Merge branch '5.4RC'

release 5.4
Merge branch '5.4RC' of https://framagit.org/hubzilla/core into 5.4RC
2026-06-21 00:52:33 -04:00 · 2021-03-08 09:31:23 +00:00 · 2021-03-08 09:26:50 +00:00 · 2021-03-08 09:23:11 +00:00 · 2021-03-08 09:21:22 +00:00 · 2021-03-06 18:56:53 +01:00
4603 changed files with 456231 additions and 711882 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,36 +1,147 @@
 # Select image from https://hub.docker.com/_/php/
-image: php:7.1
+#image: php:7.3
+# Use a prepared Hubzilla image to optimise pipeline duration
+image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
+
+stages:
+  - test
+  - deploy
+

 # Select what we should cache
 cache:
  paths:
  - vendor/
+  - .cache/

+
+# global variables for all jobs, if no job specific variables
 variables:
-  # Configure mysql service (https://hub.docker.com/_/mysql/)
+  # Tell composer to use the project workspace .cache folder
+  COMPOSER_CACHE_DIR: "$CI_PROJECT_DIR/.cache/composer"
+  # Ignore a Composer warning
+  COMPOSER_ALLOW_SUPERUSER: 1
+  # Configure MySQL/MariaDB service (https://hub.docker.com/_/mysql/, https://hub.docker.com/_/mariadb/)
  MYSQL_DATABASE: hello_world_test
  MYSQL_ROOT_PASSWORD: mysql
+  # Configure PostgreSQL service (https://hub.docker.com/_/postgres/)
+  POSTGRES_DB: ci-db
+  POSTGRES_USER: ci-user
+  POSTGRES_PASSWORD: ci-pass


-services:
- mysql:5.7
-
 before_script:
- apt-get update -yqq
- apt-get install -yqq git mysql-server mysql-client libmcrypt-dev libpq-dev libcurl4-gnutls-dev libicu-dev libvpx-dev libjpeg-dev libpng-dev libxpm-dev zlib1g-dev libfreetype6-dev libxml2-dev libexpat1-dev libbz2-dev libgmp3-dev libldap2-dev unixodbc-dev libsqlite3-dev libaspell-dev libsnmp-dev libpcre3-dev libtidy-dev
-# Install PHP extensions
- docker-php-ext-install mbstring mcrypt pdo_mysql pdo_pgsql curl json intl gd xml zip bz2 opcache
+# pecl and composer do not work with PHP production restrictions (from Hubzilla Docker image)
+- if [ -f /usr/local/etc/php/conf.d/z_prod.ini ]; then mv /usr/local/etc/php/conf.d/z_prod.ini /usr/local/etc/php/conf.d/z_prod.ini.off; fi
 # Install & enable Xdebug for code coverage reports
 - pecl install xdebug
 - docker-php-ext-enable xdebug
-# Install and run Composer
+# Install composer
 - curl -sS https://getcomposer.org/installer | php
- php composer.phar install
+# Install dev libraries from composer
+- php ./composer.phar install --no-progress
+# php.ini settings
+- echo 'xdebug.mode=coverage' >> /usr/local/etc/php/php.ini

-# We test PHP7 with MySQL, but we allow it to fail
-test:php:mysql:
+# hidden job definition with template for MySQL/MariaDB
+.job_template_mysql: &job_definition_mysql
+  stage: test
  script:
  - echo "USE $MYSQL_DATABASE; $(cat ./install/schema_mysql.sql)" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
  - echo "SHOW DATABASES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
  - echo "USE $MYSQL_DATABASE; SHOW TABLES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql "$MYSQL_DATABASE"
  - vendor/bin/phpunit --configuration tests/phpunit.xml --coverage-text
+
+# hidden job definition with template for PostgreSQL
+.job_template_postgres: &job_definition_postgres
+  stage: test
+  services:
+  - postgres:latest
+  script:
+  - export PGPASSWORD=$POSTGRES_PASSWORD
+  - psql --version
+  - psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "SELECT VERSION();"
+  # Import hubzilla's DB schema
+  - psql -h "postgres" -U "$POSTGRES_USER" -v ON_ERROR_STOP=1 --quiet "$POSTGRES_DB" < ./install/schema_postgres.sql
+  # Show databases and relations/tables of hubzilla's database
+  #- psql -h "postgres" -U "$POSTGRES_USER" -l
+  #- psql -h "postgres" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "\dt;"
+  # Run the actual tests
+  - vendor/bin/phpunit --configuration tests/phpunit-pgsql.xml --testdox
+
+# hidden job definition with artifacts config template
+.artifacts_template:
+  artifacts: &artifacts_template
+    expire_in: 1 week
+    # Gitlab should show the results, but has problems parsing PHPUnit's junit file.
+    reports:
+      junit: tests/results/junit.xml
+    # Archive test results (coverage, testdox, junit)
+    name: "$CI_COMMIT_REF_SLUG-$CI_JOB_NAME"
+    paths:
+      - tests/results/
+
+
+# PHP7.3 with MySQL 5.7
+php7.3_mysql5.7:
+  <<: *job_definition_mysql
+  services:
+  - mysql:5.7
+
+
+# PHP7.3 with MySQL 8 (latest)
+php7.3_mysql8:
+  <<: *job_definition_mysql
+  services:
+  - name: mysql:8
+    command: ["--default-authentication-plugin=mysql_native_password"]
+
+
+# PHP7.3 with MariaDB 10.2
+php7.3_mariadb10.2:
+  <<: *job_definition_mysql
+  services:
+  - name: mariadb:10.2
+    alias: mysql
+
+
+# PHP7.3 with MariaDB 10.3 (latest)
+php7.3_mariadb10.3:
+  <<: *job_definition_mysql
+  image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
+  services:
+  - name: mariadb:10.3
+    alias: mysql
+
+
+# PHP7.3 with PostgreSQL latest (11)
+php7.3_postgres11:
+  <<: *job_definition_postgres
+  artifacts: *artifacts_template
+
+
+# PHP7.3 with PostgreSQL latest (11)
+php7.3_postgres11:
+  <<: *job_definition_postgres
+  image: registry.gitlab.com/dawnbreak/hubzilla/core:php7.3
+  artifacts: *artifacts_template
+
+
+# Generate Doxygen API Documentation and deploy it as GitLab pages
+pages:
+  stage: deploy
+  cache: {}
+  image: php:7-cli-alpine
+  before_script:
+    - apk update
+    - apk add doxygen ttf-freefont graphviz
+  script:
+    - doxygen util/Doxyfile
+    - mv doc/html/ public/
+    - echo "API documentation should be accessible at https://hubzilla.frama.io/core/ soon"
+  artifacts:
+    paths:
+      - public
+  only:
+    # Only generate it on main repo's master branch
+    - master@hubzilla/core
--- a/.homeinstall/README.md
+++ b/.homeinstall/README.md
@@ -1,22 +1,10 @@
-# Hubzilla at Home next to your Router

-Run hubzilla-setup.sh for an unattended installation of hubzilla.
-
-The script is known to work without adjustments with
-
-+ Hardware
-  - Mini-PC with Debian-9.2-amd64, or
-  - Rapberry 3 with Raspbian, Debian-9.3
-+ DynDNS
-  - selfHOST.de
-  - freedns.afraid.org
+# How to use

 ## Disclaimers

- This script does work with Debian 9 only.
- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation).
-
-# Step-by-Step Overwiew
+- This script does work with Debian 10 only.
+- This script has to be used on a fresh debian install only (it does not take account for a possibly already installed and configured webserver or sql implementation). You may use it to install several hub/instances on the same server, though.

 ## Preconditions

@@ -28,97 +16,99 @@ Hardware

 Software

-+ Fresh installation of Debian 9 (Stretch)
-+ Router with open ports 80 and 443 for your Hub
+ Fresh installation of Debian 10 (Buster)
+ Router with open ports 80 and 443 for your web server

-## The basic steps (quick overview)
+You can of course run the script on a VPS or any distant server as long as the above sotfware requirements are satisfied.  
+
+
+## How to run the script

 + Register your own domain (for example at selfHOST) or a free subdomain (for example at freeDNS)
 + Log on to your fresh Debian
  - apt-get install git
  - mkdir -p /var/www
  - cd /var/www
-  - git clone https://github.com/redmatrix/hubzilla.git html
+  - git clone https://framagit.org/hubzilla/core.git html (you can replace "html" with any folder name you like, which you'll have to do if you plan to have more than one hub/instance running on your server)
  - cd html/.homeinstall
-  - cp hubzilla-config.txt.template hubzilla-config.txt
-  - nano hubzilla-config.txt
+  - cp zotserver-config.txt.template zotserver-config.txt
+  - nano zotserver-config.txt
    - Read the comments carefully
    - Enter your values: db pass, domain, values for dyn DNS
-  - Make sure your external drive (for backups) is mounted
-  - hubzilla-setup.sh as root
-    - ... wait, wait, wait until the script is finised
-  - reboot
-+ Open your domain with a browser and step throught the initial configuration of hubzilla.
-
-## Troubleshooting
-
-If the check of the mail address fails when you try to register the very first user in the browser. Do...
-
-    cd /var/www/html
-    util/config system.do_not_check_dns 1
+    - Prepare your external disk for backups
+  - ./zotserver-setup.sh as root
+    - ... wait, wait, wait until the script is finished
+ Open your domain with a browser and step throught the initial configuration of your hub/instance.

 ## Optional - Set path to imagemagick

-In Admin settings of hubzilla or via terminal
+In Admin settings of your hub/instance or via terminal

-    cd /var/www/html
+    cd /var/www/html (or the custom path you chose)
    util/config system.imagick_convert_path /usr/bin/convert

-# Step-by-Step in Detail
+## Optional - Switch verification of email on/off

-## Preparations Hardware
+Do this just before you register the first user.

-### Mini-PC
+In Admin settings of your hub/instance or via terminal

-### Recommended: USB Drive for Backups
+    cd /var/www/html

-The installation will create a daily backup written to an external drive.
+Check the current setting 

-The USB drive must be compatible with the filesystems
+    util/config system verify_email

- ext4 (if you do not want to encrypt the USB) 
- LUKS + ext4 (if you want to encrypt the USB) 
+Switch the verification on/off (1/0)

-The backup includes 
+    util/config system verify_email 0

- Hubzilla DB
- Hubzilla installation /var/www/html
- Certificates for letsencrypt
+## What the script will do for you...

-## Preparations Software
+ install everything required by your hub/instance, basically a web server (Apache or Nginx), PHP, a database (MySQL), certbot,...
+ create a database
+ run certbot to have everything for a secure connection (httpS)
+ create a script for daily maintenance
+  - backup to external disk (certificates, database, /var/www/)
+  - renew certfificate (letsencrypt)
+  - update of your hub/instance (git)
+  - update of Debian
+  - restart
+ create cron jobs for
+  - DynDNS (selfHOST.de or freedns.afraid.org) every 5 minutes
+  - Run.php for your hub/instance every 10 minutes
+  - daily maintenance script every day at 05:30

-### Install Debian Linux on the Mini-PC
+The script is known to work without adjustments with

-Download the stable Debian at https://www.debian.org/  
-(Debian 8 is no longer supported.)
+ Hardware
+  - Mini-PC with Debian 10 (stretch), or
+  - Rapberry 3 with Raspbian, Debian 10
+  - Rapberry 4 with Raspbian, Debian 10
+ DynDNS
+  - selfHOST.de
+  - freedns.afraid.org

-Create bootable USB drive with Debian on it.You could use
-
- unetbootin, https://en.wikipedia.org/wiki/UNetbootin
- or simply the linux command "dd"
-
-Example for command dd...
-
-    su -
-    dd if=2017-11-29-raspbian-stretch.img of=/dev/mmcblk0
-
-Do not forget to unmount the SD card before and check if unmounted like in this example...
-
-    su -
-    umount /dev/mmcblk0*
-    df -h
+The script can install [Hubzilla](https://zotlabs.org/page/hubzilla/hubzilla-project), [Zap](https://zotlabs.com/zap/) and [Mistpark 2020, aka "Misty"](https://zotlabs.com/misty/). Make sure to use the correct GIT repositories.  


-Switch off your mini pc, plug in your USB drive and start the mini pc from the
-stick. Install Debian. Follow the instructions of the installation.
+# Step-by-Step - some Details

-### Configure your Router
+## Preparations

-Open the ports 80 and 443 on your router for your Debian
+## Configure your Router
+
+Your webserver has to be visible in the internet.  
+
+Open the ports 80 and 443 on your router for your Debian. Make sure your web server is marked as "exposed host".

 ## Preparations Dynamic IP Address

-Your Hubzilla must be reachable by a domain that you can type in your browser
+Follow the instructions in .homeinstall/zotserver-config.txt.  
+
+In short...  
+
+Your Hubzilla server must be reachable by a domain that you can type in your browser

    cooldomain.org

@@ -132,99 +122,13 @@ There are two ways to get a domain...

 ...for example buy at selfHOST.de  

-The cost are around 10,- € once and 1,50 € per month (2017).
+The cost is 1,50 € per month (2019).

 ### Method 2: Register a free subdomain

 ...for example register at freedns.afraid.org

-Follow the instructions in .homeinstall/hubzilla-config.txt.  
-
-
-## Install Hubzilla on your Debian
-
-Login to your debian
-(Provided your username is "you" and the name of the mini pc is "debian". You
-could take the IP address instead of "debian")
-
-    ssh -X you@debian
-
-Change to root user
-
-    su -l
-
-Install git
-
-    apt-get install git
-
-Make the directory for apache and change diretory to it
-
-    mkdir /var/www
-    cd /var/www/
-
-Clone hubzilla from git ("git pull" will update it later)
-
-    git clone https://framagit.org/hubzilla/core html
-
-Change to the install script
-
-    cd html/.homeinstall/
-    
-Copy the template file
-    
-    cp hubzilla-config.txt.template hubzilla-config.txt
-
-Modify the file "hubzilla-config.txt". Read the instructions there carefully and enter your values.
-
-    nano hubzilla-config.txt
-
-Make sure your external drive (for backups) is plugged in and can be mounted as configured in "hubzilla-config.txt". Otherwise the daily backups will not work.
-
-Run the script
-
-     ./hubzilla-setup.sh
-
-Wait... The script should not finish with an error message.
-
-In a webbrowser open your domain.
-Expected: A test page of hubzilla is shown. All checks there should be
-successfull. Go on...
-Expected: A page for the Hubzilla server configuration shows up.
-
-Leave db server name "127.0.0.1" and port "0" untouched.
-
-Enter
-
- DB user name = hubzilla
- DB pass word = This is the password you entered in "hubzilla-config.txt"
- DB name = hubzilla
-
-Leave db type "MySQL" untouched.
-
-Follow the instructions in the next pages.
-
-Recommended: Set path to imagemagick
-
- in admin settings of hubzilla or 
- via terminal
-
-    util/config system.imagick_convert_path /usr/bin/convert
-
-After the daily script was executed at 05:30 (am)
-
- look at /var/www/html/hubzilla-daily.log
- check your backup on the external drive
- optionally view the daily log under yourdomain.org/admin/logs/
-  - set the logfile to var/www/html/hubzilla-daily.log
-
-## Note for the Rasperry 
-
-The script was tested with an Raspberry 3 under Raspian (Debian 9.3, 2017-11-29-raspbian-stretch.img).
-
-It is recommended to deinstall these programms to avoid endless updates. Use...
-
-    sudo apt-get purge wolfram-engine sonic-pi
-    sudo apt-get autoremove
+## Note on Rasperry 

 It is recommended to run the Raspi without graphical frontend (X-Server). Use...

@@ -234,12 +138,6 @@ to boot the Rapsi to the client console.

 DO NOT FORGET TO CHANGE THE DEFAULT PASSWORD FOR USER PI!

-On a Raspian Stretch (Debian 9) the validation of the mail address fails for the very first user.
-This used to happen on some *bsd distros but there was some work to fix that a year ago (2017).
-
-So if your system isn't registered in DNS or DNS isn't active do
-
-    cd /var/www/html
-    util/config system.do_not_check_dns 1
-
+## Reminder for Different Web Wervers

+For those of you who feel adventurous enough to use a different web server (i.e. Lighttpd...), don't forget that this script will install Apache or Nginx and that you can only have one web server listening to ports 80 & 443. Also, don't forget to tweak your daily shell script in /var/www/ accordingly.
--- a/.homeinstall/hubzilla-config.txt.template
+++ b/.homeinstall/hubzilla-config.txt.template
@@ -1,158 +0,0 @@
-###############################################
-### MANDATORY - database password #############
-#
-# Please give your database password
-#   Example: db_pass=pass_word_with_no_blanks_in_it
-#   Example: db_pass="this password has blanks in it"
-db_pass=
-
-###############################################
-### MANDATORY - let's encrypt #################
-#
-# Hubilla requires encrypted communication via secure HTTP (HTTPS).
-# This script automates installation of an SSL certificate from
-# Let's Encrypt (https://letsencrypt.org)
-#
-# Please give the domain name of your hub
-#
-#     Example: my.cooldomain.org
-#     Example: cooldomain.org
-#
-# Email is optional
-#
-#
-le_domain=
-le_email=
-
-###############################################
-### OPTIONAL - selfHOST - dynamic IP address ##
-#
-# 1. Register a domain at selfhost.de
-#    - choose offer "DOMAIN dynamisch" 1,50€/mon at 08.01.2016
-# 2. Get your configuration for dynamic IP update
-#    - Log in at selfhost.de
-#    - go to "DynDNS Accounte"
-#    - klick "Details" of your (freshly) registered domain
-#    - You will find the configuration there
-#      - Benutzername (user name) > use this for "selfhost_user="
-#      - Passwort (pass word) > use this for "selfhost_pass="
-#
-#
-selfhost_user=
-selfhost_pass=
-
-###############################################
-### OPTIONAL - FreeDNS - dynamic IP address ###
-#
-# Please give the alpha-numeric-key of freedns
-#
-# Get a free subdomain from freedns and use it for your dynamic ip address
-# Documentation under http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html
-#
-# - Register for a Free domain at http://freedns.afraid.org/signup/
-# - WATCH THIS: Make sure you choose a domain with as less subdomains as
-#   possible. Why? Let's encrpyt issues a limited count of certificates each
-#   day. Possible other users of this domain will try to issue a certificate
-#   at the same day.
-# - Logon to FreeDNS (where you just registered)
-# - Goto http://freedns.afraid.org/dynamic/
-# - Right click on "Direct Link" and copy the URL and paste it somewhere.
-# - You should notice a large and unique alpha-numeric key in the URL
-#
-#       http://freedns.afraid.org/dynamic/update.php?alpha-numeric-key
-#
-#   Provided your url from freedns is
-#
-#	http://freedns.afraid.org/dynamic/update.php?U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
-#
-#   Then you have to provide
-#
-#       freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
-#
-#
-freedns_key=
-
-
-###############################################
-### OPTIONAL - Backup to external device ######
-#
-# The script can use an external device for the daily backup.
-# The file system of the device (USB stick for example) must be compatible with
-#
-# - encrypted LUKS + ext4, or
-# - ext4
-#
-# You should test to mount the device befor you run the script
-# (hubzilla-setup.sh).
-# How to find your (pluged-in) devices?
-#
-#     fdisk -l
-#
-# Provided your device was listed as is /dev/sdb1. You could check with:
-#
-#     blkid | grep /dev/sdb1
-#
-# Try to decrypt
-# (You might install cryptsetup befor using apt-get install.
-#
-#     apt-get install cryptsetup
-#     cryptsetup luksOpen /dev/sdb1 cryptobackup
-#
-# Try to mount
-# You might create the directory /media/hubzilla_backup it it does not exist
-# using mkdir.
-#
-#     mkdir /media/hubzilla_backup
-#     mount /dev/mapper/cryptobackup /media/hubzilla_backup
-# 
-# Unmounting device goes like this
-# 
-#     umount /media/hubzilla_backup
-#     cryptsetup luksClose cryptobackup
-#
-# To check if still mounted
-#
-#     lsof /media/hubzilla_backup
-#
-# If you leave the following parameters
-#
-# - "backup_device_name" and
-# - "backup_device_pass"
-#
-# empty the script will create daily backups on the internal disk (which could
-# save you as well).
-#
-#   Example: backup_device_name=/dev/sdc1
-#
-# Leave "backup_device_pass=" empty if the external device is not encrypted.
-#
-backup_device_name=
-backup_device_pass=
-
-
-###############################################
-### OPTIONAL - do not mess with things below ##
-#              (...if you are not certain)
-#
-# Usually you are done here
-# Everything below is OPTIONAL
-#
-###############################################
-#
-# Database for hubzilla
-hubzilla_db_name=hubzilla
-hubzilla_db_user=hubzilla
-hubzilla_db_pass=$db_pass
-# 
-#
-# Password for package mysql-server
-#   Example: mysqlpass=aberhallo
-#   Example: mysqlpass="aber hallo has blanks in it"
-#
-mysqlpass=$db_pass
-
-# Password for package phpmyadmin
-#   Example: phpmyadminpass=aberhallo
-#   Example: phpmyadminpass="aber hallo has blanks in it"
-phpmyadminpass=$db_pass
-
--- a/.homeinstall/hubzilla-setup.sh
+++ b/.homeinstall/hubzilla-setup.sh
@@ -1,830 +0,0 @@
-#!/bin/bash
-#
-# How to use
-# ----------
-# 
-# This file automates the installation of hubzilla under Debian Linux
-#
-# 1) Copy the file "hubzilla-config.txt.template" to "hubzilla-config.txt"
-#       Follow the instuctions there
-# 
-# 2) Switch to user "root" by typing "su -"
-# 
-# 3) Run with "./hubzilla-setup.sh"
-#       If this fails check if you can execute the script.
-#       - To make it executable type "chmod +x hubzilla-setup.sh"
-#       - or run "bash hubzilla-setup.sh"
-# 
-# 
-# What does this script do basically?
-# -----------------------------------
-# 
-# This file automates the installation of hubzilla under Debian Linux
-# - install
-#        * apache webserer, 
-#        * php,  
-#        * mysql - the database for hubzilla,  
-#        * phpmyadmin,  
-#        * git to download and update hubzilla itself
-# - download hubzilla core and addons
-# - configure cron
-#        * "poller.php" for regular background prozesses of hubzilla
-#        * to_do "apt-get update" and "apt-get dist-upgrade" to keep linux
-#          up-to-date
-#        * to_do backup hubzillas database and files (rsnapshot)
-# - configure dynamic ip with cron
-# - to_do letsencrypt
-# - to_do redirection to https
-# 
-# 
-# Discussion
-# ----------
-# 
-# Security - password  is the same for mysql-server, phpmyadmin and hubzilla db
-# - The script runs into installation errors for phpmyadmin if it uses
-#   different passwords. For the sake of simplicity one singel password.
-# 
-# Security - suhosin for PHP
-# - The script does not install suhosin.
-# - Is the security package suhosin usefull or not usefull?
-#
-# Hubzilla - email verification
-# - The script switches off email verification off in all htconfig.tpl.
-#   Example: /var/www/html/view/en/htconfig.tpl
-# - Is this a silly idea or not?
-#
-# 
-# Remove Hubzilla (for a fresh start using the script)
-# ----------------------------------------------------
-#
-# You could use /var/www/hubzilla-remove.sh
-# that is created by hubzilla-setup.sh.
-#
-# The script will remove (almost everything) what was installed by the script.
-# After the removal you could run the script again to have a fresh install
-# of all applications including hubzilla and its database.
-# 
-# How to restore from backup
-# --------------------------
-#
-# Daily backup
-# - - - - - - 
-# 
-# The installation
-# - writes a script /var/www/hubzilla-daily.sh
-# - creates a daily cron that runs the hubzilla-daily.sh
-#
-# hubzilla-daily.sh makes a (daily) backup of all relevant files
-# - /var/lib/mysql/ > hubzilla database
-# - /var/www/html/ > hubzilla from github
-# - /var/www/letsencrypt/ > certificates
-# 
-# hubzilla-daily.sh writes the backup
-# - either to an external disk compatible to LUKS+ext4 (see hubzilla-config.txt)
-# - or to /var/cache/rsnapshot in case the external disk is not plugged in
-# 
-# Restore backup
-# - - - - - - - 
-# 
-# This was not tested yet.
-# Bacically you can copy the files from the backup to the server.
-# 
-# Credits
-# -------
-#
-# The script is based on Thomas Willinghams script "debian-setup.sh"
-# which he used to install the red#matrix.
-#
-# The script uses another script from https://github.com/lukas2511/letsencrypt.sh
-#
-# The documentation for bash is here
-# https://www.gnu.org/software/bash/manual/bash.html
-#
-function check_sanity {
-    # Do some sanity checking.
-    print_info "Sanity check..."
-    if [ $(/usr/bin/id -u) != "0" ]
-    then
-        die 'Must be run by root user'
-    fi
-
-    if [ -f /etc/lsb-release ]
-    then
-        die "Distribution is not supported"
-    fi
-    if [ ! -f /etc/debian_version ]
-    then
-        die "Debian is supported only"
-    fi
-    if ! grep -q 'Linux 9' /etc/issue
-    then
-        die "Linux 9 (stretch) is supported only"x
-    fi
-}
-
-function check_config {
-    print_info "config check..."
-    # Check for required parameters
-    if [ -z "$db_pass" ]
-    then
-        die "db_pass not set in $configfile"
-    fi     
-    if [ -z "$le_domain" ]
-    then
-        die "le_domain not set in $configfile"
-    fi   
-    # backup is important and should be checked
-	if [ -n "$backup_device_name" ]
-	then
-            if [ ! -d "$backup_mount_point" ]
-            then
-                mkdir "$backup_mount_point"
-	    fi
-            device_mounted=0
-		if fdisk -l | grep -i "$backup_device_name.*linux"
-		then
-		    print_info "ok - filesystem of external device is linux"
-	        if [ -n "$backup_device_pass" ]
-	        then
-	            echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
-	            if mount /dev/mapper/cryptobackup /media/hubzilla_backup
-	            then
-                    device_mounted=1
-	                print_info "ok - could encrypt and mount external backup device"
-                	umount /media/hubzilla_backup
-	            else
-            		print_warn "backup to external device will fail because encryption failed"
-	            fi
-                cryptsetup luksClose cryptobackup
-            else
-	            if mount $backup_device_name /media/hubzilla_backup
-	            then
-                    device_mounted=1
-	                print_info "ok - could mount external backup device"
-                	umount /media/hubzilla_backup
-	            else
-            		print_warn "backup to external device will fail because mount failed"
-	            fi
-            fi
-		else
-        	print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
-		fi
-        if [ $device_mounted == 0 ]
-        then
-            die "backup device not ready"
-        fi
-	fi
-}
-
-function die {
-    echo "ERROR: $1" > /dev/null 1>&2
-    exit 1
-}
-
-
-function update_upgrade {
-    print_info "updated and upgrade..."
-    # Run through the apt-get update/upgrade first. This should be done before
-    # we try to install any package
-    apt-get -q -y update && apt-get -q -y dist-upgrade
-    print_info "updated and upgraded linux"
-}
-
-function check_install {
-    if [ -z "`which "$1" 2>/dev/null`" ]
-    then
-        # export DEBIAN_FRONTEND=noninteractive ... answers from the package
-        # configuration database
-        # - q ... without progress information
-        # - y ... answer interactive questions with "yes"
-        # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
-        DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2
-        print_info "installed $2 installed for $1"
-    else
-        print_warn "$2 already installed"
-    fi
-}
-
-function nocheck_install {
-    # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
-    # - q ... without progress information
-    # - y ... answer interactive questions with "yes"
-    # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
-    # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
-    DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
-    print_info "installed $1"
-}
-
-
-function print_info {
-    echo -n -e '\e[1;34m'
-    echo -n $1
-    echo -e '\e[0m'
-}
-
-function print_warn {
-    echo -n -e '\e[1;31m'
-    echo -n $1
-    echo -e '\e[0m'
-}
-
-function stop_hubzilla {
-    if [ -d /etc/apache2 ]
-    then
-        print_info "stopping apache webserver..."
-        service apache2 stop
-    fi
-    if [ -f /etc/init.d/mysql ]
-    then
-        print_info "stopping mysql db..."
-        /etc/init.d/mysql stop
-    fi
-}
-
-function install_apache {
-    print_info "installing apache..."
-    nocheck_install "apache2 apache2-utils"
-}
-
-function install_imagemagick {
-    print_info "installing imagemagick..."
-    nocheck_install "imagemagick"
-}
-
-function install_curl {
-    print_info "installing curl..."
-    nocheck_install "curl"
-}
-
-function install_sendmail {
-    print_info "installing sendmail..."
-    nocheck_install "sendmail sendmail-bin"
-}
-
-function install_php {
-    # openssl and mbstring are included in libapache2-mod-php
-    print_info "installing php..."
-    nocheck_install "libapache2-mod-php php php-pear php-curl php-mcrypt php-gd"
-    sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.0/apache2/php.ini
-    sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.0/apache2/php.ini
-}
-
-function install_mysql {
-    # http://www.microhowto.info/howto/perform_an_unattended_installation_of_a_debian_package.html
-    # 
-    # To determine the required package name, key and type you can perform
-    # a trial installation then search the configuration database.
-    # 
-    #     debconf-get-selections | grep mysql-server
-    #
-    # The command debconf-get-selections is provided by the package
-    # debconf-utils, which you may need to install.
-    #
-    #    apt-get install debconf-utils
-    #
-    # If you want to supply an answer to a configuration question but do not 
-    # want to be prompted for it then this can be arranged by preseeding the
-    # DebConf database with the required information.
-    #
-    #     echo mysql-server mysql-server/root_password password xyzzy | debconf-set-selections
-    #     echo mysql-server mysql-server/root_password_again password xyzzy | debconf-set-selections
-    #
-    print_info "installing mysql..."
-    if [ -z "$mysqlpass" ]
-    then
-        die "mysqlpass not set in $configfile"
-    fi
-    echo mysql-server mysql-server/root_password password $mysqlpass | debconf-set-selections
-    echo mysql-server mysql-server/root_password_again password $mysqlpass | debconf-set-selections
-    nocheck_install "php-mysql mysql-server mysql-client"
-}
-
-function install_phpmyadmin {
-    print_info "installing phpmyadmin..."
-    if [ -z "$phpmyadminpass" ]
-    then
-        die "phpmyadminpass not set in $configfile"
-    fi
-    echo phpmyadmin    phpmyadmin/setup-password password $phpmyadminpass | debconf-set-selections
-    echo phpmyadmin    phpmyadmin/mysql/app-pass password $phpmyadminpass | debconf-set-selections
-    echo phpmyadmin    phpmyadmin/app-password-confirm password $phpmyadminpass | debconf-set-selections
-    echo phpmyadmin    phpmyadmin/mysql/admin-pass    password $phpmyadminpass | debconf-set-selections
-    echo phpmyadmin    phpmyadmin/password-confirm    password $phpmyadminpass | debconf-set-selections
-    echo phpmyadmin    phpmyadmin/reconfigure-webserver multiselect apache2 | debconf-set-selections
-    nocheck_install "phpmyadmin"
-
-    # It seems to be not neccessary to check rewrite.load because it comes
-    # with the installation. To be sure you could check this manually by:
-    #
-    #    nano /etc/apache2/mods-available/rewrite.load
-    #
-    # You should find the content:
-    #
-    #    LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so
-
-    a2enmod rewrite
-    if [ ! -f /etc/apache2/apache2.conf ]
-    then
-        die "could not find file /etc/apache2/apache2.conf"
-    fi
-    sed -i \
-        "s/AllowOverride None/AllowOverride all/" \
-        /etc/apache2/apache2.conf
-    if [ -z "`grep 'Include /etc/phpmyadmin/apache.conf' /etc/apache2/apache2.conf`" ]
-    then
-        echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
-    fi
-    service apache2 restart
-    /etc/init.d/mysql start
-}
-
-function create_hubzilla_db {
-    print_info "creating hubzilla database..." 
-    if [ -z "$hubzilla_db_name" ]
-    then
-        die "hubzilla_db_name not set in $configfile"
-    fi     
-    if [ -z "$hubzilla_db_user" ]
-    then
-        die "hubzilla_db_user not set in $configfile"
-    fi     
-    if [ -z "$hubzilla_db_pass" ]
-    then
-        die "hubzilla_db_pass not set in $configfile"
-    fi
-    Q1="CREATE DATABASE IF NOT EXISTS $hubzilla_db_name;"
-    Q2="GRANT USAGE ON *.* TO $hubzilla_db_user@localhost IDENTIFIED BY '$hubzilla_db_pass';"
-    Q3="GRANT ALL PRIVILEGES ON $hubzilla_db_name.* to $hubzilla_db_user@localhost identified by '$hubzilla_db_pass';"
-    Q4="FLUSH PRIVILEGES;"
-    SQL="${Q1}${Q2}${Q3}${Q4}"     
-    mysql -uroot -p$phpmyadminpass -e "$SQL"
-}
-
-function run_freedns {
-    print_info "run freedns (dynamic IP)..."
-    if [ -z "$freedns_key" ]
-    then
-        print_info "freedns was not started because 'freedns_key' is empty in $configfile"
-    else
-        if [ -n "$selfhost_user" ]
-        then
-            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
-        fi
-        wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key       
-    fi
-}
-
-function install_run_selfhost {
-    print_info "install and start selfhost (dynamic IP)..."
-    if [ -z "$selfhost_user" ]
-    then
-        print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
-    else
-        if [ -n "$freedns_key" ]
-        then
-            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
-        fi
-        if [ -z "$selfhost_pass" ]
-        then
-            die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
-        fi
-        if [ ! -d $selfhostdir ]
-        then
-            mkdir $selfhostdir
-        fi
-        # the old way
-        # https://carol.selfhost.de/update?username=123456&password=supersafe
-        #
-        # the prefered way
-        wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
-        echo "router" > $selfhostdir/device
-        echo "$selfhost_user" > $selfhostdir/user
-        echo "$selfhost_pass" > $selfhostdir/pass
-        bash $selfhostdir/$selfhostscript update
-    fi
-}
-
-function ping_domain {
-    print_info "ping domain $domain..."
-    # Is the domain resolved? Try to ping 6 times à 10 seconds 
-    COUNTER=0    
-    for i in {1..6}
-    do
-        print_info "loop $i for ping -c 1 $domain ..."     
-        if ping -c 4 -W 1 $le_domain    
-        then
-            print_info "$le_domain resolved"
-            break
-        else 
-            if [ $i -gt 5 ]
-            then
-                die "Failed to: ping -c 1 $domain not resolved"
-            fi            
-        fi 
-        sleep 10
-    done
-    sleep 5
-}
-
-function configure_cron_freedns {
-    print_info "configure cron for freedns..."
-    if [ -z "$freedns_key" ]
-    then
-        print_info "freedns is not configured because freedns_key is empty in $configfile"
-    else
-        # Use cron for dynamich ip update
-        #   - at reboot
-        #   - every 30 minutes
-        if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
-        then
-            echo "@reboot root https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
-            echo "*/30 * * * * root wget --no-check-certificate -O - https://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
-        else
-            print_info "cron for freedns was configured already"
-        fi       
-    fi
-}
-
-function configure_cron_selfhost {
-    print_info "configure cron for selfhost..."
-    if [ -z "$selfhost_user" ]
-    then
-        print_info "freedns is not configured because freedns_key is empty in $configfile"
-    else
-        # Use cron for dynamich ip update
-        #   - at reboot
-        #   - every 30 minutes
-        if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
-        then
-            echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
-            echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
-        else
-            print_info "cron for selfhost was configured already"
-        fi        
-    fi
-}
-
-function install_letsencrypt {
-    print_info "installing let's encrypt ..."
-    # check if user gave domain
-    if [ -z "$le_domain" ]
-    then
-        die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
-    fi
-    # configure apache
-    apache_le_conf=/etc/apache2/sites-available/le-default.conf    
-    if [ -f $apache_le_conf ]
-    then
-        print_info "$apache_le_conf exist already"
-    else
-        cat > $apache_le_conf <<END
-# letsencrypt default Apache configuration
-Alias /.well-known/acme-challenge /var/www/letsencrypt
-
-<Directory /var/www/letsencrypt>
-    Options FollowSymLinks
-	Allow from all
-</Directory>
-END
-        a2ensite le-default.conf
-        service apache2 restart
-    fi
-    # download the shell script
-    if [ -d $le_dir ]
-    then
-        print_info "letsenrypt exists already (nothing downloaded > no certificate created and registered)"
-        return 0
-    fi
-    git clone https://github.com/lukas2511/dehydrated $le_dir
-    cd $le_dir
-    # create config file for letsencrypt.sh
-    echo "WELLKNOWN=$le_dir" > $le_dir/config.sh
-    if [ -n "$le_email" ]
-    then
-        echo "CONTACT_EMAIL=$le_email" >> $le_dir/config.sh
-    fi
-    # create domain file for letsencrypt.sh
-    # WATCH THIS:
-    #    - It did not work wit "sub.domain.org www.sub.domain.org".
-    #    - So just use "sub.domain.org" only!
-    echo "$le_domain" > $le_dir/domains.txt
-    # test apache config for letsencrpyt
-    url_http=http://$le_domain/.well-known/acme-challenge/domains.txt
-    wget_output=$(wget -nv --spider --max-redirect 0 $url_http)
-    if [ $? -ne 0 ]
-    then
-        die "Failed to load $url_http"
-    fi
-    # accept terms of service of letsencrypt
-    ./dehydrated --register --accept-terms
-    # run script dehydrated
-    # 
-    ./dehydrated --cron --config $le_dir/config.sh
-}
-
-function configure_apache_for_https {
-    print_info "configuring apache to use httpS ..."
-    # letsencrypt.sh
-    #
-    #   "${BASEDIR}/certs/${domain}/privkey.pem"
-    #   "${BASEDIR}/certs/${domain}/cert.pem"
-    #   "${BASEDIR}/certs/${domain}/fullchain.pem"
-    #
-    SSLCertificateFile=${le_dir}/certs/${le_domain}/cert.pem
-    SSLCertificateKeyFile=${le_dir}/certs/${le_domain}/privkey.pem
-    SSLCertificateChainFile=${le_dir}/certs/${le_domain}/fullchain.pem
-    if [ ! -f $SSLCertificateFile ]
-    then
-        print_warn "Failed to configure apache for httpS: Missing certificate file $SSLCertificateFile" 
-        return 0  
-    fi
-    # make sure that the ssl mode is enabled
-    print_info "...configuring apache to use httpS - a2enmod ssl ..."
-    a2enmod ssl
-    # modify apach' ssl conf file 
-    if grep -i "ServerName" $sslconf
-    then
-        print_info "seems that apache was already configered to use httpS with $sslconf"
-    else
-        sed -i "s/ServerAdmin.*$/ServerAdmin webmaster@localhost\\n        ServerName ${le_domain}/" $sslconf 
-    fi     
-    sed -i s#/etc/ssl/certs/ssl-cert-snakeoil.pem#$SSLCertificateFile# $sslconf 
-    sed -i s#/etc/ssl/private/ssl-cert-snakeoil.key#$SSLCertificateKeyFile# $sslconf 
-    sed -i s#/etc/apache2/ssl.crt/server-ca.crt#$SSLCertificateChainFile# $sslconf 
-    sed -i s/#SSLCertificateChainFile/SSLCertificateChainFile/ $sslconf 
-    # apply changes
-    a2ensite default-ssl.conf
-    service apache2 restart
-}
-
-function check_https {
-    print_info "checking httpS > testing ..."
-    url_https=https://$le_domain
-    wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
-    if [ $? -ne 0 ]
-    then
-        print_warn "check not ok"
-    else
-        print_info "check ok"
-    fi
-}
-
-function install_hubzilla {
-    print_info "installing hubzilla addons..."
-    cd /var/www/html/
-    util/add_addon_repo https://framagit.org/hubzilla/addons.git hzaddons
-    mkdir -p "store/[data]/smarty3"
-    chmod -R 777 store
-    touch .htconfig.php
-    chmod ou+w .htconfig.php
-    cd /var/www/
-    chown -R www-data:www-data html
-	chown root:www-data /var/www/html/
-	chown root:www-data /var/www/html/.htaccess
-	chmod 0644 /var/www/html/.htaccess
-    # try to switch off email registration
-    sed -i "s/verify_email.*1/verify_email'] = 0/" /var/www/html/view/*/ht*
-    if [ -n "`grep -r 'verify_email.*1' /var/www/html/view/`" ]
-    then
-        print_warn "Hubzillas registration prozess might have email verification switched on."
-    fi
-    print_info "installed hubzilla"
-}
-
-function rewrite_to_https {
-    print_info "configuring apache to redirect http to httpS ..."
-    htaccessfile=/var/www/html/.htaccess
-    if grep -i "https" $htaccessfile
-    then
-        print_info "...configuring apache to redirect http to httpS was already done in $htaccessfile"
-    else
-        sed -i "s#QSA]#QSA]\\n  RewriteCond %{SERVER_PORT} !^443$\\n  RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]#" $htaccessfile 
-    fi     
-    service apache2 restart
-}
-
-# This will allways overwrite both config files
-#   - internal disk
-#   - external disk (LUKS + ext4)
-#  of rsnapshot for hubzilla
-function install_rsnapshot {
-    print_info "installing rsnapshot..."
-    nocheck_install "rsnapshot"
-    # internal disk
-    cp -f /etc/rsnapshot.conf $snapshotconfig
-    sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig
-    sed -i "s/^backup/#backup/" $snapshotconfig
-	echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig
-	echo "backup	/var/www/html/	localhost/" >> $snapshotconfig
-	echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig
-	# external disk
-	if [ -n "$backup_device_name" ]
-	then
-		cp -f /etc/rsnapshot.conf $snapshotconfig_external_device   
-		sed -i "s#snapshot_root.*#snapshot_root	$backup_mount_point#" $snapshotconfig_external_device
-		sed -i "/alpha/s/6/30/" $snapshotconfig_external_device 
-		sed -i "s/^cmd_cp/#cmd_cp/" $snapshotconfig_external_device
-		sed -i "s/^backup/#backup/" $snapshotconfig_external_device
-		if [ -z "`grep 'letsencrypt' $snapshotconfig_external_device`" ]
-		then
-			echo "backup	/var/lib/mysql/	localhost/" >> $snapshotconfig_external_device
-			echo "backup	/var/www/html/	localhost/" >> $snapshotconfig_external_device
-			echo "backup	/var/www/letsencrypt/	localhost/" >> $snapshotconfig_external_device
-		fi
-    else
-        print_info "No backup configuration (rsnapshot) for external device configured. Reason: backup_device_name and/or backup_device_pass not given in $configfile"
-	fi
-}
-
-function install_cryptosetup {
-    print_info "installing cryptsetup..."
-    nocheck_install "cryptsetup"
-}
-
-function configure_cron_daily {
-    print_info "configuring cron..."
-    # every 10 min for poller.php
-    if [ -z "`grep 'poller.php' /etc/crontab`" ]
-    then
-        echo "*/10 * * * * www-data cd /var/www/html; php Zotlabs/Daemon/Master.php Cron >> /dev/null 2>&1" >> /etc/crontab
-    fi
-    # Run external script daily at 05:30
-    # - stop apache and mysql-server
-    # - backup hubzilla
-    # - update hubzilla core and addon
-    # - update and upgrade linux
-    # - reboot
-echo "#!/bin/sh" > /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"+++ \$(date) +++\"" >> /var/www/$hubzilladaily
-echo "echo \" \"" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$hubzilladaily
-echo "bash $le_dir/dehydrated --cron --config $le_dir/config.sh" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "# stop hubzilla" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - stoping apache and mysql...\"" >> /var/www/$hubzilladaily
-echo "service apache2 stop" >> /var/www/$hubzilladaily
-echo "/etc/init.d/mysql stop # to avoid inconsistancies" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "# backup" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$hubzilladaily
-echo "backup_device_name=$backup_device_name" >> /var/www/$hubzilladaily
-echo "backup_device_pass=$backup_device_pass" >> /var/www/$hubzilladaily
-echo "backup_mount_point=$backup_mount_point" >> /var/www/$hubzilladaily
-echo "device_mounted=0" >> /var/www/$hubzilladaily
-echo "if [ -n \"$backup_device_name\" ]" >> /var/www/$hubzilladaily
-echo "then" >> /var/www/$hubzilladaily
-echo "    if blkid | grep $backup_device_name" >> /var/www/$hubzilladaily
-echo "    then" >> /var/www/$hubzilladaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        echo \"decrypting backup device...\"" >> /var/www/$hubzilladaily
-echo "        echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$hubzilladaily
-    fi
-echo "        if [ ! -d $backup_mount_point ]" >> /var/www/$hubzilladaily
-echo "        then" >> /var/www/$hubzilladaily
-echo "            mkdir $backup_mount_point" >> /var/www/$hubzilladaily
-echo "        fi" >> /var/www/$hubzilladaily
-echo "        echo \"mounting backup device...\"" >> /var/www/$hubzilladaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$hubzilladaily
-	else
-echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$hubzilladaily
-	fi
-echo "        then" >> /var/www/$hubzilladaily
-echo "            device_mounted=1" >> /var/www/$hubzilladaily
-echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$hubzilladaily
-echo "			rsnapshot -c $snapshotconfig_external_device alpha" >> /var/www/$hubzilladaily
-echo "			echo \"\$(date) - disk sizes...\"" >> /var/www/$hubzilladaily
-echo "			df -h" >> /var/www/$hubzilladaily
-echo "			echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo "			du -h $backup_mount_point | grep mysql/hubzilla" >> /var/www/$hubzilladaily
-echo "            echo \"unmounting backup device...\"" >> /var/www/$hubzilladaily
-echo "            umount $backup_mount_point" >> /var/www/$hubzilladaily
-echo "        else" >> /var/www/$hubzilladaily
-echo "            echo \"failed to mount device $backup_device_name\"" >> /var/www/$hubzilladaily
-echo "        fi" >> /var/www/$hubzilladaily
-	if [ -n "$backup_device_pass" ]
-	then
-echo "        echo \"closing decrypted backup device...\"" >> /var/www/$hubzilladaily
-echo "        cryptsetup luksClose cryptobackup" >> /var/www/$hubzilladaily
-	fi
-echo "    fi" >> /var/www/$hubzilladaily
-echo "fi" >> /var/www/$hubzilladaily
-echo "if [ \$device_mounted == 0 ]" >> /var/www/$hubzilladaily
-echo "then" >> /var/www/$hubzilladaily
-echo "    echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$hubzilladaily
-echo "fi" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - db size...\"" >> /var/www/$hubzilladaily
-echo "du -h /var/lib/mysql/ | grep mysql/hubzilla" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "# update" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating dehydrated...\"" >> /var/www/$hubzilladaily
-echo "git -C /var/www/letsencrypt/ pull" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating hubhilla core...\"" >> /var/www/$hubzilladaily
-echo "(cd /var/www/html/ ; util/udall)" >> /var/www/$hubzilladaily
-echo "chown -R www-data:www-data /var/www/html/ # make all accessable for the webserver" >> /var/www/$hubzilladaily
-echo "chown root:www-data /var/www/html/.htaccess" >> /var/www/$hubzilladaily
-echo "chmod 0644 /var/www/html/.htaccess # www-data can read but not write it" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - updating linux...\"" >> /var/www/$hubzilladaily
-echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$hubzilladaily
-echo "echo \"\$(date) - Backup hubzilla and update linux finished. Rebooting...\"" >> /var/www/$hubzilladaily
-echo "#" >> /var/www/$hubzilladaily
-echo "reboot" >> /var/www/$hubzilladaily
-
-    if [ -z "`grep 'hubzilla-daily.sh' /etc/crontab`" ]
-    then
-        echo "30 05 * * * root /bin/bash /var/www/$hubzilladaily >> /var/www/html/hubzilla-daily.log 2>&1" >> /etc/crontab
-        echo "0 0 1 * * root rm /var/www/html/hubzilla-daily.log" >> /etc/crontab
-    fi
-
-    # This is active after either "reboot" or "/etc/init.d/cron reload"
-    print_info "configured cron for updates/upgrades"
-}
-
-function write_uninstall_script {
-    print_info "writing uninstall script..."
-
-    cat > /var/www/hubzilla-remove.sh <<END
-#!/bin/sh
-#
-# This script removes Hubzilla.
-# You might do this for a fresh start using the script.
-# The script will remove (almost everything) what was installed by the script,
-# all applications including hubzilla and its database.
-#
-# Backup the certificates of letsencrypt (you never know)
-cp -a /var/www/letsencrypt/ ~/backup_le_certificats
-#
-# Removal
-apt-get remove apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
-apt-get purge apache2 apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-curl php5-mcrypt php5-gd php5-mysql mysql-server mysql-client phpmyadmin
-apt-get autoremove
-apt-get clean
-rm /etc/rsnapshot_hubzilla.conf
-rm /etc/rsnapshot_hubzilla_external_device.conf
-rm -R /etc/apache2/
-rm -R /var/lib/mysql/
-rm -R /var/www
-rm -R /etc/selfhost/
-# uncomment the next line if you want to remove the backups
-# rm -R /var/cache/rsnapshot
-nano /etc/crontab # remove entries there manually
-END
-    chmod -x /var/www/hubzilla-remove.sh
-}
-
-########################################################################
-# START OF PROGRAM 
-########################################################################
-export PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-check_sanity
-
-# Read config file edited by user
-configfile=hubzilla-config.txt
-source $configfile
-
-selfhostdir=/etc/selfhost
-selfhostscript=selfhost-updater.sh
-hubzilladaily=hubzilla-daily.sh
-plugins_update=.homeinstall/plugins_update.sh
-snapshotconfig=/etc/rsnapshot_hubzilla.conf
-snapshotconfig_external_device=/etc/rsnapshot_hubzilla_external_device.conf
-backup_mount_point=/media/hubzilla_backup
-le_dir=/var/www/letsencrypt
-sslconf=/etc/apache2/sites-available/default-ssl.conf
-
-#set -x    # activate debugging from here
-
-check_config
-stop_hubzilla
-update_upgrade
-install_curl
-install_sendmail
-install_apache
-install_imagemagick
-install_php
-install_mysql
-install_phpmyadmin
-create_hubzilla_db
-run_freedns
-install_run_selfhost
-ping_domain
-configure_cron_freedns
-configure_cron_selfhost
-install_letsencrypt
-configure_apache_for_https
-check_https
-install_hubzilla
-rewrite_to_https
-install_rsnapshot
-configure_cron_daily
-install_cryptosetup
-write_uninstall_script
-
-#set +x    # stop debugging from here
-
--- a/.homeinstall/nginx-zotserver.conf.template
+++ b/.homeinstall/nginx-zotserver.conf.template
@@ -0,0 +1,144 @@
+##
+# Hubzilla/Zap/Mistpark/Osada Nginx block configuration template
+# based on the example created by Olaf Conradi
+#
+# The files generated with this template will be added to
+# /etc/nginx/sites-available & /etc/nginx/sites-enabled (symlink)
+##
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+#
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+##
+
+##
+# This configuration assumes 
+# You filled the zotserver-config.txt file
+# Your domain/subdomain is functionnal
+# You want all traffic to be https
+# You have PHP FastCGI Process Manager (php-fpm) running on localhost
+##
+
+server {
+  listen 80;
+  server_name SERVER_NAME;
+
+# HTTP > HTTPS #
+  return 301 https://$server_name$request_uri;
+}
+
+##
+# Configure Red with SSL
+#
+# All requests are routed to the front controller
+# except for certain known file types like images, css, etc.
+# Those are served statically whenever possible with a
+# fall back to the front controller (needed for avatars, for example)
+##
+
+server {
+  listen 443 ssl;
+  server_name SERVER_NAME;
+
+  ssl on;
+  ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;
+  ssl_session_timeout 5m;
+# DO WE NEED TO REVIEW THE FOLLOWING SETTINGS?
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
+  ssl_prefer_server_ciphers on;
+
+  fastcgi_param HTTPS on;
+
+  charset utf-8;
+  root INSTALL_PATH;
+  index index.php;
+  access_log /var/log/nginx/ZOTSERVER_LOG;
+
+  #Uncomment the following line to include a standard configuration file
+  #Note that the most specific rule wins and your standard configuration
+  #will therefore *add* to this file, but not override it.
+  #include standard.conf
+
+  # allow uploads up to 20MB in size
+  client_max_body_size 20m;
+  client_body_buffer_size 128k;
+
+  include mime.types;
+
+  # rewrite to front controller as default rule
+  location / {
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # make sure webfinger and other well known services aren't blocked
+  # by denying dot files and rewrite request to the front controller
+  location ^~ /.well-known/ {
+    allow all;
+    if (!-e $request_filename) {
+      rewrite ^(.*)$ /index.php?req=$1;
+    }
+  }
+
+  # statically serve these file types when possible
+  # otherwise fall back to front controller
+  # allow browser to cache them
+  # added .htm for advanced source code editor library
+  # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
+  #  expires 30d;
+  #  try_files $uri /index.php?req=$uri&$args;
+  # }
+  # SHOULD WE UNCOMMENT THE ABOVE LINES ?
+
+  # block these file types
+  location ~* \.(tpl|md|tgz|log|out)$ {
+    deny all;
+  }
+
+  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+  # or a unix socket
+  location ~* \.php$ {
+    # IS THE FOLLOWING STILL RELEVANT AS OF AUGUST 2020?
+    # Zero-day exploit defense.
+    # http://forum.nginx.org/read.php?2,88845,page=3
+    # Won't work properly (404 error) if the file is not stored on this
+    # server, which is entirely possible with php-fpm/php-fcgi.
+    # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+    # another machine.  And then cross your fingers that you won't get hacked.
+    try_files $uri =404;
+
+    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+    fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+    # With php5-cgi alone:
+    # fastcgi_pass 127.0.0.1:9000;
+
+    # With php-fpm:
+    fastcgi_pass unix:PHP_FPM_SOCK;
+
+    include fastcgi_params;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+  }
+
+  # deny access to all dot files
+  location ~ /\. {
+    deny all;
+  }
+	
+#deny access to store
+
+	location ~ /store {
+        deny  all;
+	}
+
+
+}
+
--- a/.homeinstall/zotserver-config.txt.template
+++ b/.homeinstall/zotserver-config.txt.template
@@ -0,0 +1,178 @@
+###############################################
+### MANDATORY - database password #############
+#
+# Please give your database password
+# It is better to not use blanks inside the password.
+#   Example: db_pass=pass_word_with_no_blanks_in_it
+db_pass=
+
+###############################################
+### MANDATORY - let's encrypt #################
+#
+# Zot requires encrypted communication via secure HTTP (HTTPS).
+# This script automates installation of an SSL certificate from
+# Let's Encrypt (https://letsencrypt.org)
+#
+# Please give the domain name of your hub/instance
+#
+#     Example: my.cooldomain.org
+#     Example: cooldomain.org
+#
+# You might use "localhost" for a LOCAL TEST installation.
+# This is usefull if you want to debug the server inside a VM.
+#
+#     Example: localhost
+#
+# Email is optional if you use "localhost".
+#
+#
+le_domain=
+le_email=
+
+###############################################
+### OPTIONAL - Webserver choice ###############
+#
+# Please indicate if you want to choose Nginx
+# or Apache as your web server
+#
+# Valid strings are nginx or apache (lower case),
+# any other will stop the setup script.
+# 
+webserver=apache
+
+
+###############################################
+### OPTIONAL - selfHOST - dynamic IP address ##
+#
+# 1. Register a domain at selfhost.de
+#    - choose offer "DOMAIN dynamisch" 1,50€/mon at 04/2019
+# 2. Get your configuration for dynamic IP update
+#    - Log in at selfhost.de
+#    - go to "DynDNS Accounte"
+#    - klick "Details" of your (freshly) registered domain
+#    - You will find the configuration there
+#      - Benutzername (user name) > use this for "selfhost_user="
+#      - Passwort (pass word) > use this for "selfhost_pass="
+#
+#
+selfhost_user=
+selfhost_pass=
+
+###############################################
+### OPTIONAL - FreeDNS - dynamic IP address ###
+#
+# Please give the alpha-numeric-key of freedns
+#
+# Get a free subdomain from freedns and use it for your dynamic ip address
+# Documentation under http://www.techjawab.com/2013/06/setup-dynamic-dns-dyndns-for-free-on.html
+#
+# - Register for a Free domain at http://freedns.afraid.org/signup/
+# - WATCH THIS: Make sure you choose a domain with as less subdomains as
+#   possible. Why? Let's encrpyt issues a limited count of certificates each
+#   day. Possible other users of this domain will try to issue a certificate
+#   at the same day.
+# - Logon to FreeDNS (where you just registered)
+# - Goto http://freedns.afraid.org/dynamic/
+# - Right click on "Direct Link" and copy the URL and paste it somewhere.
+# - You should notice a large and unique alpha-numeric key in the URL
+#
+#       http://freedns.afraid.org/dynamic/update.php?alpha-numeric-key
+#
+#   Provided your url from freedns is
+#
+#	http://freedns.afraid.org/dynamic/update.php?U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#   Then you have to provide
+#
+#       freedns_key=U1Z6aGt2R0NzMFNPNWRjbWxxZGpsd093OjE1Mzg5NDE5
+#
+#
+freedns_key=
+
+
+###############################################
+### OPTIONAL - Backup to external device ######
+#
+# The script can use an external device for the daily backup.
+# The file system of the device (USB stick for example) must be compatible with
+#
+# - encrypted LUKS + ext4, or
+# - ext4
+#
+# You should test to mount the device before you run the script
+# (hubzilla-setup.sh).
+# How to find your (pluged-in) devices?
+#
+#     fdisk -l
+#
+# Provided your device was listed as is /dev/sdb1. You could check with:
+#
+#     blkid | grep /dev/sdb1
+#
+# Try to decrypt
+# (You might install cryptsetup befor using apt-get install.
+#
+#     apt-get install cryptsetup
+#     cryptsetup luksOpen /dev/sdb1 cryptobackup
+#
+# Try to mount
+# You might create the directory /media/hubzilla_backup it it does not exist
+# using mkdir.
+#
+#     mkdir /media/hubzilla_backup
+#     mount /dev/mapper/cryptobackup /media/hubzilla_backup
+# 
+# Unmounting device goes like this
+# 
+#     umount /media/hubzilla_backup
+#     cryptsetup luksClose cryptobackup
+#
+# To check if still mounted
+#
+#     lsof /media/hubzilla_backup
+#
+# If you leave the following parameters
+#
+# - "backup_device_name" and
+# - "backup_device_pass"
+#
+# empty the script will create daily backups on the internal disk (which could
+# save you as well).
+#
+#   Example: backup_device_name=/dev/sdc1
+#
+# Leave "backup_device_pass=" empty if the external device is not encrypted.
+#
+backup_device_name=
+backup_device_pass=
+
+
+###############################################
+### OPTIONAL - do not mess with things below ##
+#              (...if you are not certain)
+#
+# Usually you are done here
+# Everything below is OPTIONAL
+#
+###############################################
+#
+# Database for your hub/instance
+# If left empty, both your database and user will be named after your zot instance (hubzilla, zap or misty)
+# Use custom name, at least fo the database, if you plan to run more than one hub/instance on the same server
+#
+zotserver_db_name=
+zotserver_db_user=
+zotserver_db_pass=$db_pass
+# 
+#
+# Password for package mysql-server
+#   Example: mysqlpass=aberhallo
+#   Example: mysqlpass="aber hallo has blanks in it"
+#
+mysqlpass=$db_pass
+
+# Password for package phpmyadmin
+#   Example: phpmyadminpass=aberhallo
+#   Example: phpmyadminpass="aber hallo has blanks in it"
+phpmyadminpass=$db_pass
+
--- a/.homeinstall/zotserver-setup.sh
+++ b/.homeinstall/zotserver-setup.sh
@@ -0,0 +1,793 @@
+#!/bin/bash
+#
+# How to use
+# ----------
+#
+# This file automates the installation of
+# - hubzilla: https://zotlabs.org/page/hubzilla/hubzilla-project and
+# - zap: https://zotlabs.com/zap/
+# - misty : https://zotlabs.com/misty/
+# - osada : https://codeberg.org/zot/osada
+# - redmatrix : https://codeberg.org/zot/redmatrix
+# under Debian Linux "Buster"
+#
+# 1) Copy the file "zotserver-config.txt.template" to "zotserver-config.txt"
+#       Follow the instuctions there
+#
+# 2) Switch to user "root" by typing "su -"
+#
+# 3) Run with "./zotserver-setup.sh"
+#       If this fails check if you can execute the script.
+#       - To make it executable type "chmod +x zotserver-setup.sh"
+#       - or run "bash zotserver-setup.sh"
+#
+#
+# What does this script do basically?
+# -----------------------------------
+#
+# This file automates the installation of a Zot hub/instance under Debian Linux
+# - install
+#        * apache webserver,
+#        * php,
+#        * mariadb - the database for zotserver,
+#        * adminer,
+#        * git to download and update addons
+# - configure cron
+#        * "Run.php" for regular background processes of your Zot hub/instance
+#        * "apt-get update" and "apt-get dist-upgrade" and "apt-get autoremove" to keep linux up-to-date
+#        * run command to keep the IP up-to-date > DynDNS provided by selfHOST.de or freedns.afraid.org
+#        * backup your server's database and files (rsync)
+# - run letsencrypt to create, register and use a certifacte for https
+#
+#
+# Discussion
+# ----------
+#
+# Security - password  is the same for mysql-server, phpmyadmin and your hub/instance db
+# - The script runs into installation errors for phpmyadmin if it uses
+#   different passwords. For the sake of simplicity one single password.
+#
+# How to restore from backup
+# --------------------------
+#
+# (Some explanations here would certainly be useful)
+#
+# Daily backup
+# ------------
+#
+# The installation
+# - writes a shell script in /var/www/
+# - creates a daily cron that runs this script
+#
+# The script makes a (daily) backup of all relevant files
+# - /var/lib/mysql/ > database
+# - /var/www/ > hubzilla/zap/misty from git repository
+# - /etc/letsencrypt/ > certificates
+#
+# The backup will be written on an external disk compatible to LUKS+ext4 (see zotserver-config.txt)
+#
+# How to restore from backup
+# --------------------------
+#
+# (Some explanations here would certainly be useful)
+#
+#
+# Credits
+# -------
+#
+# The script is based on Thomas Willinghams script "debian-setup.sh"
+# which he used to install the red#matrix.
+#
+# The documentation for bash is here
+# https://www.gnu.org/software/bash/manual/bash.html
+#
+function check_sanity {
+    # Do some sanity checking.
+    print_info "Sanity check..."
+    if [ $(/usr/bin/id -u) != "0" ]
+    then
+        die 'Must be run by root user'
+    fi
+
+    if [ -f /etc/lsb-release ]
+    then
+        die "Distribution is not supported"
+    fi
+    if [ ! -f /etc/debian_version ]
+    then
+        die "Debian is supported only"
+    fi
+    if ! grep -q 'Linux 10' /etc/issue
+    then
+        die "Linux 10 (buster) is supported only"x
+    fi
+}
+
+function check_config {
+    print_info "config check..."
+    # Check for required parameters
+    if [ -z "$db_pass" ]
+    then
+        die "db_pass not set in $configfile"
+    fi
+    if [ -z "$le_domain" ]
+    then
+        die "le_domain not set in $configfile"
+    fi
+    # backup is important and should be checked
+	if [ -n "$backup_device_name" ]
+	then
+		if [ ! -d "$backup_mount_point" ]
+		then
+			mkdir "$backup_mount_point"
+		fi
+		device_mounted=0
+		if fdisk -l | grep -i "$backup_device_name.*linux"
+		then
+		    print_info "ok - filesystem of external device is linux"
+	        if [ -n "$backup_device_pass" ]
+	        then
+	            echo "$backup_device_pass" | cryptsetup luksOpen $backup_device_name cryptobackup
+	            if mount /dev/mapper/cryptobackup /media/zotserver_backup
+	            then
+                    device_mounted=1
+	                print_info "ok - could encrypt and mount external backup device"
+                	umount /media/zotserver_backup
+	            else
+            		print_warn "backup to external device will fail because encryption failed"
+	            fi
+                cryptsetup luksClose cryptobackup
+            else
+	            if mount $backup_device_name /media/zotserver_backup
+	            then
+                    device_mounted=1
+	                print_info "ok - could mount external backup device"
+                	umount /media/zotserver_backup
+	            else
+            		print_warn "backup to external device will fail because mount failed"
+	            fi
+            fi
+		else
+        	print_warn "backup to external device will fail because filesystem is either not linux or 'backup_device_name' is not correct in $configfile"
+		fi
+        if [ $device_mounted == 0 ]
+        then
+            die "backup device not ready"
+        fi
+	fi
+}
+
+function die {
+    echo "ERROR: $1" > /dev/null 1>&2
+    exit 1
+}
+
+
+function update_upgrade {
+    print_info "updated and upgrade..."
+    # Run through the apt-get update/upgrade first. This should be done before
+    # we try to install any package
+    apt-get -q -y update && apt-get -q -y dist-upgrade
+    print_info "updated and upgraded linux"
+}
+
+function check_install {
+    if [ -z "`which "$1" 2>/dev/null`" ]
+    then
+        # export DEBIAN_FRONTEND=noninteractive ... answers from the package
+        # configuration database
+        # - q ... without progress information
+        # - y ... answer interactive questions with "yes"
+        # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+        DEBIAN_FRONTEND=noninteractive apt-get -q -y install $2
+        print_info "installed $2 installed for $1"
+    else
+        print_warn "$2 already installed"
+    fi
+}
+
+function nocheck_install {
+    # export DEBIAN_FRONTEND=noninteractive ... answers from the package configuration database
+    # - q ... without progress information
+    # - y ... answer interactive questions with "yes"
+    # DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends -q -y install $2
+    # DEBIAN_FRONTEND=noninteractive apt-get --install-suggests -q -y install $1
+    DEBIAN_FRONTEND=noninteractive apt-get -q -y install $1
+    print_info "installed $1"
+}
+
+
+function print_info {
+    echo -n -e '\e[1;34m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function print_warn {
+    echo -n -e '\e[1;31m'
+    echo -n $1
+    echo -e '\e[0m'
+}
+
+function stop_zotserver {
+    if [ $webserver = "nginx" ]
+    then
+        print_info "stopping nginx webserver..."
+        systemctl stop nginx
+    elif [ $webserver = "apache" ]
+    then
+        print_info "stopping apache webserver..."
+        systemctl stop apache2
+    fi
+    print_info "stopping mysql db..."
+    systemctl stop mariadb
+}
+
+function install_apache {
+    print_info "installing apache..."
+    nocheck_install "apache2 apache2-utils"
+    a2enmod rewrite
+    systemctl restart apache2
+}
+
+function install_nginx {
+    print_info "installing nginx..."
+    nocheck_install "nginx"
+    systemctl restart nginx
+}
+
+function add_vhost {
+    print_info "adding apache vhost"
+    echo "<VirtualHost *:80>" >> "/etc/apache2/sites-available/${le_domain}.conf"
+    echo "ServerName ${le_domain}" >> "/etc/apache2/sites-available/${le_domain}.conf"
+    echo "DocumentRoot $install_path" >> "/etc/apache2/sites-available/${le_domain}.conf"
+    echo "</VirtualHost>"  >> "/etc/apache2/sites-available/${le_domain}.conf"
+    a2ensite $le_domain
+}
+
+function add_nginx_block {
+    print_info "adding nginx block"
+    sed "s|SERVER_NAME|${le_domain}|g;s|INSTALL_PATH|${install_path}|g;s|ZOTSERVER_LOG|${install_folder}-${zotserver}.log|;s|PHP_FPM_SOCK|$(ls /var/run/php/*sock)|;" nginx-zotserver.conf.template >> /etc/nginx/sites-enabled/${le_domain}.conf
+    ln -s /etc/nginx/sites-enabled/${le_domain}.conf /etc/nginx/sites-available/
+}
+
+function install_imagemagick {
+    print_info "installing imagemagick..."
+    nocheck_install "imagemagick"
+}
+
+function install_curl {
+    print_info "installing curl..."
+    nocheck_install "curl"
+}
+
+function install_wget {
+    print_info "installing wget..."
+    nocheck_install "wget"
+}
+
+function install_sendmail {
+    print_info "installing sendmail..."
+    nocheck_install "sendmail sendmail-bin"
+}
+
+function install_php {
+    # openssl and mbstring are included in libapache2-mod-php
+    print_info "installing php..."
+    if [ $webserver = "nginx" ]
+    then
+        nocheck_install "php php-pear php-curl php-gd php-mbstring php-xml php-zip php-fpm"
+        sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/fpm/php.ini
+        sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/fpm/php.ini
+        systemctl reload php7.3-fpm
+    elif [ $webserver = "apache" ]
+    then
+        nocheck_install "libapache2-mod-php php php-pear php-curl php-gd php-mbstring php-xml php-zip"
+        sed -i "s/^upload_max_filesize =.*/upload_max_filesize = 100M/g" /etc/php/7.3/apache2/php.ini
+        sed -i "s/^post_max_size =.*/post_max_size = 100M/g" /etc/php/7.3/apache2/php.ini
+    fi
+}
+
+function install_mysql {
+    print_info "installing mysql..."
+    if [ -z "$mysqlpass" ]
+    then
+        die "mysqlpass not set in $configfile"
+    fi
+	if type mysql ; then
+		echo "Yes, mysql is installed"
+	else
+		echo "mariadb-server"
+		nocheck_install "mariadb-server"
+        systemctl status mariadb
+        systemctl start mariadb
+        mysql --user=root <<_EOF_
+UPDATE mysql.user SET Password=PASSWORD('${mysqlpass}') WHERE User='root';
+DELETE FROM mysql.user WHERE User='';
+DROP DATABASE IF EXISTS test;
+DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
+FLUSH PRIVILEGES;
+_EOF_
+    fi
+}
+
+function install_adminer {
+    print_info "installing adminer..."
+    nocheck_install "adminer"
+    if [ ! -f /etc/adminer/adminer.conf ]
+    then
+        echo "Alias /adminer /usr/share/adminer/adminer" > /etc/adminer/adminer.conf
+        ln -s /etc/adminer/adminer.conf /etc/apache2/conf-available/adminer.conf
+    else
+        print_info "file /etc/adminer/adminer.conf exists already"
+    fi
+
+    a2enmod rewrite
+
+    if [ ! -f /etc/apache2/apache2.conf ]
+    then
+        die "could not find file /etc/apache2/apache2.conf"
+    fi
+    sed -i \
+        "s/AllowOverride None/AllowOverride all/" \
+        /etc/apache2/apache2.conf
+
+    a2enconf adminer
+    systemctl restart mariadb
+    systemctl reload apache2
+}
+
+function create_zotserver_db {
+    print_info "creating zotserver database..."
+    if [ -z "$zotserver_db_name" ]
+    then
+        zotserver_db_name=$zotserver
+    fi
+    if [ -z "$zotserver_db_user" ]
+    then
+        zotserver_db_user=$zotserver
+    fi
+    if [ -z "$zotserver_db_pass" ]
+    then
+        die "zotserver_db_pass not set in $configfile"
+    fi
+    systemctl restart mariadb
+    # Make sure we don't write over an already existing database if we install more than one Zot hub/instance
+    if [ -z $(mysql -h localhost -u root -p$mysqlpass -e "SHOW DATABASES;" | grep $zotserver_db_name) ]
+    then
+        Q1="CREATE DATABASE IF NOT EXISTS $zotserver_db_name;"
+        Q2="GRANT USAGE ON *.* TO $zotserver_db_user@localhost IDENTIFIED BY '$zotserver_db_pass';"
+        Q3="GRANT ALL PRIVILEGES ON $zotserver_db_name.* to $zotserver_db_user@localhost identified by '$zotserver_db_pass';"
+        Q4="FLUSH PRIVILEGES;"
+        SQL="${Q1}${Q2}${Q3}${Q4}"
+        mysql -uroot -p$mysqlpass -e "$SQL"
+    else
+        die "Can't write over an already existing database!"
+    fi
+}
+
+function run_freedns {
+    print_info "run freedns (dynamic IP)..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns was not started because 'freedns_key' is empty in $configfile"
+    else
+        if [ -n "$selfhost_user" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key
+    fi
+}
+
+function install_run_selfhost {
+    print_info "install and start selfhost (dynamic IP)..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "selfHOST was not started because 'selfhost_user' is empty in $configfile"
+    else
+        if [ -n "$freedns_key" ]
+        then
+            die "You can not use freeDNS AND selfHOST for dynamic IP updates ('freedns_key' AND 'selfhost_user' set in $configfile)"
+        fi
+        if [ -z "$selfhost_pass" ]
+        then
+            die "selfHOST was not started because 'selfhost_pass' is empty in $configfile"
+        fi
+        if [ ! -d $selfhostdir ]
+        then
+            mkdir $selfhostdir
+        fi
+        # the old way
+        # https://carol.selfhost.de/update?username=123456&password=supersafe
+        #
+        # the prefered way
+        wget --output-document=$selfhostdir/$selfhostscript http://jonaspasche.de/selfhost-updater
+        echo "router" > $selfhostdir/device
+        echo "$selfhost_user" > $selfhostdir/user
+        echo "$selfhost_pass" > $selfhostdir/pass
+        bash $selfhostdir/$selfhostscript update
+    fi
+}
+
+function ping_domain {
+    print_info "ping domain $domain..."
+    # Is the domain resolved? Try to ping 6 times à 10 seconds
+    COUNTER=0
+    for i in {1..6}
+    do
+        print_info "loop $i for ping -c 1 $domain ..."
+        if ping -c 4 -W 1 $le_domain
+        then
+            print_info "$le_domain resolved"
+            break
+        else
+            if [ $i -gt 5 ]
+            then
+                die "Failed to: ping -c 1 $domain not resolved"
+            fi
+        fi
+        sleep 10
+    done
+    sleep 5
+}
+
+function configure_cron_freedns {
+    print_info "configure cron for freedns..."
+    if [ -z "$freedns_key" ]
+    then
+        print_info "freedns is not configured because freedns_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 30 minutes
+        if [ -z "`grep 'freedns.afraid.org' /etc/crontab`" ]
+        then
+            echo "@reboot root http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+            echo "*/30 * * * * root wget --no-check-certificate -O - http://freedns.afraid.org/dynamic/update.php?$freedns_key > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for freedns was configured already"
+        fi
+    fi
+}
+
+function configure_cron_selfhost {
+    print_info "configure cron for selfhost..."
+    if [ -z "$selfhost_user" ]
+    then
+        print_info "selfhost is not configured because selfhost_key is empty in $configfile"
+    else
+        # Use cron for dynamich ip update
+        #   - at reboot
+        #   - every 5 minutes
+        if [ -z "`grep 'selfhost-updater.sh' /etc/crontab`" ]
+        then
+            echo "@reboot root bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+            echo "*/5 * * * * root /bin/bash /etc/selfhost/selfhost-updater.sh update > /dev/null 2>&1" >> /etc/crontab
+        else
+            print_info "cron for selfhost was configured already"
+        fi
+    fi
+}
+
+function install_letsencrypt {
+    print_info "installing let's encrypt ..."
+    # check if user gave domain
+    if [ -z "$le_domain" ]
+    then
+        die "Failed to install let's encrypt: 'le_domain' is empty in $configfile"
+    fi
+    if [ -z "$le_email" ]
+    then
+        die "Failed to install let's encrypt: 'le_email' is empty in $configfile"
+    fi
+    if [ $webserver = "nginx" ]
+    then
+        nocheck_install "certbot"
+        print_info "run certbot..."
+        systemctl stop nginx
+        certbot certonly --standalone -d $le_domain -m $le_email --agree-tos --non-interactive
+        systemctl start nginx
+    elif [ $webserver = "apache" ]
+    then
+        nocheck_install "certbot python-certbot-apache"
+        print_info "run certbot ..."
+	certbot --apache -w $install_path -d $le_domain -m $le_email --agree-tos --non-interactive --redirect --hsts --uir
+        service apache2 restart
+    fi
+}
+
+function check_https {
+    print_info "checking httpS > testing ..."
+    url_https=https://$le_domain
+    wget_output=$(wget -nv --spider --max-redirect 0 $url_https)
+    if [ $? -ne 0 ]
+    then
+        print_warn "check not ok"
+    else
+        print_info "check ok"
+    fi
+}
+
+function zotserver_name {
+    if git remote -v | grep -i "origin.*hubzilla.*"
+    then
+        zotserver=hubzilla
+    elif git remote -v | grep -i "origin.*zap.*"
+    then
+        zotserver=zap
+    elif git remote -v | grep -i "origin.*misty.*"
+    then
+        zotserver=misty
+    elif git remote -v | grep -i "origin.*osada.*"
+    then
+        zotserver=osada
+    elif git remote -v | grep -i "origin.*redmatrix.*"
+    then
+        zotserver=redmatrix
+    else
+        die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install redmatrix/osada/misty/zap/hubzilla"
+    fi
+}
+
+function install_zotserver {
+    print_info "installing addons..."
+    cd $install_path/
+    if [ $zotserver = "hubzilla" ]
+    then
+        print_info "hubzilla"
+        util/add_addon_repo https://framagit.org/hubzilla/addons hzaddons
+    elif [ $zotserver = "zap" ]
+    then
+        print_info "zap"
+        util/add_addon_repo https://codeberg.org/zot/zap-addons.git zaddons
+    elif [ $zotserver = "misty" ]
+    then
+        print_info "misty"
+        util/add_addon_repo https://codeberg.org/zot/misty-addons.git maddons
+    elif [ $zotserver = "osada" ]
+    then
+        print_info "osada"
+        util/add_addon_repo https://codeberg.org/zot/osada-addons.git oaddons
+    elif [ $zotserver = "redmatrix" ]
+    then
+        print_info "redmatrix"
+        util/add_addon_repo https://codeberg.org/zot/redmatrix-addons.git raddons
+    else
+        die "neither redmatrix, osada, misty, zap nor hubzilla repository > did not install addons or redmatrix/osada/misty/zap/hubzilla"
+    fi
+    mkdir -p "cache/smarty3"
+    mkdir -p "store"
+    chmod -R 777 store
+    touch .htconfig.php
+    chmod ou+w .htconfig.php
+    cd /var/www/
+    chown -R www-data:www-data $install_path
+	chown root:www-data $install_path/
+	chown root:www-data $install_path/.htaccess
+	chmod 0644 $install_path/.htaccess
+    print_info "installed addons"
+}
+
+function install_rsync {
+    print_info "installing rsync..."
+    nocheck_install "rsync"
+}
+
+function install_cryptosetup {
+    print_info "installing cryptsetup..."
+    nocheck_install "cryptsetup"
+}
+
+function configure_zotserverdaily {
+    echo "#!/bin/sh" >> /var/www/$zotserverdaily
+    echo "#" >> /var/www/$zotserverdaily
+    echo "# update of $le_domain Zot hub/instance" >> /var/www/$zotserverdaily
+    echo "echo \"\$(date) - updating core and addons...\"" >> /var/www/$zotserverdaily
+    echo "echo \"reaching git repository for $le_domain $zotserver hub/instance...\"" >> /var/www/$zotserverdaily
+    echo "(cd $install_path ; util/udall)" >> /var/www/$zotserverdaily
+    echo "chown -R www-data:www-data $install_path # make all accessible for the webserver" >> /var/www/$zotserverdaily
+    if [ $webserver = "apache" ]
+    then
+        echo "chown root:www-data $install_path/.htaccess" >> /var/www/$zotserverdaily
+        echo "chmod 0644 $install_path/.htaccess # www-data can read but not write it" >> /var/www/$zotserverdaily
+    fi
+    chmod a+x /var/www/$zotserverdaily
+}
+
+function configure_cron_daily {
+    print_info "configuring cron..."
+    # every 10 min for poller.php
+    if [ -z "`grep '$install_path.*Run.php' /etc/crontab`" ]
+    then
+        echo "*/10 * * * * www-data cd $install_path; php Zotlabs/Daemon/Run.php Cron >> /dev/null 2>&1" >> /etc/crontab
+    fi
+    # Run external script daily at 05:30
+    # - stop apache/nginx and mysql-server
+    # - renew the certificate of letsencrypt
+    # - backup db, files ($install_path), certificates if letsencrypt
+    # - update zotserver core and addon
+    # - update and upgrade linux
+    # - reboot is done by "shutdown -h now" because "reboot" hangs sometimes depending on the system
+    echo "#!/bin/sh" > /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \" \"" >> /var/www/$zotcron
+    echo "echo \"+++ \$(date) +++\"" >> /var/www/$zotcron
+    echo "echo \" \"" >> /var/www/$zotcron
+    echo "echo \"\$(date) - stopping $webserver and mysql...\"" >> /var/www/$zotcron
+    if [ $webserver = "nginx" ]
+    then
+        echo "systemctl stop nginx" >> /var/www/$zotcron
+    elif [ $webserver = "apache" ]
+    then
+        echo "service apache2 stop" >> /var/www/$zotcron
+    fi
+    echo "/etc/init.d/mysql stop # to avoid inconsistencies" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \"\$(date) - renew certificate...\"" >> /var/www/$zotcron
+    echo "certbot renew --noninteractive" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "# backup" >> /var/www/$zotcron
+    echo "echo \"\$(date) - try to mount external device for backup...\"" >> /var/www/$zotcron
+    echo "backup_device_name=$backup_device_name" >> /var/www/$zotcron
+    echo "backup_device_pass=$backup_device_pass" >> /var/www/$zotcron
+    echo "backup_mount_point=$backup_mount_point" >> /var/www/$zotcron
+    echo "device_mounted=0" >> /var/www/$zotcron
+    echo "if [ -n \"\$backup_device_name\" ]" >> /var/www/$zotcron
+    echo "then" >> /var/www/$zotcron
+    echo "    if blkid | grep $backup_device_name" >> /var/www/$zotcron
+    echo "    then" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        echo \"decrypting backup device...\"" >> /var/www/$zotcron
+        echo "        echo "\"$backup_device_pass\"" | cryptsetup luksOpen $backup_device_name cryptobackup" >> /var/www/$zotcron
+    fi
+    echo "        if [ ! -d $backup_mount_point ]" >> /var/www/$zotcron
+    echo "        then" >> /var/www/$zotcron
+    echo "            mkdir $backup_mount_point" >> /var/www/$zotcron
+    echo "        fi" >> /var/www/$zotcron
+    echo "        echo \"mounting backup device...\"" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        if mount /dev/mapper/cryptobackup $backup_mount_point" >> /var/www/$zotcron
+    else
+        echo "        if mount $backup_device_name $backup_mount_point" >> /var/www/$zotcron
+    fi
+    echo "        then" >> /var/www/$zotcron
+    echo "            device_mounted=1" >> /var/www/$zotcron
+    echo "            echo \"device $backup_device_name is now mounted. Starting backup...\"" >> /var/www/$zotcron
+    echo "            rsync -a --delete /var/lib/mysql/ /media/zotserver_backup/mysql" >> /var/www/$zotcron
+    echo "            rsync -a --delete /var/www/ /media/zotserver_backup/www" >> /var/www/$zotcron
+    echo "            rsync -a --delete /etc/letsencrypt/ /media/zotserver_backup/letsencrypt" >> /var/www/$zotcron
+    echo "            echo \"\$(date) - disk sizes...\"" >> /var/www/$zotcron
+    echo "            df -h" >> /var/www/$zotcron
+    echo "            echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+    echo "            du -h $backup_mount_point | grep mysql/zotserver" >> /var/www/$zotcron
+    echo "            echo \"unmounting backup device...\"" >> /var/www/$zotcron
+    echo "            umount $backup_mount_point" >> /var/www/$zotcron
+    echo "        else" >> /var/www/$zotcron
+    echo "            echo \"failed to mount device $backup_device_name\"" >> /var/www/$zotcron
+    echo "        fi" >> /var/www/$zotcron
+    if [ -n "$backup_device_pass" ]
+    then
+        echo "        echo \"closing decrypted backup device...\"" >> /var/www/$zotcron
+        echo "        cryptsetup luksClose cryptobackup" >> /var/www/$zotcron
+    fi
+    echo "    fi" >> /var/www/$zotcron
+    echo "fi" >> /var/www/$zotcron
+    echo "if [ \$device_mounted == 0 ]" >> /var/www/$zotcron
+    echo "then" >> /var/www/$zotcron
+    echo "    echo \"device could not be mounted $backup_device_name. No backup written.\"" >> /var/www/$zotcron
+    echo "fi" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "echo \"\$(date) - db size...\"" >> /var/www/$zotcron
+    echo "du -h /var/lib/mysql/ | grep mysql/" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "cd /var/www" >> /var/www/$zotcron
+    echo "for f in *-daily.sh; do \"./\${f}\"; done" >> /var/www/$zotcron
+    echo "echo \"\$(date) - updating linux...\"" >> /var/www/$zotcron
+    echo "apt-get -q -y update && apt-get -q -y dist-upgrade && apt-get -q -y autoremove # update linux and upgrade" >> /var/www/$zotcron
+    echo "echo \"\$(date) - Backup and update finished. Rebooting...\"" >> /var/www/$zotcron
+    echo "#" >> /var/www/$zotcron
+    echo "shutdown -r now" >> /var/www/$zotcron
+
+    # If global cron job does not exist we add it to /etc/crontab
+    if grep -q $zotcron /etc/crontab
+    then
+        echo "cron job already in /etc/crontab"
+    else
+        echo "30 05 * * * root /bin/bash /var/www/$zotcron >> /var/www/zot-daily.log 2>&1" >> /etc/crontab
+        echo "0 0 1 * * root rm /var/www/zot-daily.log" >> /etc/crontab
+    fi
+
+    # This is active after either "reboot" or cron reload"
+    systemctl restart cron
+    print_info "configured cron for updates/upgrades"
+}
+
+########################################################################
+# START OF PROGRAM
+########################################################################
+export PATH=/bin:/usr/bin:/sbin:/usr/sbin
+check_sanity
+
+zotserver_name
+print_info "We're installing a $zotserver instance"
+install_path="$(dirname "$(pwd)")"
+install_folder="$(basename $install_path)"
+
+# Read config file edited by user
+configfile=zotserver-config.txt
+source $configfile
+
+selfhostdir=/etc/selfhost
+selfhostscript=selfhost-updater.sh
+zotcron="zotcron.sh"
+zotserverdaily="${install_folder}-${zotserver}-daily.sh"
+backup_mount_point="/media/zotserver_backup"
+
+#set -x    # activate debugging from here
+
+check_config
+stop_zotserver
+update_upgrade
+install_curl
+install_wget
+install_sendmail
+if [ $webserver = "nginx" ]
+then
+    install_nginx
+elif [ $webserver = "apache" ]
+then
+    install_apache
+else
+die "Failed to install a Web server: 'webserver' not set to \"apache\" or \"nginx\" in $configfile" 
+fi
+install_imagemagick
+install_php
+if [ $webserver = "nginx" ]
+then
+    add_nginx_block
+elif [ $webserver = "apache" ]
+then
+    if [ "$install_path" != "/var/www/html" ]
+    then
+        add_vhost
+    fi
+fi
+install_mysql
+if [ $webserver = "apache" ]
+then
+install_adminer
+fi
+create_zotserver_db
+run_freedns
+install_run_selfhost
+ping_domain
+configure_cron_freedns
+configure_cron_selfhost
+
+if [ "$le_domain" != "localhost" ]
+then
+    install_letsencrypt
+    check_https
+else
+    print_info "is localhost - skipped installation of letsencrypt and configuration of apache for https"
+fi
+
+install_zotserver
+
+configure_zotserverdaily
+
+configure_cron_daily
+
+if [ "$le_domain" != "localhost" ]
+then
+    install_cryptosetup
+    install_rsync
+else
+    print_info "is localhost - skipped installation of cryptosetup"
+fi
+
+
+#set +x    # stop debugging from here
--- a/.openshift/action_hooks/deploy
+++ b/.openshift/action_hooks/deploy
--- a/.openshift/cron/weekly/chronograph
+++ b/.openshift/cron/weekly/chronograph
--- a/913
+++ b/913
--- a/11
+++ b/11
@@ -1,4 +1,5 @@
-Copyright (c) 2010-2018 the Hubzilla Community
+Copyright (c) 2019 Hubzilla Community
+
 All rights reserved.

 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -8,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:

-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.

 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/SBOM.md
+++ b/SBOM.md
@@ -0,0 +1,33 @@
+# Hubzilla Software Bill of Materials - WIP
+
+|Name|Version|License|Source|
+|----|-------|-------|------|
+|blueimp/jquery-file-upload|10.31.0.0|MIT|https://github.com/vkhramtsov/jQuery-File-Upload.git|
+|brick/math|0.9.2.0|MIT|https://github.com/brick/math.git|
+|bshaffer/oauth2-server-php|1.11.1.0|MIT|https://github.com/bshaffer/oauth2-server-php.git|
+|commerceguys/intl|1.0.7.0|MIT|https://github.com/commerceguys/intl.git|
+|desandro/imagesloaded|4.1.4.0|MIT|https://github.com/desandro/imagesloaded.git|
+|ezyang/htmlpurifier|4.13.0.0|LGPL-2.1-or-later|https://github.com/ezyang/htmlpurifier.git|
+|league/html-to-markdown|4.10.0.0|MIT|https://github.com/thephpleague/html-to-markdown.git|
+|lukasreschke/id3parser|0.0.3.0|GPL|https://github.com/LukasReschke/ID3Parser.git|
+|michelf/php-markdown|1.9.0.0|BSD-3-Clause|https://github.com/michelf/php-markdown.git|
+|pear/text_languagedetect|1.0.1.0|BSD-2-Clause|https://github.com/pear/Text_LanguageDetect.git|
+|phpseclib/phpseclib|2.0.30.0|MIT|https://github.com/phpseclib/phpseclib.git|
+|psr/log|1.1.3.0|MIT|https://github.com/php-fig/log.git|
+|ramsey/collection|1.1.3.0|MIT|https://github.com/ramsey/collection.git|
+|ramsey/uuid|4.1.1.0|MIT|https://github.com/ramsey/uuid.git|
+|sabre/dav|4.1.5.0|BSD-3-Clause|https://github.com/sabre-io/dav.git|
+|sabre/event|5.1.2.0|BSD-3-Clause|https://github.com/sabre-io/event.git|
+|sabre/http|5.1.1.0|BSD-3-Clause|https://github.com/sabre-io/http.git|
+|sabre/uri|2.2.1.0|BSD-3-Clause|https://github.com/sabre-io/uri.git|
+|sabre/vobject|4.3.5.0|BSD-3-Clause|https://github.com/sabre-io/vobject.git|
+|sabre/xml|2.2.3.0|BSD-3-Clause|https://github.com/sabre-io/xml.git|
+|simplepie/simplepie|1.5.6.0|BSD-3-Clause|https://github.com/simplepie/simplepie.git|
+|smarty/smarty|3.1.38.0|LGPL-3.0|https://github.com/smarty-php/smarty.git|
+|symfony/polyfill-ctype|1.22.0.0|MIT|https://github.com/symfony/polyfill-ctype.git|
+|twbs/bootstrap|4.6.0.0|MIT|https://github.com/twbs/bootstrap.git|
+|fullcalendar/fullcalendar|4.4.2.0|MIT|https://github.com/fullcalendar/fullcalendar.git|
+|miromannino/Justified-Gallery|3.8.1.0|MIT|https://github.com/miromannino/Justified-Gallery.git|
+|fengyuanchen/cropperjs|1.5.7.0|MIT|https://github.com/fengyuanchen/cropperjs.git|
+|ForkAwesome/Fork-Awesome|1.1.7.0|MIT,SIL OFL,CC BY 3.0|https://github.com/ForkAwesome/Fork-Awesome.git|
+|jquery/jquery|3.5.1.0|MIT|https://github.com/jquery/jquery.git|
--- a/Zotlabs/Access/AccessList.php
+++ b/Zotlabs/Access/AccessList.php
@@ -54,7 +54,7 @@ class AccessList {
 	 *   * \e string \b channel_deny_gid => string of denied gids
 	 */
 	function __construct($channel) {
-		if($channel) {
+		if ($channel) {
 			$this->allow_cid = $channel['channel_allow_cid'];
 			$this->allow_gid = $channel['channel_allow_gid'];
 			$this->deny_cid  = $channel['channel_deny_cid'];
@@ -99,7 +99,6 @@ class AccessList {
 		$this->allow_gid = $arr['allow_gid'];
 		$this->deny_cid  = $arr['deny_cid'];
 		$this->deny_gid  = $arr['deny_gid'];
-
 		$this->explicit  = $explicit;
 	}

--- a/Zotlabs/Access/PermissionLimits.php
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -2,6 +2,7 @@

 namespace Zotlabs\Access;

+use App;
 use Zotlabs\Lib\PConfig;

 /**
@@ -39,10 +40,10 @@ class PermissionLimits {
 	 */
 	static public function Std_Limits() {
 		$limits = [];
-		$perms = Permissions::Perms();
+		$perms  = Permissions::Perms();

-		foreach($perms as $k => $v) {
-			if(strstr($k, 'view'))
+		foreach ($perms as $k => $v) {
+			if (strstr($k, 'view'))
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
@@ -77,15 +78,15 @@ class PermissionLimits {
 	 *   * \b array with all permission limits, if $perm is not set
 	 */
 	static public function Get($channel_id, $perm = '') {
-		if($perm) {
+		if ($perm) {
 			return intval(PConfig::Get($channel_id, 'perm_limits', $perm));
 		}

 		PConfig::Load($channel_id);
-		if(array_key_exists($channel_id, \App::$config)
-				&& array_key_exists('perm_limits', \App::$config[$channel_id]))
-			return \App::$config[$channel_id]['perm_limits'];
+		if (array_key_exists($channel_id, App::$config)
+			&& array_key_exists('perm_limits', App::$config[$channel_id]))
+			return App::$config[$channel_id]['perm_limits'];

 		return false;
 	}
-}
+}
--- a/Zotlabs/Access/PermissionRoles.php
+++ b/Zotlabs/Access/PermissionRoles.php
@@ -100,6 +100,7 @@ class PermissionRoles {
 					'post_mail', 'post_like' , 'republish', 'chat'
 				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['channel_type'] = 'group';

 				break;

@@ -113,6 +114,7 @@ class PermissionRoles {
 					'view_pages', 'view_wiki', 'post_wall', 'post_comments', 'tag_deliver',
 					'post_mail', 'post_like' , 'chat' ];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['channel_type'] = 'group';

 				break;

@@ -132,6 +134,7 @@ class PermissionRoles {
 				$ret['limits']['view_storage']  = PERMS_SPECIFIC;
 				$ret['limits']['view_pages']    = PERMS_SPECIFIC;
 				$ret['limits']['view_wiki']     = PERMS_SPECIFIC;
+				$ret['channel_type'] = 'group';

 				break;

@@ -187,6 +190,7 @@ class PermissionRoles {
 					'post_mail', 'post_like' , 'republish', 'chat', 'write_wiki'
 				];
 				$ret['limits'] = PermissionLimits::Std_Limits();
+				$ret['channel_type'] = 'group';

 				break;

@@ -214,13 +218,13 @@ class PermissionRoles {
 		// set permissionlimits for this permission here, for example:

 		// if($perm === 'mynewperm')
-		//     \Zotlabs\Access\PermissionLimits::Set($uid,$perm,1);
+		// 		PermissionLimits::Set($uid,$perm,1);

 		if($perm === 'view_wiki')
-			\Zotlabs\Access\PermissionLimits::Set($uid, $perm, PERMS_PUBLIC);
+			PermissionLimits::Set($uid, $perm, PERMS_PUBLIC);

 		if($perm === 'write_wiki')
-			\Zotlabs\Access\PermissionLimits::Set($uid, $perm, PERMS_SPECIFIC);
+			PermissionLimits::Set($uid, $perm, PERMS_SPECIFIC);


 		// set autoperms here if applicable
@@ -258,11 +262,11 @@ class PermissionRoles {
 					case 'view_wiki':
 						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
 							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','view_pages')));
-
+						break;
 					case 'write_wiki':
 						set_abconfig($uid,$ab['abook_xchan'],'my_perms',$perm,
 							intval(get_abconfig($uid,$ab['abook_xchan'],'my_perms','write_pages')));
-
+						break;
 					default:
 						break;
 				}
@@ -313,4 +317,4 @@ class PermissionRoles {
 		return $roles;
 	}

-}
+}
--- a/Zotlabs/Access/Permissions.php
+++ b/Zotlabs/Access/Permissions.php
@@ -75,7 +75,7 @@ class Permissions {

 		$x = [
 			'permissions' => $perms,
-			'filter' => $filter
+			'filter'      => $filter
 		];
 		/**
 		 * @hooks permissions_list
@@ -84,7 +84,7 @@ class Permissions {
 		 */
 		call_hooks('permissions_list', $x);

-		return($x['permissions']);
+		return ($x['permissions']);
 	}

 	/**
@@ -96,10 +96,10 @@ class Permissions {
 	 */
 	static public function BlockedAnonPerms() {

-		$res = [];
+		$res   = [];
 		$perms = PermissionLimits::Std_limits();
-		foreach($perms as $perm => $limit) {
-			if($limit != PERMS_PUBLIC) {
+		foreach ($perms as $perm => $limit) {
+			if ($limit != PERMS_PUBLIC) {
 				$res[] = $perm;
 			}
 		}
@@ -111,7 +111,7 @@ class Permissions {
 		 */
 		call_hooks('write_perms', $x);

-		return($x['permissions']);
+		return ($x['permissions']);
 	}

 	/**
@@ -120,20 +120,20 @@ class Permissions {
 	 * Converts [ 0 => 'view_stream', ... ]
 	 * to [ 'view_stream' => 1 ] for any permissions in $arr;
 	 * Undeclared permissions which exist in Perms() are added and set to 0.
- 	 *
+	 *
 	 * @param array $arr
 	 * @return array
 	 */
 	static public function FilledPerms($arr) {
-		if(is_null($arr)) {
+		if (is_null($arr)) {
 			btlogger('FilledPerms: null');
 			$arr = [];
 		}

 		$everything = self::Perms();
-		$ret = [];
-		foreach($everything as $k => $v) {
-			if(in_array($k, $arr))
+		$ret        = [];
+		foreach ($everything as $k => $v) {
+			if (in_array($k, $arr))
 				$ret[$k] = 1;
 			else
 				$ret[$k] = 0;
@@ -155,9 +155,9 @@ class Permissions {
 	 */
 	static public function OPerms($arr) {
 		$ret = [];
-		if($arr) {
-			foreach($arr as $k => $v) {
-				$ret[] = [ 'name' => $k, 'value' => $v ];
+		if ($arr) {
+			foreach ($arr as $k => $v) {
+				$ret[] = ['name' => $k, 'value' => $v];
 			}
 		}
 		return $ret;
@@ -170,15 +170,16 @@ class Permissions {
 	 * @return boolean|array
 	 */
 	static public function FilledAutoperms($channel_id) {
-		if(! intval(get_pconfig($channel_id,'system','autoperms')))
+		if (!intval(get_pconfig($channel_id, 'system', 'autoperms')))
 			return false;

 		$arr = [];
+
 		$r = q("select * from pconfig where uid = %d and cat = 'autoperms'",
 			intval($channel_id)
 		);
-		if($r) {
-			foreach($r as $rr) {
+		if ($r) {
+			foreach ($r as $rr) {
 				$arr[$rr['k']] = intval($rr['v']);
 			}
 		}
@@ -193,11 +194,11 @@ class Permissions {
 	 * @return boolean true if all perms from $p1 exist also in $p2
 	 */
 	static public function PermsCompare($p1, $p2) {
-		foreach($p1 as $k => $v) {
-			if(! array_key_exists($k, $p2))
+		foreach ($p1 as $k => $v) {
+			if (!array_key_exists($k, $p2))
 				return false;

-			if($p1[$k] != $p2[$k])
+			if ($p1[$k] != $p2[$k])
 				return false;
 		}

@@ -214,18 +215,18 @@ class Permissions {
 	 */
 	static public function connect_perms($channel_id) {

-		$my_perms = [];
-		$permcat = null;
+		$my_perms  = [];
+		$permcat   = null;
 		$automatic = 0;

 		// If a default permcat exists, use that

-		$pc = ((feature_enabled($channel_id,'permcats')) ? get_pconfig($channel_id,'system','default_permcat') : 'default');
-		if(! in_array($pc, [ '','default' ])) {
-			$pcp = new Zlib\Permcat($channel_id);
+		$pc = ((feature_enabled($channel_id, 'permcats')) ? get_pconfig($channel_id, 'system', 'default_permcat') : 'default');
+		if (!in_array($pc, ['', 'default'])) {
+			$pcp     = new Zlib\Permcat($channel_id);
 			$permcat = $pcp->fetch($pc);
-			if($permcat && $permcat['perms']) {
-				foreach($permcat['perms'] as $p) {
+			if ($permcat && $permcat['perms']) {
+				foreach ($permcat['perms'] as $p) {
 					$my_perms[$p['name']] = $p['value'];
 				}
 			}
@@ -235,15 +236,15 @@ class Permissions {
 		// and if there was no permcat or a default permcat, set the perms
 		// from the role

-		$role = get_pconfig($channel_id,'system','permissions_role');
-		if($role) {
+		$role = get_pconfig($channel_id, 'system', 'permissions_role');
+		if ($role) {
 			$xx = PermissionRoles::role_perms($role);
-			if($xx['perms_auto'])
+			if ($xx['perms_auto'])
 				$automatic = 1;

-			if((! $my_perms) && ($xx['perms_connect'])) {
+			if ((!$my_perms) && ($xx['perms_connect'])) {
 				$default_perms = $xx['perms_connect'];
-				$my_perms = Permissions::FilledPerms($default_perms);
+				$my_perms      = Permissions::FilledPerms($default_perms);
 			}
 		}

@@ -251,11 +252,11 @@ class Permissions {
 		// it is likely a custom permissions role. First see if there are any
 		// automatic permissions.

-		if(! $my_perms) {
+		if (!$my_perms) {
 			$m = Permissions::FilledAutoperms($channel_id);
-			if($m) {
+			if ($m) {
 				$automatic = 1;
-				$my_perms = $m;
+				$my_perms  = $m;
 			}
 		}

@@ -263,24 +264,35 @@ class Permissions {
 		// custom perms but they are not automatic. They will be stored in abconfig with
 		// the channel's channel_hash (the 'self' connection).

-		if(! $my_perms) {
+		if (!$my_perms) {
 			$r = q("select channel_hash from channel where channel_id = %d",
 				intval($channel_id)
 			);
-			if($r) {
+			if ($r) {
 				$x = q("select * from abconfig where chan = %d and xchan = '%s' and cat = 'my_perms'",
 					intval($channel_id),
 					dbesc($r[0]['channel_hash'])
 				);
-				if($x) {
-					foreach($x as $xv) {
+				if ($x) {
+					foreach ($x as $xv) {
 						$my_perms[$xv['k']] = intval($xv['v']);
 					}
 				}
 			}
 		}

-		return ( [ 'perms' => $my_perms, 'automatic' => $automatic ] );
+		return (['perms' => $my_perms, 'automatic' => $automatic]);
 	}

-}
+	static public function serialise($p) {
+		$n = [];
+		if ($p) {
+			foreach ($p as $k => $v) {
+				if (intval($v)) {
+					$n[] = $k;
+				}
+			}
+		}
+		return implode(',', $n);
+	}
+}
--- a/Zotlabs/Daemon/Addon.php
+++ b/Zotlabs/Daemon/Addon.php
@@ -2,13 +2,12 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
-
 class Addon {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		call_hooks('daemon_addon',$argv);
+		call_hooks('daemon_addon', $argv);

 	}
+
 }
--- a/Zotlabs/Daemon/Cache_embeds.php
+++ b/Zotlabs/Daemon/Cache_embeds.php
@@ -0,0 +1,26 @@
+<?php /** @file */
+
+namespace Zotlabs\Daemon;
+
+class Cache_embeds {
+
+	static public function run($argc,$argv) {
+
+		if(! $argc == 2)
+			return;
+
+		$c = q("select body from item where id = %d ",
+			dbesc(intval($argv[1]))
+		);
+
+		if(! $c)
+			return;
+
+		$item = $c[0];
+
+		// bbcode conversion by default processes embeds that aren't already cached.
+		// Ignore the returned html output. 
+
+		bbcode($item['body']);
+	}
+}
--- a/Zotlabs/Daemon/Cache_query.php
+++ b/Zotlabs/Daemon/Cache_query.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+use Zotlabs\Lib\Cache;
+
+class Cache_query {
+
+	static public function run($argc, $argv) {
+
+		if(! $argc == 3)
+			return;
+
+		$key = $argv[1];
+
+		$pid = get_config('procid', $key, false);
+		if ($pid && (function_exists('posix_kill') ? posix_kill($pid, 0) : true)) {
+			logger($key . ': procedure already run with pid ' . $pid, LOGGER_DEBUG);
+			return;
+		}
+
+		$pid = getmypid();
+		set_config('procid', $key, $pid);
+
+		array_shift($argv);
+		array_shift($argv);
+		
+		$arr = json_decode(base64_decode($argv[0]), true);
+
+		$r = call_user_func_array('q', $arr);
+		if($r)
+			Cache::set($key, serialize($r));
+
+		del_config('procid', $key);
+	}
+}
--- a/Zotlabs/Daemon/Checksites.php
+++ b/Zotlabs/Daemon/Checksites.php
@@ -2,39 +2,39 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
-
+require_once('include/hubloc.php');

 class Checksites {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		logger('checksites: start');
-	
-		if(($argc > 1) && ($argv[1]))
+
+		if (($argc > 1) && ($argv[1]))
 			$site_id = $argv[1];

-		if($site_id)
+		if ($site_id)
 			$sql_options = " and site_url = '" . dbesc($argv[1]) . "' ";

-		$days = intval(get_config('system','sitecheckdays'));
-		if($days < 1)
+		$days = intval(get_config('system', 'sitecheckdays'));
+		if ($days < 1)
 			$days = 30;

 		$r = q("select * from site where site_dead = 0 and site_update < %s - INTERVAL %s and site_type = %d $sql_options ",
-			db_utcnow(), db_quoteinterval($days . ' DAY'),
+			db_utcnow(),
+			db_quoteinterval($days . ' DAY'),
 			intval(SITE_TYPE_ZOT)
 		);

-		if(! $r)
+		if (!$r)
 			return;

-		foreach($r as $rr) {
-			if(! strcasecmp($rr['site_url'],z_root()))
+		foreach ($r as $rr) {
+			if (!strcasecmp($rr['site_url'], z_root()))
 				continue;

 			$x = ping_site($rr['site_url']);
-			if($x['success']) {
+			if ($x['success']) {
 				logger('checksites: ' . $rr['site_url']);
 				q("update site set site_update = '%s' where site_url = '%s' ",
 					dbesc(datetime_convert()),
--- a/Zotlabs/Daemon/Convo.php
+++ b/Zotlabs/Daemon/Convo.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\ASCollection;
+
+class Convo {
+
+	static public function run($argc, $argv) {
+
+		logger('convo invoked: ' . print_r($argv, true));
+
+		if ($argc != 4) {
+			return;
+		}
+
+		$id           = $argv[1];
+		$channel_id   = intval($argv[2]);
+		$contact_hash = $argv[3];
+
+		$channel = channelx_by_n($channel_id);
+		if (!$channel) {
+			return;
+		}
+
+		$r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash
+			WHERE abook_channel = %d and abook_xchan = '%s' LIMIT 1",
+			intval($channel_id),
+			dbesc($contact_hash)
+		);
+		if (!$r) {
+			return;
+		}
+
+		$contact = array_shift($r);
+
+		$obj = new ASCollection($id, $channel);
+
+		$messages = $obj->get();
+
+		if ($messages) {
+			foreach ($messages as $message) {
+				if (is_string($message)) {
+					$message = Activity::fetch($message, $channel);
+				}
+				// set client flag because comments will probably just be objects and not full blown activities
+				// and that lets us use implied_create
+				$AS = new ActivityStreams($message);
+				if ($AS->is_valid() && is_array($AS->obj)) {
+					$item = Activity::decode_note($AS);
+					Activity::store($channel, $contact['abook_xchan'], $AS, $item);
+				}
+			}
+		}
+	}
+}
--- a/Zotlabs/Daemon/Cron.php
+++ b/Zotlabs/Daemon/Cron.php
@@ -2,16 +2,18 @@

 namespace Zotlabs\Daemon;

+use Zotlabs\Lib\Libsync;
+
 class Cron {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		$maxsysload = intval(get_config('system','maxloadavg'));
-		if($maxsysload < 1)
+		$maxsysload = intval(get_config('system', 'maxloadavg'));
+		if ($maxsysload < 1)
 			$maxsysload = 50;
-		if(function_exists('sys_getloadavg')) {
+		if (function_exists('sys_getloadavg')) {
 			$load = sys_getloadavg();
-			if(intval($load[0]) > $maxsysload) {
+			if (intval($load[0]) > $maxsysload) {
 				logger('system: load ' . $load . ' too high. Cron deferred to next scheduled run.');
 				return;
 			}
@@ -19,28 +21,33 @@ class Cron {

 		// Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
 		$lockfile = 'store/[data]/cron';
-		if((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600)) 
-			&& (! get_config('system','override_cron_lockfile'))) {
+		if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))
+			&& (!get_config('system', 'override_cron_lockfile'))) {
 			logger("cron: Already running");
 			return;
 		}
-	
+
 		// Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
+		$x = '';
 		file_put_contents($lockfile, $x);

 		logger('cron: start');
-	
+
 		// run queue delivery process in the background

 		Master::Summon(array('Queue'));

 		Master::Summon(array('Poller'));

-		// maintenance for mod sharedwithme - check for updated items and remove them
+		/**
+		 * Chatpresence: if somebody hasn't pinged recently, they've most likely left the page
+		 * and shouldn't count as online anymore. We allow an expection for bots.
+		 */
+		q("delete from chatpresence where cp_last < %s - INTERVAL %s and cp_client != 'auto' ",
+			db_utcnow(),
+			db_quoteinterval('3 MINUTE')
+		);

-		require_once('include/sharedwithme.php');
-		apply_updates();
-	
 		// expire any expired mail

 		q("delete from mail where expires > '%s' and expires < %s ",
@@ -48,19 +55,23 @@ class Cron {
 			db_utcnow()
 		);

+		$interval = get_config('system', 'delivery_interval', 3);
+
 		// expire any expired items

 		$r = q("select id,item_wall from item where expires > '2001-01-01 00:00:00' and expires < %s 
 			and item_deleted = 0 ",
 			db_utcnow()
 		);
-		if($r) {
+		if ($r) {
 			require_once('include/items.php');
-			foreach($r as $rr) {
-				drop_item($rr['id'],false,(($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
-				if($rr['item_wall']) {
+			foreach ($r as $rr) {
+				drop_item($rr['id'], false, (($rr['item_wall']) ? DROPITEM_PHASE1 : DROPITEM_NORMAL));
+				if ($rr['item_wall']) {
 					// The notifier isn't normally invoked unless item_drop is interactive.
-					Master::Summon( [ 'Notifier', 'drop', $rr['id'] ] );
+					Master::Summon(['Notifier', 'drop', $rr['id']]);
+					if ($interval)
+						@time_sleep_until(microtime(true) + (float)$interval);
 				}
 			}
 		}
@@ -72,9 +83,9 @@ class Cron {
 			dbesc(NULL_DATE),
 			db_utcnow()
 		);
-		if($r) {
+		if ($r) {
 			require_once('include/security.php');
-			foreach($r as $rr) {
+			foreach ($r as $rr) {
 				atoken_delete($rr['atoken_id']);
 			}
 		}
@@ -84,14 +95,37 @@ class Cron {
 		// or dead entries.

 		$r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s and channel_removed = 0",
-			db_utcnow(), 
+			db_utcnow(),
 			db_quoteinterval('30 DAY')
 		);
-		if($r) {
-			foreach($r as $rr) {
-				Master::Summon(array('Directory',$rr['channel_id'],'force'));
-				if($interval)
-					@time_sleep_until(microtime(true) + (float) $interval);
+		if ($r) {
+			foreach ($r as $rr) {
+				Master::Summon(array('Directory', $rr['channel_id'], 'force'));
+				if ($interval)
+					@time_sleep_until(microtime(true) + (float)$interval);
+			}
+		}
+
+		// Clean expired photos from cache
+
+		$r = q("SELECT DISTINCT xchan, content FROM photo WHERE photo_usage = %d AND expires < %s - INTERVAL %s",
+			intval(PHOTO_CACHE),
+			db_utcnow(),
+			db_quoteinterval(get_config('system', 'active_expire_days', '30') . ' DAY')
+		);
+		if ($r) {
+			q("DELETE FROM photo WHERE photo_usage = %d AND expires < %s - INTERVAL %s",
+				intval(PHOTO_CACHE),
+				db_utcnow(),
+				db_quoteinterval(get_config('system', 'active_expire_days', '30') . ' DAY')
+			);
+			foreach ($r as $rr) {
+				$file = dbunescbin($rr['content']);
+				if (is_file($file)) {
+					@unlink($file);
+					@rmdir(dirname($file));
+					logger('info: deleted cached photo file ' . $file, LOGGER_DEBUG);
+				}
 			}
 		}

@@ -101,55 +135,57 @@ class Cron {

 		$r = q("select id from item where item_delayed = 1 and created <= %s  and created > '%s' ",
 			db_utcnow(),
-			dbesc(datetime_convert('UTC','UTC','now - 2 days'))
+			dbesc(datetime_convert('UTC', 'UTC', 'now - 2 days'))
 		);
-		if($r) {
-			foreach($r as $rr) {
+		if ($r) {
+			foreach ($r as $rr) {
 				$x = q("update item set item_delayed = 0 where id = %d",
 					intval($rr['id'])
 				);
-				if($x) {
+				if ($x) {
 					$z = q("select * from item where id = %d",
-						intval($message_id)
+						intval($rr['id'])
 					);
-					if($z) {
+					if ($z) {
 						xchan_query($z);
 						$sync_item = fetch_post_tags($z);
-						build_sync_packet($sync_item[0]['uid'],
-							[ 
-								'item' => [ encode_item($sync_item[0],true) ]
+						Libsync::build_sync_packet($sync_item[0]['uid'],
+							[
+								'item' => [encode_item($sync_item[0], true)]
 							]
 						);
 					}
-					Master::Summon(array('Notifier','wall-new',$rr['id']));
+					Master::Summon(array('Notifier', 'wall-new', $rr['id']));
+					if ($interval)
+						@time_sleep_until(microtime(true) + (float)$interval);
 				}
 			}
 		}

+
+		// check if any connections transitioned to zot6 and upgrade the connections to zot6 at this hub if so.
+		require_once('include/connections.php');
+		z6trans_connections();
+
 		require_once('include/attach.php');
 		attach_upgrade();

-		$abandon_days = intval(get_config('system','account_abandon_days'));
-		if($abandon_days < 1)
-			$abandon_days = 0;
-
-	
 		// once daily run birthday_updates and then expire in background

 		// FIXME: add birthday updates, both locally and for xprof for use
 		// by directory servers

-		$d1 = intval(get_config('system','last_expire_day'));
-		$d2 = intval(datetime_convert('UTC','UTC','now','d'));
+		$d1 = intval(get_config('system', 'last_expire_day'));
+		$d2 = intval(datetime_convert('UTC', 'UTC', 'now', 'd'));

 		// Allow somebody to staggger daily activities if they have more than one site on their server,
 		// or if it happens at an inconvenient (busy) hour.

-		$h1 = intval(get_config('system','cron_hour'));
-		$h2 = intval(datetime_convert('UTC','UTC','now','G'));
+		$h1 = intval(get_config('system', 'cron_hour'));
+		$h2 = intval(datetime_convert('UTC', 'UTC', 'now', 'G'));


-		if(($d2 != $d1) && ($h1 == $h2)) {
+		if (($d2 != $d1) && ($h1 == $h2)) {
 			Master::Summon(array('Cron_daily'));
 		}

@@ -158,14 +194,14 @@ class Cron {

 		$r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' 
 			and xchan_photo_date < %s - INTERVAL %s",
-			db_utcnow(), 
+			db_utcnow(),
 			db_quoteinterval('1 DAY')
 		);
-		if($r) {
+		if ($r) {
 			require_once('include/photo/photo_driver.php');
-			foreach($r as $rr) {
-				$photos = import_xchan_photo($rr['xchan_photo_l'],$rr['xchan_hash']);
-				$x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
+			foreach ($r as $rr) {
+				$photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash'], false, true);
+				q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'
 					where xchan_hash = '%s'",
 					dbesc($photos[0]),
 					dbesc($photos[1]),
@@ -179,31 +215,28 @@ class Cron {

 		// pull in some public posts

-		$disable_discover_tab = get_config('system','disable_discover_tab') || get_config('system','disable_discover_tab') === false;
-		if(! $disable_discover_tab)
+/*		$disable_discover_tab = get_config('system', 'disable_discover_tab') || get_config('system', 'disable_discover_tab') === false;
+		if (!$disable_discover_tab)
 			Master::Summon(array('Externals'));
+*/

-		$generation = 0;
+		$restart = false;

-		$restart    = false;
-
-		if(($argc > 1) && ($argv[1] == 'restart')) {
-			$restart = true;
+		if (($argc > 1) && ($argv[1] == 'restart')) {
+			$restart    = true;
 			$generation = intval($argv[2]);
-			if(! $generation)
-				killme();		
+			if (!$generation)
+				return;
 		}

 		reload_plugins();

-		$d = datetime_convert();
-
 		// TODO check to see if there are any cronhooks before wasting a process

-		if(! $restart)
+		if (!$restart)
 			Master::Summon(array('Cronhooks'));

-		set_config('system','lastcron',datetime_convert());
+		set_config('system', 'lastcron', datetime_convert());

 		//All done - clear the lockfile	
 		@unlink($lockfile);
--- a/Zotlabs/Daemon/Cron_daily.php
+++ b/Zotlabs/Daemon/Cron_daily.php
@@ -2,9 +2,11 @@

 namespace Zotlabs\Daemon;

+use Zotlabs\Lib\Libzotdir;
+
 class Cron_daily {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		logger('cron_daily: start');

@@ -13,15 +15,12 @@ class Cron_daily {
 		 *
 		 */

-
-		require_once('include/dir_fns.php');
-		check_upstream_directory();
-
+		Libzotdir::check_upstream_directory();

 		// Fire off the Cron_weekly process if it's the correct day.
- 
-		$d3 = intval(datetime_convert('UTC','UTC','now','N'));
-		if($d3 == 7) {
+
+		$d3 = intval(datetime_convert('UTC', 'UTC', 'now', 'N'));
+		if ($d3 == 7) {
 			Master::Summon(array('Cron_weekly'));
 		}

@@ -44,6 +43,17 @@ class Cron_daily {
 			db_utcnow(), db_quoteinterval('1 YEAR')
 		);

+		// expire anonymous sse notification entries once a day
+
+		q("delete from xconfig where xchan like '%s'",
+			dbesc('sse_id.%')
+		);
+
+		// Clean up emdedded content cache
+		q("DELETE FROM cache WHERE updated < %s - INTERVAL %s",
+			db_utcnow(),
+			db_quoteinterval(get_config('system', 'active_expire_days', '30') . ' DAY')
+		);

 		//update statistics in config
 		require_once('include/statistics_fns.php');
@@ -56,8 +66,8 @@ class Cron_daily {

 		// expire old delivery reports

-		$keep_reports = intval(get_config('system','expire_delivery_reports'));
-		if($keep_reports === 0)
+		$keep_reports = intval(get_config('system', 'expire_delivery_reports'));
+		if ($keep_reports === 0)
 			$keep_reports = 10;

 		q("delete from dreport where dreport_time < %s - INTERVAL %s",
@@ -69,26 +79,27 @@ class Cron_daily {
 		downgrade_accounts();

 		// If this is a directory server, request a sync with an upstream
-		// directory at least once a day, up to once every poll interval. 
+		// directory at least once a day, up to once every poll interval.
 		// Pull remote changes and push local changes.
-		// potential issue: how do we keep from creating an endless update loop? 
+		// potential issue: how do we keep from creating an endless update loop?

-		$dirmode = get_config('system','directory_mode');
+		$dirmode = get_config('system', 'directory_mode');

-		if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
-			require_once('include/dir_fns.php');
-			sync_directories($dirmode);
+		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
+			Libzotdir::sync_directories($dirmode);
 		}

-
 		Master::Summon(array('Expire'));
 		Master::Summon(array('Cli_suggest'));

 		remove_obsolete_hublocs();

-		call_hooks('cron_daily',datetime_convert());
+		z6_discover();

-		set_config('system','last_expire_day',intval(datetime_convert('UTC','UTC','now','d')));
+		$date = datetime_convert();
+		call_hooks('cron_daily', $date);
+
+		set_config('system', 'last_expire_day', intval(datetime_convert('UTC', 'UTC', 'now', 'd')));

 		/**
 		 * End Cron Daily
--- a/Zotlabs/Daemon/Cron_weekly.php
+++ b/Zotlabs/Daemon/Cron_weekly.php
@@ -4,21 +4,22 @@ namespace Zotlabs\Daemon;

 class Cron_weekly {

-	static public function run($argc,$argv) {		
+	static public function run($argc, $argv) {

 		/**
 		 * Cron Weekly
-		 * 
+		 *
 		 * Actions in the following block are executed once per day only on Sunday (once per week).
 		 *
 		 */

-		call_hooks('cron_weekly',datetime_convert());
+		$date = datetime_convert();
+		call_hooks('cron_weekly', $date);

 		z_check_cert();

 		prune_hub_reinstalls();
-	
+
 		mark_orphan_hubsxchans();

 		// Find channels that were removed in the last three weeks, but 
@@ -31,8 +32,8 @@ class Cron_weekly {
 			db_utcnow(), db_quoteinterval('21 DAY'),
 			db_utcnow(), db_quoteinterval('10 DAY')
 		);
-		if($r) {
-			foreach($r as $rv) {
+		if ($r) {
+			foreach ($r as $rv) {
 				channel_remove_final($rv['channel_id']);
 			}
 		}
@@ -43,14 +44,14 @@ class Cron_weekly {
 			db_utcnow(), db_quoteinterval('14 DAY')
 		);

-		$dirmode = intval(get_config('system','directory_mode'));
-		if($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
-			logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())),true));
+		$dirmode = intval(get_config('system', 'directory_mode'));
+		if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
+			logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true));
 		}

 		// Check for dead sites
 		Master::Summon(array('Checksites'));
-			
+
 		// update searchable doc indexes
 		Master::Summon(array('Importdoc'));

--- a/Zotlabs/Daemon/CurlAuth.php
+++ b/Zotlabs/Daemon/CurlAuth.php
@@ -2,6 +2,8 @@

 namespace Zotlabs\Daemon;

+use App;
+
 // generate a curl compatible cookie file with an authenticated session for the given channel_id. 
 // If this file is then used with curl and the destination url is sent through zid() or manually 
 // manipulated to add a zid, it should allow curl to provide zot magic-auth across domains.
@@ -10,15 +12,15 @@ namespace Zotlabs\Daemon;

 class CurlAuth {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		if($argc != 2)
-			killme();
+		if ($argc != 2)
+			return;

-		\App::$session->start();
+		App::$session->start();

 		$_SESSION['authenticated'] = 1;
-		$_SESSION['uid'] = $argv[1];
+		$_SESSION['uid']           = $argv[1];

 		$x = session_id();

@@ -29,14 +31,14 @@ class CurlAuth {

 		$output = '';

-		if($e) {
+		if ($e) {
 			$lines = file($f);
-			if($lines) {
-				foreach($lines as $line) {
-					if(strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) {
+			if ($lines) {
+				foreach ($lines as $line) {
+					if (strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) {
 						$tokens = explode("\t", $line);
 						$tokens = array_map('trim', $tokens);
-						if($tokens[4] > time()) {
+						if ($tokens[4] > time()) {
 							$output .= $line . "\n";
 						}
 					}
@@ -46,10 +48,10 @@ class CurlAuth {
 			}
 		}
 		$t = time() + (24 * 3600);
-		file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tTRUE\t$t\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0));
+		file_put_contents($f, $output . 'HttpOnly_' . App::get_hostname() . "\tFALSE\t/\tTRUE\t$t\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0));

-		file_put_contents($c,$x);
+		file_put_contents($c, $x);

-		killme();
+		return;
 	}
-}
+}
--- a/Zotlabs/Daemon/Deliver.php
+++ b/Zotlabs/Daemon/Deliver.php
@@ -2,89 +2,32 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
 require_once('include/queue_fn.php');

-
 class Deliver {
-	
-	static public function run($argc,$argv) {

-		if($argc < 2)
+	static public function run($argc, $argv) {
+
+		if ($argc < 2)
 			return;

-		logger('deliver: invoked: ' . print_r($argv,true), LOGGER_DATA);
+		logger('deliver: invoked: ' . print_r($argv, true), LOGGER_DATA);

-		for($x = 1; $x < $argc; $x ++) {
+		for ($x = 1; $x < $argc; $x++) {

-			if(! $argv[$x])
+			if (!$argv[$x])
 				continue;

-			$dresult = null;
-			$r = q("select * from outq where outq_hash = '%s' limit 1",
+			$r = q("select * from outq where outq_hash = '%s'",
 				dbesc($argv[$x])
 			);
-			if($r) {
-
-				$notify = json_decode($r[0]['outq_notify'],true);
-
-				// Messages without an outq_msg will need to go via the web, even if it's a
-				// local delivery. This includes conversation requests and refresh packets.
-
-				if(($r[0]['outq_posturl'] === z_root() . '/post') && ($r[0]['outq_msg'])) {
-					logger('deliver: local delivery', LOGGER_DEBUG);
-
-					// local delivery
-					// we should probably batch these and save a few delivery processes
-
-					if($r[0]['outq_msg']) {
-						$m = json_decode($r[0]['outq_msg'],true);
-						if(array_key_exists('message_list',$m)) {
-							foreach($m['message_list'] as $mm) {
-								$msg = array('body' => json_encode(array('success' => true, 'pickup' => array(array('notify' => $notify,'message' => $mm)))));
-								zot_import($msg,z_root());
-							}
-						}	
-						else {	
-							$msg = array('body' => json_encode(array('success' => true, 'pickup' => array(array('notify' => $notify,'message' => $m)))));
-							$dresult = zot_import($msg,z_root());
-						}
-
-						remove_queue_item($r[0]['outq_hash']);
-
-						if($dresult && is_array($dresult)) {
-
-							// delivery reports for local deliveries do not require encryption
-
-							foreach($dresult as $xx) {
-								if(is_array($xx) && array_key_exists('message_id',$xx)) {
-									if(delivery_report_is_storable($xx)) {
-										q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
-											dbesc($xx['message_id']),
-											dbesc($xx['location']),
-											dbesc($xx['recipient']),
-											dbesc($xx['status']),
-											dbesc(datetime_convert($xx['date'])),
-											dbesc($xx['sender'])
-										);
-									}
-								}
-							}
-						}
-
-						q("delete from dreport where dreport_queue = '%s'",
-							dbesc($argv[$x])
-						);
-					
-						continue;
-					}
-				}
-
-				// otherwise it's a remote delivery - call queue_deliver() with the $immediate flag
-
-				queue_deliver($r[0],true);

+			if ($r) {
+				queue_deliver($r[0], true);
 			}
+
 		}
+
 	}
+
 }
--- a/Zotlabs/Daemon/Deliver_hooks.php
+++ b/Zotlabs/Daemon/Deliver_hooks.php
@@ -2,21 +2,18 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
-
 class Deliver_hooks {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		if($argc < 2)
+		if ($argc < 2)
 			return;

-
 		$r = q("select * from item where id = '%d'",
 			intval($argv[1])
 		);
-		if($r)
-			call_hooks('notifier_normal',$r[0]);
+		if ($r)
+			call_hooks('notifier_normal', $r[0]);

 	}
 }
--- a/Zotlabs/Daemon/Directory.php
+++ b/Zotlabs/Daemon/Directory.php
@@ -2,47 +2,46 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
-require_once('include/dir_fns.php');
-require_once('include/queue_fn.php');
-
+use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\Libzotdir;
+use Zotlabs\Lib\Queue;

 class Directory {

-	static public function run($argc,$argv){
+	static public function run($argc, $argv) {

-		if($argc < 2)
+		if ($argc < 2)
 			return;

-		$force = false;
+		$force   = false;
 		$pushall = true;

-		if($argc > 2) {
-			if($argv[2] === 'force')
+		if ($argc > 2) {
+			if ($argv[2] === 'force')
 				$force = true;
-			if($argv[2] === 'nopush')
+			if ($argv[2] === 'nopush')
 				$pushall = false;
-		}	
+		}

 		logger('directory update', LOGGER_DEBUG);

-		$dirmode = get_config('system','directory_mode');
-		if($dirmode === false)
+		$dirmode = get_config('system', 'directory_mode');
+		if ($dirmode === false)
 			$dirmode = DIRECTORY_MODE_NORMAL;

 		$x = q("select * from channel where channel_id = %d limit 1",
 			intval($argv[1])
 		);
-		if(! $x)
+		if (!$x)
 			return;

 		$channel = $x[0];

-		if($dirmode != DIRECTORY_MODE_NORMAL) {
+		if ($dirmode != DIRECTORY_MODE_NORMAL) {

 			// this is an in-memory update and we don't need to send a network packet.

-			local_dir_update($argv[1],$force);
+			Libzotdir::local_dir_update($argv[1], $force);

 			q("update channel set channel_dirdate = '%s' where channel_id = %d",
 				dbesc(datetime_convert()),
@@ -50,25 +49,26 @@ class Directory {
 			);

 			// Now update all the connections
-			if($pushall) 
-				Master::Summon(array('Notifier','refresh_all',$channel['channel_id']));
+			if ($pushall)
+				Master::Summon(array('Notifier', 'refresh_all', $channel['channel_id']));

 			return;
 		}

 		// otherwise send the changes upstream

-		$directory = find_upstream_directory($dirmode);
-		$url = $directory['url'] . '/post';
+		$directory = Libzotdir::find_upstream_directory($dirmode);
+
+		$url = $directory['url'] . '/zot';

 		// ensure the upstream directory is updated

-		$packet = zot_build_packet($channel,(($force) ? 'force_refresh' : 'refresh'));
-		$z = zot_zot($url,$packet);
+		$packet = Libzot::build_packet($channel, (($force) ? 'force_refresh' : 'refresh'));
+		$z      = Libzot::zot($url, $packet, $channel);

 		// re-queue if unsuccessful

-		if(! $z['success']) {
+		if (!$z['success']) {

 			/** @FIXME we aren't updating channel_dirdate if we have to queue
 			 * the directory packet. That means we'll try again on the next poll run.
@@ -76,7 +76,7 @@ class Directory {

 			$hash = random_string();

-			queue_insert(array(
+			Queue::insert(array(
 				'hash'       => $hash,
 				'account_id' => $channel['channel_account_id'],
 				'channel_id' => $channel['channel_id'],
@@ -93,8 +93,8 @@ class Directory {
 		}

 		// Now update all the connections
-		if($pushall)
-			Master::Summon(array('Notifier','refresh_all',$channel['channel_id']));
+		if ($pushall)
+			Master::Summon(array('Notifier', 'refresh_all', $channel['channel_id']));

 	}
 }
--- a/Zotlabs/Daemon/Expire.php
+++ b/Zotlabs/Daemon/Expire.php
@@ -5,14 +5,24 @@ namespace Zotlabs\Daemon;

 class Expire {

-	static public function run($argc,$argv){
+	static public function run($argc, $argv) {

 		cli_startup();

+		$pid = get_config('procid', 'expire', false);
+		if ($pid && (function_exists('posix_kill') ? posix_kill($pid, 0) : true)) {
+			logger('procedure already run with pid ' . $pid, LOGGER_DEBUG);
+			return;
+		}
+
+		$pid = getmypid();
+		set_config('procid', 'expire', $pid);
+
 		// perform final cleanup on previously delete items

 		$r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('10 DAY')
+			db_utcnow(),
+			db_quoteinterval('10 DAY')
 		);
 		if ($r) {
 			foreach ($r as $rr) {
@@ -23,23 +33,22 @@ class Expire {
 		// physically remove anything that has been deleted for more than two months
 		/** @FIXME - this is a wretchedly inefficient query */

-		$r = q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s",
-			db_utcnow(), db_quoteinterval('36 DAY')
+		q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s",
+			db_utcnow(),
+			db_quoteinterval('36 DAY')
 		);

-		/** @FIXME make this optional as it could have a performance impact on large sites */
-
 		if (intval(get_config('system', 'optimize_items')))
 			q("optimize table item");

-		logger('expire: start', LOGGER_DEBUG);
+		logger('expire: start with pid ' . $pid, LOGGER_DEBUG);

-		$site_expire = intval(get_config('system', 'default_expire_days'));
-		$commented_days = intval(get_config('system','active_expire_days'));
+		$site_expire    = intval(get_config('system', 'default_expire_days'));
+		$commented_days = intval(get_config('system', 'active_expire_days'));

 		logger('site_expire: ' . $site_expire);

-		$r = q("SELECT channel_id, channel_system, channel_address, channel_expire_days from channel where true");
+		$r = dbq("SELECT channel_id, channel_system, channel_address, channel_expire_days from channel where true");

 		if ($r) {
 			foreach ($r as $rr) {
@@ -55,11 +64,12 @@ class Expire {
 					$channel_expire = $service_class_expire;
 				else
 					$channel_expire = $site_expire;
-	
+
 				if (intval($channel_expire) && (intval($channel_expire) < intval($rr['channel_expire_days'])) ||
 					intval($rr['channel_expire_days'] == 0)) {
 					$expire_days = $channel_expire;
-				} else {
+				}
+				else {
 					$expire_days = $rr['channel_expire_days'];
 				}

@@ -84,11 +94,13 @@ class Expire {
 			}

 			logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
-	
+
 			if ($expire_days)
 				item_expire($x['channel_id'], $expire_days, $commented_days);

 			logger('Expire: sys: done', LOGGER_DEBUG);
 		}
+
+		del_config('procid', 'expire');
 	}
 }
--- a/Zotlabs/Daemon/Externals.php
+++ b/Zotlabs/Daemon/Externals.php
@@ -2,97 +2,180 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\ASCollection;
+
 require_once('include/channel.php');


 class Externals {

-	static public function run($argc,$argv){
+	static public function run($argc, $argv) {

-		$total = 0;
+		logger('externals: start');
+
+		$importer = get_sys_channel();
+		$total    = 0;
 		$attempts = 0;

 		logger('externals: startup', LOGGER_DEBUG);

 		// pull in some public posts

+		while ($total == 0 && $attempts < 3) {
+			$arr = ['url' => ''];
+			call_hooks('externals_url_select', $arr);

-		while($total == 0 && $attempts < 3) {
-			$arr = array('url' => '');
-			call_hooks('externals_url_select',$arr);
-
-			if($arr['url']) {
+			if ($arr['url']) {
 				$url = $arr['url'];
-			} 
+			}
 			else {
 				$randfunc = db_getfunc('RAND');

-				// fixme this query does not deal with directory realms. 
+				// fixme this query does not deal with directory realms.

-				$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d and site_type = %d and site_dead = 0 order by $randfunc limit 1",
+				$r = q("select site_url, site_pull from site where site_url != '%s'
+						and site_flags != %d and site_type = %d
+						and site_dead = 0 and site_project like '%s' and site_version > '5.3.1' order by $randfunc limit 1",
 					dbesc(z_root()),
 					intval(DIRECTORY_MODE_STANDALONE),
-					intval(SITE_TYPE_ZOT)
+					intval(SITE_TYPE_ZOT),
+					dbesc('hubzilla%')
 				);
-				if($r)
+				if ($r)
 					$url = $r[0]['site_url'];
 			}

 			$blacklisted = false;

-			if(! check_siteallowed($url)) {
+			if (!check_siteallowed($url)) {
 				logger('blacklisted site: ' . $url);
 				$blacklisted = true;
 			}

-			$attempts ++;
+			$attempts++;

 			// make sure we can eventually break out if somebody blacklists all known sites

-			if($blacklisted) {
-				if($attempts > 20)
+			if ($blacklisted) {
+				if ($attempts > 20)
 					break;
-				$attempts --;
+				$attempts--;
 				continue;
 			}

-			if($url) {
-				if($r[0]['site_pull'] > NULL_DATE)
-					$mindate = urlencode(datetime_convert('','',$r[0]['site_pull'] . ' - 1 day'));
-				else {
-					$days = get_config('externals','since_days');
-					if($days === false)
-						$days = 15;
-					$mindate = urlencode(datetime_convert('','','now - ' . intval($days) . ' days'));
-				}
+			if ($url) {

-				$feedurl = $url . '/zotfeed?f=&mindate=' . $mindate;
+				$max = intval(get_config('system', 'max_imported_posts', 30));
+				if (intval($max)) {
+					logger('externals: fetching outbox');

-				logger('externals: pulling public content from ' . $feedurl, LOGGER_DEBUG);
+					$feed_url = $url . '/zotfeed';
+					$obj      = new ASCollection($feed_url, $importer, 0, $max);
+					$messages = $obj->get();

-				$x = z_fetch_url($feedurl);
-				if(($x) && ($x['success'])) {
-
-					q("update site set site_pull = '%s' where site_url = '%s'",
-						dbesc(datetime_convert()),
-						dbesc($url)
-					);
-
-					$j = json_decode($x['body'],true);
-					if($j['success'] && $j['messages']) {
-						$sys = get_sys_channel();
-						foreach($j['messages'] as $message) {
-							// on these posts, clear any route info. 
-							$message['route'] = '';
-							$results = process_delivery(array('hash' => 'undefined'), get_item_elements($message),
-								array(array('hash' => $sys['xchan_hash'])), false, true);
-							$total ++;
+					if ($messages) {
+						foreach ($messages as $message) {
+							if (is_string($message)) {
+								$message = Activity::fetch($message, $importer);
+							}
+							$AS = new ActivityStreams($message);
+							if ($AS->is_valid() && is_array($AS->obj)) {
+								$item = Activity::decode_note($AS);
+								Activity::store($importer, $importer['xchan_hash'], $AS, $item, true);
+								$total++;
+							}
 						}
-						logger('externals: import_public_posts: ' . $total . ' messages imported', LOGGER_DEBUG);
 					}
+					logger('externals: import_public_posts: ' . $total . ' messages imported', LOGGER_DEBUG);
 				}
 			}
 		}
+		return;
+
+		/*		$total    = 0;
+				$attempts = 0;
+
+				logger('externals: startup', LOGGER_DEBUG);
+
+				// pull in some public posts
+
+				while ($total == 0 && $attempts < 3) {
+					$arr = ['url' => ''];
+					call_hooks('externals_url_select', $arr);
+
+					if ($arr['url']) {
+						$url = $arr['url'];
+					}
+					else {
+						$randfunc = db_getfunc('RAND');
+
+						// fixme this query does not deal with directory realms.
+
+						$r = q("select site_url, site_pull from site where site_url != '%s' and site_flags != %d and site_type = %d and site_dead = 0 order by $randfunc limit 1",
+							dbesc(z_root()),
+							intval(DIRECTORY_MODE_STANDALONE),
+							intval(SITE_TYPE_ZOT)
+						);
+						if ($r)
+							$url = $r[0]['site_url'];
+					}
+
+					$blacklisted = false;
+
+					if (!check_siteallowed($url)) {
+						logger('blacklisted site: ' . $url);
+						$blacklisted = true;
+					}
+
+					$attempts++;
+
+					// make sure we can eventually break out if somebody blacklists all known sites
+
+					if ($blacklisted) {
+						if ($attempts > 20)
+							break;
+						$attempts--;
+						continue;
+					}
+
+					if ($url) {
+						if ($r[0]['site_pull'] > NULL_DATE)
+							$mindate = urlencode(datetime_convert('', '', $r[0]['site_pull'] . ' - 1 day'));
+						else {
+							$days = get_config('externals', 'since_days');
+							if ($days === false)
+								$days = 15;
+							$mindate = urlencode(datetime_convert('', '', 'now - ' . intval($days) . ' days'));
+						}
+
+						$feedurl = $url . '/zotfeed?f=&mindate=' . $mindate;
+
+						logger('externals: pulling public content from ' . $feedurl, LOGGER_DEBUG);
+
+						$x = z_fetch_url($feedurl);
+						if (($x) && ($x['success'])) {
+
+							q("update site set site_pull = '%s' where site_url = '%s'",
+								dbesc(datetime_convert()),
+								dbesc($url)
+							);
+
+							$j = json_decode($x['body'], true);
+							if ($j['success'] && $j['messages']) {
+								$sys = get_sys_channel();
+								foreach ($j['messages'] as $message) {
+									// on these posts, clear any route info.
+									$message['route'] = '';
+									process_delivery(['hash' => 'undefined'], get_item_elements($message),
+										[['hash' => $sys['xchan_hash']]], false, true);
+									$total++;
+								}
+								logger('externals: import_public_posts: ' . $total . ' messages imported', LOGGER_DEBUG);
+							}
+						}
+					}
+				}*/
 	}
 }
--- a/Zotlabs/Daemon/Gprobe.php
+++ b/Zotlabs/Daemon/Gprobe.php
@@ -2,32 +2,38 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
+use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\Webfinger;
+use Zotlabs\Lib\Zotfinger;

 // performs zot_finger on $argv[1], which is a hex_encoded webbie/reddress

 class Gprobe {
-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		if($argc != 2)
+		if ($argc != 2)
 			return;

 		$url = hex2bin($argv[1]);

-		if(! strpos($url,'@'))
+		if (!strpos($url, '@'))
 			return;

-		$r = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+		$r = q("select * from hubloc where hubloc_addr = '%s' and hubloc_network = 'zot6' limit 1",
 			dbesc($url)
 		);

-		if(! $r) {
-			$j = \Zotlabs\Zot\Finger::run($url,null);
-			if($j['success']) {
-				$y = import_xchan($j);
+		if (!$r) {
+			$href = Webfinger::zot_url(punify($url));
+			if ($href) {
+				$zf = Zotfinger::exec($href, null);
+			}
+			if (is_array($zf) && array_path_exists('signature/signer', $zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+				Libzot::import_xchan($zf['data']);
 			}
 		}

 		return;
+
 	}
 }
--- a/Zotlabs/Daemon/Importdoc.php
+++ b/Zotlabs/Daemon/Importdoc.php
@@ -5,7 +5,7 @@ namespace Zotlabs\Daemon;

 class Importdoc {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		require_once('include/help.php');

@@ -16,20 +16,20 @@ class Importdoc {
 	static public function update_docs_dir($s) {
 		$f = basename($s);
 		$d = dirname($s);
-		if($s === 'doc/html')
+		if ($s === 'doc/html')
 			return;
 		$files = glob("$d/$f");
-		if($files) {
-			foreach($files as $fi) {
-				if($fi === 'doc/html') {
+		if ($files) {
+			foreach ($files as $fi) {
+				if ($fi === 'doc/html') {
 					continue;
 				}
-				if(is_dir($fi)) {
+				if (is_dir($fi)) {
 					self::update_docs_dir("$fi/*");
 				}
 				else {
 					// don't update media content
-					if(strpos(z_mime_content_type($fi),'text') === 0) {
+					if (strpos(z_mime_content_type($fi), 'text') === 0) {
 						store_doc_file($fi);
 					}
 				}
--- a/Zotlabs/Daemon/Importfile.php
+++ b/Zotlabs/Daemon/Importfile.php
@@ -2,24 +2,25 @@

 namespace Zotlabs\Daemon;

+use Zotlabs\Lib\Libsync;
+
 class Importfile {

-	static public function run($argc,$argv){
+	static public function run($argc, $argv) {

-		logger('Importfile: ' . print_r($argv,true));
+		logger('Importfile: ' . print_r($argv, true));

-		if($argc < 3)
+		if ($argc < 3)
 			return;

 		$channel = channelx_by_n($argv[1]);
-		if(! $channel)
+		if (!$channel)
 			return;

 		$srcfile = $argv[2];
 		$folder  = (($argc > 3) ? $argv[3] : '');
 		$dstname = (($argc > 4) ? $argv[4] : '');
-
-		$hash = random_string();
+		$hash    = random_string();

 		$arr = [
 			'src'               => $srcfile,
@@ -33,15 +34,15 @@ class Importfile {
 			'replace'           => true
 		];

-		if($folder)
+		if ($folder)
 			$arr['folder'] = $folder;

-		attach_store($channel,$channel['channel_hash'],'import',$arr);
+		attach_store($channel, $channel['channel_hash'], 'import', $arr);
+
+		$sync = attach_export_data($channel, $hash);
+		if ($sync)
+			Libsync::build_sync_packet($channel['channel_id'], ['file' => [$sync]]);

-		$sync = attach_export_data($channel,$hash);
-		if($sync)
-			build_sync_packet($channel['channel_id'],array('file' => array($sync)));
-	
 		return;
 	}
 }
--- a/Zotlabs/Daemon/Master.php
+++ b/Zotlabs/Daemon/Master.php
@@ -2,148 +2,57 @@

 namespace Zotlabs\Daemon;

-if(array_search( __file__ , get_included_files()) === 0) {
+if (array_search(__file__, get_included_files()) === 0) {
 	require_once('include/cli_startup.php');
 	array_shift($argv);
 	$argc = count($argv);

-	if($argc)
-		Master::Release($argc,$argv);
-	killme();
+	if ($argc)
+		Master::Release($argc, $argv);
+	return;
 }


-
 class Master {

-	static public $queueworker = null;
-
 	static public function Summon($arr) {
-		proc_run('php','Zotlabs/Daemon/Master.php',$arr);
+		$hookinfo = [
+			'argv' => $arr
+		];
+
+		call_hooks('daemon_master_summon', $hookinfo);
+
+		$arr  = $hookinfo['argv'];
+		$argc = count($arr);
+
+		if ((!is_array($arr) || ($argc < 1))) {
+			logger("Summon handled by hook.", LOGGER_DEBUG);
+			return;
+		}
+
+		$phpbin = get_config('system', 'phpbin', 'php');
+		proc_run($phpbin, 'Zotlabs/Daemon/Master.php', $arr);
 	}

-	static public function Release($argc,$argv) {
+	static public function Release($argc, $argv) {
 		cli_startup();

-		$maxworkers = get_config('system','max_queue_workers');
+		$hookinfo = [
+			'argv' => $argv
+		];

-		if (!$maxworkers || $maxworkers == 0) {
-			logger('Master: release: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-                	$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
-                	$cls::run($argc,$argv);
-			self::ClearQueue();
-		} else {
-			logger('Master: enqueue: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-			$workinfo = ['argc'=>$argc,'argv'=>$argv];
-			q("insert into config (cat,k,v) values ('queuework','%s','%s')",
-				dbesc(uniqid('workitem:',true)),
-				dbesc(serialize($workinfo)));
-			self::Process();
+		call_hooks('daemon_master_release', $hookinfo);
+
+		$argv = $hookinfo['argv'];
+		$argc = count($argv);
+
+		if ((!is_array($argv) || ($argc < 1))) {
+			logger("Release handled by hook.", LOGGER_DEBUG);
+			return;
 		}
+
+		logger('Master: release: ' . json_encode($argv), LOGGER_ALL, LOG_DEBUG);
+		$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
+		$cls::run($argc, $argv);
 	}
-
-	static public function GetWorkerID() {
-		$maxworkers = get_config('system','max_queue_workers');
-		$maxworkers = ($maxworkers) ? $maxworkers : 3;
-
-		$workermaxage = get_config('system','max_queue_worker_age');
-		$workermaxage = ($workermaxage) ? $workermaxage : 300;
-
-		$workers = q("select * from config where cat='queueworkers' and k like '%s'", 'workerstarted_%');
-
-		if (count($workers) > $maxworkers) {
-			foreach ($workers as $idx => $worker) {
-                                $curtime = time();
-                                $age = (intval($curtime) - intval($worker['v']));
-                                if ( $age > $workermaxage) {
-					logger("Prune worker: ".$worker['k'], LOGGER_ALL, LOGGER_DEBUG);
-					$k = explode('_',$worker['k']);
-					q("delete from config where cat='queueworkers' and k='%s'",
-						'workerstarted_'.$k[1]);
-					q("update config set k='workitem' where cat='queuework' and k='%s'",
-						'workitem_'.$k[1]);
-					unset($workers[$idx]);
-				}
-			}
-			if (count($workers) > $maxworkers) {
-				return false;
-			}
-		}
-		return uniqid();
-
-	}
-
-	static public function Process() {
-
-		self::$queueworker = self::GetWorkerID();
-
-		if (!self::$queueworker) {
-			logger('Master: unable to obtain worker ID.');
-			killme();
-		}
-
-		set_config('queueworkers','workerstarted_'.self::$queueworker,time());
-
-		$workersleep = get_config('system','queue_worker_sleep');
-		$workersleep = ($workersleep) ? $workersleep : 5;
-		cli_startup();
-
-		$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
-			'workitem_'.self::$queueworker,
-			dbesc('workitem:%'));
-		$jobs = 0;
-		while ($work) {
-			$workitem = q("select * from config where cat='queuework' and k='%s'",
-				'workitem_'.self::$queueworker);
-
-			if (isset($workitem[0])) {
-				$jobs++;
-				$workinfo = unserialize($workitem[0]['v']);
-				$argc = $workinfo['argc'];
-				$argv = $workinfo['argv'];
-				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-
-				//Delete unclaimed duplicate workitems.
-				q("delete from config where cat='queuework' and k='workitem' and v='%s'",
-					serialize($argv));
-
-				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
-				$cls::run($argc,$argv);
-
-				//Right now we assume that if we get a return, everything is OK.
-				//At some point we may want to test whether the run returns true/false
-				//    and requeue the work to be tried again.  But we probably want
-				//    to implement some sort of "retry interval" first.
-
-				q("delete from config where cat='queuework' and k='%s'",
-					'workitem_'.self::$queueworker);
-			} else {
-				break;
-			}
-			sleep ($workersleep);
-			$work = q("update config set k='%s' where cat='queuework' and k like '%s' limit 1",
-				'workitem_'.self::$queueworker,
-				dbesc('workitem:%'));
-
-		}
-		logger('Master: Worker Thread: queue items processed:' . $jobs);
-		q("delete from config where cat='queueworkers' and k='%s'",
-			'workerstarted_'.self::$queueworker);
-	}	
-
-	static public function ClearQueue() {
-			$work = q("select * from config where cat='queuework' and k like '%s'",
-				dbesc('workitem%'));
-			foreach ($work as $workitem) {
-				$workinfo = unserialize($workitem['v']);
-				$argc = $workinfo['argc'];
-				$argv = $workinfo['argv'];
-				logger('Master: process: ' . print_r($argv,true), LOGGER_ALL,LOG_DEBUG);
-				$cls = '\\Zotlabs\\Daemon\\' . $argv[0];
-				$cls::run($argc,$argv);
-			}
-			$work = q("delete from config where cat='queuework' and k like '%s'",
-				dbesc('workitem%'));
-	}
-	
 }
--- a/Zotlabs/Daemon/Notifier.php
+++ b/Zotlabs/Daemon/Notifier.php
--- a/Zotlabs/Daemon/Onedirsync.php
+++ b/Zotlabs/Daemon/Onedirsync.php
@@ -2,31 +2,34 @@

 namespace Zotlabs\Daemon;

+use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\Libzotdir;
+
 require_once('include/zot.php');
 require_once('include/dir_fns.php');


 class Onedirsync {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		logger('onedirsync: start ' . intval($argv[1]));
-	
-		if(($argc > 1) && (intval($argv[1])))
+
+		if (($argc > 1) && (intval($argv[1])))
 			$update_id = intval($argv[1]);

-		if(! $update_id) {
+		if (!$update_id) {
 			logger('onedirsync: no update');
 			return;
 		}
-	
+
 		$r = q("select * from updates where ud_id = %d limit 1",
 			intval($update_id)
 		);

-		if(! $r)
+		if (!$r)
 			return;
-		if(($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED) || (! $r[0]['ud_addr']))
+		if (($r[0]['ud_flags'] & UPDATE_FLAGS_UPDATED) || (!$r[0]['ud_addr']))
 			return;

 		// Have we probed this channel more recently than the other directory server
@@ -38,8 +41,8 @@ class Onedirsync {
 			dbesc($r[0]['ud_date']),
 			intval(UPDATE_FLAGS_UPDATED)
 		);
-		if($x) {
-			$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date != '%s'",
+		if ($x) {
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 and ud_date != '%s'",
 				intval(UPDATE_FLAGS_UPDATED),
 				dbesc($r[0]['ud_addr']),
 				intval(UPDATE_FLAGS_UPDATED),
@@ -50,11 +53,14 @@ class Onedirsync {

 		// ignore doing an update if this ud_addr refers to a known dead hubloc

-		$h = q("select * from hubloc where hubloc_addr = '%s' limit 1",
+		$h = q("select * from hubloc where hubloc_addr = '%s'",
 			dbesc($r[0]['ud_addr'])
 		);
-		if(($h) && ($h[0]['hubloc_status'] & HUBLOC_OFFLINE)) {
-			$y = q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 ",
+
+		$h = Libzot::zot_record_preferred($h);
+
+		if (($h) && ($h['hubloc_status'] & HUBLOC_OFFLINE)) {
+			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and ( ud_flags & %d ) = 0 ",
 				intval(UPDATE_FLAGS_UPDATED),
 				dbesc($r[0]['ud_addr']),
 				intval(UPDATE_FLAGS_UPDATED)
@@ -63,13 +69,13 @@ class Onedirsync {
 			return;
 		}

-		// we might have to pull this out some day, but for now update_directory_entry() 
+		// we might have to pull this out some day, but for now update_directory_entry()
 		// runs zot_finger() and is kind of zot specific

-		if($h && $h[0]['hubloc_network'] !== 'zot')
+		if ($h && !in_array($h['hubloc_network'], ['zot6', 'zot']))
 			return;

-		update_directory_entry($r[0]);		
+		Libzotdir::update_directory_entry($r[0]);

 		return;
 	}
--- a/Zotlabs/Daemon/Onepoll.php
+++ b/Zotlabs/Daemon/Onepoll.php
@@ -2,84 +2,94 @@

 namespace Zotlabs\Daemon;

-require_once('include/zot.php');
-require_once('include/socgraph.php');
+use Zotlabs\Lib\Activity;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\ASCollection;
+use Zotlabs\Lib\Libzot;

+require_once('include/socgraph.php');

 class Onepoll {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		logger('onepoll: start');
-	
-		if(($argc > 1) && (intval($argv[1])))
+
+		if (($argc > 1) && (intval($argv[1])))
 			$contact_id = intval($argv[1]);

-		if(! $contact_id) {
+		if (!$contact_id) {
 			logger('onepoll: no contact');
 			return;
 		}

-		$d = datetime_convert();
+		$sql_extra = '';
+		$allow_feeds = get_config('system', 'feed_contacts');
+		if(!$allow_feeds) {
+			$sql_extra = ' and abook_feed = 0 ';
+		}

 		$contacts = q("SELECT abook.*, xchan.*, account.*
-			FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan 
-			where abook_id = %d
+			FROM abook LEFT JOIN account on abook_account = account_id left join xchan on xchan_hash = abook_xchan
+			where abook_id = %d $sql_extra
 			and abook_pending = 0 and abook_archived = 0 and abook_blocked = 0 and abook_ignored = 0
 			AND (( account_flags = %d ) OR ( account_flags = %d )) limit 1",
 			intval($contact_id),
 			intval(ACCOUNT_OK),
 			intval(ACCOUNT_UNVERIFIED)
-		);	
+		);

-		if(! $contacts) {
+		if (!$contacts) {
 			logger('onepoll: abook_id not found: ' . $contact_id);
 			return;
 		}

-		$contact = $contacts[0];
-
-		$t = $contact['abook_updated'];
-
+		$contact      = array_shift($contacts);
 		$importer_uid = $contact['abook_channel'];
-		
+
 		$r = q("SELECT * from channel left join xchan on channel_hash = xchan_hash where channel_id = %d limit 1",
 			intval($importer_uid)
 		);

-		if(! $r)
+		if (!$r)
 			return;

 		$importer = $r[0];

 		logger("onepoll: poll: ({$contact['id']}) IMPORTER: {$importer['xchan_name']}, CONTACT: {$contact['xchan_name']}");

-		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE))	
-			? datetime_convert('UTC','UTC','now - 7 days')
-			: datetime_convert('UTC','UTC',$contact['abook_updated'] . ' - 2 days')
+		$last_update = ((($contact['abook_updated'] === $contact['abook_created']) || ($contact['abook_updated'] <= NULL_DATE))
+			? datetime_convert('UTC', 'UTC', 'now - 7 days')
+			: datetime_convert('UTC', 'UTC', $contact['abook_updated'] . ' - 2 days')
 		);

-		if($contact['xchan_network'] === 'rss') {
+		if ($contact['xchan_network'] === 'rss') {
 			logger('onepoll: processing feed ' . $contact['xchan_name'], LOGGER_DEBUG);
-			handle_feed($importer['channel_id'],$contact_id,$contact['xchan_hash']);
-			q("update abook set abook_connected = '%s' where abook_id = %d",
-				dbesc(datetime_convert()),
-				intval($contact['abook_id'])
-			);
+			$alive = handle_feed($importer['channel_id'], $contact_id, $contact['xchan_hash']);
+			if ($alive) {
+				q("update abook set abook_connected = '%s' where abook_id = %d",
+					dbesc(datetime_convert()),
+					intval($contact['abook_id'])
+				);
+			}
 			return;
 		}
-	
-		if($contact['xchan_network'] !== 'zot')
+
+		if (!in_array($contact['xchan_network'], ['zot', 'zot6']))
 			return;

 		// update permissions

-		$x = zot_refresh($contact,$importer);
+		if ($contact['xchan_network'] === 'zot6')
+			$x = Libzot::refresh($contact, $importer);
+
+		if ($contact['xchan_network'] === 'zot')
+			$x = zot_refresh($contact, $importer);

 		$responded = false;
 		$updated   = datetime_convert();
 		$connected = datetime_convert();
-		if(! $x) {
+		if (!$x) {
 			// mark for death by not updating abook_connected, this is caught in include/poller.php
 			q("update abook set abook_updated = '%s' where abook_id = %d",
 				dbesc($updated),
@@ -95,83 +105,112 @@ class Onepoll {
 			$responded = true;
 		}

-		if(! $responded)
+		if (!$responded)
 			return;

-		if($contact['xchan_connurl']) {
-			$fetch_feed = true;
-			$x = null;
+		$fetch_feed = true;
+		$x          = null;

-			// They haven't given us permission to see their stream
+		// They haven't given us permission to see their stream

-			$can_view_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'their_perms','view_stream'));
+		$can_view_stream = intval(get_abconfig($importer_uid, $contact['abook_xchan'], 'their_perms', 'view_stream'));

-			if(! $can_view_stream)
-				$fetch_feed = false;
+		if (!$can_view_stream)
+			$fetch_feed = false;

-			// we haven't given them permission to send us their stream
+		// we haven't given them permission to send us their stream

-			$can_send_stream = intval(get_abconfig($importer_uid,$contact['abook_xchan'],'my_perms','send_stream'));
-			
-			if(! $can_send_stream)
-				$fetch_feed = false;
+		$can_send_stream = intval(get_abconfig($importer_uid, $contact['abook_xchan'], 'my_perms', 'send_stream'));

-			if($fetch_feed) {
+		if (!$can_send_stream)
+			$fetch_feed = false;

-				if(strpos($contact['xchan_connurl'],z_root()) === 0) {
-					// local channel - save a network fetch
-					$c = channelx_by_hash($contact['xchan_hash']);
-					if($c) {
-						$x = [ 
-							'success' => true, 
-							'body' => json_encode( [ 
-								'success' => true,
-								'messages' => zot_feed($c['channel_id'], $importer['xchan_hash'], [ 'mindate' => $last_update ])
-							])
-						];
-					}
+		if ($fetch_feed && $contact['xchan_network'] !== 'zot') {
+
+			$max = intval(get_config('system', 'max_imported_posts', 30));
+
+			if (intval($max)) {
+				$cl = get_xconfig($contact['abook_xchan'], 'activitypub', 'collections');
+
+				if (is_array($cl) && $cl) {
+					$url = ((array_key_exists('outbox', $cl)) ? $cl['outbox'] : '');
 				}
 				else {
-					// remote fetch	
-
-					$feedurl = str_replace('/poco/','/zotfeed/',$contact['xchan_connurl']);		
-					$feedurl .= '?f=&mindate=' . urlencode($last_update) . '&zid=' . $importer['channel_address'] . '@' . \App::get_hostname();
-					$recurse = 0;
-					$x = z_fetch_url($feedurl, false, $recurse, [ 'session' => true ]);
+					$url = str_replace('/poco/', '/zotfeed/', $contact['xchan_connurl']);
 				}

-				logger('feed_update: ' . print_r($x,true), LOGGER_DATA);
-			}
-
-			if(($x) && ($x['success'])) {
-				$total = 0;
-				logger('onepoll: feed update ' . $contact['xchan_name'] . ' ' . $feedurl);
-
-				$j = json_decode($x['body'],true);
-				if($j['success'] && $j['messages']) {
-					foreach($j['messages'] as $message) {
-						$results = process_delivery(array('hash' => $contact['xchan_hash']), get_item_elements($message),
-							array(array('hash' => $importer['xchan_hash'])), false);
-						logger('onepoll: feed_update: process_delivery: ' . print_r($results,true), LOGGER_DATA);
-						$total ++;
+				if ($url) {
+					logger('fetching outbox');
+					$url      = $url . '?date_begin=' .  urlencode($last_update);
+					$obj      = new ASCollection($url, $importer, 0, $max);
+					$messages = $obj->get();
+					if ($messages) {
+						foreach ($messages as $message) {
+							if (is_string($message)) {
+								$message = Activity::fetch($message, $importer);
+							}
+							$AS = new ActivityStreams($message);
+							if ($AS->is_valid() && is_array($AS->obj)) {
+								$item = Activity::decode_note($AS);
+								Activity::store($importer, $contact['abook_xchan'], $AS, $item);
+							}
+						}
 					}
-					logger("onepoll: $total messages processed");
 				}
 			}
 		}
-			
+
+		/*			if ($fetch_feed) {
+
+						if (strpos($contact['xchan_connurl'], z_root()) === 0) {
+							// local channel - save a network fetch
+							$c = channelx_by_hash($contact['xchan_hash']);
+							if ($c) {
+								$x = [
+									'success' => true,
+									'body'    => json_encode([
+										'success'  => true,
+										'messages' => zot_feed($c['channel_id'], $importer['xchan_hash'], ['mindate' => $last_update])
+									])
+								];
+							}
+						}
+						else {
+							// remote fetch
+
+							$feedurl = str_replace('/poco/', '/zotfeed/', $contact['xchan_connurl']);
+							$feedurl .= '?f=&mindate=' . urlencode($last_update) . '&zid=' . $importer['channel_address'] . '@' . App::get_hostname();
+							$recurse = 0;
+							$x       = z_fetch_url($feedurl, false, $recurse, ['session' => true]);
+						}
+
+						logger('feed_update: ' . print_r($x, true), LOGGER_DATA);
+					}
+
+					if (($x) && ($x['success'])) {
+						$total = 0;
+						logger('onepoll: feed update ' . $contact['xchan_name'] . ' ' . $feedurl);
+
+						$j = json_decode($x['body'], true);
+						if ($j['success'] && $j['messages']) {
+							foreach ($j['messages'] as $message) {
+								$results = process_delivery(['hash' => $contact['xchan_hash']], get_item_elements($message),
+									[['hash' => $importer['xchan_hash']]], false);
+								logger('onepoll: feed_update: process_delivery: ' . print_r($results, true), LOGGER_DATA);
+								$total++;
+							}
+							logger("onepoll: $total messages processed");
+						}
+					}
+		*/

 		// update the poco details for this connection
-
-		if($contact['xchan_connurl']) {	
-			$r = q("SELECT xlink_id from xlink 
-				where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s and xlink_static = 0 limit 1",
-				intval($contact['xchan_hash']),
-				db_utcnow(), db_quoteinterval('1 DAY')
-			);
-			if(! $r) {
-				poco_load($contact['xchan_hash'],$contact['xchan_connurl']);
-			}
+		$r = q("SELECT xlink_id from xlink where xlink_xchan = '%s' and xlink_updated > %s - INTERVAL %s and xlink_static = 0 limit 1",
+			intval($contact['xchan_hash']),
+			db_utcnow(), db_quoteinterval('1 DAY')
+		);
+		if (!$r) {
+			poco_load($contact['xchan_hash'], $contact['xchan_connurl']);
 		}

 		return;
--- a/Zotlabs/Daemon/Poller.php
+++ b/Zotlabs/Daemon/Poller.php
@@ -4,73 +4,67 @@ namespace Zotlabs\Daemon;

 class Poller {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		$maxsysload = intval(get_config('system','maxloadavg'));
-		if($maxsysload < 1)
+		$maxsysload = intval(get_config('system', 'maxloadavg'));
+		if ($maxsysload < 1)
 			$maxsysload = 50;
-		if(function_exists('sys_getloadavg')) {
+		if (function_exists('sys_getloadavg')) {
 			$load = sys_getloadavg();
-			if(intval($load[0]) > $maxsysload) {
+			if (intval($load[0]) > $maxsysload) {
 				logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.');
 				return;
 			}
 		}

-		$interval = intval(get_config('system','poll_interval'));
-		if(! $interval) 
-			$interval = ((get_config('system','delivery_interval') === false) ? 3 : intval(get_config('system','delivery_interval')));
+		$interval = intval(get_config('system', 'poll_interval'));
+		if (!$interval)
+			$interval = ((get_config('system', 'delivery_interval') === false) ? 3 : intval(get_config('system', 'delivery_interval')));

 		// Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
 		$lockfile = 'store/[data]/poller';
-		if((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600)) 
-			&& (! get_config('system','override_poll_lockfile'))) {
+		if ((file_exists($lockfile)) && (filemtime($lockfile) > (time() - 3600))
+			&& (!get_config('system', 'override_poll_lockfile'))) {
 			logger("poller: Already running");
 			return;
 		}
-	
+
 		// Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
+		$x = '';
 		file_put_contents($lockfile, $x);

 		logger('poller: start');
-	
+
 		$manual_id  = 0;
-		$generation = 0;
+		$force   = false;

-		$force      = false;
-		$restart    = false;
-
-		if(($argc > 1) && ($argv[1] == 'force'))
+		if (($argc > 1) && ($argv[1] == 'force'))
 			$force = true;

-		if(($argc > 1) && ($argv[1] == 'restart')) {
-			$restart = true;
+		if (($argc > 1) && ($argv[1] == 'restart')) {
 			$generation = intval($argv[2]);
-			if(! $generation)
-				killme();		
+			if (!$generation)
+				return;
 		}

-		if(($argc > 1) && intval($argv[1])) {
+		if (($argc > 1) && intval($argv[1])) {
 			$manual_id = intval($argv[1]);
 			$force     = true;
 		}

-
 		$sql_extra = (($manual_id) ? " AND abook_id = " . intval($manual_id) . " " : "");

 		reload_plugins();

-		$d = datetime_convert();
-
 		// Only poll from those with suitable relationships
-
-		$abandon_sql = (($abandon_days) 
-			? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days).' DAY')) 
-			: '' 
+		$abandon_days = intval(get_config('system', 'account_abandon_days', 0));
+		$abandon_sql = (($abandon_days)
+			? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY'))
+			: ''
 		);

 		$randfunc = db_getfunc('RAND');
-	
+
 		$contacts = q("SELECT abook.abook_updated, abook.abook_connected, abook.abook_feed,
 			abook.abook_channel, abook.abook_id, abook.abook_archived, abook.abook_pending,
 			abook.abook_ignored, abook.abook_blocked,
@@ -85,120 +79,120 @@ class Poller {
 			intval(ACCOUNT_UNVERIFIED)     // FIXME
 		);

-		if($contacts) {
+		if ($contacts) {
+			foreach ($contacts as $contact) {

-			foreach($contacts as $contact) {
-
-				$update  = false;
+				$update = false;

 				$t = $contact['abook_updated'];
 				$c = $contact['abook_connected'];

-				if(intval($contact['abook_feed'])) {
-					$min = service_class_fetch($contact['abook_channel'],'minimum_feedcheck_minutes');
-					if(! $min)
-						$min = intval(get_config('system','minimum_feedcheck_minutes'));
-					if(! $min)
+				if (intval($contact['abook_feed'])) {
+					$min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes');
+					if (!$min)
+						$min = intval(get_config('system', 'minimum_feedcheck_minutes'));
+					if (!$min)
 						$min = 60;
-					$x = datetime_convert('UTC','UTC',"now - $min minutes");
-					if($c < $x) {
-						Master::Summon(array('Onepoll',$contact['abook_id']));
-						if($interval)
-							@time_sleep_until(microtime(true) + (float) $interval);
+					$x = datetime_convert('UTC', 'UTC', "now - $min minutes");
+					if ($c < $x) {
+						Master::Summon(['Onepoll', $contact['abook_id']]);
+						if ($interval)
+							@time_sleep_until(microtime(true) + (float)$interval);
 					}
 					continue;
 				}


-				if($contact['xchan_network'] !== 'zot')
+				if (!in_array($contact['xchan_network'], ['zot', 'zot6']))
 					continue;

-				if($c == $t) {
-					if(datetime_convert('UTC','UTC', 'now') > datetime_convert('UTC','UTC', $t . " + 1 day"))
+				if ($c == $t) {
+					if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day"))
 						$update = true;
 				}
 				else {
-	
+
 					// if we've never connected with them, start the mark for death countdown from now
-	
-					if($c <= NULL_DATE) {
-						$r = q("update abook set abook_connected = '%s'  where abook_id = %d",
+
+					if ($c <= NULL_DATE) {
+						q("update abook set abook_connected = '%s'  where abook_id = %d",
 							dbesc(datetime_convert()),
 							intval($contact['abook_id'])
 						);
-						$c = datetime_convert();
+						$c      = datetime_convert();
 						$update = true;
 					}

 					// He's dead, Jim

-					if(strcmp(datetime_convert('UTC','UTC', 'now'),datetime_convert('UTC','UTC', $c . " + 30 day")) > 0) {	
-						$r = q("update abook set abook_archived = 1 where abook_id = %d",
+					if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) {
+						q("update abook set abook_archived = 1 where abook_id = %d",
 							intval($contact['abook_id'])
 						);
-						$update = false;
 						continue;
 					}

-					if(intval($contact['abook_archived'])) {
-						$update = false;
+					if (intval($contact['abook_archived'])) {
 						continue;
 					}

 					// might be dead, so maybe don't poll quite so often
-	
+
 					// recently deceased, so keep up the regular schedule for 3 days
- 
-					if((strcmp(datetime_convert('UTC','UTC', 'now'),datetime_convert('UTC','UTC', $c . " + 3 day")) > 0)
-					 && (strcmp(datetime_convert('UTC','UTC', 'now'),datetime_convert('UTC','UTC', $t . " + 1 day")) > 0))
+
+					if ((strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0)
+						&& (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0))
 						$update = true;

 					// After that back off and put them on a morphine drip

-					if(strcmp(datetime_convert('UTC','UTC', 'now'),datetime_convert('UTC','UTC', $t . " + 2 day")) > 0) {	
+					if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) {
 						$update = true;
 					}

 				}

-				if(intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked']))
+				if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked']))
 					continue;

-				if((! $update) && (! $force))
-						continue;
+				if ((!$update) && (!$force))
+					continue;

-				Master::Summon(array('Onepoll',$contact['abook_id']));
-				if($interval)
-					@time_sleep_until(microtime(true) + (float) $interval);
+				Master::Summon(['Onepoll', $contact['abook_id']]);
+				if ($interval)
+					@time_sleep_until(microtime(true) + (float)$interval);

 			}
 		}

-		if($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
+		$dirmode = intval(get_config('system', 'directory_mode'));
+
+		if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
 			$r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last <= '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ",
 				intval(UPDATE_FLAGS_UPDATED),
 				dbesc(NULL_DATE),
 				db_utcnow(), db_quoteinterval('7 DAY')
 			);
-			if($r) {
-				foreach($r as $rr) {
+			if ($r) {
+				foreach ($r as $rr) {

 					// If they didn't respond when we attempted before, back off to once a day
 					// After 7 days we won't bother anymore

-					if($rr['ud_last'] > NULL_DATE)
-						if($rr['ud_last'] > datetime_convert('UTC','UTC', 'now - 1 day'))
+					if ($rr['ud_last'] > NULL_DATE)
+						if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day'))
 							continue;
-					Master::Summon(array('Onedirsync',$rr['ud_id']));
-					if($interval)
-						@time_sleep_until(microtime(true) + (float) $interval);
+					Master::Summon(['Onedirsync', $rr['ud_id']]);
+					if ($interval)
+						@time_sleep_until(microtime(true) + (float)$interval);
 				}
 			}
-		}	
+		}

-		set_config('system','lastpoll',datetime_convert());
+		set_config('system', 'lastpoll', datetime_convert());

 		//All done - clear the lockfile	
+
 		@unlink($lockfile);

 		return;
--- a/Zotlabs/Daemon/Queue.php
+++ b/Zotlabs/Daemon/Queue.php
@@ -7,13 +7,12 @@ require_once('include/zot.php');

 class Queue {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

 		require_once('include/items.php');
 		require_once('include/bbcode.php');

-
-		if($argc > 1)
+		if ($argc > 1)
 			$queue_id = $argv[1];
 		else
 			$queue_id = EMPTY_STR;
@@ -26,10 +25,9 @@ class Queue {
 		$r = q("select outq_posturl from outq where outq_created < %s - INTERVAL %s",
 			db_utcnow(), db_quoteinterval('3 DAY')
 		);
-		if($r) {
-			foreach($r as $rr) {
-				$site_url = '';
-				$h = parse_url($rr['outq_posturl']);
+		if ($r) {
+			foreach ($r as $rr) {
+				$h       = parse_url($rr['outq_posturl']);
 				$desturl = $h['scheme'] . '://' . $h['host'] . (($h['port']) ? ':' . $h['port'] : '');
 				q("update site set site_dead = 1 where site_dead = 0 and site_url = '%s' and site_update < %s - INTERVAL %s",
 					dbesc($desturl),
@@ -38,11 +36,11 @@ class Queue {
 			}
 		}

-		$r = q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
+		q("DELETE FROM outq WHERE outq_created < %s - INTERVAL %s",
 			db_utcnow(), db_quoteinterval('3 DAY')
 		);

-		if($queue_id) {
+		if ($queue_id) {
 			$r = q("SELECT * FROM outq WHERE outq_hash = '%s' LIMIT 1",
 				dbesc($queue_id)
 			);
@@ -55,21 +53,31 @@ class Queue {
 			// so that we don't start off a thousand deliveries for a couple of dead hubs.
 			// The zot driver will deliver everything destined for a single hub once contact is made (*if* contact is made).
 			// Other drivers will have to do something different here and may need their own query.
-	
+
 			// Note: this requires some tweaking as new posts to long dead hubs once a day will keep them in the 
 			// "every 15 minutes" category. We probably need to prioritise them when inserted into the queue
 			// or just prior to this query based on recent and long-term delivery history. If we have good reason to believe
 			// the site is permanently down, there's no reason to attempt delivery at all, or at most not more than once 
 			// or twice a day. 
-	
-			$r = q("SELECT * FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s ",
+
+			$sqlrandfunc = db_getfunc('rand');
+
+			$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
 				db_utcnow()
 			);
+			while ($r) {
+				foreach ($r as $rv) {
+					queue_deliver($rv);
+				}
+				$r = q("SELECT *,$sqlrandfunc as rn FROM outq WHERE outq_delivered = 0 and outq_scheduled < %s order by rn limit 1",
+					db_utcnow()
+				);
+			}
 		}
-		if(! $r)
+		if (!$r)
 			return;

-		foreach($r as $rv) {
+		foreach ($r as $rv) {
 			queue_deliver($rv);
 		}
 	}
--- a/Zotlabs/Daemon/Ratenotif.php
+++ b/Zotlabs/Daemon/Ratenotif.php
@@ -10,6 +10,11 @@ class Ratenotif {

 	static public function run($argc,$argv) {

+
+		// Deprecated
+		return;
+
+
 		require_once("datetime.php");
 		require_once('include/items.php');

--- a/Zotlabs/Daemon/Thumbnail.php
+++ b/Zotlabs/Daemon/Thumbnail.php
@@ -5,30 +5,30 @@ namespace Zotlabs\Daemon;

 class Thumbnail {

-	static public function run($argc,$argv) {
+	static public function run($argc, $argv) {

-		if(! $argc == 2)
+		if (!$argc == 2)
 			return;

 		$c = q("select * from attach where hash = '%s' ",
 			dbesc($argv[1])
 		);

-		if(! $c)
+		if (!$c)
 			return;

 		$attach = $c[0];

-		$preview_style   = intval(get_config('system','thumbnail_security',0));
-		$preview_width   = intval(get_config('system','thumbnail_width',300));
-		$preview_height  = intval(get_config('system','thumbnail_height',300));
+		$preview_style  = intval(get_config('system', 'thumbnail_security', 0));
+		$preview_width  = intval(get_config('system', 'thumbnail_width', 300));
+		$preview_height = intval(get_config('system', 'thumbnail_height', 300));

 		$p = [
 			'attach'         => $attach,
 			'preview_style'  => $preview_style,
 			'preview_width'  => $preview_width,
 			'preview_height' => $preview_height,
-			'thumbnail' => null
+			'thumbnail'      => null
 		];

 		/**
@@ -40,39 +40,39 @@ class Thumbnail {
 		 *  * \e string \b thumbnail
 		 */

-		call_hooks('thumbnail',$p);
-		if($p['thumbnail']) {
+		call_hooks('thumbnail', $p);
+		if ($p['thumbnail']) {
 			return;
 		}


 		$default_controller = null;
-		
+
 		$files = glob('Zotlabs/Thumbs/*.php');
-		if($files) {
-			foreach($files as $f) {
-				$clsname = '\\Zotlabs\\Thumbs\\' . ucfirst(basename($f,'.php'));
-				if(class_exists($clsname)) {
+		if ($files) {
+			foreach ($files as $f) {
+				$clsname = '\\Zotlabs\\Thumbs\\' . ucfirst(basename($f, '.php'));
+				if (class_exists($clsname)) {
 					$x = new $clsname();
-					if(method_exists($x,'Match')) {
+					if (method_exists($x, 'Match')) {
 						$matched = $x->Match($attach['filetype']);
-						if($matched) {
-							$x->Thumb($attach,$preview_style,$preview_width,$preview_height);
+						if ($matched) {
+							$x->Thumb($attach, $preview_style, $preview_width, $preview_height);
 						}
 					}
-					if(method_exists($x,'MatchDefault')) {
-						$default_matched = $x->MatchDefault(substr($attach['filetype'],0,strpos($attach['filetype'],'/')));
-						if($default_matched) {
+					if (method_exists($x, 'MatchDefault')) {
+						$default_matched = $x->MatchDefault(substr($attach['filetype'], 0, strpos($attach['filetype'], '/')));
+						if ($default_matched) {
 							$default_controller = $x;
 						}
 					}
 				}
 			}
 		}
-		if(($default_controller) 
-			&& ((! file_exists(dbunescbin($attach['content']) . '.thumb')) 
+		if (($default_controller)
+			&& ((!file_exists(dbunescbin($attach['content']) . '.thumb'))
 				|| (filectime(dbunescbin($attach['content']) . 'thumb') < (time() - 60)))) {
-			$default_controller->Thumb($attach,$preview_style,$preview_width,$preview_height);
+			$default_controller->Thumb($attach, $preview_style, $preview_width, $preview_height);
 		}
 	}
 }
--- a/Zotlabs/Identity/BasicId.php
+++ b/Zotlabs/Identity/BasicId.php
@@ -1,6 +1,6 @@
 <?php

-namespace Zotlabs\Identity\BasicId;
+namespace Zotlabs\Identity;

 class BasicId {

--- a/Zotlabs/Identity/OAuth2Storage.php
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -64,7 +64,7 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
 		return( [
 			'webfinger'   => channel_reddress($x),
 			'portable_id' => $x['channel_hash'],
-			'email'       => $a['account_email'],
+			'email'       => $a[0]['account_email'],
 			'username'    => $x['channel_address'],
 			'user_id'     => $x['channel_id'],
 			'name'        => $x['channel_name'],
--- a/Zotlabs/Identity/ProfilePhoto.php
+++ b/Zotlabs/Identity/ProfilePhoto.php
@@ -1,5 +1,5 @@
 <?php
-namespace Zotlabs\Identity\ProfilePhoto;
+namespace Zotlabs\Identity;

 class ProfilePhoto {

--- a/Zotlabs/Lib/ASCollection.php
+++ b/Zotlabs/Lib/ASCollection.php
@@ -0,0 +1,150 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+/**
+ * Class for dealing with fetching ActivityStreams collections (ordered or unordered, normal or paged).
+ * Construct with either an existing object or url and an optional channel to sign requests.
+ * $direction is 0 (default) to fetch from the beginning, and 1 to fetch from the end and reverse order the resultant array.
+ * An optional limit to the number of records returned may also be specified.
+ * Use $class->get() to return an array of collection members.
+ */
+class ASCollection {
+
+	private $channel = null;
+	private $nextpage = null;
+	private $limit = 0;
+	private $direction = 0;  // 0 = forward, 1 = reverse
+	private $data = [];
+	private $history = [];
+
+	function __construct($obj, $channel = null, $direction = 0, $limit = 0) {
+
+		$this->channel   = $channel;
+		$this->direction = $direction;
+		$this->limit     = $limit;
+
+		if (is_array($obj)) {
+			$data = $obj;
+		}
+
+		if (is_string($obj)) {
+			$data            = Activity::fetch($obj, $channel);
+			$this->history[] = $obj;
+		}
+
+		if (!is_array($data)) {
+			return;
+		}
+
+		if (!in_array($data['type'], ['Collection', 'OrderedCollection', 'OrderedCollectionPage'])) {
+			return false;
+		}
+
+		if ($this->direction) {
+			if (array_key_exists('last', $data) && $data['last']) {
+				$this->nextpage = $data['last'];
+			}
+		}
+		else {
+			if (array_key_exists('first', $data) && $data['first']) {
+				$this->nextpage = $data['first'];
+			}
+		}
+
+		if (isset($data['items']) && is_array($data['items'])) {
+			$this->data = (($this->direction) ? array_reverse($data['items']) : $data['items']);
+		}
+		elseif (isset($data['orderedItems']) && is_array($data['orderedItems'])) {
+			$this->data = (($this->direction) ? array_reverse($data['orderedItems']) : $data['orderedItems']);
+		}
+
+		if ($this->limit) {
+			if (count($this->data) > $limit) {
+				$this->data = array_slice($this->data, 0, $limit);
+				return;
+			}
+		}
+
+		do {
+			$x = $this->next();
+		} while ($x);
+	}
+
+	function get() {
+		return $this->data;
+	}
+
+	function next() {
+
+		if (!$this->nextpage) {
+			return false;
+		}
+
+		if (is_array($this->nextpage)) {
+			$data = $this->nextpage;
+		}
+
+		if (is_string($this->nextpage)) {
+			if (in_array($this->nextpage, $this->history)) {
+				// recursion detected
+				return false;
+			}
+			$data            = Activity::fetch($this->nextpage, $this->channel);
+			$this->history[] = $this->nextpage;
+		}
+
+		if (!is_array($data)) {
+			return false;
+		}
+
+		if (!in_array($data['type'], ['CollectionPage', 'OrderedCollectionPage'])) {
+			return false;
+		}
+
+		$this->setnext($data);
+
+		if (isset($data['items']) && is_array($data['items'])) {
+			$this->data = array_merge($this->data, (($this->direction) ? array_reverse($data['items']) : $data['items']));
+		}
+		elseif (isset($data['orderedItems']) && is_array($data['orderedItems'])) {
+			$this->data = array_merge($this->data, (($this->direction) ? array_reverse($data['orderedItems']) : $data['orderedItems']));
+		}
+
+		if ($this->limit) {
+			if (count($this->data) > $this->limit) {
+				$this->data     = array_slice($this->data, 0, $this->limit);
+				$this->nextpage = false;
+				return true;
+			}
+		}
+
+		return true;
+	}
+
+	function setnext($data) {
+		if ($this->direction) {
+			if (array_key_exists('prev', $data) && $data['prev']) {
+				$this->nextpage = $data['prev'];
+			}
+			elseif (array_key_exists('first', $data) && $data['first']) {
+				$this->nextpage = $data['first'];
+			}
+			else {
+				$this->nextpage = false;
+			}
+		}
+		else {
+			if (array_key_exists('next', $data) && $data['next']) {
+				$this->nextpage = $data['next'];
+			}
+			elseif (array_key_exists('last', $data) && $data['last']) {
+				$this->nextpage = $data['last'];
+			}
+			else {
+				$this->nextpage = false;
+			}
+		}
+		logger('nextpage: ' . $this->nextpage, LOGGER_DEBUG);
+	}
+}
--- a/Zotlabs/Lib/AccessList.php
+++ b/Zotlabs/Lib/AccessList.php
@@ -0,0 +1,411 @@
+<?php 
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Lib\Libsync;
+
+
+class AccessList {
+	
+	static function add($uid,$name,$public = 0) {
+
+		$ret = false;
+		if ($uid && $name) {
+			$r = self::byname($uid,$name); // check for dups
+			if ($r !== false) {
+
+				// This could be a problem. 
+				// Let's assume we've just created a list which we once deleted
+				// all the old members are gone, but the list remains so we don't break any security
+				// access lists. What we're doing here is reviving the dead list, but old content which
+				// was restricted to this list may now be seen by the new list members. 
+
+				$z = q("SELECT * FROM pgrp WHERE id = %d LIMIT 1",
+					intval($r)
+				);
+				if(($z) && $z[0]['deleted']) {
+					q('UPDATE pgrp SET deleted = 0 WHERE id = %d', intval($z[0]['id']));
+					notice( t('A deleted list with this name was revived. Existing item permissions <strong>may</strong> apply to this list and any future members. If this is not what you intended, please create another list with a different name.') . EOL); 
+				}
+				return true;
+			}
+
+			$hash = new_uuid();
+
+			$r = q("INSERT INTO pgrp ( hash, uid, visible, gname )
+				VALUES( '%s', %d, %d, '%s' ) ",
+				dbesc($hash),
+				intval($uid),
+				intval($public),
+				dbesc($name)
+			);
+			$ret = $r;
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+		return $ret;
+	}
+
+
+	static function remove($uid,$name) {
+		$ret = false;
+		if ($uid && $name) {
+			$r = q("SELECT id, hash FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+				intval($uid),
+				dbesc($name)
+			);
+			if ($r) {
+				$group_id = $r[0]['id'];
+				$group_hash = $r[0]['hash'];
+			}
+			else {
+				return false;
+			}
+			
+			// remove group from default posting lists
+			$r = q("SELECT channel_default_group, channel_allow_gid, channel_deny_gid FROM channel WHERE channel_id = %d LIMIT 1",
+			       intval($uid)
+			);
+			if ($r) {
+				$user_info = array_shift($r);
+				$change = false;
+
+				if ($user_info['channel_default_group'] == $group_hash) {
+					$user_info['channel_default_group'] = '';
+					$change = true;
+				}
+				if (strpos($user_info['channel_allow_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_allow_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_allow_gid']);
+					$change = true;
+				}
+				if (strpos($user_info['channel_deny_gid'], '<' . $group_hash . '>') !== false) {
+					$user_info['channel_deny_gid'] = str_replace('<' . $group_hash . '>', '', $user_info['channel_deny_gid']);
+					$change = true;
+				}
+
+				if ($change) {
+					q("UPDATE channel SET channel_default_group = '%s', channel_allow_gid = '%s', channel_deny_gid = '%s' 
+						WHERE channel_id = %d",
+						intval($user_info['channel_default_group']),
+						dbesc($user_info['channel_allow_gid']),
+						dbesc($user_info['channel_deny_gid']),
+						intval($uid)
+					);
+				}
+			}
+
+			// remove all members
+			$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d ",
+				intval($uid),
+				intval($group_id)
+			);
+
+			// remove group
+			$r = q("UPDATE pgrp SET deleted = 1 WHERE uid = %d AND gname = '%s'",
+				intval($uid),
+				dbesc($name)
+			);
+
+			$ret = $r;
+
+		}
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $ret;
+	}
+
+	// returns the integer id of an access group owned by $uid and named $name
+	// or false.
+	
+	static function byname($uid,$name) {
+		if (! ($uid && $name)) {
+			return false;
+		}
+		$r = q("SELECT id FROM pgrp WHERE uid = %d AND gname = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($name)
+		);
+		if ($r) {
+			return $r[0]['id'];
+		}
+		return false;
+	}
+
+	static function by_id($uid,$id) {
+		if (! ($uid && $id)) {
+			return false;
+		}
+		
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND id = %d and deleted = 0",
+			intval($uid),
+			intval($id)
+		);
+		if ($r) {
+			return array_shift($r);
+		}
+		return false;
+	}
+
+
+
+	static function rec_byhash($uid,$hash) {
+		if (! ( $uid && $hash)) {
+			return false;
+		}
+		$r = q("SELECT * FROM pgrp WHERE uid = %d AND hash = '%s' LIMIT 1",
+			intval($uid),
+			dbesc($hash)
+		);
+		if ($r) {
+			return array_shift($r);
+		}
+		return false;
+	}
+
+
+	static function member_remove($uid,$name,$member) {
+		$gid = self::byname($uid,$name);
+		if (! $gid) {
+			return false;
+		}
+		if (! ($uid && $gid && $member)) {
+			return false;
+		}
+		$r = q("DELETE FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' ",
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+
+		Libsync::build_sync_packet($uid,null,true);
+
+		return $r;
+	}
+
+
+	static function member_add($uid,$name,$member,$gid = 0) {
+		if (! $gid) {
+			$gid = self::byname($uid,$name);
+		}
+		if (! ($gid && $uid && $member)) {
+			return false;
+		}
+
+		$r = q("SELECT * FROM pgrp_member WHERE uid = %d AND gid = %d AND xchan = '%s' LIMIT 1",	
+			intval($uid),
+			intval($gid),
+			dbesc($member)
+		);
+		if ($r) {
+			return true;	// You might question this, but 
+				// we indicate success because the group member was in fact created
+				// -- It was just created at another time
+		}
+	 	else {
+			$r = q("INSERT INTO pgrp_member (uid, gid, xchan)
+				VALUES( %d, %d, '%s' ) ",
+				intval($uid),
+				intval($gid),
+				dbesc($member)
+			);
+		}
+		Libsync::build_sync_packet($uid,null,true);
+		return $r;
+	}
+
+
+	static function members($uid, $gid) {
+		$ret = [];
+		if (intval($gid)) {
+			$r = q("SELECT * FROM pgrp_member 
+				LEFT JOIN abook ON abook_xchan = pgrp_member.xchan left join xchan on xchan_hash = abook_xchan
+				WHERE gid = %d AND abook_channel = %d and pgrp_member.uid = %d and xchan_deleted = 0 and abook_self = 0 and abook_blocked = 0 and abook_pending = 0 ORDER BY xchan_name ASC ",
+				intval($gid),
+				intval($uid),
+				intval($uid)
+			);
+			if ($r) {
+				$ret = $r;
+			}
+		}
+		return $ret;
+	}
+
+	static function members_xchan($uid,$gid) {
+		$ret = [];
+		if (intval($gid)) {
+			$r = q("SELECT xchan FROM pgrp_member WHERE gid = %d AND uid = %d",
+				intval($gid),
+				intval($uid)
+			);
+			if ($r) {
+				foreach ($r as $rv) {
+					$ret[] = $rv['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+	static function members_profile_xchan($uid,$gid) {
+		$ret = [];
+		if (intval($gid)) {
+			$r = q("SELECT abook_xchan as xchan from abook left join profile on abook_profile = profile_guid where profile.id = %d and profile.uid = %d",
+				intval($gid),
+				intval($uid)
+			);
+			if ($r) {
+				foreach($r as $rv) {
+					$ret[] = $rv['xchan'];
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+
+
+	static function select($uid,$group = '') {
+	
+		$grps = [];
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($uid)
+		);
+		$grps[] = [ 'name' => '', 'hash' => '0', 'selected' => '' ];
+		if ($r) {
+			foreach ($r as $rr) {
+				$grps[] = [ 'name' => $rr['gname'], 'id' => $rr['hash'], 'selected' => (($group == $rr['hash']) ? 'true' : '') ];
+			}
+
+		}
+		
+		return replace_macros(get_markup_template('group_selection.tpl'), [
+			'$label' => t('Add new connections to this access list'),
+			'$groups' => $grps 
+		]);
+	}
+
+
+	static function widget($every="connections",$each="lists",$edit = false, $group_id = 0, $cid = '',$mode = 1) {
+
+		$o = '';
+
+		$groups = [];
+
+		$r = q("SELECT * FROM pgrp WHERE deleted = 0 AND uid = %d ORDER BY gname ASC",
+			intval($_SESSION['uid'])
+		);
+		$member_of = [];
+		if ($cid) {
+			$member_of = self::containing(local_channel(),$cid);
+		} 
+
+		if ($r) {
+			foreach ($r as $rr) {
+				$selected = (($group_id == $rr['id']) ? ' group-selected' : '');
+			
+				if ($edit) {
+					$groupedit = [ 'href' => "lists/".$rr['id'], 'title' => t('edit') ];
+				} 
+				else {
+					$groupedit = null;
+				}
+			
+				$groups[] = [
+					'id'		=> $rr['id'],
+					'enc_cid'   => base64url_encode($cid),
+					'cid'		=> $cid,
+					'text' 		=> $rr['gname'],
+					'selected' 	=> $selected,
+					'href'		=> (($mode == 0) ? $each.'?f=&gid='.$rr['id'] : $each."/".$rr['id']) . ((x($_GET,'new')) ? '&new=' . $_GET['new'] : '') . ((x($_GET,'order')) ? '&order=' . $_GET['order'] : ''),
+					'edit'		=> $groupedit,
+					'ismember'	=> in_array($rr['id'],$member_of),
+				];
+			}
+		}
+		
+		return replace_macros(get_markup_template('group_side.tpl'), [
+			'$title'		=> t('Lists'),
+			'$edittext'     => t('Edit list'),
+			'$createtext' 	=> t('Create new list'),
+			'$ungrouped'    => (($every === 'contacts') ? t('Channels not in any access list') : ''),
+			'$groups'		=> $groups,
+			'$add'			=> t('add'),
+		]);
+
+	}
+
+
+	static function expand($g) {
+		if (! (is_array($g) && count($g))) {
+			return [];
+		}
+
+		$ret = [];
+		$x   = [];
+
+		// private profile linked virtual groups
+
+		foreach ($g as $gv) {
+			if (substr($gv,0,3) === 'vp.') {
+				$profile_hash = substr($gv,3);
+				if ($profile_hash) {
+					$r = q("select abook_xchan from abook where abook_profile = '%s'",
+						dbesc($profile_hash)
+					);
+					if ($r) {
+						foreach ($r as $rv) {
+							$ret[] = $rv['abook_xchan'];
+						}
+					}
+				}
+			}
+			else {
+				$x[] = $gv;
+			}
+		}								 
+
+		if ($x) {
+			stringify_array_elms($x,true);
+			$groups = implode(',', $x);
+			if ($groups) {
+				$r = q("SELECT xchan FROM pgrp_member WHERE gid IN ( select id from pgrp where hash in ( $groups ))");
+				if ($r) {
+					foreach ($r as $rv) {
+						$ret[] = $rv['xchan'];
+					}
+				}
+			}
+		}
+		return $ret;
+	}
+
+
+	static function member_of($c) {
+		$r = q("SELECT pgrp.gname, pgrp.id FROM pgrp LEFT JOIN pgrp_member ON pgrp_member.gid = pgrp.id 
+			WHERE pgrp_member.xchan = '%s' AND pgrp.deleted = 0 ORDER BY pgrp.gname  ASC ",
+			dbesc($c)
+		);
+
+		return $r;
+	}
+
+	static function containing($uid,$c) {
+
+		$r = q("SELECT gid FROM pgrp_member WHERE uid = %d AND pgrp_member.xchan = '%s' ",
+			intval($uid),
+			dbesc($c)
+		);
+
+		$ret = [];
+		if ($r) {
+			foreach ($r as $rv)
+				$ret[] = $rv['gid'];
+		}
+		
+		return $ret;
+	}
+}
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
--- a/Zotlabs/Lib/ActivityStreams.php
+++ b/Zotlabs/Lib/ActivityStreams.php
@@ -9,19 +9,21 @@ namespace Zotlabs\Lib;
 */
 class ActivityStreams {

-	public $raw    = null;
-	public $data;
-	public $valid  = false;
-	public $id     = '';
-	public $type   = '';
-	public $actor  = null;
-	public $obj    = null;
-	public $tgt    = null;
+	public $raw = null;
+	public $data = null;
+	public $valid = false;
+	public $deleted = false;
+	public $id = '';
+	public $parent_id = '';
+	public $type = '';
+	public $actor = null;
+	public $obj = null;
+	public $tgt = null;
 	public $origin = null;
-	public $owner  = null;
+	public $owner = null;
 	public $signer = null;
-	public $ldsig  = null;
-	public $sigok  = false;
+	public $ldsig = null;
+	public $sigok = false;
 	public $recips = null;
 	public $raw_recips = null;

@@ -34,33 +36,89 @@ class ActivityStreams {
 	 */
 	function __construct($string) {

-		$this->raw  = $string;
-		$this->data = json_decode($string, true);
+		$this->raw = $string;

-		if($this->data) {
-			$this->valid = true;
+		if (is_array($string)) {
+			$this->data = $string;
+		}
+		else {
+			$this->data = json_decode($string, true);
 		}

-		if($this->is_valid()) {
+		if ($this->data) {
+
+			// verify and unpack JSalmon signature if present
+
+			if (is_array($this->data) && array_key_exists('signed', $this->data)) {
+				$ret = JSalmon::verify($this->data);
+				$tmp = JSalmon::unpack($this->data['data']);
+				if ($ret && $ret['success']) {
+					if ($ret['signer']) {
+						$saved                     = json_encode($this->data, JSON_UNESCAPED_SLASHES);
+						$this->data                = $tmp;
+						$this->data['signer']      = $ret['signer'];
+						$this->data['signed_data'] = $saved;
+						if ($ret['hubloc']) {
+							$this->data['hubloc'] = $ret['hubloc'];
+						}
+					}
+				}
+			}
+
+			$this->valid = true;
+
+			if (array_key_exists('type', $this->data) && array_key_exists('actor', $this->data) && array_key_exists('object', $this->data)) {
+				if ($this->data['type'] === 'Delete' && $this->data['actor'] === $this->data['object']) {
+					$this->deleted = $this->data['actor'];
+					$this->valid   = false;
+				}
+			}
+
+		}
+
+		if ($this->is_valid()) {
 			$this->id     = $this->get_property_obj('id');
 			$this->type   = $this->get_primary_type();
-			$this->actor  = $this->get_compound_property('actor');
+			$this->actor  = $this->get_actor('actor', '', '');
 			$this->obj    = $this->get_compound_property('object');
 			$this->tgt    = $this->get_compound_property('target');
 			$this->origin = $this->get_compound_property('origin');
 			$this->recips = $this->collect_recips();

 			$this->ldsig = $this->get_compound_property('signature');
-			if($this->ldsig) {
-				$this->signer = $this->get_compound_property('creator',$this->ldsig);
-				if($this->signer && $this->signer['publicKey'] && $this->signer['publicKey']['publicKeyPem']) {
-					$this->sigok = \Zotlabs\Lib\LDSignatures::verify($this->data,$this->signer['publicKey']['publicKeyPem']);
+			if ($this->ldsig) {
+				$this->signer = $this->get_compound_property('creator', $this->ldsig);
+				if ($this->signer && is_array($this->signer) && array_key_exists('publicKey', $this->signer) && is_array($this->signer['publicKey']) && $this->signer['publicKey']['publicKeyPem']) {
+					$this->sigok = LDSignatures::verify($this->data, $this->signer['publicKey']['publicKeyPem']);
 				}
 			}

-			if(($this->type === 'Note') && (! $this->obj)) {
-				$this->obj = $this->data;
+			if (!$this->obj) {
+				$this->obj  = $this->data;
 				$this->type = 'Create';
+				if (!$this->actor) {
+					$this->actor = $this->get_actor('attributedTo', $this->obj);
+				}
+			}
+
+			// fetch recursive or embedded activities
+
+			if ($this->obj && is_array($this->obj) && array_key_exists('object', $this->obj)) {
+				$this->obj['object'] = $this->get_compound_property($this->obj['object']);
+			}
+
+			if ($this->obj && is_array($this->obj) && $this->obj['actor'])
+				$this->obj['actor'] = $this->get_actor('actor', $this->obj);
+			if ($this->tgt && is_array($this->tgt) && $this->tgt['actor'])
+				$this->tgt['actor'] = $this->get_actor('actor', $this->tgt);
+
+			$this->parent_id = $this->get_property_obj('inReplyTo');
+
+			if ((!$this->parent_id) && is_array($this->obj)) {
+				$this->parent_id = $this->obj['inReplyTo'];
+			}
+			if ((!$this->parent_id) && is_array($this->obj)) {
+				$this->parent_id = $this->obj['id'];
 			}
 		}
 	}
@@ -87,15 +145,20 @@ class ActivityStreams {
 	 */
 	function collect_recips($base = '', $namespace = '') {
 		$x = [];
-		$fields = [ 'to', 'cc', 'bto', 'bcc', 'audience'];
-		foreach($fields as $f) {
-			$y = $this->get_compound_property($f, $base, $namespace);
-			if($y) {
-				$x = array_merge($x, $y);
-				if(! is_array($this->raw_recips))
-					$this->raw_recips = [];

-				$this->raw_recips[$f] = $x;
+		$fields = ['to', 'cc', 'bto', 'bcc', 'audience'];
+		foreach ($fields as $f) {
+			$y = $this->get_compound_property($f, $base, $namespace);
+			if ($y) {
+				if (!is_array($this->raw_recips)) {
+					$this->raw_recips = [];
+				}
+
+				if (!is_array($y)) {
+					$y = [$y];
+				}
+				$this->raw_recips[$f] = $y;
+				$x                    = array_merge($x, $y);
 			}
 		}
 // not yet ready for prime time
@@ -103,21 +166,21 @@ class ActivityStreams {
 		return $x;
 	}

-	function expand($arr,$base = '',$namespace = '') {
+	function expand($arr, $base = '', $namespace = '') {
 		$ret = [];

 		// right now use a hardwired recursion depth of 5

-		for($z = 0; $z < 5; $z ++) {
-			if(is_array($arr) && $arr) {
-				foreach($arr as $a) {
-					if(is_array($a)) {
+		for ($z = 0; $z < 5; $z++) {
+			if (is_array($arr) && $arr) {
+				foreach ($arr as $a) {
+					if (is_array($a)) {
 						$ret[] = $a;
 					}
 					else {
-						$x = $this->get_compound_property($a,$base,$namespace);
-						if($x) {
-							$ret = array_merge($ret,$x);
+						$x = $this->get_compound_property($a, $base, $namespace);
+						if ($x) {
+							$ret = array_merge($ret, $x);
 						}
 					}
 				}
@@ -138,33 +201,33 @@ class ActivityStreams {
 	 */
 	function get_namespace($base, $namespace) {

-		if(! $namespace)
+		if (!$namespace)
 			return '';

 		$key = null;

-		foreach( [ $this->data, $base ] as $b ) {
-			if(! $b)
+		foreach ([$this->data, $base] as $b) {
+			if (!$b)
 				continue;

-			if(array_key_exists('@context', $b)) {
-				if(is_array($b['@context'])) {
-					foreach($b['@context'] as $ns) {
-						if(is_array($ns)) {
-							foreach($ns as $k => $v) {
-								if($namespace === $v)
+			if (array_key_exists('@context', $b)) {
+				if (is_array($b['@context'])) {
+					foreach ($b['@context'] as $ns) {
+						if (is_array($ns)) {
+							foreach ($ns as $k => $v) {
+								if ($namespace === $v)
 									$key = $k;
 							}
 						}
 						else {
-							if($namespace === $ns) {
+							if ($namespace === $ns) {
 								$key = '';
 							}
 						}
 					}
 				}
 				else {
-					if($namespace === $b['@context']) {
+					if ($namespace === $b['@context']) {
 						$key = '';
 					}
 				}
@@ -184,34 +247,45 @@ class ActivityStreams {
 	 */
 	function get_property_obj($property, $base = '', $namespace = '') {
 		$prefix = $this->get_namespace($base, $namespace);
-		if($prefix === null)
+		if ($prefix === null)
 			return null;

-		$base = (($base) ? $base : $this->data);
+		$base     = (($base) ? $base : $this->data);
 		$propname = (($prefix) ? $prefix . ':' : '') . $property;

+		if (!is_array($base)) {
+			btlogger('not an array: ' . print_r($base, true));
+			return null;
+		}
+
 		return ((array_key_exists($propname, $base)) ? $base[$propname] : null);
 	}

+
 	/**
 	 * @brief Fetches a property from an URL.
 	 *
 	 * @param string $url
 	 * @return NULL|mixed
 	 */
+
 	function fetch_property($url) {
-		$redirects = 0;
-		if(! check_siteallowed($url)) {
-			logger('blacklisted: ' . $url);
-			return null;
+		return self::fetch($url);
+	}
+
+	static function fetch($url, $channel = null) {
+		return Activity::fetch($url, $channel);
+	}
+
+	static function is_an_actor($s) {
+		return (in_array($s, ['Application', 'Group', 'Organization', 'Person', 'Service']));
+	}
+
+	static function is_response_activity($s) {
+		if (!$s) {
+			return false;
 		}
-
-		$x = z_fetch_url($url, true, $redirects,
-			['headers' => [ 'Accept: application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"' ]]);
-		if($x['success'])
-			return json_decode($x['body'], true);
-
-		return null;
+		return (in_array($s, ['Like', 'Dislike', 'Flag', 'Block', 'Accept', 'Reject', 'TentativeAccept', 'TentativeReject', 'emojiReaction', 'EmojiReaction', 'EmojiReact']));
 	}

 	/**
@@ -222,10 +296,71 @@ class ActivityStreams {
 	 * @param string $namespace (optional) default empty
 	 * @return NULL|mixed
 	 */
-	function get_compound_property($property, $base = '', $namespace = '') {
+
+	function get_actor($property, $base = '', $namespace = '') {
 		$x = $this->get_property_obj($property, $base, $namespace);
-		if($this->is_url($x)) {
-			$x = $this->fetch_property($x);
+		if ($this->is_url($x)) {
+
+			// SECURITY: If we have already stored the actor profile, re-generate it
+			// from cached data - don't refetch it from the network
+
+			$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1",
+				dbesc($x)
+			);
+			if ($r) {
+				$y           = Activity::encode_person($r[0]);
+				$y['cached'] = true;
+				return $y;
+			}
+		}
+		$actor = $this->get_compound_property($property, $base, $namespace, true);
+		if (is_array($actor) && self::is_an_actor($actor['type'])) {
+			if (array_key_exists('id', $actor) && (!array_key_exists('inbox', $actor))) {
+				$actor = $this->fetch_property($actor['id']);
+			}
+			return $actor;
+		}
+		return null;
+	}
+
+
+	/**
+	 * @brief
+	 *
+	 * @param string $property
+	 * @param array $base
+	 * @param string $namespace (optional) default empty
+	 * @param boolean $first (optional) default false, if true and result is a sequential array return only the first element
+	 * @return NULL|mixed
+	 */
+	function get_compound_property($property, $base = '', $namespace = '', $first = false) {
+		$x = $this->get_property_obj($property, $base, $namespace);
+		if ($this->is_url($x)) {
+			$y = $this->fetch_property($x);
+			if (is_array($y)) {
+				$x = $y;
+			}
+		}
+
+		// verify and unpack JSalmon signature if present
+
+		if (is_array($x) && array_key_exists('signed', $x)) {
+			$ret = JSalmon::verify($x);
+			$tmp = JSalmon::unpack($x['data']);
+			if ($ret && $ret['success']) {
+				if ($ret['signer']) {
+					$saved            = json_encode($x, JSON_UNESCAPED_SLASHES);
+					$x                = $tmp;
+					$x['signer']      = $ret['signer'];
+					$x['signed_data'] = $saved;
+					if ($ret['hubloc']) {
+						$x['hubloc'] = $ret['hubloc'];
+					}
+				}
+			}
+		}
+		if ($first && is_array($x) && array_key_exists(0, $x)) {
+			return $x[0];
 		}

 		return $x;
@@ -238,7 +373,7 @@ class ActivityStreams {
 	 * @return boolean
 	 */
 	function is_url($url) {
-		if(($url) && (! is_array($url)) && (strpos($url, 'http') === 0)) {
+		if (($url) && (!is_array($url)) && (strpos($url, 'http') === 0)) {
 			return true;
 		}

@@ -253,13 +388,13 @@ class ActivityStreams {
 	 * @return NULL|mixed
 	 */
 	function get_primary_type($base = '', $namespace = '') {
-		if(! $base)
+		if (!$base)
 			$base = $this->data;

 		$x = $this->get_property_obj('type', $base, $namespace);
-		if(is_array($x)) {
-			foreach($x as $y) {
-				if(strpos($y, ':') === false) {
+		if (is_array($x)) {
+			foreach ($x as $y) {
+				if (strpos($y, ':') === false) {
 					return $y;
 				}
 			}
@@ -273,4 +408,33 @@ class ActivityStreams {
 		return $x;
 	}

-}
+	static function is_as_request($channel = null) {
+
+		$hookdata = [];
+		if ($channel)
+			$hookdata['channel'] = $channel;
+
+		$hookdata['data'] = ['application/x-zot-activity+json'];
+
+		call_hooks('is_as_request', $hookdata);
+
+		$x = getBestSupportedMimeType($hookdata['data']);
+		return (($x) ? true : false);
+
+	}
+
+	static function get_accept_header_string($channel = null) {
+
+		$hookdata = [];
+		if ($channel)
+			$hookdata['channel'] = $channel;
+
+		$hookdata['data'] = 'application/x-zot-activity+json';
+
+		call_hooks('get_accept_header_string', $hookdata);
+
+		return $hookdata['data'];
+
+	}
+
+}
--- a/Zotlabs/Lib/Api_router.php
+++ b/Zotlabs/Lib/Api_router.php
@@ -12,8 +12,16 @@ class Api_router {
 	}

 	static function find($path) {
-		if(array_key_exists($path,self::$routes))
+		if (array_key_exists($path,self::$routes)) {
 			return self::$routes[$path];
+		}
+
+		$with_params = dirname($path) . '/[id]';
+
+		if (array_key_exists($with_params,self::$routes)) {
+			return self::$routes[$with_params];
+		}
+
 		return null;
 	}

--- a/Zotlabs/Lib/Apps.php
+++ b/Zotlabs/Lib/Apps.php
@@ -1,32 +1,36 @@
-<?php /** @file */
+<?php

 namespace Zotlabs\Lib;

-/**
- * Apps
- *
- */
+use Zotlabs\Lib\Libsync;

 require_once('include/plugin.php');
 require_once('include/channel.php');

-
+/**
+ * @brief Apps class.
+ *
+ */
 class Apps {

 	static public $available_apps = null;
 	static public $installed_apps = null;
-
 	static public $base_apps = null;

-
-
+	/**
+	 * @brief
+	 *
+	 * @param boolean $translate (optional) default true
+	 * @return array
+	 */
 	static public function get_system_apps($translate = true) {
+		$ret = [];

-		$ret = array();
 		if(is_dir('apps'))
 			$files = glob('apps/*.apd');
 		else
 			$files = glob('app/*.apd');
+
 		if($files) {
 			foreach($files as $f) {
 				$x = self::parse_app_description($f,$translate);
@@ -50,14 +54,17 @@ class Apps {
 			}
 		}

-		call_hooks('get_system_apps',$ret);
+		/**
+		 * @hooks get_system_apps
+		 *   Hook to manipulate the system apps array.
+		 */
+		call_hooks('get_system_apps', $ret);

 		return $ret;
-
 	}

 	static public function get_base_apps() {
-		return get_config('system','base_apps',[ 
+		$x = get_config('system','base_apps',[
 			'Connections',
 			'Network',
 			'Settings',
@@ -65,13 +72,20 @@ class Apps {
 			'Channel Home',
 			'View Profile',
 			'Photos',
-			'Events',
+			'Calendar',
 			'Directory',
 			'Search',
 			'Help',
-			'Mail',
 			'Profile Photo'
 		]);
+
+		/**
+		 * @hooks get_base_apps
+		 *   Hook to manipulate the base apps array.
+		 */
+		call_hooks('get_base_apps', $x);
+
+		return $x;
 	}

 	static public function import_system_apps() {
@@ -79,7 +93,7 @@ class Apps {
 			return;

 		self::$base_apps = self::get_base_apps();
- 
+
 		$apps = self::get_system_apps(false);

 		self::$available_apps = q("select * from app where app_channel = 0");
@@ -104,6 +118,7 @@ class Apps {
 				// $id will be boolean true or false to install an app, or an integer id to update an existing app
 				if($id === false)
 					continue;
+
 				if($id !== true) {
 					// if we already installed this app, but it changed, preserve any categories we created
 					$s = EMPTY_STR;
@@ -124,16 +139,17 @@ class Apps {
 				$app['guid'] = hash('whirlpool',$app['name']);
 				$app['system'] = 1;
 				self::app_install(local_channel(),$app);
-
 			}
-		}					
+		}
 	}

 	/**
-	 * Install the system app if no system apps have been installed, or if a new system app 
+	 * Install the system app if no system apps have been installed, or if a new system app
 	 * is discovered, or if the version of a system app changes.
+	 *
+	 * @param array $app
+	 * @return boolean|int
 	 */
-
 	static public function check_install_system_app($app) {
 		if((! is_array(self::$available_apps)) || (! count(self::$available_apps))) {
 			return true;
@@ -157,17 +173,16 @@ class Apps {
 		return $notfound;
 	}

-
 	/**
-	 * Install the system app if no system apps have been installed, or if a new system app 
-	 * is discovered, or if the version of a system app changes.
+	 * Install the personal app if no personal apps have been installed, or if a new personal app
+	 * is discovered, or if the version of a personal app changes.
+	 *
+	 * @param array $app
+	 * @return boolean|int
 	 */
-
-
-
 	static public function check_install_personal_app($app) {
 		$installed = false;
-		foreach(self::$installed_apps as $iapp) {			
+		foreach(self::$installed_apps as $iapp) {
 			if($iapp['app_id'] == hash('whirlpool',$app['name'])) {
 				$installed = true;
 				if(($iapp['app_version'] != $app['version'])
@@ -187,19 +202,24 @@ class Apps {
 		return strcasecmp($a['name'],$b['name']);
 	}

-
-	static public function parse_app_description($f,$translate = true) {
-
-		$ret = array();
+	/**
+	 * @brief Parse app description.
+	 *
+	 * @param string $f filename
+	 * @param boolean $translate (optional) default true
+	 * @return boolean|array
+	 */
+	static public function parse_app_description($f, $translate = true) {
+		$ret = [];
+		$matches = [];

 		$baseurl = z_root();
-		$channel = \App::get_channel();
-		$address = (($channel) ? $channel['channel_address'] : '');
-		
+		//$channel = \App::get_channel();
+		//$address = (($channel) ? $channel['channel_address'] : '');
+
 		//future expansion

 		$observer = \App::get_observer();
-	

 		$lines = @file($f);
 		if($lines) {
@@ -208,7 +228,7 @@ class Apps {
 					$ret[$matches[1]] = trim($matches[2]);
 				}
 			}
-		}	
+		}

 		if(! $ret['photo'])
 			$ret['photo'] = $baseurl . '/' . get_default_profile_photo(80);
@@ -287,39 +307,44 @@ class Apps {
 				}
 			}
 		}
-		if($ret) {
+		if(isset($ret)) {
 			if($translate)
 				self::translate_system_apps($ret);
+
 			return $ret;
 		}
+
 		return false;
-	}	
+	}


 	static public function translate_system_apps(&$arr) {
 		$apps = array(
 			'Apps' => t('Apps'),
+			'Affinity Tool' => t('Affinity Tool'),
 			'Articles' => t('Articles'),
 			'Cards' => t('Cards'),
 			'Admin' => t('Site Admin'),
 			'Report Bug' => t('Report Bug'),
 			'Bookmarks' => t('Bookmarks'),
 			'Chatrooms' => t('Chatrooms'),
+			'Content Filter' => t('Content Filter'),
+			'Content Import' => t('Content Import'),
 			'Connections' => t('Connections'),
 			'Remote Diagnostics' => t('Remote Diagnostics'),
 			'Suggest Channels' => t('Suggest Channels'),
 			'Login' => t('Login'),
-			'Channel Manager' => t('Channel Manager'), 
+			'Channel Manager' => t('Channel Manager'),
 			'Network' => t('Stream'),
 			'Settings' => t('Settings'),
 			'Files' => t('Files'),
 			'Webpages' => t('Webpages'),
 			'Wiki' => t('Wiki'),
-			'Channel Home' => t('Channel Home'), 
+			'Channel Home' => t('Channel Home'),
 			'View Profile' => t('View Profile'),
-			'Photos' => t('Photos'), 
-			'Events' => t('Events'), 
-			'Directory' => t('Directory'), 
+			'Photos' => t('Photos'),
+			'Calendar' => t('Calendar'),
+			'Directory' => t('Directory'),
 			'Help' => t('Help'),
 			'Mail' => t('Mail'),
 			'Mood' => t('Mood'),
@@ -339,7 +364,6 @@ class Apps {
 			'Privacy Groups' => t('Privacy Groups'),
 			'Notifications' => t('Notifications'),
 			'Order Apps' => t('Order Apps'),
-			'CalDAV' => t('CalDAV'),
 			'CardDAV' => t('CardDAV'),
 			'Channel Sources' => t('Channel Sources'),
 			'Guest Access' => t('Guest Access'),
@@ -348,7 +372,6 @@ class Apps {
 			'OAuth2 Apps Manager' => t('OAuth2 Apps Manager'),
 			'PDL Editor' => t('PDL Editor'),
 			'Permission Categories' => t('Permission Categories'),
-			'Premium Channel' => t('Premium Channel'),
 			'Public Stream' => t('Public Stream'),
 			'My Chatrooms' => t('My Chatrooms'),
 			'Channel Export' => t('Channel Export')
@@ -364,30 +387,31 @@ class Apps {
 				if(array_key_exists($arr[$x]['name'],$apps)) {
 					$arr[$x]['name'] = $apps[$arr[$x]['name']];
 				} else {
-				    // Try to guess by app name if not in list
-				    $arr[$x]['name'] = t(trim($arr[$x]['name']));
+					// Try to guess by app name if not in list
+					$arr[$x]['name'] = t(trim($arr[$x]['name']));
 				}
 			}
 		}
-				
 	}

-
-	// papp is a portable app
-
-	static public function app_render($papp,$mode = 'view') {
-
-		/**
-		 * modes:
-		 *    view: normal mode for viewing an app via bbcode from a conversation or page
-		 *       provides install/update button if you're logged in locally
-		 *    install: like view but does not display app-bin options if they are present
-		 *    list: normal mode for viewing an app on the app page
-		 *       no buttons are shown
-		 *    edit: viewing the app page in editing mode provides a delete button
-		 *    nav: render apps for app-bin
-		 */
-
+	/**
+	 * @brief
+	 *
+	 * @param array $papp
+	 *  papp is a portable app
+	 * @param string $mode (optional) default 'view'
+	 *   Render modes:
+	 *   * \b view: normal mode for viewing an app via bbcode from a conversation or page
+	 *       provides install/update button if you're logged in locally
+	 *   * \b install: like view but does not display app-bin options if they are present
+	 *   * \b list: normal mode for viewing an app on the app page
+	 *       no buttons are shown
+	 *   * \b edit: viewing the app page in editing mode provides a delete button
+	 *   * \b nav: render apps for app-bin
+	 *
+	 * @return void|string Parsed HTML
+	 */
+	static public function app_render($papp, $mode = 'view') {
 		$installed = false;

 		if(! $papp)
@@ -412,7 +436,7 @@ class Apps {
 				$sys = get_sys_channel();
 				$view_channel = $sys['channel_id'];
 			}
-			self::app_macros($view_channel,$papp); 
+			self::app_macros($view_channel,$papp);
 		}

 		if(strpos($papp['url'], ',')) {
@@ -425,7 +449,6 @@ class Apps {
 			$papp['url'] = z_root() . ((strpos($papp['url'],'/') === 0) ? '' : '/') . $papp['url'];


-
 		foreach($papp as $k => $v) {
 			if(strpos($v,'http') === 0 && $k != 'papp') {
 				if(! (local_channel() && strpos($v,z_root()) === 0)) {
@@ -501,13 +524,13 @@ class Apps {
 		}
 		elseif(remote_channel()) {
 			$observer = \App::get_observer();
-			if($observer && $observer['xchan_network'] === 'zot') {
+			if($observer && in_array($observer['xchan_network'], ['zot6', 'zot'])) {
 				// some folks might have xchan_url redirected offsite, use the connurl
 				$x = parse_url($observer['xchan_connurl']);
 				if($x) {
 					$hosturl = $x['scheme'] . '://' . $x['host'] . '/';
 				}
-			} 
+			}
 		}

 		$install_action = (($installed) ? t('Update') : t('Install'));
@@ -541,7 +564,8 @@ class Apps {
 			'$featured' => ((strpos($papp['categories'], 'nav_featured_app') === false) ? false : true),
 			'$pinned' => ((strpos($papp['categories'], 'nav_pinned_app') === false) ? false : true),
 			'$navapps' => (($mode == 'nav') ? true : false),
-			'$order' => (($mode == 'nav-order') ? true : false),
+			'$order' => (($mode === 'nav-order' || $mode === 'nav-order-pinned') ? true : false),
+			'$mode' => $mode,
 			'$add' => t('Add to app-tray'),
 			'$remove' => t('Remove from app-tray'),
 			'$add_nav' => t('Pin to navbar'),
@@ -581,7 +605,7 @@ class Apps {
 							intval(TERM_OBJ_APP),
 							intval($r[0]['id'])
 						);
-						build_sync_packet($uid,array('app' => $r[0]));
+						Libsync::build_sync_packet($uid,array('app' => $r[0]));
 					}
 				}
 			}
@@ -590,8 +614,14 @@ class Apps {
 		return false;
 	}

-
-	static public function can_delete($uid,$app) {
+	/**
+	 * @brief
+	 *
+	 * @param mixed $uid If not set return false, otherwise no influence
+	 * @param array $app
+	 * @return boolean
+	 */
+	static public function can_delete($uid, $app) {
 		if(! $uid) {
 			return false;
 		}
@@ -599,7 +629,7 @@ class Apps {
 		$base_apps = self::get_base_apps();
 		if($base_apps) {
 			foreach($base_apps as $b) {
-				if($app['guid'] === hash('whirlpool',$b)) {
+				if($app['guid'] === hash('whirlpool', $b)) {
 					return false;
 				}
 			}
@@ -611,7 +641,6 @@ class Apps {
 	static public function app_destroy($uid,$app) {

 		if($uid && $app['guid']) {
-
 			$x = q("select * from app where app_id = '%s' and app_channel = %d limit 1",
 				dbesc($app['guid']),
 				intval($uid)
@@ -620,7 +649,7 @@ class Apps {
 				if(! intval($x[0]['app_deleted'])) {
 					$x[0]['app_deleted'] = 1;
 					if(self::can_delete($uid,$app)) {
-						$r = q("delete from app where app_id = '%s' and app_channel = %d",
+						q("delete from app where app_id = '%s' and app_channel = %d",
 							dbesc($app['guid']),
 							intval($uid)
 						);
@@ -628,16 +657,21 @@ class Apps {
 							intval(TERM_OBJ_APP),
 							intval($x[0]['id'])
 						);
+						/**
+						 * @hooks app_destroy
+						 *  Called after app entry got removed from database
+						 *  and provide app array from database.
+						 */
 						call_hooks('app_destroy', $x[0]);
 					}
 					else {
-						$r = q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
+						q("update app set app_deleted = 1 where app_id = '%s' and app_channel = %d",
 							dbesc($app['guid']),
 							intval($uid)
 						);
 					}
 					if(! intval($x[0]['app_system'])) {
-						build_sync_packet($uid,array('app' => $x));
+						Libsync::build_sync_packet($uid,array('app' => $x));
 					}
 				}
 				else {
@@ -645,22 +679,23 @@ class Apps {
 				}
 			}
 		}
-
 	}

-	static public function app_undestroy($uid,$app) {
-
-		// undelete a system app
-		
+	/**
+	 * @brief Undelete a system app.
+	 *
+	 * @param int $uid
+	 * @param array $app
+	 */
+	static public function app_undestroy($uid, $app) {
 		if($uid && $app['guid']) {
-
 			$x = q("select * from app where app_id = '%s' and app_channel = %d limit 1",
 				dbesc($app['guid']),
 				intval($uid)
 			);
 			if($x) {
 				if($x[0]['app_system']) {
-					$r = q("update app set app_deleted = 0 where app_id = '%s' and app_channel = %d",
+					q("update app set app_deleted = 0 where app_id = '%s' and app_channel = %d",
 						dbesc($app['guid']),
 						intval($uid)
 					);
@@ -669,7 +704,15 @@ class Apps {
 		}
 	}

-	static public function app_feature($uid,$app,$term) {
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param array $app
+	 * @param string $term
+	 * @return void
+	 */
+	static public function app_feature($uid, $app, $term) {
 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
 			dbesc($app['guid']),
 			intval($uid)
@@ -693,23 +736,37 @@ class Apps {
 		}
 	}

-	static public function app_installed($uid,$app,$bypass_filter=false) {
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param array $app
+	 * @param boolean $bypass_filter (optional) default false
+	 * @return boolean
+	 */
+	static public function app_installed($uid, $app, $bypass_filter = false) {

 		$r = q("select id from app where app_id = '%s' and app_channel = %d limit 1",
-			dbesc((array_key_exists('guid',$app)) ? $app['guid'] : ''), 
+			dbesc((array_key_exists('guid', $app)) ? $app['guid'] : ''),
 			intval($uid)
 		);
-		if (!$bypass_filter) {
+		if(!$bypass_filter) {
 			$filter_arr = [
-				'uid'=>$uid,
-				'app'=>$app,
-				'installed'=>$r
+				'uid' => $uid,
+				'app' => $app,
+				'installed' => $r
 			];
-			call_hooks('app_installed_filter',$filter_arr);
+			/**
+			 * @hooks app_installed_filter
+			 *  * \e int \b uid
+			 *  * \e array \b app
+			 *  * \e mixed \b installed - return value
+			 */
+			call_hooks('app_installed_filter', $filter_arr);
 			$r = $filter_arr['installed'];
 		}
-		return(($r) ? true : false);

+		return(($r) ? true : false);
 	}


@@ -725,11 +782,17 @@ class Apps {
 				'app'=>$app,
 				'installed'=>$r
 			];
-			call_hooks('addon_app_installed_filter',$filter_arr);
+			/**
+			 * @hooks addon_app_installed_filter
+			 *  * \e int \b uid
+			 *  * \e array \b app
+			 *  * \e mixed \b installed - return value
+			 */
+			call_hooks('addon_app_installed_filter', $filter_arr);
 			$r = $filter_arr['installed'];
 		}
-		return(($r) ? true : false);

+		return(($r) ? true : false);
 	}

 	static public function system_app_installed($uid,$app,$bypass_filter=false) {
@@ -744,28 +807,39 @@ class Apps {
 				'app'=>$app,
 				'installed'=>$r
 			];
-			call_hooks('system_app_installed_filter',$filter_arr);
+			/**
+			 * @hooks system_app_installed_filter
+			 *  * \e int \b uid
+			 *  * \e array \b app
+			 *  * \e mixed \b installed - return value
+			 */
+			call_hooks('system_app_installed_filter', $filter_arr);
 			$r = $filter_arr['installed'];
 		}
-		return(($r) ? true : false);

+		return(($r) ? true : false);
 	}

-
-
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param boolean $deleted
+	 * @param array $cats
+	 * @return boolean|array
+	 */
 	static public function app_list($uid, $deleted = false, $cats = []) {
-		if($deleted) 
-			$sql_extra = "";
+		if($deleted)
+			$sql_extra = '';
 		else
-			$sql_extra = " and app_deleted = 0 ";
+			$sql_extra = ' and app_deleted = 0 ';

 		if($cats) {
-
-			$cat_sql_extra = " and ( ";
+			$cat_sql_extra = ' and ( ';

 			foreach($cats as $cat) {
 				if(strpos($cat_sql_extra, 'term'))
-					$cat_sql_extra .= "or ";
+					$cat_sql_extra .= 'or ';

 				$cat_sql_extra .= "term = '" . dbesc($cat) . "' ";
 			}
@@ -777,11 +851,13 @@ class Apps {
 			);
 			if(! $r)
 				return $r;
-			$sql_extra .= " and app.id in ( ";
+
+			$sql_extra .= ' and app.id in ( ';
 			$s = '';
 			foreach($r as $rr) {
 				if($s)
 					$s .= ',';
+
 				$s .= intval($rr['oid']);
 			}
 			$sql_extra .= $s . ') ';
@@ -792,12 +868,26 @@ class Apps {
 		);

 		if($r) {
-                        $hookinfo = Array('uid'=>$uid,'deleted'=>$deleted,'cats'=>$cats,'apps'=>$r);
-			call_hooks('app_list',$hookinfo);
+			$hookinfo = [
+					'uid' => $uid,
+					'deleted' => $deleted,
+					'cats' => $cats,
+					'apps' => $r,
+			];
+			/**
+			 * @hooks app_list
+			 *  * \e int \b uid
+			 *  * \e boolean \b deleted
+			 *  * \e array \b cats
+			 *  * \e array \b apps - return value
+			 */
+			call_hooks('app_list', $hookinfo);
 			$r = $hookinfo['apps'];
-			for($x = 0; $x < count($r); $x ++) {
+
+			for($x = 0; $x < count($r); $x++) {
 				if(! $r[$x]['app_system'])
 					$r[$x]['type'] = 'personal';
+
 				$r[$x]['term'] = q("select * from term where otype = %d and oid = %d",
 					intval(TERM_OBJ_APP),
 					intval($r[$x]['id'])
@@ -805,15 +895,17 @@ class Apps {
 			}
 		}

-		return($r);
+		return $r;
 	}

-	static public function app_order($uid,$apps) {
+	static public function app_order($uid,$apps,$menu) {

 		if(! $apps)
 			return $apps;

-		$x = (($uid) ? get_pconfig($uid,'system','app_order') : get_config('system','app_order'));
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$x = (($uid) ? get_pconfig($uid,'system',$conf) : get_config('system',$conf));
 		if(($x) && (! is_array($x))) {
 			$y = explode(',',$x);
 			$y = array_map('trim',$y);
@@ -835,13 +927,14 @@ class Apps {
 				$ret[] = $ap;
 			}
 		}
-		return $ret;

+		return $ret;
 	}

 	static function find_app_in_array($name,$arr) {
 		if(! $arr)
 			return false;
+
 		foreach($arr as $x) {
 			if($x['name'] === $name) {
 					return $x;
@@ -850,25 +943,35 @@ class Apps {
 		return false;
 	}

-	static function moveup($uid,$guid) {
-		$syslist = array();
-		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param int $guid
+	 * @param string $menu
+	 * @return void
+	 */
+	static function moveup($uid, $guid, $menu) {
+		$syslist = [];
+
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$list = self::app_list($uid, false, [ $menu ]);
 		if($list) {
 			foreach($list as $li) {
-				$syslist[] = self::app_encode($li);
+				$papp = self::app_encode($li);
+				$syslist[] = $papp;
 			}
 		}
 		self::translate_system_apps($syslist);

 		usort($syslist,'self::app_name_compare');

-		$syslist = self::app_order($uid,$syslist);
+		$syslist = self::app_order($uid,$syslist,$menu);

 		if(! $syslist)
 			return;

-		$newlist = [];
-
 		foreach($syslist as $k => $li) {
 			if($li['guid'] === $guid) {
 				$position = $k;
@@ -877,6 +980,7 @@ class Apps {
 		}
 		if(! $position)
 			return;
+
 		$dest_position = $position - 1;
 		$saved = $syslist[$dest_position];
 		$syslist[$dest_position] = $syslist[$position];
@@ -887,29 +991,41 @@ class Apps {
 			$narr[] = $x['name'];
 		}

-		set_pconfig($uid,'system','app_order',implode(',',$narr));
-
+		set_pconfig($uid,'system',$conf,implode(',',$narr));
 	}

-	static function movedown($uid,$guid) {
-		$syslist = array();
-		$list = self::app_list($uid, false, ['nav_featured_app', 'nav_pinned_app']);
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param int $guid
+	 * @param string $menu
+	 * @return void
+	 */
+	static function movedown($uid, $guid, $menu) {
+		$syslist = [];
+
+		$conf = (($menu === 'nav_featured_app') ? 'app_order' : 'app_pin_order');
+
+		$list = self::app_list($uid, false, [ $menu ]);
 		if($list) {
 			foreach($list as $li) {
-				$syslist[] = self::app_encode($li);
+				$papp = self::app_encode($li);
+				if($menu !== 'nav_pinned_app' && strpos($papp['categories'],'nav_pinned_app') !== false)
+					continue;
+
+				$syslist[] = $papp;
 			}
 		}
 		self::translate_system_apps($syslist);

 		usort($syslist,'self::app_name_compare');

-		$syslist = self::app_order($uid,$syslist);
+		$syslist = self::app_order($uid,$syslist,$menu);

 		if(! $syslist)
 			return;

-		$newlist = [];
-
 		foreach($syslist as $k => $li) {
 			if($li['guid'] === $guid) {
 				$position = $k;
@@ -918,6 +1034,7 @@ class Apps {
 		}
 		if($position >= count($syslist) - 1)
 			return;
+
 		$dest_position = $position + 1;
 		$saved = $syslist[$dest_position];
 		$syslist[$dest_position] = $syslist[$position];
@@ -928,8 +1045,7 @@ class Apps {
 			$narr[] = $x['name'];
 		}

-		set_pconfig($uid,'system','app_order',implode(',',$narr));
-
+		set_pconfig($uid,'system',$conf,implode(',',$narr));
 	}

 	static public function app_decode($s) {
@@ -937,8 +1053,14 @@ class Apps {
 		return json_decode($x,true);
 	}

-
-	static public function app_macros($uid,&$arr) {
+	/**
+	 * @brief
+	 *
+	 * @param int $uid
+	 * @param[in,out] array $arr
+	 * @return void
+	 */
+	static public function app_macros($uid, &$arr) {

 		if(! intval($uid))
 			return;
@@ -946,21 +1068,17 @@ class Apps {
 		$baseurl = z_root();
 		$channel = channelx_by_n($uid);
 		$address = (($channel) ? $channel['channel_address'] : '');
-		
+
 		//future expansion

-		$observer = \App::get_observer();
-	
+		//$observer = \App::get_observer();
+
 		$arr['url'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['url']);
 		$arr['photo'] = str_replace(array('$baseurl','$nick'),array($baseurl,$address),$arr['photo']);
-
 	}



-
-
-
 	static public function app_store($arr) {

 		//logger('app_store: ' . print_r($arr,true));
@@ -1144,16 +1262,20 @@ class Apps {
 		}

 		return $ret;
-
 	}

-
-	static public function app_encode($app,$embed = false) {
-
-		$ret = array();
+	/**
+	 * @brief
+	 *
+	 * @param array $app
+	 * @param boolean $embed (optional) default false
+	 * @return array|string
+	 */
+	static public function app_encode($app, $embed = false) {
+		$ret = [];

 		$ret['type'] = 'personal';
-	
+
 		if($app['app_id'])
 			$ret['guid'] = $app['app_id'];

@@ -1186,7 +1308,7 @@ class Apps {

 		if($app['app_price'])
 			$ret['price'] = $app['app_price'];
-	
+
 		if($app['app_page'])
 			$ret['page'] = $app['app_page'];

@@ -1210,12 +1332,12 @@ class Apps {
 			foreach($app['term'] as $t) {
 				if($s)
 					$s .= ',';
+
 				$s .= $t['term'];
 			}
 			$ret['categories'] = $s;
 		}

-
 		if(! $embed)
 			return $ret;

@@ -1223,18 +1345,15 @@ class Apps {

 		if(array_key_exists('categories',$ret))
 			unset($ret['categories']);
-	
-		$j = json_encode($ret);
-		return '[app]' . chunk_split(base64_encode($j),72,"\n") . '[/app]';

+		$j = json_encode($ret);
+
+		return '[app]' . chunk_split(base64_encode($j),72,"\n") . '[/app]';
 	}


 	static public function papp_encode($papp) {
 		return chunk_split(base64_encode(json_encode($papp)),72,"\n");
-
 	}

 }
-
-
--- a/Zotlabs/Lib/Cache.php
+++ b/Zotlabs/Lib/Cache.php
@@ -7,12 +7,23 @@ namespace Zotlabs\Lib;
 	 */
 	 
 class Cache {
-	public static function get($key) {
+    
+    /**
+     * @brief Returns cached content
+     * 
+     * @param string $key
+     * @param string $age in SQL format, default is '30 DAY'
+     * @return string
+     */
+    
+	public static function get($key, $age = '') {

 		$hash = hash('whirlpool',$key);

-		$r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
-			dbesc($hash)
+		$r = q("SELECT v FROM cache WHERE k = '%s' AND updated > %s - INTERVAL %s LIMIT 1",
+			dbesc($hash),
+			db_utcnow(),
+			db_quoteinterval(($age ? $age : get_config('system','object_cache_days', '30') . ' DAY'))
 		);
 			
 		if ($r)
@@ -40,12 +51,4 @@ class Cache {
 				dbesc(datetime_convert()));
 		}
 	}
-
-		
-	public static function clear() {
-		q("DELETE FROM cache WHERE updated < '%s'",
-			dbesc(datetime_convert('UTC','UTC',"now - 30 days")));			
-	}
-		
 }
-	 
--- a/Zotlabs/Lib/Chatroom.php
+++ b/Zotlabs/Lib/Chatroom.php
@@ -1,6 +1,8 @@
 <?php
 namespace Zotlabs\Lib;

+use Zotlabs\Lib\Libsync;
+
 /**
 * @brief A class with chatroom related static methods.
 */
@@ -91,7 +93,7 @@ class Chatroom {
 			return $ret;
 		}

-		build_sync_packet($channel['channel_id'],array('chatroom' => $r));
+		Libsync::build_sync_packet($channel['channel_id'],array('chatroom' => $r));

 		q("delete from chatroom where cr_id = %d",
 			intval($r[0]['cr_id'])
--- a/Zotlabs/Lib/Connect.php
+++ b/Zotlabs/Lib/Connect.php
@@ -0,0 +1,312 @@
+<?php /** @file */
+
+namespace Zotlabs\Lib;
+
+use App;
+use Zotlabs\Access\Permissions;
+use Zotlabs\Daemon\Master;
+
+
+
+class Connect {
+
+	/**
+	 * Takes a $channel and a $url/handle and adds a new connection
+	 *
+	 * Returns array
+	 *  $return['success'] boolean true if successful
+	 *  $return['abook'] Address book entry joined with xchan if successful
+	 *  $return['message'] error text if success is false.
+	 *
+	 * This function does NOT send sync packets to clones. The caller is responsible for doing this
+	 */
+
+	static function connect($channel, $url, $sub_channel = false) {
+
+		$uid = $channel['channel_id'];
+
+		if (strpos($url,'@') === false && strpos($url,'/') === false) {
+			$url = $url . '@' . App::get_hostname();
+		}
+
+		$result = [ 'success' => false, 'message' => '' ];
+
+		$my_perms = false;
+		$protocol = '';
+
+		if (substr($url,0,1) === '[') {
+			$x = strpos($url,']');
+			if ($x) {
+				$protocol = substr($url,1,$x-1);
+				$url = substr($url,$x+1);
+			}
+		}
+
+		if (! check_siteallowed($url)) {
+			$result['message'] = t('Channel is blocked on this site.');
+			return $result;
+		}
+
+		if (! $url) {
+			$result['message'] = t('Channel location missing.');
+			return $result;
+		}
+
+		// check service class limits
+
+		$r = q("select count(*) as total from abook where abook_channel = %d and abook_self = 0 ",
+			intval($uid)
+		);
+		if ($r) {
+			$total_channels = $r[0]['total'];
+		}
+
+		if (! service_class_allows($uid,'total_channels',$total_channels)) {
+			$result['message'] = upgrade_message();
+			return $result;
+		}
+
+		$xchan_hash = '';
+		$sql_options = (($protocol) ? " and xchan_network = '" . dbesc($protocol) . "' " : '');
+
+		$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s') $sql_options ",
+			dbesc($url),
+			dbesc($url),
+			dbesc($url)
+		);
+
+		if ($r) {
+
+			// reset results to the best record or the first if we don't have the best
+			// note: this is a single record and not an array of results
+
+			$r = Libzot::zot_record_preferred($r,'xchan_network');
+
+		}
+
+		$singleton = false;
+		$d = false;
+
+		if (! $r) {
+
+			// not in cache - try discovery
+
+			$wf = discover_by_webbie($url,$protocol);
+
+			if (! $wf) {
+				$feeds = get_config('system','feed_contacts');
+
+				if (($feeds) && (in_array($protocol, [ '', 'feed', 'rss' ]))) {
+					$d = discover_by_url($url);
+				}
+				else {
+					$result['message'] = t('Remote channel or protocol unavailable.');
+					return $result;
+				}
+			}
+		}
+
+		if ($wf || $d) {
+
+			// something was discovered - find the record which was just created.
+
+			$r = q("select * from xchan where ( xchan_hash = '%s' or xchan_url = '%s' or xchan_addr = '%s' ) $sql_options",
+				dbesc(($wf) ? $wf : $url),
+				dbesc($url),
+				dbesc($url)
+			);
+
+			// convert to a single record (once again preferring a zot solution in the case of multiples)
+
+			if ($r) {
+				$r = Libzot::zot_record_preferred($r,'xchan_network');
+			}
+		}
+
+		// if discovery was a success or the channel was already cached we should have an xchan record in $r
+
+		if ($r) {
+			$xchan = $r;
+			$xchan_hash = $r['xchan_hash'];
+			$their_perms = EMPTY_STR;
+		}
+
+		// failure case
+
+		if (! $xchan_hash) {
+			$result['message'] = t('Channel discovery failed.');
+			logger('follow: ' . $result['message']);
+			return $result;
+		}
+
+		if (! check_channelallowed($xchan_hash)) {
+			$result['message'] = t('Channel is blocked on this site.');
+			logger('follow: ' . $result['message']);
+			return $result;
+
+		}
+
+		$allowed = ((in_array($xchan['xchan_network'],['rss','zot','zot6'])) ? 1 : 0);
+
+		$hookdata = ['channel_id' => $uid, 'follow_address' => $url, 'xchan' => $xchan, 'allowed' => $allowed, 'singleton' => 0];
+		call_hooks('follow_allow',$hookdata);
+
+		if(! $hookdata['allowed']) {
+			$result['message'] = t('Protocol disabled.');
+			return $result;
+		}
+
+		$singleton = intval($hookdata['singleton']);
+
+		// Now start processing the new connection
+
+		$aid = $channel['channel_account_id'];
+		$default_group = $channel['channel_default_group'];
+
+		if (in_array($xchan_hash, [$channel['channel_hash'], $channel['channel_portable_id']])) {
+			$result['message'] = t('Cannot connect to yourself.');
+			return $result;
+		}
+
+		if ($xchan['xchan_network'] === 'rss') {
+
+			// check service class feed limits
+
+			$t = q("select count(*) as total from abook where abook_account = %d and abook_feed = 1 ",
+				intval($aid)
+			);
+			if ($t) {
+				$total_feeds = $t[0]['total'];
+			}
+
+			if (! service_class_allows($uid,'total_feeds',$total_feeds)) {
+				$result['message'] = upgrade_message();
+				return $result;
+			}
+
+			// Always set these "remote" permissions for feeds since we cannot interact with them
+			// to negotiate a suitable permission response
+
+			set_abconfig($uid,$xchan_hash,'their_perms','view_stream',1);
+			set_abconfig($uid,$xchan_hash,'their_perms','republish',1);
+
+		}
+
+
+		$p = Permissions::connect_perms($uid);
+
+		// parent channels have unencumbered write permission
+
+		if ($sub_channel) {
+			$p['perms']['post_wall']     = 1;
+			$p['perms']['post_comments'] = 1;
+			$p['perms']['write_storage'] = 1;
+			$p['perms']['post_like']     = 1;
+			$p['perms']['delegate']      = 0;
+			$p['perms']['moderated']     = 0;
+		}
+
+		$my_perms = $p['perms'];
+		
+		$profile_assign = get_pconfig($uid,'system','profile_assign','');
+
+
+		// See if we are already connected by virtue of having an abook record
+
+		$r = q("select abook_id, abook_xchan, abook_pending, abook_instance from abook 
+			where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($xchan_hash),
+			intval($uid)
+		);
+
+		if ($r) {
+
+			$abook_instance = $r[0]['abook_instance'];
+
+			// If they are on a non-nomadic network, add them to this location
+
+			if (($singleton) && strpos($abook_instance,z_root()) === false) {
+				if ($abook_instance) {
+					$abook_instance .= ',';
+				}
+				$abook_instance .= z_root();
+
+				$x = q("update abook set abook_instance = '%s', abook_not_here = 0 where abook_id = %d",
+					dbesc($abook_instance),
+					intval($r[0]['abook_id'])
+				);
+			}
+
+			// if they have a pending connection, we just followed them so approve the connection request
+
+			if (intval($r[0]['abook_pending'])) {
+				$x = q("update abook set abook_pending = 0 where abook_id = %d",
+					intval($r[0]['abook_id'])
+				);
+			}
+		}
+		else {
+
+			// create a new abook record
+
+			$closeness = get_pconfig($uid,'system','new_abook_closeness',80);
+
+			$r = abook_store_lowlevel(
+				[
+					'abook_account'   => intval($aid),
+					'abook_channel'   => intval($uid),
+					'abook_closeness' => intval($closeness),
+					'abook_xchan'     => $xchan_hash,
+					'abook_profile'   => $profile_assign,
+					'abook_feed'      => intval(($xchan['xchan_network'] === 'rss') ? 1 : 0),
+					'abook_created'   => datetime_convert(),
+					'abook_updated'   => datetime_convert(),
+					'abook_instance'  => (($singleton) ? z_root() : '')
+				]
+			);
+		}
+
+		if (! $r) {
+			logger('abook creation failed');
+			$result['message'] = t('error saving data');
+			return $result;
+		}
+
+		// Set suitable permissions to the connection
+
+		if($my_perms) {
+			foreach($my_perms as $k => $v) {
+				set_abconfig($uid,$xchan_hash,'my_perms',$k,$v);
+			}
+		}
+
+		// fetch the entire record
+
+		$r = q("select abook.*, xchan.* from abook left join xchan on abook_xchan = xchan_hash 
+			where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($xchan_hash),
+			intval($uid)
+		);
+
+		if ($r) {
+			$result['abook'] = array_shift($r);
+			Master::Summon([ 'Notifier', 'permission_create', $result['abook']['abook_id'] ]);
+		}
+
+		$arr = [ 'channel_id' => $uid, 'channel' => $channel, 'abook' => $result['abook'] ];
+
+		call_hooks('follow', $arr);
+
+		/** If there is a default group for this channel, add this connection to it */
+
+		if ($default_group) {
+			$g = AccessList::rec_byhash($uid,$default_group);
+			if ($g) {
+				AccessList::member_add($uid,'',$xchan_hash,$g['id']);
+			}
+		}
+
+		$result['success'] = true;
+		return $result;
+	}
+}
--- a/Zotlabs/Lib/Crypto.php
+++ b/Zotlabs/Lib/Crypto.php
@@ -0,0 +1,206 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Exception;
+
+class Crypto {
+
+	public static $openssl_algorithms = [
+
+		// zot6 nickname,   opensslname,   keylength, ivlength
+
+		['aes256ctr', 'aes-256-ctr', 32, 16],
+		['camellia256cfb', 'camellia-256-cfb', 32, 16],
+		['cast5cfb', 'cast5-cfb', 16, 8],
+		['aes256cbc', 'aes-256-cbc', 32, 16] // remove after legacy zot has been sunset
+
+	];
+
+	public static function methods() {
+		$ret = [];
+
+		foreach (self::$openssl_algorithms as $ossl) {
+			$ret[] = $ossl[0] . '.oaep';
+		}
+
+		call_hooks('crypto_methods', $ret);
+		return $ret;
+	}
+
+	public static function signing_methods() {
+
+		$ret = ['sha256'];
+		call_hooks('signing_methods', $ret);
+		return $ret;
+
+	}
+
+	public static function new_keypair($bits) {
+
+		$openssl_options = [
+			'digest_alg'       => 'sha1',
+			'private_key_bits' => $bits,
+			'encrypt_key'      => false
+		];
+
+		$conf = get_config('system', 'openssl_conf_file');
+
+		if ($conf) {
+			$openssl_options['config'] = $conf;
+		}
+
+		$result = openssl_pkey_new($openssl_options);
+
+		if (empty($result)) {
+			return false;
+		}
+
+		// Get private key
+
+		$response = ['prvkey' => '', 'pubkey' => ''];
+
+		openssl_pkey_export($result, $response['prvkey']);
+
+		// Get public key
+		$pkey               = openssl_pkey_get_details($result);
+		$response['pubkey'] = $pkey["key"];
+
+		return $response;
+
+	}
+
+	public static function sign($data, $key, $alg = 'sha256') {
+
+		if (!$key) {
+			return false;
+		}
+
+		$sig = '';
+		openssl_sign($data, $sig, $key, $alg);
+		return $sig;
+	}
+
+	public static function verify($data, $sig, $key, $alg = 'sha256') {
+
+		if (!$key) {
+			return false;
+		}
+
+		try {
+			$verify = openssl_verify($data, $sig, $key, $alg);
+		} catch (Exception $e) {
+			$verify = (-1);
+		}
+
+		if ($verify === (-1)) {
+			while ($msg = openssl_error_string()) {
+				logger('openssl_verify: ' . $msg, LOGGER_NORMAL, LOG_ERR);
+			}
+			btlogger('openssl_verify: key: ' . $key, LOGGER_DEBUG, LOG_ERR);
+		}
+
+		return (($verify > 0) ? true : false);
+	}
+
+	public static function encapsulate($data, $pubkey, $alg) {
+
+		if (!($alg && $pubkey)) {
+			return $data;
+		}
+
+		$alg_base = $alg;
+		$padding  = OPENSSL_PKCS1_PADDING;
+
+		$exts = explode('.', $alg);
+		if (count($exts) > 1) {
+			switch ($exts[1]) {
+				case 'oaep':
+					$padding = OPENSSL_PKCS1_OAEP_PADDING;
+					break;
+				default:
+					break;
+			}
+			$alg_base = $exts[0];
+		}
+
+		$method = null;
+
+		foreach (self::$openssl_algorithms as $ossl) {
+			if ($ossl[0] === $alg_base) {
+				$method = $ossl;
+				break;
+			}
+		}
+
+		if ($method) {
+			$result = ['encrypted' => true];
+
+			$key = openssl_random_pseudo_bytes(256);
+			$iv  = openssl_random_pseudo_bytes(256);
+
+			$key1 = substr($key, 0, $method[2]);
+			$iv1  = substr($iv, 0, $method[3]);
+
+			$result['data'] = base64url_encode(openssl_encrypt($data, $method[1], $key1, OPENSSL_RAW_DATA, $iv1), true);
+
+			openssl_public_encrypt($key, $k, $pubkey, $padding);
+			openssl_public_encrypt($iv, $i, $pubkey, $padding);
+
+			$result['alg'] = $alg;
+			$result['key'] = base64url_encode($k, true);
+			$result['iv']  = base64url_encode($i, true);
+			return $result;
+
+		}
+		else {
+			$x = ['data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data];
+			call_hooks('crypto_encapsulate', $x);
+			return $x['result'];
+		}
+	}
+
+	public static function unencapsulate($data, $prvkey) {
+
+		if (!(is_array($data) && array_key_exists('encrypted', $data) && array_key_exists('alg', $data) && $data['alg'])) {
+			logger('not encrypted');
+
+			return $data;
+		}
+
+		$alg_base = $data['alg'];
+		$padding  = OPENSSL_PKCS1_PADDING;
+
+		$exts = explode('.', $data['alg']);
+		if (count($exts) > 1) {
+			switch ($exts[1]) {
+				case 'oaep':
+					$padding = OPENSSL_PKCS1_OAEP_PADDING;
+					break;
+				default:
+					break;
+			}
+			$alg_base = $exts[0];
+		}
+
+		$method = null;
+
+		foreach (self::$openssl_algorithms as $ossl) {
+			if ($ossl[0] === $alg_base) {
+				$method = $ossl;
+				break;
+			}
+		}
+
+		if ($method) {
+			openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey, $padding);
+			openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey, $padding);
+			return openssl_decrypt(base64url_decode($data['data']), $method[1], substr($k, 0, $method[2]), OPENSSL_RAW_DATA, substr($i, 0, $method[3]));
+		}
+		else {
+			$x = ['data' => $data, 'prvkey' => $prvkey, 'alg' => $data['alg'], 'result' => $data];
+			call_hooks('crypto_unencapsulate', $x);
+			return $x['result'];
+		}
+	}
+}
--- a/Zotlabs/Lib/DB_Upgrade.php
+++ b/Zotlabs/Lib/DB_Upgrade.php
@@ -58,10 +58,15 @@ class DB_Upgrade {
 					

 					$c =  new $cls();
+
 					$retval = $c->run();

 					if($retval != UPDATE_SUCCESS) {

+
+						$source = t('Source code of failed update: ') . "\n\n" . @file_get_contents('Zotlabs/Update/' . $s . '.php');
+												
+
 						// Prevent sending hundreds of thousands of emails by creating
 						// a lockfile.  

@@ -86,7 +91,9 @@ class DB_Upgrade {
 										'$sitename' => \App::$config['system']['sitename'],
 										'$siteurl' =>  z_root(),
 										'$update' => $x,
-										'$error' => sprintf( t('Update %s failed. See error logs.'), $x)
+										'$error' => sprintf( t('Update %s failed. See error logs.'), $x),
+										'$baseurl' => z_root(),
+										'$source' => $source
 									]
 								)
 							]
--- a/Zotlabs/Lib/DReport.php
+++ b/Zotlabs/Lib/DReport.php
@@ -14,6 +14,7 @@ class DReport {
 		$this->location   = $location;
 		$this->sender     = $sender;
 		$this->recipient  = $recipient;
+		$this->name       = EMPTY_STR;
 		$this->message_id = $message_id;
 		$this->status     = $status;
 		$this->date       = datetime_convert();
@@ -24,8 +25,8 @@ class DReport {
 		$this->date       = datetime_convert();
 	}

-	function addto_recipient($name) {
-		$this->recipient = $this->recipient . ' ' . $name;
+	function set_name($name) {
+		$this->name = $name;
 	}

 	function addto_update($status) {
@@ -37,6 +38,7 @@ class DReport {
 		$this->location   = $arr['location'];
 		$this->sender     = $arr['sender'];
 		$this->recipient  = $arr['recipient'];
+		$this->name       = $arr['name'];
 		$this->message_id = $arr['message_id'];
 		$this->status     = $arr['status'];
 		$this->date       = $arr['date'];
@@ -47,9 +49,99 @@ class DReport {
 			'location'   => $this->location,
 			'sender'     => $this->sender,
 			'recipient'  => $this->recipient,
+			'name'       => $this->name,
 			'message_id' => $this->message_id,
 			'status'     => $this->status,
 			'date'       => $this->date
 		);
 	}
+
+	/**
+	 * @brief decide whether to store a returned delivery report
+	 *
+	 * @param array $dr
+	 * @return boolean
+	 */
+
+	static function is_storable($dr) {
+
+		if(get_config('system', 'disable_dreport'))
+			return false;
+
+		/**
+		 * @hooks dreport_is_storable
+		 *   Called before storing a dreport record to determine whether to store it.
+		 *   * \e array
+		 */
+
+		call_hooks('dreport_is_storable', $dr);
+
+		// let plugins accept or reject - if neither, continue on
+		if(array_key_exists('accept',$dr) && intval($dr['accept']))
+			return true;
+		if(array_key_exists('reject',$dr) && intval($dr['reject']))
+			return false;
+
+		if(! ($dr['sender']))
+			return false;
+
+		// Is the sender one of our channels?
+
+		$c = q("select channel_id from channel where channel_hash = '%s' or channel_portable_id = '%s' limit 1",
+			dbesc($dr['sender']),
+			dbesc($dr['sender'])
+		);
+
+		if(! $c)
+			return false;
+
+		// legacy zot recipients add a space and their name to the xchan. remove it if true.
+
+		$legacy_recipient = strpos($dr['recipient'], ' ');
+		if($legacy_recipient !== false) {
+			$legacy_recipient_parts = explode(' ', $dr['recipient'], 2);
+			$rxchan = $legacy_recipient_parts[0];
+		}
+		else {
+			$rxchan = $dr['recipient'];
+		}
+
+
+
+		// is the recipient one of our connections, or do we want to store every report?
+
+		$pcf = get_pconfig($c[0]['channel_id'],'system','dreport_store_all');
+		if($pcf)
+			return true;
+
+		// We always add ourself as a recipient to private and relayed posts
+		// So if a remote site says they can't find us, that's no big surprise
+		// and just creates a lot of extra report noise
+
+		if(($dr['location'] !== z_root()) && ($dr['sender'] === $rxchan) && ($dr['status'] === 'recipient not found'))
+			return false;
+
+		// If you have a private post with a recipient list, every single site is going to report
+		// back a failed delivery for anybody on that list that isn't local to them. We're only
+		// concerned about this if we have a local hubloc record which says we expected them to
+		// have a channel on that site.
+
+		$r = q("select hubloc_id from hubloc where hubloc_hash = '%s' and hubloc_url = '%s'",
+			dbesc($rxchan),
+			dbesc($dr['location'])
+		);
+		if((! $r) && ($dr['status'] === 'recipient_not_found'))
+			return false;
+
+		$r = q("select abook_id from abook where abook_xchan = '%s' and abook_channel = %d limit 1",
+			dbesc($rxchan),
+			intval($c[0]['channel_id'])
+		);
+		if($r)
+			return true;
+
+		return false;
+	}
+
+
 }
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -43,7 +43,7 @@ class Enotify {
 				dbesc($params['to_xchan'])
 			);
 		}
-		if ($x & $y) {
+		if ($x && $y) {
 			$sender = $x[0];
 			$recip = $y[0];
 		} else {
@@ -64,7 +64,7 @@ class Enotify {
 		$sitename   = get_config('system','sitename');
 		$site_admin = sprintf( t('%s Administrator'), $sitename);
 		$opt_out1   = sprintf( t('This email was sent by %1$s at %2$s.'), t('$Projectname'), \App::get_hostname());
-		$opt_out2   = sprintf( t('To stop receiving these messages, please adjust your Notification Settings at %s'), z_root() . '/settings');		
+		$opt_out2   = sprintf( t('To stop receiving these messages, please adjust your Notification Settings at %s'), z_root() . '/settings');
 		$hopt_out2  = sprintf( t('To stop receiving these messages, please adjust your %s.'), '<a href="' . z_root() . '/settings' . '">' . t('Notification Settings')  . '</a>');
 		$sender_name = $product;
 		$hostname = \App::get_hostname();
@@ -80,7 +80,7 @@ class Enotify {
 		$sender_email = get_config('system','from_email');
 		if(! $sender_email)
 			$sender_email = 'Administrator' . '@' . $hostname;
-	
+
 		$sender_name = get_config('system','from_email_name');
 		if(! $sender_name)
 			$sender_name = \Zotlabs\Lib\System::get_site_name();
@@ -108,7 +108,7 @@ class Enotify {
 				logger('notification invoked for an old item which may have been refetched.',LOGGER_DEBUG,LOG_INFO);
 				return;
 			}
-		} 
+		}
 		else {
 			$title = $body = '';
 		}
@@ -143,19 +143,26 @@ class Enotify {

 		$action = t('commented on');

-		if(array_key_exists('item',$params) && in_array($params['item']['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
+		if(array_key_exists('item',$params)) {
+
+			if(in_array($params['item']['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) {
+
+				if(! $always_show_in_notices || !($vnotify & VNOTIFY_LIKE)) {
+					logger('notification: not a visible activity. Ignoring.');
+					pop_lang();
+					return;
+				}
+
+				if(activity_match($params['verb'], ACTIVITY_LIKE))
+					$action = t('liked');
+
+				if(activity_match($params['verb'], ACTIVITY_DISLIKE))
+					$action = t('disliked');

-			if(! $always_show_in_notices || !($vnotify & VNOTIFY_LIKE)) {
-				logger('notification: not a visible activity. Ignoring.');
-				pop_lang();
-				return;
 			}

-			if(activity_match($params['verb'], ACTIVITY_LIKE))
-				$action = t('liked');
-
-			if(activity_match($params['verb'], ACTIVITY_DISLIKE))
-				$action = t('disliked');
+			if($params['item']['obj_type'] === 'Answer')
+				$action = t('voted on');

 		}

@@ -174,7 +181,7 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+

 		// if it's a post figure out who's post it is.

@@ -212,7 +219,7 @@ class Enotify {
 				$itemlink,
 				$p[0]['author']['xchan_name'],
 				$item_post_type);
-		
+
 		// "your post"
 		if($p[0]['owner']['xchan_name'] == $p[0]['author']['xchan_name'] && intval($p[0]['item_wall']))
 			$dest_str = sprintf(t('%1$s %2$s [zrl=%3$s]your %4$s[/zrl]'),
@@ -223,15 +230,15 @@ class Enotify {

 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
-		// Before this we have the name of the replier on the subject rendering 
+		// Before this we have the name of the replier on the subject rendering
 		// differents subjects for messages on the same thread.

 		if($moderated)
 			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		else
 			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']); 
-		$epreamble = $dest_str; 
+		$preamble = sprintf( t('%1$s commented on an item/conversation you have been following.'), $sender['xchan_name']);
+		$epreamble = $dest_str;

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -240,7 +247,7 @@ class Enotify {
 			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
 			$hsitelink .= "<br><br>" . sprintf( t('Please visit %s to approve or reject this comment.'), '<a href="' . z_root() . '/moderate">' . z_root() . '/moderate</a>' );
 		}
-		
+
 	}

 	if ($params['type'] == NOTIFY_LIKE) {
@@ -271,7 +278,7 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+

 		// if it's a post figure out who's post it is.

@@ -307,12 +314,12 @@ class Enotify {

 		// Some mail softwares relies on subject field for threading.
 		// So, we cannot have different subjects for notifications of the same thread.
-		// Before this we have the name of the replier on the subject rendering 
+		// Before this we have the name of the replier on the subject rendering
 		// differents subjects for messages on the same thread.

 		$subject = sprintf( t('[$Projectname:Notify] Like received to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
-		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']); 
-		$epreamble = $dest_str; 
+		$preamble = sprintf( t('%1$s liked an item/conversation you created.'), $sender['xchan_name']);
+		$epreamble = $dest_str;

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -328,7 +335,7 @@ class Enotify {

 		$epreamble = sprintf( t('%1$s posted to [zrl=%2$s]your wall[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -348,12 +355,12 @@ class Enotify {
 			pop_lang();
 			return;
 		}
-	
+
 		$subject =	sprintf( t('[$Projectname:Notify] %s tagged you') , $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s tagged you at %2$s') , $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s [zrl=%2$s]tagged you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -366,7 +373,7 @@ class Enotify {
 		$preamble = sprintf( t('%1$s poked you at %2$s') , $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s [zrl=%2$s]poked you[/zrl].') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$params['link']); 
+			$params['link']);

 		$subject = str_replace('poked', t($params['activity']), $subject);
 		$preamble = str_replace('poked', t($params['activity']), $preamble);
@@ -383,7 +390,7 @@ class Enotify {
 		$preamble = sprintf( t('%1$s tagged your post at %2$s'),$sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('%1$s tagged [zrl=%2$s]your post[/zrl]') ,
 			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]',
-			$itemlink); 
+			$itemlink);

 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
@@ -393,10 +400,10 @@ class Enotify {

 	if ($params['type'] == NOTIFY_INTRO) {
 		$subject = sprintf( t('[$Projectname:Notify] Introduction received'));
-		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$preamble = sprintf( t('You\'ve received an new connection request from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a new connection request[/zrl] from %2$s.'),
 			$siteurl . '/connections/ifpending',
-			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
+			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]');
 		$body = sprintf( t('You may visit their profile at %s'),$sender['xchan_url']);

 		$sitelink = t('Please visit %s to approve or reject the connection request.');
@@ -407,11 +414,11 @@ class Enotify {

 	if ($params['type'] == NOTIFY_SUGGEST) {
 		$subject = sprintf( t('[$Projectname:Notify] Friend suggestion received'));
-		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename); 
+		$preamble = sprintf( t('You\'ve received a friend suggestion from \'%1$s\' at %2$s'), $sender['xchan_name'], $sitename);
 		$epreamble = sprintf( t('You\'ve received [zrl=%1$s]a friend suggestion[/zrl] for %2$s from %3$s.'),
 			$itemlink,
 			'[zrl=' . $params['item']['url'] . ']' . $params['item']['name'] . '[/zrl]',
-			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]'); 
+			'[zrl=' . $sender['xchan_url'] . ']' . $sender['xchan_name'] . '[/zrl]');

 		$body = t('Name:') . ' ' . $params['item']['name'] . "\n";
 		$body .= t('Photo:') . ' ' . $params['item']['photo'] . "\n";
@@ -455,7 +462,7 @@ class Enotify {
 	$sitelink  = $h['sitelink'];
 	$tsitelink = $h['tsitelink'];
 	$hsitelink = $h['hsitelink'];
-	$itemlink  = $h['itemlink']; 
+	$itemlink  = $h['itemlink'];


 	require_once('include/html2bbcode.php');
@@ -503,7 +510,7 @@ class Enotify {
 	// Mark some notifications as seen right away
 	// Note! The notification have to be created, because they are used to send emails
 	// So easiest solution to hide them from Notices is to mark them as seen right away.
-	// Another option would be to not add them to the DB, and change how emails are handled 
+	// Another option would be to not add them to the DB, and change how emails are handled
 	// (probably would be better that way)

 	if (!$always_show_in_notices) {
@@ -548,7 +555,12 @@ class Enotify {
 	// wretched hack, but we don't want to duplicate all the preamble variations and we also don't want to screw up a translation

 	if ((\App::$language === 'en' || (! \App::$language)) && strpos($msg,', '))
-		$msg = substr($msg,strpos($msg,', ')+1);	
+		$msg = substr($msg,strpos($msg,', ')+1);
+
+	$datarray['id'] = $notify_id;
+	$datarray['msg'] = $msg;
+
+	call_hooks('enotify_store_end', $datarray);

 	$r = q("update notify set msg = '%s' where id = %d and uid = %d",
 		dbesc($msg),
@@ -575,12 +587,12 @@ class Enotify {
 		$htmlversion = bbcode(stripslashes(str_replace(array("\\r","\\n"), array("","<br />\n"),$body)));


-		// use $_SESSION['zid_override'] to force zid() to use 
+		// use $_SESSION['zid_override'] to force zid() to use
 		// the recipient address instead of the current observer

 		$_SESSION['zid_override'] = channel_reddress($recip);
 		$_SESSION['zrl_override'] = z_root() . '/channel/' . $recip['channel_address'];
-		
+
 		$textversion = zidify_links($textversion);
 		$htmlversion = zidify_links($htmlversion);

@@ -742,7 +754,7 @@ class Enotify {
 			return $params['result'];
 		}

-		$fromName = email_header_encode(html_entity_decode($params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8'); 
+		$fromName = email_header_encode(html_entity_decode($params['fromName'],ENT_QUOTES,'UTF-8'),'UTF-8');
 		$messageSubject = email_header_encode(html_entity_decode($params['messageSubject'],ENT_QUOTES,'UTF-8'),'UTF-8');

 		// generate a mime boundary
@@ -754,9 +766,9 @@ class Enotify {
 		// generate a multipart/alternative message header
 		$messageHeader =
 			$params['additionalMailHeader'] .
-			"From: $fromName <{$params['fromEmail']}>\n" .
-			"Reply-To: $fromName <{$params['replyTo']}>\n" .
-			"MIME-Version: 1.0\n" .
+			"From: $fromName <{$params['fromEmail']}>" . PHP_EOL .
+			"Reply-To: $fromName <{$params['replyTo']}>" . PHP_EOL .
+			"MIME-Version: 1.0" . PHP_EOL .
 			"Content-Type: multipart/alternative; boundary=\"{$mimeBoundary}\"";

 		// assemble the final multipart message body with the text and html types included
@@ -764,15 +776,15 @@ class Enotify {
 		$htmlBody = chunk_split(base64_encode($params['htmlVersion']));

 		$multipartMessageBody =
-			"--" . $mimeBoundary . "\n" .					// plain text section
-			"Content-Type: text/plain; charset=UTF-8\n" .
-			"Content-Transfer-Encoding: base64\n\n" .
-			$textBody . "\n" .
-			"--" . $mimeBoundary . "\n" .					// text/html section
-			"Content-Type: text/html; charset=UTF-8\n" .
-			"Content-Transfer-Encoding: base64\n\n" .
-			$htmlBody . "\n" .
-			"--" . $mimeBoundary . "--\n";					// message ending
+			"--" . $mimeBoundary . PHP_EOL .					// plain text section
+			"Content-Type: text/plain; charset=UTF-8" . PHP_EOL .
+			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL .
+			$textBody . PHP_EOL .
+			"--" . $mimeBoundary . PHP_EOL .					// text/html section
+			"Content-Type: text/html; charset=UTF-8" . PHP_EOL .
+			"Content-Transfer-Encoding: base64" . PHP_EOL . PHP_EOL .
+			$htmlBody . PHP_EOL .
+			"--" . $mimeBoundary . "--" . PHP_EOL;					// message ending

 		// send the message
 		$res = mail(
@@ -791,7 +803,7 @@ class Enotify {

 		require_once('include/conversation.php');

-		// Call localize_item to get a one line status for activities. 
+		// Call localize_item to get a one line status for activities.
 		// This should set $item['localized'] to indicate we have a brief summary.
 		// and perhaps $item['shortlocalized'] for an even briefer summary

@@ -805,8 +817,17 @@ class Enotify {
 		}
 		else {
 			$itemem_text = (($item['item_thread_top'])
-				? t('created a new post')
-				: sprintf( t('commented on %s\'s post'), $item['owner']['xchan_name']));
+				? (($item['obj_type'] === 'Question') ? t('created a new poll') : t('created a new post'))
+				: (($item['obj_type'] === 'Answer') ? sprintf( t('voted on %s\'s poll'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]') : sprintf( t('commented on %s\'s post'), '[bdi]' . $item['owner']['xchan_name'] . '[/bdi]'))
+			);
+
+			if($item['verb'] === ACTIVITY_SHARE) {
+				$itemem_text = sprintf( t('repeated %s\'s post'), '[bdi]' . $item['author']['xchan_name'] . '[/bdi]');
+			}
+
+			if(in_array($item['obj_type'], ['Document', 'Video', 'Audio', 'Image'])) {
+				$itemem_text = t('shared a file with you');
+			}
 		}

 		$edit = false;
@@ -825,19 +846,147 @@ class Enotify {

 		// convert this logic into a json array just like the system notifications

-		return array(
+		$who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author');
+
+		$x = array(
 			'notify_link' => $item['llink'],
-			'name' => $item['author']['xchan_name'],
-			'url' => $item['author']['xchan_url'],
-			'photo' => $item['author']['xchan_photo_s'],
-			'when' => relative_date(($edit)? $item['edited'] : $item['created']), 
+			'name' => $item[$who]['xchan_name'],
+			'addr' => (($item[$who]['xchan_addr']) ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url']),
+			'url' => $item[$who]['xchan_url'],
+			'photo' => $item[$who]['xchan_photo_s'],
+			'when' => (($edit) ? datetime_convert('UTC', date_default_timezone_get(), $item['edited']) : datetime_convert('UTC', date_default_timezone_get(), $item['created'])),
 			'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'),
-			'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
-			'notify_id' => 'undefined',
+			'b64mid' => (($item['mid']) ? 'b64.' . base64url_encode($item['mid']) : ''),
+			//'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])),
 			'thread_top' => (($item['item_thread_top']) ? true : false),
-			'message' => strip_tags(bbcode($itemem_text))
+			'message' => bbcode(escape_tags($itemem_text)),
+			'body' =>  htmlentities(html2plain(bbcode($item['body']), 75, true), ENT_QUOTES, 'UTF-8', false),
+			// these are for the superblock addon
+			'hash' => $item[$who]['xchan_hash'],
+			'uid' => $item['uid'],
+			'display' => true
 		);

+		call_hooks('enotify_format',$x);
+		if(! $x['display']) {
+			return [];
+		}
+
+		return $x;
+	}
+
+	static public function format_notify($tt) {
+
+		$message = trim(strip_tags(bbcode($tt['msg'])));
+
+		if(strpos($message, $tt['xname']) === 0)
+			$message = substr($message, strlen($tt['xname']) + 1);
+
+		$mid = basename($tt['link']);
+
+		$b64mid = ((strpos($mid, 'b64.') === 0) ? $mid : 'b64.' . base64url_encode($mid));
+		$x = [
+			'notify_link' => z_root() . '/notify/view/' . $tt['id'],
+			'name' => $tt['xname'],
+			'url' => $tt['url'],
+			'photo' => $tt['photo'],
+			'when' => datetime_convert('UTC', date_default_timezone_get(), $tt['created']),
+			'hclass' => (($tt['seen']) ? 'notify-seen' : 'notify-unseen'),
+			'b64mid' => (($tt['otype'] == 'item') ? $b64mid : ''),
+			'notify_id' => (($tt['otype'] == 'item') ? $tt['id'] : ''),
+			'message' => $message
+		];
+
+		return $x;
+
 	}

+	static public function format_intros($rr) {
+
+		$x = [
+			'notify_link' => z_root() . '/connections/ifpending',
+			'name' => $rr['xchan_name'],
+			'addr' => $rr['xchan_addr'],
+			'url' => $rr['xchan_url'],
+			'photo' => $rr['xchan_photo_s'],
+			'when' => datetime_convert('UTC', date_default_timezone_get(), $rr['abook_created']),
+			'hclass' => ('notify-unseen'),
+			'message' => t('added your channel')
+		];
+
+		return $x;
+
+	}
+
+	static public function format_files($rr) {
+
+		$x = [
+			'notify_link' => z_root() . '/sharedwithme',
+			'name' => $rr['author']['xchan_name'],
+			'addr' => $rr['author']['xchan_addr'],
+			'url' => $rr['author']['xchan_url'],
+			'photo' => $rr['author']['xchan_photo_s'],
+			'when' => datetime_convert('UTC', date_default_timezone_get(), $rr['created']),
+			'hclass' => ('notify-unseen'),
+			'message' => t('shared a file with you')
+		];
+
+		return $x;
+
+	}
+
+	static public function format_mail($rr) {
+
+		$x = [
+			'notify_link' => z_root() . '/mail/' . $rr['id'],
+			'name' => $rr['xchan_name'],
+			'addr' => $rr['xchan_addr'],
+			'url' => $rr['xchan_url'],
+			'photo' => $rr['xchan_photo_s'],
+			'when' => datetime_convert('UTC', date_default_timezone_get(), $rr['created']),
+			'hclass' => (intval($rr['mail_seen']) ? 'notify-seen' : 'notify-unseen'),
+			'message' => t('sent you a private message'),
+		];
+
+		return $x;
+
+	}
+
+	static public function format_all_events($rr) {
+
+		$bd_format = t('g A l F d') ; // 8 AM Friday January 18
+		$strt = datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['dtstart']);
+		$today = ((substr($strt, 0, 10) === datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d')) ? true : false);
+		$when = day_translate(datetime_convert('UTC', (($rr['adjust']) ? date_default_timezone_get() : 'UTC'), $rr['dtstart'], $bd_format)) . (($today) ?  ' ' . t('[today]') : '');
+
+		$x = [
+			'notify_link' => z_root() . '/cdav/calendar/' . $rr['event_hash'],
+			'name'        => $rr['xchan_name'],
+			'addr'        => $rr['xchan_addr'],
+			'url'         => $rr['xchan_url'],
+			'photo'       => $rr['xchan_photo_s'],
+			'when'        => $when,
+			'hclass'      => (($today) ? 'notify-unseen bg-warning' : 'notify-unseen'),
+			'message'     => t('created an event')
+		];
+
+		return $x;
+
+	}
+
+	static public function format_register($rr) {
+
+		$x = [
+			'notify_link' => z_root() . '/admin/accounts',
+			'name' => $rr['account_email'],
+			//'addr' => $rr['account_email'],
+			'photo' => z_root() . '/' . get_default_profile_photo(48),
+			'when' => datetime_convert('UTC', date_default_timezone_get(),$rr['account_created']),
+			'hclass' => ('notify-unseen'),
+			'message' => t('requires approval')
+		];
+
+		return $x;
+
+	}
 }
--- a/Zotlabs/Lib/Hashpath.php
+++ b/Zotlabs/Lib/Hashpath.php
@@ -0,0 +1,55 @@
+<?php
+namespace Zotlabs\Lib;
+
+/*
+ * Zotlabs\Lib\Hashpath
+ *
+ * Creates hashed directory structures for fast access and resistance to overloading any single directory with files.
+ *
+ * Takes a $hash which could be any string
+ * a $prefix which is where to place the hash directory in the filesystem, default is current directory
+ * use an empty string for $prefix to place hash directories directly off the root directory
+ * an optional $depth and $slice (default is 2) to indicate the hash level
+ * $depth = 1, 256 directories, suitable for < 384K records/files
+ * $depth = 2, 65536 directories, suitable for < 98M records/files
+ * $depth = 3, 16777216 directories, suitable for < 2.5B records/files
+ * ...
+ * The total number of records anticipated divided by the number of hash directories should generally be kept to
+ * less than 1500 entries for optimum performance though this varies by operating system and filesystem type.
+ * ext4 uses 32 bit inode numbers (~4B record limit) so use caution or alternative filesystem types with $depth above 3. 
+ * an optional $mkdir (boolean) to recursively create the directory (ignoring errors) before returning
+ *
+ * examples: for a $hash of 'abcdefg' and prefix of 'path' the following paths are returned for $depth = 1 and $depth = 3
+ *    path/7d/7d1a54127b222502f5b79b5fb0803061152a44f92b37e23c6527baf665d4da9a
+ *    path/7d/1a/54/7d1a54127b222502f5b79b5fb0803061152a44f92b37e23c6527baf665d4da9a
+ *
+ * see also: boot.php:os_mkdir() - here we provide the equivalent of mkdir -p with permissions of 770. 
+ *
+ */
+ 
+class Hashpath {
+
+	static function path($hash, $prefix = '.', $depth = 1, $slice = 2, $mkdir = true, $alg = false) {
+
+		if ($alg)
+			$hash = hash($alg, $hash);
+
+		$start = 0;
+		if ($depth < 1)
+			$depth = 1;
+		$sluglen = $depth * $slice;
+
+		do {
+			$slug	  = substr($hash, $start, $slice);
+			$prefix  .= '/' . $slug;
+			$start	 += $slice;
+			$sluglen -= $slice;
+		}
+		while ($sluglen);
+
+		if ($mkdir)
+			os_mkdir($prefix, STORAGE_DEFAULT_PERMISSIONS, true);
+		
+		return $prefix . '/' . $hash;
+	}
+}
--- a/Zotlabs/Lib/JSalmon.php
+++ b/Zotlabs/Lib/JSalmon.php
@@ -2,15 +2,13 @@

 namespace Zotlabs\Lib;

+use Zotlabs\Web\HTTPSig;

 class JSalmon {

-	static function sign($data,$key_id,$key) {
+	static function sign($data,$key_id,$key,$data_type = 'application/x-zot+json') {

-		$arr       = $data;
-		$data      = json_encode($data,JSON_UNESCAPED_SLASHES);
-		$data      = base64url_encode($data, false); // do not strip padding
-		$data_type = 'application/x-zot+json';
+		$data      = base64url_encode(json_encode($data,true),true); // strip padding
 		$encoding  = 'base64url';
 		$algorithm = 'RSA-SHA256';

@@ -18,9 +16,9 @@ class JSalmon {

 		// precomputed base64url encoding of data_type, encoding, algorithm concatenated with periods

-		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';
+		$precomputed = '.' . base64url_encode($data_type,true) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng';

-		$signature  = base64url_encode(rsa_sign($data . $precomputed, $key), false);
+		$signature  = base64url_encode(Crypto::sign($data . $precomputed, $key), true);

 		return ([
 			'signed'    => true,
@@ -30,9 +28,45 @@ class JSalmon {
 			'alg'       => $algorithm,
 			'sigs'      => [
 				'value'  => $signature,
-				'key_id' => base64url_encode($key_id)
+				'key_id' => base64url_encode($key_id, true)
 			]
 		]);

 	}
-}
+
+	static function verify($x) {
+
+		logger('verify');
+		$ret = [ 'results' => [] ];
+
+		if(! is_array($x)) {
+			return false;
+		}
+		if(! ( array_key_exists('signed',$x) && $x['signed'])) {
+			return false;
+		}
+
+		$signed_data = preg_replace('/\s+/','',$x['data']) . '.'
+			. base64url_encode($x['data_type'],true) . '.'
+			. base64url_encode($x['encoding'],true) . '.'
+			. base64url_encode($x['alg'],true);
+
+		$key = HTTPSig::get_key(EMPTY_STR,'zot6',base64url_decode($x['sigs']['key_id']));
+		 logger('key: ' . print_r($key,true));
+		if($key['portable_id'] && $key['public_key']) {
+			if(Crypto::verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) {
+				logger('verified');
+				$ret = [ 'success' => true, 'signer' => $key['portable_id'], 'hubloc' => $key['hubloc'] ];
+			}
+		}
+
+		return $ret;
+
+	}
+
+	static function unpack($data) {
+		return json_decode(base64url_decode($data),true);
+	}
+
+
+}
--- a/Zotlabs/Lib/Keyutils.php
+++ b/Zotlabs/Lib/Keyutils.php
@@ -0,0 +1,99 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use phpseclib\Crypt\RSA;
+use phpseclib\Math\BigInteger;
+
+/**
+ * Keyutils
+ * Convert RSA keys between various formats
+ */
+class Keyutils {
+
+	/**
+	 * @param string $m modulo
+	 * @param string $e exponent
+	 * @return string
+	 */
+	public static function meToPem($m, $e) {
+
+		$rsa = new RSA();
+		$rsa->loadKey([
+			'e' => new BigInteger($e, 256),
+			'n' => new BigInteger($m, 256)
+		]);
+		return $rsa->getPublicKey();
+
+	}
+
+	/**
+	 * @param string key
+	 * @return string
+	 */
+	public static function rsaToPem($key) {
+
+		$rsa = new RSA();
+		$rsa->setPublicKey($key);
+
+		return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS8);
+
+	}
+
+	/**
+	 * @param string key
+	 * @return string
+	 */
+	public static function pemToRsa($key) {
+
+		$rsa = new RSA();
+		$rsa->setPublicKey($key);
+
+		return $rsa->getPublicKey(RSA::PUBLIC_FORMAT_PKCS1);
+
+	}
+
+	/**
+	 * @param string $key key
+	 * @param string $m reference modulo
+	 * @param string $e reference exponent
+	 */
+	public static function pemToMe($key, &$m, &$e) {
+
+		$rsa = new RSA();
+		$rsa->loadKey($key);
+		$rsa->setPublicKey();
+
+		$m = $rsa->modulus->toBytes();
+		$e = $rsa->exponent->toBytes();
+
+	}
+
+	/**
+	 * @param string $pubkey
+	 * @return string
+	 */
+	public static function salmonKey($pubkey) {
+		self::pemToMe($pubkey, $m, $e);
+		return 'RSA' . '.' . base64url_encode($m, true) . '.' . base64url_encode($e, true);
+	}
+
+	/**
+	 * @param string $key
+	 * @return string
+	 */
+	public static function convertSalmonKey($key) {
+		if (strstr($key, ','))
+			$rawkey = substr($key, strpos($key, ',') + 1);
+		else
+			$rawkey = substr($key, 5);
+
+		$key_info = explode('.', $rawkey);
+
+		$m = base64url_decode($key_info[1]);
+		$e = base64url_decode($key_info[2]);
+
+		return self::meToPem($m, $e);
+	}
+
+}
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@@ -12,7 +12,7 @@ class LDSignatures {
 		$ohash = self::hash(self::signable_options($data['signature']));
 		$dhash = self::hash(self::signable_data($data));

-		$x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
+		$x = Crypto::verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey);
 		logger('LD-verify: ' . intval($x));

 		return $x;
@@ -29,17 +29,17 @@ class LDSignatures {
 		$options = [
 			'type' => 'RsaSignature2017',
 			'nonce' => random_string(64),
-			'creator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
-			'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z')
+			'creator' => z_root() . '/channel/' . $channel['channel_address'],
+			'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\TH:i:s\Z')
 		];

 		$ohash = self::hash(self::signable_options($options));
 		$dhash = self::hash(self::signable_data($data));
-		$options['signatureValue'] = base64_encode(rsa_sign($ohash . $dhash,$channel['channel_prvkey']));
+		$options['signatureValue'] = base64_encode(Crypto::sign($ohash . $dhash,$channel['channel_prvkey']));

 		$signed = array_merge([
-			'@context' => [ 
-				ACTIVITYSTREAMS_JSONLD_REV, 
+			'@context' => [
+				ACTIVITYSTREAMS_JSONLD_REV,
 				'https://w3id.org/security/v1' ],
 			],$options);

@@ -88,12 +88,13 @@ class LDSignatures {
 			return '';

 		jsonld_set_document_loader('jsonld_document_loader');
-	
+
 		try {
 			$d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]);
 		}
 		catch (\Exception $e) {
-			logger('normalise error:' . print_r($e,true));
+			// Don't log the exception - this can exhaust memory
+			// logger('normalise error:' . print_r($e,true));
 			logger('normalise error: ' . print_r($data,true));
 		}

@@ -116,7 +117,7 @@ class LDSignatures {

 		$precomputed = '.' . base64url_encode($data_type,false) . '.YmFzZTY0dXJs.UlNBLVNIQTI1Ng==';

-		$signature  = base64url_encode(rsa_sign($data . $precomputed,$channel['channel_prvkey']));
+		$signature  = base64url_encode(Crypto::sign($data . $precomputed,$channel['channel_prvkey']));

 		return ([
 			'id'          => $arr['id'],
@@ -124,7 +125,7 @@ class LDSignatures {
 			'meDataType'  => $data_type,
 			'meEncoding'  => $encoding,
 			'meAlgorithm' => $algorithm,
-			'meCreator'   => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem',
+			'meCreator'   => z_root() . '/channel/' . $channel['channel_address'],
 			'meSignatureValue' => $signature
 		]);

@@ -132,4 +133,4 @@ class LDSignatures {



-}
+}
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
--- a/Zotlabs/Lib/Libzotdir.php
+++ b/Zotlabs/Lib/Libzotdir.php
@@ -3,6 +3,8 @@
 namespace Zotlabs\Lib;

 use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\Zotfinger;
+use Zotlabs\Lib\Webfinger;

 require_once('include/permissions.php');

@@ -17,7 +19,6 @@ class Libzotdir {
 	 */

 	static function find_upstream_directory($dirmode) {
-		global $DIRECTORY_FALLBACK_SERVERS;

 		$preferred = get_config('system','directory_server');

@@ -29,7 +30,7 @@ class Libzotdir {
 			);
 			if(($r) && ($r[0]['site_flags'] & DIRECTORY_MODE_STANDALONE)) {
 				$preferred = '';
-			}		
+			}
 		}


@@ -40,19 +41,21 @@ class Libzotdir {
 			 * from our list of directory servers. However, if we're a directory
 			 * server ourself, point at the local instance
 			 * We will then set this value so this should only ever happen once.
-			 * Ideally there will be an admin setting to change to a different 
+			 * Ideally there will be an admin setting to change to a different
 			 * directory server if you don't like our choice or if circumstances change.
 			 */

+			$directory_fallback_servers = get_directory_fallback_servers();
+
 			$dirmode = intval(get_config('system','directory_mode'));
 			if ($dirmode == DIRECTORY_MODE_NORMAL) {
-				$toss = mt_rand(0,count($DIRECTORY_FALLBACK_SERVERS));
-				$preferred = $DIRECTORY_FALLBACK_SERVERS[$toss];
+				$toss = mt_rand(0,count($directory_fallback_servers));
+				$preferred = $directory_fallback_servers[$toss];
 				if(! $preferred) {
 					$preferred = DIRECTORY_FALLBACK_MASTER;
 				}
 				set_config('system','directory_server',$preferred);
-			} 
+			}
 			else {
 				set_config('system','directory_server',z_root());
 			}
@@ -106,7 +109,7 @@ class Libzotdir {
 			$ret = get_config('directory', $setting);


-		// 'safemode' is the default if there is no observer or no established preference. 
+		// 'safemode' is the default if there is no observer or no established preference.

 		if($setting === 'safemode' && $ret === false)
 			$ret = 1;
@@ -173,8 +176,8 @@ class Libzotdir {
 	 *
 	 * Checks the directory mode of this hub to see if it is some form of directory server. If it is,
 	 * get the directory realm of this hub. Fetch a list of all other directory servers in this realm and request
-	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB. 
-	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored 
+	 * a directory sync packet. This will contain both directory updates and new ratings. Store these all in the DB.
+	 * In the case of updates, we will query each of them asynchronously from a poller task. Ratings are stored
 	 * directly if the rater's signature matches.
 	 *
 	 * @param int $dirmode;
@@ -186,16 +189,17 @@ class Libzotdir {
 			return;

 		$realm = get_directory_realm();
+
 		if ($realm == DIRECTORY_REALM) {
-			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') ",
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_type = %d and ( site_realm = '%s' or site_realm = '') and site_dead = 0",
 				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
 				dbesc(z_root()),
 				intval(SITE_TYPE_ZOT),
 				dbesc($realm)
 			);
-		} 
+		}
 		else {
-			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d ",
+			$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s' and site_realm like '%s' and site_type = %d  and site_dead = 0",
 				intval(DIRECTORY_MODE_PRIMARY|DIRECTORY_MODE_SECONDARY),
 				dbesc(z_root()),
 				dbesc(protect_sprintf('%' . $realm . '%')),
@@ -203,6 +207,8 @@ class Libzotdir {
 			);
 		}

+
+
 		// If there are no directory servers, setup the fallback master
 		/** @FIXME What to do if we're in a different realm? */

@@ -212,14 +218,14 @@ class Libzotdir {
 				[
 					'site_url'       => DIRECTORY_FALLBACK_MASTER,
 					'site_flags'     => DIRECTORY_MODE_PRIMARY,
-					'site_update'    => NULL_DATE, 
+					'site_update'    => NULL_DATE,
 					'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
 					'site_realm'     => DIRECTORY_REALM,
 					'site_valid'     => 1,
 				]
 			);

-			$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d ",
+			$r = q("select * from site where site_flags in (%d, %d) and site_url != '%s' and site_type = %d and site_dead = 0",
 				intval(DIRECTORY_MODE_PRIMARY),
 				intval(DIRECTORY_MODE_SECONDARY),
 				dbesc(z_root()),
@@ -243,7 +249,6 @@ class Libzotdir {

 			$syncdate = (($rr['site_sync'] <= NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
 			$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));
-
 			if (! $x['success'])
 				continue;

@@ -271,7 +276,7 @@ class Libzotdir {
 						$ud_flags |= UPDATE_FLAGS_DELETED;
 					if (is_array($t['flags']) && in_array('forced',$t['flags']))
 						$ud_flags |= UPDATE_FLAGS_FORCED;
-	
+
 					$z = q("insert into updates ( ud_hash, ud_guid, ud_date, ud_flags, ud_addr )
 						values ( '%s', '%s', '%s', %d, '%s' ) ",
 						dbesc($t['hash']),
@@ -306,12 +311,13 @@ class Libzotdir {

 		if ($ud['ud_addr'] && (! ($ud['ud_flags'] & UPDATE_FLAGS_DELETED))) {
 			$success = false;
+			$zf = [];

-			$href = \Zotlabs\Lib\Webfinger::zot_url(punify($url));
+			$href = Webfinger::zot_url(punify($ud['ud_addr']));
 			if($href) {
-				$zf = \Zotlabs\Lib\Zotfinger::exec($href);
+				$zf = Zotfinger::exec($href);
 			}
-			if(is_array($zf) && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
+			if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) {
 				$xc = Libzot::import_xchan($zf['data'], 0, $ud);
 			}
 			else {
@@ -336,10 +342,10 @@ class Libzotdir {

 	static function local_dir_update($uid, $force) {

-	
+
 		logger('local_dir_update: uid: ' . $uid, LOGGER_DEBUG);

-		$p = q("select channel.channel_hash, channel_address, channel_timezone, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
+		$p = q("select channel.channel_hash, channel_address, channel_timezone, channel_portable_id, profile.* from profile left join channel on channel_id = uid where uid = %d and is_default = 1",
 			intval($uid)
 		);

@@ -348,10 +354,11 @@ class Libzotdir {

 		if ($p) {
 			$hash = $p[0]['channel_hash'];
+			$legacy_hash = $p[0]['channel_portable_id'];

 			$profile['description'] = $p[0]['pdesc'];
 			$profile['birthday']    = $p[0]['dob'];
-			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))  
+			if ($age = age($p[0]['dob'],$p[0]['channel_timezone'],''))
 				$profile['age'] = $age;

 			$profile['gender']      = $p[0]['gender'];
@@ -381,14 +388,15 @@ class Libzotdir {

 			logger('hidden: ' . $hidden);

-			$r = q("select xchan_hidden from xchan where xchan_hash = '%s' limit 1",
+			$r = q("select xchan_hidden from xchan where xchan_hash = '%s'",
 				dbesc($p[0]['channel_hash'])
 			);

 			if(intval($r[0]['xchan_hidden']) != $hidden) {
-				$r = q("update xchan set xchan_hidden = %d where xchan_hash = '%s'",
+				$r = q("update xchan set xchan_hidden = %d where xchan_hash in ('%s', '%s')",
 					intval($hidden),
-					dbesc($p[0]['channel_hash'])
+					dbesc($hash),
+					dbesc($legacy_hash)
 				);
 			}

@@ -402,14 +410,16 @@ class Libzotdir {
 			}
 			else {
 				// they may have made it private
-				$r = q("delete from xprof where xprof_hash = '%s'",
-					dbesc($hash)
+				q("delete from xprof where xprof_hash in ('%s', '%s')",
+					dbesc($hash),
+					dbesc($legacy_hash)
 				);
-				$r = q("delete from xtag where xtag_hash = '%s'",
-					dbesc($hash)
+				q("delete from xtag where xtag_hash in ('%s', '%s')",
+					dbesc($hash),
+					dbesc($legacy_hash)
 				);
 			}
-	
+
 		}

 		$ud_hash = random_string() . '@' . \App::get_hostname();
@@ -440,7 +450,7 @@ class Libzotdir {
 		$arr['xprof_hash']         = $hash;
 		$arr['xprof_dob']          = (($profile['birthday'] === '0000-00-00') ? $profile['birthday'] : datetime_convert('','',$profile['birthday'],'Y-m-d')); // !!!! check this for 0000 year
 		$arr['xprof_age']          = (($profile['age'])         ? intval($profile['age']) : 0);
-		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');	
+		$arr['xprof_desc']         = (($profile['description']) ? htmlspecialchars($profile['description'], ENT_COMPAT,'UTF-8',false) : '');
 		$arr['xprof_gender']       = (($profile['gender'])      ? htmlspecialchars($profile['gender'],      ENT_COMPAT,'UTF-8',false) : '');
 		$arr['xprof_marital']      = (($profile['marital'])     ? htmlspecialchars($profile['marital'],     ENT_COMPAT,'UTF-8',false) : '');
 		$arr['xprof_sexual']       = (($profile['sexual'])      ? htmlspecialchars($profile['sexual'],      ENT_COMPAT,'UTF-8',false) : '');
@@ -635,7 +645,7 @@ class Libzotdir {
 				dbesc(datetime_convert()),
 				intval($flags),
 				dbesc($addr)
-			);	
+			);
 		}
 		else {
 			q("update updates set ud_flags = ( ud_flags | %d ) where ud_addr = '%s' and not (ud_flags & %d)>0 ",
@@ -651,4 +661,4 @@ class Libzotdir {



-}
+}
--- a/Zotlabs/Lib/MessageFilter.php
+++ b/Zotlabs/Lib/MessageFilter.php
@@ -19,7 +19,7 @@ class MessageFilter {

 		$lang = null;

-		if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false)) {
+		if((strpos($incl,'lang=') !== false) || (strpos($excl,'lang=') !== false) || (strpos($incl,'lang!=') !== false) || (strpos($excl,'lang!=') !== false)) {
 			$lang = detect_language($text);
 		}

@@ -39,10 +39,17 @@ class MessageFilter {
 						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
 							return false;
 				}
+				elseif(substr($word,0,1) === '$' && $tags) {
+					foreach($tags as $t)
+						if(($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return false;
+				}
 				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
 					return false;
 				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
 					return false;
+				elseif((strpos($word,'lang!=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,6))) != 0))
+					return false;
 				elseif(stristr($text,$word) !== false)
 					return false;
 			}
@@ -60,10 +67,17 @@ class MessageFilter {
 						if((($t['ttype'] == TERM_HASHTAG) || ($t['ttype'] == TERM_COMMUNITYTAG)) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
 							return true;
 				}
+				elseif(substr($word,0,1) === '$' && $tags) {
+					foreach($tags as $t)
+						if(($t['ttype'] == TERM_CATEGORY) && (($t['term'] === substr($word,1)) || (substr($word,1) === '*')))
+							return true;
+				}
 				elseif((strpos($word,'/') === 0) && preg_match($word,$text))
 					return true;
 				elseif((strpos($word,'lang=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,5))) == 0))
 					return true;
+				elseif((strpos($word,'lang!=') === 0) && ($lang) && (strcasecmp($lang,trim(substr($word,6))) != 0))
+					return true;
 				elseif(stristr($text,$word) !== false)
 					return true;
 			}
--- a/Zotlabs/Lib/NativeWiki.php
+++ b/Zotlabs/Lib/NativeWiki.php
@@ -2,12 +2,14 @@

 namespace Zotlabs\Lib;

+use Zotlabs\Lib\Libsync;
+
 define ( 'NWIKI_ITEM_RESOURCE_TYPE', 'nwiki' );

 class NativeWiki {


-	static public function listwikis($channel, $observer_hash) {
+	public static function listwikis($channel, $observer_hash) {

 		$sql_extra = item_permissions_sql($channel['channel_id'], $observer_hash);
 		$wikis = q("SELECT * FROM item 
@@ -38,28 +40,19 @@ class NativeWiki {
 	}


-	function create_wiki($channel, $observer_hash, $wiki, $acl) {
+	public static function create_wiki($channel, $observer_hash, $wiki, $acl) {

-		// Generate unique resource_id using the same method as item_message_id()
-		do {
-			$dups = false;
-			$resource_id = random_string();
-			$r = q("SELECT mid FROM item WHERE resource_id = '%s' AND resource_type = '%s' AND uid = %d LIMIT 1", 
-				dbesc($resource_id), 
-				dbesc(NWIKI_ITEM_RESOURCE_TYPE),
-				intval($channel['channel_id'])
-			);
-			if($r)
-				$dups = true;
-		} while($dups == true);
+		$resource_id = new_uuid();
+		$uuid = new_uuid();

 		$ac = $acl->get();
-		$mid = item_message_id();
+		$mid = z_root() . '/item/' . $uuid;

 		$arr = array();	// Initialize the array of parameters for the post
 		$item_hidden = ((intval($wiki['postVisible']) === 0) ? 1 : 0); 
 		$wiki_url = z_root() . '/wiki/' . $channel['channel_address'] . '/' . $wiki['urlName'];
 		$arr['aid'] = $channel['channel_account_id'];
+		$arr['uuid'] = $uuid;
 		$arr['uid'] = $channel['channel_id'];
 		$arr['mid'] = $mid;
 		$arr['parent_mid'] = $mid;
@@ -80,7 +73,7 @@ class NativeWiki {
 		$arr['item_thread_top'] = 1;
 		$arr['item_private'] = intval($acl->is_private());
 		$arr['verb'] = ACTIVITY_CREATE;
-		$arr['obj_type'] = ACTIVITY_OBJ_WIKI;
+		$arr['obj_type'] = 'Document';
 		$arr['body'] = '[table][tr][td][h1]New Wiki[/h1][/td][/tr][tr][td][zrl=' . $wiki_url . ']' . $wiki['htmlName'] . '[/zrl][/td][/tr][/table]';

 		$arr['public_policy'] = map_scope(\Zotlabs\Access\PermissionLimits::Get($channel['channel_id'],'view_wiki'),true);
@@ -108,7 +101,7 @@ class NativeWiki {
 		}
 	}

-	function update_wiki($channel_id, $observer_hash, $arr, $acl) {
+	public static function update_wiki($channel_id, $observer_hash, $arr, $acl) {

 		$w = self::get_wiki($channel_id, $observer_hash, $arr['resource_id']);
 		$item = $w['wiki'];
@@ -163,7 +156,7 @@ class NativeWiki {
 		}
 	}

-	static public function sync_a_wiki_item($uid,$id,$resource_id) {
+	public static function sync_a_wiki_item($uid,$id,$resource_id) {


 		$r = q("SELECT * from item WHERE uid = %d AND ( id = %d OR ( resource_type = '%s' and resource_id = '%s' )) ",
@@ -187,12 +180,12 @@ class NativeWiki {
 				foreach($sync_item as $w) {
 					$pkt[] = encode_item($w,true);
 				}
-				build_sync_packet($uid,array('wiki' => $pkt));
+				Libsync::build_sync_packet($uid,array('wiki' => $pkt));
 			}
 		}
 	}

-	function delete_wiki($channel_id,$observer_hash,$resource_id) {
+	public static function delete_wiki($channel_id,$observer_hash,$resource_id) {

 		$w = self::get_wiki($channel_id,$observer_hash,$resource_id);
 		$item = $w['wiki'];
@@ -200,7 +193,7 @@ class NativeWiki {
 			return array('item' => null, 'success' => false);
 		} 
 		else {
-			$drop = drop_item($item['id'], false, DROPITEM_NORMAL, true);
+			$drop = drop_item($item['id'], false, DROPITEM_NORMAL);
 		}

 		info( t('Wiki files deleted successfully'));
@@ -209,7 +202,7 @@ class NativeWiki {
 	}


-	static public function get_wiki($channel_id, $observer_hash, $resource_id) {
+	public static function get_wiki($channel_id, $observer_hash, $resource_id) {
 		
 		$sql_extra = item_permissions_sql($channel_id,$observer_hash);

@@ -243,7 +236,7 @@ class NativeWiki {
 	}


-	static public function exists_by_name($uid, $urlName) {
+	public static function exists_by_name($uid, $urlName) {

 		$sql_extra = item_permissions_sql($uid);		

@@ -265,7 +258,7 @@ class NativeWiki {
 	}


-	static public function get_permissions($resource_id, $owner_id, $observer_hash) {
+	public static function get_permissions($resource_id, $owner_id, $observer_hash) {
 		// TODO: For now, only the owner can edit
 		$sql_extra = item_permissions_sql($owner_id, $observer_hash);

--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -163,7 +163,7 @@ class NativeWikiPage {
 			return [ 'success' => true, 'page' => $page ];
 		}

-		return [ 'success' => false, 'item_id' => $c['item_id'], 'message' => t('Page not found') ];
+		return [ 'success' => false, 'message' => t('Page not found') ];
 	
 	}

@@ -339,7 +339,6 @@ class NativeWikiPage {
 	}

 	static public function save_page($arr) {
-
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
 		$content       = ((array_key_exists('content',$arr))       ? $arr['content']       : '');
 		$resource_id   = ((array_key_exists('resource_id',$arr))   ? $arr['resource_id']   : '');
@@ -385,7 +384,7 @@ class NativeWikiPage {
 		$ret = item_store($item, false, false);

 		if($ret['item_id'])
-			return array('message' => '', 'item_id' => $ret['item_id'], 'filename' => $filename, 'success' => true);
+			return array('message' => '', 'item_id' => $ret['item_id'], 'filename' => $pageUrlName, 'success' => true);
 		else
 			return array('message' => t('Page update failed.'), 'success' => false);
 	}	
@@ -432,12 +431,12 @@ class NativeWikiPage {
 		$channel_id    = ((array_key_exists('channel_id',$arr))    ? $arr['channel_id']    : 0);

 		if (! $commitHash) {
-			return array('content' => $content, 'message' => 'No commit was provided', 'success' => false);
+			return array('message' => 'No commit was provided', 'success' => false);
 		}

 		$w = Zlib\NativeWiki::get_wiki($channel_id, $observer_hash, $resource_id);
 		if (!$w['wiki']) {
-			return array('content' => $content, 'message' => 'Error reading wiki', 'success' => false);
+			return array('message' => 'Error reading wiki', 'success' => false);
 		}

 		$x = $arr;
@@ -451,7 +450,7 @@ class NativeWikiPage {
 				$content = $loaded['body'];
 				return [ 'content' => $content, 'success' => true ];
 			}
-			return [ 'content' => $content, 'success' => false ]; 
+			return [ 'success' => false ];
 		}
 	}
 	
@@ -530,8 +529,11 @@ class NativeWikiPage {
 			foreach ($match[1] as $m) {
 				// TODO: Why do we need to double urlencode for this to work?
 				//$pageURLs[] = urlencode(urlencode(escape_tags($m)));
-				$pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($m));
-				$pages[] = $m;
+				$titleUri = explode('|',$m);
+				$page = $titleUri[0] ?? '';
+				$title = $titleUri[1] ?? $page;
+				$pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($page));
+				$pages[] = $title;
 			}
 			$idx = 0;
 			while(strpos($s,'[[') !== false) {
--- a/Zotlabs/Lib/PConfig.php
+++ b/Zotlabs/Lib/PConfig.php
@@ -57,6 +57,7 @@ class PConfig {
 					\App::$config[$uid][$c]['config_loaded'] = true;
 				}
 				\App::$config[$uid][$c][$k] = $rr['v'];
+				\App::$config[$uid][$c]['pcfgud:'.$k] = $rr['updated'];
 			}
 		}
 	}
@@ -111,9 +112,11 @@ class PConfig {
 	 *  The configuration key to set
 	 * @param string $value
 	 *  The value to store
+	 * @param string $updated (optional)
+	 *  The datetime to store
 	 * @return mixed Stored $value or false
 	 */
-	static public function Set($uid, $family, $key, $value) {
+	static public function Set($uid, $family, $key, $value, $updated = NULL) {

 		// this catches subtle errors where this function has been called
 		// with local_channel() when not logged in (which returns false)
@@ -129,6 +132,27 @@ class PConfig {
 		// manage array value
 		$dbvalue = ((is_array($value))  ? serialize($value) : $value);
 		$dbvalue = ((is_bool($dbvalue)) ? intval($dbvalue)  : $dbvalue);
+		$new = false;
+
+		$now = datetime_convert();
+		if (! $updated) {
+			//Sometimes things happen fast... very fast.
+			//To make sure legitimate updates aren't rejected
+			//because not enough time has passed.  We say our updates
+			//happened just a short time in the past rather than right now.
+			$updated = datetime_convert('UTC','UTC','-2 seconds');
+		}
+
+		$hash = hash('sha256',$family.':'.$key);
+
+		if (self::Get($uid, 'hz_delpconfig', $hash) !== false) {
+			if (self::Get($uid, 'hz_delpconfig', $hash) > $now) {
+				logger('Refusing to update pconfig with outdated info (Item deleted more recently).', LOGGER_NORMAL, LOG_ERR);
+				return self::Get($uid,$family,$key);
+			} else {
+				self::Delete($uid,'hz_delpconfig',$hash);
+			}
+		}

 		if(self::Get($uid, $family, $key) === false) {
 			if(! array_key_exists($uid, \App::$config))
@@ -136,23 +160,53 @@ class PConfig {
 			if(! array_key_exists($family, \App::$config[$uid]))
 				\App::$config[$uid][$family] = array();

-			$ret = q("INSERT INTO pconfig ( uid, cat, k, v ) VALUES ( %d, '%s', '%s', '%s' ) ",
+
+			$ret = q("INSERT INTO pconfig ( uid, cat, k, v, updated ) VALUES ( %d, '%s', '%s', '%s', '%s' ) ",
 				intval($uid),
 				dbesc($family),
 				dbesc($key),
-				dbesc($dbvalue)
+				dbesc($dbvalue),
+				dbesc($updated)
 			);
+
+			// There is a possible race condition if another process happens
+			// to insert something after this thread has Loaded and now.  We should
+			// at least make a note of it if it happens.
+
+			if (!$ret) {
+				logger("Error: Insert to pconfig failed.",LOGGER_NORMAL, LOG_ERR);
+			}
+
+			\App::$config[$uid][$family]['pcfgud:'.$key] = $updated;
+
 		}
 		else {
+			$new = (\App::$config[$uid][$family]['pcfgud:'.$key] < $now);

-			$ret = q("UPDATE pconfig SET v = '%s' WHERE uid = %d and cat = '%s' AND k = '%s'",
-				dbesc($dbvalue),
-				intval($uid),
-				dbesc($family),
-				dbesc($key)
-			);
+			if ($new) {
+
+				// @NOTE There is still a possible race condition under limited circumstances
+				// where a value will be updated by another thread with more current data than
+				// we have.  At this point there is no easy way to test for it, so we update
+				// and hope for the best.
+
+				$ret = q("UPDATE pconfig SET v = '%s', updated = '%s' WHERE uid = %d and cat = '%s' AND k = '%s' ",
+					dbesc($dbvalue),
+					dbesc($updated),
+					intval($uid),
+					dbesc($family),
+					dbesc($key)
+				);
+
+				\App::$config[$uid][$family]['pcfgud:'.$key] = $updated;
+
+			} else {
+				logger('Refusing to update pconfig with outdated info.', LOGGER_NORMAL, LOG_ERR);
+				return self::Get($uid, $family, $key);
+			}
 		}

+
 		// keep a separate copy for all variables which were
 		// set in the life of this page. We need this to
 		// synchronise channel clones.
@@ -163,7 +217,11 @@ class PConfig {
 			\App::$config[$uid]['transient'][$family] = array();

 		\App::$config[$uid][$family][$key] = $value;
-		\App::$config[$uid]['transient'][$family][$key] = $value;
+
+		if ($new) {
+			\App::$config[$uid]['transient'][$family][$key] = $value;
+			\App::$config[$uid]['transient'][$family]['pcfgud:'.$key] = $updated;
+		}

 		if($ret)
 			return $value;
@@ -184,20 +242,33 @@ class PConfig {
 	 *  The category of the configuration value
 	 * @param string $key
 	 *  The configuration key to delete
-	 * @return mixed
+	 * @param string $updated (optional)
+	 *  The datetime to store
+	 * @return boolean
 	 */
-	static public function Delete($uid, $family, $key) {
+	static public function Delete($uid, $family, $key, $updated = NULL) {

 		if(is_null($uid) || $uid === false)
 			return false;

+		$updated = ($updated) ? $updated : datetime_convert('UTC','UTC','-2 seconds');
+		$now = datetime_convert();
+		$newer = (\App::$config[$uid][$family]['pcfgud:'.$key] < $now);
+
+		if (! $newer) {
+			logger('Refusing to delete pconfig with outdated delete request.', LOGGER_NORMAL, LOG_ERR);
+			return false;
+		}
+
 		$ret = false;

-		if(array_key_exists($uid,\App::$config)
-			&& is_array(\App::$config['uid'])
-			&& array_key_exists($family,\App::$config['uid'])
-			&& array_key_exists($key, \App::$config[$uid][$family]))
+		if (isset(\App::$config[$uid][$family][$key])) {
 			unset(\App::$config[$uid][$family][$key]);
+		}
+
+		if (isset(\App::$config[$uid][$family]['pcfgud:'.$key])) {
+			unset(\App::$config[$uid][$family]['pcfgud:'.$key]);
+		}

 		$ret = q("DELETE FROM pconfig WHERE uid = %d AND cat = '%s' AND k = '%s'",
 			intval($uid),
@@ -205,6 +276,13 @@ class PConfig {
 			dbesc($key)
 		);

+		// Synchronize delete with clones.
+
+		if ($family != 'hz_delpconfig') {
+			$hash = hash('sha256',$family.':'.$key);
+			set_pconfig($uid,'hz_delpconfig',$hash,$updated);
+		}
+
 		return $ret;
 	}

--- a/Zotlabs/Lib/Queue.php
+++ b/Zotlabs/Lib/Queue.php
@@ -2,9 +2,6 @@

 namespace Zotlabs\Lib;

-use Zotlabs\Lib\Libzot;
-
-
 class Queue {

 	static function update($id, $add_priority = 0) {
@@ -39,7 +36,7 @@ class Queue {
 		// queue item is less than 12 hours old, we'll schedule for fifteen
 		// minutes. 

-		$r = q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_posturl = '%s'",
+		q("UPDATE outq SET outq_scheduled = '%s' WHERE outq_posturl = '%s'",
 			dbesc(datetime_convert('UTC','UTC','now + 5 days')),
 			dbesc($x[0]['outq_posturl'])
 		);
@@ -88,7 +85,7 @@ class Queue {

 	static function set_delivered($id,$channel = 0) {
 		logger('queue: set delivered ' . $id,LOGGER_DEBUG);
-		$sql_extra = (($channel_id) ? " and outq_channel = " . intval($channel_id) . " " : '');
+		$sql_extra = (($channel['channel_id']) ? " and outq_channel = " . intval($channel['channel_id']) . " " : '');

 		// Set the next scheduled run date so far in the future that it will be expired
 		// long before it ever makes it back into the delivery chain. 
@@ -116,7 +113,7 @@ class Queue {
 			dbesc($arr['hash']),
 			intval($arr['account_id']),
 			intval($arr['channel_id']),
-			dbesc(($arr['driver']) ? $arr['driver'] : 'zot'),
+			dbesc(($arr['driver']) ? $arr['driver'] : 'zot6'),
 			dbesc($arr['posturl']),
 			intval(1),
 			intval(($arr['priority']) ? $arr['priority'] : 0),
@@ -230,11 +227,10 @@ class Queue {

 		logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);

-
 		if($outq['outq_posturl'] === z_root() . '/zot') {
 			// local delivery
 			$zot = new \Zotlabs\Zot6\Receiver(new \Zotlabs\Zot6\Zot6Handler(),$outq['outq_notify']);
-			$result = $zot->run(true);
+			$result = $zot->run();
 			logger('returned_json: ' . json_encode($result,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DATA);
 			logger('deliver: local zot delivery succeeded to ' . $outq['outq_posturl']);
 			Libzot::process_response($outq['outq_posturl'],[ 'success' => true, 'body' => json_encode($result) ], $outq);
@@ -250,7 +246,7 @@ class Queue {
 			$host_crypto = null;

 			if($channel && $base) {
-				$h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1",
+				$h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' and hubloc_sitekey != '' order by hubloc_id desc limit 1",
 					dbesc($base)
 				);
 				if($h) {
--- a/Zotlabs/Lib/Share.php
+++ b/Zotlabs/Lib/Share.php
@@ -2,7 +2,6 @@

 namespace Zotlabs\Lib;

-
 class Share {

 	private $item = null;
@@ -54,6 +53,7 @@ class Share {
 		if(! $this->item)
 			return $obj;

+		$obj['asld']         = Activity::fetch_item( [ 'id' => $this->item['mid'] ] );
 		$obj['type']         = $this->item['obj_type'];
 		$obj['id']           = $this->item['mid'];
 		$obj['content']      = $this->item['body'];
@@ -126,12 +126,12 @@ class Share {
 				"' profile='"    . $this->item['author']['xchan_url'] .
 				"' avatar='"     . $this->item['author']['xchan_photo_s'] .
 				"' link='"       . $this->item['plink'] .
-				"' auth='"       . (($this->item['author']['network'] === 'zot') ? 'true' : 'false') .
+				"' auth='"       . ((in_array($this->item['author']['xchan_network'], ['zot6', 'zot'])) ? 'true' : 'false') .
 				"' posted='"     . $this->item['created'] .
 				"' message_id='" . $this->item['mid'] .
 			"']";
 			if($this->item['title'])
-				$bb .= '[b]'.$this->item['title'].'[/b]'."\r\n";
+				$bb .= '[h3][b]'.$this->item['title'].'[/b][/h3]'."\r\n";
 			$bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']);
 			$bb .= "[/share]";
 		}
--- a/Zotlabs/Lib/SvgSanitizer.php
+++ b/Zotlabs/Lib/SvgSanitizer.php
@@ -0,0 +1,150 @@
+<?php
+
+namespace Zotlabs\Lib;
+use DomDocument;
+
+/**
+ *  SVGSantiizer
+ * 
+ *  Whitelist-based PHP SVG sanitizer.
+ * 
+ *  @link https://github.com/alister-/SVG-Sanitizer}
+ *  @author Alister Norris
+ *  @copyright Copyright (c) 2013 Alister Norris
+ *  @license http://opensource.org/licenses/mit-license.php The MIT License
+ *  @package svgsanitizer
+ */
+
+class SvgSanitizer {
+	
+	private $xmlDoc;				// PHP XML DOMDocument
+
+	private $removedattrs = [];
+
+	private static $allowed_functions = [ 'matrix', 'url', 'translate', 'rgb' ];
+
+	// defines the whitelist of elements and attributes allowed.
+	private static $whitelist = [
+		'a' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'href', 'xlink:href', 'xlink:title' ],
+		'circle' => [ 'class', 'clip-path', 'clip-rule', 'cx', 'cy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'r', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+		'clipPath' => [ 'class', 'clipPathUnits', 'id' ],
+		'defs' => [ ],
+	    'style' => [ 'type' ],
+		'desc' => [ ],
+		'ellipse' => [ 'class', 'clip-path', 'clip-rule', 'cx', 'cy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+		'feGaussianBlur' => [ 'class', 'color-interpolation-filters', 'id', 'requiredFeatures', 'stdDeviation' ],
+		'filter' => [ 'class', 'color-interpolation-filters', 'filterRes', 'filterUnits', 'height', 'id', 'primitiveUnits', 'requiredFeatures', 'width', 'x', 'xlink:href', 'y' ],
+		'foreignObject' => [ 'class', 'font-size', 'height', 'id', 'opacity', 'requiredFeatures', 'style', 'transform', 'width', 'x', 'y' ],
+		'g' => [ 'class', 'clip-path', 'clip-rule', 'id', 'display', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'font-family', 'font-size', 'font-style', 'font-weight', 'text-anchor' ],
+		'image' => [ 'class', 'clip-path', 'clip-rule', 'filter', 'height', 'id', 'mask', 'opacity', 'requiredFeatures', 'style', 'systemLanguage', 'transform', 'width', 'x', 'xlink:href', 'xlink:title', 'y' ],
+		'line' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'x1', 'x2', 'y1', 'y2' ],
+		'linearGradient' => [ 'class', 'id', 'gradientTransform', 'gradientUnits', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'x1', 'x2', 'xlink:href', 'y1', 'y2' ],
+		'marker' => [ 'id', 'class', 'markerHeight', 'markerUnits', 'markerWidth', 'orient', 'preserveAspectRatio', 'refX', 'refY', 'systemLanguage', 'viewBox' ],
+		'mask' => [ 'class', 'height', 'id', 'maskContentUnits', 'maskUnits', 'width', 'x', 'y' ],
+		'metadata' => [ 'class', 'id' ],
+		'path' => [ 'class', 'clip-path', 'clip-rule', 'd', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+		'pattern' => [ 'class', 'height', 'id', 'patternContentUnits', 'patternTransform', 'patternUnits', 'requiredFeatures', 'style', 'systemLanguage', 'viewBox', 'width', 'x', 'xlink:href', 'y' ],
+		'polygon' => [ 'class', 'clip-path', 'clip-rule', 'id', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'class', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+		'polyline' => [ 'class', 'clip-path', 'clip-rule', 'id', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+		'radialGradient' => [ 'class', 'cx', 'cy', 'fx', 'fy', 'gradientTransform', 'gradientUnits', 'id', 'r', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'xlink:href' ],
+		'rect' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'id', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'width', 'x', 'y' ],
+		'stop' => [ 'class', 'id', 'offset', 'requiredFeatures', 'stop-color', 'stop-opacity', 'style', 'systemLanguage' ],
+		'svg' => [ 'class', 'clip-path', 'clip-rule', 'filter', 'id', 'height', 'mask', 'preserveAspectRatio', 'requiredFeatures', 'style', 'systemLanguage', 'viewBox', 'width', 'x', 'xmlns', 'xmlns:se', 'xmlns:xlink', 'y' ],
+		'switch' => [ 'class', 'id', 'requiredFeatures', 'systemLanguage' ],
+		'symbol' => [ 'class', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'opacity', 'preserveAspectRatio', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'viewBox' ],
+		'text' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'text-anchor', 'transform', 'x', 'xml:space', 'y' ],
+		'textPath' => [ 'class', 'id', 'method', 'requiredFeatures', 'spacing', 'startOffset', 'style', 'systemLanguage', 'transform', 'xlink:href' ],
+		'title' => [ ],
+		'tspan' => [ 'class', 'clip-path', 'clip-rule', 'dx', 'dy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'mask', 'opacity', 'requiredFeatures', 'rotate', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'text-anchor', 'textLength', 'transform', 'x', 'xml:space', 'y' ],
+		'use' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'id', 'mask', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'transform', 'width', 'x', 'xlink:href', 'y' ],
+	];
+
+	function __construct() {
+		$this->xmlDoc = new DOMDocument('1.0','UTF-8');
+		$this->xmlDoc->preserveWhiteSpace = false;
+		libxml_use_internal_errors(true);
+	}
+
+	// load XML SVG
+	function load($file) {
+		$this->xmlDoc->load($file);
+	}
+
+	function loadXML($str) {
+		if (! $this->xmlDoc->loadXML($str)) {
+			logger('loadxml: ' . print_r(libxml_get_errors(),true), LOGGER_DEBUG);
+			return false;
+		}
+		return true;
+	}
+
+	function sanitize()
+	{
+		// all elements in xml doc
+		$allElements = $this->xmlDoc->getElementsByTagName('*');
+
+		// loop through all elements
+		for($i = 0; $i < $allElements->length; $i++)
+		{
+			$this->removedattrs = [];
+			
+			$currentNode = $allElements->item($i);
+
+			// logger('current_node: ' . print_r($currentNode,true));
+
+			// array of allowed attributes in specific element
+			$whitelist_attr_arr = self::$whitelist[$currentNode->tagName];
+
+			// does element exist in whitelist?
+		    if(isset($whitelist_attr_arr)) {
+					$total = $currentNode->attributes->length;
+					
+		    		for($x = 0; $x < $total; $x++) {
+
+		    			// get attributes name
+		    			$attrName = $currentNode->attributes->item($x)->nodeName;
+
+						// logger('checking: ' . print_r($currentNode->attributes->item($x),true));
+						$matches = false;
+						
+		    			// check if attribute isn't in whitelist
+		    			if(! in_array($attrName, $whitelist_attr_arr)) {
+							$this->removedattrs[] = $attrName;
+		    			}
+						// check for disallowed functions
+						elseif (preg_match_all('/([a-zA-Z0-9]+)[\s]*\(/',
+							$currentNode->attributes->item($x)->textContent,$matches,PREG_SET_ORDER)) {
+							if ($attrName === 'text') {
+								continue;
+							}
+							foreach ($matches as $match) {
+								if(! in_array($match[1],self::$allowed_functions)) {
+									logger('queue_remove_function: ' . $match[1],LOGGER_DEBUG);
+									$this->removedattrs[] = $attrName;
+								}
+							}
+						}
+		    		}	
+					if ($this->removedattrs) {
+						foreach ($this->removedattrs as $attr) {
+							$currentNode->removeAttribute($attr);
+							logger('removed: ' . $attr, LOGGER_DEBUG);
+						}
+					}
+
+			}
+
+		    // else remove element
+		    else {
+				logger('remove_node: ' . print_r($currentNode,true));
+		        $currentNode->parentNode->removeChild($currentNode);
+		    }	
+		}
+		return true;
+	}
+
+	function saveSVG() {
+		$this->xmlDoc->formatOutput = true;
+		return($this->xmlDoc->saveXML());
+	}
+}
--- a/Zotlabs/Lib/System.php
+++ b/Zotlabs/Lib/System.php
@@ -5,9 +5,14 @@ namespace Zotlabs\Lib;
 class System {

 	static public function get_platform_name() {
-		if(is_array(\App::$config) && is_array(\App::$config['system']) && array_key_exists('platform_name',\App::$config['system']))
-			return \App::$config['system']['platform_name'];
-		return PLATFORM_NAME;
+		static $platform_name = '';
+		if(empty($platform_name)) {
+			if(is_array(\App::$config) && is_array(\App::$config['system']) && array_key_exists('platform_name',\App::$config['system']))
+				$platform_name = \App::$config['system']['platform_name'];
+			else
+				$platform_name = PLATFORM_NAME;
+		}
+		return $platform_name;
 	}

 	static public function get_site_name() {
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -35,9 +35,12 @@ class ThreadItem {


 	public function __construct($data) {
-				
+
 		$this->data = $data;
 		$this->toplevel = ($this->get_id() == $this->get_data_value('parent'));
+		$this->threaded = get_config('system','thread_allow');
+
+		$observer = \App::get_observer();

 		// Prepare the children
 		if($data['children']) {
@@ -51,6 +54,7 @@ class ThreadItem {
 					continue;
 				}

+
 				$child = new ThreadItem($item);
 				$this->add_child($child);
 			}
@@ -73,8 +77,8 @@ class ThreadItem {
 	 *      _ false on failure
 	 */

-	public function get_template_data($conv_responses, $thread_level=1) {
-	
+	public function get_template_data($conv_responses, $thread_level=1, $conv_flags = []) {
+
 		$result = array();

 		$item     = $this->get_data();
@@ -91,13 +95,15 @@ class ThreadItem {
 		$total_children = $this->count_descendants();
 		$unseen_comments = (($item['real_uid']) ? 0 : $this->count_unseen_descendants());

-		$conv = $this->get_conversation();
+ 		$conv = $this->get_conversation();
 		$observer = $conv->get_observer();

-		$lock = ((($item['item_private'] == 1) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid']) 
+		$lock = (((intval($item['item_private'])) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid'])
 			|| strlen($item['deny_cid']) || strlen($item['deny_gid']))))
 			? t('Private Message')
 			: false);
+		$locktype = $item['item_private'];
+
 		$shareable = ((($conv->get_profile_owner() == local_channel() && local_channel()) && ($item['item_private'] != 1)) ? true : false);

 		// allow an exemption for sharing stuff from your private feeds
@@ -105,13 +111,26 @@ class ThreadItem {
 			$shareable = true;

 		$privacy_warning = false;
-		if(($item['item_private'] == 1) && ($item['owner']['xchan_network'] === 'activitypub')) {
+		if(intval($item['item_private']) && ($item['owner']['xchan_network'] === 'activitypub')) {
 			$recips = get_iconfig($item['parent'], 'activitypub', 'recips');

-			if(! in_array($observer['xchan_url'], $recips['to']))
+			if(! is_array($recips['to']) || ! in_array($observer['xchan_url'], $recips['to']))
 				$privacy_warning = true;
 		}

+		if ($lock) {
+ 			if (($item['mid'] == $item['parent_mid']) && count(get_terms_oftype($item['term'],TERM_FORUM))) {
+ 				$privacy_warning = true;
+				$conv_flags['parent_privacy_warning'] = true;
+ 			}
+		}
+
+		$privacy_warning = (isset($conv_flags['parent_privacy_warning'])) ? $conv_flags['parent_privacy_warning'] : $privacy_warning;
+
+		if ($lock && $privacy_warning) {
+			$lock = t('Privacy conflict. Discretion advised.');
+		}
+
 		$mode = $conv->get_mode();

 		switch($item['item_type']) {
@@ -132,9 +151,11 @@ class ThreadItem {
 			$edpost = false;


-		if($observer['xchan_hash'] == $this->get_data_value('author_xchan') 
-			|| $observer['xchan_hash'] == $this->get_data_value('owner_xchan') 
-			|| $this->get_data_value('uid') == local_channel())
+		if($observer && $observer['xchan_hash']
+			&& ($observer['xchan_hash'] == $this->get_data_value('author_xchan')
+			|| $observer['xchan_hash'] == $this->get_data_value('owner_xchan')
+			|| $observer['xchan_hash'] == $this->get_data_value('source_xchan')
+			|| $this->get_data_value('uid') == local_channel()))
 			$dropping = true;


@@ -149,15 +170,15 @@ class ThreadItem {
 				'dropping' => $dropping,
 				'delete' => t('Delete'),
 			);
-		}		
+		}
 		elseif(is_site_admin()) {
 			$drop = [ 'dropping' => true, 'delete' => t('Admin Delete') ];
 		}

 // FIXME
-		if($observer_is_pageowner) {		
+		if($observer_is_pageowner) {
 			$multidrop = array(
-				'select' => t('Select'), 
+				'select' => t('Select'),
 			);
 		}

@@ -186,6 +207,10 @@ class ThreadItem {
 			}
 		}

+		if($item['obj_type'] === 'Question') {
+			$response_verbs[] = 'answer';
+		}
+
 		$consensus = (intval($item['item_consensus']) ? true : false);
 		if($consensus) {
 			$response_verbs[] = 'agree';
@@ -199,7 +224,7 @@ class ThreadItem {

 		if(! feature_enabled($conv->get_profile_owner(),'dislike'))
 			unset($conv_responses['dislike']);
-  
+
 		$responses = get_responses($conv_responses,$response_verbs,$this,$item);

 		$my_responses = [];
@@ -230,7 +255,7 @@ class ThreadItem {
 		}

 		$showlike    = ((x($conv_responses['like'],$item['mid'])) ? format_like($conv_responses['like'][$item['mid']],$conv_responses['like'][$item['mid'] . '-l'],'like',$item['mid']) : '');
-		$showdislike = ((x($conv_responses['dislike'],$item['mid']) && feature_enabled($conv->get_profile_owner(),'dislike'))  
+		$showdislike = ((x($conv_responses['dislike'],$item['mid']) && feature_enabled($conv->get_profile_owner(),'dislike'))
 				? format_like($conv_responses['dislike'][$item['mid']],$conv_responses['dislike'][$item['mid'] . '-l'],'dislike',$item['mid']) : '');

 		/*
@@ -240,7 +265,7 @@ class ThreadItem {
 		 */

 		$this->check_wall_to_wall();
-		
+
 		if($this->is_toplevel()) {
 			// FIXME check this permission
 			if(($conv->get_profile_owner() == local_channel()) && (! array_key_exists('real_uid',$item))) {
@@ -251,7 +276,7 @@ class ThreadItem {
 				);

 			}
-		} 
+		}
 		else {
 			$is_comment = true;
 		}
@@ -263,12 +288,16 @@ class ThreadItem {

 		$settings = '';

+		$tagger = [];
+
 		// FIXME - check this permission
 		if($conv->get_profile_owner() == local_channel()) {
+			/* disable until we agree on how to implemnt this in zot6/activitypub
 			$tagger = array(
 				'tagit' => t("Add Tag"),
 				'classtagger' => "",
 			);
+			*/

 			$settings = t('Conversation Tools');
 		}
@@ -288,10 +317,18 @@ class ThreadItem {
 		if($this->is_commentable() && $observer) {
 			$like = array( t("I like this \x28toggle\x29"), t("like"));
 			$dislike = array( t("I don't like this \x28toggle\x29"), t("dislike"));
+			$reply_to = array( t("Reply on this comment"), t("reply"), t("Reply to"));
 		}

-		if ($shareable)
-			$share = array( t('Share This'), t('share'));
+		if ($shareable) {
+			// This actually turns out not to be possible in some protocol stacks without opening up hundreds of new issues.
+			// Will allow it only for uri resolvable sources.
+			if(strpos($item['mid'],'http') === 0) {
+				$share = []; //Not yet ready for primetime
+				//$share = array( t('Repeat This'), t('repeat'));
+			}
+			$embed = array( t('Share This'), t('share'));
+		}

 		$dreport = '';

@@ -299,31 +336,28 @@ class ThreadItem {
 		if($keep_reports === 0)
 			$keep_reports = 10;

-		if((! get_config('system','disable_dreport')) && strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0)
+		if((! get_config('system','disable_dreport')) && strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC',"now - $keep_reports days")) > 0) {
 			$dreport = t('Delivery Report');
+			$dreport_link = gen_link_id($item['mid']);
+		}

 		if(strcmp(datetime_convert('UTC','UTC',$item['created']),datetime_convert('UTC','UTC','now - 12 hours')) > 0)
 			$is_new = true;

-
 		localize_item($item);

 		$body = prepare_body($item,true);

 		// $viewthread (below) is only valid in list mode. If this is a channel page, build the thread viewing link
 		// since we can't depend on llink or plink pointing to the right local location.
- 
+
 		$owner_address = substr($item['owner']['xchan_addr'],0,strpos($item['owner']['xchan_addr'],'@'));
 		$viewthread = $item['llink'];
 		if($conv->get_mode() === 'channel')
-			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode($item['mid']);
+			$viewthread = z_root() . '/channel/' . $owner_address . '?f=&mid=' . urlencode(gen_link_id($item['mid']));

 		$comment_count_txt = sprintf( tt('%d comment','%d comments',$total_children),$total_children );
-		$list_unseen_txt = (($unseen_comments) ? sprintf('%d unseen',$unseen_comments) : '');
-		
-		
-
-		
+		$list_unseen_txt = (($unseen_comments) ? sprintf( t('%d unseen'),$unseen_comments) : '');

 		$children = $this->get_children();

@@ -333,11 +367,28 @@ class ThreadItem {
                call_hooks('dropdown_extras',$dropdown_extras_arr);
                $dropdown_extras = $dropdown_extras_arr['dropdown_extras'];

+		$midb64 = 'b64.' . base64url_encode($item['mid']);
+		$mids = [ $midb64 ];
+		$response_mids = [];
+		foreach($response_verbs as $v) {
+			if(isset($conv_responses[$v]['mids'][$item['mid']])) {
+				$response_mids = array_merge($response_mids, $conv_responses[$v]['mids'][$item['mid']]);
+			}
+		}
+
+		$mids = array_merge($mids, $response_mids);
+		$json_mids = json_encode($mids);
+
+		// Pinned item processing
+		$allowed_type = (in_array($item['item_type'], get_config('system', 'pin_types', [ ITEM_TYPE_POST ])) ? true : false);
+		$pinned_items = ($allowed_type ? get_pconfig($item['uid'], 'pinned', $item['item_type'], []) : []);
+		$pinned = ((!empty($pinned_items) && in_array($midb64, $pinned_items)) ? true : false);
+
 		$tmp_item = array(
 			'template' => $this->get_template(),
 			'mode' => $mode,
-			'item_type' => intval($item['item_type']),			
-			'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
+			'item_type' => intval($item['item_type']),
+			//'type' => implode("",array_slice(explode("/",$item['verb']),-1)),
 			'body' => $body['html'],
 			'tags' => $body['tags'],
 			'categories' => $body['categories'],
@@ -346,14 +397,17 @@ class ThreadItem {
 			'folders' => $body['folders'],
 			'text' => strip_tags($body['html']),
 			'id' => $this->get_id(),
-			'mid' => $item['mid'],
+			'mid' => $midb64,
+			'mids' => $json_mids,
+			'parent' => $item['parent'],
+			'author_id' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']),
 			'isevent' => $isevent,
 			'attend' => $attend,
 			'consensus' => $consensus,
 			'conlabels' => $conlabels,
 			'canvote' => $canvote,
-			'linktitle' => sprintf( t('View %s\'s profile - %s'), $profile_name, $item['author']['xchan_addr']),
-			'olinktitle' => sprintf( t('View %s\'s profile - %s'), $this->get_owner_name(), $item['owner']['xchan_addr']),
+			'linktitle' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']),
+			'olinktitle' => (($item['owner']['xchan_addr']) ? $item['owner']['xchan_addr'] : $item['owner']['xchan_url']),
 			'llink' => $item['llink'],
 			'viewthread' => $viewthread,
 			'to' => t('to'),
@@ -364,13 +418,14 @@ class ThreadItem {
 			'thread_action_menu' => thread_action_menu($item,$conv->get_mode()),
 			'thread_author_menu' => thread_author_menu($item,$conv->get_mode()),
 			'dreport' => $dreport,
+			'dreport_link' => $dreport_link,
 			'name' => $profile_name,
 			'thumb' => $profile_avatar,
 			'osparkle' => $osparkle,
 			'sparkle' => $sparkle,
 			'title' => $item['title'],
 			'title_tosource' => get_pconfig($conv->get_profile_owner(),'system','title_tosource'),
-			'ago' => relative_date($item['created']),
+			//'ago' => relative_date($item['created']),
 			'app' => $item['app'],
 			'str_app' => sprintf( t('from %s'), $item['app']),
 			'isotime' => datetime_convert('UTC', date_default_timezone_get(), $item['created'], 'c'),
@@ -378,6 +433,8 @@ class ThreadItem {
 			'editedtime' => (($item['edited'] != $item['created']) ? sprintf( t('last edited: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['edited'], 'r')) : ''),
 			'expiretime' => (($item['expires'] > NULL_DATE) ? sprintf( t('Expires: %s'), datetime_convert('UTC', date_default_timezone_get(), $item['expires'], 'r')):''),
 			'lock' => $lock,
+			'locktype' => $locktype,
+			'delayed' => $item['item_delayed'],
 			'privacy_warning' => $privacy_warning,
 			'verified' => $verified,
 			'unverified' => $unverified,
@@ -398,23 +455,28 @@ class ThreadItem {
 			'has_tags' => $has_tags,
 			'reactions' => $this->reactions,
 // Item toolbar buttons
-			'emojis'   => (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
+			'emojis'	=> (($this->is_toplevel() && $this->is_commentable() && $observer && feature_enabled($conv->get_profile_owner(),'emojis')) ? '1' : ''),
 			'like'      => $like,
 			'dislike'   => ((feature_enabled($conv->get_profile_owner(),'dislike')) ? $dislike : ''),
+			'reply_to'	=> (((! $this->is_toplevel()) && feature_enabled($conv->get_profile_owner(),'reply_to')) ? $reply_to : ''),
+			'top_hint'	=> t("Go to previous comment"),
 			'share'     => $share,
+			'embed'     => $embed,
 			'rawmid'	=> $item['mid'],
 			'plink'     => get_plink($item),
 			'edpost'    => $edpost, // ((feature_enabled($conv->get_profile_owner(),'edit_posts')) ? $edpost : ''),
-			'star'      => ((feature_enabled($conv->get_profile_owner(),'star_posts')) ? $star : ''),
+			'star'      => ((feature_enabled($conv->get_profile_owner(),'star_posts') && ($item['item_type'] == ITEM_TYPE_POST)) ? $star : ''),
 			'tagger'    => ((feature_enabled($conv->get_profile_owner(),'commtag')) ? $tagger : ''),
-			'filer'     => ((feature_enabled($conv->get_profile_owner(),'filing')) ? $filer : ''),
+			'filer'     => ((feature_enabled($conv->get_profile_owner(),'filing') && ($item['item_type'] == ITEM_TYPE_POST)) ? $filer : ''),
+			'pinned'    => ($pinned ? t('Pinned post') : ''),
+			'pinnable'  => (($this->is_toplevel() && local_channel() && $item['owner_xchan'] == $observer['xchan_hash'] && $allowed_type && $item['item_private'] == 0 && $item['item_delayed'] == 0) ? '1' : ''),
+			'pinme'     => ($pinned ? t('Unpin from the top') : t('Pin to the top')),
 			'bookmark'  => (($conv->get_profile_owner() == local_channel() && local_channel() && $has_bookmarks) ? t('Save Bookmarks') : ''),
 			'addtocal'  => (($has_event) ? t('Add to Calendar') : ''),
 			'drop'      => $drop,
 			'multidrop' => ((feature_enabled($conv->get_profile_owner(),'multi_delete')) ? $multidrop : ''),
-                        'dropdown_extras' => $dropdown_extras,
+			'dropdown_extras' => $dropdown_extras,
 // end toolbar buttons
-
 			'unseen_comments' => $unseen_comments,
 			'comment_count' => $total_children,
 			'comment_count_txt' => $comment_count_txt,
@@ -435,13 +497,13 @@ class ThreadItem {
 			'modal_dismiss' => t('Close'),
 			'showlike' => $showlike,
 			'showdislike' => $showdislike,
-			'comment' => $this->get_comment_box($indent),
+			'comment' => ($item['item_delayed'] ? '' : $this->get_comment_box($indent)),
 			'previewing' => ($conv->is_preview() ? true : false ),
 			'preview_lbl' => t('This is an unsaved preview'),
 			'wait' => t('Please wait'),
-			'submid' => str_replace(['+','='], ['',''], base64_encode($item['mid'])),
 			'thread_level' => $thread_level,
-			'settings' => $settings
+			'settings' => $settings,
+			'thr_parent' => (($item['parent_mid'] != $item['thr_parent']) ? 'b64.' . base64url_encode($item['thr_parent']) : '')
 		);

 		$arr = array('item' => $item, 'output' => $tmp_item);
@@ -458,13 +520,13 @@ class ThreadItem {

 //		needed for scroll to comment from notification but needs more work
 //		as we do not want to open all comments unless there is actually an #item_xx anchor
-//		and the url fragment is not sent to the server. 
-//		if(in_array(\App::$module,['display','update_display'])) 
+//		and the url fragment is not sent to the server.
+//		if(in_array(\App::$module,['display','update_display']))
 //			$visible_comments = 99999;

 		if(($this->get_display_mode() === 'normal') && ($nb_children > 0)) {
 			foreach($children as $child) {
-				$result['children'][] = $child->get_template_data($conv_responses, $thread_level + 1);
+				$result['children'][] = $child->get_template_data($conv_responses, $thread_level + 1,$conv_flags);
 			}
 			// Collapse
 			if(($nb_children > $visible_comments) || ($thread_level > 1)) {
@@ -479,7 +541,7 @@ class ThreadItem {
 				}
 			}
 		}
-		
+
 		$result['private'] = $item['item_private'];
 		$result['toplevel'] = ($this->is_toplevel() ? 'toplevel_item' : '');

@@ -494,7 +556,7 @@ class ThreadItem {

 		return $result;
 	}
-	
+
 	public function get_id() {
 		return $this->get_data_value('id');
 	}
@@ -549,7 +611,7 @@ class ThreadItem {
 		if(activity_match($item->get_data_value('verb'),ACTIVITY_LIKE) || activity_match($item->get_data_value('verb'),ACTIVITY_DISLIKE)) {
 			return false;
 		}
-		
+
 		$item->set_parent($this);
 		$this->children[] = $item;
 		return end($this->children);
@@ -623,7 +685,7 @@ class ThreadItem {
 	 */
 	public function set_conversation($conv) {
 		$previous_mode = ($this->conversation ? $this->conversation->get_mode() : '');
-		
+
 		$this->conversation = $conv;

 		// Set it on our children too
@@ -732,7 +794,7 @@ class ThreadItem {
 		if(!$this->is_toplevel() && !get_config('system','thread_allow')) {
 			return '';
 		}
-		
+
 		$comment_box = '';
 		$conv = $this->get_conversation();

@@ -748,8 +810,6 @@ class ThreadItem {
 		$arr = array('comment_buttons' => '','id' => $this->get_id());
 		call_hooks('comment_buttons',$arr);
 		$comment_buttons = $arr['comment_buttons'];
-		
-		$feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");

 		$comment_box = replace_macros($template,array(
 			'$return_path' => '',
@@ -785,8 +845,7 @@ class ThreadItem {
 			'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
 			'$anonname' => [ 'anonname', t('Your full name (required)') ],
 			'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
-			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ],
-			'$auto_save_draft' => $feature_auto_save_draft,
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)') ]
 		));

 		return $comment_box;
@@ -808,7 +867,7 @@ class ThreadItem {

 		if($conv->get_mode() === 'channel')
 			return;
-		
+
 		if($this->is_toplevel() && ($this->get_data_value('author_xchan') != $this->get_data_value('owner_xchan'))) {
 			$this->owner_url = chanlink_hash($this->data['owner']['xchan_hash']);
 			$this->owner_photo = $this->data['owner']['xchan_photo_m'];
@@ -837,8 +896,4 @@ class ThreadItem {
 		return $this->visiting;
 	}

-
-
-
 }
-
--- a/Zotlabs/Lib/ThreadListener.php
+++ b/Zotlabs/Lib/ThreadListener.php
@@ -0,0 +1,53 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+class ThreadListener {
+
+	static public function store($target_id,$portable_id,$ltype = 0) {
+		$x = self::fetch($target_id,$portable_id,$ltype = 0);
+		if(! $x) {  
+			$r = q("insert into listeners ( target_id, portable_id, ltype ) values ( '%s', '%s' , %d ) ",
+				dbesc($target_id),
+				dbesc($portable_id),
+				intval($ltype)
+			);
+		}  	
+	}
+
+	static public function fetch($target_id,$portable_id,$ltype = 0) {
+		$x = q("select * from listeners where target_id = '%s' and portable_id = '%s' and ltype = %d limit 1",
+			dbesc($target_id),
+			dbesc($portable_id),
+			intval($ltype)
+		);
+		if($x) {
+			return $x[0];
+		}
+		return false;
+	}
+
+	static public function fetch_by_target($target_id,$ltype = 0) {
+		$x = q("select * from listeners where target_id = '%s' and ltype = %d",
+			dbesc($target_id),
+			intval($ltype)
+		);
+
+		return $x;
+	}
+
+	static public function delete_by_target($target_id, $ltype = 0) {
+		return q("delete from listeners where target_id = '%s' and ltype = %d",
+			dbesc($target_id),
+			intval($ltype)
+		);
+	}
+
+	static public function delete_by_pid($portable_id, $ltype = 0) {
+		return q("delete from listeners where portable_id = '%s' and ltype = %d",
+			dbesc($portable_id),
+			intval($ltype)
+		);
+	}
+
+}
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -23,7 +23,7 @@ class ThreadStream {
 	private $preview = false;
 	private $prepared_item = '';
 	public $reload = '';
-	private $cipher = 'aes256';
+	private $cipher = 'AES-128-CCM';

 	// $prepared_item is for use by alternate conversation structures such as photos
 	// wherein we've already prepared a top level item which doesn't look anything like
--- a/Zotlabs/Lib/Verify.php
+++ b/Zotlabs/Lib/Verify.php
@@ -5,7 +5,7 @@ namespace Zotlabs\Lib;

 class Verify {

-	function create($type,$channel_id,$token,$meta) {
+	public static function create($type,$channel_id,$token,$meta) {
 		return q("insert into verify ( vtype, channel, token, meta, created ) values ( '%s', %d, '%s', '%s', '%s' )",
 			dbesc($type),
 			intval($channel_id),
@@ -15,7 +15,7 @@ class Verify {
 		);
 	}

-	function match($type,$channel_id,$token,$meta) {
+	public static function match($type,$channel_id,$token,$meta) {
 		$r = q("select id from verify where vtype = '%s' and channel = %d and token = '%s' and meta = '%s' limit 1",
 			dbesc($type),
 			intval($channel_id),
@@ -31,7 +31,7 @@ class Verify {
 		return false;
 	}

-	function get_meta($type,$channel_id,$token) {
+	public static function get_meta($type,$channel_id,$token) {
 		$r = q("select id, meta from verify where vtype = '%s' and channel = %d and token = '%s' limit 1",
 			dbesc($type),
 			intval($channel_id),
@@ -52,7 +52,7 @@ class Verify {
 	 * @param string $type Verify type
 	 * @param string $interval SQL compatible time interval
 	 */
-	function purge($type, $interval) {
+	public static function purge($type, $interval) {
 		q("delete from verify where vtype = '%s' and created < %s - INTERVAL %s",
 			dbesc($type),
 			db_utcnow(),
--- a/Zotlabs/Lib/Webfinger.php
+++ b/Zotlabs/Lib/Webfinger.php
@@ -106,4 +106,4 @@ class Webfinger {



-}
+}
--- a/Zotlabs/Lib/ZotURL.php
+++ b/Zotlabs/Lib/ZotURL.php
@@ -0,0 +1,90 @@
+<?php
+
+namespace Zotlabs\Lib;
+
+use Zotlabs\Web\HTTPSig;
+
+
+class ZotURL {
+
+	static public function fetch($url,$channel) {
+
+		$ret = [ 'success' => false ];
+
+		if(strpos($url,'x-zot:') !== 0) {
+			return $ret;
+		}
+
+
+		if(! $url) {
+			return $ret;
+		}
+
+		$portable_url = substr($url,6);
+		$u = explode('/',$portable_url);
+		$portable_id = $u[0];
+		$hosts = self::lookup($portable_id);
+
+		if(! $hosts) {
+			return $ret;
+		}
+
+		foreach($hosts as $h) {
+			$newurl = $h . '/id/' . $portable_url;
+
+			$m = parse_url($newurl);
+
+			$data = json_encode([ 'zot_token' => random_string() ]);
+
+			if($channel && $m) {
+
+				$headers = [
+					'Accept'           => 'application/x-zot+json',
+					'Content-Type'     => 'application/x-zot+json',
+					'X-Zot-Token'      => random_string(),
+					'Digest'           => HTTPSig::generate_digest_header($data),
+					'Host'             => $m['host'],
+					'(request-target)' => 'post ' . get_request_string($newurl)
+				];
+				$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
+			}
+			else {
+				$h = [ 'Accept: application/x-zot+json' ];
+			}
+
+			$result = [];
+
+			$redirects = 0;
+			$x = z_post_url($newurl,$data,$redirects, [ 'headers' => $h  ] );
+			if($x['success']) {
+				return $x;
+			}
+		}
+
+		return $ret;
+
+	}
+
+	static public function is_zoturl($url) {
+
+		if(strpos($url,'x-zot:') === 0) {
+			return true;
+		}
+		return false;
+	}
+
+
+	static public function lookup($portable_id) {
+
+		$r = q("select * from hubloc left join site on hubloc_url = site_url where hubloc_hash = '%s' and site_dead = 0 order by hubloc_primary desc",
+			dbesc($portable_id)
+		);
+
+		if(! $r) {
+			// extend to network lookup
+			return false;
+		}
+		return ids_to_array($r,'hubloc_url');
+	}
+
+}
--- a/Zotlabs/Lib/Zotfinger.php
+++ b/Zotlabs/Lib/Zotfinger.php
@@ -6,39 +6,52 @@ use Zotlabs\Web\HTTPSig;

 class Zotfinger {

-	static function exec($resource,$channel = null) {
+	static function exec($resource,$channel = null, $verify = true) {

 		if(! $resource) {
 			return false;
 		}

-		if($channel) {
-			$headers = [ 
-				'Accept'      => 'application/x-zot+json', 
-				'X-Zot-Token' => random_string(),
+		$m = parse_url($resource);
+
+		$data = json_encode([ 'zot_token' => random_string() ]);
+
+		if($channel && $m) {
+
+			$headers = [
+				'Accept'           => 'application/x-zot+json',
+				'Content-Type'     => 'application/x-zot+json',
+				'X-Zot-Token'      => random_string(),
+				'Digest'           => HTTPSig::generate_digest_header($data),
+				'Host'             => $m['host'],
+				'(request-target)' => 'post ' . get_request_string($resource)
 			];
 			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
 		}
 		else {
-			$h = [ 'Accept: application/x-zot+json' ]; 
+			$h = [ 'Accept: application/x-zot+json' ];
 		}
-				
+
 		$result = [];

-
 		$redirects = 0;
-		$x = z_fetch_url($resource,false,$redirects, [ 'headers' => $h  ] );
+		$x = z_post_url($resource,$data,$redirects, [ 'headers' => $h  ] );
+
+		logger('fetch: ' . print_r($x,true));

 		if($x['success']) {
-			
-			$result['signature'] = HTTPSig::verify($x);
-    
+			if ($verify) {
+				$result['signature'] = HTTPSig::verify($x, EMPTY_STR, 'zot6');
+			}
+
 			$result['data'] = json_decode($x['body'],true);

 			if($result['data'] && is_array($result['data']) && array_key_exists('encrypted',$result['data']) && $result['data']['encrypted']) {
-				$result['data'] = json_decode(crypto_unencapsulate($result['data'],get_config('system','prvkey')),true);
+				$result['data'] = json_decode(Crypto::unencapsulate($result['data'],get_config('system','prvkey')),true);
 			}

+			logger('decrypted: ' . print_r($result,true));
+
 			return $result;
 		}

@@ -47,4 +60,4 @@ class Zotfinger {



-}
+}
--- a/Zotlabs/Module/Acl.php
+++ b/Zotlabs/Module/Acl.php
@@ -2,6 +2,8 @@

 namespace Zotlabs\Module;

+use Zotlabs\Lib\Libzotdir;
+
 require_once 'include/acl_selectors.php';
 require_once 'include/group.php';

@@ -42,24 +44,24 @@ class Acl extends \Zotlabs\Web\Controller {


 		// $type =
-		//  'm'  =>  autocomplete private mail recipient (checks post_mail permission)
+		//  'm'  =>  autocomplete private mail recipient (checks post_mail permission and displays only zot, diaspora, friendica-over-diaspora xchan_network xchan's)
 		//  'a'  =>  autocomplete connections (mod_connections, mod_poke, mod_sources, mod_photos)
 		//  'x'  =>  nav search bar autocomplete (match any xchan)
 		// $_REQUEST['query'] contains autocomplete search text.
-	
-		// List of channels whose connections to also suggest, 
+
+		// List of channels whose connections to also suggest,
 		// e.g. currently viewed channel or channels mentioned in a post

 		$extra_channels = (x($_REQUEST,'extra_channels') ? $_REQUEST['extra_channels'] : array());
-	
+
 		// The different autocomplete libraries use different names for the search text
 		// parameter. Internally we'll use $search to represent the search text no matter
-		// what request variable it was attached to. 
-	
+		// what request variable it was attached to.
+
 		if(array_key_exists('query',$_REQUEST)) {
 			$search = $_REQUEST['query'];
 		}
-	
+
 		if( (! local_channel()) && (! in_array($type, [ 'x', 'c', 'f' ])))
 			killme();

@@ -68,7 +70,7 @@ class Acl extends \Zotlabs\Web\Controller {
 		if(in_array($type, [ 'm', 'a', 'c', 'f' ])) {

 			// These queries require permission checking. We'll create a simple array of xchan_hash for those with
-			// the requisite permissions which we can check against. 
+			// the requisite permissions which we can check against.

 			$x = q("select xchan from abconfig where chan = %d and cat = 'their_perms' and k = '%s' and v = '1'",
 				intval(local_channel()),
@@ -83,35 +85,36 @@ class Acl extends \Zotlabs\Web\Controller {
 		if($search) {
 			$sql_extra = " AND pgrp.gname LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ";
 			$sql_extra2 = "AND ( xchan_name LIKE " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'%" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
-	
-			// This horrible mess is needed because position also returns 0 if nothing is found. 
+			$sql_extra2_xchan = "AND ( xchan_name LIKE " . protect_sprintf( "'" . dbesc($search) . "%'" ) . " OR xchan_addr LIKE " . protect_sprintf( "'" . dbesc(punify($search)) . ((strpos($search,'@') === false) ? "%@%'"  : "%'")) . ") ";
+
+			// This horrible mess is needed because position also returns 0 if nothing is found.
 			// Would be MUCH easier if it instead returned a very large value
-			// Otherwise we could just 
+			// Otherwise we could just
 			// order by LEAST(POSITION($search IN xchan_name),POSITION($search IN xchan_addr)).

-			$order_extra2 = "CASE WHEN xchan_name LIKE " 
-					. protect_sprintf( "'%" . dbesc($search) . "%'" ) 
-					. " then POSITION('" . protect_sprintf(dbesc($search)) 
+			$order_extra2 = "CASE WHEN xchan_name LIKE "
+					. protect_sprintf( "'%" . dbesc($search) . "%'" )
+					. " then POSITION('" . protect_sprintf(dbesc($search))
 					. "' IN xchan_name) else position('" . protect_sprintf(dbesc(punify($search))) . "' IN xchan_addr) end, ";

 			$sql_extra3 = "AND ( xchan_addr like " . protect_sprintf( "'%" . dbesc(punify($search)) . "%'" ) . " OR xchan_name like " . protect_sprintf( "'%" . dbesc($search) . "%'" ) . " ) ";
-	
+
 		}
 		else {
 			$sql_extra = $sql_extra2 = $sql_extra3 = "";
 		}
-		
-		
+
+
 		$groups = array();
 		$contacts = array();
-		
+
 		if($type == '' || $type == 'g') {

 			// virtual groups based on private profile viewing ability

 			$r = q("select id, profile_guid, profile_name from profile where is_default = 0 and uid = %d",
 				intval(local_channel())
-			);	
+			);
 			if($r) {
 				foreach($r as $rv) {
 					$groups[] = array(
@@ -129,19 +132,19 @@ class Acl extends \Zotlabs\Web\Controller {
 			// Normal privacy groups

 			$r = q("SELECT pgrp.id, pgrp.hash, pgrp.gname
-					FROM pgrp, pgrp_member 
-					WHERE pgrp.deleted = 0 AND pgrp.uid = %d 
+					FROM pgrp, pgrp_member
+					WHERE pgrp.deleted = 0 AND pgrp.uid = %d
 					AND pgrp_member.gid = pgrp.id
 					$sql_extra
 					GROUP BY pgrp.id
-					ORDER BY pgrp.gname 
+					ORDER BY pgrp.gname
 					LIMIT %d OFFSET %d",
 				intval(local_channel()),
 				intval($count),
 				intval($start)
 			);

-			if($r) {	
+			if($r) {
 				foreach($r as $g){
 		//		logger('acl: group: ' . $g['gname'] . ' members: ' . group_get_members_xchan($g['id']));
 					$groups[] = array(
@@ -156,22 +159,22 @@ class Acl extends \Zotlabs\Web\Controller {
 				}
 			}
 		}
-	
+
 		if($type == '' || $type == 'c' || $type === 'f') {

-			$extra_channels_sql  = ''; 
+			$extra_channels_sql  = '';

 			// Only include channels who allow the observer to view their connections
 			if($extra_channels) {
 				foreach($extra_channels as $channel) {
 					if(perm_is_allowed(intval($channel), get_observer_hash(),'view_contacts')) {
-						if($extra_channel_sql)
+						if($extra_channels_sql)
 							$extra_channels_sql .= ',';
 						$extra_channels_sql .= intval($channel);
 					}
 				}
 			}
-	
+
 			// Getting info from the abook is better for local users because it contains info about permissions
 			if(local_channel()) {
 				if($extra_channels_sql != '')
@@ -198,7 +201,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					$r2 = array();
 					foreach($r1 as $rr) {
 						$x = atoken_xchan($rr);
-						$r2[] = [ 
+						$r2[] = [
 							'id' => 'a' . $rr['atoken_id'] ,
 							'hash' => $x['xchan_hash'],
 							'name' => $x['xchan_name'],
@@ -210,12 +213,12 @@ class Acl extends \Zotlabs\Web\Controller {
 							'abook_self' => 0
 						];
 					}
-				} 
+				}

 				// add connections
-	
-				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self 
-					FROM abook left join xchan on abook_xchan = xchan_hash 
+
+				$r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, xchan_pubforum, abook_flags, abook_self
+					FROM abook left join xchan on abook_xchan = xchan_hash
 					WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
 					intval(local_channel())
 				);
@@ -224,28 +227,28 @@ class Acl extends \Zotlabs\Web\Controller {

 			}
 			else { // Visitors
-				$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
+				$r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
 					FROM xchan left join xlink on xlink_link = xchan_hash
-					WHERE xlink_xchan  = '%s' AND xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" ,
+					WHERE xlink_xchan  = '%s' AND xchan_deleted = 0 $sql_extra2_xchan order by $order_extra2 xchan_name asc" ,
 					dbesc(get_observer_hash())
 				);
-	
+
 				// Find contacts of extra channels
 				// This is probably more complicated than it needs to be
 				if($extra_channels_sql) {
 					// Build a list of hashes that we got previously so we don't get them again
 					$known_hashes = array("'".get_observer_hash()."'");
 					if($r)
-						foreach($r as $rr) 
+						foreach($r as $rr)
 							$known_hashes[] = "'".$rr['hash']."'";
 					$known_hashes_sql = 'AND xchan_hash not in ('.join(',',$known_hashes).')';
-	
-					$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self 
-						FROM abook left join xchan on abook_xchan = xchan_hash 
+
+					$r2 = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self
+						FROM abook left join xchan on abook_xchan = xchan_hash
 						WHERE abook_channel IN ($extra_channels_sql) $known_hashes_sql AND abook_blocked = 0 and abook_pending = 0 and abook_hidden = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc");
 					if($r2)
 						$r = array_merge($r,$r2);
-	
+
 					// Sort accoring to match position, then alphabetically. This could be avoided if the above two SQL queries could be combined into one, and the sorting could be done on the SQl server (like in the case of a local user)
 					$matchpos = function($x) use($search) {
 						$namepos = strpos($x['name'],$search);
@@ -268,23 +271,24 @@ class Acl extends \Zotlabs\Web\Controller {
 				}
 			}
 			if((count($r) < 100) && $type == 'c') {
-				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self 
-					FROM xchan 
-					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2 order by $order_extra2 xchan_name asc" 
+				$r2 = q("SELECT substr(xchan_hash,1,18) as id, xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self
+					FROM xchan
+					WHERE xchan_deleted = 0 and not xchan_network  in ('rss','anon','unknown') $sql_extra2_xchan order by $order_extra2 xchan_name asc"
 				);
 				if($r2) {
 					$r = array_merge($r,$r2);
 					$r = unique_multidim_array($r,'hash');
-				}		
+				}
 			}
 		}
 		elseif($type == 'm') {

 			$r = array();
-			$z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url 
+			$z = q("SELECT xchan_hash as hash, xchan_name as name, xchan_network as net, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url
 				FROM abook left join xchan on abook_xchan = xchan_hash
-				WHERE abook_channel = %d 
+				WHERE abook_channel = %d
 				and xchan_deleted = 0
+				and xchan_network IN ('zot', 'diaspora', 'friendica-over-diaspora')
 				$sql_extra3
 				ORDER BY xchan_name ASC ",
 				intval(local_channel())
@@ -296,18 +300,18 @@ class Acl extends \Zotlabs\Web\Controller {
 					}
 				}
 			}
-			
+
 		}
 		elseif($type == 'a') {
-	
-			$r = q("SELECT abook_id as id, xchan_name as name, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_network as network, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
+
+			$r = q("SELECT abook_id as id, xchan_name as name, xchan_network as net, xchan_hash as hash, xchan_addr as nick, xchan_photo_s as micro, xchan_url as url, xchan_addr as attag , abook_their_perms FROM abook left join xchan on abook_xchan = xchan_hash
 				WHERE abook_channel = %d
 				and xchan_deleted = 0
 				$sql_extra3
 				ORDER BY xchan_name ASC ",
 				intval(local_channel())
 			);
-	
+
 		}
 		elseif($type == 'x') {
 			$r = $this->navbar_complete($a);
@@ -321,7 +325,7 @@ class Acl extends \Zotlabs\Web\Controller {
 					);
 				}
 			}
-	
+
 			$o = array(
 				'start' => $start,
 				'count'	=> $count,
@@ -332,27 +336,34 @@ class Acl extends \Zotlabs\Web\Controller {
 		}
 		else
 			$r = array();
-	
+
 		if($r) {
+			$i = count($contacts);
+			$x = [];
 			foreach($r as $g) {
-	
-				if(in_array($g['network'],['rss','anon','unknown']) && ($type != 'a'))
+
+				if(in_array($g['net'],['rss','anon','unknown']) && ($type != 'a'))
 					continue;

 				$g['hash'] = urlencode($g['hash']);
-				
+
 				if(! $g['nick']) {
 					$g['nick'] = $g['url'];
 				}

+				$clink = ($g['nick']) ? $g['nick'] : $g['url'];
+				$lkey = md5($clink);
+				if (! array_key_exists($lkey, $x))
+					$x[$lkey] = $i;
+
 				if(in_array($g['hash'],$permitted) && $type === 'f' && (! $noforums)) {
-					$contacts[] = array(
+					$contacts[$i] = array(
 						"type"     => "c",
 						"photo"    => "images/twopeople.png",
 						"name"     => $g['name'],
 						"id"	   => urlencode($g['id']),
 						"xid"      => $g['hash'],
-						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
+						"link"     => $clink,
 						"nick"     => substr($g['nick'],0,strpos($g['nick'],'@')),
 						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
 						"taggable" => 'taggable',
@@ -360,24 +371,28 @@ class Acl extends \Zotlabs\Web\Controller {
 					);
 				}
 				if($type !== 'f') {
-					$contacts[] = array(
-						"type"     => "c",
-						"photo"    => $g['micro'],
-						"name"     => $g['name'],
-						"id"	   => urlencode($g['id']),
-						"xid"      => $g['hash'],
-						"link"     => (($g['nick']) ? $g['nick'] : $g['url']),
-						"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
-						"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
-						"taggable" => '',
-						"label"    => '',
-					);
+					if (! array_key_exists($x[$lkey], $contacts) || ($contacts[$x[$lkey]]['net'] !== 'zot6' && ($g['net'] == 'zot6' || $g['net'] == 'zot'))) {
+						$contacts[$x[$lkey]] = array(
+							"type"     => "c",
+							"photo"    => $g['micro'],
+							"name"     => $g['name'],
+							"id"	   => urlencode($g['id']),
+							"xid"      => $g['hash'],
+							"link"     => $clink,
+							"nick"     => ((strpos($g['nick'],'@')) ? substr($g['nick'],0,strpos($g['nick'],'@')) : $g['nick']),
+							"self"     => (intval($g['abook_self']) ? 'abook-self' : ''),
+							"taggable" => '',
+							"label"    => '',
+							"net"      => $g['net']
+						);
+					}
 				}
-			}			
+				$i++;
+			}
 		}
-			
+
 		$items = array_merge($groups, $contacts);
-		
+
 		$o = array(
 			'start' => $start,
 			'count'	=> $count,
@@ -391,50 +406,50 @@ class Acl extends \Zotlabs\Web\Controller {


 	function navbar_complete(&$a) {
-	
+
 	//	logger('navbar_complete');
-	
+
 		if(observer_prohibited()) {
 			return;
 		}
-	
+
 		$dirmode = intval(get_config('system','directory_mode'));
 		$search = ((x($_REQUEST,'search')) ? htmlentities($_REQUEST['search'],ENT_COMPAT,'UTF-8',false) : '');
 		if(! $search || mb_strlen($search) < 2)
 			return array();
-	
+
 		$star = false;
 		$address = false;
-	
+
 		if(substr($search,0,1) === '@')
 			$search = substr($search,1);
-	
+
 		if(substr($search,0,1) === '*') {
 			$star = true;
 			$search = substr($search,1);
 		}
-	
+
 		if(strpos($search,'@') !== false) {
 			$address = true;
 		}
-	
+
 		if(($dirmode == DIRECTORY_MODE_PRIMARY) || ($dirmode == DIRECTORY_MODE_STANDALONE)) {
 			$url = z_root() . '/dirsearch';
 		}
-	
+
 		if(! $url) {
 			require_once("include/dir_fns.php");
-			$directory = find_upstream_directory($dirmode);
+			$directory = Libzotdir::find_upstream_directory($dirmode);
 			$url = $directory['url'] . '/dirsearch';
 		}

 		$token = get_config('system','realm_token');
-	
+
 		$count = (x($_REQUEST,'count') ?  $_REQUEST['count'] : 100);
 		if($url) {
 			$query = $url . '?f=' . (($token) ? '&t=' . urlencode($token) : '');
 			$query .= '&name=' . urlencode($search) . "&limit=$count" . (($address) ? '&address=' . urlencode(punify($search)) : '');
-	
+
 			$x = z_fetch_url($query);
 			if($x['success']) {
 				$t = 0;
--- a/Zotlabs/Module/Activity.php
+++ b/Zotlabs/Module/Activity.php
@@ -0,0 +1,279 @@
+<?php
+namespace Zotlabs\Module;
+
+use Zotlabs\Lib\IConfig;
+use Zotlabs\Lib\Enotify;
+use Zotlabs\Web\Controller;
+use Zotlabs\Daemon\Master;
+use Zotlabs\Lib\Activity as ZlibActivity;
+use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\LDSignatures;
+use Zotlabs\Web\HTTPSig;
+use Zotlabs\Lib\Libzot;
+use Zotlabs\Lib\ThreadListener;
+use App;
+
+
+class Activity extends Controller {
+
+	function init() {
+
+		if (Libzot::is_zot_request()) {
+
+			$item_id = argv(1);
+			if (! $item_id)
+				http_status_exit(404, 'Not found');
+
+			$portable_id = EMPTY_STR;
+
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 ";
+
+			$i = null;
+
+			// do we have the item (at all)?
+
+			$r = q("select * from item where mid = '%s' $item_normal limit 1",
+				dbesc(z_root() . '/activity/' . $item_id)
+			);
+
+			if (! $r) {
+				http_status_exit(404,'Not found');
+			}
+
+			// process an authenticated fetch
+
+			$sigdata = HTTPSig::verify(EMPTY_STR);
+			if($sigdata['portable_id'] && $sigdata['header_valid']) {
+				$portable_id = $sigdata['portable_id'];
+				observer_auth($portable_id);
+
+				// first see if we have a copy of this item's parent owned by the current signer
+				// include xchans for all zot-like networks - these will have the same guid and public key
+
+				$x = q("select * from xchan where xchan_hash = '%s'",
+					dbesc($sigdata['portable_id'])
+				);
+
+				if ($x) {
+					$xchans = q("select xchan_hash from xchan where xchan_hash = '%s' OR ( xchan_guid = '%s' AND xchan_pubkey = '%s' ) ",
+						dbesc($sigdata['portable_id']),
+						dbesc($x[0]['xchan_guid']),
+						dbesc($x[0]['xchan_pubkey'])
+					);
+
+					if ($xchans) {
+						$hashes = ids_to_querystr($xchans,'xchan_hash',true);
+						$i = q("select id as item_id from item where mid = '%s' $item_normal and owner_xchan in ( " . protect_sprintf($hashes) . " ) limit 1",
+							dbesc($r[0]['parent_mid'])
+						);
+					}
+				}
+			}
+
+			// if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access
+			// with a bias towards those items owned by channels on this site (item_wall = 1)
+
+			$sql_extra = item_permissions_sql(0);
+
+			if (! $i) {
+				$i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1",
+					dbesc($r[0]['parent_mid'])
+				);
+			}
+
+			if(! $i) {
+				http_status_exit(403,'Forbidden');
+			}
+
+			$parents_str = ids_to_querystr($i,'item_id');
+	
+			$items = q("SELECT item.*, item.id AS item_id FROM item WHERE item.parent IN ( %s ) $item_normal ",
+				dbesc($parents_str)
+			);
+
+			if(! $items) {
+				http_status_exit(404, 'Not found');
+			}
+
+			xchan_query($items,true);
+			$items = fetch_post_tags($items,true);
+
+			$observer = App::get_observer();
+			$parent = $items[0];
+			$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []);
+			$to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null);
+			$nitems = [];
+			foreach($items as $i) {
+
+				$mids = [];
+
+				if(intval($i['item_private'])) {
+					if(! $observer) {
+						continue;
+					}
+					// ignore private reshare, possibly from hubzilla
+					if($i['verb'] === 'Announce') {
+						if(! in_array($i['thr_parent'],$mids)) {
+							$mids[] = $i['thr_parent'];
+						}
+						continue;
+					}
+					// also ignore any children of the private reshares
+					if(in_array($i['thr_parent'],$mids)) {
+						continue;
+					}
+
+					if((! $to) || (! in_array($observer['xchan_url'],$to))) {
+						continue;
+					}
+
+				}
+				$nitems[] = $i;
+			}
+
+			if(! $nitems)
+				http_status_exit(404, 'Not found');
+
+			$chan = channelx_by_n($nitems[0]['uid']);
+
+			if(! $chan)
+				http_status_exit(404, 'Not found');
+
+			if(! perm_is_allowed($chan['channel_id'],get_observer_hash(),'view_stream'))
+				http_status_exit(403, 'Forbidden');
+
+			$i = ZlibActivity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection');
+			if($portable_id && (! intval($items[0]['item_private']))) {
+				ThreadListener::store(z_root() . '/activity/' . $item_id, $portable_id);
+			}
+
+			if(! $i)
+				http_status_exit(404, 'Not found');
+
+			$x = array_merge(['@context' => [
+				ACTIVITYSTREAMS_JSONLD_REV,
+				'https://w3id.org/security/v1',
+				z_root() . ZOT_APSCHEMA_REV
+				]], $i);
+
+			$headers = [];
+			$headers['Content-Type'] = 'application/x-zot+json' ;
+			$x['signature'] = LDSignatures::sign($x,$chan);
+			$ret = json_encode($x, JSON_UNESCAPED_SLASHES);
+			$headers['Digest'] = HTTPSig::generate_digest_header($ret);
+			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
+			$h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan));
+			HTTPSig::set_headers($h);
+			echo $ret;
+			killme();
+
+		}
+
+		if(ActivityStreams::is_as_request()) {
+
+			$item_id = argv(1);
+
+			if (! $item_id) {
+				return;
+			}
+
+			$ob_authorise = false;
+			$item_uid = 0;
+
+			$bear = ZlibActivity::token_from_request();
+			if ($bear) {
+				logger('bear: ' . $bear, LOGGER_DEBUG);
+				$t = q("select item.uid, iconfig.v from iconfig left join item on iid = item.id where cat = 'ocap' and item.uuid = '%s'",
+					dbesc($item_id)
+				);
+				if ($t) {
+					foreach ($t as $token) {
+						if ($token['v'] === $bear) {
+							$ob_authorize = true;
+							$item_uid = $token['uid'];
+							break;
+						}
+					}
+				}
+			}
+
+			$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 
+				and item.item_delayed = 0 and item.item_blocked = 0 ";
+
+			$sigdata = HTTPSig::verify(EMPTY_STR);
+			if ($sigdata['portable_id'] && $sigdata['header_valid']) {
+				$portable_id = $sigdata['portable_id'];
+				if (! check_channelallowed($portable_id)) {
+					http_status_exit(403, 'Permission denied');
+				}
+				if (! check_siteallowed($sigdata['signer'])) {
+					http_status_exit(403, 'Permission denied');
+				}
+				observer_auth($portable_id);
+			}
+
+			// if passed an owner_id of 0 to item_permissions_sql(), we force "guest access" or observer checking
+			// Give ocap tokens priority
+
+			if ($ob_authorize) {
+				$sql_extra = " and item.uid = " . intval($token['uid']) . " ";
+			}
+			else {
+				$sql_extra = item_permissions_sql(0);
+			}
+
+			$r = q("select * from item where uuid = '%s' $item_normal $sql_extra limit 1",
+				dbesc($item_id)
+			);
+
+			if (! $r) {
+				$r = q("select * from item where uuid = '%s' $item_normal limit 1",
+					dbesc($item_id)
+				);
+				if($r) {
+					http_status_exit(403, 'Forbidden');
+				}
+				http_status_exit(404, 'Not found');
+			}
+
+			xchan_query($r,true);
+			$items = fetch_post_tags($r,false);
+
+			if ($portable_id && (! intval($items[0]['item_private']))) {
+				$c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s'",
+					intval($items[0]['uid']),
+					dbesc($portable_id)
+				);
+				if (! $c) {
+					ThreadListener::store(z_root() . '/activity/' . $item_id, $portable_id);
+				}
+			}
+
+			$channel = channelx_by_n($items[0]['uid']);
+
+			$x = array_merge( ['@context' => [
+				ACTIVITYSTREAMS_JSONLD_REV,
+				'https://w3id.org/security/v1',
+				z_root() . ZOT_APSCHEMA_REV
+				]], ZlibActivity::encode_activity($items[0],true));
+
+			$headers = [];
+			$headers['Content-Type'] = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' ;
+			$x['signature'] = LDSignatures::sign($x,$channel);
+			$ret = json_encode($x, JSON_UNESCAPED_SLASHES);
+			$headers['Date'] = datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T');
+			$headers['Digest'] = HTTPSig::generate_digest_header($ret);
+			$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'];
+
+			$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel));
+			HTTPSig::set_headers($h);
+			echo $ret;
+			killme();
+
+		}
+
+		goaway(z_root() . '/item/' . argv(1));
+
+	}
+
+}
--- a/Zotlabs/Module/Admin.php
+++ b/Zotlabs/Module/Admin.php
@@ -86,7 +86,7 @@ class Admin extends \Zotlabs\Web\Controller {

 		// list total user accounts, expirations etc.
 		$accounts = array();
-		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account",
+		$r = q("SELECT COUNT(CASE WHEN account_id > 0 THEN 1 ELSE NULL END) AS total, COUNT(CASE WHEN account_expires > %s THEN 1 ELSE NULL END) AS expiring, COUNT(CASE WHEN account_expires < %s AND account_expires > '%s' THEN 1 ELSE NULL END) AS expired, COUNT(CASE WHEN (account_flags & %d)>0 THEN 1 ELSE NULL END) AS blocked FROM account",
 			db_utcnow(),
 			db_utcnow(),
 			dbesc(NULL_DATE),
@@ -109,11 +109,9 @@ class Admin extends \Zotlabs\Web\Controller {

 		// available channels, primary and clones
 		$channels = array();
-		$r = q("SELECT COUNT(*) AS total, COUNT(CASE WHEN channel_primary = 1 THEN 1 ELSE NULL END) AS main, COUNT(CASE WHEN channel_primary = 0 THEN 1 ELSE NULL END) AS clones FROM channel WHERE channel_removed = 0 and channel_system = 0");
+		$r = q("SELECT COUNT(*) AS total FROM channel WHERE channel_removed = 0 and channel_system = 0");
 		if ($r) {
 			$channels['total']  = array('label' => t('Channels'), 'val' => $r[0]['total']);
-			$channels['main']   = array('label' => t('Primary'), 'val' => $r[0]['main']);
-			$channels['clones'] = array('label' => t('Clones'), 'val' => $r[0]['clones']);
 		}

 		// We can do better, but this is a quick queue status
--- a/Zotlabs/Module/Admin/Addons.php
+++ b/Zotlabs/Module/Admin/Addons.php
@@ -2,6 +2,7 @@

 namespace Zotlabs\Module\Admin;

+use App;
 use \Zotlabs\Storage\GitRepo;
 use \Michelf\MarkdownExtra;

@@ -17,7 +18,7 @@ class Addons {
 			@include_once("addon/" . argv(2) . "/" . argv(2) . ".php");
 			if(function_exists(argv(2).'_plugin_admin_post')) {
 				$func = argv(2) . '_plugin_admin_post';
-				$func($a);
+				$func();
 			}

 			goaway(z_root() . '/admin/addons/' . argv(2) );
@@ -253,14 +254,14 @@ class Addons {
 		 * Single plugin
 		 */

-		if (\App::$argc == 3){
-			$plugin = \App::$argv[2];
+		if (App::$argc == 3){
+			$plugin = App::$argv[2];
 			if (!is_file("addon/$plugin/$plugin.php")){
 				notice( t("Item not found.") );
 				return '';
 			}

-			$enabled = in_array($plugin,\App::$plugins);
+			$enabled = in_array($plugin,App::$plugins);
 			$info = get_plugin_info($plugin);
 			$x = check_plugin_versions($info);

@@ -268,11 +269,11 @@ class Addons {

 			if($enabled && ! $x) {
 				$enabled = false;
-				$idz = array_search($plugin, \App::$plugins);
+				$idz = array_search($plugin, App::$plugins);
 				if ($idz !== false) {
-					unset(\App::$plugins[$idz]);
+					unset(App::$plugins[$idz]);
 					uninstall_plugin($plugin);
-					set_config("system","addon", implode(", ",\App::$plugins));
+					set_config("system","addon", implode(", ",App::$plugins));
 				}
 			}
 			$info['disabled'] = 1-intval($x);
@@ -281,19 +282,19 @@ class Addons {
 				check_form_security_token_redirectOnErr('/admin/addons', 'admin_addons', 't');
 				$pinstalled = false;
 				// Toggle plugin status
-				$idx = array_search($plugin, \App::$plugins);
+				$idx = array_search($plugin, App::$plugins);
 				if ($idx !== false){
-					unset(\App::$plugins[$idx]);
+					unset(App::$plugins[$idx]);
 					uninstall_plugin($plugin);
 					$pinstalled = false;
 					info( sprintf( t("Plugin %s disabled."), $plugin ) );
 				} else {
-					\App::$plugins[] = $plugin;
+					App::$plugins[] = $plugin;
 					install_plugin($plugin);
 					$pinstalled = true;
 					info( sprintf( t("Plugin %s enabled."), $plugin ) );
 				}
-				set_config("system","addon", implode(", ",\App::$plugins));
+				set_config("system","addon", implode(", ",App::$plugins));

 				if($pinstalled) {
 					@require_once("addon/$plugin/$plugin.php");
@@ -305,7 +306,7 @@ class Addons {

 			// display plugin details

-			if (in_array($plugin, \App::$plugins)){
+			if (in_array($plugin, App::$plugins)){
 				$status = 'on';
 				$action = t('Disable');
 			} else {
@@ -331,7 +332,7 @@ class Addons {
 				@require_once("addon/$plugin/$plugin.php");
 				if(function_exists($plugin.'_plugin_admin')) {
 					$func = $plugin.'_plugin_admin';
-					$func($a, $admin_form);
+					$func($admin_form);
 				}
 			}

@@ -375,20 +376,23 @@ class Addons {
 		if($files) {
 			foreach($files as $file) {
 				if (is_dir($file)){
+					if($file == 'addon/addon_common/')
+						continue;
+
 					list($tmp, $id) = array_map('trim', explode('/', $file));
 					$info = get_plugin_info($id);
-					$enabled = in_array($id,\App::$plugins);
+					$enabled = in_array($id,App::$plugins);
 					$x = check_plugin_versions($info);

 					// disable plugins which are installed but incompatible versions

 					if($enabled && ! $x) {
 						$enabled = false;
-						$idz = array_search($id, \App::$plugins);
+						$idz = array_search($id, App::$plugins);
 						if ($idz !== false) {
-							unset(\App::$plugins[$idz]);
+							unset(App::$plugins[$idz]);
 							uninstall_plugin($id);
-							set_config("system","addon", implode(", ",\App::$plugins));
+							set_config("system","addon", implode(", ",App::$plugins));
 						}
 					}
 					$info['disabled'] = 1-intval($x);
@@ -476,4 +480,4 @@ class Addons {
 		return(strcmp(strtolower($a[2]['name']),strtolower($b[2]['name'])));
 	}

-}
+}
--- a/Zotlabs/Module/Admin/Dbsync.php
+++ b/Zotlabs/Module/Admin/Dbsync.php
@@ -19,7 +19,47 @@ class Dbsync {
 			info( t('Update has been marked successful') . EOL);
 			goaway(z_root() . '/admin/dbsync');
 		}
+
+		if(argc() > 3 && intval(argv(3)) && argv(2) === 'verify') {
+
+			$s = '_' . intval(argv(3));
+			$cls = '\\Zotlabs\Update\\' . $s ;
+			if(class_exists($cls)) {
+				$c =  new $cls();
+				if(method_exists($c,'verify')) {
+					$retval = $c->verify();
+					if($retval === UPDATE_FAILED) {
+						$o .= sprintf( t('Verification of update %s failed. Check system logs.'), $s); 
+					}
+					elseif($retval === UPDATE_SUCCESS) {
+						$o .= sprintf( t('Update %s was successfully applied.'), $s);
+						set_config('database',$s, 'success');
+					}
+					else
+						$o .= sprintf( t('Verifying update %s did not return a status. Unknown if it succeeded.'), $s);
+				}
+				else {
+						$o .= sprintf( t('Update %s does not contain a verification function.'), $s );
+				}
+			}
+			else
+				$o .= sprintf( t('Update function %s could not be found.'), $s);
 	
+			return $o;
+
+
+
+
+
+			// remove the old style config if it exists
+			del_config('database', 'update_r' . intval(argv(3)));
+			set_config('database', '_' . intval(argv(3)), 'success');
+			if(intval(get_config('system','db_version')) < intval(argv(3)))
+				set_config('system','db_version',intval(argv(3)));
+			info( t('Update has been marked successful') . EOL);
+			goaway(z_root() . '/admin/dbsync');
+		}
+
 		if(argc() > 2 && intval(argv(2))) {
 			$x = intval(argv(2));
 			$s = '_' . $x;
@@ -28,14 +68,14 @@ class Dbsync {
 				$c =  new $cls();
 				$retval = $c->run();
 				if($retval === UPDATE_FAILED) {
-					$o .= sprintf( t('Executing %s failed. Check system logs.'), $s); 
+					$o .= sprintf( t('Executing update procedure %s failed. Check system logs.'), $s); 
 				}
 				elseif($retval === UPDATE_SUCCESS) {
 					$o .= sprintf( t('Update %s was successfully applied.'), $s);
 					set_config('database',$s, 'success');
 				}
 				else
-					$o .= sprintf( t('Update %s did not return a status. Unknown if it succeeded.'), $s);
+					$o .= sprintf( t('Update %s did not return a status. It cannot be determined if it was successful.'), $s);
 			}
 			else
 				$o .= sprintf( t('Update function %s could not be found.'), $s);
@@ -59,6 +99,7 @@ class Dbsync {
 				'$banner' => t('Failed Updates'),
 				'$desc'   => '',
 				'$mark'   => t('Mark success (if update was manually applied)'),
+				'$verify' => t('Attempt to verify this update if a verification procedure exists'),
 				'$apply'  => t('Attempt to execute this update step automatically'),
 				'$failed' => $failed
 		));
--- a/Zotlabs/Module/Admin/Security.php
+++ b/Zotlabs/Module/Admin/Security.php
@@ -43,6 +43,12 @@ class Security {
 	
 		$be = $this->trim_array_elems(explode("\n",$_POST['embed_deny']));
 		set_config('system','embed_deny',$be);
+
+		$thumbnail_security = ((x($_POST,'thumbnail_security')) ? intval($_POST['thumbnail_security']) : 0);
+		set_config('system', 'thumbnail_security' , $thumbnail_security);
+
+		$inline_pdf = ((x($_POST,'inline_pdf')) ? intval($_POST['inline_pdf']) : 0);
+		set_config('system', 'inline_pdf' , $inline_pdf);
 	
 		$ts = ((x($_POST,'transport_security')) ? True : False);
 		set_config('system','transport_security_header',$ts);
@@ -86,7 +92,7 @@ class Security {
 		$embedhelp2 = t("The recommended setting is to only allow unfiltered HTML from the following sites:"); 
 		$embedhelp3 = t("https://youtube.com/<br />https://www.youtube.com/<br />https://youtu.be/<br />https://vimeo.com/<br />https://soundcloud.com/<br />");
 		$embedhelp4 = t("All other embedded content will be filtered, <strong>unless</strong> embedded content from that site is explicitly blocked.");
-	
+
 		$t = get_markup_template('admin_security.tpl');
 		return replace_macros($t, array(
 			'$title' => t('Administration'),
@@ -106,7 +112,9 @@ class Security {
 			'$embed_sslonly' => array('embed_sslonly',t('Only allow embeds from secure (SSL) websites and links.'), intval(get_config('system','embed_sslonly')),''),
 			'$embed_allow' => array('embed_allow', t('Allow unfiltered embedded HTML content only from these domains'), $whiteembeds_str, t('One site per line. By default embedded content is filtered.')),
 			'$embed_deny' => array('embed_deny', t('Block embedded HTML from these domains'), $blackembeds_str, ''),
-	
+			'$thumbnail_security'   => [ 'thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.") ],
+			'$inline_pdf'   => [ 'inline_pdf', t("Allow embedded (inline) PDF files"), get_config('system','inline_pdf',0), '' ],
+
 //	        '$embed_coop'     => array('embed_coop', t('Cooperative embed security'), $embed_coop, t('Enable to share embed security with other compatible sites/hubs')),

 			'$submit' => t('Submit')
@@ -128,4 +136,4 @@ class Security {
 	}
 	
 	
-}
+}
--- a/Zotlabs/Module/Admin/Site.php
+++ b/Zotlabs/Module/Admin/Site.php
@@ -62,6 +62,9 @@ class Site {
 		$from_email         = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname());
 		$from_email_name    = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name());

+
+		$sse_enabled       = ((x($_POST,'sse_enabled'))      ? true : false);
+
 		$verifyssl         = ((x($_POST,'verifyssl'))        ? True : False);
 		$proxyuser         = ((x($_POST,'proxyuser'))        ? notags(trim($_POST['proxyuser']))  : '');
 		$proxy             = ((x($_POST,'proxy'))            ? notags(trim($_POST['proxy']))      : '');
@@ -73,7 +76,6 @@ class Site {
 		$feed_contacts     = ((x($_POST,'feed_contacts'))    ? intval($_POST['feed_contacts'])    : 0);
 		$verify_email      = ((x($_POST,'verify_email'))     ? 1 : 0);
 		$imagick_path      = ((x($_POST,'imagick_path'))     ? trim($_POST['imagick_path'])   : '');
-		$thumbnail_security  = ((x($_POST,'thumbnail_security'))     ? intval($_POST['thumbnail_security'])   : 0);
 		$force_queue       = ((intval($_POST['force_queue']) > 0) ? intval($_POST['force_queue'])   : 3000);
 		$pub_incl = escape_tags(trim($_POST['pub_incl']));
 		$pub_excl = escape_tags(trim($_POST['pub_excl']));
@@ -100,7 +102,6 @@ class Site {
 		set_config('system', 'from_email', $from_email);
 		set_config('system', 'from_email_name' , $from_email_name);
 		set_config('system', 'imagick_convert_path' , $imagick_path);
-		set_config('system', 'thumbnail_security' , $thumbnail_security);
 		set_config('system', 'default_permissions_role', $permissions_role);
 		set_config('system', 'pubstream_incl',$pub_incl);
 		set_config('system', 'pubstream_excl',$pub_excl);
@@ -119,7 +120,7 @@ class Site {
 			del_config('system', 'admininfo');
 		} else {
 			require_once('include/text.php');
-			linkify_tags($a, $admininfo, local_channel());
+			linkify_tags($admininfo, local_channel());
 			set_config('system', 'admininfo', $admininfo);
 		}
 		set_config('system','siteinfo',$siteinfo);
@@ -153,6 +154,9 @@ class Site {

 		set_config('system','no_community_page', $no_community_page);
 		set_config('system','no_utf', $no_utf);
+
+		set_config('system','sse_enabled', $sse_enabled);
+
 		set_config('system','verifyssl', $verifyssl);
 		set_config('system','proxyuser', $proxyuser);
 		set_config('system','proxy', $proxy);
@@ -333,6 +337,8 @@ class Site {

 			'$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null),

+			'$sse_enabled'		=> array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')),
+
 			'$proxyuser'		=> array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""),
 			'$proxy'			=> array('proxy', t("Proxy URL"), get_config('system','proxy'), ""),
 			'$timeout'			=> array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")),
@@ -341,7 +347,6 @@ class Site {
 			'$force_queue'			=> array('force_queue', t("Queue Threshold"), get_config('system','force_queue_threshold',3000), t("Always defer immediate delivery if queue contains more than this number of entries.")),
 			'$poll_interval'			=> array('poll_interval', t("Poll interval"), (x(get_config('system','poll_interval'))?get_config('system','poll_interval'):2), t("Delay background polling processes by this many seconds to reduce system load. If 0, use delivery interval.")),
 			'$imagick_path'			=> array('imagick_path', t("Path to ImageMagick convert program"), get_config('system','imagick_convert_path'), t("If set, use this program to generate photo thumbnails for huge images ( > 4000 pixels in either dimension), otherwise memory exhaustion may occur. Example: /usr/bin/convert")),
-			'$thumbnail_security'			=> array('thumbnail_security', t("Allow SVG thumbnails in file browser"), get_config('system','thumbnail_security',0), t("WARNING: SVG images may contain malicious code.")),
 			'$maxloadavg'			=> array('maxloadavg', t("Maximum Load Average"), ((intval(get_config('system','maxloadavg')) > 0)?get_config('system','maxloadavg'):50), t("Maximum system load before delivery and poll processes are deferred - default 50.")),
 			'$default_expire_days' => array('default_expire_days', t('Expiration period in days for imported (grid/network) content'), intval(get_config('system','default_expire_days')), t('0 for no expiration of imported content')),
 			'$active_expire_days' => array('active_expire_days', t('Do not expire any posts which have comments less than this many days ago'), intval(get_config('system','active_expire_days',7)), ''),
--- a/Zotlabs/Module/Affinity.php
+++ b/Zotlabs/Module/Affinity.php
@@ -0,0 +1,94 @@
+<?php
+
+namespace Zotlabs\Module;
+
+use App;
+use Zotlabs\Lib\Apps;
+use Zotlabs\Lib\Libsync;
+
+class Affinity extends \Zotlabs\Web\Controller {
+
+	function post() {
+
+		if(! local_channel())
+			return;
+
+		if(! Apps::system_app_installed(local_channel(),'Affinity Tool'))
+			return;
+
+		check_form_security_token_redirectOnErr('affinity', 'affinity');
+
+		$cmax = intval($_POST['affinity_cmax']);
+		if($cmax < 0 || $cmax > 99)
+			$cmax = 99;
+
+		$cmin = intval($_POST['affinity_cmin']);
+		if($cmin < 0 || $cmin > 99)
+			$cmin = 0;
+
+		$lock = intval($_POST['affinity_lock']);
+
+		set_pconfig(local_channel(),'affinity','cmin',$cmin);
+		set_pconfig(local_channel(),'affinity','cmax',$cmax);
+		set_pconfig(local_channel(),'affinity','lock',$lock);
+
+		info( t('Affinity Tool settings updated.') . EOL);
+
+		Libsync::build_sync_packet();
+
+	}
+
+
+	function get() {
+
+		if(! local_channel())
+			return;
+
+		$desc = t('This app presents a slider control in your connection editor and also on your network page. The slider represents your degree of friendship (affinity) with each connection. It allows you to zoom in or out and display conversations from only your closest friends or everybody in your stream.');
+		if(! Apps::system_app_installed(local_channel(),'Affinity Tool')) {
+			//Do not display any associated widgets at this point
+			App::$pdl = '';
+
+			$o = '<b>' . t('Affinity Tool App') . ' (' . t('Not Installed') . '):</b><br>';
+			$o .= $desc;
+			return $o;
+		}
+
+		$text = t('The numbers below represent the minimum and maximum slider default positions for your network/stream page as a percentage.'); 			
+
+		$content = '<div class="section-content-info-wrapper">' . $text . '</div>';
+
+		$cmax = intval(get_pconfig(local_channel(),'affinity','cmax'));
+		$cmax = (($cmax) ? $cmax : 99);
+		$content .= replace_macros(get_markup_template('field_input.tpl'), array(
+			'$field'    => array('affinity_cmax', t('Default maximum affinity level'), $cmax, t('0-99 default 99'))
+		));
+
+		$cmin = intval(get_pconfig(local_channel(),'affinity','cmin'));
+		$cmin = (($cmin) ? $cmin : 0);
+		$content .= replace_macros(get_markup_template('field_input.tpl'), array(
+			'$field'    => array('affinity_cmin', t('Default minimum affinity level'), $cmin, t('0-99 - default 0'))
+		));
+
+		$lock = intval(get_pconfig(local_channel(),'affinity','lock',1));
+
+		$content .= replace_macros(get_markup_template('field_checkbox.tpl'), array(
+			'$field'    => array('affinity_lock', t('Persistent affinity levels'), $lock, t('If disabled the max and min levels will be reset to default after page reload'), ['No','Yes'])
+		));
+
+		$tpl = get_markup_template("settings_addon.tpl");
+
+		$o = replace_macros($tpl, array(
+			'$action_url' => 'affinity',
+			'$form_security_token' => get_form_security_token("affinity"),
+			'$title' => t('Affinity Tool Settings'),
+			'$content'  => $content,
+			'$baseurl'   => z_root(),
+			'$submit'    => t('Submit'),
+		));
+
+		return $o;
+	}
+
+
+}
--- a/Zotlabs/Module/Appman.php
+++ b/Zotlabs/Module/Appman.php
@@ -90,12 +90,12 @@ class Appman extends \Zotlabs\Web\Controller {

 		$channel = \App::get_channel();

-		if(argc() > 2) {
+		if(argc() > 3) {
 			if(argv(2) === 'moveup') {
-				Zlib\Apps::moveup(local_channel(),argv(1));
+				Zlib\Apps::moveup(local_channel(),argv(1),argv(3));
 			}
 			if(argv(2) === 'movedown') {
-				Zlib\Apps::movedown(local_channel(),argv(1));
+				Zlib\Apps::movedown(local_channel(),argv(1),argv(3));
 			}
 			goaway(z_root() . '/apporder');
 		}
--- a/Zotlabs/Module/Apporder.php
+++ b/Zotlabs/Module/Apporder.php
@@ -17,25 +17,28 @@ class Apporder extends \Zotlabs\Web\Controller {

 		nav_set_selected('Order Apps');

-		$syslist = array();
-		$list = Zlib\Apps::app_list(local_channel(), false, ['nav_featured_app', 'nav_pinned_app']);
-		if($list) {
-			foreach($list as $li) {
-				$syslist[] = Zlib\Apps::app_encode($li);
+		foreach( [ 'nav_featured_app', 'nav_pinned_app' ] as $l ) {
+			$syslist = [];
+			$list = Zlib\Apps::app_list(local_channel(), false, [ $l ]);
+			if($list) {
+				foreach($list as $li) {
+					$syslist[] = Zlib\Apps::app_encode($li);
+				}
 			}
-		}
-		Zlib\Apps::translate_system_apps($syslist);
+		
+			Zlib\Apps::translate_system_apps($syslist);

-		usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');
+			usort($syslist,'Zotlabs\\Lib\\Apps::app_name_compare');

-		$syslist = Zlib\Apps::app_order(local_channel(),$syslist);
+			$syslist = Zlib\Apps::app_order(local_channel(),$syslist, $l);

-		foreach($syslist as $app) {
-			if(strpos($app['categories'],'nav_pinned_app') !== false) {
-				$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order');
-			}
-			else {
-				$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+			foreach($syslist as $app) {
+				if($l === 'nav_pinned_app') {
+					$navbar_apps[] = Zlib\Apps::app_render($app,'nav-order-pinned');
+				}
+				else {
+					$nav_apps[] = Zlib\Apps::app_render($app,'nav-order');
+				}
 			}
 		}

--- a/Zotlabs/Module/Apschema.php
+++ b/Zotlabs/Module/Apschema.php
@@ -0,0 +1,66 @@
+<?php
+
+namespace Zotlabs\Module;
+
+
+class Apschema extends \Zotlabs\Web\Controller {
+
+	function init() {
+
+		$base = z_root();
+
+		$arr = [
+			'@context' => [
+				'zot'              => z_root() . '/apschema#',
+				'id'               => '@id',
+				'type'             => '@type',
+				'commentPolicy'    => 'as:commentPolicy',
+				'meData'           => 'zot:meData',
+				'meDataType'       => 'zot:meDataType',
+				'meEncoding'       => 'zot:meEncoding',
+				'meAlgorithm'      => 'zot:meAlgorithm',
+				'meCreator'        => 'zot:meCreator',
+				'meSignatureValue' => 'zot:meSignatureValue',
+				'locationAddress'  => 'zot:locationAddress',
+				'locationPrimary'  => 'zot:locationPrimary',
+				'locationDeleted'  => 'zot:locationDeleted',
+				'nomadicLocation'  => 'zot:nomadicLocation',
+				'nomadicHubs'      => 'zot:nomadicHubs',
+				'emojiReaction'    => 'zot:emojiReaction',
+				'expires'          => 'zot:expires',
+				'directMessage'    => 'zot:directMessage',
+				'schema'           => 'http://schema.org#',
+				'PropertyValue'    => 'schema:PropertyValue',
+				'value'            => 'schema:value',
+
+				'magicEnv' => [
+					'@id'   => 'zot:magicEnv',
+					'@type' => '@id'
+				],
+
+				'nomadicLocations' => [
+					'@id'   => 'zot:nomadicLocations',
+					'@type' => '@id'
+				],
+
+				'ostatus'      => 'http://ostatus.org#',
+				'conversation' => 'ostatus:conversation',
+
+				'diaspora'     => 'https://diasporafoundation.org/ns/',
+				'guid'         => 'diaspora:guid',
+
+				'Hashtag'      => 'as:Hashtag'
+				
+			]
+		];
+
+		header('Content-Type: application/ld+json');
+		echo json_encode($arr,JSON_UNESCAPED_SLASHES);
+		killme();
+
+	}
+
+
+
+
+}
--- a/Zotlabs/Module/Article_edit.php
+++ b/Zotlabs/Module/Article_edit.php
@@ -63,9 +63,9 @@ class Article_edit extends \Zotlabs\Web\Controller {

 		if ($catsenabled){
 		        $itm = fetch_post_tags($itm);
-	
+
 	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
-	
+
 		        foreach ($cats as $cat) {
 		                if (strlen($category))
 		                        $category .= ', ';
@@ -85,10 +85,9 @@ class Article_edit extends \Zotlabs\Web\Controller {

 		$mimetype = $itm[0]['mimetype'];

+		$summary = (($itm[0]['summary']) ? '[summary]' . $itm[0]['summary'] . '[/summary]' . "\r\n" : '');
 		$content = $itm[0]['body'];

-
-
 		$rp = 'articles/' . $channel['channel_address'];

 		$x = array(
@@ -110,10 +109,11 @@ class Article_edit extends \Zotlabs\Web\Controller {
 			'ptyp' => $itm[0]['type'],
 			'mimeselect' => false,
 			'mimetype' => $itm[0]['mimetype'],
-			'body' => undo_post_tagging($content),
+			'body' => $summary . undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => true,
 			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
+			'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'),
 			'placeholdertitle' => t('Title (optional)'),
 			'pagetitle' => $card_title,
 			'profile_uid' => (intval($channel['channel_id'])),
--- a/Zotlabs/Module/Articles.php
+++ b/Zotlabs/Module/Articles.php
@@ -9,23 +9,32 @@ use Zotlabs\Lib\PermissionDescription;
 require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');
+require_once('include/opengraph.php');


 class Articles extends Controller {

 	function init() {
-	
+
 		if(argc() > 1)
 			$which = argv(1);
-		else
-			return;
-	
+
+                if(! $which) {
+                        if(local_channel()) {
+                                $channel = App::get_channel();
+                                if($channel && $channel['channel_address'])
+                                $which = $channel['channel_address'];
+                        } else {
+				return;
+			}
+                }
+
 		profile_load($which);
-	
+
 	}
-	
+
 	function get($update = 0, $load = false) {
-	
+
 		if(observer_prohibited(true)) {
 			return login();
 		}
@@ -47,7 +56,7 @@ class Articles extends Controller {

 		nav_set_selected('Articles');

-		head_add_link([ 
+		head_add_link([
 			'rel'   => 'alternate',
 			'type'  => 'application/json+oembed',
 			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . App::$query_string),
@@ -56,7 +65,7 @@ class Articles extends Controller {


 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
-					
+
 		if($category) {
 			$sql_extra2 .= protect_sprintf(term_item_parent_query(App::$profile['profile_uid'],'item', $category, TERM_CATEGORY));
 		}
@@ -65,24 +74,24 @@ class Articles extends Controller {
 		$datequery2 = ((x($_GET,'dbegin') && is_a_date_arg($_GET['dbegin'])) ? notags($_GET['dbegin']) : '');

 		$which = argv(1);
-		
+
 		$selected_card = ((argc() > 2) ? argv(2) : '');

 		$_SESSION['return_url'] = App::$query_string;
-	
+
 		$uid      = local_channel();
 		$owner    = App::$profile_uid;
 		$observer = App::get_observer();
-	
+
 		$ob_hash = (($observer) ? $observer['xchan_hash'] : '');
-		
+
 		if(! perm_is_allowed($owner,$ob_hash,'view_pages')) {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-		
+
 		$is_owner = ($uid && $uid == $owner);
-	
+
 		$channel = channelx_by_n($owner);

 		if($channel) {
@@ -96,7 +105,7 @@ class Articles extends Controller {
 		else {
 			$channel_acl = [ 'allow_cid' => '', 'allow_gid' => '', 'deny_cid' => '', 'deny_gid' => '' ];
 		}
-	
+


 		if(perm_is_allowed($owner,$ob_hash,'write_pages')) {
@@ -105,16 +114,15 @@ class Articles extends Controller {
 				'webpage'           => ITEM_TYPE_ARTICLE,
 				'is_owner'          => true,
 				'content_label'     => t('Add Article'),
-				'button'            => t('Create'),
+				'button'            => t('Save'),
 				'nickname'          => $channel['channel_address'],
-				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid'] 
+				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false,
 					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
 				'visitor'           => true,
-				'body'              => '[summary][/summary]',
 				'hide_location'     => false,
 				'hide_voting'       => false,
 				'profile_uid'       => intval($owner),
@@ -138,12 +146,12 @@ class Articles extends Controller {
 		else {
 			$editor = '';
 		}
-		
+
 		$itemspage = get_pconfig(local_channel(),'system','itemspage');
-		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
 		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));

-		
+
 		$sql_extra = item_permissions_sql($owner);
 		$sql_item = '';

@@ -167,8 +175,8 @@ class Articles extends Controller {
 			$sql_extra2 .= " and item.item_thread_top != 0 ";
 		}

-		$r = q("select * from item 
-			where item.uid = %d and item_type = %d 
+		$r = q("select * from item
+			where item.uid = %d and item_type = %d
 			$sql_extra $sql_extra2 $sql_item order by item.created desc $pager_sql",
 			intval($owner),
 			intval(ITEM_TYPE_ARTICLE)
@@ -184,7 +192,7 @@ class Articles extends Controller {

 			$parents_str = ids_to_querystr($r,'id');

-			$items = q("SELECT item.*, item.id AS item_id
+			$r = q("SELECT item.*, item.id AS item_id
 				FROM item
 				WHERE item.uid = %d $item_normal
 				AND item.parent IN ( %s )
@@ -192,17 +200,20 @@ class Articles extends Controller {
 				intval(App::$profile['profile_uid']),
 				dbesc($parents_str)
 			);
-			if($items) {
-				xchan_query($items);
-				$items = fetch_post_tags($items, true);
+			if($r) {
+				xchan_query($r);
+				$items = fetch_post_tags($r, true);
 				$items = conv_sort($items,'updated');
 			}
 			else
 				$items = [];
 		}

+		// Add Opengraph markup
+		opengraph_add_meta((! empty($items) ? $r[0] : []), $channel);
+
 		$mode = 'articles';
-			
+
 		if(get_pconfig(local_channel(),'system','articles_list_mode') && (! $selected_card))
            $page_mode = 'pager_list';
        else
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -1,61 +1,188 @@
 <?php
+
 namespace Zotlabs\Module;

+use ZipArchive;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Verify;
+
 require_once('include/security.php');
 require_once('include/attach.php');

+class Attach extends Controller {

-class Attach extends \Zotlabs\Web\Controller {
+	function post() {

-	function init() {
-	
-		if(argc() < 2) {
-			notice( t('Item not available.') . EOL);
+		$attach_ids  = ((x($_REQUEST, 'attach_ids')) ? $_REQUEST['attach_ids'] : []);
+		$attach_path = ((x($_REQUEST, 'attach_path')) ? $_REQUEST['attach_path'] : '');
+		$channel_id  = ((x($_REQUEST, 'channel_id')) ? intval($_REQUEST['channel_id']) : 0);
+		$channel     = channelx_by_n($channel_id);
+
+		if (!$channel) {
+			notice(t('Channel not found.') . EOL);
 			return;
 		}
-	
-		$r = attach_by_hash(argv(1),get_observer_hash(),((argc() > 2) ? intval(argv(2)) : 0));
-	
-		if(! $r['success']) {
-			notice( $r['message'] . EOL);
+
+		$strip_str   = '/cloud/' . $channel['channel_address'] . '/';
+		$count       = strlen($strip_str);
+		$attach_path = substr($attach_path, $count);
+
+		if ($attach_ids) {
+
+			$zip_dir = 'store/[data]/' . $channel['channel_address'] . '/tmp';
+			if (!is_dir($zip_dir))
+				mkdir($zip_dir, STORAGE_DEFAULT_PERMISSIONS, true);
+
+			$token = random_string(32);
+
+			$zip_file = 'download_' . $token . '.zip';
+			$zip_path = $zip_dir . '/' . $zip_file;
+
+			$zip = new ZipArchive();
+
+			if ($zip->open($zip_path, ZipArchive::CREATE) === true) {
+
+				$zip_filename = self::zip_archive_handler($zip, $attach_ids, $attach_path);
+
+				$zip->close();
+
+				$meta = [
+					'zip_filename' => $zip_filename,
+					'zip_path'     => $zip_path
+				];
+
+				Verify::create('zip_token', 0, $token, json_encode($meta));
+
+				json_return_and_die([
+					'success' => true,
+					'token'   => $token
+				]);
+
+			}
+		}
+	}
+
+	function get() {
+
+		if (argc() < 2) {
+			notice(t('Item not available.') . EOL);
 			return;
 		}
-	
+
+		$token = ((x($_REQUEST, 'token')) ? $_REQUEST['token'] : '');
+
+		if (argv(1) === 'download') {
+			$meta = Verify::get_meta('zip_token', 0, $token);
+
+			if (!$meta)
+				killme();
+
+			$meta = json_decode($meta, true);
+
+			header('Content-Type: application/zip');
+			header('Content-Disposition: attachment; filename="' . $meta['zip_filename'] . '"');
+			header('Content-Length: ' . filesize($meta['zip_path']));
+
+			$istream = fopen($meta['zip_path'], 'rb');
+			$ostream = fopen('php://output', 'wb');
+			if ($istream && $ostream) {
+				pipe_streams($istream, $ostream);
+				fclose($istream);
+				fclose($ostream);
+			}
+
+			unlink($meta['zip_path']);
+			killme();
+		}
+
+		$r = attach_by_hash(argv(1), get_observer_hash(), ((argc() > 2) ? intval(argv(2)) : 0));
+
+		if (!$r['success']) {
+			notice($r['message'] . EOL);
+			return;
+		}
+
 		$c = q("select channel_address from channel where channel_id = %d limit 1",
 			intval($r['data']['uid'])
 		);
-	
-		if(! $c)
+
+		if (!$c)
 			return;
-	
-	
-		$unsafe_types = array('text/html','text/css','application/javascript');
-	
-		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
-				header('Content-type: text/plain');
+
+		$unsafe_types = array('text/html', 'text/css', 'application/javascript');
+
+		if (in_array($r['data']['filetype'], $unsafe_types) && (!channel_codeallowed($r['data']['uid']))) {
+			header('Content-Type: text/plain');
 		}
 		else {
-			header('Content-type: ' . $r['data']['filetype']);
+			header('Content-Type: ' . $r['data']['filetype']);
 		}
-	
-		header('Content-disposition: attachment; filename="' . $r['data']['filename'] . '"');
-		if(intval($r['data']['os_storage'])) {
-			$fname = dbunescbin($r['data']['content']);
-			if(strpos($fname,'store') !== false)
-				$istream = fopen($fname,'rb');
+
+		header('Content-Disposition: attachment; filename="' . $r['data']['filename'] . '"');
+		if (intval($r['data']['os_storage'])) {
+			$fname = $r['data']['content'];
+			if (strpos($fname, 'store') !== false)
+				$istream = fopen($fname, 'rb');
 			else
-				$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname,'rb');
-			$ostream = fopen('php://output','wb');
-			if($istream && $ostream) {
-				pipe_streams($istream,$ostream);
+				$istream = fopen('store/' . $c[0]['channel_address'] . '/' . $fname, 'rb');
+			$ostream = fopen('php://output', 'wb');
+			if ($istream && $ostream) {
+				pipe_streams($istream, $ostream);
 				fclose($istream);
 				fclose($ostream);
 			}
 		}
 		else
-			echo dbunescbin($r['data']['content']);
+			echo $r['data']['content'];
 		killme();
-	
+
 	}
-	
+
+	public function zip_archive_handler($zip, $attach_ids, $attach_path, $pass = 1) {
+
+		$observer_hash = get_observer_hash();
+		$single        = ((count($attach_ids) == 1) ? true : false);
+		$download_name = 'download.zip';
+
+		foreach ($attach_ids as $attach_id) {
+
+			$r = attach_by_id($attach_id, $observer_hash);
+
+			if (!$r['success']) {
+				continue;
+			}
+
+			if ($r['data']['is_dir'] && $single && $pass === 1)
+				$download_name = $r['data']['filename'] . '.zip';
+
+			$zip_path = $r['data']['display_path'];
+
+			if ($attach_path) {
+				$strip_str = $attach_path . '/';
+				$count     = strlen($strip_str);
+				$zip_path  = substr($r['data']['display_path'], $count);
+			}
+
+			if ($r['data']['is_dir']) {
+				$zip->addEmptyDir($zip_path);
+
+				$d = q("SELECT id FROM attach WHERE folder = '%s'",
+					dbesc($r['data']['hash'])
+				);
+
+				$attach_ids = ids_to_array($d);
+				self::zip_archive_handler($zip, $attach_ids, $attach_path, $pass++);
+			}
+			else {
+				$file_path = $r['data']['content'];
+				$zip->addFile($file_path, $zip_path);
+				// compressing can be ressource intensive - just store the data
+				$zip->setCompressionName($zip_path, ZipArchive::CM_STORE);
+			}
+
+		}
+
+		return $download_name;
+	}
+
 }
--- a/Zotlabs/Module/Attach_edit.php
+++ b/Zotlabs/Module/Attach_edit.php
@@ -0,0 +1,203 @@
+<?php
+namespace Zotlabs\Module;
+/**
+ * @file Zotlabs/Module/Attach_edit.php
+ *
+ */
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libsync;
+use Zotlabs\Access\AccessList;
+
+class Attach_edit extends Controller {
+
+	function post() {
+
+		if (!local_channel() && !remote_channel()) {
+			return;
+		}
+
+		$attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
+		$attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
+		$channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
+		$dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
+		$permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
+		$return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
+		$delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
+		$newfolder  = ((x($_POST, 'newfolder_' . $attach_id))  ? notags($_POST['newfolder_' . $attach_id])  : '');
+		if(! $newfolder)
+			$newfolder = ((x($_POST, 'newfolder'))  ? notags($_POST['newfolder'])  : '');
+		$newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
+		$recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
+		if(! $recurse)
+			$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
+		$notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
+		$copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
+		if(! $copy)
+			$copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);
+
+		$categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
+		if(! $categories)
+			$categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');
+
+		if($attach_id)
+			$attach_ids[] = $attach_id;
+
+		$single = ((count($attach_ids) === 1) ? true : false);
+
+		$channel = channelx_by_n($channel_id);
+
+		if (! $channel) {
+			notice(t('Channel not found.') . EOL);
+			return;
+		}
+
+		$nick = $channel['channel_address'];
+		$observer = App::get_observer();
+		$observer_hash = (($observer) ? $observer['xchan_hash'] : '');
+		$is_owner = ((local_channel() == $channel_id) ? true : false);
+
+		$ids_str = implode(',', $attach_ids);
+
+		$r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
+			dbesc($ids_str),
+			intval($channel_id)
+		);
+
+		if (! $r) {
+			notice(t('File not found.') . EOL);
+			return;
+		}
+
+		foreach ($r as $rr) {
+			$actions_done = '';
+			$attach_id = $rr['id'];
+			$resource = $rr['hash'];
+			$creator = $rr['creator'];
+			$folder = $rr['folder'];
+			$filename = $rr['filename'];
+			$is_photo = intval($rr['is_photo']);
+			$is_dir = intval($rr['is_dir']);
+			$admin_delete = false;
+
+			$is_creator = (($creator == $observer_hash) ? true : false);
+			$move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
+
+			$perms = get_all_perms($channel_id, $observer_hash);
+
+			if (! ($perms['view_storage'] || is_site_admin())) {
+				notice( t('Permission denied.') . EOL);
+				continue;
+			}
+
+			if (! $perms['write_storage']) {
+				if (is_site_admin()) {
+					$admin_delete = true;
+				}
+				else {
+					notice( t('Permission denied.') . EOL);
+					continue;
+				}
+			}
+
+			if (!$is_owner && !$admin_delete) {
+				if(! $is_creator) {
+					notice( t('Permission denied.') . EOL);
+					continue;
+				}
+			}
+
+			if ($delete) {
+				attach_delete($channel_id, $resource, $is_photo);
+				$actions_done .= 'delete,';
+			}
+
+			if ($copy) {
+				if($is_dir && $resource == $newfolder) {
+					notice( t('Can not copy folder into itself.') . EOL);
+					continue;
+				}
+				$x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+				if ($x['success'])
+					$resource = $x['resource_id'];
+
+				$actions_done .= 'copy,';
+
+			}
+
+			if ($move) {
+				if($is_dir && $resource == $newfolder) {
+					notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
+					continue;
+				}
+				$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+
+				$actions_done .= 'move,';
+
+			}
+
+			if(! $delete && ! $dnd) {
+				if ($single || (! $single && $categories)) {
+					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+						intval($channel_id),
+						intval($attach_id),
+						intval(TERM_OBJ_FILE)
+					);
+					$cat = explode(',', $categories);
+					if ($cat) {
+						foreach($cat as $term) {
+							$term = trim(escape_tags($term));
+							if ($term) {
+								$term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
+								store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
+							}
+						}
+						$actions_done .= 'cat_add,';
+					}
+				}
+				else {
+					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+						intval($channel_id),
+						intval($attach_id),
+						intval(TERM_OBJ_FILE)
+					);
+					$actions_done .= 'cat_remove,';
+				}
+
+				if ($is_owner && ($single || (! $single && $permissions))) {
+					$acl = new AccessList($channel);
+					$acl->set_from_array($_REQUEST);
+					$x = $acl->get();
+
+					attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
+					$actions_done .= 'permissions,';
+
+					if ($notify) {
+						attach_store_item($channel, $observer, $resource);
+						$actions_done .= 'notify,';
+					}
+				}
+			}
+
+			if (! $admin_delete && $actions_done) {
+				$sync = attach_export_data($channel, $resource, (($delete) ? true : false));
+
+				if ($sync) {
+					Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
+				}
+			}
+
+			logger('attach_edit: ' . $actions_done);
+
+		}
+
+		if($dnd || $delete) {
+			json_return_and_die([ 'success' => true ]);
+		}
+
+		goaway($return_path);
+
+	}
+
+}
--- a/Zotlabs/Module/Cal.php
+++ b/Zotlabs/Module/Cal.php
@@ -1,6 +1,10 @@
 <?php
 namespace Zotlabs\Module;

+
+use App;
+use Zotlabs\Web\Controller;
+
 require_once('include/conversation.php');
 require_once('include/bbcode.php');
 require_once('include/datetime.php');
@@ -9,15 +13,13 @@ require_once('include/items.php');
 require_once('include/html2plain.php');


-class Cal extends \Zotlabs\Web\Controller {
+class Cal extends Controller {

 	function init() {
 		if(observer_prohibited()) {
 			return;
 		}
 	
-		$o = '';
-	
 		if(argc() > 1) {
 			$nick = argv(1);
 	
@@ -25,19 +27,19 @@ class Cal extends \Zotlabs\Web\Controller {
 	
 			$channelx = channelx_by_nick($nick);
 	
-			if(! $channelx)
+			if(! $channelx) {
+				notice( t('Channel not found.') . EOL);
 				return;
+			}
 	
-			\App::$data['channel'] = $channelx;
+			App::$data['channel'] = $channelx;
 	
-			$observer = \App::get_observer();
-			\App::$data['observer'] = $observer;
+			$observer = App::get_observer();
+			App::$data['observer'] = $observer;
 	
-			$observer_xchan = (($observer) ? $observer['xchan_hash'] : '');
+			head_set_icon(App::$data['channel']['xchan_photo_s']);
 	
-			head_set_icon(\App::$data['channel']['xchan_photo_s']);
-	
-			\App::$page['htmlhead'] .= "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ;
+			App::$page['htmlhead'] .= "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ;
 	
 		}
 	
@@ -52,18 +54,8 @@ class Cal extends \Zotlabs\Web\Controller {
 			return;
 		}
 		
-		$channel = null;
-	
-		if(argc() > 1) {
-			$channel = channelx_by_nick(argv(1));
-		}
-	
-	
-		if(! $channel) {
-			notice( t('Channel not found.') . EOL);
-			return;
-		}
-	
+		$channel = App::$data['channel'];
+
 		// since we don't currently have an event permission - use the stream permission
 	
 		if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_stream')) {
@@ -72,287 +64,152 @@ class Cal extends \Zotlabs\Web\Controller {
 		}

 		nav_set_selected('Calendar');
+
+		head_add_css('/library/fullcalendar/packages/core/main.min.css');
+		head_add_css('/library/fullcalendar/packages/daygrid/main.min.css');
+		head_add_css('cdav_calendar.css');
+
+		head_add_js('/library/fullcalendar/packages/core/main.min.js');
+		head_add_js('/library/fullcalendar/packages/daygrid/main.min.js');
+
+		$sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event');
+
+		if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends'])
+			$sql_extra .= " and etype != 'birthday' ";
 	
-		$sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event');
-	
-		$first_day = feature_enabled($channel['channel_id'], 'events_cal_first_day');
+		$first_day = feature_enabled($channel['channel_id'], 'cal_first_day');
 		$first_day = (($first_day) ? $first_day : 0);
 	
-		$htpl = get_markup_template('event_head.tpl');
-		\App::$page['htmlhead'] .= replace_macros($htpl,array(
-			'$baseurl' => z_root(),
-			'$module_url' => '/cal/' . $channel['channel_address'],
-			'$modparams' => 2,
-			'$lang' => \App::$language,
-			'$first_day' => $first_day
-		));
-	
-		$o = '';
-	
-		$mode = 'view';
-		$y = 0;
-		$m = 0;
-		$ignored = ((x($_REQUEST,'ignored')) ? " and dismissed = " . intval($_REQUEST['ignored']) . " "  : '');
-	
-		// logger('args: ' . print_r(\App::$argv,true));
-	
-		if(argc() > 3 && intval(argv(2)) && intval(argv(3))) {
-			$mode = 'view';
-			$y = intval(argv(2));
-			$m = intval(argv(3));
-		}
-		if(argc() <= 3) {
-			$mode = 'view';
-			$event_id = argv(2);
+		$start = '';
+		$finish = '';
+
+		if (argv(2) === 'json') {
+			if (x($_GET,'start'))	$start = $_GET['start'];
+			if (x($_GET,'end'))	$finish = $_GET['end'];
 		}
 	
-		if($mode == 'view') {
-	
-			/* edit/create form */
-			if($event_id) {
-				$r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1",
-					dbesc($event_id),
-					intval($channel['channel_id'])
-				);
-				if(count($r))
-					$orig_event = $r[0];
-			}
-	
-	
-			// Passed parameters overrides anything found in the DB
-			if(!x($orig_event))
-				$orig_event = array();
-	
-	
-	
-			$tz = date_default_timezone_get();
-			if(x($orig_event))
-				$tz = (($orig_event['adjust']) ? date_default_timezone_get() : 'UTC');
-	
-			$syear = datetime_convert('UTC', $tz, $sdt, 'Y');
-			$smonth = datetime_convert('UTC', $tz, $sdt, 'm');
-			$sday = datetime_convert('UTC', $tz, $sdt, 'd');
-			$shour = datetime_convert('UTC', $tz, $sdt, 'H');
-			$sminute = datetime_convert('UTC', $tz, $sdt, 'i');
-	
-			$stext = datetime_convert('UTC',$tz,$sdt);
-			$stext = substr($stext,0,14) . "00:00";
-	
-			$fyear = datetime_convert('UTC', $tz, $fdt, 'Y');
-			$fmonth = datetime_convert('UTC', $tz, $fdt, 'm');
-			$fday = datetime_convert('UTC', $tz, $fdt, 'd');
-			$fhour = datetime_convert('UTC', $tz, $fdt, 'H');
-			$fminute = datetime_convert('UTC', $tz, $fdt, 'i');
-	
-			$ftext = datetime_convert('UTC',$tz,$fdt);
-			$ftext = substr($ftext,0,14) . "00:00";
-	
-			$type = ((x($orig_event)) ? $orig_event['etype'] : 'event');
-	
-			$f = get_config('system','event_input_format');
-			if(! $f)
-				$f = 'ymd';
-	
-			$catsenabled = feature_enabled($channel['channel_id'],'categories');
-	
-	
-			$show_bd = perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts');
-			if(! $show_bd) {
-				$sql_extra .= " and event.etype != 'birthday' ";
-			}
-	
-	
-			$category = '';
-	
-			$thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y');
-			$thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m');
-			if(! $y)
-				$y = intval($thisyear);
-			if(! $m)
-				$m = intval($thismonth);
-	
-			// Put some limits on dates. The PHP date functions don't seem to do so well before 1900.
-			// An upper limit was chosen to keep search engines from exploring links millions of years in the future. 
-	
-			if($y < 1901)
-				$y = 1900;
-			if($y > 2099)
-				$y = 2100;
-	
-			$nextyear = $y;
-			$nextmonth = $m + 1;
-			if($nextmonth > 12) {
-					$nextmonth = 1;
-				$nextyear ++;
-			}
-	
-			$prevyear = $y;
-			if($m > 1)
-				$prevmonth = $m - 1;
-			else {
-				$prevmonth = 12;
-				$prevyear --;
-			}
-				
-			$dim    = get_dim($y,$m);
-			$start  = sprintf('%d-%d-%d %d:%d:%d',$y,$m,1,0,0,0);
-			$finish = sprintf('%d-%d-%d %d:%d:%d',$y,$m,$dim,23,59,59);
-	
-	
-			if (argv(2) === 'json'){
-				if (x($_GET,'start'))	$start = $_GET['start'];
-				if (x($_GET,'end'))	$finish = $_GET['end'];
-			}
-	
-			$start  = datetime_convert('UTC','UTC',$start);
-			$finish = datetime_convert('UTC','UTC',$finish);
-	
-			$adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start);
-			$adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish);
-	
+		$start  = datetime_convert('UTC','UTC',$start);
+		$finish = datetime_convert('UTC','UTC',$finish);
+		$adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start);
+		$adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish);

-			if(! perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'view_contacts'))
-				$sql_extra .= " and etype != 'birthday' ";
+		if (x($_GET, 'id')) {
+			$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id
+                                from event left join item on item.resource_id = event.event_hash
+				where item.resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1",
+				intval($channel['channel_id']),
+				intval($_GET['id'])
+			);
+		}
+		else {
+			// fixed an issue with "nofinish" events not showing up in the calendar.
+			// There's still an issue if the finish date crosses the end of month.
+			// Noting this for now - it will need to be fixed here and in Friendica.
+			// Ultimately the finish date shouldn't be involved in the query.
+			$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id
+				from event left join item on event.event_hash = item.resource_id 
+				where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid 
+				AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) 
+				OR (  event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) 
+				$sql_extra",
+				intval($channel['channel_id']),
+				dbesc($start),
+				dbesc($finish),
+				dbesc($adjust_start),
+				dbesc($adjust_finish)
+			);
+		}
+	
+		if($r) {
+			xchan_query($r);
+			$r = fetch_post_tags($r,true);
+			$r = sort_by_date($r);
+		}

-			if (x($_GET,'id')){
-			  	$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
-	                                from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1",
-					intval($channel['channel_id']),
-					intval($_GET['id'])
-				);
-			} 
-			else {
-				// fixed an issue with "nofinish" events not showing up in the calendar.
-				// There's still an issue if the finish date crosses the end of month.
-				// Noting this for now - it will need to be fixed here and in Friendica.
-				// Ultimately the finish date shouldn't be involved in the query. 
+		$events = [];
 	
-				$r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan
-	                              from event left join item on event_hash = resource_id 
-					where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored 
-					AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) 
-					OR  (  adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) $sql_extra ",
-					intval($channel['channel_id']),
-					dbesc($start),
-					dbesc($finish),
-					dbesc($adjust_start),
-					dbesc($adjust_finish)
-				);
-	
-			}
-	
-			$links = array();
-	
-			if($r) {
-				xchan_query($r);
-				$r = fetch_post_tags($r,true);
-	
-				$r = sort_by_date($r);
-			}
-	
-			if($r) {
-				foreach($r as $rr) {
-					$j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'j') : datetime_convert('UTC','UTC',$rr['dtstart'],'j'));
-					if(! x($links,$j)) 
-						$links[$j] = z_root() . '/' . \App::$cmd . '#link-' . $j;
+		if($r) {
+
+			foreach($r as $rr) {
+
+				$tz = get_iconfig($rr, 'event', 'timezone');
+				if(! $tz)
+					$tz = 'UTC';
+
+				$start = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c'));
+				if ($rr['nofinish']){
+					$end = null;
+				} else {
+					$end = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c'));
 				}
-			}
-	
-			$events=array();
-	
-			$last_date = '';
-			$fmt = t('l, F j');
-	
-			if($r) {
-	
-				foreach($r as $rr) {
-					
-					$j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'j') : datetime_convert('UTC','UTC',$rr['dtstart'],'j'));
-					$d = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], $fmt) : datetime_convert('UTC','UTC',$rr['dtstart'],$fmt));
-					$d = day_translate($d);
-					
-					$start = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'c') : datetime_convert('UTC','UTC',$rr['dtstart'],'c'));
-					if ($rr['nofinish']){
-						$end = null;
-					} else {
-						$end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c'));
-					}
-					
-					
-					$is_first = ($d !== $last_date);
-						
-					$last_date = $d;
-	
-					$edit = false;
-	
-					$drop = false;
-	
-					$title = strip_tags(html_entity_decode(bbcode($rr['summary']),ENT_QUOTES,'UTF-8'));
-					if(! $title) {
-						list($title, $_trash) = explode("<br",bbcode($rr['desc']),2);
-						$title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8'));
-					}
+
+				$html = '';
+				if (x($_GET,'id')) {
+					$rr['timezone'] = $tz;
 					$html = format_event_html($rr);
-					$rr['desc'] = zidify_links(smilies(bbcode($rr['desc'])));
-					$rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false);
-					$rr['location'] = zidify_links(smilies(bbcode($rr['location'])));
-					$events[] = array(
-						'id'=>$rr['id'],
-						'hash' => $rr['event_hash'],
-						'start'=> $start,
-						'end' => $end,
-						'drop' => $drop,
-						'allDay' => false,
-						'title' => $title,
-						
-						'j' => $j,
-						'd' => $d,
-						'edit' => $edit,
-						'is_first'=>$is_first,
-						'item'=>$rr,
-						'html'=>$html,
-						'plink' => array($rr['plink'],t('Link to Source'),'',''),
-					);
-	
-	
 				}
+
+				$events[] = array(
+					'calendar_id' => 'channel_calendar',
+					'rw' => true,
+					'id'=>$rr['id'],
+					'uri' => $rr['event_hash'],
+					'timezone' => $tz,
+					'start'=> $start,
+					'end' => $end,
+					'drop' => false,
+					'allDay' => (($rr['adjust']) ? 0 : 1),
+					'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'),
+					'editable' => false,
+					'item' => $rr,
+					'plink' => [$rr['plink'], t('Link to source')],
+					'description' => html_entity_decode($rr['description'], ENT_COMPAT, 'UTF-8'),
+					'location' => html_entity_decode($rr['location'], ENT_COMPAT, 'UTF-8'),
+					'allow_cid' => expand_acl($rr['allow_cid']),
+					'allow_gid' => expand_acl($rr['allow_gid']),
+					'deny_cid' => expand_acl($rr['deny_cid']),
+					'deny_gid' => expand_acl($rr['deny_gid']),
+					'html' => $html
+				);
 			}
-			
-			if (argv(2) === 'json'){
-				echo json_encode($events); killme();
-			}
-			
-			// links: array('href', 'text', 'extra css classes', 'title')
-			if (x($_GET,'id')){
-				$tpl =  get_markup_template("event_cal.tpl");
-			} 
-			else {
-				$tpl = get_markup_template("events_cal-js.tpl");
-			}
-	
-			$nick = $channel['channel_address'];
-	
-			$o = replace_macros($tpl, array(
-				'$baseurl'	=> z_root(),
-				'$new_event'	=> array(z_root().'/cal',(($event_id) ? t('Edit Event') : t('Create Event')),'',''),
-				'$previus'	=> array(z_root()."/cal/$nick/$prevyear/$prevmonth",t('Previous'),'',''),
-				'$next'		=> array(z_root()."/cal/$nick/$nextyear/$nextmonth",t('Next'),'',''),
-				'$export'	=> array(z_root()."/cal/$nick/$y/$m/export",t('Export'),'',''),
-				'$calendar'	=> cal($y,$m,$links, ' eventcal'),
-				'$events'	=> $events,
-				'$upload'	=> t('Import'),
-				'$submit'	=> t('Submit'),
-				'$prev'		=> t('Previous'),
-				'$next'		=> t('Next'),
-				'$today'	=> t('Today'),
-				'$form'		=> $form,
-				'$expandform'	=> ((x($_GET,'expandform')) ? true : false)
-			));
-			
-			if (x($_GET,'id')){ echo $o; killme(); }
-			
-			return $o;
 		}
+
+		if (argv(2) === 'json') {
+			echo json_encode($events);
+			killme();
+		}
+			
+		if (x($_GET,'id')) {
+			$o = replace_macros(get_markup_template("cal_event.tpl"), [
+				'$events' => $events
+			]);
+			echo $o;
+			killme();
+		}
+
+		$nick = $channel['channel_address'];
+
+		$sources = '{
+			id: \'channel_calendar\',
+			url: \'/cal/' . $nick . '/json/\',
+			color: \'#3a87ad\'
+		}';
+
+		$o = replace_macros(get_markup_template("cal_calendar.tpl"), [
+			'$sources' => $sources,
+			'$lang' => App::$language,
+			'$timezone' => date_default_timezone_get(),
+			'$first_day' => $first_day,
+			'$prev'	=> t('Previous'),
+			'$next'	=> t('Next'),
+			'$today' => t('Today'),
+			'$title' => '',
+			'$dtstart' => '',
+			'$dtend' => '',
+			'$nick' => $nick
+		]);
+
+		return $o;
 	
 	}
 	
--- a/Zotlabs/Module/Card_edit.php
+++ b/Zotlabs/Module/Card_edit.php
@@ -63,9 +63,9 @@ class Card_edit extends \Zotlabs\Web\Controller {

 		if ($catsenabled){
 		        $itm = fetch_post_tags($itm);
-	
+
 	                $cats = get_terms_oftype($itm[0]['term'], TERM_CATEGORY);
-	
+
 		        foreach ($cats as $cat) {
 		                if (strlen($category))
 		                        $category .= ', ';
@@ -114,6 +114,7 @@ class Card_edit extends \Zotlabs\Web\Controller {
 			'post_id' => $post_id,
 			'visitor' => true,
 			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
+			'summary' => htmlspecialchars($itm[0]['summary'],ENT_COMPAT,'UTF-8'),
 			'placeholdertitle' => t('Title (optional)'),
 			'pagetitle' => $card_title,
 			'profile_uid' => (intval($channel['channel_id'])),
--- a/Zotlabs/Module/Cards.php
+++ b/Zotlabs/Module/Cards.php
@@ -10,9 +10,13 @@ require_once('include/channel.php');
 require_once('include/conversation.php');
 require_once('include/acl_selectors.php');

+/**
+ * @brief Provides the Cards module.
+ *
+ */
 class Cards extends Controller {

-	function init() {
+	public function init() {

 		if(argc() > 1)
 			$which = argv(1);
@@ -20,14 +24,15 @@ class Cards extends Controller {
 			return;

 		profile_load($which);
-
 	}

 	/**
 	 * {@inheritDoc}
-	 * @see \Zotlabs\Web\Controller::get()
+	 * @see \\Zotlabs\\Web\\Controller::get()
+	 *
+	 * @return string Parsed HTML from template 'cards.tpl'
 	 */
-	function get($update = 0, $load = false) {
+	public function get($update = 0, $load = false) {

 		if(observer_prohibited(true)) {
 			return login();
@@ -99,18 +104,17 @@ class Cards extends Controller {
 		}


-
 		if(perm_is_allowed($owner, $ob_hash, 'write_pages')) {

 			$x = [
 				'webpage'           => ITEM_TYPE_CARD,
 				'is_owner'          => true,
 				'content_label'     => t('Add Card'),
-				'button'            => t('Create'),
+				'button'            => t('Save'),
 				'nickname'          => $channel['channel_address'],
 				'lockstate'         => (($channel['channel_allow_cid'] || $channel['channel_allow_gid']
 					|| $channel['channel_deny_cid'] || $channel['channel_deny_gid']) ? 'lock' : 'unlock'),
-				'acl'               => (($is_owner) ? populate_acl($channel_acl, false, 
+				'acl'               => (($is_owner) ? populate_acl($channel_acl, false,
 					PermissionDescription::fromGlobalPermission('view_pages')) : ''),
 				'permissions'       => $channel_acl,
 				'showacl'           => (($is_owner) ? true : false),
@@ -141,7 +145,7 @@ class Cards extends Controller {


 		$itemspage = get_pconfig(local_channel(),'system','itemspage');
-		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 20));
+		App::set_pager_itemspage(((intval($itemspage)) ? $itemspage : 10));
 		$pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(App::$pager['itemspage']), intval(App::$pager['start']));


--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
--- a/Zotlabs/Module/Changeaddr.php
+++ b/Zotlabs/Module/Changeaddr.php
@@ -31,7 +31,7 @@ class Changeaddr extends \Zotlabs\Web\Controller {
 	
 		if($account['account_password_changed'] > NULL_DATE) {
 			$d1 = datetime_convert('UTC','UTC','now - 48 hours');
-			if($account['account_password_changed'] > d1) {
+			if($account['account_password_changed'] > $d1) {
 				notice( t('Channel name changes are not allowed within 48 hours of changing the account password.') . EOL);
 				return;
 			}
@@ -49,7 +49,7 @@ class Changeaddr extends \Zotlabs\Web\Controller {

 		if(check_webbie(array($new_address)) !== $new_address) {
 			notice( t('Nickname has unsupported characters or is already being used on this site.') . EOL);
-			return $ret;
+			return;
 		}

 		channel_change_address($channel,$new_address);
--- a/Show More
+++ b/Show More