bump version

(cherry picked from commit c657d766cf)

.gitignore

@@ -37,7 +37,7 @@ pageheader.html
 doc/SiteTOS.md
 # themes except for redbasic
 view/theme/*
-! view/theme/redbasic
+!view/theme/redbasic
 # site theme schemas
 view/theme/redbasic/schema/default.php
 # Doxygen API documentation, run 'doxygen util/Doxyfile' to generate it

.gitlab-ci.yml

@@ -0,0 +1,36 @@
+# Select image from https://hub.docker.com/_/php/
+image: php:7.1
+
+# Select what we should cache
+cache:
+  paths:
+  - vendor/
+
+variables:
+  # Configure mysql service (https://hub.docker.com/_/mysql/)
+  MYSQL_DATABASE: hello_world_test
+  MYSQL_ROOT_PASSWORD: mysql
+
+
+services:
+- mysql:5.7
+
+before_script:
+- apt-get update -yqq
+- apt-get install -yqq git mysql-server mysql-client libmcrypt-dev libpq-dev libcurl4-gnutls-dev libicu-dev libvpx-dev libjpeg-dev libpng-dev libxpm-dev zlib1g-dev libfreetype6-dev libxml2-dev libexpat1-dev libbz2-dev libgmp3-dev libldap2-dev unixodbc-dev libsqlite3-dev libaspell-dev libsnmp-dev libpcre3-dev libtidy-dev
+# Install PHP extensions
+- docker-php-ext-install mbstring mcrypt pdo_mysql pdo_pgsql curl json intl gd xml zip bz2 opcache
+# Install & enable Xdebug for code coverage reports
+- pecl install xdebug
+- docker-php-ext-enable xdebug
+# Install and run Composer
+- curl -sS https://getcomposer.org/installer | php
+- php composer.phar install
+
+# We test PHP7 with MySQL, but we allow it to fail
+test:php:mysql:
+  script:
+  - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
+  - vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text

CHANGELOG

@@ -1,4 +1,223 @@
-Hubzilla 3.6 (????-??-??)
+Hubzilla 3.8.8 (2018-12-22)
+	- Fix issue with linkinfo
+	- Fix cURL with HTTP/2
+	- Remove scale_external_images()
+	- Style highlight bbcode via css
+	- Make mod channel deal with b64 encoded mid's
+	- Fix email retrieval in OAuth2Storage
+	- Add reinstall option to util/addons
+	- Remove deprecated caching protection from mod photo
+	- Add missing check for observer in mod like
+	- Articles: default to logged in channel if channel name is not passed
+	- Wiki: fix preview issue with hyperlinks
+	- Cart: backport fixes from osada
+	- Gallery: provide file extensions for better compatibility
+	- Hsse: fix issue when linkinfo data was inserted
+	- Diaspora: remove deprecated scale_external_images()
+
+
+Hubzilla 3.8.7 (2018-12-14)
+	- Fix issue with linkdropper in comment area
+	- Fix regression wit app ordering
+	- Fix return if readImnageBlob() throws an exception
+	- Introduce photo_view_filter hook
+	- Fix home notifications not expanding in certain situations
+	- Fix for dark schema
+	- Fix total identities restriction
+	- Fix article page title not updating if article has no title
+	- Gallery: the gallery app will now act as the full-size photo viewer in /photos if installed
+
+
+Hubzilla 3.8.6 (2018-12-03)
+	- Prevent incompatible export files (osada/zap) from being imported
+	- Catch exception if readImageBlob() receives bogus data
+	- Streamline PDF previews
+	- Allow notification filtering by name or address
+	- Fix too restrictive attached photo permissions
+	- Update ES translation
+	- Use flex for the default template
+	- Do not store serialized pconfig value received via to Module/Pconfig.php
+	- Update jquery-file-upload lib and move to composer
+	- Update imagesloaded lib and move to composer
+	- Fix activitypub tag notifications
+	- Fix call to undefined function in PConfig
+	- Fix typo which prevented propagation of comments to zot6 (dev)
+	- Activitypub: add support for pterotype (wordpress plugin)
+	- Openstreetmap: check validity of lat+lon before rendering a map
+
+
+Hubzilla 3.8.5 (2018-11-19)
+	- Fix pconfig for new installs
+	- Fix delayed publication of posts in combination with channel clones
+	- Fix issue where photo filesize was not updated in the DB when a photo was edited
+	- Fix issue where the original photo size was not set correct in the DB
+	- Fix delivery issue in zot_fetch()
+	- Fix typo in channel reputation addon
+
+
+Hubzilla 3.8.4 (2018-11-14)
+	- Fix xss issue (thanks to Eduardo)
+	- Implement hook in enotify to be used by superblock
+	- Various css fixes
+	- Improve photo cache handling
+	- Provide a function hz_syslog() to log to syslog
+	- Fix request_target in z_post_url()
+	- Fix plural handling for various languages
+	- Some preparatory work for zot6
+	- Fix warning in gallery addon
+	- Fix date issue on xchan photo update in diaspora and pubcrawl addons
+	- Fix typos in startpage addon
+	- Improve activitypub addressing
+	- Fix taxonomy in activitypub direct messages
+	- Fix syntax error in diaspora addon
+	- New e-learning addon flashcards
+	- Remove DNS check for database connection during installation
+	- Implement timestamps for pconfig
+
+
+Hubzilla 3.8.3 (2018-11-05)
+	- Do not count likes in forum notifications if likes notifications are disabled
+	- Fix typo in spanish translation which broke javascript
+	- Improve linkinfo charset handling and image detection
+	- Fix wrong image resize for some external images
+	- Move blueimp upload lib to composer and update to version 9.25
+	- Remove primary/clone counts from admin summary until we have a mechanism to update the fixed counts
+	- Fix html2markdown() and re-enable previously failing tests
+	- Improve look of oembed content for Hubzilla links
+	- Fix forum notifications count not correct
+	- Fix gallery addon which broke mod apps in some situations
+	- Fix wiki_list widget not working on every page respectively level
+	
+
+Hubzilla 3.8.2 (2018-10-29)
+	- Merge unmerged changes from dev into master
+	- Fix issues with forum handling in mod network and ping
+	- Fix delivery chain linkage messed up if original post was edited
+	- Fix issues with the experimental queue worker
+	- Fix call to image source {1} from html template
+	- Group stream filters by threaded and unthreaded default view
+	- Show only unseen forum messages when clicking on forum notification
+	- Improve editor contact autocomplete performance
+	- Convert non UTF-8 content on link embeding
+	- Make textcomplete return up to 100 items
+	- Look for for matches in the entire string when suggesting emojis
+	- Add [summary] bbcode to autocomplete list
+	- Update blueimp_upload to version 9.23
+	- Update spanish strings 
+
+	Addons
+	- Cart: don't allow items to be added unless user is logged into the Grid.
+	- Pubcrawl: simplify asencode_activity() addressing to reflect upcoming changes in mastodon 2.6
+	- Rendezvous: Update rendezvous_group.tpl to fix broken Bootstrap library reference
+
+
+Hubzilla 3.8.1 (2018-10-21)
+	- Fix issue with too long navbar banners
+	- Fix menu item edit link
+	- Fix issue with jquery file upload
+
+
+Hubzilla 3.8 (2018-10-19)
+	- Re-implement basic build test via gitlab-ci
+	- Rework wiki encoding/decoding
+	- Implement improved worker (experimental - off by default)
+	- Rework hubzilla settings infrastructure
+	- Port the features to stand-alone apps
+	- Add app_destroy hook
+	- Improve mod network search
+	- Extend app_install() to allow installing by app name
+	- Remove tech levels
+	- Hide channel creation form when at or over service_class['limit_identities']
+	- Rename groups and group_members tables for MySQL 8 compatibility
+	- Improve checks for image magick and pdo at setup
+	- Allow a second url in apd files for settings
+	- Add contact autocomplete to mod photo comments
+	- Add hook to allow addons to filter the list returned by app_list
+	- Do not sync channel moved field
+	- Add attach_delete hook
+	- Catch errors in template rendering
+	- Provide a noscript_content switch for mod channel and display
+	- Install and update bootstrap via composer
+	- Improve cover-photo handling
+	- Improve notification handling on small screens
+	- Detect and automatically repair duplicate plugin hook scenarios
+	- Add dreport_process hook
+	- Redirect stdout/stderr on cron command
+	- Update composer libs and add ramsey/uuid
+	- Add hook to extend conv_item cog dropdown menu
+	- Trigger the query options off of the active module rather than passed parameters in first_post_date()
+	- Tweak archive widget for articles
+	- Add api_not_found hook
+	- Ignore deleted hublocs in zot finger
+	- Don't use "checkjs" with an associated page reload - wrap a static copy of the content in noscript tags instead
+	- Add possibility to override helpfiles
+	- Add support for overriding the default template location and individual templates via .htconfig.php
+	- Add table support to markdown
+	- Make channel_remove less memory hungry
+	- Prevent json-ld bombing
+	- Turn off browser autocomplete on channel sources creation
+	- Add alter_pdl hook
+	- Add ability for addons to create .pdl files and load them automatically
+	- Sanitise vcard fields
+	- Don't sync system apps
+
+	
+	Bugfixes
+	- Fix issue with timeago plurals
+	- Fix issue with HTTP signatures
+	- Fix issues with channel import
+	- Fix double linebreaks in viewsrc output
+	- Fix jsonld signature issue (library is using sha1, spec requires sha256)
+	- Fix bookmarks not syncing between clones
+	- Fix combined view getting lost when deleting first message in pm thread
+	- Fix authors unable to comment on posts they authored when owned by others in certain circumstances
+	- Fix syschannel included in total channels count
+	- Fix html-to-markdown adds a backslash infront of a hash after each new line
+	- Fix profile likes dropdown
+	- Fix tags corruption when editing posts
+	- Fix duplicate info() messages
+	- Fix zid leaking to nonzot sites if markdown is enabled
+	- Fix app delete issue with base installed apps and app photo being reloaded uneccessarily
+	- Fix app update and ownership issues
+
+	Addons
+	- Upgrade Info: new addon to inform channel owners about system upgrades
+	- Superblock: fix issue with not removeable channels
+	- Cart: fix subscription table not created on install
+	- Hsse: new addon - a WYSIWYG editor for certain modules
+	- Rainbowtag: convert to app infrastructure
+	- Superblock: convert to app infrastructure
+	- Send ZID: convert to app infrastructure
+	- Adultphotoflag: move setting to mod photos
+	- GNU-Social: convert to app infrastructure
+	- Pubcrawl: convert to app infrastructure
+	- Startpage: convert to app infrastructure
+	- Wppost: convert to app infrastructure
+	- Diaspora: convert to app infrastructure
+	- Mdpost: move setting to editor settings
+	- Cart: convert to app infrastructure
+	- Cart: reflect renaming of groups table
+	- Authchoose: convert to app infrastructure
+	- Channelreputation: new addon - reputation system for community channels (forums, etc.)
+	- Diaspora: fix commenting on diaspora reshares
+	- Gallery: convert to app infrastructure
+	- Nsfw: convert to app infrastructure
+	- Diaspora: change top level retraction type from StatusMessage to Post
+	- Delivery Notice: new addon - display delivery status information at the top of items
+	- Diaspora: exclude xchan_networks rss, anon and unknown from the query to make the results more reliable
+	- Diaspora: provide xchan_url if we have no xchan_addr for mentions
+	- Diaspora: fix x-social-relay tags converted to associative array
+	- Twitter API: improvements for the twidere client
+	- Pubcrawl: partial support for inbound AP events
+	- Pubcrawl: add support for image objects
+	- Gallery: provide a way to direct link to a photo album gallery
+	- Pubcrawl: improve can_comment_on_post handler
+	- Pubcrawl: implement pleroma quirks regarding follow activities
+	- Cart: add ability to create catalog entries for physical and/or manually fulfilled items
+	- Cart: add subscriptions submodule
+
+
+Hubzilla 3.6 (2018-07-25)
 	- Update jquery.timeago library
 	- Implement Hookable CSP
 	- ActivityStreams: accept header changes to support plume 

README.md

@@ -25,5 +25,8 @@ Hubzilla is completely decentralised and open source, for you modify or adapt to
 
 The Hubzilla community consists of passionate volunteers creating an open source commons of decentralised services which are highly integrated and can rival the feature set of large centralised providers. We do our best to provide ethical software which places you in control of your online communications and privacy expectations.
 
+Build status master branch:
+[![Build Status Master](https://framagit.org/hubzilla/core/badges/master/build.svg)](https://framagit.org/hubzilla/core/badges/master/build.svg)
 
-[![Build Status](https://travis-ci.org/redmatrix/hubzilla.svg)](https://travis-ci.org/redmatrix/hubzilla)
+Build status dev branch:
+[![Build Status Dev](https://framagit.org/hubzilla/core/badges/dev/build.svg)](https://framagit.org/hubzilla/core/badges/dev/build.svg)

Zotlabs/Access/PermissionLimits.php

@@ -88,4 +88,4 @@ class PermissionLimits {
 
 		return false;
 	}
-}
+}

Zotlabs/Daemon/Cron.php

@@ -60,7 +60,7 @@ class Cron {
 				drop_item($rr['id'],false,(($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
 				if($rr['item_wall']) {
 					// The notifier isn't normally invoked unless item_drop is interactive.
-					Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'drop', $rr['id'] ] );
+					Master::Summon( [ 'Notifier', 'drop', $rr['id'] ] );
 				}
 			}
 		}

Zotlabs/Daemon/Master.php

@@ -3,7 +3,6 @@
 namespace Zotlabs\Daemon;
 
 if(array_search( __file__ , get_included_files()) === 0) {
-
 	require_once('include/cli_startup.php');
 	array_shift($argv);
 	$argc = count($argv);
@@ -17,14 +16,135 @@ if(array_search( __file__ , get_included_files()) === 0) {
 
 class Master {
 
+	static public $queueworker = null;
+
 	static public function Summon($arr) {
 		proc_run('php','Zotlabs/Daemon/Master.php',$arr);
 	}
 
 	static public function Release($argc,$argv) {
 		cli_startup();
-		logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
-		$cls::run($argc,$argv);
+
+		$maxworkers = get_config('system','max_queue_workers');
+
+		if (!$maxworkers || $maxworkers == 0) {
+			logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+                	$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+                	$cls::run($argc,$argv);
+			self::ClearQueue();
+		} else {
+			logger('Master: enqueue: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+			$workinfo = ['argc'=>$argc,'argv'=>$argv];
+			q("insert into config (cat,k,v) values ('queuework','%s','%s')",
+				dbesc(uniqid('workitem:',true)),
+				dbesc(serialize($workinfo)));
+			self::Process();
+		}
+	}
+
+	static public function GetWorkerID() {
+		$maxworkers = get_config('system','max_queue_workers');
+		$maxworkers = ($maxworkers) ? $maxworkers : 3;
+
+		$workermaxage = get_config('system','max_queue_worker_age');
+		$workermaxage = ($workermaxage) ? $workermaxage : 300;
+
+		$workers = q("select * from config where cat='queueworkers' and k like '%s'", 'workerstarted_%');
+
+		if (count($workers) > $maxworkers) {
+			foreach ($workers as $idx => $worker) {
+                                $curtime = time();
+                                $age = (intval($curtime) - intval($worker['v']));
+                                if ( $age > $workermaxage) {
+					logger("Prune worker: ".$worker['k'], LOGGER_ALL, LOGGER_DEBUG);
+					$k = explode('_',$worker['k']);
+					q("delete from config where cat='queueworkers' and k='%s'",
+						'workerstarted_'.$k[1]);
+					q("update config set k='%s' where cat='queuework' and k='%s'",
+						dbesc(uniqid('workitem:',true)),
+						'workitem_'.$k[1]);
+					unset($workers[$idx]);
+				}
+			}
+			if (count($workers) > $maxworkers) {
+				return false;
+			}
+		}
+		return uniqid('',true);
+
+	}
+
+	static public function Process() {
+
+		self::$queueworker = self::GetWorkerID();
+
+		if (!self::$queueworker) {
+			logger('Master: unable to obtain worker ID.');
+			killme();
+		}
+
+		set_config('queueworkers','workerstarted_'.self::$queueworker,time());
+
+		$workersleep = get_config('system','queue_worker_sleep');
+		$workersleep = ($workersleep) ? $workersleep : 5;
+		cli_startup();
+
+		$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
+			'workitem_'.self::$queueworker,
+			dbesc('workitem:%'));
+		$jobs = 0;
+		while ($work) {
+			$workitem = q("select * from config where cat='queuework' and k='%s'",
+				'workitem_'.self::$queueworker);
+
+			if (isset($workitem[0])) {
+				$jobs++;
+				$workinfo = unserialize($workitem[0]['v']);
+				$argc = $workinfo['argc'];
+				$argv = $workinfo['argv'];
+				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+
+				//Delete unclaimed duplicate workitems.
+				q("delete from config where cat='queuework' and k='workitem' and v='%s'",
+					serialize($argv));
+
+				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$cls::run($argc,$argv);
+
+				//Right now we assume that if we get a return, everything is OK.
+				//At some point we may want to test whether the run returns true/false
+				//    and requeue the work to be tried again.  But we probably want
+				//    to implement some sort of "retry interval" first.
+
+				q("delete from config where cat='queuework' and k='%s'",
+					'workitem_'.self::$queueworker);
+			} else {
+				break;
+			}
+			sleep ($workersleep);
+			$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
+				'workitem_'.self::$queueworker,
+				dbesc('workitem:%'));
+
+		}
+		logger('Master: Worker Thread: queue items processed:' . $jobs);
+		q("delete from config where cat='queueworkers' and k='%s'",
+			'workerstarted_'.self::$queueworker);
 	}	
+
+	static public function ClearQueue() {
+			$work = q("select * from config where cat='queuework' and k like '%s'",
+				dbesc('workitem%'));
+			foreach ($work as $workitem) {
+				$workinfo = unserialize($workitem['v']);
+				$argc = $workinfo['argc'];
+				$argv = $workinfo['argv'];
+				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
+				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+				$cls::run($argc,$argv);
+			}
+			$work = q("delete from config where cat='queuework' and k like '%s'",
+				dbesc('workitem%'));
+	}
+	
 }

Zotlabs/Daemon/Notifier.php

@@ -559,6 +559,8 @@ class Notifier {
 
 		foreach($dhubs as $hub) {
 
+			logger('notifier_hub: ' . $hub['hubloc_url'],LOGGER_DEBUG);
+
 			if($hub['hubloc_network'] !== 'zot') {
 				$narr = [
 					'channel'        => $channel,

Zotlabs/Extend/Route.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Zotlabs\Extend;
+
+
+class Route {
+
+	static function register($file,$modname) {
+		$rt = self::get();
+		$rt[] = [ $file, $modname ];
+		self::set($rt);
+	}
+
+	static function unregister($file,$modname) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file && $r[1] !== $modname) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function unregister_by_file($file) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function get() {
+		return get_config('system','routes',[]);
+	}
+
+	static function set($r) {
+		return set_config('system','routes',$r);
+	}
+}
+

Zotlabs/Extend/Widget.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace Zotlabs\Extend;
+
+
+class Widget {
+
+	static function register($file,$widget) {
+		$rt = self::get();
+		$rt[] = [ $file, $widget ];
+		self::set($rt);
+	}
+
+	static function unregister($file,$widget) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file && $r[1] !== $widget) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function unregister_by_file($file) {
+		$rt = self::get();
+		if($rt) {
+			$n = [];
+			foreach($rt as $r) {
+				if($r[0] !== $file) {
+					$n[] = $r;
+				}
+			}
+			self::set($n);
+		}
+	}
+
+	static function get() {
+		return get_config('system','widgets',[]);
+	}
+
+	static function set($r) {
+		return set_config('system','widgets',$r);
+	}
+}

Zotlabs/Identity/OAuth2Server.php

@@ -4,7 +4,7 @@ namespace Zotlabs\Identity;
 
 class OAuth2Server extends \OAuth2\Server {
 
-	public function __construct(OAuth2Storage $storage, $config = []) {
+	public function __construct(OAuth2Storage $storage, $config = null) {
 
 		if(! is_array($config)) {
 			$config = [
@@ -19,7 +19,8 @@ class OAuth2Server extends \OAuth2\Server {
 		$this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
 
 		// Add the "Authorization Code" grant type (this is where the oauth magic happens)
-		$this->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
+                // Need to use OpenID\GrantType to return id_token (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
+		$this->addGrantType(new \OAuth2\OpenID\GrantType\AuthorizationCode($storage));
 
 		$keyStorage = new \OAuth2\Storage\Memory( [
 			'keys' => [

Zotlabs/Identity/OAuth2Storage.php

@@ -50,20 +50,78 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
     public function getUser($username)
     {
 
-		$x = channelx_by_nick($username);
+		$x = channelx_by_n($username);
 		if(! $x) {
 			return false;
 		}
 
+		$a = q("select * from account where account_id = %d",
+			intval($x['channel_account_id'])
+		);
+
+		$n = explode(' ', $x['channel_name']);
+
 		return( [
-			'username'  => $x['channel_address'],
-			'user_id'   => $x['channel_id'],
-			'firstName' => $x['channel_name'],
-			'lastName'  => '',
-			'password'  => 'NotARealPassword'
+			'webfinger'   => channel_reddress($x),
+			'portable_id' => $x['channel_hash'],
+			'email'       => $a[0]['account_email'],
+			'username'    => $x['channel_address'],
+			'user_id'     => $x['channel_id'],
+			'name'        => $x['channel_name'],
+			'firstName'   => ((count($n) > 1) ? $n[1] : $n[0]),
+			'lastName'    => ((count($n) > 2) ? $n[count($n) - 1] : ''),
+			'picture'     => $x['xchan_photo_l']
 		] );
     }
 
+    public function scopeExists($scope) {
+      // Report that the scope is valid even if it's not.
+      // We will only return a very small subset no matter what.
+      // @TODO: Truly validate the scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //        vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+      //    for more info.
+      return true;
+    }
+
+    public function getDefaultScope($client_id=null) {
+      // Do not REQUIRE a scope
+      //    see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+      //    for more info.
+      return null;
+    }
+
+    public function getUserClaims ($user_id, $claims) {
+      // Populate the CLAIMS requested (if any).
+      // @TODO: create a more reasonable/comprehensive list.
+      // @TODO: present claims on the AUTHORIZATION screen
+
+        $userClaims = Array();
+        $claims = explode (' ', trim($claims));
+        $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
+        $claimsmap = Array (
+                            "webfinger" => 'webfinger',
+                            "portable_id" => 'portable_id',
+                            "name" => 'name',
+							"email" => 'email',
+                            "preferred_username" => 'username',
+							"picture" => 'picture',
+							"given_name" => 'firstName',
+							"family_name" => 'lastName'
+                           );
+        $userinfo = $this->getUser($user_id);
+        foreach ($validclaims as $validclaim) {
+            if (in_array($validclaim,$claims)) {
+              $claimkey = $claimsmap[$validclaim];
+              $userClaims[$validclaim] = $userinfo[$claimkey];
+            } else {
+              $userClaims[$validclaim] = $validclaim;
+            }
+        }
+        $userClaims["sub"]=$user_id;
+        return $userClaims; 
+    }
+
     /**
      * plaintext passwords are bad!  Override this for your application
      *
@@ -78,4 +136,4 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
         return true;
     }
 
-}
+}

Zotlabs/Lib/Apps.php

@@ -56,15 +56,10 @@ class Apps {
 
 	}
 
-
-	static public function import_system_apps() {
-		if(! local_channel())
-			return;
-
-		self::$base_apps = get_config('system','base_apps',[ 
+	static public function get_base_apps() {
+		return get_config('system','base_apps',[ 
 			'Connections',
-			'Suggest Channels',
-			'Grid',
+			'Network',
 			'Settings',
 			'Files',
 			'Channel Home',
@@ -77,7 +72,14 @@ class Apps {
 			'Mail',
 			'Profile Photo'
 		]);
+	}
 
+	static public function import_system_apps() {
+		if(! local_channel())
+			return;
+
+		self::$base_apps = self::get_base_apps();
+ 
 		$apps = self::get_system_apps(false);
 
 		self::$available_apps = q("select * from app where app_channel = 0");
@@ -140,10 +142,15 @@ class Apps {
 		foreach(self::$available_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$notfound = false;
-				if(($iapp['app_version'] != $app['version'])
+				if(($iapp['app_version'] !== $app['version'])
 					|| ($app['plugin'] && (! $iapp['app_plugin']))) {
 					return intval($iapp['app_id']);
 				}
+
+				if(($iapp['app_url'] !== $app['url'])
+					|| ($iapp['app_photo'] !== $app['photo'])) {
+					return intval($iapp['app_id']);
+				}
 			}
 		}
 
@@ -198,12 +205,11 @@ class Apps {
 		if($lines) {
 			foreach($lines as $x) {
 				if(preg_match('/^([a-zA-Z].*?):(.*?)$/ism',$x,$matches)) {
-					$ret[$matches[1]] = trim(str_replace(array('$baseurl','$nick'),array($baseurl,$address),$matches[2]));
+					$ret[$matches[1]] = trim($matches[2]);
 				}
 			}
 		}	
 
-
 		if(! $ret['photo'])
 			$ret['photo'] = $baseurl . '/' . get_default_profile_photo(80);
 
@@ -262,6 +268,10 @@ class Apps {
 						if(! can_view_public_stream())
 							unset($ret);
 						break;
+					case 'custom_role':
+						if(get_pconfig(local_channel(),'system','permissions_role') !== 'custom')
+							unset($ret);
+						break;
 					case 'observer':
 						if(! $observer)
 							unset($ret);
@@ -293,14 +303,14 @@ class Apps {
 			'Cards' => t('Cards'),
 			'Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
-			'View Bookmarks' => t('View Bookmarks'),
-			'My Chatrooms' => t('My Chatrooms'),
+			'Bookmarks' => t('Bookmarks'),
+			'Chatrooms' => t('Chatrooms'),
 			'Connections' => t('Connections'),
 			'Remote Diagnostics' => t('Remote Diagnostics'),
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
 			'Channel Manager' => t('Channel Manager'), 
-			'Grid' => t('Activity'), 
+			'Network' => t('Stream'),
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
@@ -323,7 +333,25 @@ class Apps {
 			'Features' => t('Features'),
 			'Language' => t('Language'),
 			'Post' => t('Post'),
-			'Profile Photo' => t('Profile Photo')
+			'Profile Photo' => t('Profile Photo'),
+			'Profile' => t('Profile'),
+			'Profiles' => t('Profiles'),
+			'Privacy Groups' => t('Privacy Groups'),
+			'Notifications' => t('Notifications'),
+			'Order Apps' => t('Order Apps'),
+			'CalDAV' => t('CalDAV'),
+			'CardDAV' => t('CardDAV'),
+			'Channel Sources' => t('Channel Sources'),
+			'Guest Access' => t('Guest Access'),
+			'Notes' => t('Notes'),
+			'OAuth Apps Manager' => t('OAuth Apps Manager'),
+			'OAuth2 Apps Manager' => t('OAuth2 Apps Manager'),
+			'PDL Editor' => t('PDL Editor'),
+			'Permission Categories' => t('Permission Categories'),
+			'Premium Channel' => t('Premium Channel'),
+			'Public Stream' => t('Public Stream'),
+			'My Chatrooms' => t('My Chatrooms'),
+			'Channel Export' => t('Channel Export')
 		);
 
 		if(array_key_exists('name',$arr)) {
@@ -335,6 +363,9 @@ class Apps {
 			for($x = 0; $x < count($arr); $x++) {
 				if(array_key_exists($arr[$x]['name'],$apps)) {
 					$arr[$x]['name'] = $apps[$arr[$x]['name']];
+				} else {
+				    // Try to guess by app name if not in list
+				    $arr[$x]['name'] = t(trim($arr[$x]['name']));
 				}
 			}
 		}
@@ -372,9 +403,29 @@ class Apps {
 
 		$papp['papp'] = self::papp_encode($papp);
 
-		if(! strstr($papp['url'],'://'))
+		// This will catch somebody clicking on a system "available" app that hasn't had the path macros replaced
+		// and they are allowed to see the app
+		if(strpos($papp['url'],'$baseurl') !== false || strpos($papp['url'],'$nick') !== false || strpos($papp['photo'],'$baseurl') !== false || strpos($papp['photo'],'$nick') !== false) {
+			$view_channel = local_channel();
+			if(! $view_channel) {
+
+				$sys = get_sys_channel();
+				$view_channel = $sys['channel_id'];
+			}
+			self::app_macros($view_channel,$papp); 
+		}
+
+		if(strpos($papp['url'], ',')) {
+			$urls = explode(',', $papp['url']);
+			$papp['url'] = trim($urls[0]);
+			$papp['settings_url'] = trim($urls[1]);
+		}
+
+		if(! strpos($papp['url'],'://'))
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];
 
+
+
 		foreach($papp as $k => $v) {
 			if(strpos($v,'http') === 0 && $k != 'papp') {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
@@ -418,6 +469,10 @@ class Apps {
 							if(! can_view_public_stream())
 								return '';
 							break;
+						case 'custom_role':
+							if(get_pconfig(local_channel(),'system','permissions_role') != 'custom')
+								return '';
+							break;
 						case 'observer':
 							$observer = \App::get_observer();
 							if(! $observer)
@@ -439,7 +494,9 @@ class Apps {
 		$hosturl = '';
 
 		if(local_channel()) {
-			$installed = self::app_installed(local_channel(),$papp);
+			if(self::app_installed(local_channel(),$papp) && !$papp['deleted'])
+				$installed = true;
+
 			$hosturl = z_root() . '/';
 		}
 		elseif(remote_channel()) {
@@ -466,18 +523,21 @@ class Apps {
 		if($mode === 'install') {
 			$papp['embed'] = true;
 		}
+
 		return replace_macros(get_markup_template('app.tpl'),array(
 			'$app' => $papp,
 			'$icon' => $icon,
 			'$hosturl' => $hosturl,
 			'$purchase' => (($papp['page'] && (! $installed)) ? t('Purchase') : ''),
-			'$install' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''),
+			'$installed' => $installed,
+			'$action_label' => (($hosturl && in_array($mode, ['view','install'])) ? $install_action : ''),
 			'$edit' => ((local_channel() && $installed && $mode == 'edit') ? t('Edit') : ''),
-			'$delete' => ((local_channel() && $installed && $mode == 'edit') ? t('Delete') : ''),
-			'$undelete' => ((local_channel() && $installed && $mode == 'edit') ? t('Undelete') : ''),
+			'$delete' => ((local_channel() && $mode == 'edit') ? t('Delete') : ''),
+			'$undelete' => ((local_channel() && $mode == 'edit') ? t('Undelete') : ''),
+			'$settings_url' => ((local_channel() && $installed && $mode == 'list') ? $papp['settings_url'] : ''),
 			'$deleted' => $papp['deleted'],
-			'$feature' => (($papp['embed']) ? false : true),
-			'$pin' => (($papp['embed']) ? false : true),
+			'$feature' => (($papp['embed'] || $mode == 'edit') ? false : true),
+			'$pin' => (($papp['embed'] || $mode == 'edit') ? false : true),
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
@@ -485,14 +545,26 @@ class Apps {
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray'),
 			'$add_nav' => t('Pin to navbar'),
-			'$remove_nav' => t('Unpin from navbar')
+			'$remove_nav' => t('Unpin from navbar'),
+			'$rpath' => z_root() . '/apps'
 		));
 	}
 
 	static public function app_install($uid,$app) {
+
+		if(! is_array($app)) {
+			$r = q("select * from app where app_name = '%s' and app_channel = 0",
+				dbesc($app)
+			);
+			if(! $r)
+				return false;
+
+			$app = self::app_encode($r[0]);
+		}
+
 		$app['uid'] = $uid;
 
-		if(self::app_installed($uid,$app))
+		if(self::app_installed($uid,$app,true))
 			$x = self::app_update($app);
 		else
 			$x = self::app_store($app);
@@ -503,7 +575,7 @@ class Apps {
 				intval($uid)
 			);
 			if($r) {
-				if(! $r[0]['app_system']) {
+				if(($app['uid']) && (! $r[0]['app_system'])) {
 					if($app['categories'] && (! $app['term'])) {
 						$r[0]['term'] = q("select * from term where otype = %d and oid = %d",
 							intval(TERM_OBJ_APP),
@@ -518,8 +590,25 @@ class Apps {
 		return false;
 	}
 
-	static public function app_destroy($uid,$app) {
 
+	static public function can_delete($uid,$app) {
+		if(! $uid) {
+			return false;
+		}
+
+		$base_apps = self::get_base_apps();
+		if($base_apps) {
+			foreach($base_apps as $b) {
+				if($app['guid'] === hash('whirlpool',$b)) {
+					return false;
+				}
+			}
+		}
+		return true;
+	}
+
+
+	static public function app_destroy($uid,$app) {
 
 		if($uid && $app['guid']) {
 
@@ -530,23 +619,33 @@ class Apps {
 			if($x) {
 				if(! intval($x[0]['app_deleted'])) {
 					$x[0]['app_deleted'] = 1;
-					q("delete from term where otype = %d and oid = %d",
-						intval(TERM_OBJ_APP),
-						intval($x[0]['id'])
-					);
-					$r = q("delete from app where app_id = '%s' and app_channel = %d",
-						dbesc($app['guid']),
-						intval($uid)
-					);
-
-					// we don't sync system apps - they may be completely different on the other system
-					build_sync_packet($uid,array('app' => $x));
+					if(self::can_delete($uid,$app)) {
+						$r = q("delete from app where app_id = '%s' and app_channel = %d",
+							dbesc($app['guid']),
+							intval($uid)
+						);
+						q("delete from term where otype = %d and oid = %d",
+							intval(TERM_OBJ_APP),
+							intval($x[0]['id'])
+						);
+						call_hooks('app_destroy', $x[0]);
+					}
+					else {
+						$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
+							dbesc($app['guid']),
+							intval($uid)
+						);
+					}
+					if(! intval($x[0]['app_system'])) {
+						build_sync_packet($uid,array('app' => $x));
+					}
 				}
 				else {
 					self::app_undestroy($uid,$app);
 				}
 			}
 		}
+
 	}
 
 	static public function app_undestroy($uid,$app) {
@@ -594,17 +693,66 @@ class Apps {
 		}
 	}
 
-	static public function app_installed($uid,$app) {
+	static public function app_installed($uid,$app,$bypass_filter=false) {
 
 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc((array_key_exists('guid',$app)) ? $app['guid'] : ''), 
 			intval($uid)
 		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
 		return(($r) ? true : false);
 
 	}
 
 
+	static public function addon_app_installed($uid,$app,$bypass_filter=false) {
+
+		$r = q("select id from app where app_plugin = '%s' and app_channel = %d limit 1",
+			dbesc($app),
+			intval($uid)
+		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('addon_app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
+		return(($r) ? true : false);
+
+	}
+
+	static public function system_app_installed($uid,$app,$bypass_filter=false) {
+
+		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
+			dbesc(hash('whirlpool',$app)),
+			intval($uid)
+		);
+		if (!$bypass_filter) {
+			$filter_arr = [
+				'uid'=>$uid,
+				'app'=>$app,
+				'installed'=>$r
+			];
+			call_hooks('system_app_installed_filter',$filter_arr);
+			$r = $filter_arr['installed'];
+		}
+		return(($r) ? true : false);
+
+	}
+
+
+
 	static public function app_list($uid, $deleted = false, $cats = []) {
 		if($deleted) 
 			$sql_extra = "";
@@ -644,6 +792,9 @@ class Apps {
 		);
 
 		if($r) {
+                        $hookinfo = Array('uid'=>$uid,'deleted'=>$deleted,'cats'=>$cats,'apps'=>$r);
+			call_hooks('app_list',$hookinfo);
+			$r = $hookinfo['apps'];
 			for($x = 0; $x < count($r); $x ++) {
 				if(! $r[$x]['app_system'])
 					$r[$x]['type'] = 'personal';
@@ -657,12 +808,14 @@ class Apps {
 		return($r);
 	}
 
-	static public function app_order($uid,$apps) {
+	static public function app_order($uid,$apps,$menu) {
 
 		if(! $apps)
 			return $apps;
 
-		$x = (($uid) ? get_pconfig($uid,'system','app_order') : get_config('system','app_order'));
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$x = (($uid) ? get_pconfig($uid,'system',$conf) : get_config('system',$conf));
 		if(($x) && (! is_array($x))) {
 			$y = explode(',',$x);
 			$y = array_map('trim',$y);
@@ -699,19 +852,25 @@ class Apps {
 		return false;
 	}
 
-	static function moveup($uid,$guid) {
+	static function moveup($uid,$guid,$menu) {
 		$syslist = array();
-		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
+
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$list = self::app_list($uid, false, [ $menu ]);
 		if($list) {
 			foreach($list as $li) {
-				$syslist[] = self::app_encode($li);
+				$papp = self::app_encode($li);
+				if($menu !== 'nav_pinned_app' && strpos($papp['categories'],'nav_pinned_app') !== false)
+					continue;
+				$syslist[] = $papp;
 			}
 		}
 		self::translate_system_apps($syslist);
 
 		usort($syslist,'self::app_name_compare');
 
-		$syslist = self::app_order($uid,$syslist);
+		$syslist = self::app_order($uid,$syslist,$menu);
 
 		if(! $syslist)
 			return;
@@ -736,23 +895,29 @@ class Apps {
 			$narr[] = $x['name'];
 		}
 
-		set_pconfig($uid,'system','app_order',implode(',',$narr));
+		set_pconfig($uid,'system',$conf,implode(',',$narr));
 
 	}
 
-	static function movedown($uid,$guid) {
+	static function movedown($uid,$guid,$menu) {
 		$syslist = array();
-		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
+
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$list = self::app_list($uid, false, [ $menu ]);
 		if($list) {
 			foreach($list as $li) {
-				$syslist[] = self::app_encode($li);
+				$papp = self::app_encode($li);
+				if($menu !== 'nav_pinned_app' && strpos($papp['categories'],'nav_pinned_app') !== false)
+					continue;
+				$syslist[] = $papp;
 			}
 		}
 		self::translate_system_apps($syslist);
 
 		usort($syslist,'self::app_name_compare');
 
-		$syslist = self::app_order($uid,$syslist);
+		$syslist = self::app_order($uid,$syslist,$menu);
 
 		if(! $syslist)
 			return;
@@ -777,7 +942,7 @@ class Apps {
 			$narr[] = $x['name'];
 		}
 
-		set_pconfig($uid,'system','app_order',implode(',',$narr));
+		set_pconfig($uid,'system',$conf,implode(',',$narr));
 
 	}
 
@@ -787,6 +952,29 @@ class Apps {
 	}
 
 
+	static public function app_macros($uid,&$arr) {
+
+		if(! intval($uid))
+			return;
+
+		$baseurl = z_root();
+		$channel = channelx_by_n($uid);
+		$address = (($channel) ? $channel['channel_address'] : '');
+		
+		//future expansion
+
+		$observer = \App::get_observer();
+	
+		$arr['url'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['url']);
+		$arr['photo'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['photo']);
+
+	}
+
+
+
+
+
+
 	static public function app_store($arr) {
 
 		//logger('app_store: ' . print_r($arr,true));
@@ -796,6 +984,7 @@ class Apps {
 
 		$sys = get_sys_channel();
 
+		self::app_macros($arr['uid'],$arr);
 
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
@@ -807,8 +996,8 @@ class Apps {
 			$arr['author'] = $sys['channel_hash'];
 		}
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
-			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (strpos($arr['photo'],z_root()) !== false)) {
+			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
 
@@ -827,10 +1016,11 @@ class Apps {
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
+		$darray['app_options']  = ((x($arr,'options')) ? intval($arr['options']) : 0);
 
 		$created = datetime_convert();
 
-		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d )",
+		$r = q("insert into app ( app_id, app_sig, app_author, app_name, app_desc, app_url, app_photo, app_version, app_channel, app_addr, app_price, app_page, app_requires, app_created, app_edited, app_system, app_plugin, app_deleted, app_options ) values ( '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, '%s', %d, %d )",
 			dbesc($darray['app_id']),
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
@@ -848,7 +1038,8 @@ class Apps {
 			dbesc($created),
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
-			intval($darray['app_deleted'])
+			intval($darray['app_deleted']),
+			intval($darray['app_options'])
 		);
 
 		if($r) {
@@ -881,15 +1072,18 @@ class Apps {
 		$darray = array();
 		$ret = array('success' => false);
 
+		self::app_macros($arr['uid'],$arr);
+
+
 		$darray['app_url']     = ((x($arr,'url')) ? $arr['url'] : '');
 		$darray['app_channel'] = ((x($arr,'uid')) ? $arr['uid'] : 0);
 		$darray['app_id']      = ((x($arr,'guid')) ? $arr['guid'] : 0);
 
-		if((! $darray['app_url']) || (! $darray['app_channel']) || (! $darray['app_id']))
+		if((! $darray['app_url']) || (! $darray['app_id']))
 			return $ret;
 
-		if($arr['photo'] && (strpos($arr['photo'],'icon:') !== 0) && (! strstr($arr['photo'],z_root()))) {
-			$x = import_xchan_photo($arr['photo'],get_observer_hash(),true);
+		if($arr['photo'] && (strpos($arr['photo'],'icon:') === false) && (strpos($arr['photo'],z_root()) !== false)) {
+			$x = import_xchan_photo(str_replace('$baseurl',z_root(),$arr['photo']),get_observer_hash(),true);
 			$arr['photo'] = $x[1];
 		}
 
@@ -906,10 +1100,11 @@ class Apps {
 		$darray['app_requires'] = ((x($arr,'requires')) ? escape_tags($arr['requires']) : '');
 		$darray['app_system']   = ((x($arr,'system'))   ? intval($arr['system']) : 0);
 		$darray['app_deleted']  = ((x($arr,'deleted'))  ? intval($arr['deleted']) : 0);
+		$darray['app_options']  = ((x($arr,'options')) ? intval($arr['options']) : 0);
 
 		$edited = datetime_convert();
 
-		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d where app_id = '%s' and app_channel = %d",
+		$r = q("update app set app_sig = '%s', app_author = '%s', app_name = '%s', app_desc = '%s', app_url = '%s', app_photo = '%s', app_version = '%s', app_addr = '%s', app_price = '%s', app_page = '%s', app_requires = '%s', app_edited = '%s', app_system = %d, app_plugin = '%s', app_deleted = %d, app_options = %d where app_id = '%s' and app_channel = %d",
 			dbesc($darray['app_sig']),
 			dbesc($darray['app_author']),
 			dbesc($darray['app_name']),
@@ -925,6 +1120,7 @@ class Apps {
 			intval($darray['app_system']),
 			dbesc($darray['app_plugin']),
 			intval($darray['app_deleted']),
+			intval($darray['app_options']),
 			dbesc($darray['app_id']),
 			intval($darray['app_channel'])
 		);
@@ -972,9 +1168,6 @@ class Apps {
 
 		$ret['type'] = 'personal';
 	
-		if($app['app_id'])
-			$ret['guid'] = $app['app_id'];
-
 		if($app['app_id'])
 			$ret['guid'] = $app['app_id'];
 
@@ -1017,6 +1210,9 @@ class Apps {
 		if($app['app_system'])
 			$ret['system'] = $app['app_system'];
 
+		if($app['app_options'])
+			$ret['options'] = $app['app_options'];
+
 		if($app['app_plugin'])
 			$ret['plugin'] = trim($app['app_plugin']);
 

Zotlabs/Lib/Enotify.php

@@ -825,9 +825,10 @@ class Enotify {
 
 		// convert this logic into a json array just like the system notifications
 
-		return array(
+		$x = array(
 			'notify_link' => $item['llink'],
 			'name' => $item['author']['xchan_name'],
+			'addr' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']),
 			'url' => $item['author']['xchan_url'],
 			'photo' => $item['author']['xchan_photo_s'],
 			'when' => relative_date(($edit)? $item['edited'] : $item['created']), 
@@ -835,9 +836,19 @@ class Enotify {
 			'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
 			'notify_id' => 'undefined',
 			'thread_top' => (($item['item_thread_top']) ? true : false),
-			'message' => strip_tags(bbcode($itemem_text))
+			'message' => strip_tags(bbcode($itemem_text)),
+			// these are for the superblock addon
+			'hash' => $item['author']['xchan_hash'],
+			'uid' => local_channel(),
+			'display' => true
 		);
 
+		call_hooks('enotify_format',$x);
+		if(! $x['display']) {
+			return [];
+		}
+
+		return $x;
 	}
 
 }

Zotlabs/Lib/Group.php

@@ -0,0 +1,405 @@
+<?php 
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libsync;
+
+
+class Group {
+	
+	static function add($uid,$name,$public = 0) {
+
+		$ret = false;
+		if(x($uid) && x($name)) {
+			$r = self::byname($uid,$name); // check for dups
+			if($r !== false) {
+
+				// This could be a problem. 
+				// Let's assume we've just created a group which we once deleted
+				// all the old members are gone, but the group remains so we don't break any security
+				// access lists. What we're doing here is reviving the dead group, but old content which
+				// was restricted to this group may now be seen by the new group members. 
+
+				$z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1",
+					intval($r)
+				);
+				if(($z) && $z[0]['deleted']) {
+					q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id']));
+					notice( t('A deleted group with this name was revived. Existing item permissions <strong>may</strong> apply to this group and any future members. If this is not what you intended, please create another group with a different name.') . EOL); 
+				}
+				return true;
+			}
+
+			do {
+				$dups = false;
+				$hash = random_string(32) . str_replace(['<','>'],['.','.'], $name);
+
+				$r = q("SELECT id FROM pgrp WHERE hash = '%s' LIMIT 1", dbesc($hash));
+				if($r)
+					$dups = true;
+			} while($dups == true);
+
+
+			$r = q("INSERT INTO pgrp ( hash, uid, visible, gname )
+				VALUES( '%s', %d, %d, '%s' ) ",
+				dbesc($hash),
+				intval($uid),
+				intval($public),
+				dbesc($name)
+			);
+			$ret = $r;
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+		return $ret;
+	}
+
+
+	static function remove($uid,$name) {
+		$ret = false;
+		if(x($uid) && x($name)) {
+			$r = q("SELECT id, hash FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+				intval($uid),
+				dbesc($name)
+			);
+			if($r) {
+				$group_id = $r[0]['id'];
+				$group_hash = $r[0]['hash'];
+			}
+
+			if(! $group_id)
+				return false;
+
+			// remove group from default posting lists
+			$r = q("SELECT channel_default_group, channel_allow_gid, channel_deny_gid FROM channel WHERE channel_id = %d LIMIT 1",
+			       intval($uid)
+			);
+			if($r) {
+				$user_info = $r[0];
+				$change = false;
+
+				if($user_info['channel_default_group'] == $group_hash) {
+					$user_info['channel_default_group'] = '';
+					$change = true;
+				}
+				if(strpos($user_info['channel_allow_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_allow_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_allow_gid']);
+					$change = true;
+				}
+				if(strpos($user_info['channel_deny_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_deny_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_deny_gid']);
+					$change = true;
+				}
+
+				if($change) {
+					q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' 
+						WHERE channel_id = %d",
+						intval($user_info['channel_default_group']),
+						dbesc($user_info['channel_allow_gid']),
+						dbesc($user_info['channel_deny_gid']),
+						intval($uid)
+					);
+				}
+			}
+
+			// remove all members
+			$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d ",
+				intval($uid),
+				intval($group_id)
+			);
+
+			// remove group
+			$r = q("UPDATE pgrp SET deleted = 1 WHERE uid = %d AND gname = '%s'",
+				intval($uid),
+				dbesc($name)
+			);
+
+			$ret = $r;
+
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $ret;
+	}
+
+
+	static function byname($uid,$name) {
+		if((! $uid) || (! strlen($name)))
+			return false;
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($name)
+		);
+		if($r)
+			return $r[0]['id'];
+		return false;
+	}
+
+
+	static function rec_byhash($uid,$hash) {
+		if((! $uid) || (! strlen($hash)))
+			return false;
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND hash = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($hash)
+		);
+		if($r)
+			return $r[0];
+		return false;
+	}
+
+
+	static function member_remove($uid,$name,$member) {
+		$gid = self::byname($uid,$name);
+		if(! $gid)
+			return false;
+		if(! ( $uid && $gid && $member))
+			return false;
+		$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' ",
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function member_add($uid,$name,$member,$gid = 0) {
+		if(! $gid)
+			$gid = self::byname($uid,$name);
+		if((! $gid) || (! $uid) || (! $member))
+			return false;
+
+		$r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1",	
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+		if($r)
+			return true;	// You might question this, but 
+				// we indicate success because the group member was in fact created
+				// -- It was just created at another time
+	 	if(! $r)
+			$r = q("INSERT INTO pgrp_member (uid, gid, xchan)
+				VALUES( %d, %d, '%s' ) ",
+				intval($uid),
+				intval($gid),
+				dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function members($gid) {
+		$ret = array();
+		if(intval($gid)) {
+			$r = q("SELECT * FROM pgrp_member 
+				LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan
+				WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ",
+				intval($gid),
+				intval(local_channel()),
+				intval(local_channel())
+			);
+			if($r)
+				$ret = $r;
+		}
+		return $ret;
+	}
+
+	static function members_xchan($gid) {
+		$ret = [];
+		if(intval($gid)) {
+			$r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND uid = %d",
+				intval($gid),
+				intval(local_channel())
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+	static function members_profile_xchan($uid,$gid) {
+		$ret = [];
+
+		if(intval($gid)) {
+			$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
+				intval($gid),
+				intval($uid)
+			);
+			if($r) {
+				foreach($r as $rr) {
+					$ret[] = $rr['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+
+
+	static function select($uid,$group = '') {
+	
+		$grps = [];
+		$o = '';
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($uid)
+		);
+		$grps[] = array('name' => '', 'hash' => '0', 'selected' => '');
+		if($r) {
+			foreach($r as $rr) {
+				$grps[] = array('name' => $rr['gname'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : ''));
+			}
+
+		}
+		logger('select: ' . print_r($grps,true), LOGGER_DATA);
+
+		$o = replace_macros(get_markup_template('group_selection.tpl'), array(
+			'$label' => t('Add new connections to this privacy group'),
+			'$groups' => $grps 
+		));
+		return $o;
+	}
+
+
+
+
+	static function widget($every="connections",$each="group",$edit = false, $group_id = 0, $cid = '',$mode = 1) {
+
+		$o = '';
+
+		if(! (local_channel() && feature_enabled(local_channel(),'groups'))) {
+			return '';
+		}
+
+		$groups = array();
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($_SESSION['uid'])
+		);
+		$member_of = array();
+		if($cid) {
+			$member_of = self::containing(local_channel(),$cid);
+		} 
+
+		if($r) {
+			foreach($r as $rr) {
+				$selected = (($group_id == $rr['id']) ? ' group-selected' : '');
+			
+				if ($edit) {
+					$groupedit = [ 'href' => "group/".$rr['id'], 'title' => t('edit') ];
+				} 
+				else {
+					$groupedit = null;
+				}
+			
+				$groups[] = [
+					'id'		=> $rr['id'],
+					'enc_cid'   => base64url_encode($cid),
+					'cid'		=> $cid,
+					'text' 		=> $rr['gname'],
+					'selected' 	=> $selected,
+					'href'		=> (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']) . ((x($_GET,'new')) ? '&new=' . $_GET['new'] : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''),
+					'edit'		=> $groupedit,
+					'ismember'	=> in_array($rr['id'],$member_of),
+				];
+			}
+		}
+	
+	
+		$tpl = get_markup_template("group_side.tpl");
+		$o = replace_macros($tpl, array(
+			'$title'		=> t('Privacy Groups'),
+			'$edittext'     => t('Edit group'),
+			'$createtext' 	=> t('Add privacy group'),
+			'$ungrouped'    => (($every === 'contacts') ? t('Channels not in any privacy group') : ''),
+			'$groups'		=> $groups,
+			'$add'			=> t('add'),
+		));
+		
+	
+		return $o;
+	}
+
+
+	static function expand($g) {
+		if(! (is_array($g) && count($g)))
+			return array();
+
+		$ret = [];
+		$x   = [];
+
+		// private profile linked virtual groups
+
+		foreach($g as $gv) {
+			if(substr($gv,0,3) === 'vp.') {
+				$profile_hash = substr($gv,3);
+				if($profile_hash) {
+					$r = q("select abook_xchan from abook where abook_profile = '%s'",
+						dbesc($profile_hash)
+					);
+					if($r) {
+						foreach($r as $rv) {
+							$ret[] = $rv['abook_xchan'];
+						}
+					}
+				}
+			}
+			else {
+				$x[] = $gv;
+			}
+		}								 
+
+		if($x) {
+			stringify_array_elms($x,true);
+			$groups = implode(',', $x);
+			if($groups) {
+				$r = q("SELECT xchan FROM pgrp_member WHERE gid IN ( select id from pgrp where hash in ( $groups ))");
+				if($r) {
+					foreach($r as $rr) {
+						$ret[] = $rr['xchan'];
+					}
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+	static function member_of($c) {
+		$r = q("SELECT pgrp.gname, pgrp.id FROM pgrp LEFT JOIN pgrp_member ON pgrp_member.gid = pgrp.id WHERE pgrp_member.xchan = '%s' AND pgrp.deleted = 0 ORDER BY pgrp.gname  ASC ",
+			dbesc($c)
+		);
+
+		return $r;
+
+	}
+
+	static function containing($uid,$c) {
+
+		$r = q("SELECT gid FROM pgrp_member WHERE uid = %d AND pgrp_member.xchan = '%s' ",
+			intval($uid),
+			dbesc($c)
+		);
+
+		$ret = array();
+		if($r) {
+			foreach($r as $rr)
+				$ret[] = $rr['gid'];
+		}
+	
+		return $ret;
+	}
+}

Zotlabs/Lib/Libzotdir.php

@@ -0,0 +1,654 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libzot;
+
+require_once('include/permissions.php');
+
+
+class Libzotdir {
+
+	/**
+	 * @brief
+	 *
+	 * @param int $dirmode
+	 * @return array
+	 */
+
+	static function find_upstream_directory($dirmode) {
+		global $DIRECTORY_FALLBACK_SERVERS;
+
+		$preferred = get_config('system','directory_server');
+
+		// Thwart attempts to use a private directory
+
+		if(($preferred) && ($preferred != z_root())) {
+			$r = q("select * from site where site_url = '%s' limit 1",
+				dbesc($preferred)
+			);
+			if(($r) && ($r[0]['site_flags'] & DIRECTORY_MODE_STANDALONE)) {
+				$preferred = '';
+			}		
+		}
+
+
+		if (! $preferred) {
+
+			/*
+			 * No directory has yet been set. For most sites, pick one at random
+			 * from our list of directory servers. However, if we're a directory
+			 * server ourself, point at the local instance
+			 * We will then set this value so this should only ever happen once.
+			 * Ideally there will be an admin setting to change to a different 
+			 * directory server if you don't like our choice or if circumstances change.
+			 */
+
+			$dirmode = intval(get_config('system','directory_mode'));
+			if ($dirmode == DIRECTORY_MODE_NORMAL) {
+				$toss = mt_rand(0,count($DIRECTORY_FALLBACK_SERVERS));
+				$preferred = $DIRECTORY_FALLBACK_SERVERS[$toss];
+				if(! $preferred) {
+					$preferred = DIRECTORY_FALLBACK_MASTER;
+				}
+				set_config('system','directory_server',$preferred);
+			} 
+			else {
+				set_config('system','directory_server',z_root());
+			}
+		}
+		if($preferred) {
+			return [ 'url' => $preferred ];
+		}
+		else {
+			return [];
+		}
+	}
+
+
+	/**
+	 * Directories may come and go over time. We will need to check that our
+	 * directory server is still valid occasionally, and reset to something that
+	 * is if our directory has gone offline for any reason
+	 */
+
+	static function check_upstream_directory() {
+
+		$directory = get_config('system', 'directory_server');
+
+		// it's possible there is no directory server configured and the local hub is being used.
+		// If so, default to preserving the absence of a specific server setting.
+
+		$isadir = true;
+
+		if ($directory) {
+			$j = Zotfinger::exec($directory);
+			if(array_path_exists('data/directory_mode',$j)) {
+				if ($j['data']['directory_mode'] === 'normal') {
+					$isadir = false;
+				}
+			}
+		}
+
+		if (! $isadir)
+			set_config('system', 'directory_server', '');
+	}
+
+
+	static function get_directory_setting($observer, $setting) {
+
+		if ($observer)
+			$ret = get_xconfig($observer, 'directory', $setting);
+		else
+			$ret = ((array_key_exists($setting,$_SESSION)) ? intval($_SESSION[$setting]) : false);
+
+		if($ret === false)
+			$ret = get_config('directory', $setting);
+
+
+		// 'safemode' is the default if there is no observer or no established preference. 
+
+		if($setting === 'safemode' && $ret === false)
+			$ret = 1;
+
+		if($setting === 'globaldir' && intval(get_config('system','localdir_hide')))
+			$ret = 1;
+
+		return $ret;
+	}
+
+	/**
+	 * @brief Called by the directory_sort widget.
+	 */
+	static function dir_sort_links() {
+
+		$safe_mode = 1;
+
+		$observer = get_observer_hash();
+
+		$safe_mode = self::get_directory_setting($observer, 'safemode');
+		$globaldir = self::get_directory_setting($observer, 'globaldir');
+		$pubforums = self::get_directory_setting($observer, 'pubforums');
+
+		$hide_local = intval(get_config('system','localdir_hide'));
+		if($hide_local)
+			$globaldir = 1;
+
+
+		// Build urls without order and pubforums so it's easy to tack on the changed value
+		// Probably there's an easier way to do this
+
+		$directory_sort_order = get_config('system','directory_sort_order');
+		if(! $directory_sort_order)
+			$directory_sort_order = 'date';
+
+		$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : $directory_sort_order);
+		$suggest = (($_REQUEST['suggest']) ? '&suggest=' . $_REQUEST['suggest'] : '');
+
+		$url = 'directory?f=';
+
+		$tmp = array_merge($_GET,$_POST);
+		unset($tmp['suggest']);
+		unset($tmp['pubforums']);
+		unset($tmp['global']);
+		unset($tmp['safe']);
+		unset($tmp['q']);
+		unset($tmp['f']);
+		$forumsurl = $url . http_build_query($tmp) . $suggest;
+
+		$o = replace_macros(get_markup_template('dir_sort_links.tpl'), [
+			'$header'    => t('Directory Options'),
+			'$forumsurl' => $forumsurl,
+			'$safemode'  => array('safemode', t('Safe Mode'),$safe_mode,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&safe="+(this.checked ? 1 : 0)\''),
+			'$pubforums' => array('pubforums', t('Public Forums Only'),$pubforums,'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&pubforums="+(this.checked ? 1 : 0)\''),
+			'$hide_local' => $hide_local,
+			'$globaldir' => array('globaldir', t('This Website Only'), 1-intval($globaldir),'',array(t('No'), t('Yes')),' onchange=\'window.location.href="' . $forumsurl . '&global="+(this.checked ? 0 : 1)\''),
+		]);
+
+		return $o;
+	}
+
+	/**
+	 * @brief Checks the directory mode of this hub.
+	 *
+	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
+	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
+	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB. 
+	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored 
+	 * directly if the rater's signature matches.
+	 *
+	 * @param int $dirmode;
+	 */
+
+	static function sync_directories($dirmode) {
+
+		if ($dirmode == DIRECTORY_MODE_STANDALONE || $dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		$realm = get_directory_realm();
+		if ($realm == DIRECTORY_REALM) {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT),
+				dbesc($realm)
+			);
+		} 
+		else {
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				dbesc(protect_sprintf('%' . $realm . '%')),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+
+		// If there are no directory servers, setup the fallback master
+		/** @FIXME What to do if we're in a different realm? */
+
+		if ((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) {
+
+			$x = site_store_lowlevel(
+				[
+					'site_url'       => DIRECTORY_FALLBACK_MASTER,
+					'site_flags'     => DIRECTORY_MODE_PRIMARY,
+					'site_update'    => NULL_DATE, 
+					'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
+					'site_realm'     => DIRECTORY_REALM,
+					'site_valid'     => 1,
+				]
+			);
+
+			$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ",
+				intval(DIRECTORY_MODE_PRIMARY),
+				intval(DIRECTORY_MODE_SECONDARY),
+				dbesc(z_root()),
+				intval(SITE_TYPE_ZOT)
+			);
+		}
+		if (! $r)
+			return;
+
+		foreach ($r as $rr) {
+			if (! $rr['site_directory'])
+				continue;
+
+			logger('sync directories: ' . $rr['site_directory']);
+
+			// for brand new directory servers, only load the last couple of days.
+			// It will take about a month for a new directory to obtain the full current repertoire of channels.
+			/** @FIXME Go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. */
+
+			$token = get_config('system','realm_token');
+
+			$syncdate = (($rr['site_sync'] <= NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
+			$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));
+
+			if (! $x['success'])
+				continue;
+
+			$j = json_decode($x['body'],true);
+			if (!($j['transactions']) || ($j['ratings']))
+				continue;
+
+			q("update site set site_sync = '%s' where site_url = '%s'",
+				dbesc(datetime_convert()),
+				dbesc($rr['site_url'])
+			);
+
+			logger('sync_directories: ' . $rr['site_url'] . ': ' . print_r($j,true), LOGGER_DATA);
+
+			if (is_array($j['transactions']) && count($j['transactions'])) {
+				foreach ($j['transactions'] as $t) {
+					$r = q("select * from updates where ud_guid = '%s' limit 1",
+						dbesc($t['transaction_id'])
+					);
+					if($r)
+						continue;
+
+					$ud_flags = 0;
+					if (is_array($t['flags']) && in_array('deleted',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_DELETED;
+					if (is_array($t['flags']) && in_array('forced',$t['flags']))
+						$ud_flags |= UPDATE_FLAGS_FORCED;
+	
+					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
+						values ( '%s', '%s', '%s', %d, '%s' ) ",
+						dbesc($t['hash']),
+						dbesc($t['transaction_id']),
+						dbesc($t['timestamp']),
+						intval($ud_flags),
+						dbesc($t['address'])
+					);
+				}
+			}
+		}
+	}
+
+
+
+	/**
+	 * @brief
+	 *
+	 * Given an update record, probe the channel, grab a zot-info packet and refresh/sync the data.
+	 *
+	 * Ignore updating records marked as deleted.
+	 *
+	 * If successful, sets ud_last in the DB to the current datetime for this
+	 * reddress/webbie.
+	 *
+	 * @param array $ud Entry from update table
+	 */
+
+	static function update_directory_entry($ud) {
+
+		logger('update_directory_entry: ' . print_r($ud,true), LOGGER_DATA);
+
+		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
+			$success = false;
+
+			$href = \Zotlabs\Lib\Webfinger::zot_url(punify($url));
+			if($href) {
+				$zf = \Zotlabs\Lib\Zotfinger::exec($href);
+			}
+			if(is_array($zf) && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
+			}
+			else {
+				q("update updates set ud_last = '%s' where ud_addr = '%s'",
+					dbesc(datetime_convert()),
+					dbesc($ud['ud_addr'])
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief Push local channel updates to a local directory server.
+	 *
+	 * This is called from include/directory.php if a profile is to be pushed to the
+	 * directory and the local hub in this case is any kind of directory server.
+	 *
+	 * @param int $uid
+	 * @param boolean $force
+	 */
+
+	static function local_dir_update($uid, $force) {
+
+	
+		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);
+
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+			intval($uid)
+		);
+
+		$profile = array();
+		$profile['encoding'] = 'zot';
+
+		if ($p) {
+			$hash = $p[0]['channel_hash'];
+
+			$profile['description'] = $p[0]['pdesc'];
+			$profile['birthday']    = $p[0]['dob'];
+			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))  
+				$profile['age'] = $age;
+
+			$profile['gender']      = $p[0]['gender'];
+			$profile['marital']     = $p[0]['marital'];
+			$profile['sexual']      = $p[0]['sexual'];
+			$profile['locale']      = $p[0]['locality'];
+			$profile['region']      = $p[0]['region'];
+			$profile['postcode']    = $p[0]['postal_code'];
+			$profile['country']     = $p[0]['country_name'];
+			$profile['about']       = $p[0]['about'];
+			$profile['homepage']    = $p[0]['homepage'];
+			$profile['hometown']    = $p[0]['hometown'];
+
+			if ($p[0]['keywords']) {
+				$tags = array();
+				$k = explode(' ', $p[0]['keywords']);
+				if ($k)
+					foreach ($k as $kk)
+						if (trim($kk))
+							$tags[] = trim($kk);
+
+				if ($tags)
+					$profile['keywords'] = $tags;
+			}
+
+			$hidden = (1 - intval($p[0]['publish']));
+
+			logger('hidden: ' . $hidden);
+
+			$r = q("select xchan_hidden from xchan where xchan_hash = '%s' limit 1",
+				dbesc($p[0]['channel_hash'])
+			);
+
+			if(intval($r[0]['xchan_hidden']) != $hidden) {
+				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+					intval($hidden),
+					dbesc($p[0]['channel_hash'])
+				);
+			}
+
+			$arr = [ 'channel_id' => $uid, 'hash' => $hash, 'profile' => $profile ];
+			call_hooks('local_dir_update', $arr);
+
+			$address = channel_reddress($p[0]);
+
+			if (perm_is_allowed($uid, '', 'view_profile')) {
+				self::import_directory_profile($hash, $arr['profile'], $address, 0);
+			}
+			else {
+				// they may have made it private
+				$r = q("delete from xprof where xprof_hash = '%s'",
+					dbesc($hash)
+				);
+				$r = q("delete from xtag where xtag_hash = '%s'",
+					dbesc($hash)
+				);
+			}
+	
+		}
+
+		$ud_hash = random_string() . '@' . \App::get_hostname();
+		self::update_modtime($hash, $ud_hash, channel_reddress($p[0]),(($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
+	}
+
+
+
+	/**
+	 * @brief Imports a directory profile.
+	 *
+	 * @param string $hash
+	 * @param array $profile
+	 * @param string $addr
+	 * @param number $ud_flags (optional) UPDATE_FLAGS_UPDATED
+	 * @param number $suppress_update (optional) default 0
+	 * @return boolean $updated if something changed
+	 */
+
+	static function import_directory_profile($hash, $profile, $addr, $ud_flags = UPDATE_FLAGS_UPDATED, $suppress_update = 0) {
+
+		logger('import_directory_profile', LOGGER_DEBUG);
+		if (! $hash)
+			return false;
+
+		$arr = array();
+
+		$arr['xprof_hash']         = $hash;
+		$arr['xprof_dob']          = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year
+		$arr['xprof_age']          = (($profile['age'])         ? intval($profile['age']) : 0);
+		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');	
+		$arr['xprof_gender']       = (($profile['gender'])      ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_marital']      = (($profile['marital'])     ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_sexual']       = (($profile['sexual'])      ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_locale']       = (($profile['locale'])      ? htmlspecialchars($profile['locale'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_region']       = (($profile['region'])      ? htmlspecialchars($profile['region'],      ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_postcode']     = (($profile['postcode'])    ? htmlspecialchars($profile['postcode'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_country']      = (($profile['country'])     ? htmlspecialchars($profile['country'],     ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_about']        = (($profile['about'])       ? htmlspecialchars($profile['about'],       ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_homepage']     = (($profile['homepage'])    ? htmlspecialchars($profile['homepage'],    ENT_COMPAT,'UTF-8',false) : '');
+		$arr['xprof_hometown']     = (($profile['hometown'])    ? htmlspecialchars($profile['hometown'],    ENT_COMPAT,'UTF-8',false) : '');
+
+		$clean = array();
+		if (array_key_exists('keywords', $profile) and is_array($profile['keywords'])) {
+			self::import_directory_keywords($hash,$profile['keywords']);
+			foreach ($profile['keywords'] as $kw) {
+				$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+				$kw = trim($kw, ',');
+				$clean[] = $kw;
+			}
+		}
+
+		$arr['xprof_keywords'] = implode(' ',$clean);
+
+		// Self censored, make it so
+		// These are not translated, so the German "erwachsenen" keyword will not censor the directory profile. Only the English form - "adult".
+
+
+		if(in_arrayi('nsfw',$clean) || in_arrayi('adult',$clean)) {
+			q("update xchan set xchan_selfcensored = 1 where xchan_hash = '%s'",
+				dbesc($hash)
+			);
+		}
+
+		$r = q("select * from xprof where xprof_hash = '%s' limit 1",
+			dbesc($hash)
+		);
+
+		if ($arr['xprof_age'] > 150)
+			$arr['xprof_age'] = 150;
+		if ($arr['xprof_age'] < 0)
+			$arr['xprof_age'] = 0;
+
+		if ($r) {
+			$update = false;
+			foreach ($r[0] as $k => $v) {
+				if ((array_key_exists($k,$arr)) && ($arr[$k] != $v)) {
+					logger('import_directory_profile: update ' . $k . ' => ' . $arr[$k]);
+					$update = true;
+					break;
+				}
+			}
+			if ($update) {
+				q("update xprof set
+					xprof_desc = '%s',
+					xprof_dob = '%s',
+					xprof_age = %d,
+					xprof_gender = '%s',
+					xprof_marital = '%s',
+					xprof_sexual = '%s',
+					xprof_locale = '%s',
+					xprof_region = '%s',
+					xprof_postcode = '%s',
+					xprof_country = '%s',
+					xprof_about = '%s',
+					xprof_homepage = '%s',
+					xprof_hometown = '%s',
+					xprof_keywords = '%s'
+					where xprof_hash = '%s'",
+					dbesc($arr['xprof_desc']),
+					dbesc($arr['xprof_dob']),
+					intval($arr['xprof_age']),
+					dbesc($arr['xprof_gender']),
+					dbesc($arr['xprof_marital']),
+					dbesc($arr['xprof_sexual']),
+					dbesc($arr['xprof_locale']),
+					dbesc($arr['xprof_region']),
+					dbesc($arr['xprof_postcode']),
+					dbesc($arr['xprof_country']),
+					dbesc($arr['xprof_about']),
+					dbesc($arr['xprof_homepage']),
+					dbesc($arr['xprof_hometown']),
+					dbesc($arr['xprof_keywords']),
+					dbesc($arr['xprof_hash'])
+				);
+			}
+		} else {
+			$update = true;
+			logger('New profile');
+			q("insert into xprof (xprof_hash, xprof_desc, xprof_dob, xprof_age, xprof_gender, xprof_marital, xprof_sexual, xprof_locale, xprof_region, xprof_postcode, xprof_country, xprof_about, xprof_homepage, xprof_hometown, xprof_keywords) values ('%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s') ",
+				dbesc($arr['xprof_hash']),
+				dbesc($arr['xprof_desc']),
+				dbesc($arr['xprof_dob']),
+				intval($arr['xprof_age']),
+				dbesc($arr['xprof_gender']),
+				dbesc($arr['xprof_marital']),
+				dbesc($arr['xprof_sexual']),
+				dbesc($arr['xprof_locale']),
+				dbesc($arr['xprof_region']),
+				dbesc($arr['xprof_postcode']),
+				dbesc($arr['xprof_country']),
+				dbesc($arr['xprof_about']),
+				dbesc($arr['xprof_homepage']),
+				dbesc($arr['xprof_hometown']),
+				dbesc($arr['xprof_keywords'])
+			);
+		}
+
+		$d = [
+			'xprof' => $arr,
+			'profile' => $profile,
+			'update' => $update
+		];
+		/**
+		 * @hooks import_directory_profile
+		 *   Called when processing delivery of a profile structure from an external source (usually for directory storage).
+		 *   * \e array \b xprof
+		 *   * \e array \b profile
+		 *   * \e boolean \b update
+		 */
+		call_hooks('import_directory_profile', $d);
+
+		if (($d['update']) && (! $suppress_update))
+			self::update_modtime($arr['xprof_hash'],random_string() . '@' . \App::get_hostname(), $addr, $ud_flags);
+
+		return $d['update'];
+	}
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash An xtag_hash
+	 * @param array $keywords
+	 */
+
+	static function import_directory_keywords($hash, $keywords) {
+
+		$existing = array();
+		$r = q("select * from xtag where xtag_hash = '%s' and xtag_flags = 0",
+			dbesc($hash)
+		);
+
+		if($r) {
+			foreach($r as $rr)
+				$existing[] = $rr['xtag_term'];
+		}
+
+		$clean = array();
+		foreach($keywords as $kw) {
+			$kw = trim(htmlspecialchars($kw,ENT_COMPAT, 'UTF-8', false));
+			$kw = trim($kw, ',');
+			$clean[] = $kw;
+		}
+
+		foreach($existing as $x) {
+			if(! in_array($x, $clean))
+				$r = q("delete from xtag where xtag_hash = '%s' and xtag_term = '%s' and xtag_flags = 0",
+					dbesc($hash),
+					dbesc($x)
+				);
+		}
+		foreach($clean as $x) {
+			if(! in_array($x, $existing)) {
+				$r = q("insert into xtag ( xtag_hash, xtag_term, xtag_flags) values ( '%s' ,'%s', 0 )",
+					dbesc($hash),
+					dbesc($x)
+				);
+			}
+		}
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param string $hash
+	 * @param string $guid
+	 * @param string $addr
+	 * @param int $flags (optional) default 0
+	 */
+
+	static function update_modtime($hash, $guid, $addr, $flags = 0) {
+
+		$dirmode = intval(get_config('system', 'directory_mode'));
+
+		if($dirmode == DIRECTORY_MODE_NORMAL)
+			return;
+
+		if($flags) {
+			q("insert into updates (ud_hash, ud_guid, ud_date, ud_flags, ud_addr ) values ( '%s', '%s', '%s', %d, '%s' )",
+				dbesc($hash),
+				dbesc($guid),
+				dbesc(datetime_convert()),
+				intval($flags),
+				dbesc($addr)
+			);	
+		}
+		else {
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
+				intval(UPDATE_FLAGS_UPDATED),
+				dbesc($addr),
+				intval(UPDATE_FLAGS_UPDATED)
+			);
+		}
+	}
+
+
+
+
+
+
+}

Zotlabs/Lib/NativeWiki.php

@@ -26,7 +26,8 @@ class NativeWiki {
 
 				$w['rawName']  = get_iconfig($w, 'wiki', 'rawName');
 				$w['htmlName'] = escape_tags($w['rawName']);
-				$w['urlName']  = urlencode(urlencode($w['rawName']));
+				//$w['urlName']  = urlencode(urlencode($w['rawName']));
+				$w['urlName']  = self::name_encode($w['rawName']);
 				$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
 				$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
 				$w['lockstate']     = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
@@ -233,7 +234,8 @@ class NativeWiki {
 				'wiki'     => $w,
 				'rawName'  => $rawName,
 				'htmlName' => escape_tags($rawName),
-				'urlName'  => urlencode(urlencode($rawName)),
+				//'urlName'  => urlencode(urlencode($rawName)),
+				'urlName'  => self::name_encode($rawName),
 				'mimeType' => $mimeType,
 				'typelock' => $typelock
 			);
@@ -249,7 +251,8 @@ class NativeWiki {
 			WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d 
 			AND item_deleted = 0 $sql_extra limit 1", 
 			dbesc(NWIKI_ITEM_RESOURCE_TYPE), 
-			dbesc(urldecode($urlName)), 
+			//dbesc(urldecode($urlName)), 
+			dbesc(self::name_decode($urlName)),
 			intval($uid)
 		);
 
@@ -286,4 +289,32 @@ class NativeWiki {
 			return array('read' => true, 'write' => $write, 'success' => true);
 		}
 	}
+
+	public static function name_encode ($string) {
+
+		$string = html_entity_decode($string);
+		$encoding = mb_internal_encoding();
+		mb_internal_encoding("UTF-8");
+		$ret = mb_ereg_replace_callback ('[^A-Za-z0-9\-\_\.\~]',function ($char) {
+	                $charhex = unpack('H*',$char[0]);
+                	$ret = '('.$charhex[1].')';
+                	return $ret;
+ 			}
+			,$string);
+		mb_internal_encoding($encoding);
+		return $ret;
+	}
+
+	public static function name_decode ($string) {
+
+		$encoding = mb_internal_encoding();
+		mb_internal_encoding("UTF-8");
+		$ret = mb_ereg_replace_callback ('(\(([0-9a-f]+)\))',function ($chars) {
+			return pack('H*',$chars[2]);
+			}
+			,$string);
+		mb_internal_encoding($encoding);
+		return $ret;
+	}
+
 }

Zotlabs/Lib/NativeWikiPage.php

@@ -44,7 +44,8 @@ class NativeWikiPage {
 					$pages[] = [
 						'resource_id' => $resource_id,
 						'title'       => escape_tags($title),
-						'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+						//'url'         => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+						'url'		=> Zlib\NativeWiki::name_encode($title),
 						'link_id'     => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
 					];
 				}
@@ -98,7 +99,8 @@ class NativeWikiPage {
 			$page = [ 
 				'rawName'  => $name,
 				'htmlName' => escape_tags($name),
-				'urlName'  => urlencode($name), 
+				//'urlName'  => urlencode($name), 
+				'urlName' => Zlib\NativeWiki::name_encode($name)
 
 			];
 
@@ -154,7 +156,8 @@ class NativeWikiPage {
 			$page = [ 
 				'rawName'  => $pageNewName, 
 				'htmlName' => escape_tags($pageNewName), 
-				'urlName'  => urlencode(escape_tags($pageNewName))
+				//'urlName'  => urlencode(escape_tags($pageNewName))
+				'urlName' => Zlib\NativeWiki::name_encode($pageNewName)
 			];
 
 			return [ 'success' => true, 'page' => $page ];
@@ -365,7 +368,6 @@ class NativeWikiPage {
 
 		unset($item['id']);
 		unset($item['author']);
-
 		$item['parent']       = 0;
 		$item['body']         = $content;
 		$item['author_xchan'] = $observer_hash;
@@ -527,7 +529,8 @@ class NativeWikiPage {
 			$pages = $pageURLs = array();
 			foreach ($match[1] as $m) {
 				// TODO: Why do we need to double urlencode for this to work?
-				$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+				//$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+				$pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($m));
 				$pages[] = $m;
 			}
 			$idx = 0;
@@ -556,7 +559,10 @@ class NativeWikiPage {
 			'$pageHistory' => $pageHistory['history'],
 			'$permsWrite'  => $arr['permsWrite'],
 			'$name_lbl'    => t('Name'),
-			'$msg_label'   => t('Message','wiki_history')
+			'$msg_label'   => t('Message','wiki_history'),
+			'$date_lbl'    => t('Date'),
+			'$revert_btn'  => t('Revert'),
+			'$compare_btn' => t('Compare')
 		));
 
 	}
@@ -613,7 +619,7 @@ class NativeWikiPage {
 			$s = str_replace('[observer.webname]', '', $s);
 			$s = str_replace('[observer.photo]', '', $s);
 		}
-	
+
 		return $s;
 	}
 	

Zotlabs/Lib/PConfig.php

@@ -57,6 +57,7 @@ class PConfig {
 					\App::$config[$uid][$c]['config_loaded'] = true;
 				}
 				\App::$config[$uid][$c][$k] = $rr['v'];
+				\App::$config[$uid][$c]['pcfgud:'.$k] = $rr['updated'];
 			}
 		}
 	}
@@ -113,7 +114,7 @@ class PConfig {
 	 *  The value to store
 	 * @return mixed Stored $value or false
 	 */
-	static public function Set($uid, $family, $key, $value) {
+	static public function Set($uid, $family, $key, $value, $updated=NULL) {
 
 		// this catches subtle errors where this function has been called
 		// with local_channel() when not logged in (which returns false)
@@ -130,29 +131,74 @@ class PConfig {
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
 
+		if (! $updated) {
+			$updated = datetime_convert();
+		}
+
+		$hash = hash('sha256',$family.':'.$key);
+
+		if (self::Get($uid, 'hz_delpconfig', $hash) !== false) {
+			if (self::Get($uid, 'hz_delpconfig', $hash) > $updated) {
+				logger('Refusing to update pconfig with outdated info (Item deleted more recently).', LOGGER_NORMAL, LOG_ERR);
+				return self::Get($uid,$family,$key);
+			} else {
+				self::Delete($uid,'hz_delpconfig',$hash);
+			}
+		}
+
 		if(self::Get($uid, $family, $key) === false) {
 			if(! array_key_exists($uid, \App::$config))
 				\App::$config[$uid] = array();
 			if(! array_key_exists($family, \App::$config[$uid]))
 				\App::$config[$uid][$family] = array();
 
-			$ret = q("INSERT INTO pconfig ( uid, cat, k, v ) VALUES ( %d, '%s', '%s', '%s' ) ",
+
+			$ret = q("INSERT INTO pconfig ( uid, cat, k, v, updated ) VALUES ( %d, '%s', '%s', '%s', '%s' ) ",
 				intval($uid),
 				dbesc($family),
 				dbesc($key),
-				dbesc($dbvalue)
+				dbesc($dbvalue),
+				dbesc($updated)
 			);
+
+			// There is a possible race condition if another process happens
+			// to insert something after this thread has Loaded and now.  We should
+			// at least make a note of it if it happens.
+
+			if (!$ret) {
+				logger("Error: Insert to pconfig failed.",LOGGER_NORMAL, LOG_ERR);
+			}
+
+			\App::$config[$uid][$family]['pcfgud:'.$key] = $updated;
+
 		}
 		else {
+			$new = (\App::$config[$uid][$family]['pcfgud:'.$key] < $updated);
 
-			$ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'",
-				dbesc($dbvalue),
-				intval($uid),
-				dbesc($family),
-				dbesc($key)
-			);
+			if ($new) {
+
+				// @NOTE There is still a possible race condition under limited circumstances
+				// where a value will be updated by another thread with more current data than
+				// we have.  At this point there is no easy way to test for it, so we update
+				// and hope for the best.
+
+				$ret = q("UPDATE pconfig SET v = '%s', updated = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' ",
+					dbesc($dbvalue),
+					dbesc($updated),
+					intval($uid),
+					dbesc($family),
+					dbesc($key)
+				);
+
+				\App::$config[$uid][$family]['pcfgud:'.$key] = $updated;
+
+			} else {
+				logger('Refusing to update pconfig with outdated info.', LOGGER_NORMAL, LOG_ERR);
+				return self::Get($uid, $family, $key);
+			}
 		}
 
+
 		// keep a separate copy for all variables which were
 		// set in the life of this page. We need this to
 		// synchronise channel clones.
@@ -163,7 +209,11 @@ class PConfig {
 			\App::$config[$uid]['transient'][$family] = array();
 
 		\App::$config[$uid][$family][$key] = $value;
-		\App::$config[$uid]['transient'][$family][$key] = $value;
+
+		if ($new) {
+			\App::$config[$uid]['transient'][$family][$key] = $value;
+			\App::$config[$uid]['transient'][$family]['pcfgud:'.$key] = $updated;
+		}
 
 		if($ret)
 			return $value;
@@ -186,18 +236,29 @@ class PConfig {
 	 *  The configuration key to delete
 	 * @return mixed
 	 */
-	static public function Delete($uid, $family, $key) {
+	static public function Delete($uid, $family, $key, $updated = NULL) {
 
 		if(is_null($uid) || $uid === false)
 			return false;
 
+		$updated = ($updated) ? $updated : datetime_convert();
+
+		$newer = (\App::$config[$uid][$family]['pcfgud:'.$key] < $updated);
+
+		if (! $newer) {
+			logger('Refusing to delete pconfig with outdated delete request.', LOGGER_NORMAL, LOG_ERR);
+			return false;
+		}
+
 		$ret = false;
 
-		if(array_key_exists($uid,\App::$config)
-			&& is_array(\App::$config['uid'])
-			&& array_key_exists($family,\App::$config['uid'])
-			&& array_key_exists($key, \App::$config[$uid][$family]))
+		if (isset(\App::$config[$uid][$family][$key])) {
 			unset(\App::$config[$uid][$family][$key]);
+		}
+
+		if (isset(\App::$config[$uid][$family]['pcfgud:'.$key])) {
+			unset(\App::$config[$uid][$family]['pcfgud:'.$key]);
+		}
 
 		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
 			intval($uid),
@@ -205,6 +266,22 @@ class PConfig {
 			dbesc($key)
 		);
 
+		if ($family != 'hz_delpconfig') {
+			$hash = hash('sha256',$family.':'.$key);
+			set_pconfig($uid,'hz_delpconfig',$hash,$updated);
+		}
+
+		// Synchronize delete with clones.
+
+		if(! array_key_exists('transient', \App::$config[$uid]))
+			\App::$config[$uid]['transient'] = array();
+		if(! array_key_exists($family, \App::$config[$uid]['transient']))
+			\App::$config[$uid]['transient'][$family] = array();
+
+		if ($new) {
+			\App::$config[$uid]['transient'][$family]['pcfgdel:'.$key] = $updated;
+		}
+
 		return $ret;
 	}
 

Zotlabs/Lib/Queue.php

@@ -0,0 +1,278 @@
+<?php /** @file */
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libzot;
+
+
+class Queue {
+
+	static function update($id, $add_priority = 0) {
+
+		logger('queue: requeue item ' . $id,LOGGER_DEBUG);
+		$x = q("select outq_created, outq_posturl from outq where outq_hash = '%s' limit 1",
+			dbesc($id)
+		);
+		if(! $x)
+			return;
+
+
+		$y = q("select min(outq_created) as earliest from outq where outq_posturl = '%s'",
+			dbesc($x[0]['outq_posturl'])
+		);
+
+		// look for the oldest queue entry with this destination URL. If it's older than a couple of days,
+		// the destination is considered to be down and only scheduled once an hour, regardless of the
+		// age of the current queue item.
+
+		$might_be_down = false;
+
+		if($y)
+			$might_be_down = ((datetime_convert('UTC','UTC',$y[0]['earliest']) < datetime_convert('UTC','UTC','now - 2 days')) ? true : false);
+
+
+		// Set all other records for this destination way into the future. 
+		// The queue delivers by destination. We'll keep one queue item for
+		// this destination (this one) with a shorter delivery. If we succeed
+		// once, we'll try to deliver everything for that destination.
+		// The delivery will be set to at most once per hour, and if the 
+		// queue item is less than 12 hours old, we'll schedule for fifteen
+		// minutes. 
+
+		$r = q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_posturl = '%s'",
+			dbesc(datetime_convert('UTC','UTC','now + 5 days')),
+			dbesc($x[0]['outq_posturl'])
+		);
+ 
+		$since = datetime_convert('UTC','UTC',$x[0]['outq_created']);
+
+		if(($might_be_down) || ($since < datetime_convert('UTC','UTC','now - 12 hour'))) {
+			$next = datetime_convert('UTC','UTC','now + 1 hour');
+		}
+		else {
+			$next = datetime_convert('UTC','UTC','now + ' . intval($add_priority) . ' minutes');
+		}
+
+		q("UPDATE outq SET outq_updated = '%s', 
+			outq_priority = outq_priority + %d, 
+			outq_scheduled = '%s' 
+			WHERE outq_hash = '%s'",
+
+			dbesc(datetime_convert()),
+			intval($add_priority),
+			dbesc($next),
+			dbesc($id)
+		);
+	}
+
+
+	static function remove($id,$channel_id = 0) {
+		logger('queue: remove queue item ' . $id,LOGGER_DEBUG);
+		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
+		
+		q("DELETE FROM outq WHERE outq_hash = '%s' $sql_extra",
+			dbesc($id)
+		);
+	}
+
+
+	static function remove_by_posturl($posturl) {
+		logger('queue: remove queue posturl ' . $posturl,LOGGER_DEBUG);
+		
+		q("DELETE FROM outq WHERE outq_posturl = '%s' ",
+			dbesc($posturl)
+		);
+	}
+
+
+
+	static function set_delivered($id,$channel = 0) {
+		logger('queue: set delivered ' . $id,LOGGER_DEBUG);
+		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
+
+		// Set the next scheduled run date so far in the future that it will be expired
+		// long before it ever makes it back into the delivery chain. 
+
+		q("update outq set outq_delivered = 1, outq_updated = '%s', outq_scheduled = '%s' where outq_hash = '%s' $sql_extra ",
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert('UTC','UTC','now + 5 days')),
+			dbesc($id)
+		);
+	}
+
+
+
+	static function insert($arr) {
+
+		// do not queue anything with no destination
+
+		if(! (array_key_exists('posturl',$arr) && trim($arr['posturl']))) {
+			return false;
+		}
+
+		$x = q("insert into outq ( outq_hash, outq_account, outq_channel, outq_driver, outq_posturl, outq_async, outq_priority,
+			outq_created, outq_updated, outq_scheduled, outq_notify, outq_msg ) 
+			values ( '%s', %d, %d, '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s' )",
+			dbesc($arr['hash']),
+			intval($arr['account_id']),
+			intval($arr['channel_id']),
+			dbesc(($arr['driver']) ? $arr['driver'] : 'zot'),
+			dbesc($arr['posturl']),
+			intval(1),
+			intval(($arr['priority']) ? $arr['priority'] : 0),
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert()),
+			dbesc(datetime_convert()),
+			dbesc($arr['notify']),
+			dbesc(($arr['msg']) ? $arr['msg'] : '')
+		);
+		return $x;
+
+	}
+
+
+
+	static function deliver($outq, $immediate = false) {
+
+		$base = null;
+		$h = parse_url($outq['outq_posturl']);
+		if($h !== false) 
+			$base = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : '');
+
+		if(($base) && ($base !== z_root()) && ($immediate)) {
+			$y = q("select site_update, site_dead from site where site_url = '%s' ",
+				dbesc($base)
+			);
+			if($y) {
+				if(intval($y[0]['site_dead'])) {
+					self::remove_by_posturl($outq['outq_posturl']);
+					logger('dead site ignored ' . $base);
+					return;
+				}
+				if($y[0]['site_update'] < datetime_convert('UTC','UTC','now - 1 month')) {
+					self::update($outq['outq_hash'],10);
+					logger('immediate delivery deferred for site ' . $base);
+					return;
+				}
+			}
+			else {
+
+				// zot sites should all have a site record, unless they've been dead for as long as
+				// your site has existed. Since we don't know for sure what these sites are,
+				// call them unknown
+
+				site_store_lowlevel( 
+					[
+						'site_url'    => $base,
+						'site_update' => datetime_convert(),
+						'site_dead'   => 0,
+						'site_type'   => intval(($outq['outq_driver'] === 'post') ? SITE_TYPE_NOTZOT : SITE_TYPE_UNKNOWN),
+						'site_crypto' => ''
+					]
+				);
+			}
+		}
+
+		$arr = array('outq' => $outq, 'base' => $base, 'handled' => false, 'immediate' => $immediate);
+		call_hooks('queue_deliver',$arr);
+		if($arr['handled'])
+			return;
+
+		// "post" queue driver - used for diaspora and friendica-over-diaspora communications.
+
+		if($outq['outq_driver'] === 'post') {
+			$result = z_post_url($outq['outq_posturl'],$outq['outq_msg']);
+			if($result['success'] && $result['return_code'] < 300) {
+				logger('deliver: queue post success to ' . $outq['outq_posturl'], LOGGER_DEBUG);
+				if($base) {
+					q("update site set site_update = '%s', site_dead = 0 where site_url = '%s' ",
+						dbesc(datetime_convert()),
+						dbesc($base)
+					);
+				}
+				q("update dreport set dreport_result = '%s', dreport_time = '%s' where dreport_queue = '%s'",
+					dbesc('accepted for delivery'),
+					dbesc(datetime_convert()),
+					dbesc($outq['outq_hash'])
+				);
+				self::remove($outq['outq_hash']);
+
+				// server is responding - see if anything else is going to this destination and is piled up 
+				// and try to send some more. We're relying on the fact that do_delivery() results in an 
+				// immediate delivery otherwise we could get into a queue loop. 
+
+				if(! $immediate) {
+					$x = q("select outq_hash from outq where outq_posturl = '%s' and outq_delivered = 0",
+						dbesc($outq['outq_posturl'])
+					);
+	
+					$piled_up = array();
+					if($x) {
+						foreach($x as $xx) {
+							 $piled_up[] = $xx['outq_hash'];
+						}
+					}
+					if($piled_up) {
+						// call do_delivery() with the force flag
+						do_delivery($piled_up, true);
+					}
+				}
+			}
+			else {
+				logger('deliver: queue post returned ' . $result['return_code'] 
+					. ' from ' . $outq['outq_posturl'],LOGGER_DEBUG);
+					self::update($outq['outq_hash'],10);
+			}
+			return;
+		}
+
+		// normal zot delivery
+
+		logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);
+
+
+		if($outq['outq_posturl'] === z_root() . '/zot') {
+			// local delivery
+			$zot = new \Zotlabs\Zot6\Receiver(new \Zotlabs\Zot6\Zot6Handler(),$outq['outq_notify']);
+			$result = $zot->run(true);
+			logger('returned_json: ' . json_encode($result,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DATA);
+			logger('deliver: local zot delivery succeeded to ' . $outq['outq_posturl']);
+			Libzot::process_response($outq['outq_posturl'],[ 'success' => true, 'body' => json_encode($result) ], $outq);
+		}
+		else {
+			logger('remote');
+			$channel = null;
+
+			if($outq['outq_channel']) {
+				$channel = channelx_by_n($outq['outq_channel']);
+			}
+
+			$host_crypto = null;
+
+			if($channel && $base) {
+				$h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1",
+					dbesc($base)
+				);
+				if($h) {
+					$host_crypto = $h[0];
+				}
+			}
+
+			$msg = $outq['outq_notify'];
+
+			$result = Libzot::zot($outq['outq_posturl'],$msg,$channel,$host_crypto);
+
+			if($result['success']) {
+				logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
+				Libzot::process_response($outq['outq_posturl'],$result, $outq);
+			}
+			else {
+				logger('deliver: remote zot delivery failed to ' . $outq['outq_posturl']);
+				logger('deliver: remote zot delivery fail data: ' . print_r($result,true), LOGGER_DATA);
+				self::update($outq['outq_hash'],10);
+			}
+		}
+		return;
+	}
+}
+

Zotlabs/Lib/ThreadItem.php

@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Lib;
 
+use Zotlabs\Lib\Apps;
+
 require_once('include/text.php');
 
 /**
@@ -259,7 +261,7 @@ class ThreadItem {
 		$forged = ((($item['sig']) && (! intval($item['item_verified']))) ? t('Message signature incorrect') : '');
 		$unverified = '' ; // (($this->is_wall_to_wall() && (! intval($item['item_verified']))) ? t('Message cannot be verified') : '');
 
-
+		$settings = '';
 
 		// FIXME - check this permission
 		if($conv->get_profile_owner() == local_channel()) {
@@ -267,12 +269,14 @@ class ThreadItem {
 				'tagit' => t("Add Tag"),
 				'classtagger' => "",
 			);
+
+			$settings = t('Conversation Tools');
 		}
 
 		$has_bookmarks = false;
-		if(is_array($item['term'])) {
+		if(Apps::system_app_installed(local_channel(), 'Bookmarks') && is_array($item['term'])) {
 			foreach($item['term'] as $t) {
-				if((get_account_techlevel() > 0) && ($t['ttype'] == TERM_BOOKMARK))
+				if(($t['ttype'] == TERM_BOOKMARK))
 					$has_bookmarks = true;
 			}
 		}
@@ -325,6 +329,10 @@ class ThreadItem {
 
 		$has_tags = (($body['tags'] || $body['categories'] || $body['mentions'] || $body['attachments'] || $body['folders']) ? true : false);
 
+                $dropdown_extras_arr = [ 'item' => $item , 'dropdown_extras' => '' ];
+                call_hooks('dropdown_extras',$dropdown_extras_arr);
+                $dropdown_extras = $dropdown_extras_arr['dropdown_extras'];
+
 		$tmp_item = array(
 			'template' => $this->get_template(),
 			'mode' => $mode,
@@ -404,6 +412,7 @@ class ThreadItem {
 			'addtocal'  => (($has_event) ? t('Add to Calendar') : ''),
 			'drop'      => $drop,
 			'multidrop' => ((feature_enabled($conv->get_profile_owner(),'multi_delete')) ? $multidrop : ''),
+                        'dropdown_extras' => $dropdown_extras,
 // end toolbar buttons
 
 			'unseen_comments' => $unseen_comments,
@@ -431,7 +440,8 @@ class ThreadItem {
 			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
 			'submid' => str_replace(['+','='], ['',''], base64_encode($item['mid'])),
-			'thread_level' => $thread_level
+			'thread_level' => $thread_level,
+			'settings' => $settings
 		);
 
 		$arr = array('item' => $item, 'output' => $tmp_item);

Zotlabs/Lib/ThreadStream.php

@@ -196,7 +196,6 @@ class ThreadStream {
 			$item->set_commentable(false);
 		} 
 
-		require_once('include/channel.php');
 
 		$item->set_conversation($this);
 		$this->threads[] = $item;

Zotlabs/Lib/Webfinger.php

@@ -0,0 +1,109 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * @brief Fetch and return a webfinger for a resource
+ *
+ * @param string $resource - The resource
+ * @return boolean|string false or associative array from result JSON
+ */
+
+class Webfinger {
+
+	static private $server   = EMPTY_STR;
+	static private $resource = EMPTY_STR;
+
+	static function exec($resource) {
+
+		if(! $resource) {
+			return false;
+		}
+
+		self::parse_resource($resource);
+
+		if(! ( self::$server && self::$resource)) {
+			return false;
+		}
+
+		if(! check_siteallowed(self::$server)) {
+			logger('blacklisted: ' . self::$server);
+			return false;
+		}
+
+		btlogger('fetching resource: ' . self::$resource . ' from ' . self::$server, LOGGER_DEBUG, LOG_INFO);
+
+		$url = 'https://' . self::$server . '/.well-known/webfinger?f=&resource=' . self::$resource ;
+
+		$counter = 0;
+		$s = z_fetch_url($url, false, $counter, [ 'headers' => [ 'Accept: application/jrd+json, */*' ] ]);
+
+		if($s['success']) {
+			$j = json_decode($s['body'], true);
+			return($j);
+		}
+
+		return false;
+	}
+
+	static function parse_resource($resource) {
+
+		self::$resource = urlencode($resource);
+
+		if(strpos($resource,'http') === 0) {
+			$m = parse_url($resource);
+			if($m) {
+				if($m['scheme'] !== 'https') {
+					return false;
+				}
+				self::$server = $m['host'] . (($m['port']) ? ':' . $m['port'] : '');
+			}
+			else {
+				return false;
+			}
+		}
+		elseif(strpos($resource,'tag:') === 0) {
+			$arr = explode(':',$resource); // split the tag
+			$h = explode(',',$arr[1]); // split the host,date
+			self::$server = $h[0];
+		}
+		else {
+			$x = explode('@',$resource);
+			$username = $x[0];
+			if(count($x) > 1) {
+				self::$server = $x[1];
+			}
+			else {
+				return false;
+			}
+			if(strpos($resource,'acct:') !== 0) {
+				self::$resource = urlencode('acct:' . $resource);
+			}
+		}
+
+	}
+
+	/**
+	 * @brief fetch a webfinger resource and return a zot6 discovery url if present
+	 *
+	 */ 
+
+	static function zot_url($resource) {
+
+		$arr = self::exec($resource);
+
+		if(is_array($arr) && array_key_exists('links',$arr)) {
+			foreach($arr['links'] as $link) {
+				if(array_key_exists('rel',$link) && $link['rel'] === PROTOCOL_ZOT6) {
+					if(array_key_exists('href',$link) && $link['href'] !== EMPTY_STR) {
+						return $link['href'];
+					}
+				}
+			}
+		}
+		return false;
+	}
+
+
+
+}

Zotlabs/Lib/Zotfinger.php

@@ -0,0 +1,50 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Web\HTTPSig;
+
+class Zotfinger {
+
+	static function exec($resource,$channel = null) {
+
+		if(! $resource) {
+			return false;
+		}
+
+		if($channel) {
+			$headers = [ 
+				'Accept'      => 'application/x-zot+json', 
+				'X-Zot-Token' => random_string(),
+			];
+			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
+		}
+		else {
+			$h = [ 'Accept: application/x-zot+json' ]; 
+		}
+				
+		$result = [];
+
+
+		$redirects = 0;
+		$x = z_fetch_url($resource,false,$redirects, [ 'headers' => $h  ] );
+
+		if($x['success']) {
+			
+			$result['signature'] = HTTPSig::verify($x);
+    
+			$result['data'] = json_decode($x['body'],true);
+
+			if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) {
+				$result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true);
+			}
+
+			return $result;
+		}
+
+		return false;
+	}
+
+
+
+}

Zotlabs/Module/Acl.php

@@ -81,9 +81,10 @@ class Acl extends \Zotlabs\Web\Controller {
 
 
 		if($search) {
-			$sql_extra = " AND groups.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
+			$sql_extra = " AND pgrp.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
-	
+			$sql_extra2_xchan = "AND ( xchan_name LIKE " . protect_sprintf( "'" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
+
 			// This horrible mess is needed because position also returns 0 if nothing is found. 
 			// Would be MUCH easier if it instead returned a very large value
 			// Otherwise we could just 
@@ -128,13 +129,13 @@ class Acl extends \Zotlabs\Web\Controller {
 
 			// Normal privacy groups
 
-			$r = q("SELECT groups.id, groups.hash, groups.gname
-					FROM groups, group_member 
-					WHERE groups.deleted = 0 AND groups.uid = %d 
-					AND group_member.gid = groups.id
+			$r = q("SELECT pgrp.id, pgrp.hash, pgrp.gname
+					FROM pgrp, pgrp_member 
+					WHERE pgrp.deleted = 0 AND pgrp.uid = %d 
+					AND pgrp_member.gid = pgrp.id
 					$sql_extra
-					GROUP BY groups.id
-					ORDER BY groups.gname 
+					GROUP BY pgrp.id
+					ORDER BY pgrp.gname 
 					LIMIT %d OFFSET %d",
 				intval(local_channel()),
 				intval($count),
@@ -226,7 +227,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			else { // Visitors
 				$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
 					FROM xchan left join xlink on xlink_link = xchan_hash
-					WHERE xlink_xchan  = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
+					WHERE xlink_xchan  = '%s' AND xchan_deleted = 0 $sql_extra2_xchan order by $order_extra2 xchan_name asc" ,
 					dbesc(get_observer_hash())
 				);
 	
@@ -270,7 +271,7 @@ class Acl extends \Zotlabs\Web\Controller {
 			if((count($r) < 100) && $type == 'c') {
 				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
 					FROM xchan 
-					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2 order by $order_extra2 xchan_name asc" 
+					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2_xchan order by $order_extra2 xchan_name asc"
 				);
 				if($r2) {
 					$r = array_merge($r,$r2);

Zotlabs/Module/Admin.php

@@ -109,11 +109,9 @@ class Admin extends \Zotlabs\Web\Controller {
 
 		// available channels, primary and clones
 		$channels = array();
-		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0");
+		$r = q("SELECT COUNT(*) AS total FROM channel WHERE channel_removed = 0 and channel_system = 0");
 		if ($r) {
 			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
-			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
-			$channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']);
 		}
 
 		// We can do better, but this is a quick queue status

Zotlabs/Module/Admin/Account_edit.php

@@ -31,7 +31,7 @@ class Account_edit {
 		}
 
 		$service_class = trim($_REQUEST['service_class']);
-		$account_level = intval(trim($_REQUEST['account_level']));
+		$account_level = 5;
 		$account_language = trim($_REQUEST['account_language']);
 
 		$r = q("update account set account_service_class = '%s', account_level = %d, account_language = '%s' 
@@ -68,7 +68,6 @@ class Account_edit {
 			'$title' => t('Account Edit'),
 			'$pass1' => [ 'pass1', t('New Password'), ' ','' ],
 			'$pass2' => [ 'pass2', t('New Password again'), ' ','' ],
-			'$account_level' => [ 'account_level', t('Technical skill level'), $x[0]['account_level'], '', \Zotlabs\Lib\Techlevels::levels() ],
 			'$account_language' => [ 'account_language' , t('Account language (for emails)'), $x[0]['account_language'], '', language_list() ],
 			'$service_class' => [ 'service_class', t('Service class'), $x[0]['account_service_class'], '' ],
 			'$submit' => t('Submit'),
@@ -81,4 +80,4 @@ class Account_edit {
 	}
 
 
-}
+}

Zotlabs/Module/Admin/Site.php

@@ -72,7 +72,6 @@ class Site {
 		$maxloadavg        = ((x($_POST,'maxloadavg'))       ? intval(trim($_POST['maxloadavg'])) : 50);
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
-		$techlevel_lock    = ((x($_POST,'techlock'))         ? intval($_POST['techlock'])   : 0);
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
 		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
 		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
@@ -81,10 +80,6 @@ class Site {
 
 		$permissions_role = escape_tags(trim($_POST['permissions_role']));
 
-		$techlevel         = null;
-		if(array_key_exists('techlevel', $_POST))
-			$techlevel = intval($_POST['techlevel']);
-
 		set_config('system', 'feed_contacts', $feed_contacts);
 		set_config('system', 'delivery_interval', $delivery_interval);
 		set_config('system', 'delivery_batch_count', $delivery_batch_count);
@@ -110,12 +105,6 @@ class Site {
 		set_config('system', 'pubstream_incl',$pub_incl);
 		set_config('system', 'pubstream_excl',$pub_excl);
 
-		set_config('system', 'techlevel_lock', $techlevel_lock);
-
-
-
-		if(! is_null($techlevel))
-			set_config('system', 'techlevel', $techlevel);
 
 		if($directory_server)
 			set_config('system','directory_server',$directory_server);
@@ -284,15 +273,6 @@ class Site {
 		// now invert the logic for the setting.
 		$discover_tab = (1 - $discover_tab);
 
-		$techlevels = [
-			'0' => t('Beginner/Basic'),
-			'1' => t('Novice - not skilled but willing to learn'),
-			'2' => t('Intermediate - somewhat comfortable'),
-			'3' => t('Advanced - very comfortable'),
-			'4' => t('Expert - I can write computer code'),
-			'5' => t('Wizard - I probably know more than you do')
-		];
-
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
 		$default_role = get_config('system','default_permissions_role','social');
 
@@ -316,10 +296,6 @@ class Site {
 			// name, label, value, help string, extra data...
 			'$sitename' 		=> array('sitename', t("Site name"), htmlspecialchars(get_config('system','sitename'), ENT_QUOTES, 'UTF-8'),''),
 
-			'$techlevel' => [ 'techlevel', t('Site default technical skill level'), get_config('system','techlevel'), t('Used to provide a member experience matched to technical comfort level'), $techlevels ],
-
-			'$techlock' => [ 'techlock', t('Lock the technical skill level setting'), get_config('system','techlevel_lock'), t('Members can set their own technical comfort level by default') ],
-
 			'$banner'			=> array('banner', t("Banner/Logo"), $banner, t('Unfiltered HTML/CSS/JS is allowed')),
 			'$admininfo'		=> array('admininfo', t("Administrator Information"), $admininfo, t("Contact information for site administrators.  Displayed on siteinfo page.  BBCode can be used here")),
 			'$siteinfo'		=> array('siteinfo', t('Site Information'), get_config('system','siteinfo'), t("Publicly visible description of this site.  Displayed on siteinfo page.  BBCode can be used here")),
@@ -332,10 +308,10 @@ class Site {
 			'$register_policy'	=> array('register_policy', t("Does this site allow new member registration?"), get_config('system','register_policy'), "", $register_choices),
 			'$invite_only'		=> array('invite_only', t("Invitation only"), get_config('system','invitation_only'), t("Only allow new member registrations with an invitation code. Above register policy must be set to Yes.")),
 			'$minimum_age'		=> array('minimum_age', t("Minimum age"), (x(get_config('system','minimum_age'))?get_config('system','minimum_age'):13), t("Minimum age (in years) for who may register on this site.")),
-			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), "This is displayed on the public server site list.", $access_choices),
+			'$access_policy'	=> array('access_policy', t("Which best describes the types of account offered by this hub?"), get_config('system','access_policy'), t("This is displayed on the public server site list."), $access_choices),
 			'$register_text'	=> array('register_text', t("Register text"), htmlspecialchars(get_config('system','register_text'), ENT_QUOTES, 'UTF-8'), t("Will be displayed prominently on the registration page.")),
 			'$role'         => $role,
-			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'public' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
+			'$frontpage'	=> array('frontpage', t("Site homepage to show visitors (default: login box)"), get_config('system','frontpage'), t("example: 'pubstream' to show public stream, 'page/sys/home' to show a system webpage called 'home' or 'include:home.html' to include a file.")),
 			'$mirror_frontpage'	=> array('mirror_frontpage', t("Preserve site homepage URL"), get_config('system','mirror_frontpage'), t('Present the site homepage in a frame at the original location instead of redirecting')),
 			'$abandon_days'     => array('abandon_days', t('Accounts abandoned after x days'), get_config('system','account_abandon_days'), t('Will not waste system resources polling external sites for abandonded accounts. Enter 0 for no time limit.')),
 			'$allowed_sites'	=> array('allowed_sites', t("Allowed friend domains"), get_config('system','allowed_sites'), t("Comma separated list of domains which are allowed to establish friendships with this site. Wildcards are accepted. Empty to allow any domains")),

Zotlabs/Module/Appman.php

@@ -90,12 +90,12 @@ class Appman extends \Zotlabs\Web\Controller {
 
 		$channel = \App::get_channel();
 
-		if(argc() > 2) {
+		if(argc() > 3) {
 			if(argv(2) === 'moveup') {
-				Zlib\Apps::moveup(local_channel(),argv(1));
+				Zlib\Apps::moveup(local_channel(),argv(1),argv(3));
 			}
 			if(argv(2) === 'movedown') {
-				Zlib\Apps::movedown(local_channel(),argv(1));
+				Zlib\Apps::movedown(local_channel(),argv(1),argv(3));
 			}
 			goaway(z_root() . '/apporder');
 		}
@@ -113,10 +113,12 @@ class Appman extends \Zotlabs\Web\Controller {
 			if($r) {
 				$app = $r[0];
 
-				$term = q("select * from term where otype = %d and oid = %d",
+				$term = q("select * from term where otype = %d and oid = %d and uid = %d",
 					intval(TERM_OBJ_APP),
-					intval($r[0]['id'])
+					intval($r[0]['id']),
+					intval(local_channel())
 				);
+
 				if($term) {
 					$app['categories'] = '';
 					foreach($term as $t) {

Zotlabs/Module/Apporder.php

@@ -17,25 +17,28 @@ class Apporder extends \Zotlabs\Web\Controller {
 
 		nav_set_selected('Order Apps');
 
-		$syslist = array();
-		$list = Zlib\Apps::app_list(local_channel(), false, ['nav_featured_app', 'nav_pinned_app']);
-		if($list) {
-			foreach($list as $li) {
-				$syslist[] = Zlib\Apps::app_encode($li);
+		foreach( [ 'nav_featured_app', 'nav_pinned_app' ] as $l ) {
+			$syslist = [];
+			$list = Zlib\Apps::app_list(local_channel(), false, [ $l ]);
+			if($list) {
+				foreach($list as $li) {
+					$syslist[] = Zlib\Apps::app_encode($li);
+				}
 			}
-		}
-		Zlib\Apps::translate_system_apps($syslist);
+		
+			Zlib\Apps::translate_system_apps($syslist);
 
-		usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+			usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
 
-		$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+			$syslist = Zlib\Apps::app_order(local_channel(),$syslist, $l);
 
-		foreach($syslist as $app) {
-			if(strpos($app['categories'],'nav_pinned_app') !== false) {
-				$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order');
-			}
-			else {
-				$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+			foreach($syslist as $app) {
+				if($l === 'nav_pinned_app') {
+					$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order');
+				}
+				elseif(strpos($app['categories'],'nav_pinned_app') === false) {
+					$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+				}
 			}
 		}
 

Zotlabs/Module/Apps.php

@@ -47,11 +47,11 @@ class Apps extends \Zotlabs\Web\Controller {
 		return replace_macros(get_markup_template('myapps.tpl'), array(
 			'$sitename' => get_config('system','sitename'),
 			'$cat' => $cat,
-			'$title' => t('Apps'),
+			'$title' => (($available) ? t('Available Apps') : t('Installed Apps')),
 			'$apps' => $apps,
 			'$authed' => ((local_channel()) ? true : false),
-			'$manage' => (($available) ? '' : t('Manage apps')),
-			'$create' => (($mode == 'edit') ? t('Create new app') : '')
+			'$manage' => (($available) ? '' : t('Manage Apps')),
+			'$create' => (($mode == 'edit') ? t('Create Custom App') : '')
 		));
 	
 	}

Zotlabs/Module/Article_edit.php

@@ -122,7 +122,7 @@ class Article_edit extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Article_edit');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Article'),

Zotlabs/Module/Articles.php

@@ -1,19 +1,32 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
 
-class Articles extends \Zotlabs\Web\Controller {
+class Articles extends Controller {
 
 	function init() {
 	
 		if(argc() > 1)
 			$which = argv(1);
-		else
-			return;
+
+                if(! $which) {
+                        if(local_channel()) {
+                                $channel = App::get_channel();
+                                if($channel && $channel['channel_address'])
+                                $which = $channel['channel_address'];
+                        } else {
+				return;
+			}
+                }
 	
 		profile_load($which);
 	
@@ -25,22 +38,27 @@ class Articles extends \Zotlabs\Web\Controller {
 			return login();
 		}
 
-		if(! \App::$profile) {
+		if(! App::$profile) {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 
-		if(! feature_enabled(\App::$profile_uid,'articles')) {
-			return;
+		if(! Apps::system_app_installed(App::$profile_uid, 'Articles')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Articles App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Create interactive articles');
+			return $o;
 		}
 
-		nav_set_selected(t('Articles'));
+		nav_set_selected('Articles');
 
 		head_add_link([ 
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
@@ -48,19 +66,21 @@ class Articles extends \Zotlabs\Web\Controller {
 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
 					
 		if($category) {
-			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 		}
 
+		$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
+		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
 
 		$which = argv(1);
 		
 		$selected_card = ((argc() > 2) ? argv(2) : '');
 
-		$_SESSION['return_url'] = \App::$query_string;
+		$_SESSION['return_url'] = App::$query_string;
 	
 		$uid      = local_channel();
-		$owner    = \App::$profile_uid;
-		$observer = \App::get_observer();
+		$owner    = App::$profile_uid;
+		$observer = App::get_observer();
 	
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 		
@@ -98,7 +118,7 @@ class Articles extends \Zotlabs\Web\Controller {
 				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
 				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
-					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
 				'visitor'           => true,
@@ -120,7 +140,7 @@ class Articles extends \Zotlabs\Web\Controller {
 				$x['title'] = $_REQUEST['title'];
 			if($_REQUEST['body'])
 				$x['body'] = $_REQUEST['body'];
-			$editor = status_editor($a,$x);
+			$editor = status_editor($a,$x,false,'Articles');
 
 		}
 		else {
@@ -128,8 +148,8 @@ class Articles extends \Zotlabs\Web\Controller {
 		}
 		
 		$itemspage = get_pconfig(local_channel(),'system','itemspage');
-		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
 
 		
 		$sql_extra = item_permissions_sql($owner);
@@ -143,10 +163,21 @@ class Articles extends \Zotlabs\Web\Controller {
 				$sql_item = "and item.id = " . intval($r[0]['iid']) . " ";
 			}
 		}
-				
+		if($datequery) {
+			$sql_extra2 .= protect_sprintf(sprintf(" AND item.created <= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery))));
+			$order = 'post';
+		}
+		if($datequery2) {
+			$sql_extra2 .= protect_sprintf(sprintf(" AND item.created >= '%s' ", dbesc(datetime_convert(date_default_timezone_get(),'',$datequery2))));
+		}
+
+		if($datequery || $datequery2) {
+			$sql_extra2 .= " and item.item_thread_top != 0 ";
+		}
+
 		$r = q("select * from item 
 			where item.uid = %d and item_type = %d 
-			$sql_extra $sql_item order by item.created desc $pager_sql",
+			$sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_ARTICLE)
 		);
@@ -166,7 +197,7 @@ class Articles extends \Zotlabs\Web\Controller {
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra $sql_extra2 ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 			if($items) {

Zotlabs/Module/Authorize.php

@@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage;
 class Authorize extends \Zotlabs\Web\Controller {
 
 	function get() {
-		if (!local_channel()) {
+		if (! local_channel()) {
 			return login();
-		} else {
-			// TODO: Fully implement the dynamic client registration protocol:
-			// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
-			// http://openid.net/specs/openid-connect-registration-1_0.html
-			$app = array(
-				'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
-				'icon' => (x($_REQUEST, 'logo_uri')    ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
-				'url'  => (x($_REQUEST, 'client_uri')  ? urldecode($_REQUEST['client_uri']) : ''),
-			);
-			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
-				'$title' => t('Authorize'),
-				'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
-				'$app' => $app,
-				'$yes' => t('Allow'),
-				'$no' => t('Deny'),
-				'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
+		} 
+		else {
+
+			$name = $_REQUEST['client_name'];
+			if(! $name) {
+				$name = (($_REQUEST['client_id']) ?: t('Unknown App'));
+			}
+
+			$app = [
+				'name' => $name,
+				'icon' => (x($_REQUEST, 'logo_uri')    ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
+				'url'  => (x($_REQUEST, 'client_uri')  ? $_REQUEST['client_uri'] : ''),
+			];
+
+			$link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
+
+			$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
+				'$title'        => t('Authorize'),
+				'$authorize'    => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
+				'$app'          => $app,
+				'$yes'          => t('Allow'),
+				'$no'           => t('Deny'),
+				'$client_id'    => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
 				'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
-				'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
-			));
+				'$state'        => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
+			]);
 			return $o;
 		}
 	}
@@ -60,13 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller {
 		$request = \OAuth2\Request::createFromGlobals();
 		$response = new \OAuth2\Response();
 
+		// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. 
+		$channel = channelx_by_n(local_channel());
+		$user_id = $channel['channel_id'];
+
 		// If the client is not registered, add to the database
 		if (!$client = $storage->getClientDetails($client_id)) {
-			$client_secret = random_string(16);
+			// Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
+			$client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
 			// Client apps are registered per channel
-			$user_id = local_channel();
-			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', null, $user_id);
-			
+			$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
 		}
 		if (!$client = $storage->getClientDetails($client_id)) {
 			// There was an error registering the client.
@@ -83,7 +93,7 @@ class Authorize extends \Zotlabs\Web\Controller {
 
 		// print the authorization code if the user has authorized your client
 		$is_authorized = ($_POST['authorize'] === 'allow');
-		$s->handleAuthorizeRequest($request, $response, $is_authorized, local_channel());
+		$s->handleAuthorizeRequest($request, $response, $is_authorized, $user_id);
 		if ($is_authorized) {
 			$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
 			logger('Authorization Code: ' .  $code);

Zotlabs/Module/Blocks.php

@@ -109,7 +109,7 @@ class Blocks extends \Zotlabs\Web\Controller {
 		if($_REQUEST['pagetitle'])
 			$x['pagetitle'] = $_REQUEST['pagetitle'];
 	
-		$editor = status_editor($a,$x);
+		$editor = status_editor($a,$x,false,'Blocks');
 	
 
 		$r = q("select iconfig.iid, iconfig.k, iconfig.v, mid, title, body, mimetype, created, edited from iconfig 

Zotlabs/Module/Bookmarks.php

@@ -1,6 +1,9 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+
 
 class Bookmarks extends \Zotlabs\Web\Controller {
 
@@ -8,7 +11,10 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		nav_set_selected('View Bookmarks');
+		if(! Apps::system_app_installed(local_channel(), 'Bookmarks'))
+			return;
+
+		nav_set_selected('Bookmarks');
 
 		$item_id = intval($_REQUEST['item']);
 		$burl = trim($_REQUEST['burl']);
@@ -59,19 +65,26 @@ class Bookmarks extends \Zotlabs\Web\Controller {
 		killme();
 	}
 	
-		function get() {
+	function get() {
 		if(! local_channel()) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		if(! Apps::system_app_installed(local_channel(), 'Bookmarks')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Bookmarks App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Bookmark links from posts and manage them');
+			return $o;
+		}
 	
 		require_once('include/menu.php');
 		require_once('include/conversation.php');
 	
 		$channel = \App::get_channel();
 	
-		//$o = profile_tabs($a,true,$channel['channel_address']);
 		$o = '';
 	
 		$o .= '<div class="generic-content-wrapper-styled">';

Zotlabs/Module/Cal.php

@@ -6,6 +6,7 @@ require_once('include/bbcode.php');
 require_once('include/datetime.php');
 require_once('include/event.php');
 require_once('include/items.php');
+require_once('include/html2plain.php');
 
 
 class Cal extends \Zotlabs\Web\Controller {
@@ -74,7 +75,7 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 		$sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event');
 	
-		$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+		$first_day = feature_enabled($channel['channel_id'], 'events_cal_first_day');
 		$first_day = (($first_day) ? $first_day : 0);
 	
 		$htpl = get_markup_template('event_head.tpl');
@@ -88,9 +89,6 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 		$o = '';
 	
-		//$tabs = profile_tabs($a, True, $channel['channel_address']);
-		$tabs = '';
-	
 		$mode = 'view';
 		$y = 0;
 		$m = 0;
@@ -296,6 +294,7 @@ class Cal extends \Zotlabs\Web\Controller {
 					}
 					$html = format_event_html($rr);
 					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false);
 					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
@@ -347,8 +346,7 @@ class Cal extends \Zotlabs\Web\Controller {
 				'$next'		=> t('Next'),
 				'$today'	=> t('Today'),
 				'$form'		=> $form,
-				'$expandform'	=> ((x($_GET,'expandform')) ? true : false),
-				'$tabs'		=> $tabs
+				'$expandform'	=> ((x($_GET,'expandform')) ? true : false)
 			));
 			
 			if (x($_GET,'id')){ echo $o; killme(); }

Zotlabs/Module/Card_edit.php

@@ -122,7 +122,7 @@ class Card_edit extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Card_edit');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Card'),

Zotlabs/Module/Cards.php

@@ -1,12 +1,16 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
-
-class Cards extends \Zotlabs\Web\Controller {
+class Cards extends Controller {
 
 	function init() {
 
@@ -29,22 +33,27 @@ class Cards extends \Zotlabs\Web\Controller {
 			return login();
 		}
 
-		if(! \App::$profile) {
+		if(! App::$profile) {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 
-		if(! feature_enabled(\App::$profile_uid, 'cards')) {
-			return;
+		if(! Apps::system_app_installed(App::$profile_uid, 'Cards')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Cards App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Create personal planning cards');
+			return $o;
 		}
 
-		nav_set_selected(t('Cards'));
+		nav_set_selected('Cards');
 
 		head_add_link([
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
@@ -52,7 +61,7 @@ class Cards extends \Zotlabs\Web\Controller {
 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
 
 		if($category) {
-			$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'], 'item', $category, TERM_CATEGORY));
+			$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'], 'item', $category, TERM_CATEGORY));
 		}
 
 
@@ -60,11 +69,11 @@ class Cards extends \Zotlabs\Web\Controller {
 
 		$selected_card = ((argc() > 2) ? argv(2) : '');
 
-		$_SESSION['return_url'] = \App::$query_string;
+		$_SESSION['return_url'] = App::$query_string;
 
 		$uid      = local_channel();
-		$owner    = \App::$profile_uid;
-		$observer = \App::get_observer();
+		$owner    = App::$profile_uid;
+		$observer = App::get_observer();
 
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 
@@ -101,8 +110,8 @@ class Cards extends \Zotlabs\Web\Controller {
 				'nickname'          => $channel['channel_address'],
 				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'               => (($is_owner) ? populate_acl($channel_acl, false,
-					\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')) : ''),
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
 				'visitor'           => true,
@@ -124,7 +133,7 @@ class Cards extends \Zotlabs\Web\Controller {
 			if($_REQUEST['body'])
 				$x['body'] = $_REQUEST['body'];
 
-			$editor = status_editor($a, $x);
+			$editor = status_editor($a, $x, false, 'Cards');
 		}
 		else {
 			$editor = '';
@@ -132,8 +141,8 @@ class Cards extends \Zotlabs\Web\Controller {
 
 
 		$itemspage = get_pconfig(local_channel(),'system','itemspage');
-		\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
 
 
 		$sql_extra = item_permissions_sql($owner);
@@ -171,7 +180,7 @@ class Cards extends \Zotlabs\Web\Controller {
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra $sql_extra2 ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 			if($items) {

Zotlabs/Module/Cdav.php

@@ -1,12 +1,16 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
 require_once('include/event.php');
 
 require_once('include/auth.php');
 require_once('include/security.php');
 
-class Cdav extends \Zotlabs\Web\Controller {
+class Cdav extends Controller {
 
 	function init() {
 
@@ -126,8 +130,18 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'CalDAV/CardDAV');
 
 			if (local_channel()) {
+
 				logger('loggedin');
-				$channel = \App::get_channel();
+
+				if((argv(1) == 'calendars') && (!Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+					killme();
+				}
+
+				if((argv(1) == 'addressbooks') && (!Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+					killme();
+				}
+
+				$channel = App::get_channel();
 				$auth->setCurrentUser($channel['channel_address']);
 				$auth->channel_id = $channel['channel_id'];
 				$auth->channel_hash = $channel['channel_hash'];
@@ -161,12 +175,15 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$nodes = [
 				// /principals
 				new \Sabre\CalDAV\Principal\Collection($principalBackend),
+
 				// /calendars
 				new \Sabre\CalDAV\CalendarRoot($principalBackend, $caldavBackend),
+
 				// /addressbook
-				new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend),
+				new \Sabre\CardDAV\AddressBookRoot($principalBackend, $carddavBackend)
 			];
 
+
 			// The object tree needs in turn to be passed to the server class
 
 			$server = new \Sabre\DAV\Server($nodes);
@@ -204,7 +221,15 @@ class Cdav extends \Zotlabs\Web\Controller {
 		if(! local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+			return;
+		}
+
+		if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+			return;
+		}
+
+		$channel = App::get_channel();
 		$principalUri = 'principals/' . $channel['channel_address'];
 
 		if(!cdav_principal($principalUri))
@@ -807,7 +832,27 @@ class Cdav extends \Zotlabs\Web\Controller {
 		if(!local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if((argv(1) === 'calendar') && (! Apps::system_app_installed(local_channel(), 'CalDAV'))) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('CalDAV App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('CalDAV capable calendar');
+			return $o;
+		}
+
+		if((argv(1) === 'addressbook') && (! Apps::system_app_installed(local_channel(), 'CardDAV'))) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('CardDAV App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('CalDAV capable addressbook');
+			return $o;
+		}
+
+		App::$profile_uid = local_channel();
+
+		$channel = App::get_channel();
 		$principalUri = 'principals/' . $channel['channel_address'];
 
 		$pdo = \DBA::$dba->db;
@@ -862,7 +907,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 
 			$sources = rtrim($sources, ', ');
 
-			$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+			$first_day = feature_enabled(local_channel(), 'cal_first_day');
 			$first_day = (($first_day) ? $first_day : 0);
 
 			$title = ['title', t('Event title')];
@@ -874,7 +919,7 @@ class Cdav extends \Zotlabs\Web\Controller {
 			$o .= replace_macros(get_markup_template('cdav_calendar.tpl'), [
 				'$sources' => $sources,
 				'$color' => $color,
-				'$lang' => \App::$language,
+				'$lang' => App::$language,
 				'$first_day' => $first_day,
 				'$prev'	=> t('Previous'),
 				'$next'	=> t('Next'),

Zotlabs/Module/Channel.php

@@ -2,19 +2,23 @@
 
 namespace Zotlabs\Module;
 
-require_once('include/contact_widgets.php');
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\PermissionDescription;
+
 require_once('include/items.php');
-require_once("include/bbcode.php");
 require_once('include/security.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
-require_once('include/permissions.php');
+
 
 /**
  * @brief Channel Controller
  *
  */
-class Channel extends \Zotlabs\Web\Controller {
+
+class Channel extends Controller {
 
 	function init() {
 
@@ -26,7 +30,7 @@ class Channel extends \Zotlabs\Web\Controller {
 			$which = argv(1);
 		if(! $which) {
 			if(local_channel()) {
-				$channel = \App::get_channel();
+				$channel = App::get_channel();
 				if($channel && $channel['channel_address'])
 				$which = $channel['channel_address'];
 			}
@@ -37,7 +41,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		}
 
 		$profile = 0;
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 
 		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
 			$which = $channel['channel_address'];
@@ -67,15 +71,20 @@ class Channel extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
+		$noscript_content = get_config('system', 'noscript_content', '1');
+
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 
-		$checkjs = new \Zotlabs\Web\CheckJS(1);
-
 		$category = $datequery = $datequery2 = '';
 
 		$mid = ((x($_REQUEST,'mid')) ? $_REQUEST['mid'] : '');
 
+		if(strpos($mid,'b64.') === 0)
+			$decoded = @base64url_decode(substr($mid,4));
+		if($decoded)
+			$mid = $decoded;
+
 		$datequery = ((x($_GET,'dend') && is_a_date_arg($_GET['dend'])) ? notags($_GET['dend']) : '');
 		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');
 
@@ -95,22 +104,22 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if($update) {
 			// Ensure we've got a profile owner if updating.
-			\App::$profile['profile_uid'] = \App::$profile_uid = $update;
+			App::$profile['profile_uid'] = App::$profile_uid = $update;
 		}
 
-		$is_owner = (((local_channel()) && (\App::$profile['profile_uid'] == local_channel())) ? true : false);
+		$is_owner = (((local_channel()) && (App::$profile['profile_uid'] == local_channel())) ? true : false);
 
-		$channel = \App::get_channel();
-		$observer = \App::get_observer();
+		$channel = App::get_channel();
+		$observer = App::get_observer();
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
 
-		$perms = get_all_perms(\App::$profile['profile_uid'],$ob_hash);
+		$perms = get_all_perms(App::$profile['profile_uid'],$ob_hash);
 
 		if(! $perms['view_stream']) {
 			// We may want to make the target of this redirect configurable
 			if($perms['view_profile']) {
 				notice( t('Insufficient permissions.  Request redirected to profile page.') . EOL);
-				goaway (z_root() . "/profile/" . \App::$profile['channel_address']);
+				goaway (z_root() . "/profile/" . App::$profile['channel_address']);
 			}
 			notice( t('Permission denied.') . EOL);
 			return;
@@ -121,7 +130,7 @@ class Channel extends \Zotlabs\Web\Controller {
 
 			nav_set_selected('Channel Home');
 
-			$static = channel_manual_conv_update(\App::$profile['profile_uid']);
+			$static = channel_manual_conv_update(App::$profile['profile_uid']);
 
 			// search terms header
 			if($search) {
@@ -147,16 +156,16 @@ class Channel extends \Zotlabs\Web\Controller {
 
 				$x = array(
 					'is_owner' => $is_owner,
-					'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(\App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false),
-					'default_location' => (($is_owner) ? \App::$profile['channel_location'] : ''),
-					'nickname' => \App::$profile['channel_address'],
-					'lockstate' => (((strlen(\App::$profile['channel_allow_cid'])) || (strlen(\App::$profile['channel_allow_gid'])) || (strlen(\App::$profile['channel_deny_cid'])) || (strlen(\App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
-					'acl' => (($is_owner) ? populate_acl($channel_acl,true, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
+					'allow_location' => ((($is_owner || $observer) && (intval(get_pconfig(App::$profile['profile_uid'],'system','use_browser_location')))) ? true : false),
+					'default_location' => (($is_owner) ? App::$profile['channel_location'] : ''),
+					'nickname' => App::$profile['channel_address'],
+					'lockstate' => (((strlen(App::$profile['channel_allow_cid'])) || (strlen(App::$profile['channel_allow_gid'])) || (strlen(App::$profile['channel_deny_cid'])) || (strlen(App::$profile['channel_deny_gid']))) ? 'lock' : 'unlock'),
+					'acl' => (($is_owner) ? populate_acl($channel_acl,true, PermissionDescription::fromGlobalPermission('view_stream'), get_post_aclDialogDescription(), 'acl_dialog_post') : ''),
 					'permissions' => $channel_acl,
 					'showacl' => (($is_owner) ? 'yes' : ''),
 					'bang' => '',
 					'visitor' => (($is_owner || $observer) ? true : false),
-					'profile_uid' => \App::$profile['profile_uid'],
+					'profile_uid' => App::$profile['profile_uid'],
 					'editor_autocomplete' => true,
 					'bbco_autocomplete' => 'bbcode',
 					'bbcode' => true,
@@ -164,7 +173,7 @@ class Channel extends \Zotlabs\Web\Controller {
 					'reset' => t('Reset form')
 				);
 
-				$o .= status_editor($a,$x);
+				$o .= status_editor($a,$x,false,'Channel');
 			}
 
 		}
@@ -176,14 +185,14 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
-		$sql_extra = item_permissions_sql(\App::$profile['profile_uid']);
+		$sql_extra = item_permissions_sql(App::$profile['profile_uid']);
 
-		if(get_pconfig(\App::$profile['profile_uid'],'system','channel_list_mode') && (! $mid))
+		if(feature_enabled(App::$profile['profile_uid'], 'channel_list_mode') && (! $mid))
 			$page_mode = 'list';
 		else
 			$page_mode = 'client';
 
-		$abook_uids = " and abook.abook_channel = " . intval(\App::$profile['profile_uid']) . " ";
+		$abook_uids = " and abook.abook_channel = " . intval(App::$profile['profile_uid']) . " ";
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
@@ -193,7 +202,8 @@ class Channel extends \Zotlabs\Web\Controller {
 				$sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG,TERM_COMMUNITYTAG);
 			}
 			else {
-				$sql_extra .= sprintf(" AND item.body like '%s' ",
+				$sql_extra .= sprintf(" AND (item.body like '%s' OR item.title like '%s') ",
+					dbesc(protect_sprintf('%' . $search . '%')),
 					dbesc(protect_sprintf('%' . $search . '%'))
 				);
 			}
@@ -203,7 +213,7 @@ class Channel extends \Zotlabs\Web\Controller {
 		head_add_link([ 
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
-			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
 			'title' => 'oembed'
 		]);
 
@@ -221,7 +231,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal_update
 					AND item_wall = 1 $simple_update $sql_extra limit 1",
 					dbesc($mid . '%'),
-					intval(\App::$profile['profile_uid'])
+					intval(App::$profile['profile_uid'])
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -233,7 +243,7 @@ class Channel extends \Zotlabs\Web\Controller {
 					AND (abook.abook_blocked = 0 or abook.abook_flags is null)
 					$sql_extra
 					ORDER BY created DESC",
-					intval(\App::$profile['profile_uid'])
+					intval(App::$profile['profile_uid'])
 				);
 				$_SESSION['loadtime'] = datetime_convert();
 			}
@@ -242,10 +252,10 @@ class Channel extends \Zotlabs\Web\Controller {
 		else {
 
 			if(x($category)) {
-				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 			}
 			if(x($hashtags)) {
-				$sql_extra2 .= protect_sprintf(term_item_parent_query(\App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
+				$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $hashtags, TERM_HASHTAG, TERM_COMMUNITYTAG));
 			}
 
 			if($datequery) {
@@ -267,15 +277,15 @@ class Channel extends \Zotlabs\Web\Controller {
 
 
 			$itemspage = get_pconfig(local_channel(),'system','itemspage');
-			\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+			App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
 
-			if($load || ($checkjs->disabled())) {
+			if($noscript_content || $load) {
 				if($mid) {
 					$r = q("SELECT parent AS item_id from item where mid like '%s' and uid = %d $item_normal
 						AND item_wall = 1 $sql_extra limit 1",
 						dbesc($mid . '%'),
-						intval(\App::$profile['profile_uid'])
+						intval(App::$profile['profile_uid'])
 					);
 					if (! $r) {
 						notice( t('Permission denied.') . EOL);
@@ -289,7 +299,7 @@ class Channel extends \Zotlabs\Web\Controller {
 						AND item.item_wall = 1 AND item.item_thread_top = 1
 						$sql_extra $sql_extra2 
 						ORDER BY $ordering DESC $pager_sql ",
-						intval(\App::$profile['profile_uid'])
+						intval(App::$profile['profile_uid'])
 					);
 				}
 			}
@@ -306,7 +316,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
 				$sql_extra ",
-				intval(\App::$profile['profile_uid']),
+				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
 
@@ -326,22 +336,25 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		if((! $update) && (! $load)) {
 
+			if($decoded)
+				$mid = 'b64.' . base64url_encode($mid);
+
 			// This is ugly, but we can't pass the profile_uid through the session to the ajax updater,
 			// because browser prefetching might change it on us. We have to deliver it with the page.
 
-			$maxheight = get_pconfig(\App::$profile['profile_uid'],'system','channel_divmore_height');
+			$maxheight = get_pconfig(App::$profile['profile_uid'],'system','channel_divmore_height');
 			if(! $maxheight)
 				$maxheight = 400;
 
 			$o .= '<div id="live-channel"></div>' . "\r\n";
-			$o .= "<script> var profile_uid = " . \App::$profile['profile_uid']
-				. "; var netargs = '?f='; var profile_page = " . \App::$pager['page']
+			$o .= "<script> var profile_uid = " . App::$profile['profile_uid']
+				. "; var netargs = '?f='; var profile_page = " . App::$pager['page']
 				. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
 
-			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+			App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
 				'$baseurl' => z_root(),
 				'$pgtype' => 'channel',
-				'$uid' => ((\App::$profile['profile_uid']) ? \App::$profile['profile_uid'] : '0'),
+				'$uid' => ((App::$profile['profile_uid']) ? App::$profile['profile_uid'] : '0'),
 				'$gid' => '0',
 				'$cid' => '0',
 				'$cmin' => '(-1)',
@@ -354,7 +367,7 @@ class Channel extends \Zotlabs\Web\Controller {
 				'$wall' => '1',
 				'$fh' => '0',
 				'$static'  => $static,
-				'$page' => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
+				'$page' => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
 				'$search' => $search,
 				'$xchan' => '',
 				'$order' => $order,
@@ -405,17 +418,26 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$mode = (($search) ? 'search' : 'channel');
 
-		if($checkjs->disabled()) {
-			$o .= conversation($items,$mode,$update,'traditional');
-		}
-		else {
+		if($update) {
 			$o .= conversation($items,$mode,$update,$page_mode);
 		}
+		else {
+
+			$o .= '<noscript>';
+			if($noscript_content) {
+				$o .= conversation($items,$mode,$update,'traditional');
+				$o .= alt_pager(count($items));
+			}
+			else {
+				$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+			}
+			$o .= '</noscript>';
+
+			$o .= conversation($items,$mode,$update,$page_mode);
 
-		if((! $update) || ($checkjs->disabled())) {
-			$o .= alt_pager(count($items));
 			if ($mid && $items[0]['title'])
-				\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
+				App::$page['title'] = $items[0]['title'] . " - " . App::$page['title'];
+
 		}
 
 		if($mid)

Zotlabs/Module/Chat.php

@@ -1,13 +1,19 @@
 <?php /** @file */
 
-namespace Zotlabs\Module; 
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Chatroom;
+use Zotlabs\Access\AccessList;
+
+
 
 
 require_once('include/bookmarks.php');
 
-use \Zotlabs\Lib as Zlib;
-
-class Chat extends \Zotlabs\Web\Controller {
+class Chat extends Controller {
 
 	function init() {
 	
@@ -16,7 +22,7 @@ class Chat extends \Zotlabs\Web\Controller {
 			$which = argv(1);
 		if(! $which) {
 			if(local_channel()) {
-				$channel = \App::get_channel();
+				$channel = App::get_channel();
 				if($channel && $channel['channel_address'])
 				$which = $channel['channel_address'];
 			}
@@ -27,7 +33,7 @@ class Chat extends \Zotlabs\Web\Controller {
 		}
 	
 		$profile = 0;
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		if((local_channel()) && (argc() > 2) && (argv(2) === 'view')) {
 			$which = $channel['channel_address'];
@@ -49,16 +55,16 @@ class Chat extends \Zotlabs\Web\Controller {
 		if((! $room) || (! local_channel()))
 			return;
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 	
 		if($_POST['action'] === 'drop') {
 			logger('delete chatroom');
-			Zlib\Chatroom::destroy($channel,array('cr_name' => $room));
+			Chatroom::destroy($channel,array('cr_name' => $room));
 			goaway(z_root() . '/chat/' . $channel['channel_address']);
 		}
 	
-		$acl = new \Zotlabs\Access\AccessList($channel);
+		$acl = new AccessList($channel);
 		$acl->set_from_array($_REQUEST);
 	
 		$arr = $acl->get();
@@ -67,7 +73,7 @@ class Chat extends \Zotlabs\Web\Controller {
 		if(intval($arr['expire']) < 0)
 			$arr['expire'] = 0;
 	
-		Zlib\Chatroom::create($channel,$arr);
+		Chatroom::create($channel,$arr);
 	
 		$x = q("select * from chatroom where cr_name = '%s' and cr_uid = %d limit 1",
 			dbesc($room),
@@ -88,26 +94,35 @@ class Chat extends \Zotlabs\Web\Controller {
 	
 	
 	function get() {
+
+		if(! Apps::system_app_installed(App::$profile_uid, 'Chatrooms')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Chatrooms App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Access Controlled Chatrooms');
+			return $o;
+		}
 	
 		if(local_channel()) {
-			$channel = \App::get_channel();
-			nav_set_selected('My Chatrooms');
+			$channel = App::get_channel();
+			nav_set_selected('Chatrooms');
 		}
 
-		$ob = \App::get_observer();
+		$ob = App::get_observer();
 		$observer = get_observer_hash();
 		if(! $observer) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 	
-		if(! perm_is_allowed(\App::$profile['profile_uid'],$observer,'chat')) {
+		if(! perm_is_allowed(App::$profile['profile_uid'],$observer,'chat')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
 		
 		if((argc() > 3) && intval(argv(2)) && (argv(3) === 'leave')) {
-			Zlib\Chatroom::leave($observer,argv(2),$_SERVER['REMOTE_ADDR']);
+			Chatroom::leave($observer,argv(2),$_SERVER['REMOTE_ADDR']);
 			goaway(z_root() . '/channel/' . argv(1));
 		}
 	
@@ -160,16 +175,16 @@ class Chat extends \Zotlabs\Web\Controller {
 			$room_id = intval(argv(2));
 			$bookmark_link = get_bookmark_link($ob);
 	
-			$x = Zlib\Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']);
+			$x = Chatroom::enter($observer,$room_id,'online',$_SERVER['REMOTE_ADDR']);
 			if(! $x)
 				return;
 			$x = q("select * from chatroom where cr_id = %d and cr_uid = %d $sql_extra limit 1",
 				intval($room_id),
-				intval(\App::$profile['profile_uid'])
+				intval(App::$profile['profile_uid'])
 			);
 	
 			if($x) {
-				$acl = new \Zotlabs\Access\AccessList(false);
+				$acl = new AccessList(false);
 				$acl->set($x[0]);
 	
 				$private = $acl->is_private();
@@ -208,19 +223,12 @@ class Chat extends \Zotlabs\Web\Controller {
 			));
 			return $o;
 		}
-	
-	
+
 		require_once('include/conversation.php');
 	
-		//$o = profile_tabs($a,((local_channel() && local_channel() == \App::$profile['profile_uid']) ? true : false),\App::$profile['channel_address']);
 		$o = '';
-	
-		if(! feature_enabled(\App::$profile['profile_uid'],'ajaxchat')) {
-			notice( t('Feature disabled.') . EOL);
-			return $o;
-		}
 
-		$acl = new \Zotlabs\Access\AccessList($channel);
+		$acl = new AccessList($channel);
 		$channel_acl = $acl->get();
 
 		$lockstate = (($channel_acl['allow_cid'] || $channel_acl['allow_gid'] || $channel_acl['deny_cid'] || $channel_acl['deny_gid']) ? 'lock' : 'unlock');
@@ -244,17 +252,17 @@ class Chat extends \Zotlabs\Web\Controller {
 			));
 		}
 
-		$rooms = Zlib\Chatroom::roomlist(\App::$profile['profile_uid']);
+		$rooms = Chatroom::roomlist(App::$profile['profile_uid']);
 	
 		$o .= replace_macros(get_markup_template('chatrooms.tpl'), array(
-			'$header' => sprintf( t('%1$s\'s Chatrooms'), \App::$profile['fullname']),
+			'$header' => sprintf( t('%1$s\'s Chatrooms'), App::$profile['fullname']),
 			'$name' => t('Name'),
 			'$baseurl' => z_root(),
-			'$nickname' => \App::$profile['channel_address'],
+			'$nickname' => App::$profile['channel_address'],
 			'$rooms' => $rooms,
 			'$norooms' => t('No chatrooms available'),
 			'$newroom' => t('Create New'),
-			'$is_owner' => ((local_channel() && local_channel() == \App::$profile['profile_uid']) ? 1 : 0),
+			'$is_owner' => ((local_channel() && local_channel() == App::$profile['profile_uid']) ? 1 : 0),
 			'$chatroom_new' => $chatroom_new,
 			'$expire' => t('Expiration'),
 			'$expire_unit' => t('min') //minutes

Zotlabs/Module/Connect.php

@@ -1,21 +1,21 @@
 <?php
 namespace Zotlabs\Module; /** @file */
 
-
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
 
 require_once('include/contact_widgets.php');
 require_once('include/items.php');
 
-
-
-class Connect extends \Zotlabs\Web\Controller {
+class Connect extends Controller {
 
 	function init() {
 		if(argc() > 1)
 			$which = argv(1);
 		else {
 			notice( t('Requested profile is not available.') . EOL );
-			\App::$error = 404;
+			App::$error = 404;
 			return;
 		}
 	
@@ -24,20 +24,32 @@ class Connect extends \Zotlabs\Web\Controller {
 		);
 	
 		if($r)
-			\App::$data['channel'] = $r[0];
+			App::$data['channel'] = $r[0];
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			return;
+		}
 	
 		profile_load($which,'');
 	}
 	
 	function post() {
 	
-		if(! array_key_exists('channel', \App::$data))
+		if(! array_key_exists('channel', App::$data))
 			return;
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			return;
+		}
 	
-		$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);
+		$edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false);
 	
 		if($edit) {
-			$has_premium = ((\App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0);
+			$has_premium = ((App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? 1 : 0);
 			$premium = (($_POST['premium']) ? intval($_POST['premium']) : 0);
 			$text = escape_tags($_POST['text']);
 			
@@ -48,25 +60,25 @@ class Connect extends \Zotlabs\Web\Controller {
 					intval(local_channel()) 
 				);
 				
-				\Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',\App::$data['channel']['channel_id']));
+				\Zotlabs\Daemon\Master::Summon(array('Notifier','refresh_all',$channel_id));
 			}
-			set_pconfig(\App::$data['channel']['channel_id'],'system','selltext',$text);
+			set_pconfig($channel_id,'system','selltext',$text);
 			// reload the page completely to get fresh data
-			goaway(z_root() . '/' . \App::$query_string);
+			goaway(z_root() . '/' . App::$query_string);
 	
 		}
 	
 		$url = '';
-		$observer = \App::get_observer();
+		$observer = App::get_observer();
 		if(($observer) && ($_POST['submit'] === t('Continue'))) {
 			if($observer['xchan_follow'])
-				$url = sprintf($observer['xchan_follow'],urlencode(channel_reddress(\App::$data['channel'])));
+				$url = sprintf($observer['xchan_follow'],urlencode(channel_reddress(App::$data['channel'])));
 			if(! $url) {
 				$r = q("select * from hubloc where hubloc_hash = '%s' order by hubloc_id desc limit 1",
 					dbesc($observer['xchan_hash'])
 				);
 				if($r)
-					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(\App::$data['channel']));
+					$url = $r[0]['hubloc_url'] . '/follow?f=&url=' . urlencode(channel_reddress(App::$data['channel']));
 			}
 		}
 		if($url)
@@ -79,17 +91,31 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 	
 	function get() {
+
+		if(! array_key_exists('channel', App::$data))
+			return;
+
+		$channel_id = App::$data['channel']['channel_id'];
+
+		if(! Apps::system_app_installed($channel_id, 'Premium Channel')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Premium Channel App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Allows you to set restrictions and terms on those that connect with your channel');
+			return $o;
+		}
 	
-		$edit = ((local_channel() && (local_channel() == \App::$data['channel']['channel_id'])) ? true : false);
+		$edit = ((local_channel() && (local_channel() == $channel_id)) ? true : false);
 	
-		$text = get_pconfig(\App::$data['channel']['channel_id'],'system','selltext');
+		$text = get_pconfig($channel_id,'system','selltext');
 	
 		if($edit) {
 	
 			$o = replace_macros(get_markup_template('sellpage_edit.tpl'),array(
 				'$header' => t('Premium Channel Setup'),
-				'$address' => \App::$data['channel']['channel_address'],
-				'$premium' => array('premium', t('Enable premium channel connection restrictions'),((\App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? '1' : ''),''),
+				'$address' => App::$data['channel']['channel_address'],
+				'$premium' => array('premium', t('Enable premium channel connection restrictions'),((App::$data['channel']['channel_pageflags'] & PAGE_PREMIUM) ? '1' : ''),''),
 				'$lbl_about' => t('Please enter your restrictions or conditions, such as paypal receipt, usage guidelines, etc.'),
 	 			'$text' => $text,
 				'$desc' => t('This channel may require additional steps or acknowledgement of the following conditions prior to connecting:'),
@@ -107,7 +133,7 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 			$submit = replace_macros(get_markup_template('sellpage_submit.tpl'), array(
 				'$continue' => t('Continue'),			
-				'$address' => \App::$data['channel']['channel_address']
+				'$address' => App::$data['channel']['channel_address']
 			));
 	
 			$o = replace_macros(get_markup_template('sellpage_view.tpl'),array(
@@ -120,7 +146,7 @@ class Connect extends \Zotlabs\Web\Controller {
 	
 			));
 	
-			$arr = array('channel' => \App::$data['channel'],'observer' => \App::get_observer(), 'sellpage' => $o, 'submit' => $submit);
+			$arr = array('channel' => App::$data['channel'],'observer' => App::get_observer(), 'sellpage' => $o, 'submit' => $submit);
 			call_hooks('connect_premium', $arr);
 			$o = $arr['sellpage'];
 	

Zotlabs/Module/Connections.php

@@ -1,6 +1,7 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
@@ -12,8 +13,10 @@ class Connections extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		App::$profile_uid = local_channel();
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);
 	
@@ -43,7 +46,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		$all         = false;
 	
 		if(! $_REQUEST['aj'])
-			$_SESSION['return_url'] = \App::$query_string;
+			$_SESSION['return_url'] = App::$query_string;
 	
 		$search_flags = "";
 		$head = '';
@@ -88,14 +91,14 @@ class Connections extends \Zotlabs\Web\Controller {
 						$search_flags = " and abook_pending = 1 ";
 						$head = t('New');
 						$pending = true;
-						\App::$argv[1] = 'pending';
+						App::$argv[1] = 'pending';
 					}
 					else {
 						$head = t('All');
 						$search_flags = '';
 						$all = true;
-						\App::$argc = 1;
-						unset(\App::$argv[1]);
+						App::$argc = 1;
+						unset(App::$argv[1]);
 					}
 					break;
 	//			case 'unconnected':
@@ -217,7 +220,7 @@ class Connections extends \Zotlabs\Web\Controller {
 		$sql_extra .= (($searching) ? protect_sprintf(" AND xchan_name like '%$search_txt%' ") : "");
 	
 		if($_REQUEST['gid']) {
-			$sql_extra .= " and xchan_hash in ( select xchan from group_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
+			$sql_extra .= " and xchan_hash in ( select xchan from pgrp_member where gid = " . intval($_REQUEST['gid']) . " and uid = " . intval(local_channel()) . " ) ";
 		}
 	 	
 		$r = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash 
@@ -225,15 +228,15 @@ class Connections extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($r) {
-			\App::set_pager_total($r[0]['total']);
+			App::set_pager_total($r[0]['total']);
 			$total = $r[0]['total'];
 		}
 	
 		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash
 			WHERE abook_channel = %d and abook_self = 0 and xchan_deleted = 0 and xchan_orphan = 0 $sql_extra $sql_extra2 ORDER BY xchan_name LIMIT %d OFFSET %d ",
 			intval(local_channel()),
-			intval(\App::$pager['itemspage']),
-			intval(\App::$pager['start'])
+			intval(App::$pager['itemspage']),
+			intval(App::$pager['start'])
 		);
 	
 		$contacts = array();
@@ -337,7 +340,7 @@ class Connections extends \Zotlabs\Web\Controller {
 				'$finding' => (($searching) ? t('Connections search') . ": '" . $search . "'" : ""),
 				'$submit' => t('Find'),
 				'$edit' => t('Edit'),
-				'$cmd' => \App::$cmd,
+				'$cmd' => App::$cmd,
 				'$contacts' => $contacts,
 				'$paginate' => paginate($a),
 	

Zotlabs/Module/Connedit.php

@@ -7,6 +7,7 @@ namespace Zotlabs\Module;
  *
  */
 
+use Zotlabs\Lib\Apps;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
@@ -774,7 +775,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 	
 			$global_perms = \Zotlabs\Access\Permissions::Perms();
 
-			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
+			$existing = get_all_perms(local_channel(),$contact['abook_xchan'],false);
 	
 			$unapproved = array('pending', t('Approve this connection'), '', t('Accept connection to allow communication'), array(t('No'),('Yes')));
 	
@@ -851,7 +852,7 @@ class Connedit extends \Zotlabs\Web\Controller {
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('Connection requests will be approved without your interaction'), $yes_no),
 				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
-				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
+				'$permcat_enable' => Apps::system_app_installed(local_channel(), 'Permission Categories'),
 				'$addr'           => unpunify($contact['xchan_addr']),
 				'$primeurl'       => unpunify($contact['xchan_url']),
 				'$section'        => $section,

Zotlabs/Module/Contactgroup.php

@@ -23,7 +23,7 @@ class Contactgroup extends \Zotlabs\Web\Controller {
 	
 		if((argc() > 1) && (intval(argv(1)))) {
 	
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);

Zotlabs/Module/Defperms.php

@@ -1,14 +1,16 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
 
 require_once('include/socgraph.php');
 require_once('include/selectors.php');
 require_once('include/group.php');
 require_once('include/photos.php');
 
-
-class Defperms extends \Zotlabs\Web\Controller {
+class Defperms extends Controller {
 
 	/* @brief Initialize the connection-editor
 	 *
@@ -19,6 +21,9 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions'))
+			return;
 	
 		$r = q("SELECT abook.*, xchan.*
 			FROM abook left join xchan on abook_xchan = xchan_hash
@@ -26,10 +31,10 @@ class Defperms extends \Zotlabs\Web\Controller {
 			intval(local_channel())
 		);
 		if($r) {
-			\App::$poi = $r[0];
+			App::$poi = $r[0];
 		}
 
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		if($channel)
 			head_set_icon($channel['xchan_photo_s']);	
 	}
@@ -43,12 +48,15 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions'))
+			return;
 	
 		$contact_id = intval(argv(1));
 		if(! $contact_id)
 			return;
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$orig_record = q("SELECT * FROM abook WHERE abook_id = %d AND abook_channel = %d LIMIT 1",
 			intval($contact_id),
@@ -112,7 +120,7 @@ class Defperms extends \Zotlabs\Web\Controller {
 			intval($contact_id)
 		);
 		if($r) {
-			\App::$poi = $r[0];
+			App::$poi = $r[0];
 		}
 	
 	
@@ -131,22 +139,22 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 	function defperms_clone(&$a) {
 	
-			if(! \App::$poi)
+			if(! App::$poi)
 				return;
 		
-			$channel = \App::get_channel();
+			$channel = App::get_channel();
 	
 			$r = q("SELECT abook.*, xchan.*
 				FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d and abook_id = %d LIMIT 1",
 				intval(local_channel()),
-				intval(\App::$poi['abook_id'])
+				intval(App::$poi['abook_id'])
 			);
 			if($r) {
-				\App::$poi = array_shift($r);
+				App::$poi = array_shift($r);
 			}
 	
-			$clone = \App::$poi;
+			$clone = App::$poi;
 	
 			unset($clone['abook_id']);
 			unset($clone['abook_account']);
@@ -173,9 +181,18 @@ class Defperms extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return login();
 		}
+
+		if(! Apps::system_app_installed(local_channel(), 'Default Permissions')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Default Permissions App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Set custom default permissions for new connections');
+			return $o;
+		}
 	
 		$section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : '');
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$yes_no = array(t('No'),t('Yes'));
 	
@@ -193,7 +210,7 @@ class Defperms extends \Zotlabs\Web\Controller {
 		}
 		$o .= " }\n</script>\n";
 	
-		if(\App::$poi) {
+		if(App::$poi) {
 	
 			$sections = [];
 
@@ -203,13 +220,12 @@ class Defperms extends \Zotlabs\Web\Controller {
 	
 	
 			$perms = array();
-			$channel = \App::get_channel();
+			$channel = App::get_channel();
 
-			$contact = \App::$poi;
+			$contact = App::$poi;
 	
 			$global_perms = \Zotlabs\Access\Permissions::Perms();
 
-			$existing = get_all_perms(local_channel(),$contact['abook_xchan']);
 			$hidden_perms = [];
 	
 			foreach($global_perms as $k => $v) {
@@ -239,7 +255,7 @@ class Defperms extends \Zotlabs\Web\Controller {
 				'$autoperms'      => array('autoperms',t('Apply these permissions automatically'), ((get_pconfig(local_channel(),'system','autoperms')) ? 1 : 0), t('If enabled, connection requests will be approved without your interaction'), $yes_no),
 				'$permcat'        => [ 'permcat', t('Permission role'), '', '<span class="loading invisible">' . t('Loading') . '<span class="jumping-dots"><span class="dot-1">.</span><span class="dot-2">.</span><span class="dot-3">.</span></span></span>',$permcats ],
 				'$permcat_new'    => t('Add permission role'),
-				'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
+				'$permcat_enable' => Apps::system_app_installed(local_channel(), 'Permission Categories'),
 				'$section'        => $section,
 				'$sections'       => $sections,
 				'$autolbl'        => t('The permissions indicated on this page will be applied to all new connections.'),

Zotlabs/Module/Directory.php

@@ -12,13 +12,16 @@ class Directory extends \Zotlabs\Web\Controller {
 	function init() {
 		\App::set_pager_itemspage(60);
 	
-		if(x($_GET,'ignore')) {
+		if(local_channel() && x($_GET,'ignore')) {
 			q("insert into xign ( uid, xchan ) values ( %d, '%s' ) ",
 				intval(local_channel()),
 				dbesc($_GET['ignore'])
 			);
 			goaway(z_root() . '/directory?f=&suggest=1');
 		}
+
+		if(local_channel())
+			\App::$profile_uid = local_channel();
 	
 		$observer = get_observer_hash();
 		$global_changed = false;
@@ -55,6 +58,7 @@ class Directory extends \Zotlabs\Web\Controller {
 			if($observer)
 				set_xconfig($observer,'directory','pubforums',$pubforums);
 		}
+
 	}
 	
 	function get() {

Zotlabs/Module/Display.php

@@ -12,8 +12,9 @@ class Display extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
-		$module_format = 'html';
+		$noscript_content = (get_config('system', 'noscript_content', '1') && (! $update));
 
+		$module_format = 'html';
 
 		if(argc() > 1) {
 			$module_format = substr(argv(1),strrpos(argv(1),'.') + 1);
@@ -21,8 +22,6 @@ class Display extends \Zotlabs\Web\Controller {
 				$module_format = 'html';			
 		}
 
-		$checkjs = new \Zotlabs\Web\CheckJS(1);
-	
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 	
@@ -82,7 +81,7 @@ class Display extends \Zotlabs\Web\Controller {
 			);
 	
 			$o = '<div id="jot-popup">';
-			$o .= status_editor($a,$x);
+			$o .= status_editor($a,$x,false,'Display');
 			$o .= '</div>';
 		}
 	
@@ -253,53 +252,44 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$sql_extra = public_permissions_sql($observer_hash);
 
-		if(($update && $load) || ($checkjs->disabled()) || ($module_format !== 'html')) {
+		if($noscript_content || $load) {
 
-			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start']));
+			$r = null;
 
-			if($load || ($checkjs->disabled()) || ($module_format !== 'html')) {
+			require_once('include/channel.php');
+			$sys = get_sys_channel();
+			$sysid = $sys['channel_id'];
 
-				$r = null;
-
-				require_once('include/channel.php');
-				$sys = get_sys_channel();
-				$sysid = $sys['channel_id'];
-
-				if(local_channel()) {
-					$r = q("SELECT item.id as item_id from item
-						WHERE uid = %d
-						and mid = '%s'
-						$item_normal
-						limit 1",
-						intval(local_channel()),
-						dbesc($target_item['parent_mid'])
-					);
-					if($r) {
-						$updateable = true;
-					}
+			if(local_channel()) {
+				$r = q("SELECT item.id as item_id from item WHERE uid = %d and mid = '%s' $item_normal limit 1",
+					intval(local_channel()),
+					dbesc($target_item['parent_mid'])
+				);
+				if($r) {
+					$updateable = true;
 				}
+			}
 
-				if(! $r) {
+			if(! $r) {
 
-					// in case somebody turned off public access to sys channel content using permissions
-					// make that content unsearchable by ensuring the owner uid can't match
+				// in case somebody turned off public access to sys channel content using permissions
+				// make that content unsearchable by ensuring the owner uid can't match
 
-					if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
-						$sysid = 0;
+				if(! perm_is_allowed($sysid,$observer_hash,'view_stream'))
+					$sysid = 0;
 
-					$r = q("SELECT item.id as item_id from item
-						WHERE mid = '%s'
-						AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
-						AND item.deny_gid  = '' AND item_private = 0 ) 
-						and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
-						OR uid = %d )
-						$sql_extra )
-						$item_normal
-						limit 1",
-						dbesc($target_item['parent_mid']),
-						intval($sysid)
-					);
-				}
+				$r = q("SELECT item.id as item_id from item
+					WHERE mid = '%s'
+					AND (((( item.allow_cid = ''  AND item.allow_gid = '' AND item.deny_cid  = '' 
+					AND item.deny_gid  = '' AND item_private = 0 ) 
+					and uid in ( " . stream_perms_api_uids(($observer_hash) ? (PERMS_NETWORK|PERMS_PUBLIC) : PERMS_PUBLIC) . " ))
+					OR uid = %d )
+					$sql_extra )
+					$item_normal
+					limit 1",
+					dbesc($target_item['parent_mid']),
+					intval($sysid)
+				);
 			}
 		}
 	
@@ -309,7 +299,6 @@ class Display extends \Zotlabs\Web\Controller {
 			require_once('include/channel.php');
 			$sys = get_sys_channel();
 			$sysid = $sys['channel_id'];
-
 			if(local_channel()) {
 				$r = q("SELECT item.parent AS item_id from item
 					WHERE uid = %d
@@ -350,7 +339,7 @@ class Display extends \Zotlabs\Web\Controller {
 		else {
 			$r = array();
 		}
-	
+
 		if($r) {
 			$parents_str = ids_to_querystr($r,'item_id');
 			if($parents_str) {
@@ -373,14 +362,23 @@ class Display extends \Zotlabs\Web\Controller {
 			
 		case 'html':
 
-			if ($checkjs->disabled()) {
-				$o .= conversation($items, 'display', $update, 'traditional');
-				if ($items[0]['title'])
-					\App::$page['title'] = $items[0]['title'] . " - " . \App::$page['title'];
-			} 
-			else {
+			if ($update) {
 				$o .= conversation($items, 'display', $update, 'client');
 			}
+			else {
+				$o .= '<noscript>';
+				if($noscript_content) {
+					$o .= conversation($items, 'display', $update, 'traditional');
+				}
+				else {
+					$o .= '<div class="section-content-warning-wrapper">' . t('You must enable javascript for your browser to be able to view this content.') . '</div>';
+				}
+				$o .= '</noscript>';
+
+				\App::$page['title'] = (($items[0]['title']) ? $items[0]['title'] . " - " . \App::$page['title'] : \App::$page['title']);
+
+				$o .= conversation($items, 'display', $update, 'client');
+			} 
 
 			break;
 
@@ -435,7 +433,7 @@ class Display extends \Zotlabs\Web\Controller {
 
 		$o .= '<div id="content-complete"></div>';
 
-		if((($update && $load) || $checkjs->disabled()) && (! $items))  {
+		if((($update && $load) || $noscript_content) && (! $items)) {
 			
 			$r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1",
 				dbesc($item_hash)

Zotlabs/Module/Editblock.php

@@ -132,7 +132,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editblock');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Block'),

Zotlabs/Module/Editlayout.php

@@ -131,7 +131,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'profile_uid' => intval($owner),
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editlayout');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Layout'),

Zotlabs/Module/Editpost.php

@@ -102,7 +102,7 @@ class Editpost extends \Zotlabs\Web\Controller {
 			'bbcode' => true
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editpost');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),

Zotlabs/Module/Editwebpage.php

@@ -160,7 +160,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'bbcode' => (($mimetype  == 'text/bbcode') ? true : false)
 		);
 
-		$editor = status_editor($a, $x);
+		$editor = status_editor($a, $x, false, 'Editwebpage');
 
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit Webpage'),

Zotlabs/Module/Events.php

@@ -6,7 +6,7 @@ require_once('include/bbcode.php');
 require_once('include/datetime.php');
 require_once('include/event.php');
 require_once('include/items.php');
-
+require_once('include/html2plain.php');
 
 class Events extends \Zotlabs\Web\Controller {
 
@@ -271,8 +271,10 @@ class Events extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
+
+		\App::$profile_uid = local_channel();
 		nav_set_selected('Events');
+
 	
 		if((argc() > 2) && (argv(1) === 'ignore') && intval(argv(2))) {
 			$r = q("update event set dismissed = 1 where id = %d and uid = %d",
@@ -288,7 +290,7 @@ class Events extends \Zotlabs\Web\Controller {
 			);
 		}
 	
-		$first_day = get_pconfig(local_channel(),'system','cal_first_day');
+		$first_day = feature_enabled(local_channel(), 'events_cal_first_day');
 		$first_day = (($first_day) ? $first_day : 0);
 	
 		$htpl = get_markup_template('event_head.tpl');
@@ -641,6 +643,7 @@ class Events extends \Zotlabs\Web\Controller {
 					}
 					$html = format_event_html($rr);
 					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
+					$rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false);
 					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
 					$events[] = array(
 						'id'=>$rr['id'],
@@ -659,8 +662,6 @@ class Events extends \Zotlabs\Web\Controller {
 						'html'=>$html,
 						'plink' => array($rr['plink'],t('Link to Source'),'',''),
 					);
-	
-	
 				}
 			}
 			

Zotlabs/Module/Filestorage.php

@@ -128,7 +128,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				}
 			}
 
-			if(json_return)
+			if($json_return)
 				json_return_and_die([ 'success' => true ]);
 
 			goaway(dirname($url));

Zotlabs/Module/Group.php

@@ -1,11 +1,13 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
+
 require_once('include/group.php');
 
-
-
-class Group extends \Zotlabs\Web\Controller {
+class Group extends Controller {
 
 	function init() {
 		if(! local_channel()) {
@@ -13,7 +15,11 @@ class Group extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		\App::$profile_uid = local_channel();
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			return;
+		}
+
+		App::$profile_uid = local_channel();
 
 		nav_set_selected('Privacy Groups');
 	}
@@ -24,6 +30,10 @@ class Group extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			return;
+		}
 	
 		if((argc() == 2) && (argv(1) === 'new')) {
 			check_form_security_token_redirectOnErr('/group/new', 'group_edit');
@@ -43,7 +53,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() == 2) && (intval(argv(1)))) {
 			check_form_security_token_redirectOnErr('/group', 'group_edit');
 			
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);
@@ -57,7 +67,7 @@ class Group extends \Zotlabs\Web\Controller {
 			$public = intval($_POST['public']);
 	
 			if((strlen($groupname))  && (($groupname != $group['gname']) || ($public != $group['visible']))) {
-				$r = q("UPDATE groups SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
+				$r = q("UPDATE pgrp SET gname = '%s', visible = %d  WHERE uid = %d AND id = %d",
 					dbesc($groupname),
 					intval($public),
 					intval(local_channel()),
@@ -77,13 +87,22 @@ class Group extends \Zotlabs\Web\Controller {
 
 		$change = false;
 	
-		logger('mod_group: ' . \App::$cmd,LOGGER_DEBUG);
+		logger('mod_group: ' . App::$cmd,LOGGER_DEBUG);
 		
 		if(! local_channel()) {
 			notice( t('Permission denied') . EOL);
 			return;
 		}
 
+		if(! Apps::system_app_installed(local_channel(), 'Privacy Groups')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Privacy Groups App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Management of privacy groups');
+			return $o;
+		}
+
 		// Switch to text mode interface if we have more than 'n' contacts or group members
 		$switchtotext = get_pconfig(local_channel(),'system','groupedit_image_limit');
 		if($switchtotext === false)
@@ -96,7 +115,7 @@ class Group extends \Zotlabs\Web\Controller {
 
 			$new = (((argc() == 2) && (argv(1) === 'new')) ? true : false);
 
-			$groups = q("SELECT id, gname FROM groups WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			$groups = q("SELECT id, gname FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
 				intval(local_channel())
 			);
 
@@ -141,7 +160,7 @@ class Group extends \Zotlabs\Web\Controller {
 			check_form_security_token_redirectOnErr('/group', 'group_drop', 't');
 			
 			if(intval(argv(2))) {
-				$r = q("SELECT gname FROM groups WHERE id = %d AND uid = %d LIMIT 1",
+				$r = q("SELECT gname FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 					intval(argv(2)),
 					intval(local_channel())
 				);
@@ -173,7 +192,7 @@ class Group extends \Zotlabs\Web\Controller {
 		if((argc() > 1) && (intval(argv(1)))) {
 	
 			require_once('include/acl_selectors.php');
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d AND deleted = 0 LIMIT 1",
 				intval(argv(1)),
 				intval(local_channel())
 			);

Zotlabs/Module/Home.php

@@ -13,14 +13,12 @@ class Home extends \Zotlabs\Web\Controller {
 		$ret = array();
 	
 		call_hooks('home_init',$ret);
-	
+
 		$splash = ((argc() > 1 && argv(1) === 'splash') ? true : false);
 	
 		$channel = \App::get_channel();
 		if(local_channel() && $channel && $channel['xchan_url'] && ! $splash) {
-			$dest = $channel['channel_startpage'];
-			if(! $dest)
-				$dest = get_pconfig(local_channel(),'system','startpage');
+			$dest = (($ret['startpage']) ? $ret['startpage'] : '');
 			if(! $dest)
 				$dest = get_config('system','startpage');
 			if(! $dest)

Zotlabs/Module/Hq.php

@@ -138,7 +138,7 @@ class Hq extends \Zotlabs\Web\Controller {
 				[
 					'$no_messages' => (($target_item) ? false : true),
 					'$no_messages_label' => [ t('Welcome to Hubzilla!'), t('You have got no unseen posts...') ],
-					'$editor' => status_editor($a,$x)
+					'$editor' => status_editor($a,$x,false,'Hq')
 				]
 			);
 

Zotlabs/Module/Import.php

@@ -127,6 +127,15 @@ class Import extends \Zotlabs\Web\Controller {
 //
 //		}
 
+
+		// prevent incompatible osada or zap data from horking your database
+
+		if(array_path_exists('compatibility/codebase',$data)) {
+			notice('Data export format is not compatible with this software');
+			return;
+		}
+
+
 		if($moving)
 			$seize = 1;
 
@@ -426,9 +435,9 @@ class Import extends \Zotlabs\Web\Controller {
 				unset($group['id']);
 				$group['uid'] = $channel['channel_id'];
 
-				create_table_from_array('groups', $group);
+				create_table_from_array('pgrp', $group);
 			}
-			$r = q("select * from groups where uid = %d",
+			$r = q("select * from pgrp where uid = %d",
 				intval($channel['channel_id'])
 			);
 			if($r) {
@@ -448,7 +457,7 @@ class Import extends \Zotlabs\Web\Controller {
 					if($x['old'] == $group_member['gid'])
 						$group_member['gid'] = $x['new'];
 				}
-				create_table_from_array('group_member', $group_member);
+				create_table_from_array('pgrp_member', $group_member);
 			}
 		}
 

Zotlabs/Module/Invite.php

@@ -1,6 +1,10 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
 /**
  * module: invite.php
  *
@@ -9,7 +13,7 @@ namespace Zotlabs\Module;
  */
 
 
-class Invite extends \Zotlabs\Web\Controller {
+class Invite extends Controller {
 
 	function post() {
 	
@@ -17,6 +21,10 @@ class Invite extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
+
+		if(! Apps::system_app_installed(local_channel(), 'Invite')) {
+			return;
+		}
 	
 		check_form_security_token_redirectOnErr('/', 'send_invite');
 	
@@ -57,7 +65,7 @@ class Invite extends \Zotlabs\Web\Controller {
 			else
 				$nmessage = $message;
 	
-			$account = \App::get_account();
+			$account = App::get_account();
 	
 			$res = z_mail(
 				[ 
@@ -95,6 +103,15 @@ class Invite extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		if(! Apps::system_app_installed(local_channel(), 'Invite')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Invite App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Send email invitations to join this network');
+			return $o;
+		}
+
 		nav_set_selected('Invite');
 	
 		$tpl = get_markup_template('invite.tpl');
@@ -127,11 +144,11 @@ class Invite extends \Zotlabs\Web\Controller {
 				}
 			}
 	
-		$ob = \App::get_observer();
+		$ob = App::get_observer();
 		if(! $ob)
 			return $o;
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$o = replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("send_invite"),

Zotlabs/Module/Item.php

@@ -29,7 +29,7 @@ use \Zotlabs\Lib as Zlib;
 class Item extends \Zotlabs\Web\Controller {
 
 	function post() {
-	
+
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.
 	
@@ -237,10 +237,12 @@ class Item extends \Zotlabs\Web\Controller {
 		if($parent) {
 			logger('mod_item: item_post parent=' . $parent);
 			$can_comment = false;
-			if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self']))
-				$can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
-			else
-				$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
+
+			$can_comment = can_comment_on_post($observer['xchan_hash'],$parent_item);
+                        if (!$can_comment) {
+                                if((array_key_exists('owner',$parent_item)) && intval($parent_item['owner']['abook_self'])==1 )
+				        $can_comment = perm_is_allowed($profile_uid,$observer['xchan_hash'],'post_comments');
+                        }
 	
 			if(! $can_comment) {
 				notice( t('Permission denied.') . EOL) ;
@@ -533,7 +535,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 			// Look for tags and linkify them
 			$results = linkify_tags($a, $body, ($uid) ? $uid : $profile_uid);
-logger('linkify: ' . print_r($results,true));
+
 			if($results) {
 	
 				// Set permissions based on tag replacements
@@ -1163,28 +1165,6 @@ logger('linkify: ' . print_r($results,true));
 			return $ret;
 		} 
 
-		// auto-upgrade beginner (techlevel 0) accounts - if they have at least two friends and ten posts
-		// and have uploaded something (like a profile photo), promote them to level 1. 
-
-		$a = q("select account_id, account_level from account where account_id = (select channel_account_id from channel where channel_id = %d limit 1)",
-			intval($channel_id)
-		);
-		if((! intval($a[0]['account_level'])) && intval($r[0]['total']) > 10) {
-			$x = q("select count(abook_id) as total from abook where abook_channel = %d",
-				intval($channel_id)
-			);
-			if($x && intval($x[0]['total']) > 2) {
-				$y = q("select count(id) as total from attach where uid = %d",
-					intval($channel_id)
-				);
-				if($y && intval($y[0]['total']) > 1) {
-					q("update account set account_level = 1 where account_id = %d limit 1",
-						intval($a[0]['account_id'])
-					);
-				}
-			}
-		} 
-
 		if (!$iswebpage) {
 			$max = engr_units_to_bytes(service_class_fetch($channel_id,'total_items'));
 			if(! service_class_allows($channel_id,'total_items',$r[0]['total'])) {

Zotlabs/Module/Lang.php

@@ -1,13 +1,28 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
 
-class Lang extends \Zotlabs\Web\Controller {
+class Lang extends Controller {
 
 	function get() {
+
+		if(local_channel()) {
+			if(! Apps::system_app_installed(local_channel(), 'Language')) {
+				//Do not display any associated widgets at this point
+				App::$pdl = '';
+
+				$o = '<b>' . t('Language App') . ' (' . t('Not Installed') . '):</b><br>';
+				$o .= t('Change UI language');
+				return $o;
+			}
+		}
+
 		nav_set_selected('Language');
 		return lang_selector();
+
 	}
 	
-	
 }

Zotlabs/Module/Layouts.php

@@ -141,7 +141,7 @@ class Layouts extends \Zotlabs\Web\Controller {
 		if($_REQUEST['pagetitle'])
 			$x['pagetitle'] = $_REQUEST['pagetitle'];
 
-		$editor = status_editor($a,$x);
+		$editor = status_editor($a,$x,false,'Layouts');
 
 		$r = q("select iconfig.iid, iconfig.v, mid, title, body, mimetype, created, edited, item_type from iconfig 
 			left join item on iconfig.iid = item.id

Zotlabs/Module/Like.php

@@ -50,7 +50,7 @@ class Like extends \Zotlabs\Web\Controller {
 
 		$observer = \App::get_observer();
 		$interactive = $_REQUEST['interactive'];
-		if($interactive) {
+		if((! $observer) || ($interactive)) {
 			$o .= '<h1>' . t('Like/Dislike') . '</h1>';
 			$o .= EOL . EOL;
 	
@@ -249,6 +249,9 @@ class Like extends \Zotlabs\Web\Controller {
 			}
 		}
 		else {
+
+			if(! $observer)
+				killme();
 	
 			// this is used to like an item or comment
 	

Zotlabs/Module/Linkinfo.php

@@ -138,8 +138,8 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 		}
 	
 		$image = "";
-	
-		if(sizeof($siteinfo["images"]) > 0){
+
+		if(is_array($siteinfo["images"]) && count($siteinfo["images"])){
 			/* Execute below code only if image is present in siteinfo */
 	
 			$total_images = 0;
@@ -161,7 +161,7 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 				$total_images ++;
 				if($max_images && $max_images >= $total_images)
 					break;
-	        }
+			}
 		}
 	
 		if(strlen($text)) {
@@ -228,8 +228,13 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 	
 		$header = $result['header'];
 		$body   = $result['body'];
-	
-		$body   = mb_convert_encoding($body, 'UTF-8', 'UTF-8');
+		
+		// Check codepage in HTTP headers or HTML if not exist
+		$cp = (preg_match('/Content-Type: text\/html; charset=(.+)\r\n/i', $header, $o) ? $o[1] : '');
+		if(empty($cp))
+		    $cp = (preg_match('/meta.+content=["|\']text\/html; charset=([^"|\']+)/i', $body, $o) ? $o[1] : 'AUTO');
+
+		$body   = mb_convert_encoding($body, 'UTF-8', $cp);
 		$body   = mb_convert_encoding($body, 'HTML-ENTITIES', "UTF-8");
 	
 		$doc    = new \DOMDocument();
@@ -265,20 +270,43 @@ class Linkinfo extends \Zotlabs\Web\Controller {
 			$attr["content"] = html_entity_decode($attr["content"], ENT_QUOTES, "UTF-8");
 	
 			switch (strtolower($attr["name"])) {
-				case 'generator':
-					$siteinfo['generator'] = $attr['content'];
-					break;
 				case "fulltitle":
-					$siteinfo["title"] = $attr["content"];
+					$siteinfo["title"] = trim($attr["content"]);
 					break;
 				case "description":
-					$siteinfo["text"] = $attr["content"];
+					$siteinfo["text"] = trim($attr["content"]);
+					break;
+				case "thumbnail":
+					$siteinfo["image"] = $attr["content"];
+					break;
+				case "twitter:image":
+					$siteinfo["image"] = $attr["content"];
+					break;
+				case "twitter:image:src":
+					$siteinfo["image"] = $attr["content"];
+					break;
+				case "twitter:card":
+					if (($siteinfo["type"] == "") || ($attr["content"] == "photo")) {
+						$siteinfo["type"] = $attr["content"];
+					}
+					break;
+				case "twitter:description":
+					$siteinfo["text"] = trim($attr["content"]);
+					break;
+				case "twitter:title":
+					$siteinfo["title"] = trim($attr["content"]);
 					break;
 				case "dc.title":
-					$siteinfo["title"] = $attr["content"];
+					$siteinfo["title"] = trim($attr["content"]);
 					break;
 				case "dc.description":
-					$siteinfo["text"] = $attr["content"];
+					$siteinfo["text"] = trim($attr["content"]);
+					break;
+				case "keywords":
+					$keywords = explode(",", $attr["content"]);
+					break;
+				case "news_keywords":
+					$keywords = explode(",", $attr["content"]);
 					break;
 			}
 		}

Zotlabs/Module/Lockview.php

@@ -118,7 +118,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 		}
 
 		if(count($allowed_groups)) {
-			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
+			$r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $allowed_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<div class="dropdown-item"><b>' . $rr['gname'] . '</b></div>';
@@ -156,7 +156,7 @@ class Lockview extends \Zotlabs\Web\Controller {
 
 
 		if(count($deny_groups)) {
-			$r = q("SELECT gname FROM groups WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
+			$r = q("SELECT gname FROM pgrp WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<div class="dropdown-item"><b><strike>' . $rr['gname'] . '</strike></b></div>';

Zotlabs/Module/Magic.php

@@ -146,12 +146,17 @@ class Magic extends \Zotlabs\Web\Controller {
 				$dest = strip_zids($dest);
 				$dest = strip_query_param($dest,'f');
 
+				$data = json_encode([ 'OpenWebAuth' => random_string() ]);
+
 				$headers = [];
 				$headers['Accept'] = 'application/x-zot+json' ;
 				$headers['X-Open-Web-Auth'] = random_string();
+				$headers['Host'] = $parsed['host'];
+				$headers['Digest'] = 'SHA-256=' . \Zotlabs\Web\HTTPSig::generate_digest($data,false);
+
 				$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
 					'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
-				$x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
+				$x = z_post_url($basepath . '/owa',$data,$redirects,[ 'headers' => $headers ]);
 
 				if($x['success']) {
 					$j = json_decode($x['body'],true);

Zotlabs/Module/Mail.php

@@ -393,7 +393,7 @@ class Mail extends \Zotlabs\Web\Controller {
 				'delete' => t('Delete message'),
 				'dreport' => t('Delivery report'),
 				'recall' => t('Recall message'),
-				'can_recall' => (($channel['channel_hash'] == $message['from_xchan'] && get_account_techlevel() > 0) ? true : false),
+				'can_recall' => ($channel['channel_hash'] == $message['from_xchan']),
 				'is_recalled' => (intval($message['mail_recalled']) ? t('Message has been recalled.') : ''),
 				'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c'),
 			);

Zotlabs/Module/Manage.php

@@ -11,7 +11,7 @@ class Manage extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		nav_set_selected('Channel Manager');
+		nav_set_selected('Channel Manager', 'settings/manage');
 	
 		require_once('include/security.php');
 	
@@ -129,7 +129,7 @@ class Manage extends \Zotlabs\Web\Controller {
 			}
 
 		}			
-		
+
 		$r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0",
 			intval(get_account_id())
 		);
@@ -170,7 +170,7 @@ class Manage extends \Zotlabs\Web\Controller {
 			'$header'           => t('Channel Manager'),
 			'$msg_selected'     => t('Current Channel'),
 			'$selected'         => local_channel(),
-			'$desc'             => t('Switch to one of your channels by selecting it.'),
+			'$desc'             => ((count($channels) > 1 || $delegates) ? t('Switch to one of your channels by selecting it.') : ''),
 			'$msg_default'      => t('Default Channel'),
 			'$msg_make_default' => t('Make Default'),
 			'$create'           => $create,

Zotlabs/Module/Menu.php

@@ -213,7 +213,7 @@ class Menu extends \Zotlabs\Web\Controller {
 					'$header' => t('Edit Menu'),
 					'$sys' => \App::$is_sys,
 					'$menu_id' => intval(argv(2)),
-					'$menu_edit_link' => 'mitem/' . $which . '/' . intval(argv(1)) . ((\App::$is_sys) ? '?f=&sys=1' : ''),
+					'$menu_edit_link' => 'mitem/' . $which . '/' . intval(argv(2)) . ((\App::$is_sys) ? '?f=&sys=1' : ''),
 					'$hintedit' => t('Add or remove entries to this menu'),
 					'$editcontents' => t('Edit menu contents'),
 					'$menu_name' => array('menu_name', t('Menu name'), $m['menu_name'], t('Must be unique, only seen by you'), '*'),

Zotlabs/Module/Mood.php

@@ -1,21 +1,29 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
 require_once('include/security.php');
 require_once('include/bbcode.php');
 require_once('include/items.php');
 
 
 
-class Mood extends \Zotlabs\Web\Controller {
+class Mood extends Controller {
 
 	function init() {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Mood')) {
+			return;
+		}
 	
 		$uid = local_channel();
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		$verb = notags(trim($_GET['verb']));
 		
 		if(! $verb) 
@@ -60,7 +68,7 @@ class Mood extends \Zotlabs\Web\Controller {
 			$deny_gid      =  $channel['channel_deny_gid'];
 		}
 	
-		$poster = \App::get_observer();
+		$poster = App::get_observer();
 	
 		$mid = item_message_id();
 	
@@ -117,6 +125,15 @@ class Mood extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		if(! Apps::system_app_installed(local_channel(), 'Mood')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Mood App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Set your current mood and tell your friends');
+			return $o;
+		}
+
 		nav_set_selected('Mood');
 
 		$parent = ((x($_GET,'parent')) ? intval($_GET['parent']) : '0');

Zotlabs/Module/Network.php

@@ -1,6 +1,8 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+
 require_once('include/items.php');
 require_once('include/group.php');
 require_once('include/contact_widgets.php');
@@ -25,8 +27,8 @@ class Network extends \Zotlabs\Web\Controller {
 				goaway('network' . '?f=&' . $network_options);
 		}
 	
-		$channel = \App::get_channel();
-		\App::$profile_uid = local_channel();
+		$channel = App::get_channel();
+		App::$profile_uid = local_channel();
 		head_set_icon($channel['xchan_photo_s']);
 	
 	}
@@ -34,7 +36,7 @@ class Network extends \Zotlabs\Web\Controller {
 	function get($update = 0, $load = false) {
 	
 		if(! local_channel()) {
-			$_SESSION['return_url'] = \App::$query_string;
+			$_SESSION['return_url'] = App::$query_string;
 			return login(false);
 		}
 	
@@ -44,11 +46,11 @@ class Network extends \Zotlabs\Web\Controller {
 			$_SESSION['loadtime'] = datetime_convert();
 		}
 
-		$arr = array('query' => \App::$query_string);
+		$arr = array('query' => App::$query_string);
 	
 		call_hooks('network_content_init', $arr);
 	
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 		$item_normal = item_normal();
 		$item_normal_update = item_normal_update();
 	
@@ -82,20 +84,9 @@ class Network extends \Zotlabs\Web\Controller {
 
 		$search = (($_GET['search']) ? $_GET['search'] : '');
 		if($search) {
-			$_GET['netsearch'] = escape_tags($search);
-			if(strpos($search,'@') === 0) {
-				$r = q("select abook_id from abook left join xchan on abook_xchan = xchan_hash where xchan_name = '%s' and abook_channel = %d limit 1",
-					dbesc(substr($search,1)),
-					intval(local_channel())
-				);
-				if($r) {
-					$_GET['cid'] = $r[0]['abook_id'];
-					$search = $_GET['search'] = '';
-				}
-			}
-			elseif(strpos($search,'#') === 0) {
+			if(strpos($search,'#') === 0) {
 				$hashtags = substr($search,1);
-				$search = $_GET['search'] = '';
+				$search = '';
 			}
 		}
 	
@@ -106,7 +97,7 @@ class Network extends \Zotlabs\Web\Controller {
 		// filter by collection (e.g. group)
 	
 		if($gid) {
-			$r = q("SELECT * FROM groups WHERE id = %d AND uid = %d LIMIT 1",
+			$r = q("SELECT * FROM pgrp WHERE id = %d AND uid = %d LIMIT 1",
 				intval($gid),
 				intval(local_channel())
 			);
@@ -137,11 +128,12 @@ class Network extends \Zotlabs\Web\Controller {
 		$xchan    = ((x($_GET,'xchan')) ? $_GET['xchan']         : '');
 		$net      = ((x($_GET,'net'))   ? $_GET['net']           : '');
 		$pf       = ((x($_GET,'pf'))    ? $_GET['pf']            : '');
+		$unseen   = ((x($_GET,'unseen'))    ? $_GET['unseen']            : '');
 		
 		$deftag = '';
 	
 
-		if(x($_GET,'search') || $file || (!$pf && $cid))
+		if(x($_GET,'search') || $file || (!$pf && $cid) || $hashtags || $verb || $category || $conv || $unseen)
 			$nouveau = true;
 
 		if($cid) {
@@ -165,17 +157,15 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 	
 		if(! $update) {
-			$tabs = ''; //network_tabs();
-			$o .= $tabs;
 	
 			// search terms header
-			if($search) {
+			if($search || $hashtags) {
 				$o .= replace_macros(get_markup_template("section_title.tpl"),array(
-					'$title' => t('Search Results For:') . ' ' . htmlspecialchars($search, ENT_COMPAT,'UTF-8')
+					'$title' => t('Search Results For:') . ' ' . (($search) ? htmlspecialchars($search, ENT_COMPAT,'UTF-8') : '#' . htmlspecialchars($hashtags, ENT_COMPAT,'UTF-8'))
 				));
 			}
 	
-			nav_set_selected('Grid');
+			nav_set_selected('Network');
 
 			$channel_acl = array(
 				'allow_cid' => $channel['channel_allow_cid'], 
@@ -207,7 +197,7 @@ class Network extends \Zotlabs\Web\Controller {
 				$x['pretext'] = $deftag;
 	
 	
-			$status_editor = status_editor($a,$x);
+			$status_editor = status_editor($a,$x,false,'Network');
 			$o .= $status_editor;
 
 			$static = channel_manual_conv_update(local_channel());
@@ -231,6 +221,7 @@ class Network extends \Zotlabs\Web\Controller {
 		$sql_extra = '';
 	
 		if($group) {
+
 			$contact_str = '';
 			$contacts = group_get_members($group);
 			if($contacts) {
@@ -243,7 +234,6 @@ class Network extends \Zotlabs\Web\Controller {
 				}
 			}
 			$item_thread_top = '';
-
 			$sql_extra = " AND item.parent IN ( SELECT DISTINCT parent FROM item WHERE true $sql_options AND (( author_xchan IN ( $contact_str ) OR owner_xchan in ( $contact_str )) or allow_gid like '" . protect_sprintf('%<' . dbesc($group_hash) . '>%') . "' ) and id = parent $item_normal ) ";
 	
 			$x = group_rec_byhash(local_channel(), $group_hash);
@@ -254,8 +244,7 @@ class Network extends \Zotlabs\Web\Controller {
 				));
 			}
 	
-			$o = $tabs;
-			$o .= $title;
+			$o = $title;
 			$o .= $status_editor;
 	
 		}
@@ -264,15 +253,39 @@ class Network extends \Zotlabs\Web\Controller {
 
 			if($load || $update) {
 				if(!$pf && $nouveau) {
+					// This is for nouveau view cid queries (not a public forum)
 					$sql_extra = " AND author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ";
 				}
+				elseif($pf && $unseen && $nouveau) {
+
+					$vnotify = get_pconfig(local_channel(), 'system', 'vnotify');
+					if(! ($vnotify & VNOTIFY_LIKE))
+						$likes_sql = " AND verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
+
+					// This is for nouveau view public forum cid queries (if a forum notification is clicked)
+					$p = q("SELECT oid AS parent FROM term WHERE uid = %d AND ttype = %d AND term = '%s'",
+						intval(local_channel()),
+						intval(TERM_FORUM),
+						dbesc($cid_r[0]['xchan_name'])
+					);
+
+					$p_str = ids_to_querystr($p, 'parent');
+					if($p_str)
+						$p_sql = " OR item.parent IN ( $p_str ) ";
+
+					$sql_extra = " AND ( owner_xchan = '" . protect_sprintf(dbesc($cid_r[0]['abook_xchan'])) . "' OR owner_xchan = '" . protect_sprintf(dbesc($cid_r[0]['abook_xchan'])) . "' $p_sql ) AND item_unseen = 1 $likes_sql ";
+				}
 				else {
+					// This is for threaded view cid queries (e.g. if a forum is selected from the forum filter)
 					$ttype = (($pf) ? TERM_FORUM : TERM_MENTION);
 
 					$p1 = q("SELECT DISTINCT parent FROM item WHERE uid = " . intval(local_channel()) . " AND ( author_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' OR owner_xchan = '" . dbesc($cid_r[0]['abook_xchan']) . "' ) $item_normal ");
 					$p2 = q("SELECT oid AS parent FROM term WHERE uid = " . intval(local_channel()) . " AND ttype = $ttype AND term = '" . dbesc($cid_r[0]['xchan_name']) . "'");
 
 					$p_str = ids_to_querystr(array_merge($p1,$p2),'parent');
+					if(! $p_str)
+						killme();
+
 					$sql_extra = " AND item.parent IN ( $p_str ) ";
 				}
 			}
@@ -281,8 +294,7 @@ class Network extends \Zotlabs\Web\Controller {
 				'$title' => '<a href="' . zid($cid_r[0]['xchan_url']) . '" ><img src="' . zid($cid_r[0]['xchan_photo_s'])  . '" alt="' . urlencode($cid_r[0]['xchan_name']) . '" /></a> <a href="' . zid($cid_r[0]['xchan_url']) . '" >' . $cid_r[0]['xchan_name'] . '</a>'
 			));
 
-			$o = $tabs;
-			$o .= $title;
+			$o = $title;
 			$o .= $status_editor;
 		}
 		elseif($xchan) {
@@ -295,8 +307,8 @@ class Network extends \Zotlabs\Web\Controller {
 				$title = replace_macros(get_markup_template("section_title.tpl"),array(
 					'$title' => '<a href="' . zid($r[0]['xchan_url']) . '" ><img src="' . zid($r[0]['xchan_photo_s'])  . '" alt="' . urlencode($r[0]['xchan_name']) . '" /></a> <a href="' . zid($r[0]['xchan_url']) . '" >' . $r[0]['xchan_name'] . '</a>'
 				));
-				$o = $tabs;
-				$o .= $title;
+
+				$o = $title;
 				$o .= $status_editor;
 
 			}
@@ -326,10 +338,10 @@ class Network extends \Zotlabs\Web\Controller {
 	
 			$o .= '<div id="live-network"></div>' . "\r\n";
 			$o .= "<script> var profile_uid = " . local_channel() 
-				. "; var profile_page = " . \App::$pager['page'] 
+				. "; var profile_page = " . App::$pager['page'] 
 				. "; divmore_height = " . intval($maxheight) . "; </script>\r\n";
 	
-			\App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
+			App::$page['htmlhead'] .= replace_macros(get_markup_template("build_query.tpl"),array(
 				'$baseurl' => z_root(),
 				'$pgtype'  => 'network',
 				'$uid'     => ((local_channel()) ? local_channel() : '0'),
@@ -346,7 +358,7 @@ class Network extends \Zotlabs\Web\Controller {
 				'$wall'    => '0',
 				'$static'  => $static, 
 				'$list'    => ((x($_REQUEST,'list')) ? intval($_REQUEST['list']) : 0),
-				'$page'    => ((\App::$pager['page'] != 1) ? \App::$pager['page'] : 1),
+				'$page'    => ((App::$pager['page'] != 1) ? App::$pager['page'] : 1),
 				'$search'  => (($search) ? $search : ''),
 				'$xchan'   => $xchan,
 				'$order'   => $order,
@@ -358,7 +370,8 @@ class Network extends \Zotlabs\Web\Controller {
 				'$verb'    => $verb,
 				'$net'     => $net,
 				'$dbegin'  => $datequery2,
-				'$pf'     => (($pf) ? $pf : '0'),
+				'$pf'      => (($pf) ? $pf : '0'),
+				'$unseen'  => $unseen
 			));
 		}
 	
@@ -380,7 +393,8 @@ class Network extends \Zotlabs\Web\Controller {
 				$sql_extra .= term_query('item',substr($search,1),TERM_HASHTAG,TERM_COMMUNITYTAG);
 			}
 			else {
-				$sql_extra .= sprintf(" AND item.body like '%s' ",
+				$sql_extra .= sprintf(" AND (item.body like '%s' OR item.title like '%s') ",
+					dbesc(protect_sprintf('%' . $search . '%')),
 					dbesc(protect_sprintf('%' . $search . '%'))
 				);
 			}
@@ -398,15 +412,7 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		if($conv) {
 			$item_thread_top = '';
-
-			if($nouveau) {
-				$sql_extra .= " AND author_xchan = '" . dbesc($channel['channel_hash']) . "' ";
-			}
-			else {
-				$sql_extra .= sprintf(" AND parent IN (SELECT distinct(parent) from item where ( author_xchan = '%s' or item_mentionsme = 1 )) ",
-					dbesc(protect_sprintf($channel['channel_hash']))
-				);
-			}
+			$sql_extra .= " AND ( author_xchan = '" . dbesc($channel['channel_hash']) . "' OR item_mentionsme = 1 ) ";
 		}
 	
 		if($update && ! $load) {
@@ -417,8 +423,8 @@ class Network extends \Zotlabs\Web\Controller {
 		}
 		else {
 			$itemspage = get_pconfig(local_channel(),'system','itemspage');
-			\App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
-			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']), intval(\App::$pager['start']));
+			App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+			$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));
 		}
 	
 		// cmin and cmax are both -1 when the affinity tool is disabled
@@ -449,13 +455,15 @@ class Network extends \Zotlabs\Web\Controller {
 		$abook_uids = " and abook.abook_channel = " . local_channel() . " ";
 		$uids = " and item.uid = " . local_channel() . " ";
 	
-		if(get_pconfig(local_channel(),'system','network_list_mode'))
+		if(feature_enabled(local_channel(), 'network_list_mode'))
 			$page_mode = 'list';
 		else
 			$page_mode = 'client';
-	
-		$simple_update = (($update) ? " and item_unseen = 1 " : '');
 
+		$parents_str = '';
+		$update_unseen = '';
+
+		$simple_update = (($update) ? " and item_unseen = 1 " : '');
 
 		// This fixes a very subtle bug so I'd better explain it. You wake up in the morning or return after a day
 		// or three and look at your matrix page - after opening up your browser. The first page loads just as it
@@ -471,15 +479,15 @@ class Network extends \Zotlabs\Web\Controller {
 	
 		if($update && $_SESSION['loadtime'])
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
-		if($load)
-			$simple_update = '';
+
+               if($load)
+                       $simple_update = '';
 
 		if($static && $simple_update)
 			$simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' ";	
 	
 		if($nouveau && $load) {
 			// "New Item View" - show all items unthreaded in reverse created date order
-	
 			$items = q("SELECT item.*, item.id AS item_id, created FROM item 
 				left join abook on ( item.owner_xchan = abook.abook_xchan $abook_uids )
 				$net_query
@@ -490,7 +498,12 @@ class Network extends \Zotlabs\Web\Controller {
 				$net_query2
 				ORDER BY item.created DESC $pager_sql "
 			);
-	
+
+			$parents_str = ids_to_querystr($items,'item_id');
+			if($parents_str) {
+				$update_unseen = " AND id IN ( " . dbesc($parents_str) . " )";
+			}
+
 			require_once('include/items.php');
 	
 			xchan_query($items);
@@ -533,8 +546,6 @@ class Network extends \Zotlabs\Web\Controller {
 			}
 
 			// Then fetch all the children of the parents that are on this page
-			$parents_str = '';
-			$update_unseen = '';
 	
 			if($r) {
 	

Zotlabs/Module/New_channel.php

@@ -134,7 +134,7 @@ class New_channel extends \Zotlabs\Web\Controller {
 		$default_role = '';
 		$aid = get_account_id();
 		if($aid) {
-			$r = q("select count(channel_id) as total from channel where channel_account_id = %d",
+			$r = q("select count(channel_id) as total from channel where channel_account_id = %d and channel_removed = 0",
 				intval($aid)
 			);
 			if($r && (! intval($r[0]['total']))) {
@@ -142,9 +142,12 @@ class New_channel extends \Zotlabs\Web\Controller {
 			}
 	
 			$limit = account_service_class_fetch(get_account_id(),'total_identities');
-	
+			$canadd = true;
 			if($r && ($limit !== false)) {
 				$channel_usage_message = sprintf( t("You have created %1$.0f of %2$.0f allowed channels."), $r[0]['total'], $limit);
+				if ($r[0]['total'] > $limit) {
+					$canadd = false;
+				}
 			}
 			else {
 				$channel_usage_message = '';
@@ -168,8 +171,6 @@ class New_channel extends \Zotlabs\Web\Controller {
 		$privacy_role = ((x($_REQUEST,'permissions_role')) ? $_REQUEST['permissions_role'] :  "" );
 
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
-		if((get_account_techlevel() < 4) && $privacy_role !== 'custom')
-			unset($perm_roles[t('Other')]);
 
 		$name = array('name', t('Channel name'), ((x($_REQUEST,'name')) ? $_REQUEST['name'] : ''), $name_help, "*");
 		$nickhub = '@' . \App::get_hostname();
@@ -186,7 +187,8 @@ class New_channel extends \Zotlabs\Web\Controller {
 			'$nickname'     => $nickname,
 			'$validate'     => t('Validate'),
 			'$submit'       => t('Create'),
-			'$channel_usage_message' => $channel_usage_message
+			'$channel_usage_message' => $channel_usage_message,
+			'$canadd'	=> $canadd
 		));
 	
 		return $o;

Zotlabs/Module/Notes.php

@@ -1,13 +1,19 @@
 <?php
 namespace Zotlabs\Module; /** @file */
 
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
 
-class Notes extends \Zotlabs\Web\Controller {
+class Notes extends Controller {
 
-	function init() {
+	function post() {
 	
 		if(! local_channel())
-			return;
+			return EMPTY_STR;
+
+		if(! Apps::system_app_installed(local_channel(), 'Notes'))
+			return EMPTY_STR;
 	
 		$ret = array('success' => true);
 		if(array_key_exists('note_text',$_REQUEST)) {
@@ -24,17 +30,38 @@ class Notes extends \Zotlabs\Web\Controller {
 			}
 			set_pconfig(local_channel(),'notes','text',$body);
 		}
-	
+
 		// push updates to channel clones
-	
+
 		if((argc() > 1) && (argv(1) === 'sync')) {
 			require_once('include/zot.php');
 			build_sync_packet();
 		}
-	
+
 		logger('notes saved.', LOGGER_DEBUG);
 		json_return_and_die($ret);
-		
+
+	}
+
+	function get() {
+
+		if(! local_channel())
+			return EMPTY_STR;
+
+		if(! Apps::system_app_installed(local_channel(), 'Notes')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = EMPTY_STR;
+
+			$o = '<b>' . t('Notes App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('A simple notes app with a widget (note: notes are not encrypted)');
+			return $o;
+		}
+
+		$w = new \Zotlabs\Widget\Notes;
+		$arr = ['app' => true];
+
+		return $w->widget($arr);
+
 	}
 	
 }

Zotlabs/Module/Oauth.php

@@ -1,27 +1,37 @@
 <?php
 
-namespace Zotlabs\Module\Settings;
+namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
 
-class Oauth {
+class Oauth extends Controller {
 
 
 	function post() {
+
+		if(! local_channel())
+			return;
+
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth Apps Manager'))
+			return;
 	
 		if(x($_POST,'remove')){
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+			check_form_security_token_redirectOnErr('/oauth', 'oauth');
 			
 			$key = $_POST['remove'];
 			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
 				dbesc($key),
 				local_channel());
-			goaway(z_root()."/settings/oauth/");
+			goaway(z_root()."/oauth");
 			return;			
 		}
 	
-		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
+		if((argc() > 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) {
 			
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
+			check_form_security_token_redirectOnErr('oauth', 'oauth');
 			
 			$name   	= ((x($_POST,'name')) ? escape_tags($_POST['name']) : '');
 			$key		= ((x($_POST,'key')) ? escape_tags($_POST['key']) : '');
@@ -73,17 +83,30 @@ class Oauth {
 					);
 				}
 			}
-			goaway(z_root()."/settings/oauth/");
+			goaway(z_root()."/oauth");
 			return;
 		}
 	}
 
 	function get() {
+
+		if(! local_channel())
+			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth Apps Manager')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('OAuth Apps Manager App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('OAuth authentication tokens for mobile and remote apps');
+			return $o;
+		}
+
 			
-		if((argc() > 2) && (argv(2) === 'add')) {
-			$tpl = get_markup_template("settings_oauth_edit.tpl");
+		if((argc() > 1) && (argv(1) === 'add')) {
+			$tpl = get_markup_template("oauth_edit.tpl");
 			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth"),
+				'$form_security_token' => get_form_security_token("oauth"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Submit'),
 				'$cancel'	=> t('Cancel'),
@@ -96,9 +119,9 @@ class Oauth {
 			return $o;
 		}
 			
-		if((argc() > 3) && (argv(2) === 'edit')) {
+		if((argc() > 2) && (argv(1) === 'edit')) {
 			$r = q("SELECT * FROM clients WHERE client_id='%s' AND uid=%d",
-					dbesc(argv(3)),
+					dbesc(argv(2)),
 					local_channel());
 			
 			if (!count($r)){
@@ -107,9 +130,9 @@ class Oauth {
 			}
 			$app = $r[0];
 				
-			$tpl = get_markup_template("settings_oauth_edit.tpl");
+			$tpl = get_markup_template("oauth_edit.tpl");
 			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth"),
+				'$form_security_token' => get_form_security_token("oauth"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Update'),
 				'$cancel'	=> t('Cancel'),
@@ -122,13 +145,13 @@ class Oauth {
 			return $o;
 		}
 			
-		if((argc() > 3) && (argv(2) === 'delete')) {
-			check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth', 't');
+		if((argc() > 2) && (argv(1) === 'delete')) {
+			check_form_security_token_redirectOnErr('/oauth', 'oauth', 't');
 			
 			$r = q("DELETE FROM clients WHERE client_id='%s' AND uid=%d",
-					dbesc(argv(3)),
+					dbesc(argv(2)),
 					local_channel());
-			goaway(z_root()."/settings/oauth/");
+			goaway(z_root()."/oauth");
 			return;			
 		}
 			
@@ -141,11 +164,11 @@ class Oauth {
 				local_channel());
 		
 			
-		$tpl = get_markup_template("settings_oauth.tpl");
+		$tpl = get_markup_template("oauth.tpl");
 		$o .= replace_macros($tpl, array(
-			'$form_security_token' => get_form_security_token("settings_oauth"),
+			'$form_security_token' => get_form_security_token("oauth"),
 			'$baseurl'	=> z_root(),
-			'$title'	=> t('Connected Apps'),
+			'$title'	=> t('Connected OAuth Apps'),
 			'$add'		=> t('Add application'),
 			'$edit'		=> t('Edit'),
 			'$delete'		=> t('Delete'),
@@ -158,4 +181,4 @@ class Oauth {
 			
 	}
 
-}
+}

Zotlabs/Module/Oauth2.php

@@ -1,28 +1,46 @@
 <?php
 
-namespace Zotlabs\Module\Settings;
+namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
 
-class Oauth2 {
+class Oauth2 extends Controller {
 
 
 	function post() {
+
+		if(! local_channel())
+			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager'))
+			return;
 	
 		if(x($_POST,'remove')){
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
-			
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2');
+			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
+		logger("REMOVE! ".$name." uid: ".local_channel());	
 			$key = $_POST['remove'];
-			q("DELETE FROM tokens WHERE id='%s' AND uid=%d",
-				dbesc($key),
+			q("DELETE FROM oauth_authorization_codes WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
 				intval(local_channel())
 			);
-			goaway(z_root()."/settings/oauth2/");
+			q("DELETE FROM oauth_access_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			q("DELETE FROM oauth_refresh_tokens WHERE client_id='%s' AND user_id=%d",
+				dbesc($name),
+				intval(local_channel())
+			);
+			goaway(z_root()."/oauth2");
 			return;			
 		}
 	
-		if((argc() > 2) && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST,'submit')) {
+		if((argc() > 1) && (argv(1) === 'edit' || argv(1) === 'add') && x($_POST,'submit')) {
 			
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2');
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2');
 			
 			$name   	= ((x($_POST,'name')) ? escape_tags(trim($_POST['name'])) : '');
 			$secret		= ((x($_POST,'secret')) ? escape_tags(trim($_POST['secret'])) : '');
@@ -45,14 +63,15 @@ class Oauth2 {
 								grant_types = '%s',
 								scope = '%s', 
 								user_id = %d
-							WHERE client_id='%s'",
+							WHERE client_id='%s' and user_id = %s",
 							dbesc($name),
 							dbesc($secret),
 							dbesc($redirect),
 							dbesc($grant),
 							dbesc($scope),
 							intval(local_channel()),
-							dbesc($name));
+							dbesc($name),
+                                                        intval(local_channel()));
 				} else {
 					$r = q("INSERT INTO oauth_clients (client_id, client_secret, redirect_uri, grant_types, scope, user_id)
 						VALUES ('%s','%s','%s','%s','%s',%d)",
@@ -70,17 +89,29 @@ class Oauth2 {
 					);
 				}
 			}
-			goaway(z_root()."/settings/oauth2/");
+			goaway(z_root()."/oauth2");
 			return;
 		}
 	}
 
 	function get() {
+
+		if(! local_channel())
+			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'OAuth2 Apps Manager')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('OAuth2 Apps Manager App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('OAuth2 authenticatication tokens for mobile and remote apps');
+			return $o;
+		}
 			
-		if((argc() > 2) && (argv(2) === 'add')) {
-			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+		if((argc() > 1) && (argv(1) === 'add')) {
+			$tpl = get_markup_template("oauth2_edit.tpl");
 			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$form_security_token' => get_form_security_token("oauth2"),
 				'$title'	=> t('Add OAuth2 application'),
 				'$submit'	=> t('Submit'),
 				'$cancel'	=> t('Cancel'),
@@ -93,9 +124,9 @@ class Oauth2 {
 			return $o;
 		}
 			
-		if((argc() > 3) && (argv(2) === 'edit')) {
+		if((argc() > 2) && (argv(1) === 'edit')) {
 			$r = q("SELECT * FROM oauth_clients WHERE client_id='%s' AND user_id= %d",
-					dbesc(argv(3)),
+					dbesc(argv(2)),
 					intval(local_channel())
 			);
 			
@@ -106,44 +137,57 @@ class Oauth2 {
 
 			$app = $r[0];
 				
-			$tpl = get_markup_template("settings_oauth2_edit.tpl");
+			$tpl = get_markup_template("oauth2_edit.tpl");
 			$o .= replace_macros($tpl, array(
-				'$form_security_token' => get_form_security_token("settings_oauth2"),
+				'$form_security_token' => get_form_security_token("oauth2"),
 				'$title'	=> t('Add application'),
 				'$submit'	=> t('Update'),
 				'$cancel'	=> t('Cancel'),
 				'$name'		=> array('name', t('Name'), $app['client_id'], t('Name of application')),
 				'$secret'	=> array('secret', t('Consumer Secret'), $app['client_secret'], t('Automatically generated - change if desired. Max length 20')),
 				'$redirect'	=> array('redirect', t('Redirect'), $app['redirect_uri'], t('Redirect URI - leave blank unless your application specifically requires this')),
-				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application sepcifically requires this')),
-				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application sepcifically requires this')),
+				'$grant'     => array('grant', t('Grant Types'), $app['grant_types'], t('leave blank unless your application specifically requires this')),
+				'$scope'     => array('scope', t('Authorization scope'), $app['scope'], t('leave blank unless your application specifically requires this')),
 			));
 			return $o;
 		}
 			
-		if((argc() > 3) && (argv(2) === 'delete')) {
-			check_form_security_token_redirectOnErr('/settings/oauth2', 'settings_oauth2', 't');
+		if((argc() > 2) && (argv(1) === 'delete')) {
+			check_form_security_token_redirectOnErr('oauth2', 'oauth2', 't');
 			
 			$r = q("DELETE FROM oauth_clients WHERE client_id = '%s' AND user_id = %d",
-					dbesc(argv(3)),
+					dbesc(argv(2)),
 					intval(local_channel())
 			);
-			goaway(z_root()."/settings/oauth2/");
+			$r = q("DELETE FROM oauth_access_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_authorization_codes WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			$r = q("DELETE FROM oauth_refresh_tokens WHERE client_id = '%s' AND user_id = %d",
+					dbesc(argv(2)),
+					intval(local_channel())
+			);
+			goaway(z_root()."/oauth2");
 			return;			
 		}
 			
 
 		$r = q("SELECT oauth_clients.*, oauth_access_tokens.access_token as oauth_token, (oauth_clients.user_id = %d) AS my 
 				FROM oauth_clients
-				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id
+				LEFT JOIN oauth_access_tokens ON oauth_clients.client_id=oauth_access_tokens.client_id AND
+                                                                 oauth_clients.user_id=oauth_access_tokens.user_id
 				WHERE oauth_clients.user_id IN (%d,0)",
 				intval(local_channel()),
 				intval(local_channel())
 		);
 			
-		$tpl = get_markup_template("settings_oauth2.tpl");
+		$tpl = get_markup_template("oauth2.tpl");
 		$o .= replace_macros($tpl, array(
-			'$form_security_token' => get_form_security_token("settings_oauth2"),
+			'$form_security_token' => get_form_security_token("oauth2"),
 			'$baseurl'	=> z_root(),
 			'$title'	=> t('Connected OAuth2 Apps'),
 			'$add'		=> t('Add application'),

Zotlabs/Module/Oauthinfo.php

@@ -5,19 +5,17 @@ namespace Zotlabs\Module;
 
 class Oauthinfo extends \Zotlabs\Web\Controller {
 
-
 	function init() {
 
 		$ret = [
 			'issuer'                   => z_root(),
 			'authorization_endpoint'   => z_root() . '/authorize',
 			'token_endpoint'           => z_root() . '/token',
+			'userinfo_endpoint'        => z_root() . '/userinfo',
+			'scopes_supported'         => [ 'openid', 'profile', 'email' ],
 			'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] 
 		];
 
-
 		json_return_and_die($ret);
 	}
-
-
 }

Zotlabs/Module/Oep.php

@@ -181,7 +181,7 @@ class Oep extends \Zotlabs\Web\Controller {
 			dbesc($res)
 		);
 		if($r) {
-			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+			$sql_extra .= " and item.id = " . intval($r[0]['iid']) . " ";
 		}
 		else {
 			return $ret;
@@ -194,6 +194,9 @@ class Oep extends \Zotlabs\Web\Controller {
 			intval(ITEM_TYPE_CARD)
 		);
 
+		if(! $r)
+			return;
+
 		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
 			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
 			and item.item_blocked = 0 ";
@@ -255,7 +258,6 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $channel)
 			return $ret;
 
-
 		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
 			return $ret;
 
@@ -265,7 +267,7 @@ class Oep extends \Zotlabs\Web\Controller {
 			dbesc($res)
 		);
 		if($r) {
-			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+			$sql_extra .= " and item.id = " . intval($r[0]['iid']) . " ";
 		}
 		else {
 			return $ret;
@@ -278,6 +280,9 @@ class Oep extends \Zotlabs\Web\Controller {
 			intval(ITEM_TYPE_ARTICLE)
 		);
 
+		if(! $r)
+			return;
+
 		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,7) and item.item_deleted = 0
 			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
 			and item.item_blocked = 0 ";

Zotlabs/Module/Owa.php

@@ -31,21 +31,23 @@ class Owa extends \Zotlabs\Web\Controller {
 
 					if($keyId) {
 						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
-							where hubloc_addr = '%s' ",
-							dbesc(str_replace('acct:','',$keyId))
+							where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+							dbesc(str_replace('acct:','',$keyId)),
+							dbesc($keyId)
 						);
 						if(! $r) {
 							$found = discover_by_webbie(str_replace('acct:','',$keyId));
 							if($found) {
 								$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
-									where hubloc_addr = '%s' ",
-									dbesc(str_replace('acct:','',$keyId))
+									where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+									dbesc(str_replace('acct:','',$keyId)),
+									dbesc($keyId)
 								);
 							}
 						}
 						if($r) {
 							foreach($r as $hubloc) {
-								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
+								$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);	
 								if($verified && $verified['header_signed'] && $verified['header_valid']) {
 									logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);	
 									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);

Zotlabs/Module/Pconfig.php

@@ -13,14 +13,20 @@ class Pconfig extends \Zotlabs\Web\Controller {
 			return;
 	
 	
-	   if($_SESSION['delegate'])
-	        return;
+		if($_SESSION['delegate'])
+			return;
 	
 		check_form_security_token_redirectOnErr('/pconfig', 'pconfig');
 	
 		$cat = trim(escape_tags($_POST['cat']));
 		$k = trim(escape_tags($_POST['k']));
 		$v = trim($_POST['v']);
+		$aj = intval($_POST['aj']);
+
+		// Do not store "serialized" data received in the $_POST
+		if (preg_match('|^a:[0-9]+:{.*}$|s',$v) || preg_match('O:8:"stdClass":[0-9]+:{.*}$|s',$v)) {
+			return;
+		}
 	
 		if(in_array(argv(2),$this->disallowed_pconfig())) {
 			notice( t('This setting requires special processing and editing has been blocked.') . EOL);
@@ -33,9 +39,12 @@ class Pconfig extends \Zotlabs\Web\Controller {
 	
 		set_pconfig(local_channel(),$cat,$k,$v);
 		build_sync_packet();
-	
-		goaway(z_root() . '/pconfig/' . $cat . '/' .  $k);
-	
+
+		if($aj)
+			killme();
+		else
+			goaway(z_root() . '/pconfig/' . $cat . '/' .  $k);
+
 	}
 	
 	

Zotlabs/Module/Pdledit.php

@@ -1,15 +1,20 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
 
-class Pdledit extends \Zotlabs\Web\Controller {
+class Pdledit extends Controller {
 
 	function post() {
 		if(! local_channel())
 			return;
-		if(! $_REQUEST['module'])
+
+		if(! Apps::system_app_installed(local_channel(), 'PDL Editor'))
 			return;
-		if(! feature_enabled(local_channel(),'advanced_theming'))
+
+		if(! $_REQUEST['module'])
 			return;
 
 		if(! trim($_REQUEST['content'])) {
@@ -30,9 +35,13 @@ class Pdledit extends \Zotlabs\Web\Controller {
 			return;
 		}
 
-		if(! feature_enabled(local_channel(),'advanced_theming')) {
-			notice( t('Feature disabled.') . EOL);
-			return;
+		if(! Apps::system_app_installed(local_channel(), 'PDL Editor')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('PDL Editor App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Provides the ability to edit system page layouts');
+			return $o;
 		}
 
 		if(argc() > 2 && argv(2) === 'reset') {

Zotlabs/Module/Permcats.php

@@ -1,26 +1,31 @@
 <?php
 
-namespace Zotlabs\Module\Settings;
+namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Apps;
 
-
-class Permcats {
+class Permcats extends Controller {
 
 	function post() {
 
 		if(! local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if(! Apps::system_app_installed(local_channel(), 'Permission Categories'))
+			return;
 
-		check_form_security_token_redirectOnErr('/settings/permcats', 'settings_permcats');
+		$channel = App::get_channel();
+
+		check_form_security_token_redirectOnErr('/permcats', 'permcats');
 
 
 		$all_perms = \Zotlabs\Access\Permissions::Perms();
 
 		$name = escape_tags(trim($_POST['name']));
 		if(! $name) {
-			notice( t('Permission Name is required.') . EOL);
+			notice( t('Permission category name is required.') . EOL);
 			return;
 		}
 
@@ -50,13 +55,21 @@ class Permcats {
 		if(! local_channel())
 			return;
 
-		$channel = \App::get_channel();
+		if(! Apps::system_app_installed(local_channel(), 'Permission Categories')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
 
+			$o = '<b>' . t('Permission Categories App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Create custom connection permission limits');
+			return $o;
+		}
 
-		if(argc() > 2) 
-			$name = hex2bin(argv(2));			
+		$channel = App::get_channel();
 
-		if(argc() > 3 && argv(3) === 'drop') {
+		if(argc() > 1) 
+			$name = hex2bin(argv(1));			
+
+		if(argc() > 2 && argv(2) === 'drop') {
 			\Zotlabs\Lib\Permcat::delete(local_channel(),$name);
 			build_sync_packet();
 			json_return_and_die([ 'success' => true ]);
@@ -93,9 +106,9 @@ class Permcats {
 
 
 
-		$tpl = get_markup_template("settings_permcats.tpl");
+		$tpl = get_markup_template("permcats.tpl");
 		$o .= replace_macros($tpl, array(
-			'$form_security_token' => get_form_security_token("settings_permcats"),
+			'$form_security_token' => get_form_security_token("permcats"),
 			'$title'	=> t('Permission Categories'),
 			'$desc'     => $desc,
 			'$desc2' => $desc2,
@@ -104,7 +117,7 @@ class Permcats {
 			'$atoken' => $atoken,
 			'$url1' => z_root() . '/channel/' . $channel['channel_address'],
 			'$url2' => z_root() . '/photos/' . $channel['channel_address'],
-			'$name' => array('name', t('Permission Name') . ' <span class="required">*</span>', (($name) ? $name : ''), ''),
+			'$name' => array('name', t('Permission category name') . ' <span class="required">*</span>', (($name) ? $name : ''), ''),
 			'$me' => t('My Settings'),
 			'$perms' => $perms,
 			'$inherited' => t('inherited'),

Zotlabs/Module/Photo.php

@@ -4,13 +4,12 @@ namespace Zotlabs\Module;
 require_once('include/security.php');
 require_once('include/attach.php');
 require_once('include/photo/photo_driver.php');
-require_once('include/photos.php');
 
 
 class Photo extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
+
 		$prvcachecontrol = false;
 		$streaming = null;
 		$channel = null;
@@ -32,26 +31,26 @@ class Photo extends \Zotlabs\Web\Controller {
 		}
 	
 		$observer_xchan = get_observer_hash();
+		$ismodified = $_SERVER['HTTP_IF_MODIFIED_SINCE'];
 
-		$default = z_root() . '/' . get_default_profile_photo();
-	
 		if(isset($type)) {
 	
 			/**
 			 * Profile photos - Access controls on default profile photos are not honoured since they need to be exchanged with remote sites.
 			 * 
 			 */
-	
+			 
+			$default = get_default_profile_photo();
+			 
 			if($type === 'profile') {
 				switch($res) {
-	
 					case 'm':
 						$resolution = 5;
-						$default = z_root() . '/' . get_default_profile_photo(80);
+						$default = get_default_profile_photo(80);
 						break;
 					case 's':
 						$resolution = 6;
-						$default = z_root() . '/' . get_default_profile_photo(48);
+						$default = get_default_profile_photo(48);
 						break;
 					case 'l':
 					default:
@@ -60,6 +59,8 @@ class Photo extends \Zotlabs\Web\Controller {
 				}
 			}
 	
+			$modified = filemtime($default);
+			$default = z_root() . '/' . $default;
 			$uid = $person;
 
 			$d = [ 'imgscale' => $resolution, 'channel_id' => $uid, 'default' => $default, 'data'  => '', 'mimetype' => '' ];
@@ -78,17 +79,18 @@ class Photo extends \Zotlabs\Web\Controller {
 					intval(PHOTO_PROFILE)
 				);
 				if($r) {
+					$modified = strtotime($r[0]['edited'] . "Z");
 					$data = dbunescbin($r[0]['content']);
 					$mimetype = $r[0]['mimetype'];
 				}
 				if(intval($r[0]['os_storage']))
 					$data = file_get_contents($data);
 			}
+
 			if(! $data) {
-				$data = fetch_image_from_url($default,$mimetype);
-			}
-			if(! $mimetype) {
-				$mimetype = 'image/png';
+			    $x = z_fetch_url($default,true,0,[ 'novalidate' => true ]);
+			    $data = ($x['success'] ? $x['body'] : EMPTY_STR);
+			    $mimetype = 'image/png';
 			}
 		}
 		else {
@@ -124,9 +126,7 @@ class Photo extends \Zotlabs\Web\Controller {
 				$photo = substr($photo,0,-2);
 				// If viewing on a high-res screen, attempt to serve a higher resolution image:
 				if ($resolution == 2 && ($cookie_value > 1))
-				  {
 				    $resolution = 1;
-				  }
 			}
 			
 			$r = q("SELECT uid, photo_usage FROM photo WHERE resource_id = '%s' AND imgscale = %d LIMIT 1",
@@ -151,18 +151,6 @@ class Photo extends \Zotlabs\Web\Controller {
 					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
 				}
 
-				if(intval($r[0]['photo_usage'])) {
-					$allowed = 1;
-					if(intval($r[0]['photo_usage']) === PHOTO_COVER) 
-						if($resolution < PHOTO_RES_COVER_1200)
-							$allowed = (-1);
-					if(intval($r[0]['photo_usage']) === PHOTO_PROFILE)
-						if(! in_array($resolution,[4,5,6]))
-							$allowed = (-1);
-				}
-				if($allowed === (-1))
-					$allowed = attach_can_view($r[0]['uid'],$observer_xchan,$photo);
-				
 				$channel = channelx_by_n($r[0]['uid']);
 
 				// Now we'll see if we can access the photo
@@ -175,10 +163,13 @@ class Photo extends \Zotlabs\Web\Controller {
 
 				if($exists && $allowed) {
 					$data = dbunescbin($e[0]['content']);
+					$filesize = $e[0]['filesize'];
 					$mimetype = $e[0]['mimetype'];
-					if(intval($e[0]['os_storage'])) {
+					$modified = strtotime($e[0]['edited'] . 'Z');
+					if(intval($e[0]['os_storage']))
 						$streaming = $data;
-					}
+					if($e[0]['allow_cid'] != '' || $e[0]['allow_gid'] != '' || $e[0]['deny_gid'] != '' || $e[0]['deny_gid'] != '')
+						$prvcachecontrol = true;
 				}
 				else {
 					if(! $allowed) {
@@ -189,27 +180,40 @@ class Photo extends \Zotlabs\Web\Controller {
 					}
 
 				}
+			} else {
+				http_status_exit(404,'not found');
 			}
 		}
-	
+
+		header_remove('Pragma');
+
+        if($ismodified === gmdate("D, d M Y H:i:s", $modified) . " GMT") {
+			header_remove('Expires');
+			header_remove('Cache-Control');
+			header_remove('Set-Cookie');
+			http_status_exit(304,'not modified');
+        }
+
 		if(! isset($data)) {
 			if(isset($resolution)) {
 				switch($resolution) {
-	
 					case 4:
-						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(),$mimetype);
+						$default = get_default_profile_photo();
 						break;
 					case 5:
-						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(80),$mimetype);
+						$default = get_default_profile_photo(80);
 						break;
 					case 6:
-						$data = fetch_image_from_url(z_root() . '/' . get_default_profile_photo(48),$mimetype);
+						$default = get_default_profile_photo(48);
 						break;
 					default:
 						killme();
 						// NOTREACHED
 						break;
 				}
+				$x = z_fetch_url(z_root() . '/' . $default,true,0,[ 'novalidate' => true ]);
+				$data = ($x['success'] ? $x['body'] : EMPTY_STR);
+				$mimetype = 'image/png';
 			}
 		}
 	
@@ -222,15 +226,14 @@ class Photo extends \Zotlabs\Web\Controller {
 			}
 		}
 	
+		// @FIXME Seems never invoked
 		// Writing in cachefile
-		if (isset($cachefile) && $cachefile != '')
+		if (isset($cachefile) && $cachefile != '') {
 			file_put_contents($cachefile, $data);
-	
-		if(function_exists('header_remove')) {
-			header_remove('Pragma');
-			header_remove('pragma');
+			$modified = filemtime($cachefile);
 		}
-	
+
+
 		header("Content-type: " . $mimetype);
 	
 		if($prvcachecontrol) {
@@ -252,15 +255,16 @@ class Photo extends \Zotlabs\Web\Controller {
 			// This has performance considerations but we highly recommend you 
 			// leave it alone. 
 	
-			$cache = get_config('system','photo_cache_time');
-			if(! $cache)
-				$cache = (3600 * 24); // 1 day
-	
+			$cache = get_config('system','photo_cache_time', 86400);    // 1 day by default
+
 		 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + $cache) . " GMT");
 			header("Cache-Control: max-age=" . $cache);
 	
 		}
 
+		header("Last-Modified: " . gmdate("D, d M Y H:i:s", $modified) . " GMT");
+		header("Content-Length: " . (isset($filesize) ? $filesize : strlen($data)));
+
 		// If it's a file resource, stream it. 
 
 		if($streaming && $channel) {

Zotlabs/Module/Photos.php

@@ -263,7 +263,8 @@ class Photos extends \Zotlabs\Web\Controller {
 							$fsize = strlen($data);
 						}
 	
-						$x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+						$x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 0",
+							dbesc(datetime_convert()),
 							dbescbin($data),
 							intval($fsize),
 							intval($height),
@@ -277,9 +278,13 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 						$width  = $ph->getWidth();
 						$height = $ph->getHeight();
+						$data = $ph->imageString();
+						$fsize = strlen($data);
 	
-						$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
-							dbescbin($ph->imageString()),
+						$x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 1",
+							dbesc(datetime_convert()),
+							dbescbin($data),
+							intval($fsize),
 							intval($height),
 							intval($width),
 							dbesc($resource_id),
@@ -292,9 +297,13 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 						$width  = $ph->getWidth();
 						$height = $ph->getHeight();
+						$data = $ph->imageString();
+						$fsize = strlen($data);
 	
-						$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
-							dbescbin($ph->imageString()),
+						$x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 2",
+							dbesc(datetime_convert()),
+							dbescbin($data),
+							intval($fsize),
 							intval($height),
 							intval($width),
 							dbesc($resource_id),
@@ -307,9 +316,13 @@ class Photos extends \Zotlabs\Web\Controller {
 	
 						$width  = $ph->getWidth();
 						$height = $ph->getHeight();
+						$data = $ph->imageString();
+						$fsize = strlen($data);
 	
-						$x = q("update photo set content = '%s', height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
-							dbescbin($ph->imageString()),
+						$x = q("update photo set edited = '%s', content = '%s', filesize = %d, height = %d, width = %d where resource_id = '%s' and uid = %d and imgscale = 3",
+							dbesc(datetime_convert()),
+							dbescbin($data),
+							intval($fsize),
 							intval($height),
 							intval($width),
 							dbesc($resource_id),
@@ -612,18 +625,15 @@ class Photos extends \Zotlabs\Web\Controller {
 
 		nav_set_selected('Photos');
 	
-		$o = '<script src="library/blueimp_upload/js/vendor/jquery.ui.widget.js"></script>
-			<script src="library/blueimp_upload/js/jquery.iframe-transport.js"></script>
-			<script src="library/blueimp_upload/js/jquery.fileupload.js"></script>';
+		$o = '<script src="vendor/blueimp/jquery-file-upload/js/vendor/jquery.ui.widget.js"></script>
+			<script src="vendor/blueimp/jquery-file-upload/js/jquery.iframe-transport.js"></script>
+			<script src="vendor/blueimp/jquery-file-upload/js/jquery.fileupload.js"></script>';
 
 
 		$o .= "<script> var profile_uid = " . \App::$profile['profile_uid'] 
 			. "; var netargs = '?f='; var profile_page = " . \App::$pager['page'] . "; </script>\r\n";
 	
-		// tabs
-	
 		$_is_owner = (local_channel() && (local_channel() == $owner_uid));
-		//$o .= profile_tabs($a,$_is_owner, \App::$data['channel']['channel_address']);	
 	
 		/**
 		 * Display upload form
@@ -978,7 +988,7 @@ class Photos extends \Zotlabs\Web\Controller {
 			$photo = array(
 				'href' => z_root() . '/photo/' . $hires['resource_id'] . '-' . $hires['imgscale'] . '.' . $phototypes[$hires['mimetype']],
 				'title'=> t('View Full Size'),
-				'src'  => z_root() . '/photo/' . $lores['resource_id'] . '-' . $lores['imgscale'] . '.' . $phototypes[$lores['mimetype']] . '?f=&_u=' . datetime_convert('','','','ymdhis')
+				'src'  => z_root() . '/photo/' . $lores['resource_id'] . '-' . $lores['imgscale'] . '.' . $phototypes[$lores['mimetype']]
 			);
 	
 			if($nextlink)
@@ -1112,6 +1122,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				$comments = '';
 				if(! $r) {
 					if($observer && ($can_post || $can_comment)) {
+						$feature_auto_save_draft = ((feature_enabled($owner_uid, 'auto_save_draft')) ? "true" : "false");
 						$commentbox = replace_macros($cmnt_tpl,array(
 							'$return_path' => '', 
 							'$mode' => 'photos',
@@ -1127,7 +1138,8 @@ class Photos extends \Zotlabs\Web\Controller {
 							'$submit' => t('Submit'),
 							'$preview' => t('Preview'),
 							'$ww' => '',
-							'$feature_encrypt' => false
+							'$feature_encrypt' => false,
+							'$auto_save_draft' => $feature_auto_save_draft
 						));
 					}
 				}
@@ -1260,8 +1272,14 @@ class Photos extends \Zotlabs\Web\Controller {
 			if(feature_enabled($owner_uid,'dislike'))
 				$response_verbs[] = 'dislike';
 	
-	
 			$responses = get_responses($conv_responses,$response_verbs,'',$link_item);
+
+			$hookdata = [
+				'onclick' => '$.colorbox({href: \'' . $photo['href'] . '\'}); return false;',
+				'raw_photo' => $ph[0],
+				'nickname' => \App::$data['channel']['channel_address']
+			];
+			call_hooks('photo_view_filter', $hookdata);
 	
 			$photo_tpl = get_markup_template('photo_view.tpl');
 			$o .= replace_macros($photo_tpl, array(
@@ -1299,6 +1317,7 @@ class Photos extends \Zotlabs\Web\Controller {
 				'$comments' => $comments,
 				'$commentbox' => $commentbox,
 				'$paginate' => $paginate,
+				'$onclick' => $hookdata['onclick']
 			));
 	
 			\App::$data['photo_html'] = $o;

Zotlabs/Module/Ping.php

@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Module;
 
+use Zotlabs\Lib\Apps;
+
 require_once('include/bbcode.php');
 
 /**
@@ -147,9 +149,12 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(! ($vnotify & VNOTIFY_LIKE))
 			$sql_extra = " AND verb NOT IN ('" . dbesc(ACTIVITY_LIKE) . "', '" . dbesc(ACTIVITY_DISLIKE) . "') ";
 
-		$discover_tab_on = can_view_public_stream();
-
-		$notify_pubs = ((local_channel()) ? ($vnotify & VNOTIFY_PUBS) && $discover_tab_on : $discover_tab_on);
+		if(local_channel()) {
+			$notify_pubs = ($vnotify & VNOTIFY_PUBS) && can_view_public_stream() && Apps::system_app_installed(local_channel(), 'Public Stream');
+		}
+		else {
+			$notify_pubs = can_view_public_stream();
+		}
 
 		if($notify_pubs) {
 			$sys = get_sys_channel();
@@ -325,6 +330,7 @@ class Ping extends \Zotlabs\Web\Controller {
 					$notifs[] = array(
 						'notify_link' => z_root() . '/mail/' . $zz['id'],
 						'name' => $zz['xchan_name'],
+						'addr' => $zz['xchan_addr'],
 						'url' => $zz['xchan_url'],
 						'photo' => $zz['xchan_photo_s'],
 						'when' => relative_date($zz['created']),
@@ -341,6 +347,10 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(argc() > 1 && (argv(1) === 'network' || argv(1) === 'home')) {
 			$result = array();
 
+			if(argv(1) === 'home') {
+				$sql_extra .= ' and item_wall = 1 ';
+			}
+
 			$r = q("SELECT * FROM item 
 				WHERE uid = %d
 				AND item_unseen = 1
@@ -356,8 +366,6 @@ class Ping extends \Zotlabs\Web\Controller {
 			if($r) {
 				xchan_query($r);
 				foreach($r as $item) {
-					if((argv(1) === 'home') && (! intval($item['item_wall'])))
-						continue;
 					$result[] = \Zotlabs\Lib\Enotify::format($item);
 				}
 			}
@@ -378,6 +386,7 @@ class Ping extends \Zotlabs\Web\Controller {
 					$result[] = array(
 						'notify_link' => z_root() . '/connections/ifpending',
 						'name' => $rr['xchan_name'],
+						'addr' => $rr['xchan_addr'],
 						'url' => $rr['xchan_url'],
 						'photo' => $rr['xchan_photo_s'],
 						'when' => relative_date($rr['abook_created']),
@@ -402,6 +411,7 @@ class Ping extends \Zotlabs\Web\Controller {
 					$result[] = array(
 						'notify_link' => z_root() . '/admin/accounts',
 						'name' => $rr['account_email'],
+						'addr' => $rr['account_email'],
 						'url' => '',
 						'photo' => z_root() . '/' . get_default_profile_photo(48),
 						'when' => relative_date($rr['account_created']),
@@ -439,6 +449,7 @@ class Ping extends \Zotlabs\Web\Controller {
 					$result[] = array(
 						'notify_link' => z_root() . '/events', /// @FIXME this takes you to an edit page and it may not be yours, we really want to just view the single event  --> '/events/event/' . $rr['event_hash'],
 						'name'        => $rr['xchan_name'],
+						'addr'        => $rr['xchan_addr'],
 						'url'         => $rr['xchan_url'],
 						'photo'       => $rr['xchan_photo_s'],
 						'when'        => $when,
@@ -455,7 +466,7 @@ class Ping extends \Zotlabs\Web\Controller {
 		if(argc() > 1 && (argv(1) === 'files')) {
 			$result = array();
 
-			$r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_url, xchan.xchan_photo_s FROM item 
+			$r = q("SELECT item.created, xchan.xchan_name, xchan.xchan_addr, xchan.xchan_url, xchan.xchan_photo_s FROM item 
 				LEFT JOIN xchan on author_xchan = xchan_hash
 				WHERE item.verb = '%s'
 				AND item.obj_type = '%s'
@@ -472,6 +483,7 @@ class Ping extends \Zotlabs\Web\Controller {
 					$result[] = array(
 						'notify_link' => z_root() . '/sharedwithme',
 						'name' => $rr['xchan_name'],
+						'addr' => $rr['xchan_addr'],
 						'url' => $rr['xchan_url'],
 						'photo' => $rr['xchan_photo_s'],
 						'when' => relative_date($rr['created']),
@@ -629,24 +641,31 @@ class Ping extends \Zotlabs\Web\Controller {
 		if($vnotify & VNOTIFY_FORUMS) {
 			$forums = get_forum_channels(local_channel());
 
-			if(! $forums) {
-				$result['forums'] = 0;
-			}
-			else {
-
-				$perms_sql = item_permissions_sql(local_channel()) . item_normal();
+			if($forums) {
+				$item_normal = item_normal();
 				$fcount = count($forums);
 				$forums['total'] = 0;
 
 				for($x = 0; $x < $fcount; $x ++) {
-					$r = q("select sum(item_unseen) as unseen from item 
-						where uid = %d and owner_xchan = '%s' and item_unseen = 1 $perms_sql ",
+					$p = q("SELECT oid AS parent FROM term WHERE uid = %d AND ttype = %d AND term = '%s'",
 						intval(local_channel()),
+						intval(TERM_FORUM),
+						dbesc($forums[$x]['xchan_name'])
+					);
+
+					$p_str = ids_to_querystr($p, 'parent');
+					$p_sql = (($p_str) ? "OR parent IN ( $p_str )" : '');
+
+					$r = q("select count(id) as unseen from item 
+						where uid = %d and ( owner_xchan = '%s' OR author_xchan = '%s' $p_sql ) and item_unseen = 1 $item_normal $sql_extra",
+						intval(local_channel()),
+						dbesc($forums[$x]['xchan_hash']),
 						dbesc($forums[$x]['xchan_hash'])
 					);
 					if($r[0]['unseen']) {
-						$forums[$x]['notify_link'] = (($forums[$x]['private_forum']) ? $forums[$x]['xchan_url'] : z_root() . '/network/?f=&pf=1&cid=' . $forums[$x]['abook_id']);
+						$forums[$x]['notify_link'] = (($forums[$x]['private_forum']) ? $forums[$x]['xchan_url'] : z_root() . '/network/?f=&pf=1&unseen=1&cid=' . $forums[$x]['abook_id']);
 						$forums[$x]['name'] = $forums[$x]['xchan_name'];
+						$forums[$x]['addr'] = $forums[$x]['xchan_addr'];
 						$forums[$x]['url'] = $forums[$x]['xchan_url'];
 						$forums[$x]['photo'] = $forums[$x]['xchan_photo_s'];
 						$forums[$x]['unseen'] = $r[0]['unseen'];

Zotlabs/Module/Poke.php

@@ -1,6 +1,10 @@
 <?php
 namespace Zotlabs\Module; /** @file */
 
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Web\Controller;
+
 /**
  *
  * Poke, prod, finger, or otherwise do unspeakable things to somebody - who must be a connection in your address book
@@ -18,15 +22,19 @@ namespace Zotlabs\Module; /** @file */
 require_once('include/items.php');
 
 
-class Poke extends \Zotlabs\Web\Controller {
+class Poke extends Controller {
 
 	function init() {
 	
 		if(! local_channel())
 			return;
+
+		if(! Apps::system_app_installed(local_channel(), 'Poke')) {
+			return;
+		}
 	
 		$uid = local_channel();
-		$channel = \App::get_channel();
+		$channel = App::get_channel();
 	
 		$verb = notags(trim($_REQUEST['verb']));
 		
@@ -150,6 +158,15 @@ class Poke extends \Zotlabs\Web\Controller {
 			return;
 		}
 
+		if(! Apps::system_app_installed(local_channel(), 'Poke')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Poke App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= t('Poke somebody in your addressbook');
+			return $o;
+		}
+
 		nav_set_selected('Poke');
 	
 		$name = '';

Zotlabs/Module/Probe.php

@@ -1,16 +1,29 @@
 <?php
 namespace Zotlabs\Module;
 
-require_once('include/zot.php');
+use App;
+use Zotlabs\Lib\Apps;
 
+require_once('include/zot.php');
 
 class Probe extends \Zotlabs\Web\Controller {
 
 	function get() {
 
+		if(local_channel()) {
+			if(! Apps::system_app_installed(local_channel(), 'Remote Diagnostics')) {
+				//Do not display any associated widgets at this point
+				App::$pdl = '';
+
+				$o = '<b>' . t('Remote Diagnostics App') . ' (' . t('Not Installed') . '):</b><br>';
+				$o .= t('Perform diagnostics on remote channels');
+				return $o;
+			}
+		}
+
 		nav_set_selected('Remote Diagnostics');
 
-		$o .= '<h3>Probe Diagnostic</h3>';
+		$o .= '<h3>Remote Diagnostics</h3>';
 	
 		$o .= '<form action="probe" method="get">';
 		$o .= 'Lookup address: <input type="text" style="width: 250px;" name="addr" value="' . $_GET['addr'] .'" />';
@@ -19,7 +32,7 @@ class Probe extends \Zotlabs\Web\Controller {
 		$o .= '<br /><br />';
 	
 		if(x($_GET,'addr')) {
-			$channel = \App::get_channel();
+			$channel = App::get_channel();
 			$addr = trim($_GET['addr']);
 			$do_import = ((intval($_GET['import']) && is_site_admin()) ? true : false);
 			
@@ -27,12 +40,11 @@ class Probe extends \Zotlabs\Web\Controller {
 
 			$o .= '<pre>';
 			if(! $j['success']) {
-				$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
 				$o .= "<strong>https connection failed. Trying again with auto failover to http.</strong>\r\n\r\n";
 				$j = \Zotlabs\Zot\Finger::run($addr,$channel,true);
-				if(! $j['success']) 
-					$o .= sprintf( t('Fetching URL returns error: %1$s'),$res['error'] . "\r\n\r\n");
-	
+				if(! $j['success']) {
+					return $o;	
+				}
 			}
 			if($do_import && $j)
 				$x = import_xchan($j);

Zotlabs/Module/Profiles.php

@@ -8,8 +8,8 @@ require_once('include/selectors.php');
 class Profiles extends \Zotlabs\Web\Controller {
 
 	function init() {
-	
-		nav_set_selected('Profiles');
+
+		nav_set_selected('Profiles', 'settings/profiles');
 	
 		if(! local_channel()) {
 			return;

Zotlabs/Module/Pubstream.php

@@ -1,6 +1,9 @@
 <?php
 namespace Zotlabs\Module;
 
+use App;
+use Zotlabs\Lib\Apps;
+
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
 
@@ -9,6 +12,17 @@ class Pubstream extends \Zotlabs\Web\Controller {
 
 	function get($update = 0, $load = false) {
 
+		if(local_channel()) {
+			if(! Apps::system_app_installed(local_channel(), 'Public Stream')) {
+				//Do not display any associated widgets at this point
+				App::$pdl = '';
+
+				$o = '<b>' . t('Public Stream App') . ' (' . t('Not Installed') . '):</b><br>';
+				$o .= t('The unmoderated public stream of this hub');
+				return $o;
+			}
+		}
+
 		if($load)
 			$_SESSION['loadtime'] = datetime_convert();
 
@@ -81,7 +95,7 @@ class Pubstream extends \Zotlabs\Web\Controller {
 			);
 	
 			$o = '<div id="jot-popup">';
-			$o .= status_editor($a,$x);
+			$o .= status_editor($a,$x,false,'Pubstream');
 			$o .= '</div>';
 		}
 

Zotlabs/Module/Randprof.php

@@ -1,11 +1,17 @@
 <?php
 namespace Zotlabs\Module;
 
-
+use App;
+use Zotlabs\Lib\Apps;
 
 class Randprof extends \Zotlabs\Web\Controller {
 
 	function init() {
+		if(local_channel()) {
+			if(! Apps::system_app_installed(local_channel(), 'Random Channel'))
+				return;
+		}
+
 		$x = random_profile();
 		if($x)
 			goaway(chanlink_hash($x));
@@ -13,5 +19,19 @@ class Randprof extends \Zotlabs\Web\Controller {
 		/** FIXME this doesn't work at the moment as a fallback */
 		goaway(z_root() . '/profile');
 	}
+
+	function get() {
+		if(local_channel()) {
+			if(! Apps::system_app_installed(local_channel(), 'Random Channel')) {
+				//Do not display any associated widgets at this point
+				App::$pdl = '';
+
+				$o = '<b>' . t('Random Channel App') . ' (' . t('Not Installed') . '):</b><br>';
+				$o .= t('Visit a random channel in the $Projectname network');
+				return $o;
+			}
+		}
+
+	}
 	
 }

Zotlabs/Module/Register.php

@@ -227,11 +227,6 @@ class Register extends \Zotlabs\Web\Controller {
 
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
 
-		// A new account will not have a techlevel, but accounts can also be created by the administrator.
-
-		if((get_account_techlevel() < 4) && $privacy_role !== 'custom')
-			unset($perm_roles[t('Other')]);
-	
 		// Configurable terms of service link
 	
 		$tosurl = get_config('system','tos_url');

Zotlabs/Module/Rpost.php

@@ -138,7 +138,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 			'jotnets'             => true
 		);
 	
-		$editor = status_editor($a,$x);
+		$editor = status_editor($a,$x,false,'Rpost');
 	
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),

Zotlabs/Module/Search.php

@@ -6,7 +6,7 @@ class Search extends \Zotlabs\Web\Controller {
 
 	function init() {
 		if(x($_REQUEST,'search'))
-			\App::$data['search'] = $_REQUEST['search'];
+			\App::$data['search'] = escape_tags($_REQUEST['search']);
 	}
 	
 	
@@ -46,12 +46,12 @@ class Search extends \Zotlabs\Web\Controller {
 		if(x(\App::$data,'search'))
 			$search = trim(\App::$data['search']);
 		else
-			$search = ((x($_GET,'search')) ? trim(rawurldecode($_GET['search'])) : '');
+			$search = ((x($_GET,'search')) ? trim(escape_tags(rawurldecode($_GET['search']))) : '');
 	
 		$tag = false;
 		if(x($_GET,'tag')) {
 			$tag = true;
-			$search = ((x($_GET,'tag')) ? trim(rawurldecode($_GET['tag'])) : '');
+			$search = ((x($_GET,'tag')) ? trim(escape_tags(rawurldecode($_GET['tag']))) : '');
 		}
 
 		$static = ((array_key_exists('static',$_REQUEST)) ? intval($_REQUEST['static']) : 0);
@@ -227,9 +227,9 @@ class Search extends \Zotlabs\Web\Controller {
 		}
 	
 		if($tag) 
-			$o .= '<h2>' . sprintf( t('Items tagged with: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+			$o .= '<h2>' . sprintf( t('Items tagged with: %s'),$search) . '</h2>';
 		else
-			$o .= '<h2>' . sprintf( t('Search results for: %s'),htmlspecialchars($search, ENT_COMPAT,'UTF-8')) . '</h2>';
+			$o .= '<h2>' . sprintf( t('Search results for: %s'),$search) . '</h2>';
 	
 		$o .= conversation($items,'search',$update,'client');
 	

Zotlabs/Module/Settings/Account.php

@@ -12,7 +12,6 @@ class Account {
 		$errs = array();
 	
 		$email = ((x($_POST,'email')) ? trim(notags($_POST['email'])) : '');
-		$techlevel = ((array_key_exists('techlevel',$_POST)) ? intval($_POST['techlevel']) : 0);
 
 		$account = \App::get_account();
 		if($email != $account['account_email']) {
@@ -32,13 +31,6 @@ class Account {
 					$errs[] = t('System failure storing new email. Please try again.');
 			}
 		}
-		if($techlevel != $account['account_level']) {
-			$r = q("update account set account_level = %d where account_id = %d",
-				intval($techlevel),
-				intval($account['account_id'])
-			);
-			info( t('Technical skill level updated') . EOL);
-		}
 	
 		if($errs) {
 			foreach($errs as $err)
@@ -101,11 +93,6 @@ class Account {
 	
 		$email      = \App::$account['account_email'];
 
-		$techlevels = \Zotlabs\Lib\Techlevels::levels();
-
-		$def_techlevel = \App::$account['account_level'];
-		$techlock = get_config('system','techlevel_lock');
-
 		$tpl = get_markup_template("settings_account.tpl");
 		$o .= replace_macros($tpl, array(
 			'$form_security_token' => get_form_security_token("settings_account"),
@@ -113,8 +100,6 @@ class Account {
 			'$origpass' => array('origpass', t('Current Password'), ' ',''),
 			'$password1'=> array('npassword', t('Enter New Password'), '', ''),
 			'$password2'=> array('confirm', t('Confirm New Password'), '', t('Leave password fields blank unless changing')),
-			'$techlevel' => [ 'techlevel', t('Your technical skill level'), $def_techlevel, t('Used to provide a member experience and additional features consistent with your comfort level'), $techlevels ],
-			'$techlock' => $techlock,
 			'$submit' 	=> t('Submit'),
 			'$email' 	=> array('email', t('Email Address:'), $email, ''),
 			'$removeme' => t('Remove Account'),

Zotlabs/Module/Settings/Calendar.php

@@ -0,0 +1,47 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+
+class Calendar {
+
+	function post() {
+
+		$module = substr(strrchr(strtolower(static::class), '\\'), 1);
+
+		check_form_security_token_redirectOnErr('/settings/' . $module, 'settings_' . $module);
+	
+		$features = get_module_features($module);
+
+		process_module_features_post(local_channel(), $features, $_POST);
+		
+		build_sync_packet();
+
+		if($_POST['rpath'])
+			goaway($_POST['rpath']);
+
+		return;
+	}
+
+	function get() {
+
+		$module = substr(strrchr(strtolower(static::class), '\\'), 1);
+
+		$features = get_module_features($module);
+		$rpath = (($_GET['rpath']) ? $_GET['rpath'] : '');
+
+		$tpl = get_markup_template("settings_module.tpl");
+
+		$o .= replace_macros($tpl, array(
+			'$rpath' => $rpath,
+			'$action_url' => 'settings/' . $module,
+			'$form_security_token' => get_form_security_token('settings_' . $module),
+			'$title' => t('CalDAV Settings'),
+			'$features'  => process_module_features_get(local_channel(), $features),
+			'$submit'    => t('Submit')
+		));
+	
+		return $o;
+	}
+
+}

Zotlabs/Module/Settings/Channel.php

@@ -2,6 +2,8 @@
 
 namespace Zotlabs\Module\Settings;
 
+use Zotlabs\Lib\Apps;
+
 require_once('include/selectors.php');
 
 
@@ -63,7 +65,7 @@ class Channel {
 				}
 				$hide_presence    = 1 - (intval($role_permissions['online']));
 				if($role_permissions['default_collection']) {
-					$r = q("select hash from groups where uid = %d and gname = '%s' limit 1",
+					$r = q("select hash from pgrp where uid = %d and gname = '%s' limit 1",
 						intval(local_channel()),
 						dbesc( t('Friends') )
 					);
@@ -71,7 +73,7 @@ class Channel {
 						require_once('include/group.php');
 						group_add(local_channel(), t('Friends'));
 						group_add_member(local_channel(),t('Friends'),$channel['channel_hash']);
-						$r = q("select hash from groups where uid = %d and gname = '%s' limit 1",
+						$r = q("select hash from pgrp where uid = %d and gname = '%s' limit 1",
 							intval(local_channel()),
 							dbesc( t('Friends') )
 						);
@@ -133,8 +135,6 @@ class Channel {
 		$photo_path       = ((x($_POST,'photo_path')) ? escape_tags(trim($_POST['photo_path'])) : '');
 		$attach_path      = ((x($_POST,'attach_path')) ? escape_tags(trim($_POST['attach_path'])) : '');
 	
-		$channel_menu     = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']),ENT_QUOTES) : '');
-	
 		$expire_items     = ((x($_POST,'expire_items')) ? intval($_POST['expire_items'])	 : 0);
 		$expire_starred   = ((x($_POST,'expire_starred')) ? intval($_POST['expire_starred']) : 0);
 		$expire_photos    = ((x($_POST,'expire_photos'))? intval($_POST['expire_photos'])	 : 0);
@@ -154,10 +154,7 @@ class Channel {
 		$adult            = (($_POST['adult'] == 1) ? 1 : 0);
 		$defpermcat       = ((x($_POST,'defpermcat')) ? notags(trim($_POST['defpermcat'])) : 'default');
 	
-		$cal_first_day   = (((x($_POST,'first_day')) && (intval($_POST['first_day']) == 1)) ? 1: 0);
 		$mailhost        = ((array_key_exists('mailhost',$_POST)) ? notags(trim($_POST['mailhost'])) : '');
-		$profile_assign  = ((x($_POST,'profile_assign')) ? notags(trim($_POST['profile_assign'])) : '');
-
 	
 		$pageflags = $channel['channel_pageflags'];
 		$existing_adult = (($pageflags & PAGE_ADULT) ? 1 : 0);
@@ -245,16 +242,13 @@ class Channel {
 		set_pconfig(local_channel(),'system','post_joingroup', $post_joingroup);
 		set_pconfig(local_channel(),'system','post_profilechange', $post_profilechange);
 		set_pconfig(local_channel(),'system','blocktags',$blocktags);
-		set_pconfig(local_channel(),'system','channel_menu',$channel_menu);
 		set_pconfig(local_channel(),'system','vnotify',$vnotify);
 		set_pconfig(local_channel(),'system','always_show_in_notices',$always_show_in_notices);
 		set_pconfig(local_channel(),'system','evdays',$evdays);
 		set_pconfig(local_channel(),'system','photo_path',$photo_path);
 		set_pconfig(local_channel(),'system','attach_path',$attach_path);
-		set_pconfig(local_channel(),'system','cal_first_day',$cal_first_day);
 		set_pconfig(local_channel(),'system','default_permcat',$defpermcat);
 		set_pconfig(local_channel(),'system','email_notify_host',$mailhost);
-		set_pconfig(local_channel(),'system','profile_assign',$profile_assign);
 		set_pconfig(local_channel(),'system','autoperms',$autoperms);
 	
 		$r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d $set_perms where channel_id = %d",
@@ -434,7 +428,7 @@ class Channel {
 			'$nickname' => (($intl_nickname === $webbie) ? $webbie : $intl_nickname . ' (' . $webbie . ')'),
 			'$subdir' => $subdir,
 			'$davdesc' => t('Your files/photos are accessible via WebDAV at'),
-			'$davpath' => ((get_account_techlevel() > 3) ? z_root() . '/dav/' . $nickname : ''),
+			'$davpath' => z_root() . '/dav/' . $nickname,
 			'$basepath' => \App::get_hostname()
 		));
 
@@ -460,18 +454,6 @@ class Channel {
 		require_once('include/group.php');
 		$group_select = mini_group_select(local_channel(),$channel['channel_default_group']);
 	
-		require_once('include/menu.php');
-		$m1 = menu_list(local_channel());
-		$menu = false;
-		if($m1) {
-			$menu = array();
-			$current = get_pconfig(local_channel(),'system','channel_menu');
-			$menu[] = array('name' => '', 'selected' => ((! $current) ? true : false));
-			foreach($m1 as $m) {
-				$menu[] = array('name' => htmlspecialchars($m['menu_name'],ENT_COMPAT,'UTF-8'), 'selected' => (($m['menu_name'] === $current) ? ' selected="selected" ' : false));
-			}
-		}
-	
 		$evdays = get_pconfig(local_channel(),'system','evdays');
 		if(! $evdays)
 			$evdays = 3;
@@ -492,18 +474,13 @@ class Channel {
 		$permissions_set = (($permissions_role != 'custom') ? true : false);
 
 		$perm_roles = \Zotlabs\Access\PermissionRoles::roles();
-		if((get_account_techlevel() < 4) && $permissions_role !== 'custom')
-			unset($perm_roles[t('Other')]);
-
-
-		
 
 		$vnotify = get_pconfig(local_channel(),'system','vnotify');
 		$always_show_in_notices = get_pconfig(local_channel(),'system','always_show_in_notices');
 		if($vnotify === false)
 			$vnotify = (-1);
 
-		$plugin = [ 'basic' => '', 'security' => '', 'notify' => '', 'misc' => '' ];
+		$plugin = [ 'basic' => '', 'security' => '', 'notify' => '' ];
 		call_hooks('channel_settings',$plugin);
 
 		$disable_discover_tab = intval(get_config('system','disable_discover_tab',1)) == 1;
@@ -548,8 +525,6 @@ class Channel {
 			'$permissions' => t('Default Privacy Group'),
 			'$permdesc' => t("\x28click to open/close\x29"),
 			'$aclselect' => populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromDescription(t('Use my default audience setting for the type of object published'))),
-			'$profseltxt' => t('Profile to assign new connections'),
-			'$profselect' => ((feature_enabled(local_channel(),'multi_profiles')) ? contact_profile_assign(get_pconfig(local_channel(),'system','profile_assign','')) : ''),
 
 			'$allow_cid' => acl2json($perm_defaults['allow_cid']),
 			'$allow_gid' => acl2json($perm_defaults['allow_gid']),
@@ -558,8 +533,8 @@ class Channel {
 			'$suggestme' => $suggestme,
 			'$group_select' => $group_select,
 			'$role' => array('permissions_role' , t('Channel role and privacy'), $permissions_role, '', $perm_roles),
-			'$defpermcat' => [ 'defpermcat', t('Default Permissions Group'), $default_permcat, '', $permcats ],	
-			'$permcat_enable' => feature_enabled(local_channel(),'permcats'),
+			'$defpermcat' => [ 'defpermcat', t('Default permissions category'), $default_permcat, '', $permcats ],
+			'$permcat_enable' => Apps::system_app_installed(local_channel(), 'Permission Categories'),
 			'$profile_in_dir' => $profile_in_dir,
 			'$hide_friends' => $hide_friends,
 			'$hide_wall' => $hide_wall,
@@ -587,7 +562,7 @@ class Channel {
 	
 			'$lbl_vnot' 	=> t('Show visual notifications including:'),
 	
-			'$vnotify1'	=> array('vnotify1', t('Unseen grid activity'), ($vnotify & VNOTIFY_NETWORK), VNOTIFY_NETWORK, '', $yes_no),
+			'$vnotify1'	=> array('vnotify1', t('Unseen stream activity'), ($vnotify & VNOTIFY_NETWORK), VNOTIFY_NETWORK, '', $yes_no),
 			'$vnotify2'	=> array('vnotify2', t('Unseen channel activity'), ($vnotify & VNOTIFY_CHANNEL), VNOTIFY_CHANNEL, '', $yes_no),
 			'$vnotify3'	=> array('vnotify3', t('Unseen private messages'), ($vnotify & VNOTIFY_MAIL), VNOTIFY_MAIL, t('Recommended'), $yes_no),
 			'$vnotify4'	=> array('vnotify4', t('Upcoming events'), ($vnotify & VNOTIFY_EVENT), VNOTIFY_EVENT, '', $yes_no),
@@ -599,7 +574,7 @@ class Channel {
 			'$vnotify10'  => array('vnotify10', t('New connections'), ($vnotify & VNOTIFY_INTRO), VNOTIFY_INTRO, t('Recommended'), $yes_no),
 			'$vnotify11'  => ((is_site_admin()) ? array('vnotify11', t('System Registrations'), ($vnotify & VNOTIFY_REGISTER), VNOTIFY_REGISTER, '', $yes_no) : array()),
 			'$vnotify12'  => array('vnotify12', t('Unseen shared files'), ($vnotify & VNOTIFY_FILES), VNOTIFY_FILES, '', $yes_no),
-			'$vnotify13'  => (($disable_discover_tab && !$site_firehose) ? array() : array('vnotify13', t('Unseen public activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
+			'$vnotify13'  => ((($disable_discover_tab && !$site_firehose) || !Apps::system_app_installed(local_channel(), 'Public Stream')) ? array() : array('vnotify13', t('Unseen public stream activity'), ($vnotify & VNOTIFY_PUBS), VNOTIFY_PUBS, '', $yes_no)),
 			'$vnotify14'	=> array('vnotify14', t('Unseen likes and dislikes'), ($vnotify & VNOTIFY_LIKE), VNOTIFY_LIKE, '', $yes_no),
 			'$vnotify15'	=> array('vnotify15', t('Unseen forum posts'), ($vnotify & VNOTIFY_FORUMS), VNOTIFY_FORUMS, '', $yes_no),
 			'$mailhost' => [ 'mailhost', t('Email notification hub (hostname)'), get_pconfig(local_channel(),'system','email_notify_host',\App::get_hostname()), sprintf( t('If your channel is mirrored to multiple hubs, set this to your preferred location. This will prevent duplicate email notifications. Example: %s'),\App::get_hostname()) ],
@@ -609,7 +584,6 @@ class Channel {
 			'$basic_addon' => $plugin['basic'],
 			'$sec_addon'  => $plugin['security'],
 			'$notify_addon' => $plugin['notify'],
-			'$misc_addon' => $plugin['misc'],
 	
 			'$h_advn' => t('Advanced Account/Page Type Settings'),
 			'$h_descadvn' => t('Change the behaviour of this account for special situations'),
@@ -617,12 +591,8 @@ class Channel {
 			'$lbl_misc' => t('Miscellaneous Settings'),
 			'$photo_path' => array('photo_path', t('Default photo upload folder'), get_pconfig(local_channel(),'system','photo_path'), t('%Y - current year, %m -  current month')),
 			'$attach_path' => array('attach_path', t('Default file upload folder'), get_pconfig(local_channel(),'system','attach_path'), t('%Y - current year, %m -  current month')),
-			'$menus' => $menu,			
-			'$menu_desc' => t('Personal menu to display in your channel pages'),
 			'$removeme' => t('Remove Channel'),
 			'$removechannel' => t('Remove this channel.'),
-			'$firefoxshare' => t('Firefox Share $Projectname provider'),
-			'$cal_first_day' => array('first_day', t('Start calendar week on Monday'), ((get_pconfig(local_channel(),'system','cal_first_day')) ? 1 : ''), '', $yes_no),
 		));
 	
 		call_hooks('settings_form',$o);

Zotlabs/Module/Settings/Channel_home.php

@@ -0,0 +1,95 @@
+<?php
+
+namespace Zotlabs\Module\Settings;
+
+require_once('include/menu.php');
+
+class Channel_home {
+
+	function post() {
+
+		$module = substr(strrchr(strtolower(static::class), '\\'), 1);
+
+		check_form_security_token_redirectOnErr('/settings/' . $module, 'settings_' . $module);
+	
+		$features = get_module_features($module);
+
+		process_module_features_post(local_channel(), $features, $_POST);
+
+		$channel_divmore_height = ((x($_POST,'channel_divmore_height')) ? intval($_POST['channel_divmore_height']) : 400);
+		if($channel_divmore_height < 50)
+			$channel_divmore_height = 50;
+		set_pconfig(local_channel(),'system','channel_divmore_height', $channel_divmore_height);
+
+		$channel_menu = ((x($_POST['channel_menu'])) ? htmlspecialchars_decode(trim($_POST['channel_menu']),ENT_QUOTES) : '');
+		set_pconfig(local_channel(),'system','channel_menu',$channel_menu);
+		
+		build_sync_packet();
+
+		if($_POST['rpath'])
+			goaway($_POST['rpath']);
+
+		return;
+	}
+
+	function get() {
+
+		$module = substr(strrchr(strtolower(static::class), '\\'), 1);
+
+		$features = get_module_features($module);
+		$rpath = (($_GET['rpath']) ? $_GET['rpath'] : '');
+
+		$channel_divmore_height = [
+			'channel_divmore_height',
+			t('Max height of content (in pixels)'),
+			((get_pconfig(local_channel(),'system','channel_divmore_height')) ? get_pconfig(local_channel(),'system','channel_divmore_height') : 400),
+			t('Click to expand content exceeding this height')
+		];
+
+		$menus = menu_list(local_channel());
+		if($menus) {
+			$current = get_pconfig(local_channel(),'system','channel_menu');
+			$menu[] = '';
+			foreach($menus as $m) {
+				$menu[$m['menu_name']] = htmlspecialchars($m['menu_name'],ENT_COMPAT,'UTF-8');
+			}
+
+			$menu_select = [
+				'channel_menu',
+				t('Personal menu to display in your channel pages'),
+				$current,
+				'',
+				$menu
+			];
+		}
+
+		$extra_settings_html = replace_macros(get_markup_template('field_input.tpl'),
+			[
+				'$field' => $channel_divmore_height
+			]
+		);
+
+		if($menu) {
+			$extra_settings_html .= replace_macros(get_markup_template('field_select.tpl'),
+				[
+					'$field' => $menu_select
+				]
+			);
+		}
+
+		$tpl = get_markup_template("settings_module.tpl");
+
+		$o .= replace_macros($tpl, array(
+			'$rpath' => $rpath,
+			'$action_url' => 'settings/' . $module,
+			'$form_security_token' => get_form_security_token('settings_' . $module),
+			'$title' => t('Channel Home Settings'),
+			'$features'  => process_module_features_get(local_channel(), $features),
+			'$extra_settings_html' => $extra_settings_html,
+			'$submit'    => t('Submit')
+		));
+	
+		return $o;
+	}
+
+}