action.php 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547
  1. <?php
  2. //ini_set('display_errors', 1);
  3. //ini_set("log_errors", 1);
  4. //error_reporting(1);
  5. ini_set("error_log", "php-error.log");
  6. /* this file handles some actions that are most of the time requested
  7. by the javascript portion of the FE */
  8. /* since most of the time the file is loaded sandalonely, so we have to
  9. include the initializing files if they haven't been included already */
  10. require_once "vendor/simple_html_dom.php";
  11. require_once "settings.php";
  12. require_once "include/init.php";
  13. require_once "include/functions.php";
  14. $srv = $user_settings['instance'];
  15. if (isset($_POST['action']) && $_POST['action'] == "account"){
  16. if(!empty($_FILES["avatar"]["name"])){
  17. $ext = strtolower(end(explode('.', $_FILES["avatar"]['name'])));
  18. if(in_array($ext,array("jpg","jpeg","gif","png"))){
  19. $file_name = time().mt_rand(100,199).".".$ext;
  20. $file_tmp = $_FILES["avatar"]['tmp_name'];
  21. move_uploaded_file($file_tmp, $file_name);
  22. upload_profile($file_name,'avatar');
  23. unlink($file_name);
  24. } else {
  25. unlink($_FILES["avatar"]['tmp_name']);
  26. }
  27. $info = api_get("accounts/verify_credentials");
  28. $cookie[$index]['avatar'] = $info['avatar'];
  29. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  30. }
  31. if(!empty($_FILES["header"]["name"])){
  32. $ext = strtolower(end(explode('.', $_FILES["header"]['name'])));
  33. if(in_array($ext,array("jpg","jpeg","gif","png"))){
  34. $file_name = time().mt_rand(100,199).".".$ext;
  35. $file_tmp = $_FILES["header"]['tmp_name'];
  36. move_uploaded_file($file_tmp, $file_name);
  37. upload_profile($file_name,'header');
  38. unlink($file_name);
  39. } else {
  40. unlink($_FILES["header"]['tmp_name']);
  41. }
  42. }
  43. foreach($_POST as $key => $value){
  44. switch($key){
  45. case "username":
  46. api_patch("accounts/update_credentials",array('display_name'=>$value));
  47. break;
  48. case "bio":
  49. api_patch("accounts/update_credentials",array('note'=>$value));
  50. break;
  51. }
  52. }
  53. header("location: ./?page=settings");
  54. }
  55. if (isset($_POST['action']) && $_POST['action'] == "settings"){
  56. foreach($_POST as $key => $value){
  57. switch($key){
  58. case "explicit":
  59. $cookie[$index]['explicit'] = htmlentities($value);
  60. break;
  61. case "unrollcw":
  62. $cookie[$index]['unrollcw'] = htmlentities($value);
  63. break;
  64. /*
  65. case "emoji":
  66. $cookie[$index]['emoji'] = intval($value);
  67. break;
  68. */
  69. case "defscope":
  70. $cookie[$index]['defscope'] = intval($value);
  71. break;
  72. case "text":
  73. $cookie[$index]['text'] = ($value == "on" ? "on" : "off");
  74. break;
  75. case "attach":
  76. $cookie[$index]['attach'] = ($value == "on" ? "on" : "off");
  77. break;
  78. case "replies":
  79. $cookie[$index]['replies'] = ($value == "on" ? "on" : "off");
  80. break;
  81. case "theme":
  82. $cookie[$index]['theme'] = sanitize($value);
  83. break;
  84. case "notif":
  85. $cookie[$index]['notif'] = "";
  86. $cookie[$index]['notif'] .= (isset($value['fav']) ? "1" : "0");
  87. $cookie[$index]['notif'] .= (isset($value['rt']) ? "1" : "0");
  88. $cookie[$index]['notif'] .= (isset($value['mnt']) ? "1" : "0");
  89. $cookie[$index]['notif'] .= (isset($value['follow']) ? "1" : "0");
  90. break;
  91. case "videoloop":
  92. $cookie[$index]['videoloop'] = ($value == "on" ? "on" : "off");
  93. break;
  94. case "mute":
  95. $cookie[$index]['mute'] = ($value == "on" ? "on" : "off");
  96. break;
  97. case "embyt":
  98. $cookie[$index]['embyt'] = ($value == "on" ? "on" : "off");
  99. break;
  100. case "linkpv":
  101. $cookie[$index]['linkpv'] = ($value == "on" ? "on" : "off");
  102. break;
  103. case "invidious":
  104. $cookie[$index]['invidious'] = (empty($value) ? "" : sanitize($value));
  105. break;
  106. case "teddit":
  107. $cookie[$index]['teddit'] = (empty($value) ? "" : sanitize($value));
  108. break;
  109. case "nitter":
  110. $cookie[$index]['nitter'] = (empty($value) ? "" : sanitize($value));
  111. break;
  112. case "theme":
  113. $cookie[$index]['theme'] = sanitize($value);
  114. break;
  115. /*
  116. case "instance":
  117. if (!isset($_COOKIE['token'])){
  118. $cookie[$index]['instance'] = htmlentities($value);
  119. }
  120. break;
  121. */
  122. case "mtwords":
  123. $cookie[$index]['mtwords'] = array();
  124. $mtwords = explode("\n",$value);
  125. foreach ($mtwords as $word){
  126. $cookie[$index]['mtwords'][] = sanitize($word);
  127. }
  128. break;
  129. case "fhtags":
  130. $cookie[$index]['fhtags'] = array();
  131. $fhtags = explode("\n",$value);
  132. foreach ($fhtags as $word){
  133. $cookie[$index]['fhtags'][] = sanitize($word);
  134. }
  135. break;
  136. case "fg":
  137. $theme['fg'] = sanitize($value);
  138. break;
  139. case "bg":
  140. $theme['bg'] = sanitize($value);
  141. break;
  142. case "tx":
  143. $theme['tx'] = sanitize($value);
  144. break;
  145. case "lc":
  146. $theme['lc'] = sanitize($value);
  147. break;
  148. case "bc":
  149. $theme['bc'] = sanitize($value);
  150. break;
  151. case "br":
  152. $theme['br'] = sanitize($value);
  153. break;
  154. case "bw":
  155. $theme['bw'] = sanitize($value);
  156. break;
  157. case "dr":
  158. $theme['dr'] = sanitize($value);
  159. break;
  160. }
  161. }
  162. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  163. setrawcookie("theme",base64_encode(json_encode($theme)),time()+60*60*24*30,'/');
  164. header("location: ./?page=settings");
  165. }
  166. $thread = (isset($_GET['thread']) ? htmlentities($_GET['thread']) : false);
  167. $mode = (isset($_GET['mode']) ? htmlentities($_GET['mode']) : false);
  168. $ajax = (isset($_GET['a']) ? true : false);
  169. foreach($_GET as $key => $value){
  170. switch($key){
  171. case "info":
  172. echo json_encode(array($token,$user_settings['instance']));
  173. break;
  174. case "vote":
  175. $elem = array();
  176. $elem['poll'] = json_decode(vote($value,$_GET['choices']),true);
  177. //var_dump($_GET['choices']);
  178. echo renderPoll($elem);
  179. break;
  180. case "fav":
  181. $result = favourite($value,($mode === 'on' ? true : false));
  182. if ($ajax){
  183. echo $result;
  184. die();
  185. } else {
  186. header("Location: ?thread=".$value);
  187. }
  188. break;
  189. case "reblog":
  190. $result =reblog($value,($mode === 'on' ? true : false));
  191. if ($ajax){
  192. echo $result;
  193. die();
  194. } else {
  195. header("Location: ?thread=".$value);
  196. }
  197. break;
  198. case "mute":
  199. if($thread){
  200. $rel = api_post("statuses/".htmlentities($value)."/".($mode === 'true' ? "" : "un")."mute",array());
  201. echo (isset($rel[0]['muting']) ? "1" : "0" );
  202. } else {
  203. $rel = api_post("accounts/".htmlentities($value)."/".($mode === 'true' ? "" : "un")."mute",array());
  204. echo (isset($rel[0]['muting']) ? "1" : "0" );
  205. }
  206. die();
  207. break;
  208. case "softmute":
  209. if (!isset($user_settings['softmute'])){
  210. $user_settings['softmute'] = array();
  211. $cookie[$index]['softmute'] = array();
  212. }
  213. $user_settings['softmute'][] = sanitize($value);
  214. $cookie[$index]['softmute'] = $user_settings['softmute'];
  215. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  216. echo "1";
  217. die();
  218. break;
  219. case "list":
  220. if($mode === 'true'){
  221. $rel = api_post("lists/".htmlentities($value)."/accounts?account_ids[]=".$_GET['user'],array());
  222. var_dump($rel);
  223. } else {
  224. $rel = api_delete("lists/".htmlentities($value)."/accounts?account_ids[]=".$_GET['user'],array());
  225. var_dump($rel);
  226. }
  227. die();
  228. break;
  229. case "listdelete":
  230. $rel = api_delete("lists/".htmlentities($value),array());
  231. die();
  232. break;
  233. case "softmutedelete":
  234. $key = array_search(sanitize($value),$user_settings['softmute']);
  235. unset($user_settings['softmute'][$key]);
  236. unset($cookie[$index]['softmute'][$key]);
  237. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  238. die();
  239. break;
  240. case "listnew":
  241. $rel = api_post("lists/",array("title" => htmlentities($value)));
  242. die();
  243. break;
  244. case "block":
  245. $rel = api_post("accounts/".htmlentities($value)."/".($mode === 'true' ? "" : "un")."block",array());
  246. echo (isset($rel[0]['blocking']) ? "1" : "0" );
  247. die();
  248. break;
  249. case "bookmark":
  250. $status = api_get("statuses/".htmlentities($value));
  251. $rel = api_post("statuses/".htmlentities($value)."/".($status['bookmarked'] == 'true' ? "un" : "")."bookmark",array());
  252. die();
  253. break;
  254. case "notif":
  255. echo getnotif(intval($value),(isset($_GET['max']) ? true : false));
  256. die();
  257. break;
  258. case "delete":
  259. echo delpost(htmlentities($value));
  260. die();
  261. break;
  262. case "replies":
  263. $since = (isset($_GET['since']) ? htmlentities($_GET['since']) : false);
  264. foreach(getreplies(htmlentities($value),$since) as $elem){
  265. echo render_reply($elem['content']);
  266. }
  267. die();
  268. break;
  269. case "notes":
  270. $notes = getnotes($value);
  271. foreach ($notes as $note){
  272. echo "<div id='".$note[1]['id']."'>
  273. <a href='?user=".$note[1]['id']."' class='ldr' title='".$note[1]['acct']."'>
  274. <div class='nte' style='background-image:url(".$note[1]['avatar'].");'>
  275. <div class='nte_type' style='background-color:".($note[0] == "fav" ? "red" : "green")."'><span>".($note[0] == "fav" ? "&#xe802;" : "&#xe826;")."</span></div>
  276. </div>
  277. </a>
  278. </div>";
  279. }
  280. die();
  281. break;
  282. case "follow":
  283. $rel = api_post("accounts/".htmlentities($value)."/follow",array());
  284. echo ($rel['following'] == true || $rel['requested'] == true ? "1" : "0" );
  285. die();
  286. break;
  287. case "unfollow":
  288. $rel = api_post("accounts/".htmlentities($value)."/unfollow",array());
  289. echo ($rel['following'] == false ? "1" : "0" );
  290. die();
  291. break;
  292. case "nsfw":
  293. if(in_array($value,$user_settings['nsfw'])){
  294. $key = array_search($value, $user_settings['nsfw']);
  295. unset($user_settings['nsfw'][$key]);
  296. $cookie[$index]['nsfw'] = $user_settings['nsfw'];
  297. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  298. } else {
  299. $user_settings['nsfw'][] = htmlentities($value);
  300. $cookie[$index]['nsfw'] = $user_settings['nsfw'];
  301. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  302. }
  303. echo "1";
  304. die();
  305. break;
  306. case "hide":
  307. if(!isset($user_settings['hide'])|| !is_array($user_settings['hide'])){
  308. $user_settings['hide'] = array();
  309. }
  310. if(in_array($value,$user_settings['hide'])){
  311. $key = array_search($value, $user_settings['hide']);
  312. unset($user_settings['hide'][$key]);
  313. $cookie[$index]['hide'] = $user_settings['hide'];
  314. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  315. } else {
  316. $user_settings['hide'][] = htmlentities($value);
  317. $cookie[$index]['hide'] = $user_settings['hide'];
  318. setrawcookie("user_settings", base64_encode(json_encode($cookie)) , time() + 60 * 60 * 24 * 30, '/');
  319. }
  320. echo "1";
  321. die();
  322. break;
  323. case "userinfo":
  324. $info = api_get("accounts/".htmlentities($value));
  325. $rel = api_get("accounts/relationships?id=".htmlentities($value));
  326. /*
  327. $photos = api_get("accounts/".htmlentities($value)."/statuses?only_media=true&limit=5&exclude_reblogs=true");
  328. $photo = array();
  329. $c = 0;
  330. if (!empty($photos)){
  331. foreach ($photos as $elem){
  332. if ($elem['media_attachments'][0]['type'] == "image"){
  333. $photo[$c]['url'] = $elem['media_attachments'][0]['url'];
  334. if ($elem['sensitive'] == true){
  335. $photo[$c]['s'] = true;
  336. }
  337. $c++;
  338. }
  339. if ($c == 3){
  340. break;
  341. }
  342. }
  343. }
  344. */
  345. echo "<div class='userinfo_he' style='background-color:#".averageColor($info['avatar'])."; background-size:cover;" . (!empty($info['header']) ? "background-image:url(".$info['header'].");" : "") . "'>
  346. <span style='margin:5px; display:inline-block;'>
  347. <a href='".$info['url']."' target='_blank' class='external' style='font-weight:bold; font-size:13px; text-decoration:none; color: white; text-shadow: -1px -1px 0 #000, 1px -1px 0 #000, -1px 1px 0 #000, 1px 1px 0 #000;'>".$info['acct']."</a>
  348. </span>
  349. </div>
  350. <div class='userinfo_co'>
  351. <div class='avatar' style='position: absolute; left:35%; top:-60px; display:inline-block; margin:0px; background-color:white; background-image:url(" . $info['avatar'] . "); text-align:center; border:3px solid white; border-radius:10px; clear:both;'></div>
  352. <div style='font-weight:bold; padding-top:30px; display:block;'><a href='?user=".$info['id']."' class='link ldr' style='font-size:15px;'>".emojify($info['display_name'],$info['emojis'],20)."</a></div><br>
  353. <div style='font-weight:normal; font-size:12px; line-height:12px;'>".emojify($info['note'],$info['emojis'],20)."</div><br>
  354. ".($rel[0]['followed_by'] ? "<p class='link' style='font-weight:normal; font-size:12px; line-height:12px;'><span class='fontello link'>&#xe80c;</span> Follows You</p>" : "")."
  355. <span style='width:290; height:30px; display:block; margin-top:10px;'>
  356. ".($logedin ? "<span id='".$info['id']."' class='profileButton ".(($rel[0]['following'] || $rel[0]['requested']) ? "unfollow" : "follow" )."'>".($rel[0]['following'] || $rel[0]['requested'] ? "Following" : "Follow" )."</span>" : "")."
  357. <span id='".$info['id']."' class='profileButton ".(in_array($info['id'],$user_settings['nsfw']) ? "unnsfw" : "nsfw" )."'>".(in_array($info['id'],$user_settings['nsfw']) ? "NSFW <span class='fontello'>&#xf205;</span>" : "NSFW <span class='fontello'>&#xf204;</span>" )."</span>
  358. ".($logedin ? "<span id='" . $info['id'] . "' class='profileButton " . ($rel[0]['muting'] ? "un" : "") . "mute'>" . ($rel[0]['muting'] ? "&#xe81a; Unmute" : "&#xe81b; Mute") . "</span>" : "")."<br>
  359. </span>
  360. <div style='display:flex; width:280px'>";
  361. /*
  362. foreach ($photo as $elem){
  363. echo "<div style='overflow:hidden; display:block; height:90px; flex:1; background-image:url(\"".$elem['url']."\"); ".(isset($elem['s']) ? "filter: blur(5px);" : "")." background-size:cover; margin:2px;'></div>";
  364. }
  365. */
  366. echo "</div>
  367. </div>
  368. ";
  369. die();
  370. break;
  371. case "previewpost":
  372. $post = api_get("statuses/".htmlentities($value));
  373. echo "<div class='notifContents' style='max-width:none;'>
  374. <div style='flex: 0 0 60px; background-size:cover; background-image:url(".$post['account']['avatar']."); border-radius:5px;'></div>
  375. <div style='flex: 1; padding-left:5px; padding-right:5px; word-break: break-all; overflow:hidden;'>
  376. <span><span style='font-size:12px; font-weight:bold;'><a class='link' style='font-size:12px;' href='?user=9hwsQhjN9oox1iSfK4'>".emojify($post['account']['display_name'],$post['account']['emojis'],20)."</a></span></span>
  377. <a style='text-decoration:none;' class='ldr' href='?thread=9nngbBWBRHvILwEoF6' target='_blank'><span style='display:block; opacity:1; font-size:10px; line-height:12px;'>".emojify(strip_tags($post['content'],'<br>'),$post['emojis'],20)."</span></a>
  378. </div>
  379. ".(!empty($post['media_attachments']) ? "<div style='flex: 0 0 60px; background-size:cover; background-image:url(".$post['media_attachments'][0]['url'].");'></div>" :"")."
  380. </div>";
  381. die();
  382. break;
  383. case "previewurl":
  384. $url = base64_decode($value);
  385. $graph = getOgTags(file_get_contents(trim($url),false));
  386. if (empty($graph)){
  387. echo "empty";
  388. die();
  389. }
  390. $desc = (isset($graph['description']) ? $graph['description'] : $graph['title']);
  391. echo "<div class='notifContents' style='max-width:none;'>
  392. <div style='flex: 0 0 60px; background-size:cover; background-image:url(".$graph['image']."); border-radius:5px;'></div>
  393. <div style='flex: 1; padding-left:5px; padding-right:5px; word-break: break-all; overflow:hidden;'>
  394. <a style='text-decoration:none;' class='ldr' href='".parse_url($url)."' target='_blank'><b><span style='display:block; opacity:1; font-size:10px; line-height:12px;'>".$graph['title']."</span></b></a><span style='font-size:12px !important; line-height:12px !important;'>".$graph['description']."</span>
  395. </div>
  396. </div>";
  397. //var_dump($graph);
  398. /*
  399. if (isset($graph['description'])){
  400. echo "<div style='display:flex;' class='flex'>
  401. <a href='$url' target='_blank'><div style='min-width:100px; min-height:100px; background-size:cover; background-image:url(".$graph['image'].");'></div></a>
  402. <div style='padding:10px;'>
  403. <span class='flex_title'><a href='$url' target='_blank'>".$graph['title']."</a></span>
  404. <span class='flex_host'>".parse_url($url)['host']."</span>
  405. <span class='flex_description'>".nl2br($graph['description'])."</span>
  406. </div>
  407. </div>
  408. ";
  409. }*/
  410. die();
  411. break;
  412. case "themefile":
  413. echo themes("get",$value);
  414. die();
  415. break;
  416. case "themename":
  417. echo $user_settings['theme'];
  418. die();
  419. break;
  420. case "emoji":
  421. echo emoji_list(sanitize($value));
  422. break;
  423. case "contact":
  424. echo contact_search(sanitize($value));
  425. break;
  426. }
  427. }
  428. if(isset($_POST['status'])){
  429. if(isset($_POST['scope'])){
  430. switch($_POST['scope']){
  431. case "1":
  432. $scope = "public";
  433. break;
  434. case "2":
  435. $scope = "unlisted";
  436. break;
  437. case "3":
  438. $scope = "private";
  439. break;
  440. case "4":
  441. $scope = "direct";
  442. break;
  443. }
  444. } else {
  445. if (isset($_POST['thread'])){
  446. $result = api_get("statuses/".htmlentities($_POST['thread']));
  447. $scope = $result['visibility'];
  448. } else {
  449. $scope = "public";
  450. }
  451. }
  452. $uploaded = (empty($_POST['uploaded']) ? array() : explode("|",$_POST['uploaded']));
  453. $reply = json_decode(sendpost(trim($_POST['status']),$uploaded,$_POST['thread'],false,$scope,(isset($_POST['sensitive']) ? $_POST['sensitive'] : false),(isset($_POST['spoiler']) && $_POST['spoiler'] != 'Title (optional)' ? $_POST['spoiler'] : false)),true);
  454. echo render_reply($reply);
  455. die();
  456. }