled = false;
+					info( sprintf( t("Plugin %s disabled."), $plugin ) );
+				} else {
+					\App::$plugins[] = $plugin;
+					install_plugin($plugin);
+					$pinstalled = true;
+					info( sprintf( t("Plugin %s enabled."), $plugin ) );
+				}
+				set_config("system","addon", implode(", ",\App::$plugins));
+
+				if($pinstalled) {
+					@require_once("addon/$plugin/$plugin.php");
+					if(function_exists($plugin.'_plugin_admin'))
+						goaway(z_root() . '/admin/addons/' . $plugin);
+				}
+				goaway(z_root() . '/admin/addons' );
+			}
+
+			// display plugin details
+
+			if (in_array($plugin, \App::$plugins)){
+				$status = 'on';
+				$action = t('Disable');
+			} else {
+				$status = 'off';
+				$action =  t('Enable');
+			}
+
+			$readme = null;
+			if (is_file("addon/$plugin/README.md")){
+				$readme = file_get_contents("addon/$plugin/README.md");
+				$readme = MarkdownExtra::defaultTransform($readme);
+			} else if (is_file("addon/$plugin/README")){
+				$readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
+			}
+
+			$admin_form = '';
+
+			$r = q("select * from addon where plugin_admin = 1 and aname = '%s' limit 1",
+				dbesc($plugin)
+			);
+
+			if($r) {
+				@require_once("addon/$plugin/$plugin.php");
+				if(function_exists($plugin.'_plugin_admin')) {
+					$func = $plugin.'_plugin_admin';
+					$func($a, $admin_form);
+				}
+			}
+
+
+			$t = get_markup_template('admin_plugins_details.tpl');
+			return replace_macros($t, array(
+				'$title' => t('Administration'),
+				'$page' => t('Addons'),
+				'$toggle' => t('Toggle'),
+				'$settings' => t('Settings'),
+				'$baseurl' => z_root(),
+
+				'$plugin' => $plugin,
+				'$status' => $status,
+				'$action' => $action,
+				'$info' => $info,
+				'$str_author' => t('Author: '),
+				'$str_maintainer' => t('Maintainer: '),
+				'$str_minversion' => t('Minimum project version: '),
+				'$str_maxversion' => t('Maximum project version: '),
+				'$str_minphpversion' => t('Minimum PHP version: '),
+				'$str_serverroles' => t('Compatible Server Roles: '),
+				'$str_requires' => t('Requires: '),
+				'$disabled' => t('Disabled - version incompatibility'),
+
+				'$admin_form' => $admin_form,
+				'$function' => 'addons',
+				'$screenshot' => '',
+				'$readme' => $readme,
+
+				'$form_security_token' => get_form_security_token('admin_addons'),
+			));
+		}
+
+
+		/*
+		 * List plugins
+		 */
+		$plugins = array();
+		$files = glob('addon/*/');
+		if($files) {
+			foreach($files as $file) {
+				if (is_dir($file)){
+					list($tmp, $id) = array_map('trim', explode('/', $file));
+					$info = get_plugin_info($id);
+					$enabled = in_array($id,\App::$plugins);
+					$x = check_plugin_versions($info);
+
+					// disable plugins which are installed but incompatible versions
+
+					if($enabled && ! $x) {
+						$enabled = false;
+						$idz = array_search($id, \App::$plugins);
+						if ($idz !== false) {
+							unset(\App::$plugins[$idz]);
+							uninstall_plugin($id);
+							set_config("system","addon", implode(", ",\App::$plugins));
+						}
+					}
+					$info['disabled'] = 1-intval($x);
+
+					$plugins[] = array( $id, (($enabled)?"on":"off") , $info);
+				}
+			}
+		}
+
+		usort($plugins,'self::plugin_sort');
+
+		$allowManageRepos = false;
+		if(is_writable('extend/addon') && is_writable('store/[data]')) {
+			$allowManageRepos = true;
+		}
+
+		$admin_plugins_add_repo_form= replace_macros(
+			get_markup_template('admin_plugins_addrepo.tpl'), array(
+				'$post' => 'admin/addons/addrepo',
+				'$desc' => t('Enter the public git repository URL of the addon repo.'),
+				'$repoURL' => array('repoURL', t('Addon repo git URL'), '', ''),
+				'$repoName' => array('repoName', t('Custom repo name'), '', '', t('(optional)')),
+				'$submit' => t('Download Addon Repo')
+			)
+		);
+		$newRepoModalID = random_string(3);
+		$newRepoModal = replace_macros(
+			get_markup_template('generic_modal.tpl'), array(
+				'$id' => $newRepoModalID,
+				'$title' => t('Install new repo'),
+				'$ok' => t('Install'),
+				'$cancel' => t('Cancel')
+			)
+		);
+
+		$reponames = $this->listAddonRepos();
+		$addonrepos = [];
+		foreach($reponames as $repo) {
+			$addonrepos[] = array('name' => $repo, 'description' => '');
+			/// @TODO Parse repo info to provide more information about repos
+		}
+
+		$t = get_markup_template('admin_plugins.tpl');
+		return replace_macros($t, array(
+			'$title' => t('Administration'),
+			'$page' => t('Addons'),
+			'$submit' => t('Submit'),
+			'$baseurl' => z_root(),
+			'$function' => 'addons',
+			'$plugins' => $plugins,
+			'$disabled' => t('Disabled - version incompatibility'),
+			'$form_security_token' => get_form_security_token('admin_addons'),
+			'$allowManageRepos' => $allowManageRepos,
+			'$managerepos' => t('Manage Repos'),
+			'$installedtitle' => t('Installed Addon Repositories'),
+			'$addnewrepotitle' =>	t('Install a New Addon Repository'),
+			'$expandform' => false,
+			'$form' => $admin_plugins_add_repo_form,
+			'$newRepoModal' => $newRepoModal,
+			'$newRepoModalID' => $newRepoModalID,
+			'$addonrepos' => $addonrepos,
+			'$repoUpdateButton' => t('Update'),
+			'$repoBranchButton' => t('Switch branch'),
+			'$repoRemoveButton' => t('Remove')
+		));
+	}
+
+	function listAddonRepos() {
+		$addonrepos = [];
+		$addonDir = 'extend/addon/';
+		if(is_dir($addonDir)) {
+			if ($handle = opendir($addonDir)) {
+				while (false !== ($entry = readdir($handle))) {
+					if ($entry != "." && $entry != "..") {
+						$addonrepos[] = $entry;
+					}
+				}
+				closedir($handle);
+			}
+		}
+		return $addonrepos;
+	}
+
+	static public function plugin_sort($a,$b) {
+		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
+	}
+
+}

Zotlabs/Module/Admin/Dbsync.php

@@ -7,36 +7,38 @@ namespace Zotlabs\Module\Admin;
 class Dbsync {
 	
 
-
-
 	function get() {
 		$o = '';
 	
 		if(argc() > 3 && intval(argv(3)) && argv(2) === 'mark') {
-			set_config('database', 'update_r' . intval(argv(3)), 'success');
-			if(intval(get_config('system','db_version')) <= intval(argv(3)))
-				set_config('system','db_version',intval(argv(3)) + 1);
+			// remove the old style config if it exists
+			del_config('database', 'update_r' . intval(argv(3)));
+			set_config('database', '_' . intval(argv(3)), 'success');
+			if(intval(get_config('system','db_version')) < intval(argv(3)))
+				set_config('system','db_version',intval(argv(3)));
 			info( t('Update has been marked successful') . EOL);
 			goaway(z_root() . '/admin/dbsync');
 		}
 	
 		if(argc() > 2 && intval(argv(2))) {
-			require_once('install/update.php');
-			$func = 'update_r' . intval(argv(2));
-			if(function_exists($func)) {
-				$retval = $func();
+			$x = intval(argv(2));
+			$s = '_' . $x;
+			$cls = '\\Zotlabs\Update\\' . $s ;
+			if(class_exists($cls)) {
+				$c =  new $cls();
+				$retval = $c->run();
 				if($retval === UPDATE_FAILED) {
-					$o .= sprintf( t('Executing %s failed. Check system logs.'), $func); 
+					$o .= sprintf( t('Executing %s failed. Check system logs.'), $s); 
 				}
 				elseif($retval === UPDATE_SUCCESS) {
-					$o .= sprintf( t('Update %s was successfully applied.'), $func);
-					set_config('database',$func, 'success');
+					$o .= sprintf( t('Update %s was successfully applied.'), $s);
+					set_config('database',$s, 'success');
 				}
 				else
-					$o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $func);
+					$o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $s);
 			}
 			else
-				$o .= sprintf( t('Update function %s could not be found.'), $func);
+				$o .= sprintf( t('Update function %s could not be found.'), $s);
 	
 			return $o;
 		}
@@ -45,23 +47,25 @@ class Dbsync {
 		$r = q("select * from config where cat = 'database' ");
 		if(count($r)) {
 			foreach($r as $rr) {
-				$upd = intval(substr($rr['k'],8));
+				$upd = intval(substr($rr['k'],-4));
 				if($rr['v'] === 'success')
 					continue;
 				$failed[] = $upd;
 			}
 		}
-		if(! count($failed))
-			return '<div class="generic-content-wrapper-styled"><h3>' . t('No failed updates.') . '</h3></div>';
-	
-		$o = replace_macros(get_markup_template('failed_updates.tpl'),array(
-			'$base' => z_root(),
-			'$banner' => t('Failed Updates'),
-			'$desc' => '',
-			'$mark' => t('Mark success (if update was manually applied)'),
-			'$apply' => t('Attempt to execute this update step automatically'),
-			'$failed' => $failed
+		if(count($failed)) {
+			$o = replace_macros(get_markup_template('failed_updates.tpl'),array(
+				'$base'   => z_root(),
+				'$banner' => t('Failed Updates'),
+				'$desc'   => '',
+				'$mark'   => t('Mark success (if update was manually applied)'),
+				'$apply'  => t('Attempt to execute this update step automatically'),
+				'$failed' => $failed
 		));
+		}
+		else {
+			return '<div class="generic-content-wrapper-styled"><h3>' . t('No failed updates.') . '</h3></div>';
+		}
 	
 		return $o;
 	}

Zotlabs/Module/Admin/Plugins.php

@@ -1,479 +0,0 @@
-<?php
-
-namespace Zotlabs\Module\Admin;
-
-use \Zotlabs\Storage\GitRepo as GitRepo;
-use \Michelf\MarkdownExtra;
-
-class Plugins {
-
-	/**
-	 * @brief
-	 *
-	 */
-	function post() {
-
-		if(argc() > 2 && is_file("addon/" . argv(2) . "/" . argv(2) . ".php")) {
-			@include_once("addon/" . argv(2) . "/" . argv(2) . ".php");
-			if(function_exists(argv(2).'_plugin_admin_post')) {
-				$func = argv(2) . '_plugin_admin_post';
-				$func($a);
-			}
-
-			goaway(z_root() . '/admin/plugins/' . argv(2) );
-		}
-		elseif(argc() > 2) {
-			switch(argv(2)) {
-				case 'updaterepo':
-					if (array_key_exists('repoName', $_REQUEST)) {
-						$repoName = $_REQUEST['repoName'];
-					}
-					else {
-						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
-					}
-					$extendDir = 'store/[data]/git/sys/extend';
-					$addonDir = $extendDir . '/addon';
-					if (!file_exists($extendDir)) {
-						if (!mkdir($extendDir, 0770, true)) {
-							logger('Error creating extend folder: ' . $extendDir);
-							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-						}
-						else {
-							if (!symlink(realpath('extend/addon'), $addonDir)) {
-								logger('Error creating symlink to addon folder: ' . $addonDir);
-								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-							}
-						}
-					}
-					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
-					if (!is_dir($repoDir)) {
-						logger('Repo directory does not exist: ' . $repoDir);
-						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
-					}
-					if (!is_writable($repoDir)) {
-						logger('Repo directory not writable to web server: ' . $repoDir);
-						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
-					}
-					$git = new GitRepo('sys', null, false, $repoName, $repoDir);
-					try {
-						if ($git->pull()) {
-							$files = array_diff(scandir($repoDir), array('.', '..'));
-							foreach ($files as $file) {
-								if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-									$source = '../extend/addon/' . $repoName . '/' . $file;
-									$target = realpath('addon/') . '/' . $file;
-									unlink($target);
-									if (!symlink($source, $target)) {
-										logger('Error linking addons to /addon');
-										json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
-									}
-								}
-							}
-							json_return_and_die(array('message' => 'Repo updated.', 'success' => true));
-						} else {
-							json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
-						}
-					} catch (\PHPGit\Exception\GitException $e) {
-						json_return_and_die(array('message' => 'Error updating addon repo.', 'success' => false));
-					}
-				case 'removerepo':
-					if (array_key_exists('repoName', $_REQUEST)) {
-						$repoName = $_REQUEST['repoName'];
-					} else {
-						json_return_and_die(array('message' => 'No repo name provided.', 'success' => false));
-					}
-					$extendDir = 'store/[data]/git/sys/extend';
-					$addonDir = $extendDir . '/addon';
-					if (!file_exists($extendDir)) {
-						if (!mkdir($extendDir, 0770, true)) {
-							logger('Error creating extend folder: ' . $extendDir);
-							json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-						} else {
-							if (!symlink(realpath('extend/addon'), $addonDir)) {
-								logger('Error creating symlink to addon folder: ' . $addonDir);
-								json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-							}
-						}
-					}
-					$repoDir = 'store/[data]/git/sys/extend/addon/' . $repoName;
-					if (!is_dir($repoDir)) {
-						logger('Repo directory does not exist: ' . $repoDir);
-						json_return_and_die(array('message' => 'Invalid addon repo.', 'success' => false));
-					}
-					if (!is_writable($repoDir)) {
-						logger('Repo directory not writable to web server: ' . $repoDir);
-						json_return_and_die(array('message' => 'Repo directory not writable to web server.', 'success' => false));
-					}
-					/// @TODO remove directory and unlink /addon/files
-					if (rrmdir($repoDir)) {
-						json_return_and_die(array('message' => 'Repo deleted.', 'success' => true));
-					} else {
-						json_return_and_die(array('message' => 'Error deleting addon repo.', 'success' => false));
-					}
-				case 'installrepo':
-					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');			// Load PHPGit dependencies
-						$repoURL = $_REQUEST['repoURL'];
-						$extendDir = 'store/[data]/git/sys/extend';
-						$addonDir = $extendDir . '/addon';
-						if (!file_exists($extendDir)) {
-							if (!mkdir($extendDir, 0770, true)) {
-								logger('Error creating extend folder: ' . $extendDir);
-								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-							} else {
-								if (!symlink(realpath('extend/addon'), $addonDir)) {
-									logger('Error creating symlink to addon folder: ' . $addonDir);
-									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-								}
-							}
-						}
-						if (!is_writable($extendDir)) {
-							logger('Directory not writable to web server: ' . $extendDir);
-							json_return_and_die(array('message' => 'Directory not writable to web server.', 'success' => false));
-						}
-						$repoName = null;
-						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
-							$repoName = $_REQUEST['repoName'];
-						} else {
-							$repoName = GitRepo::getRepoNameFromURL($repoURL);
-						}
-						if (!$repoName) {
-							logger('Invalid git repo');
-							json_return_and_die(array('message' => 'Invalid git repo', 'success' => false));
-						}
-						$repoDir = $addonDir . '/' . $repoName;
-						$tempRepoBaseDir = 'store/[data]/git/sys/temp/';
-						$tempAddonDir = $tempRepoBaseDir . $repoName;
-
-						if (!is_writable($addonDir) || !is_writable($tempAddonDir)) {
-							logger('Temp repo directory or /extend/addon not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => 'Temp repo directory not writable to web server.', 'success' => false));
-						}
-						rename($tempAddonDir, $repoDir);
-
-						if (!is_writable(realpath('addon/'))) {
-							logger('/addon directory not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => '/addon directory not writable to web server.', 'success' => false));
-						}
-						$files = array_diff(scandir($repoDir), array('.', '..'));
-						foreach ($files as $file) {
-							if (is_dir($repoDir . '/' . $file) && $file !== '.git') {
-								$source = '../extend/addon/' . $repoName . '/' . $file;
-								$target = realpath('addon/') . '/' . $file;
-								unlink($target);
-								if (!symlink($source, $target)) {
-									logger('Error linking addons to /addon');
-									json_return_and_die(array('message' => 'Error linking addons to /addon', 'success' => false));
-								}
-							}
-						}
-						$git = new GitRepo('sys', $repoURL, false, $repoName, $repoDir);
-						$repo = $git->probeRepo();
-						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
-					}
-				case 'addrepo':
-					if (array_key_exists('repoURL', $_REQUEST)) {
-						require_once('library/PHPGit.autoload.php');	 // Load PHPGit dependencies
-						$repoURL = $_REQUEST['repoURL'];
-						$extendDir = 'store/[data]/git/sys/extend';
-						$addonDir = $extendDir . '/addon';
-						$tempAddonDir = realpath('store/[data]') . '/git/sys/temp';
-						if (!file_exists($extendDir)) {
-							if (!mkdir($extendDir, 0770, true)) {
-								logger('Error creating extend folder: ' . $extendDir);
-								json_return_and_die(array('message' => 'Error creating extend folder: ' . $extendDir, 'success' => false));
-							} else {
-								if (!symlink(realpath('extend/addon'), $addonDir)) {
-									logger('Error creating symlink to addon folder: ' . $addonDir);
-									json_return_and_die(array('message' => 'Error creating symlink to addon folder: ' . $addonDir, 'success' => false));
-								}
-							}
-						}
-						if (!is_dir($tempAddonDir)) {
-							if (!mkdir($tempAddonDir, 0770, true)) {
-								logger('Error creating temp plugin repo folder: ' . $tempAddonDir);
-								json_return_and_die(array('message' => 'Error creating temp plugin repo folder: ' . $tempAddonDir, 'success' => false));
-							}
-						}
-						$repoName = null;
-						if (array_key_exists('repoName', $_REQUEST) && $_REQUEST['repoName'] !== '') {
-							$repoName = $_REQUEST['repoName'];
-						} else {
-							$repoName = GitRepo::getRepoNameFromURL($repoURL);
-						}
-						if (!$repoName) {
-							logger('Invalid git repo');
-							json_return_and_die(array('message' => 'Invalid git repo: ' . $repoName, 'success' => false));
-						}
-						$repoDir = $tempAddonDir . '/' . $repoName;
-						if (!is_writable($tempAddonDir)) {
-							logger('Temporary directory for new addon repo is not writable to web server: ' . $tempAddonDir);
-							json_return_and_die(array('message' => 'Temporary directory for new addon repo is not writable to web server.', 'success' => false));
-						}
-						// clone the repo if new automatically
-						$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
-
-						$remotes = $git->git->remote();
-						$fetchURL = $remotes['origin']['fetch'];
-						if ($fetchURL !== $git->url) {
-							if (rrmdir($repoDir)) {
-								$git = new GitRepo('sys', $repoURL, true, $repoName, $repoDir);
-							} else {
-								json_return_and_die(array('message' => 'Error deleting existing addon repo.', 'success' => false));
-							}
-						}
-						$repo = $git->probeRepo();
-						$repo['readme'] = $repo['manifest'] = null;
-						foreach ($git->git->tree('master') as $object) {
-							if ($object['type'] == 'blob' && (strtolower($object['file']) === 'readme.md' || strtolower($object['file']) === 'readme')) {
-								$repo['readme'] = MarkdownExtra::defaultTransform($git->git->cat->blob($object['hash']));
-							} else if ($object['type'] == 'blob' && strtolower($object['file']) === 'manifest.json') {
-								$repo['manifest'] = $git->git->cat->blob($object['hash']);
-							}
-						}
-						json_return_and_die(array('repo' => $repo, 'message' => '', 'success' => true));
-					} else {
-						json_return_and_die(array('message' => 'No repo URL provided', 'success' => false));
-					}
-					break;
-				default:
-					break;
-			}
-		}
-	}
-
-	/**
-	 * @brief Plugins admin page.
-	 *
-	 * @return string with parsed HTML
-	 */
-	function get() {
-
-		/*
-		 * Single plugin
-		 */
-
-		if (\App::$argc == 3){
-			$plugin = \App::$argv[2];
-			if (!is_file("addon/$plugin/$plugin.php")){
-				notice( t("Item not found.") );
-				return '';
-			}
-
-			$enabled = in_array($plugin,\App::$plugins);
-			$info = get_plugin_info($plugin);
-			$x = check_plugin_versions($info);
-
-			// disable plugins which are installed but incompatible versions
-
-			if($enabled && ! $x) {
-				$enabled = false;
-				$idz = array_search($plugin, \App::$plugins);
-				if ($idz !== false) {
-					unset(\App::$plugins[$idz]);
-					uninstall_plugin($plugin);
-					set_config("system","addon", implode(", ",\App::$plugins));
-				}
-			}
-			$info['disabled'] = 1-intval($x);
-
-			if (x($_GET,"a") && $_GET['a']=="t"){
-				check_form_security_token_redirectOnErr('/admin/plugins', 'admin_plugins', 't');
-				$pinstalled = false;
-				// Toggle plugin status
-				$idx = array_search($plugin, \App::$plugins);
-				if ($idx !== false){
-					unset(\App::$plugins[$idx]);
-					uninstall_plugin($plugin);
-					$pinstalled = false;
-					info( sprintf( t("Plugin %s disabled."), $plugin ) );
-				} else {
-					\App::$plugins[] = $plugin;
-					install_plugin($plugin);
-					$pinstalled = true;
-					info( sprintf( t("Plugin %s enabled."), $plugin ) );
-				}
-				set_config("system","addon", implode(", ",\App::$plugins));
-
-				if($pinstalled) {
-					@require_once("addon/$plugin/$plugin.php");
-					if(function_exists($plugin.'_plugin_admin'))
-						goaway(z_root() . '/admin/plugins/' . $plugin);
-				}
-				goaway(z_root() . '/admin/plugins' );
-			}
-
-			// display plugin details
-
-			if (in_array($plugin, \App::$plugins)){
-				$status = 'on';
-				$action = t('Disable');
-			} else {
-				$status = 'off';
-				$action =  t('Enable');
-			}
-
-			$readme = null;
-			if (is_file("addon/$plugin/README.md")){
-				$readme = file_get_contents("addon/$plugin/README.md");
-				$readme = MarkdownExtra::defaultTransform($readme);
-			} else if (is_file("addon/$plugin/README")){
-				$readme = "<pre>". file_get_contents("addon/$plugin/README") ."</pre>";
-			}
-
-			$admin_form = '';
-
-			$r = q("select * from addon where plugin_admin = 1 and aname = '%s' limit 1",
-				dbesc($plugin)
-			);
-
-			if($r) {
-				@require_once("addon/$plugin/$plugin.php");
-				if(function_exists($plugin.'_plugin_admin')) {
-					$func = $plugin.'_plugin_admin';
-					$func($a, $admin_form);
-				}
-			}
-
-
-			$t = get_markup_template('admin_plugins_details.tpl');
-			return replace_macros($t, array(
-				'$title' => t('Administration'),
-				'$page' => t('Plugins'),
-				'$toggle' => t('Toggle'),
-				'$settings' => t('Settings'),
-				'$baseurl' => z_root(),
-
-				'$plugin' => $plugin,
-				'$status' => $status,
-				'$action' => $action,
-				'$info' => $info,
-				'$str_author' => t('Author: '),
-				'$str_maintainer' => t('Maintainer: '),
-				'$str_minversion' => t('Minimum project version: '),
-				'$str_maxversion' => t('Maximum project version: '),
-				'$str_minphpversion' => t('Minimum PHP version: '),
-				'$str_serverroles' => t('Compatible Server Roles: '),
-				'$str_requires' => t('Requires: '),
-				'$disabled' => t('Disabled - version incompatibility'),
-
-				'$admin_form' => $admin_form,
-				'$function' => 'plugins',
-				'$screenshot' => '',
-				'$readme' => $readme,
-
-				'$form_security_token' => get_form_security_token('admin_plugins'),
-			));
-		}
-
-
-		/*
-		 * List plugins
-		 */
-		$plugins = array();
-		$files = glob('addon/*/');
-		if($files) {
-			foreach($files as $file) {
-				if (is_dir($file)){
-					list($tmp, $id) = array_map('trim', explode('/', $file));
-					$info = get_plugin_info($id);
-					$enabled = in_array($id,\App::$plugins);
-					$x = check_plugin_versions($info);
-
-					// disable plugins which are installed but incompatible versions
-
-					if($enabled && ! $x) {
-						$enabled = false;
-						$idz = array_search($id, \App::$plugins);
-						if ($idz !== false) {
-							unset(\App::$plugins[$idz]);
-							uninstall_plugin($id);
-							set_config("system","addon", implode(", ",\App::$plugins));
-						}
-					}
-					$info['disabled'] = 1-intval($x);
-
-					$plugins[] = array( $id, (($enabled)?"on":"off") , $info);
-				}
-			}
-		}
-
-		usort($plugins,'self::plugin_sort');
-
-		$allowManageRepos = false;
-		if(is_writable('extend/addon') && is_writable('store/[data]')) {
-			$allowManageRepos = true;
-		}
-
-		$admin_plugins_add_repo_form= replace_macros(
-			get_markup_template('admin_plugins_addrepo.tpl'), array(
-				'$post' => 'admin/plugins/addrepo',
-				'$desc' => t('Enter the public git repository URL of the plugin repo.'),
-				'$repoURL' => array('repoURL', t('Plugin repo git URL'), '', ''),
-				'$repoName' => array('repoName', t('Custom repo name'), '', '', t('(optional)')),
-				'$submit' => t('Download Plugin Repo')
-			)
-		);
-		$newRepoModalID = random_string(3);
-		$newRepoModal = replace_macros(
-			get_markup_template('generic_modal.tpl'), array(
-				'$id' => $newRepoModalID,
-				'$title' => t('Install new repo'),
-				'$ok' => t('Install'),
-				'$cancel' => t('Cancel')
-			)
-		);
-
-		$reponames = $this->listAddonRepos();
-		$addonrepos = [];
-		foreach($reponames as $repo) {
-			$addonrepos[] = array('name' => $repo, 'description' => '');
-			/// @TODO Parse repo info to provide more information about repos
-		}
-
-		$t = get_markup_template('admin_plugins.tpl');
-		return replace_macros($t, array(
-			'$title' => t('Administration'),
-			'$page' => t('Plugins'),
-			'$submit' => t('Submit'),
-			'$baseurl' => z_root(),
-			'$function' => 'plugins',
-			'$plugins' => $plugins,
-			'$disabled' => t('Disabled - version incompatibility'),
-			'$form_security_token' => get_form_security_token('admin_plugins'),
-			'$allowManageRepos' => $allowManageRepos,
-			'$managerepos' => t('Manage Repos'),
-			'$installedtitle' => t('Installed Plugin Repositories'),
-			'$addnewrepotitle' =>	t('Install a New Plugin Repository'),
-			'$expandform' => false,
-			'$form' => $admin_plugins_add_repo_form,
-			'$newRepoModal' => $newRepoModal,
-			'$newRepoModalID' => $newRepoModalID,
-			'$addonrepos' => $addonrepos,
-			'$repoUpdateButton' => t('Update'),
-			'$repoBranchButton' => t('Switch branch'),
-			'$repoRemoveButton' => t('Remove')
-		));
-	}
-
-	function listAddonRepos() {
-		$addonrepos = [];
-		$addonDir = 'extend/addon/';
-		if(is_dir($addonDir)) {
-			if ($handle = opendir($addonDir)) {
-				while (false !== ($entry = readdir($handle))) {
-					if ($entry != "." && $entry != "..") {
-						$addonrepos[] = $entry;
-					}
-				}
-				closedir($handle);
-			}
-		}
-		return $addonrepos;
-	}
-
-	static public function plugin_sort($a,$b) {
-		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
-	}
-
-}

Zotlabs/Module/Admin/Profs.php

@@ -9,17 +9,37 @@ class Profs {
 	
 		if(array_key_exists('basic',$_REQUEST)) {
 			$arr = explode(',',$_REQUEST['basic']);
-			for($x = 0; $x < count($arr); $x ++) 
-				if(trim($arr[$x]))
-					$arr[$x] = trim($arr[$x]);
-			set_config('system','profile_fields_basic',$arr);
-	
+			array_walk($arr,'array_trim');
+			$narr = [];
+			if(count($arr)) {
+				foreach($arr as $a) {
+					if(strlen($a)) {
+						$narr[] = $a;
+					}
+				}
+			}
+			if(! $narr)
+				del_config('system','profile_fields_basic');
+			else
+				set_config('system','profile_fields_basic',$narr);
+
+
 			if(array_key_exists('advanced',$_REQUEST)) {
 				$arr = explode(',',$_REQUEST['advanced']);
-				for($x = 0; $x < count($arr); $x ++)
-					if(trim($arr[$x]))
-						$arr[$x] = trim($arr[$x]);
-				set_config('system','profile_fields_advanced',$arr);
+				array_walk($arr,'array_trim');
+				$narr = [];
+				if(count($arr)) {
+					foreach($arr as $a) {
+						if(strlen($a)) {
+							$narr[] = $a;
+						}
+					}
+				}
+				if(! $narr)
+					del_config('system','profile_fields_advanced');
+				else
+					set_config('system','profile_fields_advanced',$narr);
+
 			}
 			goaway(z_root() . '/admin/profs');
 		}
@@ -98,6 +118,7 @@ class Profs {
 		$basic = '';
 		$barr = array();
 		$fields = get_profile_fields_basic();
+
 		if(! $fields)
 			$fields = get_profile_fields_basic(1);
 		if($fields) {

Zotlabs/Module/Admin/Security.php

@@ -16,7 +16,13 @@ class Security {
 
 		$block_public         = ((x($_POST,'block_public'))		? True	: False);
 		set_config('system','block_public',$block_public);
-	
+
+		$cloud_noroot         = ((x($_POST,'cloud_noroot'))		? 1	: 0);
+		set_config('system','cloud_disable_siteroot',1 - $cloud_noroot);
+
+		$cloud_disksize       = ((x($_POST,'cloud_disksize'))	? 1	: 0);
+		set_config('system','cloud_report_disksize',$cloud_disksize);
+
 		$ws = $this->trim_array_elems(explode("\n",$_POST['whitelisted_sites']));
 		set_config('system','whitelisted_sites',$ws);
 	
@@ -52,24 +58,24 @@ class Security {
 	function get() {
 	
 		$whitesites = get_config('system','whitelisted_sites');
-		$whitesites_str = ((is_array($whitesites)) ? implode($whitesites,"\n") : '');
+		$whitesites_str = ((is_array($whitesites)) ? implode("\n",$whitesites) : '');
 	
 		$blacksites = get_config('system','blacklisted_sites');
-		$blacksites_str = ((is_array($blacksites)) ? implode($blacksites,"\n") : '');
+		$blacksites_str = ((is_array($blacksites)) ? implode("\n",$blacksites) : '');
 	
 	
 		$whitechannels = get_config('system','whitelisted_channels');
-		$whitechannels_str = ((is_array($whitechannels)) ? implode($whitechannels,"\n") : '');
+		$whitechannels_str = ((is_array($whitechannels)) ? implode("\n",$whitechannels) : '');
 	
 		$blackchannels = get_config('system','blacklisted_channels');
-		$blackchannels_str = ((is_array($blackchannels)) ? implode($blackchannels,"\n") : '');
+		$blackchannels_str = ((is_array($blackchannels)) ? implode("\n",$blackchannels) : '');
 	
 	
 		$whiteembeds = get_config('system','embed_allow');
-		$whiteembeds_str = ((is_array($whiteembeds)) ? implode($whiteembeds,"\n") : '');
+		$whiteembeds_str = ((is_array($whiteembeds)) ? implode("\n",$whiteembeds) : '');
 	
 		$blackembeds = get_config('system','embed_deny');
-		$blackembeds_str = ((is_array($blackembeds)) ? implode($blackembeds,"\n") : '');
+		$blackembeds_str = ((is_array($blackembeds)) ? implode("\n",$blackembeds) : '');
 	
 		$embed_coop = intval(get_config('system','embed_coop'));
 	
@@ -87,6 +93,8 @@ class Security {
 			'$page' => t('Security'),
 			'$form_security_token' => get_form_security_token('admin_security'),
 	        '$block_public'     => array('block_public', t("Block public"), get_config('system','block_public'), t("Check to block public access to all otherwise public personal pages on this site unless you are currently authenticated.")),
+			'$cloud_noroot'     => [ 'cloud_noroot', t('Provide a cloud root directory'), 1 - intval(get_config('system','cloud_disable_siteroot')), t('The cloud root directory lists all channel names which provide public files') ], 
+			'$cloud_disksize'     => [ 'cloud_disksize', t('Show total disk space available to cloud uploads'), intval(get_config('system','cloud_report_disksize')), '' ],
 			'$transport_security' => array('transport_security', t('Set "Transport Security" HTTP header'),intval(get_config('system','transport_security_header')),''),
 			'$content_security' => array('content_security', t('Set "Content Security Policy" HTTP header'),intval(get_config('system','content_security_policy')),''),
 			'$allowed_email'	=> array('allowed_email', t("Allowed email domains"), get_config('system','allowed_email'), t("Comma separated list of domains which are allowed in email addresses for registrations to this site. Wildcards are accepted. Empty to allow any domains")),

Zotlabs/Module/Admin/Site.php

@@ -24,28 +24,39 @@ class Site {
 		$siteinfo			=	((x($_POST,'siteinfo'))		    ? trim($_POST['siteinfo'])				: '');
 		$language			=	((x($_POST,'language'))			? notags(trim($_POST['language']))			: '');
 		$theme				=	((x($_POST,'theme'))			? notags(trim($_POST['theme']))				: '');
-		$theme_mobile			=	((x($_POST,'theme_mobile'))		? notags(trim($_POST['theme_mobile']))			: '');
+//		$theme_mobile			=	((x($_POST,'theme_mobile'))		? notags(trim($_POST['theme_mobile']))			: '');
 //		$site_channel			=	((x($_POST,'site_channel'))	? notags(trim($_POST['site_channel']))				: '');
 		$maximagesize		=	((x($_POST,'maximagesize'))		? intval(trim($_POST['maximagesize']))				:  0);
 
 		$register_policy	=	((x($_POST,'register_policy'))	? intval(trim($_POST['register_policy']))	:  0);
-
+		$minimum_age           = ((x($_POST,'minimum_age'))          ? intval(trim($_POST['minimum_age']))    : 13);
 		$access_policy	=	((x($_POST,'access_policy'))	? intval(trim($_POST['access_policy']))	:  0);
 		$invite_only	= ((x($_POST,'invite_only'))		? True	: False);
 		$abandon_days	=	((x($_POST,'abandon_days'))	    ? intval(trim($_POST['abandon_days']))	    :  0);
 
 		$register_text		=	((x($_POST,'register_text'))	? notags(trim($_POST['register_text']))		: '');
+		$site_sellpage		=	((x($_POST,'site_sellpage'))	? notags(trim($_POST['site_sellpage']))		: '');
+		$site_location		=	((x($_POST,'site_location'))	? notags(trim($_POST['site_location']))		: '');
 		$frontpage			=	((x($_POST,'frontpage'))	? notags(trim($_POST['frontpage']))		: '');
+		$firstpage		    =	((x($_POST,'firstpage'))	? notags(trim($_POST['firstpage']))		: 'profiles');
+		$first_page		    =	((x($_POST,'first_page'))	? notags(trim($_POST['first_page']))		: 'profiles');
+		// check value after trim
+		if(! $first_page) {
+			$first_page = 'profiles';
+		}
 		$mirror_frontpage	=	((x($_POST,'mirror_frontpage'))	? intval(trim($_POST['mirror_frontpage']))		: 0);
 		$directory_server	=	((x($_POST,'directory_server')) ? trim($_POST['directory_server']) : '');
 		$allowed_sites		=	((x($_POST,'allowed_sites'))	? notags(trim($_POST['allowed_sites']))		: '');
 		$force_publish		=	((x($_POST,'publish_all'))		? True	: False);
 		$disable_discover_tab =	((x($_POST,'disable_discover_tab'))		? False	:	True);
+		$site_firehose      =   ((x($_POST,'site_firehose')) ? True : False);
+		$open_pubstream     =   ((x($_POST,'open_pubstream')) ? True : False);
 		$login_on_homepage	=	((x($_POST,'login_on_homepage'))		? True	:	False);
 		$enable_context_help = ((x($_POST,'enable_context_help'))		? True	:	False);
 		$global_directory     = ((x($_POST,'directory_submit_url'))	? notags(trim($_POST['directory_submit_url']))	: '');
 		$no_community_page    = !((x($_POST,'no_community_page'))	? True	:	False);
 		$default_expire_days  = ((array_key_exists('default_expire_days',$_POST)) ? intval($_POST['default_expire_days']) : 0);
+		$active_expire_days  = ((array_key_exists('active_expire_days',$_POST)) ? intval($_POST['active_expire_days']) : 7);
 
 		$reply_address      = ((array_key_exists('reply_address',$_POST) && trim($_POST['reply_address'])) ? trim($_POST['reply_address']) : 'noreply@' . \App::get_hostname());
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
@@ -61,14 +72,13 @@ class Site {
 		$maxloadavg        = ((x($_POST,'maxloadavg'))       ? intval(trim($_POST['maxloadavg'])) : 50);
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
-		$techlevel_lock    = ((x($_POST,'techlock'))         ? intval($_POST['techlock'])   : 0);
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
 		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
-		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 300);
+		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
+		$pub_incl = escape_tags(trim($_POST['pub_incl']));
+		$pub_excl = escape_tags(trim($_POST['pub_excl']));
 
-		$techlevel         = null;
-		if(array_key_exists('techlevel', $_POST))
-			$techlevel = intval($_POST['techlevel']);
+		$permissions_role = escape_tags(trim($_POST['permissions_role']));
 
 		set_config('system', 'feed_contacts', $feed_contacts);
 		set_config('system', 'delivery_interval', $delivery_interval);
@@ -76,24 +86,25 @@ class Site {
 		set_config('system', 'poll_interval', $poll_interval);
 		set_config('system', 'maxloadavg', $maxloadavg);
 		set_config('system', 'frontpage', $frontpage);
+		set_config('system', 'sellpage', $site_sellpage);
+		set_config('system', 'workflow_channel_next', $first_page);
+		set_config('system', 'site_location', $site_location);
 		set_config('system', 'mirror_frontpage', $mirror_frontpage);
 		set_config('system', 'sitename', $sitename);
 		set_config('system', 'login_on_homepage', $login_on_homepage);
 		set_config('system', 'enable_context_help', $enable_context_help);
 		set_config('system', 'verify_email', $verify_email);
 		set_config('system', 'default_expire_days', $default_expire_days);
+		set_config('system', 'active_expire_days', $active_expire_days);
 		set_config('system', 'reply_address', $reply_address);
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
 		set_config('system', 'imagick_convert_path' , $imagick_path);
 		set_config('system', 'thumbnail_security' , $thumbnail_security);
+		set_config('system', 'default_permissions_role', $permissions_role);
+		set_config('system', 'pubstream_incl',$pub_incl);
+		set_config('system', 'pubstream_excl',$pub_excl);
 
-		set_config('system', 'techlevel_lock', $techlevel_lock);
-
-
-
-		if(! is_null($techlevel))
-			set_config('system', 'techlevel', $techlevel);
 
 		if($directory_server)
 			set_config('system','directory_server',$directory_server);
@@ -114,15 +125,16 @@ class Site {
 		set_config('system','siteinfo',$siteinfo);
 		set_config('system', 'language', $language);
 		set_config('system', 'theme', $theme);
-		if ( $theme_mobile === '---' ) {
-			del_config('system', 'mobile_theme');
-		} else {
-			set_config('system', 'mobile_theme', $theme_mobile);
-		}
+//		if ( $theme_mobile === '---' ) {
+//			del_config('system', 'mobile_theme');
+//		} else {
+//			set_config('system', 'mobile_theme', $theme_mobile);
+//		}
 	//	set_config('system','site_channel', $site_channel);
 		set_config('system','maximagesize', $maximagesize);
 
 		set_config('system','register_policy', $register_policy);
+		set_config('system','minimum_age', $minimum_age);
 		set_config('system','invitation_only', $invite_only);
 		set_config('system','access_policy', $access_policy);
 		set_config('system','account_abandon_days', $abandon_days);
@@ -130,6 +142,8 @@ class Site {
 		set_config('system','allowed_sites', $allowed_sites);
 		set_config('system','publish_all', $force_publish);
 		set_config('system','disable_discover_tab', $disable_discover_tab);
+		set_config('system','site_firehose', $site_firehose);
+		set_config('system','open_pubstream', $open_pubstream);
 		set_config('system','force_queue_threshold', $force_queue);
 		if ($global_directory == '') {
 			del_config('system', 'directory_submit_url');
@@ -209,9 +223,10 @@ class Site {
 		$realm = get_directory_realm();
 
 		// directory server should not be set or settable unless we are a directory client
+		// avoid older redmatrix servers which don't have modern encryption
 
 		if($dirmode == DIRECTORY_MODE_NORMAL) {
-			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0",
+			$x = q("select site_url from site where site_flags in (%d,%d) and site_realm = '%s' and site_dead = 0 and site_project != 'redmatrix'",
 				intval(DIRECTORY_MODE_SECONDARY),
 				intval(DIRECTORY_MODE_PRIMARY),
 				dbesc($realm)
@@ -258,14 +273,11 @@ class Site {
 		// now invert the logic for the setting.
 		$discover_tab = (1 - $discover_tab);
 
-		$techlevels = [
-			'0' => t('Beginner/Basic'),
-			'1' => t('Novice - not skilled but willing to learn'),
-			'2' => t('Intermediate - somewhat comfortable'),
-			'3' => t('Advanced - very comfortable'),
-			'4' => t('Expert - I can write computer code'),
-			'5' => t('Wizard - I probably know more than you do')
-		];
+		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
+		$default_role = get_config('system','default_permissions_role','social');
+
+		$role = array('permissions_role' , t('Default permission role for new accounts'), $default_role, t('This role will be used for the first channel created after registration.'),$perm_roles);
+
 
 		$homelogin = get_config('system','login_on_homepage');
 		$enable_context_help = get_config('system','enable_context_help');
@@ -284,30 +296,34 @@ class Site {
 			// name, label, value, help string, extra data...
 			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
 
-			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],
-
-			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
-
-			'$banner'			=> array('banner', t("Banner/Logo"), $banner, ""),
+			'$banner'			=> array('banner', t("Banner/Logo"), $banner, t('Unfiltered HTML/CSS/JS is allowed')),
 			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$language' 		=> array('language', t("System language"), get_config('system','language'), "", $lang_choices),
 			'$theme' 			=> array('theme', t("System theme"), get_config('system','theme'), t("Default system theme - may be over-ridden by user profiles - <a href='#' id='cnftheme'>change theme settings</a>"), $theme_choices),
-			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
+//			'$theme_mobile' 	=> array('theme_mobile', t("Mobile system theme"), get_config('system','mobile_theme'), t("Theme for mobile devices"), $theme_choices_mobile),
 //			'$site_channel' 	=> array('site_channel', t("Channel to use for this website's static pages"), get_config('system','site_channel'), t("Site Channel")),
 			'$feed_contacts'    => array('feed_contacts', t('Allow Feeds as Connections'),get_config('system','feed_contacts'),t('(Heavy system resource usage)')),
 			'$maximagesize'		=> array('maximagesize', t("Maximum image size"), intval(get_config('system','maximagesize')), t("Maximum size in bytes of uploaded images. Default is 0, which means no limits.")),
 			'$register_policy'	=> array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices),
 			'$invite_only'		=> array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")),
-			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices),
+			'$minimum_age'		=> array('minimum_age', t("Minimum age"), (x(get_config('system','minimum_age'))?get_config('system','minimum_age'):13), t("Minimum age (in years) for who may register on this site.")),
+			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), t("This is displayed on the public server site list."), $access_choices),
 			'$register_text'	=> array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
-			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
+			'$role'         => $role,
+			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'pubstream' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
 			'$mirror_frontpage'	=> array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')),
 			'$abandon_days'     => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
 			'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),
 			'$verify_email'		=> array('verify_email', t("Verify Email Addresses"), get_config('system','verify_email'), t("Check to verify email addresses used in account registration (recommended).")),
 			'$force_publish'	=> array('publish_all', t("Force publish"), get_config('system','publish_all'), t("Check to force all profiles on this site to be listed in the site directory.")),
 			'$disable_discover_tab'	=> array('disable_discover_tab', t('Import Public Streams'), $discover_tab, t('Import and allow access to public content pulled from other sites. Warning: this content is unmoderated.')),
+			'$site_firehose'	=> array('site_firehose', t('Site only Public Streams'), get_config('system','site_firehose'), t('Allow access to public content originating only from this site if Imported Public Streams are disabled.')),
+			'$open_pubstream'	=> array('open_pubstream', t('Allow anybody on the internet to access the Public streams'), get_config('system','open_pubstream',1), t('Disable to require authentication before viewing. Warning: this content is unmoderated.')),
+			'$incl'           => array('pub_incl',t('Only import Public stream posts with this text'), get_config('system','pubstream_incl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
+			'$excl'           => array('pub_excl',t('Do not import Public stream posts with this text'), get_config('system','pubstream_excl'),t('words one per line or #tags or /patterns/ or lang=xx, leave blank to import all posts')),
+
+
 			'$login_on_homepage'	=> array('login_on_homepage', t("Login on Homepage"),((intval($homelogin) || $homelogin === false) ? 1 : '') , t("Present a login box to visitors on the home page if no other content has been configured.")),
 			'$enable_context_help'	=> array('enable_context_help', t("Enable context help"),((intval($enable_context_help) === 1 || $enable_context_help === false) ? 1 : 0) , t("Display contextual help for the current page when the help button is pressed.")),
 
@@ -322,12 +338,20 @@ class Site {
 			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
 			'$delivery_interval'			=> array('delivery_interval', t("Delivery interval"), (x(get_config('system','delivery_interval'))?get_config('system','delivery_interval'):2), t("Delay background delivery processes by this many seconds to reduce system load. Recommend: 4-5 for shared hosts, 2-3 for virtual private servers. 0-1 for large dedicated servers.")),
 			'$delivery_batch_count' => array('delivery_batch_count', t('Deliveries per process'),(x(get_config('system','delivery_batch_count'))?get_config('system','delivery_batch_count'):1), t("Number of deliveries to attempt in a single operating system process. Adjust if necessary to tune system performance. Recommend: 1-5.")),
-			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',300), t("Always defer immediate delivery if queue contains more than this number of entries.")),
+			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',3000), t("Always defer immediate delivery if queue contains more than this number of entries.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
 			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
 			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
+			'$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''),
+
+			'$sellpage' => array('site_sellpage', t('Public servers: Optional landing (marketing) webpage for new registrants'), get_config('system','sellpage',''), sprintf( t('Create this page first. Default is %s/register'),z_root())),
+			'$first_page' => array('first_page', t('Page to display after creating a new channel'), get_config('system','workflow_channel_next','profiles'), t('Default: profiles')),
+
+			'$location' => array('site_location', t('Optional: site location'), get_config('system','site_location',''), t('Region or country')),
+
+
 			'$form_security_token' => get_form_security_token("admin_site"),
 		));
 	}

Zotlabs/Module/Api.php

@@ -39,10 +39,12 @@ class Api extends \Zotlabs\Web\Controller {
 					
 			// get consumer/client from request token
 			try {
-				$request = OAuth1Request::from_request();
+				$request = \OAuth1Request::from_request();
 			}
 			catch(\Exception $e) {
-				echo "<pre>"; var_dump($e); killme();
+				logger('OAuth exception: ' . print_r($e,true));
+				// echo "<pre>"; var_dump($e); 
+				killme();
 			}
 			
 			
@@ -52,7 +54,7 @@ class Api extends \Zotlabs\Web\Controller {
 				if (is_null($app)) 
 					return "Invalid request. Unknown token.";
 
-				$consumer = new OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
+				$consumer = new \OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);
 	
 				$verifier = md5($app['secret'] . local_channel());
 				set_config('oauth', $verifier, local_channel());
@@ -63,7 +65,7 @@ class Api extends \Zotlabs\Web\Controller {
 					$glue = '?';
 					if(strstr($consumer->callback_url,$glue))
 						$glue = '?';
-					goaway($consumer->callback_url . $glue . "oauth_token=" . OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuth1Util::urlencode_rfc3986($verifier));
+					goaway($consumer->callback_url . $glue . "oauth_token=" . \OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . \OAuth1Util::urlencode_rfc3986($verifier));
 					killme();
 				}
 							

Zotlabs/Module/Appman.php

@@ -25,6 +25,7 @@ class Appman extends \Zotlabs\Web\Controller {
 				'photo' => escape_tags($_REQUEST['photo']),
 				'version' => escape_tags($_REQUEST['version']),
 				'price' => escape_tags($_REQUEST['price']),
+				'page' => escape_tags($_REQUEST['page']),
 				'requires' => escape_tags($_REQUEST['requires']),
 				'system' => intval($_REQUEST['system']),
 				'plugin' => escape_tags($_REQUEST['plugin']),
@@ -112,10 +113,12 @@ class Appman extends \Zotlabs\Web\Controller {
 			if($r) {
 				$app = $r[0];
 
-				$term = q("select * from term where otype = %d and oid = %d",
+				$term = q("select * from term where otype = %d and oid = %d and uid = %d",
 					intval(TERM_OBJ_APP),
-					intval($r[0]['id'])
+					intval($r[0]['id']),
+					intval(local_channel())
 				);
+
 				if($term) {
 					$app['categories'] = '';
 					foreach($term as $t) {

Zotlabs/Module/Apps.php

@@ -15,6 +15,8 @@ class Apps extends \Zotlabs\Web\Controller {
 		else
 			$mode = 'list';
 
+		$available = ((argc() == 2 && argv(1) === 'available') ? true : false);
+
 		$_SESSION['return_url'] = \App::$query_string;
 	
 		$apps = array();
@@ -23,7 +25,7 @@ class Apps extends \Zotlabs\Web\Controller {
 			Zlib\Apps::import_system_apps();
 			$syslist = array();
 			$cat = ((array_key_exists('cat',$_GET) && $_GET['cat']) ? [ escape_tags($_GET['cat']) ] : '');
-			$list = Zlib\Apps::app_list(local_channel(), (($mode == 'edit') ? true : false), $cat);
+			$list = Zlib\Apps::app_list((($available) ? 0 : local_channel()), (($mode == 'edit') ? true : false), $cat);
 			if($list) {
 				foreach($list as $x) {
 					$syslist[] = Zlib\Apps::app_encode($x);
@@ -39,17 +41,17 @@ class Apps extends \Zotlabs\Web\Controller {
 	//	logger('apps: ' . print_r($syslist,true));
 	
 		foreach($syslist as $app) {
-			$apps[] = Zlib\Apps::app_render($app,$mode);
+			$apps[] = Zlib\Apps::app_render($app,(($available) ? 'install' : $mode));
 		}
 
 		return replace_macros(get_markup_template('myapps.tpl'), array(
 			'$sitename' => get_config('system','sitename'),
 			'$cat' => $cat,
-			'$title' => t('Apps'),
+			'$title' => (($available) ? t('Available Apps') : t('Installed Apps')),
 			'$apps' => $apps,
 			'$authed' => ((local_channel()) ? true : false),
-			'$manage' => t('Manage apps'),
-			'$create' => (($mode == 'edit') ? t('Create new app') : '')
+			'$manage' => (($available) ? '' : t('Manage Apps')),
+			'$create' => (($mode == 'edit') ? t('Create Custom App') : '')
 		));
 	
 	}

Zotlabs/Module/Article_edit.php

@@ -122,12 +122,13 @@ class Article_edit extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Article_edit');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Article'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Articles.php

@@ -1,12 +1,17 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
 
-class Articles extends \Zotlabs\Web\Controller {
+class Articles extends Controller {
 
 	function init() {
 	
@@ -25,22 +30,27 @@ class Articles extends \Zotlabs\Web\Controller {
 			return login();
 		}
 
-		if(! \App::$profile) {
+		if(! App::$profile) {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 
-		if(! feature_enabled(\App::$profile_uid,'articles')) {
-			return;
+		if(! Apps::system_app_installed(App::$profile_uid, 'Articles')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Articles App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Create interactive articles');
+			return $o;
 		}
 
-		nav_set_selected(t('Cards'));
+		nav_set_selected('Articles');
 
 		head_add_link([ 
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
@@ -48,19 +58,21 @@ class Articles extends \Zotlabs\Web\Controller {
 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
 					
 		if($category) {
-			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 		}
 
+		$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
+		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
 
 		$which = argv(1);
 		
 		$selected_card = ((argc() > 2) ? argv(2) : '');
 
-		$_SESSION['return_url'] = \App::$query_string;
+		$_SESSION['return_url'] = App::$query_string;
 	
 		$uid      = local_channel();
-		$owner    = \App::$profile_uid;
-		$observer = \App::get_observer();
+		$owner    = App::$profile_uid;
+		$observer = App::get_observer();
 	
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 		
@@ -98,10 +110,11 @@ class Articles extends \Zotlabs\Web\Controller {
 				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
-					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
 				'visitor'           => true,
+				'body'              => '[summary][/summary]',
 				'hide_location'     => false,
 				'hide_voting'       => false,
 				'profile_uid'       => intval($owner),
@@ -119,28 +132,44 @@ class Articles extends \Zotlabs\Web\Controller {
 				$x['title'] = $_REQUEST['title'];
 			if($_REQUEST['body'])
 				$x['body'] = $_REQUEST['body'];
-			$editor = status_editor($a,$x);
+			$editor = status_editor($a,$x,false,'Articles');
 
 		}
 		else {
 			$editor = '';
 		}
 		
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+
 		
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
-				
+		if($datequery) {
+			$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery))));
+			$order = 'post';
+		}
+		if($datequery2) {
+			$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2))));
+		}
+
+		if($datequery || $datequery2) {
+			$sql_extra2 .= " and item.item_thread_top != 0 ";
+		}
+
 		$r = q("select * from item 
 			where item.uid = %d and item_type = %d 
-			$sql_extra order by item.created desc",
+			$sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_ARTICLE)
 		);
@@ -151,6 +180,8 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		if($r) {
 
+			$pager_total = count($r);
+
 			$parents_str = ids_to_querystr($r,'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
@@ -158,7 +189,7 @@ class Articles extends \Zotlabs\Web\Controller {
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra $sql_extra2 ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 			if($items) {
@@ -172,13 +203,18 @@ class Articles extends \Zotlabs\Web\Controller {
 
 		$mode = 'articles';
 			
-     	$content = conversation($items,$mode,false,'traditional');
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+            $page_mode = 'pager_list';
+        else
+            $page_mode = 'traditional';
+
+     	$content = conversation($items,$mode,false,$page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Articles'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a,count($items))
+			'$pager' => alt_pager($pager_total)
 		]);
 
         return $o;

Zotlabs/Module/Authorize.php

@@ -2,70 +2,105 @@
 
 namespace Zotlabs\Module;
 
+use Zotlabs\Identity\OAuth2Storage;
 
 class Authorize extends \Zotlabs\Web\Controller {
 
-
 	function get() {
+		if (! local_channel()) {
+			return login();
+		} 
+		else {
 
-
-			// workaround for HTTP-auth in CGI mode
-			if (x($_SERVER, 'REDIRECT_REMOTE_USER')) {
-				$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
+			$name = $_REQUEST['client_name'];
+			if(! $name) {
+				$name = (($_REQUEST['client_id']) ?: t('Unknown App'));
 			}
 
-			if (x($_SERVER, 'HTTP_AUTHORIZATION')) {
-				$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)) ;
-				if(strlen($userpass)) {
-					list($name, $password) = explode(':', $userpass);
-					$_SERVER['PHP_AUTH_USER'] = $name;
-					$_SERVER['PHP_AUTH_PW'] = $password;
-				}
-			}
+			$app = [
+				'name' => $name,
+				'icon' => (x($_REQUEST, 'logo_uri')    ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? $_REQUEST['client_uri'] : ''),
+			];
 
+			$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
 
-
-
-	require_once('include/oauth2.php');
-
-	$request = \OAuth2\Request::createFromGlobals();
-	$response = new \OAuth2\Response();
-
-	// validate the authorize request
-	if (! $oauth2_server->validateAuthorizeRequest($request, $response)) {
-	    $response->send();
-    	killme();
+			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
+				'$title'        => t('Authorize'),
+				'$authorize'    => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
+				'$app'          => $app,
+				'$yes'          => t('Allow'),
+				'$no'           => t('Deny'),
+				'$client_id'    => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
+				'$state'        => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+			]);
+			return $o;
+		}
 	}
 
-	// display an authorization form
-	if (empty($_POST)) {
+	function post() {
+		if (! local_channel()) {
+			return;
+		}
 
-	  return '
-<form method="post">
-  <label>Do You Authorize TestClient?</label><br />
-  <input type="submit" name="authorized" value="yes">
-  <input type="submit" name="authorized" value="no">
-</form>';
-	}
+		$storage = new OAuth2Storage(\DBA::$dba->db);
+		$s = new \Zotlabs\Identity\OAuth2Server($storage);
 
-	// print the authorization code if the user has authorized your client
-	$is_authorized = ($_POST['authorized'] === 'yes');
-	$oauth2_server->handleAuthorizeRequest($request, $response, $is_authorized);
-	if ($is_authorized) {
-		// this is only here so that you get to see your code in the cURL request. Otherwise, 
-		// we'd redirect back to the client
-		$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40);
-		echo("SUCCESS! Authorization Code: $code");
+		// TODO: The automatic client registration protocol below should adhere more
+		// closely to "OAuth 2.0 Dynamic Client Registration Protocol" defined
+		// at https://tools.ietf.org/html/rfc7591
 		
+		// If no client_id was provided, generate a new one.
+		if (x($_POST, 'client_id')) {
+			$client_id = $_POST['client_id'];
+		} else {
+			$client_id = $_POST['client_id'] = random_string(16);
+		}
+		// If no redirect_uri was provided, generate a fake one.
+		if (x($_POST, 'redirect_uri')) {
+			$redirect_uri = $_POST['redirect_uri'];
+		} else {
+			$redirect_uri = $_POST['redirect_uri'] = 'https://fake.example.com/oauth';
+		}
+
+		$request = \OAuth2\Request::createFromGlobals();
+		$response = new \OAuth2\Response();
+
+		// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
+		$channel = channelx_by_n(local_channel());
+		$user_id = $channel['channel_id'];
+
+		// If the client is not registered, add to the database
+		if (!$client = $storage->getClientDetails($client_id)) {
+			// Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+			$client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
+			// Client apps are registered per channel
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
+		}
+		if (!$client = $storage->getClientDetails($client_id)) {
+			// There was an error registering the client.
+			$response->send();
+			killme();
+		}
+		$response->setParameter('client_secret', $client['client_secret']);
+
+		// validate the authorize request
+		if (!$s->validateAuthorizeRequest($request, $response)) {
+			$response->send();
+			killme();
+		}
+
+		// print the authorization code if the user has authorized your client
+		$is_authorized = ($_POST['authorize'] === 'allow');
+		$s->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
+		if ($is_authorized) {
+			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
+			logger('Authorization Code: ' .  $code);
+		}
+
+		$response->send();
+		killme();
 	}
 
-	$response->send();
-	killme();
-	}
-
-}
+}

Zotlabs/Module/Blocks.php

@@ -109,7 +109,7 @@ class Blocks extends \Zotlabs\Web\Controller {
 		if($_REQUEST['pagetitle'])
 			$x['pagetitle'] = $_REQUEST['pagetitle'];
 	
-		$editor = status_editor($a,$x);
+		$editor = status_editor($a,$x,false,'Blocks');
 	
 
 		$r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig 

Zotlabs/Module/Bookmarks.php

@@ -1,6 +1,9 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+
 
 class Bookmarks extends \Zotlabs\Web\Controller {
 
@@ -8,7 +11,10 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		nav_set_selected('View Bookmarks');
+		if(! Apps::system_app_installed(local_channel(), 'Bookmarks'))
+			return;
+
+		nav_set_selected('Bookmarks');
 
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);
@@ -59,19 +65,26 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		killme();
 	}
 	
-		function get() {
+	function get() {
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		if(! Apps::system_app_installed(local_channel(), 'Bookmarks')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Bookmarks App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Bookmark links from posts and manage them');
+			return $o;
+		}
 	
 		require_once('include/menu.php');
 		require_once('include/conversation.php');
 	
 		$channel = \App::get_channel();
 	
-		//$o = profile_tabs($a,true,$channel['channel_address']);
 		$o = '';
 	
 		$o .= '<div class="generic-content-wrapper-styled">';

Zotlabs/Module/Cal.php

@@ -6,6 +6,7 @@ require_once('include/bbcode.php');
 require_once('include/datetime.php');
 require_once('include/event.php');
 require_once('include/items.php');
+require_once('include/html2plain.php');
 
 
 class Cal extends \Zotlabs\Web\Controller {
@@ -74,7 +75,7 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 		$sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event');
 	
-		$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+		$first_day = feature_enabled($channel['channel_id'], 'events_cal_first_day');
 		$first_day = (($first_day) ? $first_day : 0);
 	
 		$htpl = get_markup_template('event_head.tpl');
@@ -88,9 +89,6 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 		$o = '';
 	
-		//$tabs = profile_tabs($a, True, $channel['channel_address']);
-		$tabs = '';
-	
 		$mode = 'view';
 		$y = 0;
 		$m = 0;
@@ -296,6 +294,7 @@ class Cal extends \Zotlabs\Web\Controller {
 					}
 					$html = format_event_html($rr);
 					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false);
 					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
@@ -347,8 +346,7 @@ class Cal extends \Zotlabs\Web\Controller {
 				'$next'		=> t('Next'),
 				'$today'	=> t('Today'),
 				'$form'		=> $form,
-				'$expandform'	=> ((x($_GET,'expandform')) ? true : false),
-				'$tabs'		=> $tabs
+				'$expandform'	=> ((x($_GET,'expandform')) ? true : false)
 			));
 			
 			if (x($_GET,'id')){ echo $o; killme(); }

Zotlabs/Module/Card_edit.php

@@ -122,12 +122,13 @@ class Card_edit extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Card_edit');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Card'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Cards.php

@@ -1,93 +1,106 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
-
-class Cards extends \Zotlabs\Web\Controller {
+class Cards extends Controller {
 
 	function init() {
-	
+
 		if(argc() > 1)
 			$which = argv(1);
 		else
 			return;
-	
+
 		profile_load($which);
-	
+
 	}
-	
+
+	/**
+	 * {@inheritDoc}
+	 * @see \Zotlabs\Web\Controller::get()
+	 */
 	function get($update = 0, $load = false) {
-	
+
 		if(observer_prohibited(true)) {
 			return login();
 		}
 
-		if(! \App::$profile) {
+		if(! App::$profile) {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 
-		if(! feature_enabled(\App::$profile_uid,'cards')) {
-			return;
+		if(! Apps::system_app_installed(App::$profile_uid, 'Cards')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Cards App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Create personal planning cards');
+			return $o;
 		}
 
-		nav_set_selected(t('Cards'));
+		nav_set_selected('Cards');
 
-		head_add_link([ 
+		head_add_link([
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
 
 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
-					
+
 		if($category) {
-			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'], 'item', $category, TERM_CATEGORY));
 		}
 
 
 		$which = argv(1);
-		
+
 		$selected_card = ((argc() > 2) ? argv(2) : '');
 
-		$_SESSION['return_url'] = \App::$query_string;
-	
+		$_SESSION['return_url'] = App::$query_string;
+
 		$uid      = local_channel();
-		$owner    = \App::$profile_uid;
-		$observer = \App::get_observer();
-	
+		$owner    = App::$profile_uid;
+		$observer = App::get_observer();
+
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
-		
-		if(! perm_is_allowed($owner,$ob_hash,'view_pages')) {
+
+		if(! perm_is_allowed($owner, $ob_hash, 'view_pages')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-		
+
 		$is_owner = ($uid && $uid == $owner);
-	
+
 		$channel = channelx_by_n($owner);
 
 		if($channel) {
-			$channel_acl = array(
+			$channel_acl = [
 				'allow_cid' => $channel['channel_allow_cid'],
 				'allow_gid' => $channel['channel_allow_gid'],
 				'deny_cid'  => $channel['channel_deny_cid'],
 				'deny_gid'  => $channel['channel_deny_gid']
-			);
+			];
 		}
 		else {
 			$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
 		}
-	
 
 
-		if(perm_is_allowed($owner,$ob_hash,'write_pages')) {
+
+		if(perm_is_allowed($owner, $ob_hash, 'write_pages')) {
 
 			$x = [
 				'webpage'           => ITEM_TYPE_CARD,
@@ -95,10 +108,10 @@ class Cards extends \Zotlabs\Web\Controller {
 				'content_label'     => t('Add Card'),
 				'button'            => t('Create'),
 				'nickname'          => $channel['channel_address'],
-				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
-					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
 				'visitor'           => true,
@@ -110,7 +123,7 @@ class Cards extends \Zotlabs\Web\Controller {
 				'layoutselect'      => false,
 				'expanded'          => false,
 				'novoting'          => false,
-				'catsenabled'       => feature_enabled($owner,'categories'),
+				'catsenabled'       => feature_enabled($owner, 'categories'),
 				'bbco_autocomplete' => 'bbcode',
 				'bbcode'            => true
 			];
@@ -119,28 +132,34 @@ class Cards extends \Zotlabs\Web\Controller {
 				$x['title'] = $_REQUEST['title'];
 			if($_REQUEST['body'])
 				$x['body'] = $_REQUEST['body'];
-			$editor = status_editor($a,$x);
 
+			$editor = status_editor($a, $x, false, 'Cards');
 		}
 		else {
 			$editor = '';
 		}
-		
-		
+
+
+		$itemspage = get_pconfig(local_channel(),'system','itemspage');
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+
+
 		$sql_extra = item_permissions_sql($owner);
+		$sql_item = '';
 
 		if($selected_card) {
 			$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
 				dbesc($selected_card)
 			);
 			if($r) {
-				$sql_extra .= "and item.id = " . intval($r[0]['iid']) . " ";
+				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
-				
-		$r = q("select * from item 
-			where item.uid = %d and item_type = %d 
-			$sql_extra order by item.created desc",
+
+		$r = q("select * from item
+			where uid = %d and item_type = %d
+			$sql_extra $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_CARD)
 		);
@@ -149,39 +168,45 @@ class Cards extends \Zotlabs\Web\Controller {
 			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
 			and item.item_blocked = 0 ";
 
+		$items_result = [];
 		if($r) {
 
-			$parents_str = ids_to_querystr($r,'id');
+			$pager_total = count($r);
+
+			$parents_str = ids_to_querystr($r, 'id');
 
 			$items = q("SELECT item.*, item.id AS item_id
 				FROM item
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra $sql_extra2 ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 			if($items) {
 				xchan_query($items);
 				$items = fetch_post_tags($items, true);
-				$items = conv_sort($items,'updated');
+				$items_result = conv_sort($items, 'updated');
 			}
-			else
-				$items = [];
 		}
 
 		$mode = 'cards';
-			
-     	$content = conversation($items,$mode,false,'traditional');
+
+		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
+			$page_mode = 'pager_list';
+		else
+			$page_mode = 'traditional';
+
+		$content = conversation($items_result, $mode, false, $page_mode);
 
 		$o = replace_macros(get_markup_template('cards.tpl'), [
 			'$title' => t('Cards'),
 			'$editor' => $editor,
 			'$content' => $content,
-			'$pager' => alt_pager($a,count($items))
+			'$pager' => alt_pager($pager_total)
 		]);
 
-        return $o;
-    }
+		return $o;
+	}
 
 }

Zotlabs/Module/Cdav.php

@@ -1,12 +1,16 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
 require_once('include/event.php');
 
 require_once('include/auth.php');
 require_once('include/security.php');
 
-class Cdav extends \Zotlabs\Web\Controller {
+class Cdav extends Controller {
 
 	function init() {
 
@@ -126,8 +130,18 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'CalDAV/CardDAV');
 
 			if (local_channel()) {
+
 				logger('loggedin');
-				$channel = \App::get_channel();
+
+				if((argv(1) == 'calendars') && (!Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+					killme();
+				}
+
+				if((argv(1) == 'addressbooks') && (!Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+					killme();
+				}
+
+				$channel = App::get_channel();
 				$auth->setCurrentUser($channel['channel_address']);
 				$auth->channel_id = $channel['channel_id'];
 				$auth->channel_hash = $channel['channel_hash'];
@@ -161,12 +175,15 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$nodes = [
 				// /principals
 				new \Sabre\CalDAV\Principal\Collection($principalBackend),
+
 				// /calendars
 				new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend),
+
 				// /addressbook
-				new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend),
+				new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend)
 			];
 
+
 			// The object tree needs in turn to be passed to the server class
 
 			$server = new \Sabre\DAV\Server($nodes);
@@ -204,7 +221,15 @@ class Cdav extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+			return;
+		}
+
+		if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+			return;
+		}
+
+		$channel = App::get_channel();
 		$principalUri = 'principals/' . $channel['channel_address'];
 
 		if(!cdav_principal($principalUri))
@@ -807,7 +832,27 @@ class Cdav extends \Zotlabs\Web\Controller {
 		if(!local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('CalDAV App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('CalDAV capable calendar');
+			return $o;
+		}
+
+		if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('CardDAV App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('CalDAV capable addressbook');
+			return $o;
+		}
+
+		App::$profile_uid = local_channel();
+
+		$channel = App::get_channel();
 		$principalUri = 'principals/' . $channel['channel_address'];
 
 		$pdo = \DBA::$dba->db;
@@ -862,7 +907,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 
 			$sources = rtrim($sources, ', ');
 
-			$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+			$first_day = feature_enabled(local_channel(), 'cal_first_day');
 			$first_day = (($first_day) ? $first_day : 0);
 
 			$title = ['title', t('Event title')];
@@ -874,7 +919,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$o .= replace_macros(get_markup_template('cdav_calendar.tpl'), [
 				'$sources' => $sources,
 				'$color' => $color,
-				'$lang' => \App::$language,
+				'$lang' => App::$language,
 				'$first_day' => $first_day,
 				'$prev'	=> t('Previous'),
 				'$next'	=> t('Next'),

Zotlabs/Module/Channel.php

@@ -2,28 +2,35 @@
 
 namespace Zotlabs\Module;
 
-require_once('include/contact_widgets.php');
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/items.php');
-require_once("include/bbcode.php");
 require_once('include/security.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
-require_once('include/permissions.php');
+
 
 /**
  * @brief Channel Controller
  *
  */
-class Channel extends \Zotlabs\Web\Controller {
+
+class Channel extends Controller {
 
 	function init() {
 
+		if(in_array(substr($_GET['search'],0,1),[ '@', '!', '?']))	
+			goaway('search' . '?f=&search=' . $_GET['search']);
+
 		$which = null;
 		if(argc() > 1)
 			$which = argv(1);
 		if(! $which) {
 			if(local_channel()) {
-				$channel = \App::get_channel();
+				$channel = App::get_channel();
 				if($channel && $channel['channel_address'])
 				$which = $channel['channel_address'];
 			}
@@ -34,7 +41,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 
 		$profile = 0;
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 
 		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
 			$which = $channel['channel_address'];
@@ -64,11 +71,11 @@ class Channel extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
+		$noscript_content = get_config('system', 'noscript_content', '1');
+
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 
-		$checkjs = new \Zotlabs\Web\CheckJS(1);
-
 		$category = $datequery = $datequery2 = '';
 
 		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
@@ -82,7 +89,9 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$category = ((x($_REQUEST,'cat')) ? $_REQUEST['cat'] : '');
 		$hashtags = ((x($_REQUEST,'tag')) ? $_REQUEST['tag'] : '');
+		$order    = ((x($_GET,'order')) ? notags($_GET['order']) : 'post');
 		$static   = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
+		$search   = ((x($_GET,'search')) ? $_GET['search'] : EMPTY_STR);
 
 		$groups = array();
 
@@ -90,22 +99,22 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if($update) {
 			// Ensure we've got a profile owner if updating.
-			\App::$profile['profile_uid'] = \App::$profile_uid = $update;
+			App::$profile['profile_uid'] = App::$profile_uid = $update;
 		}
 
-		$is_owner = (((local_channel()) && (\App::$profile['profile_uid'] == local_channel())) ? true : false);
+		$is_owner = (((local_channel()) && (App::$profile['profile_uid'] == local_channel())) ? true : false);
 
-		$channel = \App::get_channel();
-		$observer = \App::get_observer();
+		$channel = App::get_channel();
+		$observer = App::get_observer();
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 
-		$perms = get_all_perms(\App::$profile['profile_uid'],$ob_hash);
+		$perms = get_all_perms(App::$profile['profile_uid'],$ob_hash);
 
 		if(! $perms['view_stream']) {
 			// We may want to make the target of this redirect configurable
 			if($perms['view_profile']) {
 				notice( t('Insufficient permissions.  Request redirected to profile page.') . EOL);
-				goaway (z_root() . "/profile/" . \App::$profile['channel_address']);
+				goaway (z_root() . "/profile/" . App::$profile['channel_address']);
 			}
 			notice( t('Permission denied.') . EOL);
 			return;
@@ -116,11 +125,14 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			nav_set_selected('Channel Home');
 
-			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
+			$static = channel_manual_conv_update(App::$profile['profile_uid']);
 
-			//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
-
-			// $o .= common_friends_visitor_widget(\App::$profile['profile_uid']);
+			// search terms header
+			if($search) {
+				$o .= replace_macros(get_markup_template("section_title.tpl"),array(
+					'$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8')
+				));
+			}
 
 			if($channel && $is_owner) {
 				$channel_acl = array(
@@ -139,23 +151,24 @@ class Channel extends \Zotlabs\Web\Controller {
 
 				$x = array(
 					'is_owner' => $is_owner,
-					'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(\App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false),
-					'default_location' => (($is_owner) ? \App::$profile['channel_location'] : ''),
-					'nickname' => \App::$profile['channel_address'],
-					'lockstate' => (((strlen(\App::$profile['channel_allow_cid'])) || (strlen(\App::$profile['channel_allow_gid'])) || (strlen(\App::$profile['channel_deny_cid'])) || (strlen(\App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
-					'acl' => (($is_owner) ? populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
+					'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false),
+					'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''),
+					'nickname' => App::$profile['channel_address'],
+					'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
+					'acl' => (($is_owner) ? populate_acl($channel_acl,true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
 					'permissions' => $channel_acl,
 					'showacl' => (($is_owner) ? 'yes' : ''),
 					'bang' => '',
 					'visitor' => (($is_owner || $observer) ? true : false),
-					'profile_uid' => \App::$profile['profile_uid'],
+					'profile_uid' => App::$profile['profile_uid'],
 					'editor_autocomplete' => true,
 					'bbco_autocomplete' => 'bbcode',
 					'bbcode' => true,
-					'jotnets' => true
+					'jotnets' => true,
+					'reset' => t('Reset form')
 				);
 
-				$o .= status_editor($a,$x);
+				$o .= status_editor($a,$x,false,'Channel');
 			}
 
 		}
@@ -167,21 +180,35 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
+		$sql_extra = item_permissions_sql(App::$profile['profile_uid']);
 
-		if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid))
+		if(feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (! $mid))
 			$page_mode = 'list';
 		else
 			$page_mode = 'client';
 
-		$abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " ";
+		$abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " ";
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
+		if($search) {
+			$search = escape_tags($search);
+			if(strpos($search,'#') === 0) {
+				$sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG,TERM_COMMUNITYTAG);
+			}
+			else {
+				$sql_extra .= sprintf(" AND (item.body like '%s' OR item.title like '%s') ",
+					dbesc(protect_sprintf('%' . $search . '%')),
+					dbesc(protect_sprintf('%' . $search . '%'))
+				);
+			}
+		}
+
+
 		head_add_link([ 
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
@@ -199,19 +226,19 @@ class Channel extends \Zotlabs\Web\Controller {
 				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid . '%'),
-					intval(\App::$profile['profile_uid'])
+					intval(App::$profile['profile_uid'])
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
 			else {
-				$r = q("SELECT distinct parent AS item_id, created from item
+				$r = q("SELECT parent AS item_id from item
 					left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 					WHERE uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update
 					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra
 					ORDER BY created DESC",
-					intval(\App::$profile['profile_uid'])
+					intval(App::$profile['profile_uid'])
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -220,43 +247,54 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {
 
 			if(x($category)) {
-				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}
 
 			if($datequery) {
 				$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery))));
+				$order = 'post';
 			}
 			if($datequery2) {
 				$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2))));
 			}
 
-			$itemspage = get_pconfig(local_channel(),'system','itemspage');
-			\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+			if($datequery || $datequery2) {
+				$sql_extra2 .= " and item.item_thread_top != 0 ";
+			}
 
-			if($load || ($checkjs->disabled())) {
+			if($order === 'post')
+				$ordering = "created";
+			else
+				$ordering = "commented";
+
+
+			$itemspage = get_pconfig(local_channel(),'system','itemspage');
+			App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
+
+			if($noscript_content || $load) {
 				if($mid) {
-					$r = q("SELECT distinct parent AS item_id from item where mid like '%s' and uid = %d $item_normal
+					$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
 						dbesc($mid . '%'),
-						intval(\App::$profile['profile_uid'])
+						intval(App::$profile['profile_uid'])
 					);
 					if (! $r) {
 						notice( t('Permission denied.') . EOL);
 					}
 				}
 				else {
-					$r = q("SELECT distinct id AS item_id, created FROM item
-						left join abook on item.author_xchan = abook.abook_xchan
-						WHERE uid = %d $item_normal
-						AND item_wall = 1 and item_thread_top = 1
-						AND (abook_blocked = 0 or abook.abook_flags is null)
-						$sql_extra $sql_extra2
-						ORDER BY created DESC $pager_sql ",
-						intval(\App::$profile['profile_uid'])
+					$r = q("SELECT DISTINCT item.parent AS item_id, $ordering FROM item 
+						left join abook on ( item.author_xchan = abook.abook_xchan $abook_uids )
+						WHERE true and item.uid = %d $item_normal
+						AND (abook.abook_blocked = 0 or abook.abook_flags is null)
+						AND item.item_wall = 1 AND item.item_thread_top = 1
+						$sql_extra $sql_extra2 
+						ORDER BY $ordering DESC $pager_sql ",
+						intval(App::$profile['profile_uid'])
 					);
 				}
 			}
@@ -264,7 +302,6 @@ class Channel extends \Zotlabs\Web\Controller {
 				$r = array();
 			}
 		}
-
 		if($r) {
 
 			$parents_str = ids_to_querystr($r,'item_id');
@@ -274,13 +311,13 @@ class Channel extends \Zotlabs\Web\Controller {
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 
 			xchan_query($items);
 			$items = fetch_post_tags($items, true);
-			$items = conv_sort($items,'created');
+			$items = conv_sort($items,$ordering);
 
 			if($load && $mid && (! count($items))) {
 				// This will happen if we don't have sufficient permissions
@@ -297,23 +334,23 @@ class Channel extends \Zotlabs\Web\Controller {
 			// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
 			// because browser prefetching might change it on us. We have to deliver it with the page.
 
-			$maxheight = get_pconfig(\App::$profile['profile_uid'],'system','channel_divmore_height');
+			$maxheight = get_pconfig(App::$profile['profile_uid'],'system','channel_divmore_height');
 			if(! $maxheight)
 				$maxheight = 400;
 
 			$o .= '<div id="live-channel"></div>' . "\r\n";
-			$o .= "<script> var profile_uid = " . \App::$profile['profile_uid']
-				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page']
+			$o .= "<script> var profile_uid = " . App::$profile['profile_uid']
+				. "; var netargs = '?f='; var profile_page = " . App::$pager['page']
 				. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
 
-			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+			App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
 				'$baseurl' => z_root(),
 				'$pgtype' => 'channel',
-				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
+				'$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
-				'$cmin' => '0',
-				'$cmax' => '0',
+				'$cmin' => '(-1)',
+				'$cmax' => '(-1)',
 				'$star' => '0',
 				'$liked' => '0',
 				'$conv' => '0',
@@ -322,10 +359,10 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$wall' => '1',
 				'$fh' => '0',
 				'$static'  => $static,
-				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
-				'$search' => '',
+				'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
+				'$search' => $search,
 				'$xchan' => '',
-				'$order' => '',
+				'$order' => $order,
 				'$list' => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
 				'$file' => '',
 				'$cats' => (($category) ? urlencode($category) : ''),
@@ -371,18 +408,28 @@ class Channel extends \Zotlabs\Web\Controller {
 			}
 		}
 
+		$mode = (($search) ? 'search' : 'channel');
 
-		if($checkjs->disabled()) {
-			$o .= conversation($items,'channel',$update,'traditional');
+		if($update) {
+			$o .= conversation($items,$mode,$update,$page_mode);
 		}
 		else {
-			$o .= conversation($items,'channel',$update,$page_mode);
-		}
 
-		if((! $update) || ($checkjs->disabled())) {
-			$o .= alt_pager($a,count($items));
+			$o .= '<noscript>';
+			if($noscript_content) {
+				$o .= conversation($items,$mode,$update,'traditional');
+				$o .= alt_pager(count($items));
+			}
+			else {
+				$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+			}
+			$o .= '</noscript>';
+
+			$o .= conversation($items,$mode,$update,$page_mode);
+
 			if ($mid && $items[0]['title'])
-				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
+				App::$page['title'] = $items[0]['title'] . " - " . App::$page['title'];
+
 		}
 
 		if($mid)

Zotlabs/Module/Chanview.php

@@ -19,7 +19,7 @@ class Chanview extends \Zotlabs\Web\Controller {
 		}
 		if($_REQUEST['address']) {
 			$r = q("select * from xchan where xchan_addr = '%s' limit 1",
-				dbesc($_REQUEST['address'])
+				dbesc(punify($_REQUEST['address']))
 			);
 		}
 		elseif(local_channel() && intval($_REQUEST['cid'])) {

Zotlabs/Module/Chat.php

@@ -1,13 +1,19 @@
 <?php /** @file */
 
-namespace Zotlabs\Module; 
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Chatroom;
+use Zotlabs\Access\AccessList;
+
+
 
 
 require_once('include/bookmarks.php');
 
-use \Zotlabs\Lib as Zlib;
-
-class Chat extends \Zotlabs\Web\Controller {
+class Chat extends Controller {
 
 	function init() {
 	
@@ -16,7 +22,7 @@ class Chat extends \Zotlabs\Web\Controller {
 			$which = argv(1);
 		if(! $which) {
 			if(local_channel()) {
-				$channel = \App::get_channel();
+				$channel = App::get_channel();
 				if($channel && $channel['channel_address'])
 				$which = $channel['channel_address'];
 			}
@@ -27,7 +33,7 @@ class Chat extends \Zotlabs\Web\Controller {
 		}
 	
 		$profile = 0;
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
 			$which = $channel['channel_address'];
@@ -49,16 +55,16 @@ class Chat extends \Zotlabs\Web\Controller {
 		if((! $room) || (! local_channel()))
 			return;
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 	
 		if($_POST['action'] === 'drop') {
 			logger('delete chatroom');
-			Zlib\Chatroom::destroy($channel,array('cr_name' => $room));
+			Chatroom::destroy($channel,array('cr_name' => $room));
 			goaway(z_root() . '/chat/' . $channel['channel_address']);
 		}
 	
-		$acl = new \Zotlabs\Access\AccessList($channel);
+		$acl = new AccessList($channel);
 		$acl->set_from_array($_REQUEST);
 	
 		$arr = $acl->get();
@@ -67,7 +73,7 @@ class Chat extends \Zotlabs\Web\Controller {
 		if(intval($arr['expire']) < 0)
 			$arr['expire'] = 0;
 	
-		Zlib\Chatroom::create($channel,$arr);
+		Chatroom::create($channel,$arr);
 	
 		$x = q("select * from chatroom where cr_name = '%s' and cr_uid = %d limit 1",
 			dbesc($room),
@@ -88,26 +94,35 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 	
 	function get() {
+
+		if(! Apps::system_app_installed(App::$profile_uid, 'Chatrooms')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Chatrooms App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Access Controlled Chatrooms');
+			return $o;
+		}
 	
 		if(local_channel()) {
-			$channel = \App::get_channel();
-			nav_set_selected('My Chatrooms');
+			$channel = App::get_channel();
+			nav_set_selected('Chatrooms');
 		}
 
-		$ob = \App::get_observer();
+		$ob = App::get_observer();
 		$observer = get_observer_hash();
 		if(! $observer) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 	
-		if(! perm_is_allowed(\App::$profile['profile_uid'],$observer,'chat')) {
+		if(! perm_is_allowed(App::$profile['profile_uid'],$observer,'chat')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 		
 		if((argc() > 3) && intval(argv(2)) && (argv(3) === 'leave')) {
-			Zlib\Chatroom::leave($observer,argv(2),$_SERVER['REMOTE_ADDR']);
+			Chatroom::leave($observer,argv(2),$_SERVER['REMOTE_ADDR']);
 			goaway(z_root() . '/channel/' . argv(1));
 		}
 	
@@ -160,16 +175,16 @@ class Chat extends \Zotlabs\Web\Controller {
 			$room_id = intval(argv(2));
 			$bookmark_link = get_bookmark_link($ob);
 	
-			$x = Zlib\Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']);
+			$x = Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']);
 			if(! $x)
 				return;
 			$x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1",
 				intval($room_id),
-				intval(\App::$profile['profile_uid'])
+				intval(App::$profile['profile_uid'])
 			);
 	
 			if($x) {
-				$acl = new \Zotlabs\Access\AccessList(false);
+				$acl = new AccessList(false);
 				$acl->set($x[0]);
 	
 				$private = $acl->is_private();
@@ -208,19 +223,12 @@ class Chat extends \Zotlabs\Web\Controller {
 			));
 			return $o;
 		}
-	
-	
+
 		require_once('include/conversation.php');
 	
-		//$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
 		$o = '';
-	
-		if(! feature_enabled(\App::$profile['profile_uid'],'ajaxchat')) {
-			notice( t('Feature disabled.') . EOL);
-			return $o;
-		}
 
-		$acl = new \Zotlabs\Access\AccessList($channel);
+		$acl = new AccessList($channel);
 		$channel_acl = $acl->get();
 
 		$lockstate = (($channel_acl['allow_cid'] || $channel_acl['allow_gid'] || $channel_acl['deny_cid'] || $channel_acl['deny_gid']) ? 'lock' : 'unlock');
@@ -244,17 +252,17 @@ class Chat extends \Zotlabs\Web\Controller {
 			));
 		}
 
-		$rooms = Zlib\Chatroom::roomlist(\App::$profile['profile_uid']);
+		$rooms = Chatroom::roomlist(App::$profile['profile_uid']);
 	
 		$o .= replace_macros(get_markup_template('chatrooms.tpl'), array(
-			'$header' => sprintf( t('%1$s\'s Chatrooms'), \App::$profile['fullname']),
+			'$header' => sprintf( t('%1$s\'s Chatrooms'), App::$profile['fullname']),
 			'$name' => t('Name'),
 			'$baseurl' => z_root(),
-			'$nickname' => \App::$profile['channel_address'],
+			'$nickname' => App::$profile['channel_address'],
 			'$rooms' => $rooms,
 			'$norooms' => t('No chatrooms available'),
 			'$newroom' => t('Create New'),
-			'$is_owner' => ((local_channel() && local_channel() == \App::$profile['profile_uid']) ? 1 : 0),
+			'$is_owner' => ((local_channel() && local_channel() == App::$profile['profile_uid']) ? 1 : 0),
 			'$chatroom_new' => $chatroom_new,
 			'$expire' => t('Expiration'),
 			'$expire_unit' => t('min') //minutes

Zotlabs/Module/Chatsvc.php

@@ -60,7 +60,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 			intval(\App::$data['chat']['room_id']),
 			dbesc(get_observer_hash()),
 			dbesc(datetime_convert()),
-			dbesc($arr['chat_text'])		
+			dbesc(str_rot47(base64url_encode($arr['chat_text'])))		
 		);
 	
 		$ret['success'] = true;
@@ -119,10 +119,10 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						$rv['xchan_network'] = 'unknown';
 						$rv['xchan_url'] = z_root();
 						$rv['xchan_hidden'] = 1;
-						$rv['xchan_photo_mimetype'] = 'image/jpeg';
-						$rv['xchan_photo_l'] = get_default_profile_photo(300); 
-						$rv['xchan_photo_m'] = get_default_profile_photo(80); 
-						$rv['xchan_photo_s'] = get_default_profile_photo(48); 
+						$rv['xchan_photo_mimetype'] = 'image/png';
+						$rv['xchan_photo_l'] = z_root() . '/' . get_default_profile_photo(300); 
+						$rv['xchan_photo_m'] = z_root() . '/' . get_default_profile_photo(80); 
+						$rv['xchan_photo_s'] = z_root() . '/' . get_default_profile_photo(48); 
 
 					}
 
@@ -157,7 +157,7 @@ class Chatsvc extends \Zotlabs\Web\Controller {
 						'name' => $rr['xchan_name'],
 						'isotime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'c'),
 						'localtime' => datetime_convert('UTC', date_default_timezone_get(), $rr['created'], 'r'),
-						'text' => zidify_links(smilies(bbcode($rr['chat_text']))),
+						'text' => zidify_links(smilies(bbcode(base64url_decode(str_rot47($rr['chat_text']))))),
 						'self' => ((get_observer_hash() == $rr['chat_xchan']) ? 'self' : '')
 					);
 				}

Zotlabs/Module/Cloud.php

@@ -35,11 +35,20 @@ class Cloud extends \Zotlabs\Web\Controller {
 		if (argc() > 1)
 			$which = argv(1);
 
+
+		if (argc() < 2 && intval(get_config('system','cloud_disable_siteroot'))) {
+			notice( t('Permission denied.') . EOL);
+			construct_page();
+			killme();
+		}
+
 		$profile = 0;
 
 		if ($which)
 			profile_load( $which, $profile);
 
+
+
 		$auth = new \Zotlabs\Storage\BasicAuth();
 
 		$ob_hash = get_observer_hash();
@@ -60,6 +69,12 @@ class Cloud extends \Zotlabs\Web\Controller {
 		// if we arrived at this path with any query parameters in the url, build a clean url without
 		// them and redirect.
 
+		if(! array_key_exists('cloud_sort',$_SESSION)) {
+			$_SESSION['cloud_sort'] = 'name';
+		}
+
+		$_SESSION['cloud_sort'] = (($_REQUEST['sort']) ? trim(notags($_REQUEST['sort'])) : $_SESSION['cloud_sort']);
+
 		$x = clean_query_string();
 		if($x !== \App::$query_string)
 			goaway(z_root() . '/' . $x);
@@ -110,6 +125,9 @@ class Cloud extends \Zotlabs\Web\Controller {
 		elseif($err instanceof \Sabre\DAV\Exception\Forbidden) {
 			notice( t('Permission denied') . EOL);
 		}
+		elseif($err instanceof \Sabre\DAV\Exception\NotImplemented) {
+			notice( t('Please refresh page') . EOL);
+		}
 		else {
 			notice( t('Unknown error') . EOL);
 		}

Zotlabs/Module/Connect.php

@@ -1,21 +1,21 @@
 <?php
 namespace Zotlabs\Module; /** @file */
 
-
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
 
 require_once('include/contact_widgets.php');
 require_once('include/items.php');
 
-
-
-class Connect extends \Zotlabs\Web\Controller {
+class Connect extends Controller {
 
 	function init() {
 		if(argc() > 1)
 			$which = argv(1);
 		else {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 	
@@ -24,20 +24,32 @@ class Connect extends \Zotlabs\Web\Controller {
 		);
 	
 		if($r)
-			\App::$data['channel'] = $r[0];
+			App::$data['channel'] = $r[0];
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			return;
+		}
 	
 		profile_load($which,'');
 	}
 	
 	function post() {
 	
-		if(! array_key_exists('channel', \App::$data))
+		if(! array_key_exists('channel', App::$data))
 			return;
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			return;
+		}
 	
-		$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);
+		$edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false);
 	
 		if($edit) {
-			$has_premium = ((\App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0);
+			$has_premium = ((App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0);
 			$premium = (($_POST['premium']) ? intval($_POST['premium']) : 0);
 			$text = escape_tags($_POST['text']);
 			
@@ -48,25 +60,25 @@ class Connect extends \Zotlabs\Web\Controller {
 					intval(local_channel()) 
 				);
 				
-				\Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',\App::$data['channel']['channel_id']));
+				\Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',$channel_id));
 			}
-			set_pconfig(\App::$data['channel']['channel_id'],'system','selltext',$text);
+			set_pconfig($channel_id,'system','selltext',$text);
 			// reload the page completely to get fresh data
-			goaway(z_root() . '/' . \App::$query_string);
+			goaway(z_root() . '/' . App::$query_string);
 	
 		}
 	
 		$url = '';
-		$observer = \App::get_observer();
+		$observer = App::get_observer();
 		if(($observer) && ($_POST['submit'] === t('Continue'))) {
 			if($observer['xchan_follow'])
-				$url = sprintf($observer['xchan_follow'],urlencode(channel_reddress(\App::$data['channel'])));
+				$url = sprintf($observer['xchan_follow'],urlencode(channel_reddress(App::$data['channel'])));
 			if(! $url) {
 				$r = q("select * from hubloc where hubloc_hash = '%s' order by hubloc_id desc limit 1",
 					dbesc($observer['xchan_hash'])
 				);
 				if($r)
-					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(\App::$data['channel']));
+					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(App::$data['channel']));
 			}
 		}
 		if($url)
@@ -79,17 +91,31 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 	
 	function get() {
+
+		if(! array_key_exists('channel', App::$data))
+			return;
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Premium Channel App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Allows you to set restrictions and terms on those that connect with your channel');
+			return $o;
+		}
 	
-		$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);
+		$edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false);
 	
-		$text = get_pconfig(\App::$data['channel']['channel_id'],'system','selltext');
+		$text = get_pconfig($channel_id,'system','selltext');
 	
 		if($edit) {
 	
 			$o = replace_macros(get_markup_template('sellpage_edit.tpl'),array(
 				'$header' => t('Premium Channel Setup'),
-				'$address' => \App::$data['channel']['channel_address'],
-				'$premium' => array('premium', t('Enable premium channel connection restrictions'),((\App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? '1' : ''),''),
+				'$address' => App::$data['channel']['channel_address'],
+				'$premium' => array('premium', t('Enable premium channel connection restrictions'),((App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? '1' : ''),''),
 				'$lbl_about' => t('Please enter your restrictions or conditions, such as paypal receipt, usage guidelines, etc.'),
 	 			'$text' => $text,
 				'$desc' => t('This channel may require additional steps or acknowledgement of the following conditions prior to connecting:'),
@@ -107,7 +133,7 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 			$submit = replace_macros(get_markup_template('sellpage_submit.tpl'), array(
 				'$continue' => t('Continue'),			
-				'$address' => \App::$data['channel']['channel_address']
+				'$address' => App::$data['channel']['channel_address']
 			));
 	
 			$o = replace_macros(get_markup_template('sellpage_view.tpl'),array(
@@ -120,7 +146,7 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 			));
 	
-			$arr = array('channel' => \App::$data['channel'],'observer' => \App::get_observer(), 'sellpage' => $o, 'submit' => $submit);
+			$arr = array('channel' => App::$data['channel'],'observer' => App::get_observer(), 'sellpage' => $o, 'submit' => $submit);
 			call_hooks('connect_premium', $arr);
 			$o = $arr['sellpage'];
 	

Zotlabs/Module/Connections.php

@@ -1,6 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
@@ -12,8 +13,10 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		App::$profile_uid = local_channel();
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);
 	
@@ -32,6 +35,7 @@ class Connections extends \Zotlabs\Web\Controller {
 
 		nav_set_selected('Connections');
 	
+		$active      = false;
 		$blocked     = false;
 		$hidden      = false;
 		$ignored     = false;
@@ -42,13 +46,18 @@ class Connections extends \Zotlabs\Web\Controller {
 		$all         = false;
 	
 		if(! $_REQUEST['aj'])
-			$_SESSION['return_url'] = \App::$query_string;
+			$_SESSION['return_url'] = App::$query_string;
 	
-		$search_flags = '';
+		$search_flags = "";
 		$head = '';
 	
 		if(argc() == 2) {
 			switch(argv(1)) {
+				case 'active':
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 AND abook_not_here = 0 ";
+					$head = t('Active');
+					$active = true;
+					break;
 				case 'blocked':
 					$search_flags = " and abook_blocked = 1 ";
 					$head = t('Blocked');
@@ -82,14 +91,14 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
-						\App::$argv[1] = 'pending';
+						App::$argv[1] = 'pending';
 					}
 					else {
 						$head = t('All');
 						$search_flags = '';
 						$all = true;
-						\App::$argc = 1;
-						unset(\App::$argv[1]);
+						App::$argc = 1;
+						unset(App::$argv[1]);
 					}
 					break;
 	//			case 'unconnected':
@@ -101,8 +110,9 @@ class Connections extends \Zotlabs\Web\Controller {
 				case 'all':
 					$head = t('All');
 				default:
-					$search_flags = '';
-					$all = true;
+					$search_flags = " and abook_blocked = 0 and abook_ignored = 0 and abook_hidden = 0 and abook_archived = 0 and abook_not_here = 0 ";
+					$active = true;
+					$head = t('Active');
 					break;
 	
 			}
@@ -129,6 +139,13 @@ class Connections extends \Zotlabs\Web\Controller {
 			),
 			*/
 	
+			'active' => array(
+				'label' => t('Active Connections'),
+				'url'   => z_root() . '/connections/active', 
+				'sel'   => ($active) ? 'active' : '',
+				'title' => t('Show active connections'),
+			),
+
 			'pending' => array(
 				'label' => t('New Connections'),
 				'url'   => z_root() . '/connections/pending', 
@@ -136,12 +153,6 @@ class Connections extends \Zotlabs\Web\Controller {
 				'title' => t('Show pending (new) connections'),
 			),
 	
-			'all' => array(
-				'label' => t('All Connections'),
-				'url'   => z_root() . '/connections/all', 
-				'sel'   => ($all) ? 'active' : '',
-				'title' => t('Show all connections'),
-			),
 	
 			/*
 			array(
@@ -187,6 +198,13 @@ class Connections extends \Zotlabs\Web\Controller {
 	//			'title' => t('Only show one-way connections'),
 	//		),
 	
+
+			'all' => array(
+				'label' => t('All Connections'),
+				'url'   => z_root() . '/connections', 
+				'sel'   => ($all) ? 'active' : '',
+				'title' => t('Show all connections'),
+			),
 	
 		);
 	
@@ -202,7 +220,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		$sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : "");
 	
 		if($_REQUEST['gid']) {
-			$sql_extra .= " and xchan_hash in ( select xchan from group_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
+			$sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
 		}
 	 	
 		$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash 
@@ -210,15 +228,15 @@ class Connections extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($r) {
-			\App::set_pager_total($r[0]['total']);
+			App::set_pager_total($r[0]['total']);
 			$total = $r[0]['total'];
 		}
 	
 		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
 			WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ",
 			intval(local_channel()),
-			intval(\App::$pager['itemspage']),
-			intval(\App::$pager['start'])
+			intval(App::$pager['itemspage']),
+			intval(App::$pager['start'])
 		);
 	
 		$contacts = array();
@@ -232,12 +250,13 @@ class Connections extends \Zotlabs\Web\Controller {
 				if($rr['xchan_url']) {
 
 					if(($rr['vcard']) && is_array($rr['vcard']['tels']) && $rr['vcard']['tels'][0]['nr'])
-						$phone = ((\App::$is_mobile || \App::$is_tablet) ? $rr['vcard']['tels'][0]['nr'] : '');
+						$phone = $rr['vcard']['tels'][0]['nr'];
 					else
 						$phone = '';
 	
 					$status_str = '';
 					$status = array(
+						((intval($rr['abook_active'])) ? t('Active') : ''),
 						((intval($rr['abook_pending'])) ? t('Pending approval') : ''),
 						((intval($rr['abook_archived'])) ? t('Archived') : ''),
 						((intval($rr['abook_hidden'])) ? t('Hidden') : ''),
@@ -245,6 +264,11 @@ class Connections extends \Zotlabs\Web\Controller {
 						((intval($rr['abook_blocked'])) ? t('Blocked') : ''),
 						((intval($rr['abook_not_here'])) ? t('Not connected at this location') : '')
 					);
+
+					$oneway = false;
+					if(! intval(get_abconfig(local_channel(),$rr['xchan_hash'],'their_perms','post_comments'))) {
+						$oneway = true;
+					}
 	
 					foreach($status as $str) {
 						if(!$str)
@@ -283,7 +307,8 @@ class Connections extends \Zotlabs\Web\Controller {
 						'ignore_hover' => t('Ignore connection'),
 						'ignore' => ((! $rr['abook_ignored']) ? t('Ignore') : false),
 						'recent_label' => t('Recent activity'),
-						'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id'])
+						'recentlink' => z_root() . '/network/?f=&cid=' . intval($rr['abook_id']),
+						'oneway' => $oneway
 					);
 				}
 			}
@@ -304,7 +329,7 @@ class Connections extends \Zotlabs\Web\Controller {
 			killme();
 		}
 		else {
-			$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
+			$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
 			$o .= replace_macros(get_markup_template('connections.tpl'),array(
 				'$header' => t('Connections') . (($head) ? ': ' . $head : ''),
 				'$tabs' => $tabs,
@@ -315,7 +340,7 @@ class Connections extends \Zotlabs\Web\Controller {
 				'$finding' => (($searching) ? t('Connections search') . ": '" . $search . "'" : ""),
 				'$submit' => t('Find'),
 				'$edit' => t('Edit'),
-				'$cmd' => \App::$cmd,
+				'$cmd' => App::$cmd,
 				'$contacts' => $contacts,
 				'$paginate' => paginate($a),
 	

Zotlabs/Module/Connedit.php

@@ -7,6 +7,7 @@ namespace Zotlabs\Module;
  *
  */
 
+use Zotlabs\Lib\Apps;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
@@ -774,7 +775,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			$global_perms = \Zotlabs\Access\Permissions::Perms();
 
-			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
+			$existing = get_all_perms(local_channel(),$contact['abook_xchan'],false);
 	
 			$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
 	
@@ -826,27 +827,10 @@ class Connedit extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			$locstr = '';
+			$locstr = locations_by_netid($contact['xchan_hash']);
+			if(! $locstr)
+				$locstr = unpunify($contact['xchan_url']);
 	
-			$locs = q("select hubloc_addr as location from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s'
-				and hubloc_deleted = 0 and site_dead = 0",
-				dbesc($contact['xchan_hash'])
-			);
-	
-			if($locs) {
-				foreach($locs as $l) {
-					if(!($l['location']))
-						continue;
-					if(strpos($locstr,$l['location']) !== false)
-						continue;
-					if(strlen($locstr))
-						$locstr .= ', ';
-					$locstr .= $l['location'];
-				}
-			}
-			else
-				$locstr = $contact['xchan_url'];
-
 			$clone_warn = '';
 			$clonable = (in_array($contact['xchan_network'],['zot','rss']) ? true : false);
 			if(! $clonable) {
@@ -866,11 +850,11 @@ class Connedit extends \Zotlabs\Web\Controller {
 			$o .= replace_macros($tpl, [
 				'$header'         => (($self) ? t('Connection Default Permissions') : sprintf( t('Connection: %s'),$contact['xchan_name'])),
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no),
-				'$permcat'        => [ 'permcat', t('Permission role'), '', '',$permcats ],
+				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
-				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
-				'$addr'           => $contact['xchan_addr'],
-				'$primeurl'       => $contact['xchan_url'],
+				'$permcat_enable' => Apps::system_app_installed(local_channel(), 'Permission Categories'),
+				'$addr'           => unpunify($contact['xchan_addr']),
+				'$primeurl'       => unpunify($contact['xchan_url']),
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$vcard'          => $vcard,
@@ -912,7 +896,6 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$permnote_self'  => t('Some permissions may be inherited from your channel\'s <a href="settings"><strong>privacy settings</strong></a>, which have higher priority than individual settings. You can change those settings here but they wont have any impact unless the inherited setting changes.'),
 				'$lastupdtext'    => t('Last update:'),
 				'$last_update'    => relative_date($contact['abook_connected']),
-				'$is_mobile'      => ((\App::$is_mobile || \App::$is_tablet) ? true : false),
 				'$profile_select' => contact_profile_assign($contact['abook_profile']),
 				'$multiprofs'     => $multiprofs,
 				'$contact_id'     => $contact['abook_id'],

Zotlabs/Module/Contactgroup.php

@@ -23,7 +23,7 @@ class Contactgroup extends \Zotlabs\Web\Controller {
 	
 		if((argc() > 1) && (intval(argv(1)))) {
 	
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);

Zotlabs/Module/Cover_photo.php

@@ -9,6 +9,7 @@ namespace Zotlabs\Module;
 
 require_once('include/photo/photo_driver.php');
 require_once('include/channel.php');
+require_once('include/photos.php');
 
 
 
@@ -64,12 +65,12 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 				$image_id = substr($image_id,0,-2);
 			}
 				
-	
-			$srcX = $_POST['xstart'];
-			$srcY = $_POST['ystart'];
-			$srcW = $_POST['xfinal'] - $srcX;
-			$srcH = $_POST['yfinal'] - $srcY;
-	
+
+
+			$srcX = intval($_POST['xstart']);
+			$srcY = intval($_POST['ystart']);
+			$srcW = intval($_POST['xfinal']) - $srcX;
+			$srcH = intval($_POST['yfinal']) - $srcY;
 	
 			$r = q("select gender from profile where uid = %d and is_default = 1 limit 1",
 				intval(local_channel())
@@ -84,10 +85,41 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			);
 	
 			if($r) {
-	
-				$base_image = $r[0];
-				$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
-			
+
+				$max_thumb = intval(get_config('system','max_thumbnail',1600));
+				$iscaled = false;
+				if(intval($r[0]['height']) > $max_thumb || intval($r[0]['width']) > $max_thumb) { 
+					$imagick_path = get_config('system','imagick_convert_path');
+					if($imagick_path && @file_exists($imagick_path) && intval($r[0]['os_storage'])) {
+
+						$fname = dbunescbin($r[0]['content']);
+						$tmp_name = $fname . '-001';
+						$newsize = photo_calculate_scale(array_merge(getimagesize($fname),['max' => $max_thumb]));
+						$cmd = $imagick_path . ' ' . escapeshellarg(PROJECT_BASE . '/' . $fname) . ' -resize ' . $newsize . ' ' . escapeshellarg(PROJECT_BASE . '/' . $tmp_name);
+						//	logger('imagick thumbnail command: ' . $cmd);
+						for($x = 0; $x < 4; $x ++) {
+							exec($cmd);
+							if(file_exists($tmp_name)) {
+								break;
+							}
+						}
+						if(file_exists($tmp_name)) {
+							$base_image = $r[0];
+							$gis = getimagesize($tmp_name);
+logger('gis: ' . print_r($gis,true));
+							$base_image['width'] = $gis[0];
+							$base_image['height'] = $gis[1];
+							$base_image['content'] = @file_get_contents($tmp_name);
+							$iscaled = true;
+							@unlink($tmp_name);
+						}
+					}
+				}
+				if(! $iscaled) {
+					$base_image = $r[0];
+					$base_image['content'] = (($r[0]['os_storage']) ? @file_get_contents(dbunescbin($base_image['content'])) : dbunescbin($base_image['content']));
+				}
+
 				$im = photo_factory($base_image['content'], $base_image['mimetype']);
 				if($im->is_valid()) {
 	
@@ -119,10 +151,10 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 						intval(local_channel())
 					);
 	
-					$orig_srcx = ( $r[0]['width'] / $scaled_width ) * $srcX;
-					$orig_srcy = ( $r[0]['height'] / $scaled_height ) * $srcY;
-	 				$orig_srcw = ( $srcW / $scaled_width ) * $r[0]['width'];
-	 				$orig_srch = ( $srcH / $scaled_height ) * $r[0]['height'];
+					$orig_srcx = ( $base_image['width'] / $scaled_width ) * $srcX;
+					$orig_srcy = ( $base_image['height'] / $scaled_height ) * $srcY;
+	 				$orig_srcw = ( $srcW / $scaled_width ) * $base_image['width'];
+	 				$orig_srch = ( $srcH / $scaled_height ) * $base_image['height'];
 	
 					$im->cropImageRect(1200,435,$orig_srcx, $orig_srcy, $orig_srcw, $orig_srch);
 	
@@ -207,7 +239,7 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 			}
 		}
 	
-		$imagedata = (($os_storage) ? @file_get_contents($imagedata) : $imagedata);
+		$imagedata = (($os_storage) ? @file_get_contents(dbunescbin($imagedata)) : dbunescbin($imagedata));
 		$ph = photo_factory($imagedata, $filetype);
 	
 		if(! $ph->is_valid()) {
@@ -355,14 +387,27 @@ class Cover_photo extends \Zotlabs\Web\Controller {
 	
 			$o .= replace_macros($tpl,array(
 				'$user'                => \App::$channel['channel_address'],
+				'$info'                => t('Your cover photo may be visible to anybody on the internet'),
+				'$existing'            => get_cover_photo(local_channel(),'array',PHOTO_RES_COVER_850),
 				'$lbl_upfile'          => t('Upload File:'),
 				'$lbl_profiles'        => t('Select a profile:'),
-				'$title'               => t('Upload Cover Photo'),
+				'$title'               => t('Change Cover Photo'),
 				'$submit'              => t('Upload'),
 				'$profiles'            => $profiles,
+				'$embedPhotos' => t('Use a photo from your albums'),
+				'$embedPhotosModalTitle' => t('Use a photo from your albums'),
+				'$embedPhotosModalCancel' => t('Cancel'),
+				'$embedPhotosModalOK' => t('OK'),
+				'$modalchooseimages' => t('Choose images to embed'),
+				'$modalchoosealbum' => t('Choose an album'),
+				'$modaldiffalbum' => t('Choose a different album'),
+				'$modalerrorlist' => t('Error getting album list'),
+				'$modalerrorlink' => t('Error getting photo link'),
+				'$modalerroralbum' => t('Error getting album'),
 				'$form_security_token' => get_form_security_token("cover_photo"),
 					/// @FIXME - yuk  
-				'$select'              => sprintf('%s %s', t('or'), ($newuser) ? '<a href="' . z_root() . '">' . t('skip this step') . '</a>' : '<a href="'. z_root() . '/photos/' . \App::$channel['channel_address'] . '">' . t('select a photo from your photo albums') . '</a>')
+				'$select' => t('Select existing photo'),
+
 			));
 			
 			call_hooks('cover_photo_content_end', $o);

Zotlabs/Module/Defperms.php

@@ -1,14 +1,16 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
 require_once('include/photos.php');
 
-
-class Defperms extends \Zotlabs\Web\Controller {
+class Defperms extends Controller {
 
 	/* @brief Initialize the connection-editor
 	 *
@@ -19,17 +21,20 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions'))
+			return;
 	
 		$r = q("SELECT abook.*, xchan.*
 			FROM abook left join xchan on abook_xchan = xchan_hash
-			WHERE abook_self = 1 and abook_id = %d LIMIT 1",
+			WHERE abook_self = 1 and abook_channel = %d LIMIT 1",
 			intval(local_channel())
 		);
 		if($r) {
-			\App::$poi = $r[0];
+			App::$poi = $r[0];
 		}
 
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);	
 	}
@@ -43,12 +48,15 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions'))
+			return;
 	
 		$contact_id = intval(argv(1));
 		if(! $contact_id)
 			return;
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
 			intval($contact_id),
@@ -112,7 +120,7 @@ class Defperms extends \Zotlabs\Web\Controller {
 			intval($contact_id)
 		);
 		if($r) {
-			\App::$poi = $r[0];
+			App::$poi = $r[0];
 		}
 	
 	
@@ -131,22 +139,22 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 	function defperms_clone(&$a) {
 	
-			if(! \App::$poi)
+			if(! App::$poi)
 				return;
 		
-			$channel = \App::get_channel();
+			$channel = App::get_channel();
 	
 			$r = q("SELECT abook.*, xchan.*
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d and abook_id = %d LIMIT 1",
 				intval(local_channel()),
-				intval(\App::$poi['abook_id'])
+				intval(App::$poi['abook_id'])
 			);
 			if($r) {
-				\App::$poi = array_shift($r);
+				App::$poi = array_shift($r);
 			}
 	
-			$clone = \App::$poi;
+			$clone = App::$poi;
 	
 			unset($clone['abook_id']);
 			unset($clone['abook_account']);
@@ -173,9 +181,18 @@ class Defperms extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return login();
 		}
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Default Permissions App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Set custom default permissions for new connections');
+			return $o;
+		}
 	
 		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$yes_no = array(t('No'),t('Yes'));
 	
@@ -193,7 +210,7 @@ class Defperms extends \Zotlabs\Web\Controller {
 		}
 		$o .= " }\n</script>\n";
 	
-		if(\App::$poi) {
+		if(App::$poi) {
 	
 			$sections = [];
 
@@ -203,13 +220,12 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 	
 			$perms = array();
-			$channel = \App::get_channel();
+			$channel = App::get_channel();
 
-			$contact = \App::$poi;
+			$contact = App::$poi;
 	
 			$global_perms = \Zotlabs\Access\Permissions::Perms();
 
-			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
 			$hidden_perms = [];
 	
 			foreach($global_perms as $k => $v) {
@@ -237,9 +253,9 @@ class Defperms extends \Zotlabs\Web\Controller {
 			$o .= replace_macros($tpl, [
 				'$header'         => t('Connection Default Permissions'),
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('If enabled, connection requests will be approved without your interaction'), $yes_no),
-				'$permcat'        => [ 'permcat', t('Permission role'), '', '',$permcats ],
+				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
-				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
+				'$permcat_enable' => Apps::system_app_installed(local_channel(), 'Permission Categories'),
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),

Zotlabs/Module/Directory.php

@@ -12,13 +12,16 @@ class Directory extends \Zotlabs\Web\Controller {
 	function init() {
 		\App::set_pager_itemspage(60);
 	
-		if(x($_GET,'ignore')) {
+		if(local_channel() && x($_GET,'ignore')) {
 			q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ",
 				intval(local_channel()),
 				dbesc($_GET['ignore'])
 			);
-			goaway(z_root() . '/directory?suggest=1');
+			goaway(z_root() . '/directory?f=&suggest=1');
 		}
+
+		if(local_channel())
+			\App::$profile_uid = local_channel();
 	
 		$observer = get_observer_hash();
 		$global_changed = false;
@@ -55,6 +58,7 @@ class Directory extends \Zotlabs\Web\Controller {
 			if($observer)
 				set_xconfig($observer,'directory','pubforums',$pubforums);
 		}
+
 	}
 	
 	function get() {
@@ -101,6 +105,11 @@ class Directory extends \Zotlabs\Web\Controller {
 		if($suggest) {
 	
 			$r = suggestion_query(local_channel(),get_observer_hash());
+
+			if(! $r) {
+				notice( t('No default suggestions were found.') . EOL);
+				return;
+			}
 	
 			// Remember in which order the suggestions were
 			$addresses = array();
@@ -294,9 +303,9 @@ class Directory extends \Zotlabs\Web\Controller {
 										if(strlen($out))
 											$out .= ', ';
 										if($marr && in_arrayi($k,$marr))
-											$out .= '<strong>' . $k . '</strong>';
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'"><strong>' . $k . '</strong></a>';
 										else
-											$out .= $k;
+											$out .= '<a href="' . z_root() . '/directory/f=&keywords=' . urlencode($k)  .'">' . $k . '</a>';
 									}
 								}
 				
@@ -390,7 +399,7 @@ class Directory extends \Zotlabs\Web\Controller {
 	
 							$dirtitle = (($globaldir) ? t('Global Directory') : t('Local Directory'));
 	
-							$o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
+							$o .= "<script> var page_query = '" . escape_tags($_GET['q']) . "'; var extra_args = '" . extra_query_args() . "' ; divmore_height = " . intval($maxheight) . ";  </script>";
 							$o .= replace_macros($tpl, array(
 								'$search' => $search,
 								'$desc' => t('Find'),
@@ -399,7 +408,7 @@ class Directory extends \Zotlabs\Web\Controller {
 								'$entries' => $entries,
 								'$dirlbl' => $suggest ? t('Channel Suggestions') : $dirtitle,
 								'$submit' => t('Find'),
-								'$next' => alt_pager($a,$j['records'], t('next page'), t('previous page')),
+								'$next' => alt_pager($j['records'], t('next page'), t('previous page')),
 								'$sort' => t('Sort options'),
 								'$normal' => t('Alphabetic'),
 								'$reverse' => t('Reverse Alphabetic'),

Zotlabs/Module/Dirsearch.php

@@ -97,7 +97,10 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		else
 			$sync = false;
 	
-	
+		if(($dirmode == DIRECTORY_MODE_STANDALONE) && (! $hub)) {
+			$hub = \App::get_hostname();
+		}
+
 		if($hub)
 			$hub_query = " and xchan_hash in (select hubloc_hash from hubloc where hubloc_host =  '" . protect_sprintf(dbesc($hub)) . "') ";
 		else
@@ -254,7 +257,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 		else {
 	
 			$r = q("SELECT xchan.*, xprof.* from xchan left join xprof on xchan_hash = xprof_hash 
-				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
+				where ( $logic $sql_extra ) $hub_query and xchan_network = 'zot' and xchan_system = 0 and xchan_hidden = 0 and xchan_orphan = 0 and xchan_deleted = 0 
 				$safesql $order $qlimit "
 			);
 	
@@ -313,7 +316,7 @@ class Dirsearch extends \Zotlabs\Web\Controller {
 	
 			$ret['results'] = $entries;
 			if($kw) {
-				$k = dir_tagadelic($kw);
+				$k = dir_tagadelic($kw, $hub);
 				if($k) {
 					$ret['keywords'] = array();
 					foreach($k as $kv) {

Zotlabs/Module/Display.php

@@ -12,8 +12,9 @@ class Display extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
-		$module_format = 'html';
+		$noscript_content = (get_config('system', 'noscript_content', '1') && (! $update));
 
+		$module_format = 'html';
 
 		if(argc() > 1) {
 			$module_format = substr(argv(1),strrpos(argv(1),'.') + 1);
@@ -21,8 +22,6 @@ class Display extends \Zotlabs\Web\Controller {
 				$module_format = 'html';			
 		}
 
-		$checkjs = new \Zotlabs\Web\CheckJS(1);
-	
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 	
@@ -67,8 +66,7 @@ class Display extends \Zotlabs\Web\Controller {
 				'default_location'    => $channel['channel_location'],
 				'nickname'            => $channel['channel_address'],
 				'lockstate'           => (($group || $cid || $channel['channel_allow_cid'] || $channel['channel_allow_gid'] || $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-	
-				'acl'                 => populate_acl($channel_acl),
+				'acl'                 => populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post'),	
 				'permissions'         => $channel_acl,
 				'bang'                => '',
 				'visitor'             => true,
@@ -78,11 +76,12 @@ class Display extends \Zotlabs\Web\Controller {
 				'editor_autocomplete' => true,
 				'bbco_autocomplete'   => 'bbcode',
 				'bbcode'              => true,
-				'jotnets'             => true
+				'jotnets'             => true,
+				'reset'               => t('Reset form')
 			);
 	
 			$o = '<div id="jot-popup">';
-			$o .= status_editor($a,$x);
+			$o .= status_editor($a,$x,false,'Display');
 			$o .= '</div>';
 		}
 	
@@ -102,7 +101,7 @@ class Display extends \Zotlabs\Web\Controller {
 		if($decoded)
 			$item_hash = $decoded;
 
-		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, item_blocked from item where mid like '%s' limit 1",
+		$r = q("select id, uid, mid, parent_mid, thr_parent, verb, item_type, item_deleted, author_xchan, item_blocked from item where mid like '%s' limit 1",
 			dbesc($item_hash . '%')
 		);
 	
@@ -110,6 +109,14 @@ class Display extends \Zotlabs\Web\Controller {
 			$target_item = $r[0];
 		}
 
+		$x = q("select * from xchan where xchan_hash = '%s' limit 1",
+			dbesc($target_item['author_xchan'])
+		);
+		if($x) {
+// not yet ready for prime time
+//			\App::$poi = $x[0];
+		}
+
 		//if the item is to be moderated redirect to /moderate
 		if($target_item['item_blocked'] == ITEM_MODERATED) {
 			goaway(z_root() . '/moderate/' . $target_item['id']);
@@ -124,7 +131,7 @@ class Display extends \Zotlabs\Web\Controller {
 			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
 				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'WEBPAGE' and item.id = %d limit 1",
 				intval($target_item['uid']),
-				intval($target_item['id'])
+				intval($target_item['parent'])
 			);
 			if($x && $y) {
 				goaway(z_root() . '/page/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
@@ -134,6 +141,41 @@ class Display extends \Zotlabs\Web\Controller {
 			 	return '';
 			}
 		}
+		if($target_item['item_type']  == ITEM_TYPE_ARTICLE) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'ARTICLE' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/articles/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		if($target_item['item_type']  == ITEM_TYPE_CARD) {
+			$x = q("select * from channel where channel_id = %d limit 1",
+				intval($target_item['uid'])
+			);
+			$y = q("select * from iconfig left join item on iconfig.iid = item.id 
+				where item.uid = %d and iconfig.cat = 'system' and iconfig.k = 'CARD' and item.id = %d limit 1",
+				intval($target_item['uid']),
+				intval($target_item['parent'])
+			);
+			if($x && $y) {
+				goaway(z_root() . '/cards/' . $x[0]['channel_address'] . '/' . $y[0]['v']);
+			}
+			else {
+				notice( t('Page not found.') . EOL);
+			 	return '';
+			}
+		}
+		
 		
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
 	
@@ -170,8 +212,8 @@ class Display extends \Zotlabs\Web\Controller {
 				'$uid'     => '0',
 				'$gid'     => '0',
 				'$cid'     => '0',
-				'$cmin'    => '0',
-				'$cmax'    => '99',
+				'$cmin'    => '(-1)',
+				'$cmax'    => '(-1)',
 				'$star'    => '0',
 				'$liked'   => '0',
 				'$conv'    => '0',
@@ -210,52 +252,44 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$sql_extra = public_permissions_sql($observer_hash);
 
-		if(($update && $load) || ($checkjs->disabled()) || ($module_format !== 'html')) {
+		if($noscript_content || $load) {
 
-			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
+			$r = null;
 
-			if($load || ($checkjs->disabled()) || ($module_format !== 'html')) {
-				$r = null;
+			require_once('include/channel.php');
+			$sys = get_sys_channel();
+			$sysid = $sys['channel_id'];
 
-				require_once('include/channel.php');
-				$sys = get_sys_channel();
-				$sysid = $sys['channel_id'];
-
-				if(local_channel()) {
-					$r = q("SELECT item.id as item_id from item
-						WHERE uid = %d
-						and mid = '%s'
-						$item_normal
-						limit 1",
-						intval(local_channel()),
-						dbesc($target_item['parent_mid'])
-					);
-					if($r) {
-						$updateable = true;
-					}
+			if(local_channel()) {
+				$r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+				if($r) {
+					$updateable = true;
 				}
+			}
 
-				if($r === null) {
+			if(! $r) {
 
-					// in case somebody turned off public access to sys channel content using permissions
-					// make that content unsearchable by ensuring the owner uid can't match
+				// in case somebody turned off public access to sys channel content using permissions
+				// make that content unsearchable by ensuring the owner uid can't match
 
-					if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
-						$sysid = 0;
+				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
+					$sysid = 0;
 
-					$r = q("SELECT item.id as item_id from item
-						WHERE mid = '%s'
-						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
-						AND item.deny_gid  = '' AND item_private = 0 ) 
-						and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-						OR uid = %d )
-						$sql_extra )
-						$item_normal
-						limit 1",
-						dbesc($target_item['parent_mid']),
-						intval($sysid)
-					);
-				}
+				$r = q("SELECT item.id as item_id from item
+					WHERE mid = '%s'
+					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
+					AND item.deny_gid  = '' AND item_private = 0 ) 
+					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+					OR uid = %d )
+					$sql_extra )
+					$item_normal
+					limit 1",
+					dbesc($target_item['parent_mid']),
+					intval($sysid)
+				);
 			}
 		}
 	
@@ -265,7 +299,6 @@ class Display extends \Zotlabs\Web\Controller {
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			$sysid = $sys['channel_id'];
-
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
@@ -281,7 +314,7 @@ class Display extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			if($r === null) {
+			if(! $r) {
 				// in case somebody turned off public access to sys channel content using permissions
 				// make that content unsearchable by ensuring the owner_xchan can't match
 				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
@@ -306,7 +339,7 @@ class Display extends \Zotlabs\Web\Controller {
 		else {
 			$r = array();
 		}
-	
+
 		if($r) {
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
@@ -329,28 +362,39 @@ class Display extends \Zotlabs\Web\Controller {
 			
 		case 'html':
 
-			if ($checkjs->disabled()) {
-				$o .= conversation($items, 'display', $update, 'traditional');
-				if ($items[0]['title'])
-					\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
-			} 
-			else {
+			if ($update) {
 				$o .= conversation($items, 'display', $update, 'client');
 			}
+			else {
+				$o .= '<noscript>';
+				if($noscript_content) {
+					$o .= conversation($items, 'display', $update, 'traditional');
+				}
+				else {
+					$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+				}
+				$o .= '</noscript>';
+
+				if ($items[0]['title'])
+					\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
+
+				$o .= conversation($items, 'display', $update, 'client');
+			} 
 
 			break;
 
 		case 'atom':
 
 			$atom = replace_macros(get_markup_template('atom_feed.tpl'), array(
-				'$version'      => xmlify(\Zotlabs\Lib\System::get_project_version()),
-				'$red'          => xmlify(\Zotlabs\Lib\System::get_platform_name()),
-				'$feed_id'      => xmlify(\App::$cmd),
-				'$feed_title'   => xmlify(t('Article')),
-				'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
-				'$author'       => '',
-				'$owner'        => '',
-				'$profile_page' => xmlify(z_root() . '/display/' . $target_item['mid']),
+				'$version'       => xmlify(\Zotlabs\Lib\System::get_project_version()),
+				'$generator'     => xmlify(\Zotlabs\Lib\System::get_platform_name()),
+				'$generator_uri' => 'https://hubzilla.org',
+				'$feed_id'       => xmlify(\App::$cmd),
+				'$feed_title'    => xmlify(t('Article')),
+				'$feed_updated'  => xmlify(datetime_convert('UTC', 'UTC', 'now', ATOM_TIME)),
+				'$author'        => '',
+				'$owner'         => '',
+				'$profile_page'  => xmlify(z_root() . '/display/' . $target_item['mid']),
 			));
 				
 			$x = [ 'xml' => $atom, 'channel' => $channel, 'observer_hash' => $observer_hash, 'params' => $params ];
@@ -390,7 +434,7 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$o .= '<div id="content-complete"></div>';
 
-		if((($update && $load) || $checkjs->disabled()) && (! $items))  {
+		if((($update && $load) || $noscript_content) && (! $items)) {
 			
 			$r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1",
 				dbesc($item_hash)

Zotlabs/Module/Editblock.php

@@ -132,12 +132,13 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editblock');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Block'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editlayout.php

@@ -131,12 +131,13 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'profile_uid' => intval($owner),
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editlayout');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Layout'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$id' => $itm[0]['id'],
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editpost.php

@@ -82,7 +82,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'editor_autocomplete'=> true,
 			'bbco_autocomplete'=> 'bbcode',
 			'return_path' => $_SESSION['return_url'],
-			'button' => t('Edit'),
+			'button' => t('Submit'),
 			'hide_voting' => true,
 			'hide_future' => true,
 			'hide_location' => true,
@@ -102,10 +102,11 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'bbcode' => true
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editpost');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),
+			'$cancel' => t('Cancel'),
 			'$editor' => $editor
 		));
 

Zotlabs/Module/Editwebpage.php

@@ -160,12 +160,13 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editwebpage');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Webpage'),
 			'$delete' => ((($itm[0]['author_xchan'] === $ob_hash) || ($itm[0]['owner_xchan'] === $ob_hash)) ? t('Delete') : false),
 			'$editor' => $editor,
+			'$cancel' => t('Cancel'),
 			'$id' => $itm[0]['id']
 		));
 

Zotlabs/Module/Email_resend.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Email_resend extends \Zotlabs\Web\Controller {
+
+	function post() {
+
+		if($_POST['token']) {
+			if(! account_approve(trim($_POST['token']))) {
+				notice(t('Token verification failed.'));
+			}
+		}
+
+	}
+
+
+	function get() {
+
+		if(argc() > 1) {
+			$result = false;
+			$email = hex2bin(argv(1));
+
+			if($email) {
+				$result = verify_email_address( [ 'resend' => true, 'email' => $email ] );
+			}
+
+			if($result) {
+				notice(t('Email verification resent'));
+			}
+			else {
+				notice(t('Unable to resend email verification message.'));
+			}
+
+			goaway(z_root() . '/email_validation/' . bin2hex($email));
+
+		}
+
+		// @todo - one can provide a form here to resend the mail
+		// after directing to here if a succesful login was attempted from an unverified address.
+
+
+	}
+
+}

Zotlabs/Module/Email_validation.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Email_validation extends \Zotlabs\Web\Controller {
+
+	function post() {
+
+		$success = false;
+		if($_POST['token']) {
+			// This will redirect internally on success unless the channel is auto_created
+			if(account_approve(trim(basename($_POST['token'])))) {
+				$success = true;
+				if(get_config('system','auto_channel_create')) {
+					$next_page = get_config('system', 'workflow_channel_next', 'profiles');		
+				}
+				if($next_page) {
+					goaway(z_root() . '/' . $next_page);
+				}
+			}
+		}
+		if(! $success) {
+			notice( t('Token verification failed.') . EOL);
+		}
+	}
+
+
+	function get() {
+
+		if(argc() > 1) {
+			$email = hex2bin(argv(1));
+		}
+
+		$o = replace_macros(get_markup_template('email_validation.tpl'), [
+			'$title' => t('Email Verification Required'),
+			'$desc' => sprintf( t('A verification token was sent to your email address [%s]. Enter that token here to complete the account verification step. Please allow a few minutes for delivery, and check your spam folder if you do not see the message.'),$email),
+			'$resend' => t('Resend Email'),
+			'$email' => bin2hex($email),
+			'$submit' => t('Submit'),
+			'$token' => [ 'token', t('Validation token'),'','' ],
+		]);
+		
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Embedphotos.php

@@ -53,7 +53,7 @@ class Embedphotos extends \Zotlabs\Web\Controller {
 			} else {
 				json_return_and_die(array('errormsg' => 'Error retrieving resource ' . $resource_id, 'status' => false));
 			}
-			json_return_and_die(array('status' => true, 'photolink' => $photolink));
+			json_return_and_die(array('status' => true, 'photolink' => $photolink, 'resource_id' => $resource_id));
 		}
 	}
 

Zotlabs/Module/Events.php

@@ -6,7 +6,7 @@ require_once('include/bbcode.php');
 require_once('include/datetime.php');
 require_once('include/event.php');
 require_once('include/items.php');
-
+require_once('include/html2plain.php');
 
 class Events extends \Zotlabs\Web\Controller {
 
@@ -271,8 +271,10 @@ class Events extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		\App::$profile_uid = local_channel();
 		nav_set_selected('Events');
+
 	
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",
@@ -288,7 +290,7 @@ class Events extends \Zotlabs\Web\Controller {
 			);
 		}
 	
-		$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+		$first_day = feature_enabled(local_channel(), 'events_cal_first_day');
 		$first_day = (($first_day) ? $first_day : 0);
 	
 		$htpl = get_markup_template('event_head.tpl');
@@ -641,6 +643,7 @@ class Events extends \Zotlabs\Web\Controller {
 					}
 					$html = format_event_html($rr);
 					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false);
 					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
@@ -659,8 +662,6 @@ class Events extends \Zotlabs\Web\Controller {
 						'html'=>$html,
 						'plink' => array($rr['plink'],t('Link to Source'),'',''),
 					);
-	
-	
 				}
 			}
 			

Zotlabs/Module/Filestorage.php

@@ -66,7 +66,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 		$perms = get_all_perms($owner, $ob_hash);
 
-		if(! $perms['view_storage']) {
+		if(! ($perms['view_storage'] || is_site_admin())){
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
@@ -75,15 +75,29 @@ class Filestorage extends \Zotlabs\Web\Controller {
 		// need to return for anyone other than the owner, despite the perms check for now.
 
 		$is_owner = (((local_channel()) && ($owner  == local_channel())) ? true : false);
-		if(! $is_owner) {
+		if(! ($is_owner || is_site_admin())){
 			info( t('Permission Denied.') . EOL );
 			return;
 		}
 
 		if(argc() > 3 && argv(3) === 'delete') {
+
+			if(argc() > 4 && argv(4) === 'json')
+				$json_return = true;
+
+
+			$admin_delete = false;
+
 			if(! $perms['write_storage']) {
-				notice( t('Permission denied.') . EOL);
-				return;
+				if(is_site_admin()) {
+					$admin_delete = true;
+				}
+				else {
+					notice( t('Permission denied.') . EOL);
+					if($json_return) 
+						json_return_and_die([ 'success' => false ]);
+					return;
+				}
 			}
 
 			$file = intval(argv(2));
@@ -92,22 +106,31 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				intval($owner)
 			);
 			if(! $r) {
+				if($json_return) 
+					json_return_and_die([ 'success' => false ]);
+
 				notice( t('File not found.') . EOL);
 				goaway(z_root() . '/cloud/' . $which);
 			}
 
 			$f = $r[0];
-			$channel = \App::get_channel();
+
+			$channel = channelx_by_n($owner);
 
 			$url = get_cloud_url($channel['channel_id'], $channel['channel_address'], $f['hash']);
 
 			attach_delete($owner, $f['hash']);
 
-			$sync = attach_export_data($channel, $f['hash'], true);
-			if($sync) {
-				build_sync_packet($channel['channel_id'], array('file' => array($sync)));
+			if(! $admin_delete) {
+				$sync = attach_export_data($channel, $f['hash'], true);
+				if($sync) {
+					build_sync_packet($channel['channel_id'], array('file' => array($sync)));
+				}
 			}
 
+			if($json_return)
+				json_return_and_die([ 'success' => true ]);
+
 			goaway(dirname($url));
 		}
 

Zotlabs/Module/Follow.php

@@ -14,21 +14,26 @@ class Follow extends \Zotlabs\Web\Controller {
 		}
 	
 		$uid = local_channel();
-		$url = notags(trim($_REQUEST['url']));
+		$url = notags(trim(punify($_REQUEST['url'])));
 		$return_url = $_SESSION['return_url'];
 		$confirm = intval($_REQUEST['confirm']);
-	
+		$interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1);	
 		$channel = \App::get_channel();
 
-		$result = new_contact($uid,$url,$channel,true,$confirm);
+		$result = new_contact($uid,$url,$channel,$interactive,$confirm);
 		
 		if($result['success'] == false) {
 			if($result['message'])
 				notice($result['message']);
-			goaway($return_url);
+			if($interactive) {
+				goaway($return_url);
+			}
+			else {
+				json_return_and_die($result);
+			}
 		}
 	
-		info( t('Channel added.') . EOL);
+		info( t('Connection added.') . EOL);
 	
 		$clone = array();
 		foreach($result['abook'] as $k => $v) {
@@ -53,7 +58,12 @@ class Follow extends \Zotlabs\Web\Controller {
 		if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss'))
 			\Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id']));
 	
-		goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		if($interactive) {
+			goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1');
+		}
+		else {
+			json_return_and_die([ 'success' => true ]);
+		}
 	
 	}
 	

Zotlabs/Module/Go.php

@@ -0,0 +1,67 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Go extends \Zotlabs\Web\Controller {
+
+	function init() {
+		if(local_channel()) {
+			$channel = \App::get_channel();
+			if($channel) {
+				profile_load($channel['channel_address'],0);
+			}
+		}
+	}
+
+
+
+	function get() {
+		if(! local_channel()) {
+			notify( t('This page is available only to site members') . EOL);
+		}
+
+		$channel = \App::get_channel();
+
+
+		$title = t('Welcome');
+
+		$m = t('What would you like to do?');
+
+		$m1 = t('Please bookmark this page if you would like to return to it in the future');
+
+
+		$options = [
+			'profile_photo' => t('Upload a profile photo'),
+			'cover_photo'   => t('Upload a cover photo'),
+			'profiles'      => t('Edit your default profile'),
+			'suggest'       => t('View friend suggestions'),
+			'directory'     => t('View the channel directory'),
+			'settings'      => t('View/edit your channel settings'),
+			'help'          => t('View the site or project documentation'),
+			'channel/' . $channel['channel_address']       => t('Visit your channel homepage'),
+			'connections'   => t('View your connections and/or add somebody whose address you already know'),
+			'network'       => t('View your personal stream (this may be empty until you add some connections)'),
+
+		];
+ 
+		$site_firehose = ((intval(get_config('system','site_firehose',0))) ? true : false);
+ 		$net_firehose  = ((get_config('system','disable_discover_tab',1)) ? false : true);
+
+		if($site_firehose || $net_firehose) {
+			$options['pubstream'] = t('View the public stream. Warning: this content is not moderated');
+		}
+
+		$o = replace_macros(get_markup_template('go.tpl'), [
+			'$title' => $title,
+			'$m' => $m,
+			'$m1' => $m1,
+			'$options' => $options
+
+		]);
+
+		return $o;
+
+	}
+
+}

Zotlabs/Module/Group.php

@@ -1,11 +1,28 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
+
 require_once('include/group.php');
 
+class Group extends Controller {
 
+	function init() {
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
 
-class Group extends \Zotlabs\Web\Controller {
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			return;
+		}
+
+		App::$profile_uid = local_channel();
+
+		nav_set_selected('Privacy Groups');
+	}
 
 	function post() {
 	
@@ -13,6 +30,10 @@ class Group extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			return;
+		}
 	
 		if((argc() == 2) && (argv(1) === 'new')) {
 			check_form_security_token_redirectOnErr('/group/new', 'group_edit');
@@ -22,19 +43,17 @@ class Group extends \Zotlabs\Web\Controller {
 			$r = group_add(local_channel(),$name,$public);
 			if($r) {
 				info( t('Privacy group created.') . EOL );
-				$r = group_byname(local_channel(),$name);
-				if($r)
-					goaway(z_root() . '/group/' . $r);
 			}
-			else
-				notice( t('Could not create privacy group.') . EOL );	
+			else {
+				notice( t('Could not create privacy group.') . EOL );
+			}
 			goaway(z_root() . '/group');
 	
 		}
 		if((argc() == 2) && (intval(argv(1)))) {
 			check_form_security_token_redirectOnErr('/group', 'group_edit');
 			
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -48,7 +67,7 @@ class Group extends \Zotlabs\Web\Controller {
 			$public = intval($_POST['public']);
 	
 			if((strlen($groupname))  && (($groupname != $group['gname']) || ($public != $group['visible']))) {
-				$r = q("UPDATE groups SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
+				$r = q("UPDATE pgrp SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
 					dbesc($groupname),
 					intval($public),
 					intval(local_channel()),
@@ -68,42 +87,80 @@ class Group extends \Zotlabs\Web\Controller {
 
 		$change = false;
 	
-		logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG);
+		logger('mod_group: ' . App::$cmd,LOGGER_DEBUG);
 		
 		if(! local_channel()) {
 			notice( t('Permission denied') . EOL);
 			return;
 		}
-	
+
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Privacy Groups App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Management of privacy groups');
+			return $o;
+		}
+
 		// Switch to text mode interface if we have more than 'n' contacts or group members
-	
 		$switchtotext = get_pconfig(local_channel(),'system','groupedit_image_limit');
 		if($switchtotext === false)
 			$switchtotext = get_config('system','groupedit_image_limit');
 		if($switchtotext === false)
 			$switchtotext = 400;
-	
-		$tpl = get_markup_template('group_edit.tpl');
-		$context = array('$submit' => t('Submit'));
-	
-		if((argc() == 2) && (argv(1) === 'new')) {
-			
-			return replace_macros($tpl, $context + array(
-				'$title' => t('Create a group of channels.'),
-				'$gname' => array('groupname',t('Privacy group name: '), '', ''),
-				'$gid' => 'new',
-				'$public' => array('public',t('Members are visible to other channels'), false, ''),
+
+
+		if((argc() == 1) || ((argc() == 2) && (argv(1) === 'new'))) {
+
+			$new = (((argc() == 2) && (argv(1) === 'new')) ? true : false);
+
+			$groups = q("SELECT id, gname FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+				intval(local_channel())
+			);
+
+			$i = 0;
+			foreach($groups as $group) {
+				$entries[$i]['name'] = $group['gname'];
+				$entries[$i]['id'] = $group['id'];
+				$entries[$i]['count'] = count(group_get_members($group['id']));
+				$i++;
+			}
+
+			$tpl = get_markup_template('privacy_groups.tpl');
+			$o = replace_macros($tpl, [
+				'$title' => t('Privacy Groups'),
+				'$add_new_label' => t('Add Group'),
+				'$new' => $new,
+
+				// new group form
+				'$gname' => array('groupname',t('Privacy group name')),
+				'$public' => array('public',t('Members are visible to other channels'), false),
 				'$form_security_token' => get_form_security_token("group_edit"),
-			));
-	
-	
+				'$submit' => t('Submit'),
+
+				// groups list
+				'$title' => t('Privacy Groups'),
+				'$name_label' => t('Name'),
+				'$count_label' => t('Members'),
+				'$entries' => $entries
+			]);
+
+			return $o;
+
 		}
+
+
+
+
+		$context = array('$submit' => t('Submit'));
+		$tpl = get_markup_template('group_edit.tpl');
 	
 		if((argc() == 3) && (argv(1) === 'drop')) {
 			check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
 			
 			if(intval(argv(2))) {
-				$r = q("SELECT gname FROM groups WHERE id = %d AND uid = %d LIMIT 1",
+				$r = q("SELECT gname FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 					intval(argv(2)),
 					intval(local_channel())
 				);
@@ -135,7 +192,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() > 1) && (intval(argv(1)))) {
 	
 			require_once('include/acl_selectors.php');
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -172,22 +229,17 @@ class Group extends \Zotlabs\Web\Controller {
 						$preselected[] = $member['xchan_hash'];
 				}
 			}
-	
-			$drop_tpl = get_markup_template('group_drop.tpl');
-			$drop_txt = replace_macros($drop_tpl, array(
-				'$id' => $group['id'],
-				'$delete' => t('Delete'),
-				'$form_security_token' => get_form_security_token("group_drop"),
-			));
-	
-			
+
 			$context = $context + array(
-				'$title' => t('Privacy group editor'),
+				'$title' => sprintf(t('Privacy Group: %s'), $group['gname']),
+				'$details_label' => t('Edit'),
 				'$gname' => array('groupname',t('Privacy group name: '),$group['gname'], ''),
 				'$gid' => $group['id'],
 				'$drop' => $drop_txt,
 				'$public' => array('public',t('Members are visible to other channels'), $group['visible'], ''),
-				'$form_security_token' => get_form_security_token('group_edit'),
+				'$form_security_token_edit' => get_form_security_token('group_edit'),
+				'$delete' => t('Delete Group'),
+				'$form_security_token_drop' => get_form_security_token("group_drop"),
 			);
 	
 		}
@@ -196,14 +248,14 @@ class Group extends \Zotlabs\Web\Controller {
 			return;
 	
 		$groupeditor = array(
-			'label_members' => t('Members'),
+			'label_members' => t('Group members'),
 			'members' => array(),
-			'label_contacts' => t('All Connected Channels'),
+			'label_contacts' => t('Not in this group'),
 			'contacts' => array(),
 		);
 			
 		$sec_token = addslashes(get_form_security_token('group_member_change'));
-		$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : false);
+		$textmode = (($switchtotext && (count($members) > $switchtotext)) ? true : 'card');
 		foreach($members as $member) {
 			if($member['xchan_url']) {
 				$member['archived'] = (intval($member['abook_archived']) ? true : false);
@@ -219,7 +271,7 @@ class Group extends \Zotlabs\Web\Controller {
 		);
 	
 		if(count($r)) {
-			$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : false);
+			$textmode = (($switchtotext && (count($r) > $switchtotext)) ? true : 'card');
 			foreach($r as $member) {
 				if(! in_array($member['xchan_hash'],$preselected)) {
 					$member['archived'] = (intval($member['abook_archived']) ? true : false);
@@ -230,7 +282,7 @@ class Group extends \Zotlabs\Web\Controller {
 		}
 	
 		$context['$groupeditor'] = $groupeditor;
-		$context['$desc'] = t('Click on a channel to add or remove.');
+		$context['$desc'] = t('Click a channel to toggle membership');
 	
 		if($change) {
 			$tpl = get_markup_template('groupeditor.tpl');

Zotlabs/Module/Hashtags.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Hashtags extends \Zotlabs\Web\Controller {
+
+	function init() {
+		$result = [];
+
+		$t = escape_tags($_REQUEST['t']);
+		if(! $t)
+			json_return_and_die($result);
+
+		$r = q("select distinct(term) from term where term like '%s' and ttype = %d order by term",
+			dbesc($t . '%'),
+			intval(TERM_HASHTAG)
+		);
+		if($r) {
+			foreach($r as $rv) {
+				$result[] = [ 'text' => $rv['term'] ];
+			}
+		}
+
+		json_return_and_die($result); 
+	}
+}