├── .gitignore
├── .htaccess
├── CHANGELOG.md
├── LICENSE
├── README.md
├── includes
    ├── api.include.php
    ├── config.php
    ├── db.include.php
    ├── functions.include.php
    ├── lib
    │   ├── README.md
    │   ├── enum.php
    │   ├── media.php
    │   ├── network.php
    │   └── slug.php
    ├── sql.include.php
    └── webmention-send.include.php
├── index.php
├── install.php
├── media
    └── index.php
├── micropub
    ├── PostEntry.php
    ├── get.php
    ├── index.php
    └── post
    │   ├── create.php
    │   ├── delete.php
    │   ├── index.php
    │   ├── lib.php
    │   └── update.php
├── themes
    ├── microlight-default
    │   ├── README.md
    │   ├── css
    │   │   ├── style-dark.css
    │   │   └── style.css
    │   ├── elements.php
    │   ├── entry
    │   │   ├── formats.php
    │   │   ├── index.php
    │   │   ├── interaction.php
    │   │   └── meta.php
    │   ├── images
    │   │   └── default.png
    │   ├── index.php
    │   └── microlight-default-screenshot.png
    └── uberlight
    │   ├── README.md
    │   ├── entry.php
    │   ├── index.php
    │   └── meta.php
└── webmention
    └── index.php


/.gitignore:
--------------------------------------------------------------------------------
 1 | docs/
 2 | *.db
 3 | error.log
 4 | uploads/
 5 | /info.php
 6 | .idea/
 7 | user.config.php
 8 | release/
 9 | /Dockerfile
10 | /docker-compose.yml
11 | 


--------------------------------------------------------------------------------
/.htaccess:
--------------------------------------------------------------------------------
1 | <FilesMatch "^.*\.db$">
2 | Deny from all
3 | </FilesMatch>
4 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Changelog
 2 | 
 3 | All notable changes to this project will be documented in this file.
 4 | 
 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 6 | and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 7 | 
 8 | ## v1.0.1 - 2019-09-17
 9 | 
10 | ### Added
11 | 
12 | * Dark mode for default theme (hint: there's an option in `index.php`)
13 | * Media endpoint URL in HTML head section (in addition to micropub query)
14 | 
15 | ### Fixed
16 | 
17 | * Uses current time if `published` value is an empty string on micropub API
18 | * Properly escape values for meta tags in HTML head
19 | * Prevent errors from occurring when trying to determine non-existent
20 |   Content-Type
21 | * Wrap long words and links in default theme
22 | * Save user configuration propertly if note and links are empty
23 | 
24 | ### Changed
25 | 
26 | * Resize profile to always be square
27 | 
28 | ## v1.0.0 Initial Release - 2019-09-14
29 | 
30 | No changes were made. It was the first release, after all!
31 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                     GNU AFFERO GENERAL PUBLIC LICENSE
  2 |                        Version 3, 19 November 2007
  3 | 
  4 |  Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
  5 |  Everyone is permitted to copy and distribute verbatim copies
  6 |  of this license document, but changing it is not allowed.
  7 | 
  8 |                             Preamble
  9 | 
 10 |   The GNU Affero General Public License is a free, copyleft license for
 11 | software and other kinds of works, specifically designed to ensure
 12 | cooperation with the community in the case of network server software.
 13 | 
 14 |   The licenses for most software and other practical works are designed
 15 | to take away your freedom to share and change the works.  By contrast,
 16 | our General Public Licenses are intended to guarantee your freedom to
 17 | share and change all versions of a program--to make sure it remains free
 18 | software for all its users.
 19 | 
 20 |   When we speak of free software, we are referring to freedom, not
 21 | price.  Our General Public Licenses are designed to make sure that you
 22 | have the freedom to distribute copies of free software (and charge for
 23 | them if you wish), that you receive source code or can get it if you
 24 | want it, that you can change the software or use pieces of it in new
 25 | free programs, and that you know you can do these things.
 26 | 
 27 |   Developers that use our General Public Licenses protect your rights
 28 | with two steps: (1) assert copyright on the software, and (2) offer
 29 | you this License which gives you legal permission to copy, distribute
 30 | and/or modify the software.
 31 | 
 32 |   A secondary benefit of defending all users' freedom is that
 33 | improvements made in alternate versions of the program, if they
 34 | receive widespread use, become available for other developers to
 35 | incorporate.  Many developers of free software are heartened and
 36 | encouraged by the resulting cooperation.  However, in the case of
 37 | software used on network servers, this result may fail to come about.
 38 | The GNU General Public License permits making a modified version and
 39 | letting the public access it on a server without ever releasing its
 40 | source code to the public.
 41 | 
 42 |   The GNU Affero General Public License is designed specifically to
 43 | ensure that, in such cases, the modified source code becomes available
 44 | to the community.  It requires the operator of a network server to
 45 | provide the source code of the modified version running there to the
 46 | users of that server.  Therefore, public use of a modified version, on
 47 | a publicly accessible server, gives the public access to the source
 48 | code of the modified version.
 49 | 
 50 |   An older license, called the Affero General Public License and
 51 | published by Affero, was designed to accomplish similar goals.  This is
 52 | a different license, not a version of the Affero GPL, but Affero has
 53 | released a new version of the Affero GPL which permits relicensing under
 54 | this license.
 55 | 
 56 |   The precise terms and conditions for copying, distribution and
 57 | modification follow.
 58 | 
 59 |                        TERMS AND CONDITIONS
 60 | 
 61 |   0. Definitions.
 62 | 
 63 |   "This License" refers to version 3 of the GNU Affero General Public License.
 64 | 
 65 |   "Copyright" also means copyright-like laws that apply to other kinds of
 66 | works, such as semiconductor masks.
 67 | 
 68 |   "The Program" refers to any copyrightable work licensed under this
 69 | License.  Each licensee is addressed as "you".  "Licensees" and
 70 | "recipients" may be individuals or organizations.
 71 | 
 72 |   To "modify" a work means to copy from or adapt all or part of the work
 73 | in a fashion requiring copyright permission, other than the making of an
 74 | exact copy.  The resulting work is called a "modified version" of the
 75 | earlier work or a work "based on" the earlier work.
 76 | 
 77 |   A "covered work" means either the unmodified Program or a work based
 78 | on the Program.
 79 | 
 80 |   To "propagate" a work means to do anything with it that, without
 81 | permission, would make you directly or secondarily liable for
 82 | infringement under applicable copyright law, except executing it on a
 83 | computer or modifying a private copy.  Propagation includes copying,
 84 | distribution (with or without modification), making available to the
 85 | public, and in some countries other activities as well.
 86 | 
 87 |   To "convey" a work means any kind of propagation that enables other
 88 | parties to make or receive copies.  Mere interaction with a user through
 89 | a computer network, with no transfer of a copy, is not conveying.
 90 | 
 91 |   An interactive user interface displays "Appropriate Legal Notices"
 92 | to the extent that it includes a convenient and prominently visible
 93 | feature that (1) displays an appropriate copyright notice, and (2)
 94 | tells the user that there is no warranty for the work (except to the
 95 | extent that warranties are provided), that licensees may convey the
 96 | work under this License, and how to view a copy of this License.  If
 97 | the interface presents a list of user commands or options, such as a
 98 | menu, a prominent item in the list meets this criterion.
 99 | 
100 |   1. Source Code.
101 | 
102 |   The "source code" for a work means the preferred form of the work
103 | for making modifications to it.  "Object code" means any non-source
104 | form of a work.
105 | 
106 |   A "Standard Interface" means an interface that either is an official
107 | standard defined by a recognized standards body, or, in the case of
108 | interfaces specified for a particular programming language, one that
109 | is widely used among developers working in that language.
110 | 
111 |   The "System Libraries" of an executable work include anything, other
112 | than the work as a whole, that (a) is included in the normal form of
113 | packaging a Major Component, but which is not part of that Major
114 | Component, and (b) serves only to enable use of the work with that
115 | Major Component, or to implement a Standard Interface for which an
116 | implementation is available to the public in source code form.  A
117 | "Major Component", in this context, means a major essential component
118 | (kernel, window system, and so on) of the specific operating system
119 | (if any) on which the executable work runs, or a compiler used to
120 | produce the work, or an object code interpreter used to run it.
121 | 
122 |   The "Corresponding Source" for a work in object code form means all
123 | the source code needed to generate, install, and (for an executable
124 | work) run the object code and to modify the work, including scripts to
125 | control those activities.  However, it does not include the work's
126 | System Libraries, or general-purpose tools or generally available free
127 | programs which are used unmodified in performing those activities but
128 | which are not part of the work.  For example, Corresponding Source
129 | includes interface definition files associated with source files for
130 | the work, and the source code for shared libraries and dynamically
131 | linked subprograms that the work is specifically designed to require,
132 | such as by intimate data communication or control flow between those
133 | subprograms and other parts of the work.
134 | 
135 |   The Corresponding Source need not include anything that users
136 | can regenerate automatically from other parts of the Corresponding
137 | Source.
138 | 
139 |   The Corresponding Source for a work in source code form is that
140 | same work.
141 | 
142 |   2. Basic Permissions.
143 | 
144 |   All rights granted under this License are granted for the term of
145 | copyright on the Program, and are irrevocable provided the stated
146 | conditions are met.  This License explicitly affirms your unlimited
147 | permission to run the unmodified Program.  The output from running a
148 | covered work is covered by this License only if the output, given its
149 | content, constitutes a covered work.  This License acknowledges your
150 | rights of fair use or other equivalent, as provided by copyright law.
151 | 
152 |   You may make, run and propagate covered works that you do not
153 | convey, without conditions so long as your license otherwise remains
154 | in force.  You may convey covered works to others for the sole purpose
155 | of having them make modifications exclusively for you, or provide you
156 | with facilities for running those works, provided that you comply with
157 | the terms of this License in conveying all material for which you do
158 | not control copyright.  Those thus making or running the covered works
159 | for you must do so exclusively on your behalf, under your direction
160 | and control, on terms that prohibit them from making any copies of
161 | your copyrighted material outside their relationship with you.
162 | 
163 |   Conveying under any other circumstances is permitted solely under
164 | the conditions stated below.  Sublicensing is not allowed; section 10
165 | makes it unnecessary.
166 | 
167 |   3. Protecting Users' Legal Rights From Anti-Circumvention Law.
168 | 
169 |   No covered work shall be deemed part of an effective technological
170 | measure under any applicable law fulfilling obligations under article
171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
172 | similar laws prohibiting or restricting circumvention of such
173 | measures.
174 | 
175 |   When you convey a covered work, you waive any legal power to forbid
176 | circumvention of technological measures to the extent such circumvention
177 | is effected by exercising rights under this License with respect to
178 | the covered work, and you disclaim any intention to limit operation or
179 | modification of the work as a means of enforcing, against the work's
180 | users, your or third parties' legal rights to forbid circumvention of
181 | technological measures.
182 | 
183 |   4. Conveying Verbatim Copies.
184 | 
185 |   You may convey verbatim copies of the Program's source code as you
186 | receive it, in any medium, provided that you conspicuously and
187 | appropriately publish on each copy an appropriate copyright notice;
188 | keep intact all notices stating that this License and any
189 | non-permissive terms added in accord with section 7 apply to the code;
190 | keep intact all notices of the absence of any warranty; and give all
191 | recipients a copy of this License along with the Program.
192 | 
193 |   You may charge any price or no price for each copy that you convey,
194 | and you may offer support or warranty protection for a fee.
195 | 
196 |   5. Conveying Modified Source Versions.
197 | 
198 |   You may convey a work based on the Program, or the modifications to
199 | produce it from the Program, in the form of source code under the
200 | terms of section 4, provided that you also meet all of these conditions:
201 | 
202 |     a) The work must carry prominent notices stating that you modified
203 |     it, and giving a relevant date.
204 | 
205 |     b) The work must carry prominent notices stating that it is
206 |     released under this License and any conditions added under section
207 |     7.  This requirement modifies the requirement in section 4 to
208 |     "keep intact all notices".
209 | 
210 |     c) You must license the entire work, as a whole, under this
211 |     License to anyone who comes into possession of a copy.  This
212 |     License will therefore apply, along with any applicable section 7
213 |     additional terms, to the whole of the work, and all its parts,
214 |     regardless of how they are packaged.  This License gives no
215 |     permission to license the work in any other way, but it does not
216 |     invalidate such permission if you have separately received it.
217 | 
218 |     d) If the work has interactive user interfaces, each must display
219 |     Appropriate Legal Notices; however, if the Program has interactive
220 |     interfaces that do not display Appropriate Legal Notices, your
221 |     work need not make them do so.
222 | 
223 |   A compilation of a covered work with other separate and independent
224 | works, which are not by their nature extensions of the covered work,
225 | and which are not combined with it such as to form a larger program,
226 | in or on a volume of a storage or distribution medium, is called an
227 | "aggregate" if the compilation and its resulting copyright are not
228 | used to limit the access or legal rights of the compilation's users
229 | beyond what the individual works permit.  Inclusion of a covered work
230 | in an aggregate does not cause this License to apply to the other
231 | parts of the aggregate.
232 | 
233 |   6. Conveying Non-Source Forms.
234 | 
235 |   You may convey a covered work in object code form under the terms
236 | of sections 4 and 5, provided that you also convey the
237 | machine-readable Corresponding Source under the terms of this License,
238 | in one of these ways:
239 | 
240 |     a) Convey the object code in, or embodied in, a physical product
241 |     (including a physical distribution medium), accompanied by the
242 |     Corresponding Source fixed on a durable physical medium
243 |     customarily used for software interchange.
244 | 
245 |     b) Convey the object code in, or embodied in, a physical product
246 |     (including a physical distribution medium), accompanied by a
247 |     written offer, valid for at least three years and valid for as
248 |     long as you offer spare parts or customer support for that product
249 |     model, to give anyone who possesses the object code either (1) a
250 |     copy of the Corresponding Source for all the software in the
251 |     product that is covered by this License, on a durable physical
252 |     medium customarily used for software interchange, for a price no
253 |     more than your reasonable cost of physically performing this
254 |     conveying of source, or (2) access to copy the
255 |     Corresponding Source from a network server at no charge.
256 | 
257 |     c) Convey individual copies of the object code with a copy of the
258 |     written offer to provide the Corresponding Source.  This
259 |     alternative is allowed only occasionally and noncommercially, and
260 |     only if you received the object code with such an offer, in accord
261 |     with subsection 6b.
262 | 
263 |     d) Convey the object code by offering access from a designated
264 |     place (gratis or for a charge), and offer equivalent access to the
265 |     Corresponding Source in the same way through the same place at no
266 |     further charge.  You need not require recipients to copy the
267 |     Corresponding Source along with the object code.  If the place to
268 |     copy the object code is a network server, the Corresponding Source
269 |     may be on a different server (operated by you or a third party)
270 |     that supports equivalent copying facilities, provided you maintain
271 |     clear directions next to the object code saying where to find the
272 |     Corresponding Source.  Regardless of what server hosts the
273 |     Corresponding Source, you remain obligated to ensure that it is
274 |     available for as long as needed to satisfy these requirements.
275 | 
276 |     e) Convey the object code using peer-to-peer transmission, provided
277 |     you inform other peers where the object code and Corresponding
278 |     Source of the work are being offered to the general public at no
279 |     charge under subsection 6d.
280 | 
281 |   A separable portion of the object code, whose source code is excluded
282 | from the Corresponding Source as a System Library, need not be
283 | included in conveying the object code work.
284 | 
285 |   A "User Product" is either (1) a "consumer product", which means any
286 | tangible personal property which is normally used for personal, family,
287 | or household purposes, or (2) anything designed or sold for incorporation
288 | into a dwelling.  In determining whether a product is a consumer product,
289 | doubtful cases shall be resolved in favor of coverage.  For a particular
290 | product received by a particular user, "normally used" refers to a
291 | typical or common use of that class of product, regardless of the status
292 | of the particular user or of the way in which the particular user
293 | actually uses, or expects or is expected to use, the product.  A product
294 | is a consumer product regardless of whether the product has substantial
295 | commercial, industrial or non-consumer uses, unless such uses represent
296 | the only significant mode of use of the product.
297 | 
298 |   "Installation Information" for a User Product means any methods,
299 | procedures, authorization keys, or other information required to install
300 | and execute modified versions of a covered work in that User Product from
301 | a modified version of its Corresponding Source.  The information must
302 | suffice to ensure that the continued functioning of the modified object
303 | code is in no case prevented or interfered with solely because
304 | modification has been made.
305 | 
306 |   If you convey an object code work under this section in, or with, or
307 | specifically for use in, a User Product, and the conveying occurs as
308 | part of a transaction in which the right of possession and use of the
309 | User Product is transferred to the recipient in perpetuity or for a
310 | fixed term (regardless of how the transaction is characterized), the
311 | Corresponding Source conveyed under this section must be accompanied
312 | by the Installation Information.  But this requirement does not apply
313 | if neither you nor any third party retains the ability to install
314 | modified object code on the User Product (for example, the work has
315 | been installed in ROM).
316 | 
317 |   The requirement to provide Installation Information does not include a
318 | requirement to continue to provide support service, warranty, or updates
319 | for a work that has been modified or installed by the recipient, or for
320 | the User Product in which it has been modified or installed.  Access to a
321 | network may be denied when the modification itself materially and
322 | adversely affects the operation of the network or violates the rules and
323 | protocols for communication across the network.
324 | 
325 |   Corresponding Source conveyed, and Installation Information provided,
326 | in accord with this section must be in a format that is publicly
327 | documented (and with an implementation available to the public in
328 | source code form), and must require no special password or key for
329 | unpacking, reading or copying.
330 | 
331 |   7. Additional Terms.
332 | 
333 |   "Additional permissions" are terms that supplement the terms of this
334 | License by making exceptions from one or more of its conditions.
335 | Additional permissions that are applicable to the entire Program shall
336 | be treated as though they were included in this License, to the extent
337 | that they are valid under applicable law.  If additional permissions
338 | apply only to part of the Program, that part may be used separately
339 | under those permissions, but the entire Program remains governed by
340 | this License without regard to the additional permissions.
341 | 
342 |   When you convey a copy of a covered work, you may at your option
343 | remove any additional permissions from that copy, or from any part of
344 | it.  (Additional permissions may be written to require their own
345 | removal in certain cases when you modify the work.)  You may place
346 | additional permissions on material, added by you to a covered work,
347 | for which you have or can give appropriate copyright permission.
348 | 
349 |   Notwithstanding any other provision of this License, for material you
350 | add to a covered work, you may (if authorized by the copyright holders of
351 | that material) supplement the terms of this License with terms:
352 | 
353 |     a) Disclaiming warranty or limiting liability differently from the
354 |     terms of sections 15 and 16 of this License; or
355 | 
356 |     b) Requiring preservation of specified reasonable legal notices or
357 |     author attributions in that material or in the Appropriate Legal
358 |     Notices displayed by works containing it; or
359 | 
360 |     c) Prohibiting misrepresentation of the origin of that material, or
361 |     requiring that modified versions of such material be marked in
362 |     reasonable ways as different from the original version; or
363 | 
364 |     d) Limiting the use for publicity purposes of names of licensors or
365 |     authors of the material; or
366 | 
367 |     e) Declining to grant rights under trademark law for use of some
368 |     trade names, trademarks, or service marks; or
369 | 
370 |     f) Requiring indemnification of licensors and authors of that
371 |     material by anyone who conveys the material (or modified versions of
372 |     it) with contractual assumptions of liability to the recipient, for
373 |     any liability that these contractual assumptions directly impose on
374 |     those licensors and authors.
375 | 
376 |   All other non-permissive additional terms are considered "further
377 | restrictions" within the meaning of section 10.  If the Program as you
378 | received it, or any part of it, contains a notice stating that it is
379 | governed by this License along with a term that is a further
380 | restriction, you may remove that term.  If a license document contains
381 | a further restriction but permits relicensing or conveying under this
382 | License, you may add to a covered work material governed by the terms
383 | of that license document, provided that the further restriction does
384 | not survive such relicensing or conveying.
385 | 
386 |   If you add terms to a covered work in accord with this section, you
387 | must place, in the relevant source files, a statement of the
388 | additional terms that apply to those files, or a notice indicating
389 | where to find the applicable terms.
390 | 
391 |   Additional terms, permissive or non-permissive, may be stated in the
392 | form of a separately written license, or stated as exceptions;
393 | the above requirements apply either way.
394 | 
395 |   8. Termination.
396 | 
397 |   You may not propagate or modify a covered work except as expressly
398 | provided under this License.  Any attempt otherwise to propagate or
399 | modify it is void, and will automatically terminate your rights under
400 | this License (including any patent licenses granted under the third
401 | paragraph of section 11).
402 | 
403 |   However, if you cease all violation of this License, then your
404 | license from a particular copyright holder is reinstated (a)
405 | provisionally, unless and until the copyright holder explicitly and
406 | finally terminates your license, and (b) permanently, if the copyright
407 | holder fails to notify you of the violation by some reasonable means
408 | prior to 60 days after the cessation.
409 | 
410 |   Moreover, your license from a particular copyright holder is
411 | reinstated permanently if the copyright holder notifies you of the
412 | violation by some reasonable means, this is the first time you have
413 | received notice of violation of this License (for any work) from that
414 | copyright holder, and you cure the violation prior to 30 days after
415 | your receipt of the notice.
416 | 
417 |   Termination of your rights under this section does not terminate the
418 | licenses of parties who have received copies or rights from you under
419 | this License.  If your rights have been terminated and not permanently
420 | reinstated, you do not qualify to receive new licenses for the same
421 | material under section 10.
422 | 
423 |   9. Acceptance Not Required for Having Copies.
424 | 
425 |   You are not required to accept this License in order to receive or
426 | run a copy of the Program.  Ancillary propagation of a covered work
427 | occurring solely as a consequence of using peer-to-peer transmission
428 | to receive a copy likewise does not require acceptance.  However,
429 | nothing other than this License grants you permission to propagate or
430 | modify any covered work.  These actions infringe copyright if you do
431 | not accept this License.  Therefore, by modifying or propagating a
432 | covered work, you indicate your acceptance of this License to do so.
433 | 
434 |   10. Automatic Licensing of Downstream Recipients.
435 | 
436 |   Each time you convey a covered work, the recipient automatically
437 | receives a license from the original licensors, to run, modify and
438 | propagate that work, subject to this License.  You are not responsible
439 | for enforcing compliance by third parties with this License.
440 | 
441 |   An "entity transaction" is a transaction transferring control of an
442 | organization, or substantially all assets of one, or subdividing an
443 | organization, or merging organizations.  If propagation of a covered
444 | work results from an entity transaction, each party to that
445 | transaction who receives a copy of the work also receives whatever
446 | licenses to the work the party's predecessor in interest had or could
447 | give under the previous paragraph, plus a right to possession of the
448 | Corresponding Source of the work from the predecessor in interest, if
449 | the predecessor has it or can get it with reasonable efforts.
450 | 
451 |   You may not impose any further restrictions on the exercise of the
452 | rights granted or affirmed under this License.  For example, you may
453 | not impose a license fee, royalty, or other charge for exercise of
454 | rights granted under this License, and you may not initiate litigation
455 | (including a cross-claim or counterclaim in a lawsuit) alleging that
456 | any patent claim is infringed by making, using, selling, offering for
457 | sale, or importing the Program or any portion of it.
458 | 
459 |   11. Patents.
460 | 
461 |   A "contributor" is a copyright holder who authorizes use under this
462 | License of the Program or a work on which the Program is based.  The
463 | work thus licensed is called the contributor's "contributor version".
464 | 
465 |   A contributor's "essential patent claims" are all patent claims
466 | owned or controlled by the contributor, whether already acquired or
467 | hereafter acquired, that would be infringed by some manner, permitted
468 | by this License, of making, using, or selling its contributor version,
469 | but do not include claims that would be infringed only as a
470 | consequence of further modification of the contributor version.  For
471 | purposes of this definition, "control" includes the right to grant
472 | patent sublicenses in a manner consistent with the requirements of
473 | this License.
474 | 
475 |   Each contributor grants you a non-exclusive, worldwide, royalty-free
476 | patent license under the contributor's essential patent claims, to
477 | make, use, sell, offer for sale, import and otherwise run, modify and
478 | propagate the contents of its contributor version.
479 | 
480 |   In the following three paragraphs, a "patent license" is any express
481 | agreement or commitment, however denominated, not to enforce a patent
482 | (such as an express permission to practice a patent or covenant not to
483 | sue for patent infringement).  To "grant" such a patent license to a
484 | party means to make such an agreement or commitment not to enforce a
485 | patent against the party.
486 | 
487 |   If you convey a covered work, knowingly relying on a patent license,
488 | and the Corresponding Source of the work is not available for anyone
489 | to copy, free of charge and under the terms of this License, through a
490 | publicly available network server or other readily accessible means,
491 | then you must either (1) cause the Corresponding Source to be so
492 | available, or (2) arrange to deprive yourself of the benefit of the
493 | patent license for this particular work, or (3) arrange, in a manner
494 | consistent with the requirements of this License, to extend the patent
495 | license to downstream recipients.  "Knowingly relying" means you have
496 | actual knowledge that, but for the patent license, your conveying the
497 | covered work in a country, or your recipient's use of the covered work
498 | in a country, would infringe one or more identifiable patents in that
499 | country that you have reason to believe are valid.
500 | 
501 |   If, pursuant to or in connection with a single transaction or
502 | arrangement, you convey, or propagate by procuring conveyance of, a
503 | covered work, and grant a patent license to some of the parties
504 | receiving the covered work authorizing them to use, propagate, modify
505 | or convey a specific copy of the covered work, then the patent license
506 | you grant is automatically extended to all recipients of the covered
507 | work and works based on it.
508 | 
509 |   A patent license is "discriminatory" if it does not include within
510 | the scope of its coverage, prohibits the exercise of, or is
511 | conditioned on the non-exercise of one or more of the rights that are
512 | specifically granted under this License.  You may not convey a covered
513 | work if you are a party to an arrangement with a third party that is
514 | in the business of distributing software, under which you make payment
515 | to the third party based on the extent of your activity of conveying
516 | the work, and under which the third party grants, to any of the
517 | parties who would receive the covered work from you, a discriminatory
518 | patent license (a) in connection with copies of the covered work
519 | conveyed by you (or copies made from those copies), or (b) primarily
520 | for and in connection with specific products or compilations that
521 | contain the covered work, unless you entered into that arrangement,
522 | or that patent license was granted, prior to 28 March 2007.
523 | 
524 |   Nothing in this License shall be construed as excluding or limiting
525 | any implied license or other defenses to infringement that may
526 | otherwise be available to you under applicable patent law.
527 | 
528 |   12. No Surrender of Others' Freedom.
529 | 
530 |   If conditions are imposed on you (whether by court order, agreement or
531 | otherwise) that contradict the conditions of this License, they do not
532 | excuse you from the conditions of this License.  If you cannot convey a
533 | covered work so as to satisfy simultaneously your obligations under this
534 | License and any other pertinent obligations, then as a consequence you may
535 | not convey it at all.  For example, if you agree to terms that obligate you
536 | to collect a royalty for further conveying from those to whom you convey
537 | the Program, the only way you could satisfy both those terms and this
538 | License would be to refrain entirely from conveying the Program.
539 | 
540 |   13. Remote Network Interaction; Use with the GNU General Public License.
541 | 
542 |   Notwithstanding any other provision of this License, if you modify the
543 | Program, your modified version must prominently offer all users
544 | interacting with it remotely through a computer network (if your version
545 | supports such interaction) an opportunity to receive the Corresponding
546 | Source of your version by providing access to the Corresponding Source
547 | from a network server at no charge, through some standard or customary
548 | means of facilitating copying of software.  This Corresponding Source
549 | shall include the Corresponding Source for any work covered by version 3
550 | of the GNU General Public License that is incorporated pursuant to the
551 | following paragraph.
552 | 
553 |   Notwithstanding any other provision of this License, you have
554 | permission to link or combine any covered work with a work licensed
555 | under version 3 of the GNU General Public License into a single
556 | combined work, and to convey the resulting work.  The terms of this
557 | License will continue to apply to the part which is the covered work,
558 | but the work with which it is combined will remain governed by version
559 | 3 of the GNU General Public License.
560 | 
561 |   14. Revised Versions of this License.
562 | 
563 |   The Free Software Foundation may publish revised and/or new versions of
564 | the GNU Affero General Public License from time to time.  Such new versions
565 | will be similar in spirit to the present version, but may differ in detail to
566 | address new problems or concerns.
567 | 
568 |   Each version is given a distinguishing version number.  If the
569 | Program specifies that a certain numbered version of the GNU Affero General
570 | Public License "or any later version" applies to it, you have the
571 | option of following the terms and conditions either of that numbered
572 | version or of any later version published by the Free Software
573 | Foundation.  If the Program does not specify a version number of the
574 | GNU Affero General Public License, you may choose any version ever published
575 | by the Free Software Foundation.
576 | 
577 |   If the Program specifies that a proxy can decide which future
578 | versions of the GNU Affero General Public License can be used, that proxy's
579 | public statement of acceptance of a version permanently authorizes you
580 | to choose that version for the Program.
581 | 
582 |   Later license versions may give you additional or different
583 | permissions.  However, no additional obligations are imposed on any
584 | author or copyright holder as a result of your choosing to follow a
585 | later version.
586 | 
587 |   15. Disclaimer of Warranty.
588 | 
589 |   THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
590 | APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
594 | PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
595 | IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
597 | 
598 |   16. Limitation of Liability.
599 | 
600 |   IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
608 | SUCH DAMAGES.
609 | 
610 |   17. Interpretation of Sections 15 and 16.
611 | 
612 |   If the disclaimer of warranty and limitation of liability provided
613 | above cannot be given local legal effect according to their terms,
614 | reviewing courts shall apply local law that most closely approximates
615 | an absolute waiver of all civil liability in connection with the
616 | Program, unless a warranty or assumption of liability accompanies a
617 | copy of the Program in return for a fee.
618 | 
619 |                      END OF TERMS AND CONDITIONS
620 | 
621 |             How to Apply These Terms to Your New Programs
622 | 
623 |   If you develop a new program, and you want it to be of the greatest
624 | possible use to the public, the best way to achieve this is to make it
625 | free software which everyone can redistribute and change under these terms.
626 | 
627 |   To do so, attach the following notices to the program.  It is safest
628 | to attach them to the start of each source file to most effectively
629 | state the exclusion of warranty; and each file should have at least
630 | the "copyright" line and a pointer to where the full notice is found.
631 | 
632 |     <one line to give the program's name and a brief idea of what it does.>
633 |     Copyright (C) <year>  <name of author>
634 | 
635 |     This program is free software: you can redistribute it and/or modify
636 |     it under the terms of the GNU Affero General Public License as published
637 |     by the Free Software Foundation, either version 3 of the License, or
638 |     (at your option) any later version.
639 | 
640 |     This program is distributed in the hope that it will be useful,
641 |     but WITHOUT ANY WARRANTY; without even the implied warranty of
642 |     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
643 |     GNU Affero General Public License for more details.
644 | 
645 |     You should have received a copy of the GNU Affero General Public License
646 |     along with this program.  If not, see <https://www.gnu.org/licenses/>.
647 | 
648 | Also add information on how to contact you by electronic and paper mail.
649 | 
650 |   If your software can interact with users remotely through a computer
651 | network, you should also make sure that it provides a way for users to
652 | get its source.  For example, if your program is a web application, its
653 | interface could display a "Source" link that leads users to an archive
654 | of the code.  There are many ways you could offer source, and different
655 | solutions will be better for different programs; see section 13 for the
656 | specific requirements.
657 | 
658 |   You should also get your employer (if you work as a programmer) or school,
659 | if any, to sign a "copyright disclaimer" for the program, if necessary.
660 | For more information on this, and how to apply and follow the GNU AGPL, see
661 | <https://www.gnu.org/licenses/>.
662 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | [Please read this update about microlight's future](https://www.tomgardiner.me/2020/11/why-microlight-was-destined-to-fail.html)
 2 | 
 3 | # microlight (or µLight, or µlite, etc)
 4 | 
 5 | ## Why?
 6 | 
 7 | Microlight is a blogging engine based on [IndieWeb](https://indieweb.org)-based
 8 | concepts. This means support for:
 9 | 
10 | * POSSE (posting on your site, automatically posting to other social media
11 |   sites, and linking the two together)
12 |   * This means comments and replies on those social media websites will
13 |     also appear on your site underneath the post
14 | * Post formats:
15 |   * Note ("tweets")
16 |   * Article (blog posts)
17 |   * Photo
18 |   * Video
19 |   * And more! (See [PostType](https://indieweb.org/Category:PostType))
20 | * Replies
21 |   * Other people with an IndieWeb compatible website will be able to
22 |     post comments on your blog using their own website as an account
23 | * Owning your identity
24 |   * Your website is a corner of the internet **you own** - no company
25 |     keeps a-hold of the information you post to it
26 | 
27 | ## Screenshot
28 | 
29 | ![](themes/microlight-default/microlight-default-screenshot.png)
30 | 
31 | ## Requirements
32 | 
33 | * **PHP 7 or above**  
34 |   While in theory microlight should work on PHP 5.6, this version is
35 |   [no longer supported](https://secure.php.net/supported-versions.php) by the
36 |   PHP group, and so I will not be testing it on any version below 7.
37 | * **PDO SQLite/MySQL**  
38 |   Currently, the table creation functions are written purely for SQLite (this
39 |   will be added for MySQL shortly), although fetch posts and inserting posts
40 |   are fully functional using MySQL.
41 | * **GD Image Processing Library**  
42 |   For image uploads. This extension can be enabled in your `php.ini` file, or by
43 |   installing `php-gd`, depending on your distro.
44 | * **Apache or Nginx**  
45 |   To prevent your SQLite database from being directly downloaded, you should run
46 |   microlight in an Apache or Nginx server. In the future, pretty-URL support
47 |   will also be enabled for those doing so, when it is eventually developed.
48 | 
49 | ## Disclaimer
50 | 
51 | * Whilst in development, microlight has not been tested on a macOS or Windows
52 |   server, only on Arch Linux. Until I have at least confirmed it working on
53 |   Windows, your mileage may vary.
54 | * This is mainly a personal project. I would love suggestions for new features,
55 |   although if they do not align with my goals for this software, I am not likely
56 |   to implement them. You are, of course, welcome to add features by submitting
57 |   a pull request! 😁
58 | 


--------------------------------------------------------------------------------
/includes/api.include.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('lib/enum.php');
  6 | 
  7 | abstract class TokenScope extends BasicEnum {
  8 | 	const CREATE = 'create';
  9 | 	const UPDATE = 'update';
 10 | 	const DELETE = 'delete';
 11 | 	const MEDIA = 'media';
 12 | }
 13 | 
 14 | $post = null;
 15 | $auth = null;
 16 | 
 17 | /**
 18 |  * Retrieve the HTTP method used, usually `GET` or `POST`
 19 |  *
 20 |  * @return void
 21 |  */
 22 | function ml_api_method () {
 23 | 	return $_SERVER['REQUEST_METHOD'];
 24 | }
 25 | 
 26 | /**
 27 |  * Retrieve the Content-Type header provided in the request
 28 |  *
 29 |  * @return string
 30 |  */
 31 | function ml_api_content_type () {
 32 | 	$content_type = '';
 33 | 
 34 | 	if (isset($_SERVER['CONTENT_TYPE'])) {
 35 | 		$content_type = $_SERVER['CONTENT_TYPE'];
 36 | 	}
 37 | 
 38 | 	if (empty($content_type) && isset($_SERVER['HTTP_CONTENT_TYPE'])) {
 39 | 		$content_type = $_SERVER['HTTP_CONTENT_TYPE'];
 40 | 	}
 41 | 
 42 | 	// Default to form data if no value was provided.
 43 | 	if (empty($content_type)) $content_type = HTTPContentType::FORM_DATA;
 44 | 
 45 | 	return $content_type;
 46 | }
 47 | 
 48 | /**
 49 |  * Decode POST body values, depending on whether JSON was provided.
 50 |  *
 51 |  * @return bool
 52 |  */
 53 | function ml_api_post_decode () {
 54 | 	global $post;
 55 | 
 56 | 	if (ml_api_content_type() === HTTPContentType::JSON) {
 57 | 		$post = json_decode(file_get_contents('php://input'), true);
 58 | 	} else {
 59 | 		$post = $_POST;
 60 | 	}
 61 | 
 62 | 	return true;
 63 | }
 64 | 
 65 | /**
 66 |  * Retrieve a POST value, if provided, otherwise `null`
 67 |  *
 68 |  * @param string $key
 69 |  * @return mixed|null
 70 |  */
 71 | function ml_api_post ($key) {
 72 | 	global $post;
 73 | 
 74 | 	if ($post === null) {
 75 | 		throw new Exception('Post data has not be initialised. Make sure ml_api_post_decode has been called.');
 76 | 	}
 77 | 
 78 | 	if (isset($post[$key]) && !empty($post[$key])) return $post[$key];
 79 | 	return null;
 80 | }
 81 | 
 82 | /**
 83 |  * Retrieve a POST value in microformats2 syntax, if provided, otherwise null
 84 |  *
 85 |  * @param array $post
 86 |  * @param string $key
 87 |  * @param bool $is_single
 88 |  * @return mixed|null
 89 |  */
 90 | function ml_api_post_json ($post, $key, $is_single = false) {
 91 | 	if (!is_array($post)) return null;
 92 | 	if (!isset($post[$key])) return null;
 93 | 	if (empty($post[$key])) return null;
 94 | 	if (!is_array($post[$key])) return $post[$key];
 95 | 
 96 | 	// A lot of microformats2 items are intentionally single element arrays.
 97 | 	// I'm not sure why, but if we know it's supposed to, parse it here.
 98 | 	if ($is_single === true) {
 99 | 		if (count($post[$key]) !== 1) return null;
100 | 		return $post[$key][0];
101 | 	}
102 | 
103 | 	return $post[$key];
104 | }
105 | 
106 | /**
107 |  * Retrieve a GET value, if provided, otherwise `null`
108 |  *
109 |  * @param string $key
110 |  * @return mixed|null
111 |  */
112 | function ml_api_get ($key) {
113 | 	if (isset($_GET[$key]) && !empty($_GET[$key])) return $_GET[$key];
114 | 	return null;
115 | }
116 | 
117 | /**
118 |  * Returns the access token provided by the user, either through the
119 |  * `Authorization` header, or as an `access_token` key in the POST body.
120 |  *
121 |  * @return null|string
122 |  */
123 | function ml_api_access_token () {
124 | 	global $post;
125 | 
126 | 	// Don't allow user in without a valid bearer token
127 | 	$bearer = ml_http_bearer();
128 | 
129 | 	if ($bearer === false && $post !== null) {
130 | 		$bearer = ml_api_post('access_token');
131 | 	}
132 | 
133 | 	return $bearer;
134 | }
135 | 
136 | /**
137 |  * Validates the token with the provided token endpoint. Should be used with
138 |  * all micropub requests.
139 |  *
140 |  * @param string $token The bearer access token
141 |  * @return boolean `true`, if the access token is valid, otherwise `false`
142 |  */
143 | function ml_api_validate_token ($token) {
144 | 	global $auth;
145 | 
146 | 	$headers = [
147 | 		'Authorization: Bearer ' . $token,
148 | 		'Content-Type: application/json',
149 | 		'Accept: application/json'
150 | 	];
151 | 
152 | 	$response = ml_http_request(
153 | 		Config::INDIEAUTH_TOKEN_ENDPOINT,
154 | 		HTTPMethod::GET,
155 | 		null,
156 | 		$headers
157 | 	);
158 | 
159 | 	if (empty($response['body']['me'])) return false;
160 | 	if ($response['body']['me'] !== ml_base_url()) return false;
161 | 
162 | 	$auth = $response['body'];
163 | 	$auth['scope'] = explode(' ', $auth['scope']);
164 | 
165 | 	return true;
166 | }
167 | 


--------------------------------------------------------------------------------
/includes/config.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | class Config {
  6 | 	/*
  7 | 	 * **Modify these variables before installing on your website:**
  8 | 	 * If there are any settings you don't understand or know what to set
  9 | 	 * to, leave them as the default.
 10 | 	 */
 11 | 
 12 | 	// DB File (string):
 13 | 	// The location of the SQLite file or MySQL database, relative to root.
 14 | 	// default: 'microlight'
 15 | 	const DB_NAME = 'microlight';
 16 | 
 17 | 	// Use MySQL (boolean):
 18 | 	// If false, microlight will use an SQLite database saved to file.
 19 | 	// If true, microlight will use a MySQL database with the username and
 20 | 	// password provided below
 21 | 	// default: false
 22 | 	const USE_MYSQL = false;
 23 | 
 24 | 	// MySQL Login Details (string):
 25 | 	// This only need to be set if you choose to use MySQL (above)
 26 | 	const MYSQL_HOSTNAME = 'localhost';
 27 | 	const MYSQL_USERNAME = '';
 28 | 	const MYSQL_PASSWORD = '';
 29 | 
 30 | 	// Posts Per Page (integer):
 31 | 	// How many posts should be shown on the homepage or while searching
 32 | 	// default: 20
 33 | 	const POSTS_PER_PAGE = 20;
 34 | 
 35 | 	// Theme (string):
 36 | 	// The folder name of the theme you would like to use for this blog
 37 | 	// default: 'microlight-default'
 38 | 	const THEME = 'microlight-default';
 39 | 
 40 | 	// Title Separator (string):
 41 | 	// What splits up your name and the post name in the title bar
 42 | 	// eg. "Your Name | Post Title"
 43 | 	// default: ' | '
 44 | 	const TITLE_SEPARATOR = ' | ';
 45 | 
 46 | 	// Root (string):
 47 | 	// Must start AND end with a slash.
 48 | 	// Where your site is hosted relative to the absolute root. For example,
 49 | 	// if your site's address is 'https://example.com/blog', ROOT would be
 50 | 	// set to '/blog/'.
 51 | 	// default: '/'
 52 | 	const ROOT = '/';
 53 | 
 54 | 	// Date Pretty (string):
 55 | 	// A PHP date format string used to format the default ISO8601 published
 56 | 	// date.
 57 | 	// default: 'l jS F Y, h:i A'
 58 | 	const DATE_PRETTY = 'l jS F Y, H:i';
 59 | 
 60 | 	// Open Graph (boolean):
 61 | 	// Whether you would like to automatically add Open Graph tags (eg. Link
 62 | 	// previews for Facebook & Twitter) to your page.
 63 | 	// default: true
 64 | 	const OPEN_GRAPH = true;
 65 | 
 66 | 	// IndieAuth Provider (string):
 67 | 	// The URL pointing towards your preferred IndieAuth provider. This is
 68 | 	// important and used for creating posts on your website.
 69 | 	// default: 'https://indieauth.com/auth'
 70 | 	const INDIEAUTH_PROVIDER = 'https://indieauth.com/auth';
 71 | 
 72 | 	// IndieAuth Token Endpoint (string):
 73 | 	// Similarly to the IndieAuth provider, this URL (which may or may not
 74 | 	// be identical to the provider URL) is used to validate the token
 75 | 	// received from the IndieAuth provider you specified above.
 76 | 	// default: 'https://tokens.indieauth.com/token'
 77 | 	const INDIEAUTH_TOKEN_ENDPOINT = 'https://tokens.indieauth.com/token';
 78 | 
 79 | 	// Homepage Feed Post Types (string array):
 80 | 	// Restricts the homepage to displaying only the following post types
 81 | 	// default: [ 'note', 'article', 'photo', 'like', 'repost', 'reply', 'bookmark' ]
 82 | 	const HOMEPAGE_POST_TYPES = [
 83 | 		'note', 'article', 'photo', 'like', 'repost', 'reply', 'bookmark'
 84 | 	];
 85 | 
 86 | 	// Max Image Width (integer):
 87 | 	// If images uploaded via the media endpoint are larger than this dimension,
 88 | 	// they should be resized down to this dimension.
 89 | 	// default: 1920
 90 | 	const MEDIA_IMAGE_WIDTH = 1920;
 91 | }
 92 | 
 93 | /**********************************
 94 |  *  DO NOT EDIT BELOW THIS POINT  *
 95 |  **********************************/
 96 | 
 97 | require_once('lib/enum.php');
 98 | require_once('lib/network.php');
 99 | require_once('lib/slug.php');
100 | require_once('db.include.php');
101 | require_once('functions.include.php');
102 | 


--------------------------------------------------------------------------------
/includes/db.include.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('sql.include.php');
  6 | 
  7 | class DBError extends Exception {
  8 | }
  9 | 
 10 | class DB {
 11 | 	/**
 12 | 	 * @var PDO $pdo
 13 | 	 * @var SQL $sql
 14 | 	 */
 15 | 	public $db;
 16 | 	public $sql;
 17 | 
 18 | 	function __construct () {
 19 | 		$this->db = Config::USE_MYSQL == true
 20 | 			? new PDO(
 21 | 				sprintf('mysql:dbname=%s;host=%s', Config::DB_NAME, Config::MYSQL_HOSTNAME),
 22 | 				Config::MYSQL_USERNAME, Config::MYSQL_PASSWORD
 23 | 			)
 24 | 			: new PDO('sqlite:' . Config::DB_NAME . '.db');
 25 | 		$this->sql = new SQL($this->db);
 26 | 	}
 27 | 
 28 | 	public function close () {
 29 | 		$this->db = null;
 30 | 	}
 31 | }
 32 | 
 33 | class Model {
 34 | 	/**
 35 | 	 * @var string $table_name
 36 | 	 * @var PDO &$db
 37 | 	 * @var SQL $sql
 38 | 	 */
 39 | 	public $table_name = ''; // Inherited classes must set this.
 40 | 	public $db;
 41 | 	public $sql;
 42 | 
 43 | 	/**
 44 | 	 * Model constructor.
 45 | 	 *
 46 | 	 * @param PDO $db
 47 | 	 * @param string $table_name
 48 | 	 */
 49 | 	function __construct (&$db, $table_name) {
 50 | 		$this->db = $db->db;
 51 | 		$this->sql = $db->sql;
 52 | 		$this->table_name = $table_name;
 53 | 	}
 54 | 
 55 | 	/**
 56 | 	 * To be overridden by inherited classes.
 57 | 	 *
 58 | 	 * @throws DBError
 59 | 	 */
 60 | 	function create_table () {
 61 | 		throw new DBError('Cannot create an empty table', 1);
 62 | 	}
 63 | 
 64 | 	/**
 65 | 	 * Main "SELECT"-like function, which fetches data from the DB
 66 | 	 *
 67 | 	 * @param array[] $where
 68 | 	 * @param int $limit
 69 | 	 * @param int $offset
 70 | 	 * @param string $order_field
 71 | 	 * @param string $order_direction
 72 | 	 * @return array
 73 | 	 * @throws DBError
 74 | 	 */
 75 | 	function find ($where = [], $limit = NULL, $offset = 0, $order_field = 'id', $order_direction = 'ASC') {
 76 | 		$sql = "SELECT * FROM `$this->table_name`";
 77 | 		$sql .= $this->sql->where($where);
 78 | 
 79 | 		// Add ordering
 80 | 		SQL::regex_test(SQLEscape::COLUMN, $order_field);
 81 | 		SQL::regex_test(SQLEscape::ORDER_DIRECTION, $order_direction);
 82 | 		$sql .= " ORDER BY `$order_field` $order_direction";
 83 | 
 84 | 		// Add limiting (mostly used for pagination)
 85 | 		if ($limit != NULL) $sql .= " LIMIT $limit OFFSET $offset";
 86 | 
 87 | 		$stmt = $this->db->query($sql, PDO::FETCH_ASSOC);
 88 | 		if ($stmt === false) throw new DBError(implode('; ', $this->db->errorInfo()), 0);
 89 | 
 90 | 		return $stmt->fetchAll();
 91 | 	}
 92 | 
 93 | 	/**
 94 | 	 * The same as `find`, but only returns one result (or null)
 95 | 	 *
 96 | 	 * @param array $where
 97 | 	 * @param int $offset
 98 | 	 * @return array|null
 99 | 	 * @throws DBError
100 | 	 */
101 | 	function find_one ($where = [], $offset = 0) {
102 | 		$results = $this->find($where, 1, $offset);
103 | 		if (count($results) > 0) return $results[0];
104 | 		return null;
105 | 	}
106 | 
107 | 	/**
108 | 	 * Inserts a new row into the database model
109 | 	 *
110 | 	 * @param string[] $properties
111 | 	 * @return integer
112 | 	 * @throws DBError
113 | 	 */
114 | 	function insert ($properties) {
115 | 		$sql = 'INSERT INTO ' . $this->table_name . $this->sql->insert($properties);
116 | 		$stmt = $this->db->query($sql, PDO::FETCH_ASSOC);
117 | 		if ($stmt === false) throw new DBError(implode('; ', $this->db->errorInfo()), 0);
118 | 		return $this->db->lastInsertId();
119 | 	}
120 | 
121 | 	/**
122 | 	 * Returns the number of rows in a particular table, with optional
123 | 	 * filtering
124 | 	 *
125 | 	 * @param array[] $where
126 | 	 * @return int
127 | 	 */
128 | 	function count ($where = []) {
129 | 		$sql = "SELECT COUNT(id) as count FROM `$this->table_name`";
130 | 		$sql .= $this->sql->where($where);
131 | 		$stmt = $this->db->query($sql, PDO::FETCH_ASSOC);
132 | 		return (int)$stmt->fetch()['count'];
133 | 	}
134 | 
135 | 	/**
136 | 	 * Delete from the database. If no `$where` value is provided, the
137 | 	 * request will fail. This is to prevent all records from being deleted in
138 | 	 * the table.
139 | 	 * @param array[] $where
140 | 	 * @return bool Whether the deletion was successful or not
141 | 	 * @throws DBError
142 | 	 */
143 | 	function delete ($where = []) {
144 | 		if (empty($where)) throw new Exception('This will delete all records. Not proceeding.');
145 | 
146 | 		$sql = "DELETE FROM `$this->table_name`";
147 | 		$sql .= $this->sql->where($where);
148 | 		$stmt = $this->db->query($sql);
149 | 		if ($stmt === false) throw new DBError(implode('; ', $this->db->errorInfo()), 0);
150 | 		$stmt->fetch();
151 | 
152 | 		// If all goes well...
153 | 		return true;
154 | 	}
155 | 
156 | 	/**
157 | 	 * Update values in the database. If no `$where` value is provided, the
158 | 	 * request will fail. This is to prevent all records from being updated in
159 | 	 * the table.
160 | 	 * @param array $properties
161 | 	 * @param array[] $where
162 | 	 * @return void
163 | 	 */
164 | 	function update ($properties, $where = []){
165 | 		if (empty($where)) throw new Exception('This will update all records. Not proceeding.');
166 | 
167 | 		$sql = "UPDATE `$this->table_name` SET ";
168 | 		$sql .= $this->sql->update($properties);
169 | 		$sql .= $this->sql->where($where);
170 | 
171 | 		$stmt = $this->db->query($sql);
172 | 		if ($stmt === false) throw new DBError(implode('; ', $this->db->errorInfo()), 0);
173 | 		$stmt->fetch();
174 | 
175 | 		// If all goes well...
176 | 		return true;
177 | 	}
178 | }
179 | 
180 | class Post extends Model {
181 | 	public $table_name = 'post';
182 | 
183 | 	function __construct (&$db) {
184 | 		parent::__construct($db, $this->table_name);
185 | 	}
186 | 
187 | 	function create_table () {
188 | 		// Create the table if it does not already exist
189 | 		$this->db->exec($this->sql->create($this->table_name, [
190 | 			[
191 | 				'column' => 'id',
192 | 				'type' => SQLType::PRIMARY_KEY_TYPE,
193 | 			],
194 | 			[
195 | 				// Post name
196 | 				'column' => 'name',
197 | 				'type' => SQLType::TEXT_TYPE,
198 | 			],
199 | 			[
200 | 				// Text based introduction to a particular post
201 | 				'column' => 'summary',
202 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
203 | 			],
204 | 			[
205 | 				// Markdown post contents
206 | 				'column' => 'content',
207 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
208 | 			],
209 | 			[
210 | 				// Post Type
211 | 				'column' => 'post_type',
212 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
213 | 			],
214 | 			[
215 | 				// URL friendly copy of the name
216 | 				'column' => 'slug',
217 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL . SQLType::MOD_UNIQUE,
218 | 			],
219 | 			[
220 | 				// One of: 'public', 'private', 'deleted'.
221 | 				// More status types may be added in the future.
222 | 				'column' => 'status',
223 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
224 | 			],
225 | 			[
226 | 				// Date/Time ISO8601
227 | 				'column' => 'published',
228 | 				'type' => SQLType::DATETIME_TYPE . SQLType::MOD_NOT_NULL,
229 | 			],
230 | 			[
231 | 				// Date/Time ISO8601
232 | 				'column' => 'updated',
233 | 				'type' => SQLType::DATETIME_TYPE,
234 | 			],
235 | 			[
236 | 				// Comma separated tags
237 | 				'column' => 'tags',
238 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
239 | 			],
240 | 			[
241 | 				// "lat,long", otherwise "Address"
242 | 				'column' => 'location',
243 | 				'type' => SQLType::TEXT_TYPE,
244 | 			],
245 | 			[
246 | 				// If the post directly refers to a specific location on the
247 | 				// internet, here is where to put it.
248 | 				'column' => 'url',
249 | 				'type' => SQLType::TEXT_TYPE,
250 | 			],
251 | 		]));
252 | 	}
253 | 
254 | 	function find ($where = [], $limit = -1, $offset = 0, $order_field = 'published', $order_direction = 'DESC') {
255 | 		$results = parent::find($where, $limit, $offset, $order_field, $order_direction);
256 | 
257 | 		// Process each result
258 | 		foreach ($results as $key => $value) {
259 | 			// Split the commas in the tags into an array
260 | 			$results[$key]['tags'] = explode(',', $value['tags']);
261 | 
262 | 			// Remove the last element, which should always be empty
263 | 			array_pop($results[$key]['tags']);
264 | 		}
265 | 
266 | 		return $results;
267 | 	}
268 | 
269 | 	/**
270 | 	 * Convert a post into the microformats2 structure
271 | 	 * @param Post $post
272 | 	 * @return array
273 | 	 */
274 | 	static function to_microformats ($post) {
275 | 		$body = [
276 | 			'type' => 'h-entry',
277 | 			'properties' => [
278 | 				'name' => [ $post['name'] ],
279 | 				'summary' => [ $post['summary'] ],
280 | 				'category' => $post['tags'],
281 | 				'published' => [ $post['published'] ],
282 | 			],
283 | 		];
284 | 
285 | 		if ($post['content'] !== strip_tags($post['content'])) {
286 | 			$body['properties']['content'] = [[
287 | 				'value' => strip_tags($post['content']),
288 | 				'html' => $post['content'],
289 | 			]];
290 | 		} else {
291 | 			$body['properties']['content'] = [ $post['content'] ];
292 | 		}
293 | 
294 | 		if ($post['updated'] !== null) {
295 | 			$body['properties']['updated'] = [ $post['updated'] ];
296 | 		}
297 | 
298 | 		switch ($post['post_type']) {
299 | 		case 'photo':
300 | 			$body['properties']['photo'] = [ $post['url'] ];
301 | 			break;
302 | 		case 'audio':
303 | 			$body['properties']['audio'] = [ $post['url'] ];
304 | 			break;
305 | 		case 'video':
306 | 			$body['properties']['video'] = [ $post['url'] ];
307 | 			break;
308 | 		case 'like':
309 | 			$body['properties']['like-of'] = [ $post['url'] ];
310 | 			break;
311 | 		case 'bookmark':
312 | 			$body['properties']['bookmark-of'] = [ $post['url'] ];
313 | 			break;
314 | 		case 'reply':
315 | 			$body['properties']['in-reply-to'] = [ $post['url'] ];
316 | 			break;
317 | 		case 'repost':
318 | 			$body['properties']['repost-of'] = [ $post['url'] ];
319 | 			break;
320 | 		}
321 | 
322 | 		return $body;
323 | 	}
324 | 
325 | 	static function create_empty () {
326 | 		$post = [
327 | 			'id' => 0,
328 | 			'name' => 'Deleted',
329 | 			'summary' => 'This post has been deleted',
330 | 			'content' => 'This post has been deleted',
331 | 			'post_type' => 'article',
332 | 			'slug' => '',
333 | 			'status' => 'deleted',
334 | 			'published' => '',
335 | 			'updated' => null,
336 | 			'tags' => [],
337 | 			'location' => null,
338 | 			'url' => '',
339 | 		];
340 | 
341 | 		return $post;
342 | 	}
343 | }
344 | 
345 | class Person extends Model {
346 | 	public $table_name = 'person';
347 | 
348 | 	function __construct (&$db) {
349 | 		parent::__construct($db, $this->table_name);
350 | 	}
351 | 
352 | 	function create_table() {
353 | 		$this->db->exec($this->sql->create($this->table_name, [
354 | 			[
355 | 				'column' => 'id',
356 | 				'type' => SQLType::PRIMARY_KEY_TYPE,
357 | 			],
358 | 			[
359 | 				'column' => 'name',
360 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
361 | 			],
362 | 			[
363 | 				'column' => 'url',
364 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
365 | 			],
366 | 			[
367 | 				'column' => 'photo_url',
368 | 				'type' => SQLType::TEXT_TYPE,
369 | 			],
370 | 		]));
371 | 	}
372 | }
373 | 
374 | class Interaction extends Model {
375 | 	public $table_name = 'interaction';
376 | 
377 | 	function __construct (&$db) {
378 | 		parent::__construct($db, $this->table_name);
379 | 	}
380 | 
381 | 	function create_table() {
382 | 		$this->db->exec($this->sql->create($this->table_name, [
383 | 			[
384 | 				'column' => 'id',
385 | 				'type' => SQLType::PRIMARY_KEY_TYPE,
386 | 			],
387 | 			[
388 | 				'column' => 'type',
389 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
390 | 			],
391 | 			[
392 | 				'column' => 'datetime',
393 | 				'type' => SQLType::DATETIME_TYPE . SQLType::MOD_NOT_NULL,
394 | 			],
395 | 			[
396 | 				'column' => 'contents',
397 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
398 | 			],
399 | 			[
400 | 				'column' => 'url',
401 | 				'type' => SQLType::TEXT_TYPE . SQLType::MOD_NOT_NULL,
402 | 			],
403 | 		], [
404 | 			[
405 | 				'table' => 'person',
406 | 				'reference' => 'id',
407 | 			],
408 | 			[
409 | 				'table' => 'post',
410 | 				'reference' => 'id',
411 | 			],
412 | 		]));
413 | 	}
414 | }
415 | 


--------------------------------------------------------------------------------
/includes/functions.include.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | abstract class Show extends BasicEnum {
  6 | 	const ARCHIVE = 'ARCHIVE';
  7 | 	const POST = 'POST';
  8 | 	const PAGE = 'PAGE';
  9 | 	const ERROR404 = 'ERROR404';
 10 | 	const DELETED = 'DELETED';
 11 | }
 12 | 
 13 | // Define all globally available variables
 14 | $post_slug = '';
 15 | $post_tag = '';
 16 | $post_type = '';
 17 | $search_query = '';
 18 | $post_total_count = 0;
 19 | $pagination = null;
 20 | $showing = Show::ARCHIVE;
 21 | $db = null;
 22 | $posts = null;
 23 | 
 24 | /**
 25 |  * @param string $key
 26 |  * @return bool
 27 |  */
 28 | function ml_get_not_blank ($key) {
 29 | 	return (isset($_GET[$key]) && $_GET[$key] !== '');
 30 | }
 31 | 
 32 | /**
 33 |  * @param string $key
 34 |  * @return bool
 35 |  */
 36 | function ml_post_not_blank ($key) {
 37 | 	return (isset($_POST[$key]) && $_POST[$key] !== '');
 38 | }
 39 | 
 40 | /**
 41 |  * Determines what should be fetched from the DB and is shown to the user.
 42 |  *
 43 |  * @global string $post_slug
 44 |  * @global string $post_tag
 45 |  * @global string $post_type
 46 |  * @global integer $pagination
 47 |  * @global string $search_query
 48 |  * @global Show $showing
 49 |  * @throws Exception
 50 |  */
 51 | function ml_showing () {
 52 | 	global $post_slug;
 53 | 	global $post_tag;
 54 | 	global $post_type;
 55 | 	global $pagination;
 56 | 	global $search_query;
 57 | 	global $showing;
 58 | 
 59 | 	if (ml_get_not_blank('post_slug')) {
 60 | 		$post_slug = $_GET['post_slug'];
 61 | 		$showing = Show::POST;
 62 | 	} else {
 63 | 		$showing = Show::ARCHIVE;
 64 | 		$pagination = 0;
 65 | 
 66 | 		if (ml_get_not_blank('post_tag')) {
 67 | 			$post_tag = $_GET['post_tag'];
 68 | 		}
 69 | 
 70 | 		if (ml_get_not_blank('post_type')) {
 71 | 			$post_type = $_GET['post_type'];
 72 | 		}
 73 | 
 74 | 		if (ml_get_not_blank('search_query')) {
 75 | 			$search_query = $_GET['search_query'];
 76 | 		}
 77 | 
 78 | 		if (ml_get_not_blank('page')) {
 79 | 			$pagination = $_GET['page'] - 1;
 80 | 			if ($pagination < 0) {
 81 | 				throw new Exception('Page ' . $pagination . ' cannot be less than 0');
 82 | 			}
 83 | 		}
 84 | 	}
 85 | }
 86 | 
 87 | /**
 88 |  * Sets up the database and fetches the current user
 89 |  *
 90 |  * @global DB $db
 91 |  * @throws DBError
 92 |  */
 93 | function ml_database_setup () {
 94 | 	global $db;
 95 | 
 96 | 	// Set up a connection to the database
 97 | 	$db = new DB();
 98 | }
 99 | 
100 | /**
101 |  * Load posts from the database, where the results depend on whether any search
102 |  * query or tags/slugs are specified.
103 |  *
104 |  * @global DB $db
105 |  * @global string $post_slug
106 |  * @global string $post_tag
107 |  * @global string $post_type
108 |  * @global string $search_query
109 |  * @global integer $post_total_count
110 |  * @global integer|null $pagination
111 |  * @global Show $showing
112 |  * @global Post|Post[] $posts
113 |  * @throws DBError
114 |  */
115 | function ml_load_posts () {
116 | 	global $db;
117 | 	global $post_slug;
118 | 	global $post_tag;
119 | 	global $post_type;
120 | 	global $search_query;
121 | 	global $post_total_count;
122 | 	global $pagination;
123 | 	global $showing;
124 | 	global $posts;
125 | 
126 | 	$where = [
127 | 		// ALWAYS ONLY show public posts
128 | 		SQL::where_create('status', 'public'),
129 | 	];
130 | 
131 | 	$limit = Config::POSTS_PER_PAGE;
132 | 	$offset = Config::POSTS_PER_PAGE * $pagination;
133 | 
134 | 	if ($post_slug !== '') {
135 | 		$limit = 1;
136 | 		$offset = 0;
137 | 
138 | 		// Overwrite the existing where clause (public posts only)
139 | 		// as we need to show a various errors depending on the status of the
140 | 		// post
141 | 		$where = [ SQL::where_create(
142 | 			'slug',
143 | 			$post_slug,
144 | 			SQLOP::EQUAL,
145 | 			SQLEscape::SLUG
146 | 		) ];
147 | 	} elseif ($post_tag !== '' || $post_type !== '' || $search_query !== '') {
148 | 		if ($post_tag !== '') {
149 | 			array_push($where, SQL::where_create(
150 | 				'tags',
151 | 				"%$post_tag,%",
152 | 				SQLOP::LIKE,
153 | 				SQLEscape::TAG
154 | 			));
155 | 		}
156 | 
157 | 		if ($post_type !== '') {
158 | 			array_push($where, SQL::where_create(
159 | 				'post_type',
160 | 				$post_type,
161 | 				SQLOP::EQUAL,
162 | 				SQLEscape::POST_TYPE
163 | 			));
164 | 		}
165 | 
166 | 		if ($search_query !== '') {
167 | 			array_push($where, SQL::where_create(
168 | 				'name',
169 | 				"%$search_query%",
170 | 				SQLOP::LIKE,
171 | 				SQLEscape::TAG
172 | 			));
173 | 		}
174 | 	} else {
175 | 		array_push($where, SQL::where_create(
176 | 			'post_type',
177 | 			Config::HOMEPAGE_POST_TYPES,
178 | 			SQLOP::IN,
179 | 			SQLEscape::POST_TYPE
180 | 		));
181 | 	}
182 | 
183 | 	// Run the SQL query
184 | 	$post_class = new Post($db);
185 | 	$posts = $post_class->find($where, $limit, $offset);
186 | 	$post_total_count = $post_class->count($where);
187 | 
188 | 	// If we're asking for a page or post, there should only ever be one
189 | 	// result, so process that here:
190 | 	if ($showing === Show::POST || $showing === Show::PAGE) {
191 | 		// If there is not 1 post, show a 404 error
192 | 		if (count($posts) !== 1) {
193 | 			$showing = Show::ERROR404;
194 | 			$posts = null;
195 | 			http_response_code(404);
196 | 		} else {
197 | 			// Don't show the post if it has been deleted, or if it's not public
198 | 			switch ($posts[0]['status']) {
199 | 			case 'public':
200 | 				$posts = $posts[0];
201 | 
202 | 				// Fetch interactions
203 | 				$posts['interactions'] = ml_post_fetch_interactions($posts);
204 | 
205 | 				break;
206 | 			case 'deleted':
207 | 				$deleted_post = Post::create_empty();
208 | 				$deleted_post['slug'] = $posts[0]['slug'];
209 | 				$posts = $deleted_post;
210 | 				$showing = Show::DELETED;
211 | 				http_response_code(410);
212 | 				break;
213 | 			default:
214 | 				$posts = null;
215 | 				$showing = Show::ERROR404;
216 | 				http_response_code(404);
217 | 				break;
218 | 			}
219 | 		}
220 | 	}
221 | }
222 | 
223 | /**
224 |  * Close DB connection
225 |  *
226 |  * @global DB $db
227 |  */
228 | function ml_database_close () {
229 | 	global $db;
230 | 	$db->close();
231 | }
232 | 
233 | /**
234 |  * Returns the title, depending on whether you're on a single post or not.
235 |  *
236 |  * @global Show $showing
237 |  * @global Post|Post[] $posts
238 |  * @return string
239 |  */
240 | function ml_get_title () {
241 | 	global $showing;
242 | 	global $posts;
243 | 
244 | 	$str = '';
245 | 
246 | 	if ($showing === Show::POST || $showing === Show::PAGE) {
247 | 		$str .= $posts['name'] !== '' && $posts['name'] !== null
248 | 			? $posts['name']
249 | 			: $posts['summary'];
250 | 		$str .= Config::TITLE_SEPARATOR;
251 | 	}
252 | 
253 | 	$str .= User::NAME;
254 | 	return $str;
255 | }
256 | 
257 | /**
258 |  * Returns the full URL, including 'http(s)'
259 |  *
260 |  * @return string
261 |  */
262 | function ml_base_url () {
263 | 	return (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'] . Config::ROOT;
264 | }
265 | 
266 | /**
267 |  * Returns an absolute URL linking to a self-portrait
268 |  *
269 |  * @return string
270 |  */
271 | function ml_icon_url () {
272 | 	return ml_base_url() . 'uploads/me.jpg';
273 | }
274 | 
275 | /**
276 |  * Determines whether the user has uploaded a self-portrait
277 |  *
278 |  * @return bool
279 |  */
280 | function ml_user_has_icon () {
281 | 	return file_exists('uploads/me.jpg');
282 | }
283 | 
284 | /**
285 |  * Returns an absolute URL to a specific post
286 |  *
287 |  * @param string $slug
288 |  * @return string
289 |  */
290 | function ml_post_permalink ($slug) {
291 | 	return ml_base_url() . '?post_slug=' . urlencode($slug);
292 | }
293 | 
294 | /**
295 |  * Returns an absolute URL to the archive of a specific tag
296 |  *
297 |  * @param string $tag
298 |  * @return string
299 |  */
300 | function ml_tag_permalink ($tag) {
301 | 	return ml_base_url() . '?post_tag=' . urlencode($tag);
302 | }
303 | 
304 | /**
305 |  * Returns an absolute URL to the archive of a specific post type
306 |  *
307 |  * @param string $post_type
308 |  * @return string
309 |  */
310 | function ml_type_permalink ($post_type) {
311 | 	return ml_base_url() . '?post_type=' . urlencode($post_type);
312 | }
313 | 
314 | /**
315 |  * Return an absolute, consistent URL that will point to the "official" URL for
316 |  * the page currently being viewed
317 |  * (see: https://en.wikipedia.org/wiki/Canonical_link_element)
318 |  *
319 |  * @global string $post_slug
320 |  * @global string $post_tag
321 |  * @global string $post_type
322 |  * @global string $search_query
323 |  * @return string
324 |  */
325 | function ml_canonical_permalink ($suffix = '') {
326 | 	global $post_slug;
327 | 	global $post_tag;
328 | 	global $post_type;
329 | 	global $search_query;
330 | 
331 | 	$queries = [];
332 | 
333 | 	if ($search_query !== '' || $post_tag !== '' || $post_type !== '') {
334 | 		if ($search_query !== '') array_push($queries, 'search_query=' . urlencode($search_query));
335 | 		if ($post_tag !== '')     array_push($queries, 'post_tag=' . urlencode($post_tag));
336 | 		if ($post_type !== '')    array_push($queries, 'post_type=' . urlencode($post_type));
337 | 	} elseif ($post_slug !== '') {
338 | 		array_push($queries, 'post_slug=' . urlencode($post_slug));
339 | 	}
340 | 
341 | 	if (!empty($suffix)) {
342 | 		array_push($queries, $suffix);
343 | 	}
344 | 
345 | 	$str = ml_base_url();
346 | 
347 | 	if (count($queries) > 0) {
348 | 		$str .= '?' . implode('&', $queries);
349 | 	}
350 | 
351 | 	return $str;
352 | }
353 | 
354 | /**
355 |  * Returns an absolute URL pointing towards the directory of the currently
356 |  * selected theme
357 |  *
358 |  * @return string
359 |  */
360 | function ml_get_theme_dir () {
361 | 	return ml_base_url() . 'themes/' . Config::THEME;
362 | }
363 | 
364 | /**
365 |  * Prints an ISO8601 date in the pretty format defined in the configuration
366 |  *
367 |  * @param string $date ISO8601 date
368 |  * @return false|string
369 |  */
370 | function ml_date_pretty ($date) {
371 | 	return date(
372 | 		Config::DATE_PRETTY,
373 | 		strtotime($date)
374 | 	);
375 | }
376 | 
377 | /**
378 |  * Add headers to `<head />` tag in theme (highly recommended to use)
379 |  *
380 |  * @global Show $showing
381 |  * @global Post|Post[] $posts
382 |  */
383 | function ml_page_headers () {
384 | 	global $showing;
385 | 	global $posts;
386 | 
387 | 	if ($showing === Show::PAGE || $showing === Show::POST) {
388 | 		$description = $posts['summary'];
389 | 		if ($posts['post_type'] === 'photo') {
390 | 			$image = $posts['url'];
391 | 		} else {
392 | 			$image = ml_icon_url();
393 | 		}
394 | 	} else {
395 | 		$description = User::NOTE;
396 | 		$image = ml_icon_url();
397 | 	}
398 | 
399 | 	$description = htmlspecialchars($description, ENT_QUOTES);
400 | 	$title = htmlspecialchars(ml_get_title(), ENT_QUOTES);
401 | 	?>
402 | 	<meta name='description' content='<?php echo $description; ?>' />
403 | 	<meta name='generator' content='Microlight <?php echo MICROLIGHT; ?>' />
404 | 	<meta name='author' content='<?php echo User::NAME; ?>' />
405 | 	<meta name='referrer' content='origin' />
406 | 
407 | 	<?php if (Config::OPEN_GRAPH === true): ?>
408 | 	<meta name='twitter:card' content='summary' />
409 | 	<meta property='og:url' content='<?php echo ml_canonical_permalink(); ?>' />
410 | 	<meta property='og:title' content='<?php echo $title; ?>' />
411 | 	<meta property='og:description' content='<?php echo $description; ?>' />
412 | 	<meta property='og:image' content='<?php echo $image; ?>' />
413 | 	<?php endif; ?>
414 | 
415 | 	<?php if ($showing === Show::PAGE || $showing === Show::POST): ?>
416 | 	<link rel='webmention' href='<?php echo ml_base_url() . 'webmention/index.php'; ?>' />
417 | 	<?php endif; ?>
418 | 
419 | 	<title><?php echo ml_get_title(); ?></title>
420 | 	<link rel='micropub' href='<?php echo ml_base_url() . 'micropub/index.php'; ?>' />
421 | 	<link rel="micropub_media" href='<?php echo ml_base_url() . 'media/index.php'; ?>' />
422 | 	<link rel='authorization_endpoint' href='<?php echo Config::INDIEAUTH_PROVIDER; ?>' />
423 | 	<link rel='token_endpoint' href='<?php echo Config::INDIEAUTH_TOKEN_ENDPOINT; ?>' />
424 | 	<link rel='icon' href='<?php echo $image; ?>' />
425 | 	<link rel='apple-touch-icon-precomposed' href='<?php echo $image; ?>' />
426 | 	<link rel='canonical' href='<?php echo ml_canonical_permalink(); ?>' />
427 | 	<?php
428 | }
429 | 
430 | /**
431 |  * Determines whether pagination buttons should even be shown at all, based on
432 |  * the type of page we're viewing.
433 |  *
434 |  * @global Show $showing
435 |  * @global integer $post_total_count
436 |  * @return bool
437 |  */
438 | function ml_pagination_enabled () {
439 | 	global $showing;
440 | 	global $post_total_count;
441 | 
442 | 	// Only ever show pagination on archive pages
443 | 	if ($showing !== Show::ARCHIVE) return false;
444 | 
445 | 	// Don't show pagination if there are less posts than there should be
446 | 	// displayed on a page
447 | 	if ($post_total_count <= Config::POSTS_PER_PAGE) return false;
448 | 
449 | 	// Otherwise, we have pagination!
450 | 	return true;
451 | }
452 | 
453 | /**
454 |  * Determines whether we should show the previous page button or not
455 |  *
456 |  * @global integer $pagination
457 |  * @return bool
458 |  */
459 | function ml_pagination_left_enabled () {
460 | 	global $pagination;
461 | 	return $pagination > 0;
462 | }
463 | 
464 | /**
465 |  * Determines whether we should show the next page button or not
466 |  *
467 |  * @global integer $pagination
468 |  * @global integer $post_total_count
469 |  * @return bool
470 |  */
471 | function ml_pagination_right_enabled () {
472 | 	global $pagination;
473 | 	global $post_total_count;
474 | 	$total = ceil($post_total_count / Config::POSTS_PER_PAGE) - 1;
475 | 	return $pagination < $total;
476 | }
477 | 
478 | /**
479 |  * Returns an absolute URL to the previous page
480 |  *
481 |  * @global integer $pagination
482 |  * @return string
483 |  */
484 | function ml_pagination_left_link () {
485 | 	global $pagination;
486 | 	return ml_canonical_permalink('page=' . $pagination);
487 | }
488 | 
489 | /**
490 |  * Returns an absolute URL to the next page
491 |  *
492 |  * @global integer $pagination
493 |  * @return string
494 |  */
495 | function ml_pagination_right_link () {
496 | 	global $pagination;
497 | 	return ml_canonical_permalink('page=' . ($pagination + 2));
498 | }
499 | 
500 | /**
501 |  * Determines whether a location from the database are coordinates or an
502 |  * address. If the former, they will be separated from the string into an array
503 |  * containing both `lat` and `long`, otherwise the original string will be
504 |  * returned.
505 |  *
506 |  * @param string|null $location
507 |  * @return string[]|string|null
508 |  */
509 | function ml_location_geo ($location) {
510 | 	// Don't even try parsing if it's empty
511 | 	if ($location === '' || $location === null) return $location;
512 | 
513 | 	// Float Regex, taken from: https://stackoverflow.com/a/12643073
514 | 	$float = '([+-]?([0-9]*[.])?[0-9]+)';
515 | 	$full_regex = '/^' . $float . ',' . $float . '$/';
516 | 
517 | 	// If it matches our regex, then it's a geo-location, not an address
518 | 	if (preg_match($full_regex, $location, $matches)) {
519 | 		$lat = (float)$matches[1];
520 | 		$long = (float)$matches[3];
521 | 
522 | 		// Make sure the latitude and longitude are within
523 | 		// sensible boundaries
524 | 		if ($lat > 180 || $lat < -180 || $long > 90 || $long < -90) {
525 | 			return $location;
526 | 		}
527 | 		return ['lat' => $lat, 'long' => $long];
528 | 	} else {
529 | 		return $location;
530 | 	}
531 | }
532 | 
533 | /**
534 |  * Determines whether a post has a name or not
535 |  *
536 |  * @param Post $post
537 |  * @return bool
538 |  */
539 | function ml_post_has_title ($post) {
540 | 	return $post['name'] !== null && $post['name'] !== '';
541 | }
542 | 
543 | /**
544 |  * Determine the slug of a single post based on the URL
545 |  * @param string $url
546 |  * @return string Post slug
547 |  * @throws Exception
548 |  */
549 | function ml_slug_from_url($url) {
550 | 	if (empty($url) || $url === null) throw new Exception('URL not provided');
551 | 
552 | 	// Permalink structure. Ideally, should not be hardcoded here.
553 | 	$url_prefix = ml_base_url() . '?post_slug=';
554 | 
555 | 	$pos = strpos($url, $url_prefix);
556 | 	if ($pos === false) throw new Exception('Invalid post URL');
557 | 
558 | 	return substr($url, $pos + strlen($url_prefix));
559 | }
560 | 
561 | /**
562 |  * Fetch a list of interactions for a specific post
563 |  *
564 |  * @param Post $post
565 |  * @return array
566 |  */
567 | function ml_post_fetch_interactions ($post) {
568 | 	global $db;
569 | 
570 | 	$where = [ SQL::where_create(
571 | 		'post_id',
572 | 		$post['id'],
573 | 		SQLOP::EQUAL,
574 | 		SQLEscape::INT
575 | 	) ];
576 | 
577 | 	$interaction_class = new Interaction($db);
578 | 	$interaction_count = $interaction_class->count($where);
579 | 
580 | 	if ($interaction_count === 0) return [];
581 | 
582 | 	$interactions = $interaction_class->find($where, NULL, 0, 'datetime');
583 | 	$person_class = new Person($db);
584 | 
585 | 	foreach ($interactions as $interaction_index => $interaction) {
586 | 		$person_where = [ SQL::where_create(
587 | 			'id',
588 | 			$interaction['person_id'],
589 | 			SQLOP::EQUAL,
590 | 			SQLEscape::INT
591 | 		) ];
592 | 		$person = $person_class->find_one($person_where);
593 | 		$interactions[$interaction_index]['person'] = $person;
594 | 	}
595 | 
596 | 	return $interactions;
597 | }
598 | 
599 | /**
600 |  * Generates a token to be used for both CSRF and authentication state
601 |  *
602 |  * @throws Exception
603 |  * @return string Randomly generated token
604 |  */
605 | function ml_generate_token () {
606 | 	if (function_exists('random_bytes')) {
607 | 		return bin2hex(random_bytes(32));
608 | 	} elseif (function_exists('openssl_random_pseudo_bytes')) {
609 | 		return bin2hex(openssl_random_pseudo_bytes(32));
610 | 	} elseif (function_exists('mcrypt_create_iv')) {
611 | 		// Deprecated in 7.1, but if random_bytes doesn't exist (the preferred
612 | 		// alternative) this should work instead.
613 | 		return bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
614 | 	} else {
615 | 		// Not recommended, but if none of the above functions
616 | 		// exist, well then...  ¯\_(ツ)_/¯
617 | 		return md5(uniqid(rand(), true)) . md5(uniqid(rand(), true));
618 | 	}
619 | }
620 | 
621 | /**
622 |  * Used to validate the authentication request, using the code and state from
623 |  * the GET parameters.
624 |  *
625 |  * @throws Exception
626 |  * @return array Where the contents are [success => bool, string[] => errors]
627 |  */
628 | function ml_validate_token () {
629 | 	// Create the session if one does not exist already
630 | 	if (session_id() === '') session_start();
631 | 
632 | 	// Use the GET parameters, if they are set...
633 | 	$code = isset($_GET['code']) ? $_GET['code'] : null;
634 | 	$state = isset($_GET['state']) ? $_GET['state'] : null;
635 | 
636 | 	function error ($reason) {
637 | 		return [false, $reason];
638 | 	}
639 | 
640 | 	// Make sure both code, state, AND session set state are provided
641 | 	if ($code === null || $code === '') return error('Provide `code`');
642 | 	if ($state === null || $state === '') return error('Provide `state`');
643 | 	if (empty($_SESSION['state'])) return error('State not previously set. Try logging in again.');
644 | 
645 | 	// Make sure both states match
646 | 	if (!hash_equals($_SESSION['state'], $state)) return error('States do not match. Cannot proceed.');
647 | 
648 | 	// Knowing everything is set, make a request to the token endpoint
649 | 	$response = ml_http_request(Config::INDIEAUTH_TOKEN_ENDPOINT, HTTPMethod::POST, [
650 | 		'code' => $code,
651 | 		'redirect_uri' => ml_base_url() . 'routes/authcallback.php',
652 | 		'client_id' => ml_base_url(),
653 | 	]);
654 | 
655 | 	$me = $response['body']['me'];
656 | 
657 | 	if (!empty($me)) {
658 | 		if ($me === ml_base_url()) {
659 | 			$_SESSION['access_token'] = $code;
660 | 			unset($_SESSION['state']);
661 | 			return [true, []];
662 | 		} else {
663 | 			return error('Host URL not correct ("' . $me . '" !== "' . ml_base_url() . '")');
664 | 		}
665 | 	} else {
666 | 		return error(implode('; ', $response['body']));
667 | 	}
668 | }
669 | 


--------------------------------------------------------------------------------
/includes/lib/README.md:
--------------------------------------------------------------------------------
1 | # lib
2 | 
3 | This directory is specifically for re-usable, generic library functions that
4 | don't necessarily rely on microlight to be usable. Anything that makes
5 | reference to an external file outside of this directory should not be in this
6 | directory.
7 | 


--------------------------------------------------------------------------------
/includes/lib/enum.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Basic enumeration solution.
 4 | // Credit / Source: https://stackoverflow.com/a/254543
 5 | 
 6 | abstract class BasicEnum {
 7 | 	private static $const_cache_array = null;
 8 | 
 9 | 	private static function getConstants () {
10 | 		if (self::$const_cache_array == null) {
11 | 			self::$const_cache_array = [];
12 | 		}
13 | 		$called_class = get_called_class();
14 | 		if (!array_key_exists($called_class, self::$const_cache_array)) {
15 | 			$reflect = new ReflectionClass($called_class);
16 | 			self::$const_cache_array[$called_class] = $reflect->getConstants();
17 | 		}
18 | 		return self::$const_cache_array[$called_class];
19 | 	}
20 | 
21 | 	public static function isValidName ($name, $strict = false) {
22 | 		$constants = self::getConstants();
23 | 
24 | 		if ($strict) {
25 | 			return array_key_exists($name, $constants);
26 | 		}
27 | 
28 | 		$keys = array_map('strtolower', array_keys($constants));
29 | 		return in_array(strtolower($name), $keys);
30 | 	}
31 | 
32 | 	public static function isValidValue ($value, $strict = true) {
33 | 		$values = array_values(self::getConstants());
34 | 		return in_array($value, $values, $strict);
35 | 	}
36 | }
37 | 


--------------------------------------------------------------------------------
/includes/lib/media.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | class UploadException extends Exception {
  6 | 	/**
  7 | 	 * Thrown when a file upload encounters an error
  8 | 	 * @param array $file
  9 | 	 * @return UploadException
 10 | 	 */
 11 | 	function __construct ($file) {
 12 | 		$code = $this->get_code($file);
 13 | 		$message = $this->get_message($code);
 14 | 
 15 | 		parent::__construct($message, $code);
 16 | 	}
 17 | 
 18 | 	/**
 19 | 	 * Get the error code based on the provided file (or not)
 20 | 	 * @param array $file
 21 | 	 * @return integer
 22 | 	 */
 23 | 	private function get_code ($file) {
 24 | 		if (isset($file['error'])) {
 25 | 			return $file['error'];
 26 | 		} else {
 27 | 			// 'Unknown upload error'
 28 | 			return -1;
 29 | 		}
 30 | 	}
 31 | 
 32 | 	/**
 33 | 	 * Get the error message based on the error code
 34 | 	 * @param integer $error
 35 | 	 * @return string
 36 | 	 */
 37 | 	private function get_message ($error) {
 38 | 		switch ($error) {
 39 | 		case UPLOAD_ERR_INI_SIZE:
 40 | 		case UPLOAD_ERR_FORM_SIZE:
 41 | 			return 'The uploaded file is too large';
 42 | 
 43 | 		case UPLOAD_ERR_PARTIAL:
 44 | 			return 'The uploaded file was only partially uploaded';
 45 | 
 46 | 		case UPLOAD_ERR_NO_FILE:
 47 | 			return 'No file was uploaded';
 48 | 
 49 | 		case UPLOAD_ERR_NO_TMP_DIR:
 50 | 		case UPLOAD_ERR_CANT_WRITE:
 51 | 		case UPLOAD_ERR_EXTENSION:
 52 | 			return 'Server error';
 53 | 
 54 | 		default:
 55 | 			return 'Unknown upload error';
 56 | 		}
 57 | 	}
 58 | }
 59 | 
 60 | abstract class ImageType extends BasicEnum {
 61 | 	const PNG = 'image/png';
 62 | 	const JPG = 'image/jpg';
 63 | 	const JPEG = 'image/jpeg';
 64 | 	const GIF = 'image/gif'; // jif
 65 | }
 66 | 
 67 | abstract class ImageResizeMethod extends BasicEnum {
 68 | 	const KEEP_ASPECT_RATIO = 0;
 69 | 	const SQUARE = 1;
 70 | }
 71 | 
 72 | class ImageResizer {
 73 | 	private $image;
 74 | 	private $type;
 75 | 	private $width;
 76 | 	private $height;
 77 | 	private $width_src;
 78 | 	private $height_src;
 79 | 	private $filename;
 80 | 	private $resize_method;
 81 | 
 82 | 	private $filename_override;
 83 | 	private $mimetype_override;
 84 | 
 85 | 	/**
 86 | 	 * Load and resize an uploaded file
 87 | 	 * @param array $file
 88 | 	 * @param string $filename_override If set, the image will be forcibly saved here
 89 | 	 * @param string $mimetype_override If set, the image will be forcibly saved with this type
 90 | 	 * @param ImageResizeMethod $resize_method If set, the image will be resized differently
 91 | 	 * @return ImageResizer
 92 | 	 * @throws Exception
 93 | 	 */
 94 | 	function __construct (
 95 | 		$file,
 96 | 		$filename_override = null,
 97 | 		$mimetype_override = null,
 98 | 		$resize_method = ImageResizeMethod::KEEP_ASPECT_RATIO
 99 | 	) {
100 | 		if ($file['error'] !== UPLOAD_ERR_OK) throw new UploadException($file);
101 | 
102 | 		if (empty($file['tmp_name'])) {
103 | 			throw new Exception('Filename was not provided');
104 | 		}
105 | 
106 | 		if (!$this->get_type($file)) {
107 | 			throw new Exception('Invalid file type');
108 | 		}
109 | 
110 | 		// Check file type (allow images only)
111 | 		if (!ImageType::isValidValue($this->type)) {
112 | 			throw new Exception('Image was not provided');
113 | 		}
114 | 
115 | 		// Make sure resize method is an acceptable value
116 | 		if (!ImageResizeMethod::isValidValue($resize_method)) {
117 | 			throw new Exception('Invalid resize method');
118 | 		}
119 | 
120 | 		$this->resize_method = $resize_method;
121 | 
122 | 		// Calculate new image size
123 | 		if (!$this->dimensions($file)) {
124 | 			throw new Exception('Image dimensions could not be determined');
125 | 		}
126 | 
127 | 		// Load image into memory
128 | 		if (!$this->load($file)) {
129 | 			throw new Exception('Image could not be loaded');
130 | 		}
131 | 
132 | 		// Resize image
133 | 		if (!$this->resize()) {
134 | 			imagedestroy($this->image);
135 | 			throw new Exception('Image could not be resized');
136 | 		}
137 | 
138 | 		$this->filename_override = $filename_override;
139 | 		$this->mimetype_override = $mimetype_override;
140 | 
141 | 		if ($this->mimetype_override !== null && !ImageType::isValidValue($this->mimetype_override)) {
142 | 			throw new Exception('Image type override is invalid');
143 | 		}
144 | 
145 | 		// Set upload path
146 | 		$this->set_upload_path($file);
147 | 
148 | 		// Save image to uploads directory
149 | 		if (!$this->save($file)) {
150 | 			throw new Exception('Image could not be saved to file');
151 | 		}
152 | 	}
153 | 
154 | 	public function get_permalink () {
155 | 		return ml_base_url() . $this->filename;
156 | 	}
157 | 
158 | 	// Source: https://www.php.net/manual/en/function.finfo-open.php#112617
159 | 	// This function reads the first 6 bytes of the uploaded file and determines
160 | 	// the file type based on its contents.
161 | 	private function get_type ($file) {
162 | 		$fh = fopen($file['tmp_name'],'rb');
163 | 
164 | 		if ($fh) {
165 | 			$bytes6 = fread($fh,6);
166 | 			fclose($fh);
167 | 
168 | 			if ($bytes6 === false) return false;
169 | 
170 | 			if (substr($bytes6,0,3) == "\xff\xd8\xff") {
171 | 				$this->type = ImageType::JPG;
172 | 				return true;
173 | 			}
174 | 			if ($bytes6 == "\x89PNG\x0d\x0a") {
175 | 				$this->type = ImageType::PNG;
176 | 				return true;
177 | 			}
178 | 			if ($bytes6 == "GIF87a" || $bytes6 == "GIF89a") {
179 | 				$this->type = ImageType::GIF;
180 | 				return true;
181 | 			}
182 | 
183 | 			return false;
184 | 		}
185 | 
186 | 		return false;
187 | 	}
188 | 
189 | 	private function dimensions ($file) {
190 | 		$dimensions = getimagesize($file['tmp_name']);
191 | 		if ($dimensions === false) return false;
192 | 
193 | 		$max_width = Config::MEDIA_IMAGE_WIDTH;
194 | 		$width_src = $dimensions[0];
195 | 		$height_src = $dimensions[1];
196 | 		$width = $dimensions[0];
197 | 		$height = $dimensions[1];
198 | 
199 | 		// Resize based on width
200 | 		if ($width_src > $max_width) {
201 | 			$ratio = $max_width / $width_src;
202 | 
203 | 			$width = $max_width;
204 | 			$height = ceil($height_src * $ratio);
205 | 		}
206 | 
207 | 		// Resize based on height
208 | 		if ($height_src > $max_width && $height_src > $width_src) {
209 | 			$ratio = $max_width / $height_src;
210 | 
211 | 			$height = $max_width;
212 | 			$width = ceil($width_src * $ratio);
213 | 		}
214 | 
215 | 		$this->width      = $width;
216 | 		$this->height     = $height;
217 | 		$this->width_src  = $width_src;
218 | 		$this->height_src = $height_src;
219 | 
220 | 		return true;
221 | 	}
222 | 
223 | 	private function load ($file) {
224 | 		switch ($this->type) {
225 | 		case ImageType::JPG:
226 | 		case ImageType::JPEG:
227 | 			$this->image = @imagecreatefromjpeg($file['tmp_name']);
228 | 			break;
229 | 
230 | 		case ImageType::GIF:
231 | 			$this->image = @imagecreatefromgif($file['tmp_name']);
232 | 			break;
233 | 
234 | 		case ImageType::PNG:
235 | 			$this->image = @imagecreatefrompng($file['tmp_name']);
236 | 			break;
237 | 
238 | 		default:
239 | 			$this->image = false;
240 | 			break;
241 | 		}
242 | 
243 | 		return $this->image !== false;
244 | 	}
245 | 
246 | 	private function resize () {
247 | 		// Determine resize coordinates
248 | 		$scale = $this->width_src / $this->width;
249 | 
250 | 		$source_x = 0;
251 | 		$source_y = 0;
252 | 
253 | 		if ($this->resize_method === ImageResizeMethod::SQUARE) {
254 | 			if ($this->width_src > $this->height_src) {
255 | 				$source_x = ceil(($this->width_src - $this->height_src) / 2.0);
256 | 				$this->width_src = $this->height_src;
257 | 				$this->width = $this->height;
258 | 			} else if ($this->width_src < $this->height_src) {
259 | 				$source_y = ceil(($this->height_src - $this->width_src) / 2.0);
260 | 				$this->height_src = $this->width_src;
261 | 				$this->height = $this->width;
262 | 			}
263 | 		}
264 | 
265 | 		$destination = imagecreatetruecolor($this->width, $this->height);
266 | 		$success = imagecopyresampled(
267 | 			$destination,                       // New image
268 | 			$this->image,                       // Old image
269 | 			0, 0, $source_x, $source_y,         // Image origin coords
270 | 			$this->width, $this->height,        // New image size
271 | 			$this->width_src, $this->height_src // Old image size
272 | 		);
273 | 
274 | 		if (!$success) return false;
275 | 
276 | 		// Overwrite original image, freeing memory first
277 | 		imagedestroy($this->image);
278 | 		$this->image = $destination;
279 | 
280 | 		return true;
281 | 	}
282 | 
283 | 	private function save ($file) {
284 | 		// Assume unsuccessful
285 | 		$success = false;
286 | 
287 | 		$type = $this->type;
288 | 
289 | 		// Allow manual override of output filetype
290 | 		if (
291 | 			$this->mimetype_override !== null &&
292 | 			ImageType::isValidValue($this->mimetype_override)
293 | 		) {
294 | 			$type = $this->mimetype_override;
295 | 		}
296 | 
297 | 		switch ($type) {
298 | 		case ImageType::JPG:
299 | 		case ImageType::JPEG:
300 | 			$quality = 70; // Use 70% quality
301 | 			if (imagetypes() & IMG_JPG) {
302 | 				$success = imagejpeg($this->image, $this->filename, $quality);
303 | 			} else {
304 | 				$success = false;
305 | 			}
306 | 			break;
307 | 
308 | 		case ImageType::GIF:
309 | 			if (imagetypes() & IMG_GIF) {
310 | 				$success = imagegif($this->image, $this->filename);
311 | 			} else {
312 | 				$success = false;
313 | 			}
314 | 			break;
315 | 
316 | 		case ImageType::PNG:
317 | 			$compression = 9; // Use most compression. PNG is lossless after all
318 | 			if (imagetypes() & IMG_PNG) {
319 | 				$success = imagepng($this->image, $this->filename, $compression);
320 | 			} else {
321 | 				$success = false;
322 | 			}
323 | 			break;
324 | 
325 | 		default:
326 | 			// This point should not be reached.
327 | 			$success = false;
328 | 			break;
329 | 		}
330 | 
331 | 		// Always destroy the image in memory, regardless of failure
332 | 		imagedestroy($this->image);
333 | 
334 | 		return $success;
335 | 	}
336 | 
337 | 	private static function generate_filename () {
338 | 		return md5(uniqid(rand(), true)) . md5(uniqid(rand(), true));
339 | 	}
340 | 
341 | 	public static function upload_dir () {
342 | 		return 'uploads/';
343 | 	}
344 | 
345 | 	private function set_upload_path ($file) {
346 | 		// Change extension if overriding output format
347 | 		if ($this->mimetype_override !== null && ImageType::isValidValue($this->mimetype_override)) {
348 | 			$extension = $this->mimetype_override;
349 | 		} else {
350 | 			$extension = $this->type;
351 | 		}
352 | 		$extension = substr(strrchr($extension, '/'), 1);
353 | 
354 | 		// Override filename
355 | 		if ($this->filename_override !== null) {
356 | 			$this->filename = self::upload_dir() . $this->filename_override . '.' . $extension;
357 | 			return;
358 | 		}
359 | 
360 | 		// Generate a random filename
361 | 		$this->filename = self::upload_dir() . self::generate_filename() . '.' . $extension;
362 | 
363 | 		// Make sure the local file does not already exist
364 | 		while (file_exists($this->filename)) {
365 | 			// Set the filename to a random alphanumeric string
366 | 			$this->filename = self::upload_dir() . self::generate_filename() . '.' . $extension;
367 | 		}
368 | 	}
369 | }
370 | 


--------------------------------------------------------------------------------
/includes/lib/network.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | // HTTP specific functions - making requests, parsing responses, etc.
  6 | 
  7 | require_once('enum.php');
  8 | 
  9 | abstract class HTTPStatus extends BasicEnum {
 10 | 	// Success
 11 | 	const OK = ['code' => 200, 'description' => 'OK'];
 12 | 	const CREATED = ['code' => 201, 'description' => 'Created'];
 13 | 	const NO_CONTENT = ['code' => 204, 'description' => 'No Content'];
 14 | 	// Misc
 15 | 	const REDIRECT = ['code' => 301, 'description' => 'Redirect'];
 16 | 	const METHOD_NOT_ALLOWED = ['code' => 405, 'description' => 'Method Not Allowed'];
 17 | 	// Errors (specific to Micropub)
 18 | 	const FORBIDDEN = ['code' => 403, 'description' => 'forbidden'];
 19 | 	const UNAUTHORIZED = ['code' => 401, 'description' => 'unauthorized'];
 20 | 	const INSUFFICIENT_SCOPE = ['code' => 401, 'description' => 'insufficient_scope'];
 21 | 	const INVALID_REQUEST = ['code' => 400, 'description' => 'invalid_request'];
 22 | 	const SERVER_ERROR = ['code' => 500, 'description' => 'server_error'];
 23 | }
 24 | 
 25 | abstract class HTTPMethod extends BasicEnum {
 26 | 	const GET = 'GET';
 27 | 	const POST = 'POST';
 28 | 	const PUT = 'PUT';
 29 | 	const HEAD = 'HEAD';
 30 | 	const PATCH = 'PATCH';
 31 | 	const DELETE = 'DELETE';
 32 | 	const OPTIONS = 'OPTIONS';
 33 | }
 34 | 
 35 | abstract class HTTPContentType extends BasicEnum {
 36 | 	const JSON = 'application/json';
 37 | 	const FORM_DATA = 'application/x-www-form-urlencoded';
 38 | 	const MULTIPART = 'multipart/form-data';
 39 | }
 40 | 
 41 | /**
 42 |  * Returns the HTTP request made with a response, setting the status code,
 43 |  * contents, and redirection, if any.
 44 |  *
 45 |  * @param array $status Uses a HTTPStatus enum value
 46 |  * @param array|null $contents
 47 |  * @param string $content_type Uses a HTTPContentType enum value
 48 |  * @param string|null $location Redirection location, if any
 49 |  * @throws Exception
 50 |  */
 51 | function ml_http_response (
 52 | 	$status = HTTPStatus::SERVER_ERROR,
 53 | 	$contents = null,
 54 | 	$content_type = HTTPContentType::JSON,
 55 | 	$location = null
 56 | ) {
 57 | 	if ($status !== null && !HTTPStatus::isValidValue($status)) {
 58 | 		throw new Exception('Invalid status');
 59 | 	}
 60 | 	if ($content_type !== null && !HTTPContentType::isValidValue($content_type)) {
 61 | 		throw new Exception('Invalid Content-Type');
 62 | 	}
 63 | 	header('HTTP/1.1 ' . $status['code']);
 64 | 
 65 | 	if (!empty($location) && $location !== null) {
 66 | 		header('Location: ' . $location);
 67 | 		return;
 68 | 	}
 69 | 
 70 | 	if (!empty($contents) && $contents !== null) {
 71 | 		header('Content-Type: ' . $content_type);
 72 | 		switch ($content_type) {
 73 | 			case HTTPContentType::JSON:
 74 | 				echo json_encode($contents);
 75 | 				break;
 76 | 			case HTTPContentType::FORM_DATA:
 77 | 			case HTTPContentType::MULTIPART:
 78 | 				echo http_build_query($contents);
 79 | 			default:
 80 | 				echo $contents;
 81 | 		}
 82 | 	}
 83 | }
 84 | 
 85 | /**
 86 |  * Returns the HTTP request made with a standardised, formatted error payload.
 87 |  *
 88 |  * @param array $error Uses HTTPStatus enum value
 89 |  * @param string $description
 90 |  * @throws Exception
 91 |  */
 92 | function ml_http_error ($error = HTTPStatus::SERVER_ERROR, $description = '') {
 93 | 	if (!HTTPStatus::isValidValue($error)) {
 94 | 		$error = HTTPStatus::SERVER_ERROR;
 95 | 		$description = 'ResponseCode enum incorrect';
 96 | 	}
 97 | 
 98 | 	ml_http_response(
 99 | 		$error,
100 | 		['error' => $error['description'], 'error_description' => $description]
101 | 	);
102 | 
103 | 	return;
104 | }
105 | 
106 | /**
107 |  * Decode a formdata encoded string into an array of values
108 |  *
109 |  * @param string $response Formdata encoded request data
110 |  * @return array
111 |  */
112 | function ml_formdata_decode ($response) {
113 | 	$new_response = [];
114 | 	foreach (explode('&', $response) as $chunk) {
115 | 		$param = explode("=", $chunk);
116 | 
117 | 		if ($param) {
118 | 			$new_response[urldecode($param[0])] = isset($param[1])
119 | 				? urldecode($param[1])
120 | 				: null;
121 | 		}
122 | 	}
123 | 	return $new_response;
124 | }
125 | 
126 | /**
127 |  * Makes a HTTP(S) request using cURL, also processing the response data
128 |  *
129 |  * @param string|null $url
130 |  * @param string $method Uses a HTTPMethod enum value
131 |  * @param array|object $body An array or object that can be converted into a URL-encoded string
132 |  * @param array $headers If provided, the request will send these headers with the request
133 |  * @return array An array containing the keys 'body', 'headers', and 'code'
134 |  * @throws Exception
135 |  */
136 | function ml_http_request ($url, $method = HTTPMethod::GET, $body = null, $headers = []) {
137 | 	// Throw errors before making the request if parameters have not been
138 | 	// correctly provided.
139 | 	if ($url === null || $url === '') throw new Exception('Provide URL');
140 | 	if (!HTTPMethod::isValidValue($method)) throw new Exception('Provide correct method');
141 | 	if ($method === HTTPMethod::GET && $body !== null) throw new Exception('Cannot send body in GET request');
142 | 
143 | 	$curl = curl_init();
144 | 
145 | 	$response = [
146 | 		'body' => null,
147 | 		'headers' => [],
148 | 		'code' => null,
149 | 	];
150 | 
151 | 	$settings = [
152 | 		CURLOPT_RETURNTRANSFER => true,
153 | 		CURLOPT_URL => $url,
154 | 		CURLOPT_HTTPHEADER => $headers,
155 | 		CURLOPT_CUSTOMREQUEST => $method,
156 | 
157 | 		// Follow redirects up to 5 times, and always send POST values
158 | 		// along with it, if provided
159 | 		CURLOPT_FOLLOWLOCATION => true,
160 | 		CURLOPT_MAXREDIRS => 5,
161 | 		CURLOPT_POSTREDIR => 3,
162 | 
163 | 		// Timeout after 5 seconds
164 | 		CURLOPT_TIMEOUT => 5,
165 | 
166 | 		// Get headers directly from request using this anonymous function
167 | 		CURLOPT_HEADERFUNCTION => function($curl, $header) use (&$response) {
168 | 			$len = strlen($header);
169 | 
170 | 			// Split headers by their colon, making sure there are always two values
171 | 			[$name, $value] = array_pad(explode(':', $header, 2), 2, '');
172 | 			$name = strtolower(trim($name));
173 | 			$value = trim($value);
174 | 
175 | 			// Directly set the header within the response
176 | 			if ($value !== '') $response['headers'][$name] = $value;
177 | 
178 | 			return $len;
179 | 		},
180 | 	];
181 | 
182 | 	if ($body !== null) {
183 | 		$settings[CURLOPT_POSTFIELDS] = http_build_query($body);
184 | 	}
185 | 
186 | 	if ($method === HTTPMethod::HEAD) {
187 | 		$settings[CURLOPT_NOBODY] = true;
188 | 	}
189 | 
190 | 	curl_setopt_array($curl, $settings);
191 | 
192 | 	$result = curl_exec($curl);  // Execute HTTP request using settings above
193 | 	$errors = curl_error($curl); // String, if set
194 | 
195 | 	// Try to decode the response if it's FORM or JSON data
196 | 	$response_type = curl_getinfo($curl, CURLINFO_CONTENT_TYPE);
197 | 	$response['code'] = curl_getinfo($curl, CURLINFO_HTTP_CODE);
198 | 
199 | 	// Before returning anything, close the curl connection
200 | 	curl_close($curl);
201 | 
202 | 	if ($result === false || $errors !== '') throw new Exception($errors);
203 | 
204 | 	if ($response_type === HTTPContentType::JSON) {
205 | 		$response['body'] = json_decode($result, true);
206 | 	} elseif ($response_type === HTTPContentType::FORM_DATA) {
207 | 		$response['body'] = ml_formdata_decode($result);
208 | 	} else {
209 | 		$response['body'] = $result;
210 | 	}
211 | 
212 | 	return $response;
213 | }
214 | 
215 | function ml_http_bearer () {
216 | 	$headers = apache_request_headers();
217 | 	if (array_key_exists('Authorization', $headers)) {
218 | 		$bearer = $headers['Authorization'];
219 | 		if (strpos($bearer, 'Bearer') === 0) {
220 | 			return explode(' ', $bearer)[1];
221 | 		}
222 | 		return $bearer;
223 | 	}
224 | 
225 | 	return false;
226 | }
227 | 


--------------------------------------------------------------------------------
/includes/lib/slug.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | if (!defined('MICROLIGHT')) die();
 4 | 
 5 | // https://stackoverflow.com/a/2955878
 6 | function slugify ($text) {
 7 | 	// replace non letter or digits by -
 8 | 	$text = preg_replace('~[^\pL\d]+~u', '-', $text);
 9 | 
10 | 	// transliterate
11 | 	if (function_exists('iconv')) {
12 | 		$text = iconv('utf-8', 'us-ascii//TRANSLIT', $text);
13 | 	}
14 | 
15 | 	// remove unwanted characters
16 | 	$text = preg_replace('~[^-\w]+~', '', $text);
17 | 
18 | 	// trim
19 | 	$text = trim($text, '-');
20 | 
21 | 	// lowercase
22 | 	$text = strtolower($text);
23 | 
24 | 	// Add the date to the start, and limiting it to 64 characters.
25 | 	$text = date('omd') . '-' . substr($text, 0, 64);
26 | 
27 | 	// remove duplicate -
28 | 	return preg_replace('~-+~', '-', $text);
29 | }
30 | 


--------------------------------------------------------------------------------
/includes/sql.include.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // SQL Helper Functions
  4 | // ----
  5 | // These functions will simply help create some SQL queries, like creating
  6 | // tables (eg. `CREATE TABLE IF NOT EXISTS ...`)
  7 | //
  8 | // **These functions should only be used internally and not rely on user input.**
  9 | 
 10 | if (!defined('MICROLIGHT')) die();
 11 | 
 12 | require_once('lib/enum.php');
 13 | 
 14 | // All ASCII characters except comma
 15 | const TAG_CHARS = '[\x00-\x7F]';
 16 | 
 17 | abstract class SQLOP extends BasicEnum {
 18 | 	const EQUAL = '=';
 19 | 	const NEQUAL = '!=';
 20 | 	const LIKE = 'LIKE';
 21 | 	const GT = '>';
 22 | 	const GTE = '>=';
 23 | 	const LT = '<';
 24 | 	const LTE = '<=';
 25 | 	const IN = 'IN';
 26 | }
 27 | 
 28 | abstract class SQLEscape extends BasicEnum {
 29 | 	// Any characters allowed, no checking
 30 | 	const NONE = '/.*/';
 31 | 
 32 | 	// At least one alphabetic or underscore character
 33 | 	const COLUMN = '/^[a-zA-Z_]+$/';
 34 | 
 35 | 	// At least one alphanumeric, underscore, or hyphen character
 36 | 	const SLUG = '/^[a-zA-Z0-9_\-]+$/';
 37 | 
 38 | 	// Either a list or a singular of at least one alphanumeric, underscore,
 39 | 	// hyphen, or space character, optionally surrounded by percent symbols
 40 | 	const TAG = '/^('. TAG_CHARS. '+|%('. TAG_CHARS. '+,)+%|('. TAG_CHARS. '+,)+|^$)$/';
 41 | 
 42 | 	// At least one alphabetic character
 43 | 	const POST_TYPE = '/^[a-z]+$/';
 44 | 
 45 | 	// All capitals, always starting with a letter, then optionally more
 46 | 	// letters or spaces
 47 | 	const DB_TYPE = '/^[A-Z][A-Z ]*$/';
 48 | 
 49 | 	// Either `ASC` or `DESC`, and nothing else
 50 | 	const ORDER_DIRECTION = '/(ASC|DESC)/';
 51 | 
 52 | 	// Integer, used for ID matching
 53 | 	const INT = '/^[0-9]+$/';
 54 | 
 55 | 	// Full ISO8601 timestamp
 56 | 	// Required: Year, Month, Day, Hour, Minute, and Seconds
 57 | 	// Optional: T, Z, milliseconds, and timezone
 58 | 	const ISO8601 = '/^[0-9]{4}-(0[0-9]|1[0-2])-([0-2][0-9]|3[0-1])[T ]([0-1][0-9]|2[0-3]):([0-5][0-9])(:([0-5][0-9])(\.[0-9]+)?)?(Z|[\+-]([0-1][0-9]|2[0-3]):?([0-5][0-9])?)?$/';
 59 | }
 60 | 
 61 | abstract class SQLType extends BasicEnum {
 62 | 	// Actual SQLite Types
 63 | 	const PRIMARY_KEY_TYPE = 'INTEGER PRIMARY KEY AUTOINCREMENT UNIQUE';
 64 | 	const TEXT_TYPE = 'TEXT';
 65 | 	const DATETIME_TYPE = 'DATETIME';
 66 | 	const INTEGER_TYPE = 'INTEGER';
 67 | 	const BOOL_TYPE = 'BOOLEAN';
 68 | 
 69 | 	// Modifiers
 70 | 	const MOD_NOT_NULL = ' NOT NULL';
 71 | 	const MOD_UNIQUE = ' UNIQUE';
 72 | }
 73 | 
 74 | class SQL {
 75 | 	// Class variables and functions
 76 | 	/** @var PDO $db */
 77 | 	private $db;
 78 | 
 79 | 	/**
 80 | 	 * SQL constructor
 81 | 	 *
 82 | 	 * @param PDO &$db A reference to the database (not a copy)
 83 | 	 */
 84 | 	function __construct (&$db) {
 85 | 		$this->db = $db;
 86 | 	}
 87 | 
 88 | 	/**
 89 | 	 * Checks that the specified value matches
 90 | 	 *
 91 | 	 * @param string $regex
 92 | 	 * @param string $test
 93 | 	 * @throws Exception
 94 | 	 */
 95 | 	public static function regex_test ($regex, $test) {
 96 | 		// If the regex doesn't match just throw an exception
 97 | 		if (!preg_match($regex, $test)) throw new Exception('Value "' . $test . '" invalid', 1);
 98 | 	}
 99 | 
100 | 	/**
101 | 	 * Helper for the generation of the WHERE clauses
102 | 	 * @param string $column
103 | 	 * @param mixed $value
104 | 	 * @param SQLOP $operator
105 | 	 * @param SQLEscape $escape
106 | 	 * @return array
107 | 	 */
108 | 	public static function where_create ($column, $value, $operator = SQLOP::EQUAL, $escape = SQLEscape::NONE) {
109 | 		return [
110 | 			'column' => $column,
111 | 			'operator' => $operator,
112 | 			'value' => $value,
113 | 			'escape' => $escape
114 | 		];
115 | 	}
116 | 
117 | 	/**
118 | 	 * Convert an array of properties into an SQL formatted list
119 | 	 *
120 | 	 * @param array[] $properties
121 | 	 * @return string
122 | 	 */
123 | 	private function propsToString ($properties) {
124 | 		$acc = '';
125 | 
126 | 		// `array_walk` loops over every property provided.
127 | 		array_walk($properties, function (array $property, int $index) use (&$acc) {
128 | 			$type = $property['type'];
129 | 			$column = $property['column'];
130 | 
131 | 			// Make sure "type" only contains uppercase characters or a space
132 | 			SQL::regex_test(SQLEscape::DB_TYPE, $type);
133 | 
134 | 			// Same again but the column name may have an underscore instead
135 | 			SQL::regex_test(SQLEscape::COLUMN, $column);
136 | 
137 | 			// Don't put a comma on the first element
138 | 			if ($index !== 0) $acc .= ', ';
139 | 
140 | 			// Append the column name and its type
141 | 			$acc .= "`$column` $type";
142 | 		});
143 | 
144 | 		return $acc;
145 | 	}
146 | 
147 | 	/**
148 | 	 * Create a string of SQL foreign keys based on given properties
149 | 	 *
150 | 	 * @param array[] $foreign_keys
151 | 	 * @return string
152 | 	 */
153 | 	private function foreignKeyToString ($foreign_keys) {
154 | 		$types = '';
155 | 		$keys = '';
156 | 
157 | 		// `array_walk` loops over every property provided.
158 | 		array_walk($foreign_keys, function ($key_props) use (&$types, &$keys) {
159 | 			// The table to refer to
160 | 			$table = $key_props['table'];
161 | 
162 | 			// The column name from the foreign table
163 | 			$reference = $key_props['reference'];
164 | 
165 | 			// Check all three props
166 | 			SQL::regex_test(SQLEscape::COLUMN, $table);
167 | 			SQL::regex_test(SQLEscape::COLUMN, $reference);
168 | 
169 | 			$column = $table . '_' . $reference;
170 | 
171 | 			$types .= ", `$column` INTEGER NOT NULL";
172 | 			$keys .= ", FOREIGN KEY(`$column`) REFERENCES `$table`(`$reference`)";
173 | 		});
174 | 
175 | 		return $types . $keys;
176 | 	}
177 | 
178 | 	/**
179 | 	 * Generate an SQL query to create a table based on given properties
180 | 	 *
181 | 	 * @param string $table_name
182 | 	 * @param array[] $properties
183 | 	 * @param array[]|null $foreign_keys
184 | 	 * @return string
185 | 	 */
186 | 	public function create (string $table_name, array $properties, array $foreign_keys = null) {
187 | 		$new_props = $this->propsToString($properties);
188 | 		$full_string = "CREATE TABLE IF NOT EXISTS `$table_name` ($new_props";
189 | 		if ($foreign_keys != null) {
190 | 			$full_string .= $this->foreignKeyToString($foreign_keys);
191 | 		}
192 | 		$full_string .= ');';
193 | 		return $full_string;
194 | 	}
195 | 
196 | 	/**
197 | 	 * Generate part of an SQL query to filter results using the `WHERE`
198 | 	 * clause.
199 | 	 *
200 | 	 * @param array[] $conditions
201 | 	 * @return string
202 | 	 */
203 | 	public function where (array $conditions) {
204 | 		$acc = '';
205 | 
206 | 		array_walk($conditions, function (array $condition, int $index) use (&$acc) {
207 | 			// Get condition properties
208 | 			$column = $condition['column'];
209 | 			$operator = $condition['operator'];
210 | 			$value = $condition['value'];
211 | 			$escape = $condition['escape'];
212 | 
213 | 			// Test the passed parameters
214 | 			if (!SQLOP::isValidValue($operator)) {
215 | 				throw new Exception("Operator \"$operator\" invalid");
216 | 			}
217 | 			if (!SQLEscape::isValidValue($escape)) {
218 | 				throw new Exception("Escape type \"$escape\" invalid");
219 | 			}
220 | 			SQL::regex_test(SQLEscape::COLUMN, $column);
221 | 
222 | 			// If we are querying based on an array, perform the regex and quote
223 | 			// functions on each value inside the array instead of the whole
224 | 			// value.
225 | 			if (is_array($value)) {
226 | 				foreach ($value as $key => $subvalue) {
227 | 					SQL::regex_test($escape, $subvalue);
228 | 					$value[$key] = $this->db->quote($subvalue);
229 | 				}
230 | 			} else {
231 | 				SQL::regex_test($escape, $value);
232 | 				$value = $this->db->quote($value);
233 | 			}
234 | 
235 | 			if ($index > 0) {
236 | 				$acc .= ' AND';
237 | 			} else {
238 | 				$acc .= ' WHERE';
239 | 			}
240 | 
241 | 			if (is_array($value) === true) {
242 | 				$acc .= " `$column` $operator (" . implode(",", $value) . ")";
243 | 			} else {
244 | 				$acc .= " `$column` $operator $value";
245 | 			}
246 | 		});
247 | 
248 | 		return $acc;
249 | 	}
250 | 
251 | 	/**
252 | 	 * Determine which regex escape to perform on the value, depending on what
253 | 	 * the name of the column is.
254 | 	 * @param string $column
255 | 	 * @return SQLEscape
256 | 	 */
257 | 	private static function determine_escape (string $column) {
258 | 		$escape = SQLEscape::NONE;
259 | 		switch ($column) {
260 | 
261 | 		// Alphabetical characters only
262 | 		case 'post_type':
263 | 			$escape = SQLEscape::POST_TYPE;
264 | 			break;
265 | 
266 | 		// A list of all ASCII characters
267 | 		case 'tags':
268 | 			$escape = SQLEscape::TAG;
269 | 			break;
270 | 
271 | 		// Alphanumerical characters
272 | 		case 'slug':
273 | 			$escape = SQLEscape::SLUG;
274 | 			break;
275 | 		
276 | 		// Alphabetical characters only
277 | 		case 'status':
278 | 			$escape = SQLEscape::POST_TYPE;
279 | 			break;
280 | 
281 | 		// ISO8601 date/time format
282 | 		case 'published':
283 | 		case 'updated':
284 | 			$escape = SQLEscape::ISO8601;
285 | 			break;
286 | 		}
287 | 
288 | 		return $escape;
289 | 	}
290 | 
291 | 	/**
292 | 	 * Generates part of an SQL query for inserting values into a table
293 | 	 *
294 | 	 * @param string[] $properties
295 | 	 * @return string
296 | 	 * @throws Exception
297 | 	 */
298 | 	public function insert (array $properties) {
299 | 		$keys = '';
300 | 		$values = '';
301 | 
302 | 		foreach ($properties as $key => $value) {
303 | 			// 1. Test the key (column name)
304 | 			SQL::regex_test(SQLEscape::COLUMN, $key);
305 | 
306 | 			// 2. Determine if there is a specific column that needs
307 | 			//    testing
308 | 			$escape = SQL::determine_escape($key);
309 | 			SQL::regex_test($escape, $value);
310 | 
311 | 			// 3. Add the key/value to the output!
312 | 			$keys .= '`' . $key . '`,';
313 | 			$values .= $this->db->quote($value) . ',';
314 | 		};
315 | 
316 | 		return ' (' . substr($keys, 0, -1) . ') VALUES (' . substr($values, 0, -1) . ')';
317 | 	}
318 | 
319 | 	public function update (array $properties) {
320 | 		if (empty($properties)) throw new Exception('At least one property should be provided');
321 | 
322 | 		$output = '';
323 | 
324 | 		foreach ($properties as $column => $value) {
325 | 			// 1. Determine regex escape for value based on column name
326 | 			$escape = SQL::determine_escape($column);
327 | 
328 | 			// 2. Test column name and value
329 | 			SQL::regex_test(SQLEscape::COLUMN, $column);
330 | 			if ($value !== null) SQL::regex_test($escape, $value);
331 | 
332 | 			// 3. If all goes well, add them to the output!
333 | 			$output .= '`' . $column . '`=';
334 | 			if ($value === null) {
335 | 				$output .= 'null,';
336 | 			} else {
337 | 				$output .= $this->db->quote($value) . ',';
338 | 			}
339 | 		}
340 | 
341 | 		// Remove last character because it's a comma
342 | 		return substr($output, 0, -1);
343 | 	}
344 | }
345 | 


--------------------------------------------------------------------------------
/includes/webmention-send.include.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('sql.include.php');
  6 | 
  7 | /**
  8 |  * Ensure that the webmention URL found is actually a valid absolute URL, and if
  9 |  * not, perhaps the source URL can help.
 10 |  * @param string $source
 11 |  * @param string $webmention_url
 12 |  * @return string|false
 13 |  */
 14 | function ml_webmention_validate_url ($source, $url) {
 15 | 	$output = '';
 16 | 	$url_parts = parse_url($url);
 17 | 	$source_parts = parse_url($source);
 18 | 
 19 | 	// Test for absolute URL. As long as http(s) and the hostname is provided,
 20 | 	// we can safely assume it is absolute, as the rest doesn't really matter.
 21 | 	if (isset($url_parts['scheme']) && isset($url_parts['host'])) {
 22 | 		$output = $url;
 23 | 
 24 | 	// Otherwise, the provided URL must be relative
 25 | 	// (ie. not contain a scheme or hostname)
 26 | 	} else if (!isset($url_parts['host'])) {
 27 | 		$output = $source_parts['scheme'] . '://' . $source_parts['host'];
 28 | 
 29 | 		// Add source port
 30 | 		if (isset($source_parts['port'])) $output .= ':' . $source_parts['port'];
 31 | 
 32 | 		// Relative to Root (because first character is '/')
 33 | 		if (strpos($url_parts['path'], '/') === 0) {
 34 | 			$output .= $url;
 35 | 
 36 | 		// Relative to source page
 37 | 		} else {
 38 | 			// Remove everything after the last slash to point to the corrent
 39 | 			// relative URL.
 40 | 			$source_path = substr($source_parts['path'], 0, strrpos($source_parts['path'], '/'));
 41 | 
 42 | 			// Add the new path
 43 | 			$output .= $source_path;
 44 | 
 45 | 			// Prevent the URL from having two slashes if the path already ends with slash
 46 | 			if ($source_path[-1] !== '/' && strlen($url) > 0) $output .= '/';
 47 | 			$output .= $url;
 48 | 		}
 49 | 	}
 50 | 
 51 | 	// Finally, validate the URL we've created to make sure it's valid
 52 | 	if (filter_var($output, FILTER_VALIDATE_URL) !== false) return $output;
 53 | 
 54 | 	return false;
 55 | }
 56 | 
 57 | /**
 58 |  * Find a webmention URL by looking at the HTTP headers from the source URL. If
 59 |  * no URL could be found, return `false`.  
 60 |  * Example: `Link: <https://.../>; rel="webmention"`
 61 |  * @param array $response
 62 |  * @return string|false
 63 |  */
 64 | function ml_webmention_head ($response) {
 65 | 	foreach ($response['headers'] as $header => $value) {
 66 | 		// We only care about `Link` headers
 67 | 		if ($header !== 'link') continue;
 68 | 
 69 | 		// The link header may contain more than one URL
 70 | 		$value = explode(',', $value);
 71 | 
 72 | 		foreach ($value as $link) {
 73 | 			// Parse link headers using fancy regex
 74 | 			if (preg_match('/^\s*\<([^\>]*)\>;\s*rel=\"?([^\"]*)\"?\s*$/', $link, $match) !== 1) continue;
 75 | 
 76 | 			// Indices explained:
 77 | 			// 0 = original string
 78 | 			// 1 = URL
 79 | 			// 2 = rel
 80 | 
 81 | 			$rels = explode(' ', $match[2]);
 82 | 			if (!in_array('webmention', $rels, true)) continue;
 83 | 
 84 | 			// We've found it!
 85 | 			return $match[1];
 86 | 		}
 87 | 	}
 88 | 
 89 | 	return false;
 90 | }
 91 | 
 92 | /**
 93 |  * Find a webmention URL by looking at the HTML returned from the source URL. If
 94 |  * no URL could be found, return `false`.  
 95 |  * Example: `<link rel='webmention' href='https://.../' />`
 96 |  * @param array $response
 97 |  * @return string|false
 98 |  */
 99 | function ml_webmention_html ($response) {
100 | 	// Parse the document
101 | 	$doc = new DOMDocument();
102 | 	@$doc->loadHTML($response['body']);
103 | 	$xpath = new DOMXPath($doc);
104 | 
105 | 	// Perform an XPath query with the following expression.
106 | 	// This selects any <link/> and <a/> tags that contain 'webmention' in their
107 | 	// rel attribute.
108 | 	$query = "//link[contains(@rel,'webmention')]|//a[contains(@rel,'webmention')]";
109 | 	$links = $xpath->query($query);
110 | 
111 | 	// Search for the link in all <link/> and <a> tags
112 | 	$webmention_url = null;
113 | 	foreach ($links as $link) {
114 | 		// Despite getting all tags with a rel containing 'webmention', we still
115 | 		// need to check whether it is explicitly provided as a single word
116 | 		// e.g. 'sneakywebmention' is not valid, but 'sneaky webmention' is.
117 | 		$rels = explode(' ', strtolower($link->getAttribute('rel')));
118 | 		$has_href = $link->hasAttribute('href');
119 | 		if (in_array('webmention', $rels, true) && $has_href === true) {
120 | 			$webmention_url = $link->getAttribute('href');
121 | 			break;
122 | 		}
123 | 	}
124 | 
125 | 	// Return false if there is no URL.
126 | 	if ($webmention_url !== null) return $webmention_url;
127 | 	return false;
128 | }
129 | 
130 | /**
131 |  * Perform a webmention to the specified URL
132 |  * @param string $url Target URL
133 |  * @param string $post_slug Slug of the newly created post
134 |  * @throws Exception
135 |  * @return void
136 |  */
137 | function ml_webmention_perform ($url, $post_slug) {
138 | 	// Check if post with slug exists first. It *should* exist, as this function
139 | 	// will likely be run just after the post is created, but nonetheless, check
140 | 	// anyway.
141 | 	$db = new DB();
142 | 	$post = new Post($db);
143 | 	$post_exists = $post->count([ SQL::where_create('slug', $post_slug, SQLOP::EQUAL, SQLEscape::SLUG) ]);
144 | 	if ($post_exists < 1) throw new Exception('Post with slug `' . $post_slug . '` does not exist');
145 | 
146 | 	// Load the page, including the headers, but specifically setting the user-agent
147 | 	$webmention_page = ml_http_request($url, HTTPMethod::GET, null, [
148 | 		'User-Agent: Microlight/' . MICROLIGHT . ' (webmention)'
149 | 	]);
150 | 
151 | 	$webmention_url = ml_webmention_head($webmention_page);
152 | 
153 | 	// Attempt HTML afterwards
154 | 	if ($webmention_url === false) $webmention_url = ml_webmention_html($webmention_page);
155 | 
156 | 	// If there's no webmention link, just return as successful
157 | 	if ($webmention_url === false) return;
158 | 
159 | 	// Parse relative URLs before attempting to send a webmention
160 | 	$webmention_url = ml_webmention_validate_url($url, $webmention_url);
161 | 	if ($webmention_url === false) throw new Exception('Invalid webmention URL: "' . $webmention_url . '"');
162 | 
163 | 	$response = ml_http_request($webmention_url, HTTPMethod::POST, [
164 | 		'source' => ml_post_permalink($post_slug),
165 | 		'target' => $url,
166 | 	]);
167 | 
168 | 	// If the webmention server returned a failed request
169 | 	if ($response['code'] >= 400) throw new Exception('Error returned: ' . $response['body']);
170 | 
171 | 	error_log($response['body']);
172 | 	// if ($response === ?) {...}
173 | 
174 | 	return;
175 | }
176 | 


--------------------------------------------------------------------------------
/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // This definition will prevent any files to be loaded outside of this file.
 4 | define('MICROLIGHT', 'v1.0.1');
 5 | 
 6 | try {
 7 | 	// Load user details
 8 | 	if (!file_exists('includes/user.config.php')) {
 9 | 		throw new Exception(
10 | 			'User config file not found. Please run /install.php'
11 | 		);
12 | 	}
13 | 	require_once('includes/user.config.php');
14 | 
15 | 	// Load configuration
16 | 	require_once('includes/config.php');
17 | 
18 | 	// Determine what post to show
19 | 	ml_showing();
20 | 
21 | 	ml_database_setup();
22 | 	ml_load_posts();
23 | 	ml_database_close();
24 | } catch (\Throwable $e) {
25 | 	// TODO: Display a nice error message here instead. Reset global variables
26 | 	// and set `$showing` to an error code which can be displayed by the theme.
27 | 	echo "<h1>Error</h1>";
28 | 	echo "<p><strong>Message:</strong> {$e->getMessage()}</p>";
29 | 	echo "<p><strong>Code:</strong> {$e->getCode()}</p>";
30 | 	echo "<p>Consider <a href='install.php'>installing</a> if you haven't already.</p>";
31 | 	die();
32 | }
33 | 
34 | // Initialise the theme
35 | require_once("themes/" . Config::THEME . "/index.php");
36 | 
37 | // Kill the PHP script. Some free web hosts like to inject their tracking
38 | // scripts and this should hopefully prevent that.
39 | die();
40 | 


--------------------------------------------------------------------------------
/install.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // This definition will prevent any files to be loaded outside of this file.
  4 | define('MICROLIGHT', 'v1.0.1');
  5 | 
  6 | session_start();
  7 | require_once('includes/config.php');
  8 | require_once('includes/lib/media.php');
  9 | 
 10 | function put_value ($val, $index = null) {
 11 | 	echo ml_post_not_blank($val)
 12 | 		? $index !== null
 13 | 			? $_POST[$val][$index]
 14 | 			: $_POST[$val]
 15 | 		: '';
 16 | }
 17 | 
 18 | /**
 19 |  * Determines whether microlight has actually been installed.
 20 |  * Checks for user configuration and that the database can be queried.
 21 |  *
 22 |  * @return bool
 23 |  */
 24 | function is_installed () {
 25 | 	if (!file_exists('includes/user.config.php')) {
 26 | 		return false;
 27 | 	}
 28 | 
 29 | 	if (!file_exists(Config::DB_NAME . '.db')) {
 30 | 		return false;
 31 | 	}
 32 | 
 33 | 	try {
 34 | 		$db = new DB();
 35 | 		$posts = new Post($db);
 36 | 		if ($posts->find_one() === null) {
 37 | 			return false;
 38 | 		}
 39 | 	} catch (Exception $e) {
 40 | 		return false;
 41 | 	}
 42 | 
 43 | 	return true;
 44 | }
 45 | 
 46 | function quote ($string) {
 47 | 	return preg_replace('/[\']/', '\\\'', $string);
 48 | }
 49 | 
 50 | /**
 51 |  * Creates the user configuration file
 52 |  *
 53 |  * @param string $name
 54 |  * @param string $email
 55 |  * @param string $note
 56 |  * @param array $identities
 57 |  * @return bool Successful or not
 58 |  */
 59 | function create_user_config ($name, $email, $note, $identities) {
 60 | 	if (empty($name) || empty($email)) return false;
 61 | 
 62 | 	// Escape quote characters
 63 | 	$name = quote($name);
 64 | 	$email = quote($email);
 65 | 
 66 | 	// Create the contents of the `user.config.php` file
 67 | 	$contents = '<?php
 68 | if (!defined(\'MICROLIGHT\')) die();
 69 | 
 70 | // You may edit these values at any time.
 71 | class User {
 72 | 	const NAME = \'' . $name . '\';
 73 | 	const EMAIL = \'' . $email .'\';
 74 | ';
 75 | 
 76 | 	// Always add note, even if it's empty.
 77 | 	$note = quote($note);
 78 | 	$contents .= '	const NOTE = \'' . $note . '\';
 79 | ';
 80 | 
 81 | 	// Open identities section, even if there are no identities provided
 82 | 	$contents .= '	const IDENTITIES = [
 83 | ';
 84 | 	// Add identities, if provided
 85 | 	if (is_array($identities) && count($identities) > 0) {
 86 | 		foreach ($identities as $identity) {
 87 | 			$id_name = quote($identity['name']);
 88 | 			$id_url = quote($identity['url']);
 89 | 
 90 | 			$contents .= '		[
 91 | 			\'name\' => \'' . $id_name . '\',
 92 | 			\'url\' => \'' . $id_url . '\',
 93 | 		],
 94 | ';
 95 | 		}
 96 | 	} else {
 97 | 		$contents .= '		//	[ \'name\' => \'\', \'url\' => \'\' ],
 98 | ';
 99 | 	}
100 | 
101 | 	// Close identities section
102 | 	$contents .= '	];
103 | ';
104 | 
105 | 	// Add the final closing curly bracket
106 | 	$contents .= '}';
107 | 
108 | 	if (file_put_contents('includes/user.config.php', $contents) === false) {
109 | 		return false;
110 | 	}
111 | 
112 | 	return true;
113 | }
114 | 
115 | if (is_installed()) {
116 | 	unset($_SESSION['csrf_token']);
117 | 	header('Location: ' . ml_base_url());
118 | 	return;
119 | }
120 | 
121 | if (isset($_POST['submit'])) {
122 | 	$errors = [];
123 | 	$services = [];
124 | 
125 | 	try {
126 | 		// Ensure both tokens were provided
127 | 		if (!ml_post_not_blank('token')) array_push($errors, 'CSRF Token required');
128 | 		if (empty($_SESSION['csrf_token'])) array_push($errors, 'CSRF Token required');
129 | 
130 | 		// Make sure they're equal
131 | 		if (!hash_equals($_POST['token'], $_SESSION['csrf_token'])) array_push($errors, 'CSRF Token invalid');
132 | 
133 | 		// Validate POST variables first
134 | 		if (!ml_post_not_blank('name')) array_push($errors, 'Name required');
135 | 		if (!ml_post_not_blank('email')) array_push($errors, 'Email required');
136 | 		foreach ($_POST['sm_service_names'] as $index => $name) {
137 | 			$url = $_POST['sm_service_urls'][$index];
138 | 			if (!empty($name) && empty($url)) {
139 | 				array_push($errors, "Service '$name' requires a URL");
140 | 			} elseif (!empty($name) && !empty($url)) {
141 | 				array_push($services, [
142 | 					'name' => $name,
143 | 					'url' => $url,
144 | 				]);
145 | 			}
146 | 		}
147 | 
148 | 		// Attempt to upload/resize profile picture
149 | 		if (isset($_FILES['photo'])) {
150 | 			$image = new ImageResizer(
151 | 				$_FILES['photo'],
152 | 				'me',
153 | 				ImageType::JPG,
154 | 				ImageResizeMethod::SQUARE
155 | 			);
156 | 		}
157 | 
158 | 		if (count($errors) === 0) {
159 | 			$name = $_POST['name'];
160 | 			$email = $_POST['email'];
161 | 			$note = $_POST['note'];
162 | 
163 | 			// Connect to DB
164 | 			$db = new DB();
165 | 
166 | 			// Create posts table
167 | 			$post = new Post($db);
168 | 			$post->create_table();
169 | 
170 | 			$person = new Person($db);
171 | 			$person->create_table();
172 | 
173 | 			$interaction = new Interaction($db);
174 | 			$interaction->create_table();
175 | 
176 | 			if (create_user_config($name, $email, $note, $services) === false) {
177 | 				throw new Exception (
178 | 					'Could not create `user.config.php`. ' +
179 | 					'Check your file permissions, and that the file doesn\'t ' +
180 | 					'already exist.'
181 | 				);
182 | 			}
183 | 
184 | 			session_destroy();
185 | 		}
186 | 	} catch (\Throwable $e) {
187 | 		array_push($errors, $e->getMessage());
188 | 	}
189 | } else {
190 | 	if (empty($_SESSION['csrf_token'])) {
191 | 		$_SESSION['csrf_token'] = ml_generate_token();
192 | 	}
193 | }
194 | ?>
195 | <!DOCTYPE html>
196 | <html lang="en">
197 | <head>
198 | 	<meta charset="UTF-8">
199 | 	<meta name="viewport" content="width=device-width, initial-scale=1.0">
200 | 	<meta http-equiv="X-UA-Compatible" content="ie=edge">
201 | 	<title>Install Microlight</title>
202 | 	<style>
203 | 		* {
204 | 			margin: 0;
205 | 			padding: 0;
206 | 			box-sizing: border-box;
207 | 		}
208 | 
209 | 		body {
210 | 			width: 100%;
211 | 			padding: 64px;
212 | 			max-width: 640px;
213 | 			margin: 0 auto;
214 | 			color: #333;
215 | 			line-height: 1;
216 | 		}
217 | 
218 | 		body, input {
219 | 			font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
220 | 		}
221 | 
222 | 		h1 {
223 | 			font-weight: 300;
224 | 			font-size: 42px;
225 | 		}
226 | 
227 | 		body > * { margin-bottom: 16px }
228 | 
229 | 		a { color: #3fa9f5 }
230 | 
231 | 		a:hover { color: #2f89d5 }
232 | 
233 | 		.p { line-height: 1.4em }
234 | 
235 | 		.i-left {
236 | 			border-right: 0 !important;
237 | 			width: 40% !important;
238 | 		}
239 | 		.i-right {
240 | 			width: 60% !important;
241 | 		}
242 | 
243 | 		ul { margin: 0 0 0 24px }
244 | 
245 | 		.f {
246 | 			display: block;
247 | 			width: 100%;
248 | 			padding: 24px 0;
249 | 		}
250 | 
251 | 		.f label {
252 | 			display: block;
253 | 			font-weight: 500;
254 | 			margin-bottom: 8px;
255 | 			font-size: 16px;
256 | 		}
257 | 
258 | 		.f input[type='text'], .f input[type='email'], .f input[type='url'] {
259 | 			display: block;
260 | 			width: 100%;
261 | 			padding: 8px;
262 | 			font-size: 24px;
263 | 			font-weight: 300;
264 | 			border: 1px solid #ccc;
265 | 			color: #555;
266 | 		}
267 | 
268 | 		#l input[type='text'], #l input[type='email'], #l input[type='url'] {
269 | 			display: inline-block;
270 | 			width: 50%;
271 | 			margin-bottom: 8px;
272 | 			font-size: 18px;
273 | 		}
274 | 
275 | 		.d {
276 | 			display: block;
277 | 			margin-top: 8px;
278 | 			font-size: 12px;
279 | 			color: #999;
280 | 		}
281 | 
282 | 		.b {
283 | 			margin: 0;
284 | 			padding: 0 0 8px;
285 | 		}
286 | 
287 | 		.r {
288 | 			color: #E34;
289 | 			font-weight: 700;
290 | 			margin: 2px 0 0 8px;
291 | 			font-size: 13px;
292 | 			float: right;
293 | 		}
294 | 
295 | 		.w {
296 | 			padding: 16px;
297 | 			border: 1px solid #A12;
298 | 			background-color: #FDE;
299 | 			color: #E34;
300 | 			border-radius: 6px;
301 | 		}
302 | 
303 | 		.s {
304 | 			padding: 16px;
305 | 			border: 1px solid #184;
306 | 			color: #184;
307 | 			border-radius: 6px;
308 | 		}
309 | 
310 | 		code {
311 | 			background-color: #f2f2f2;
312 | 			padding: 1px 4px;
313 | 		}
314 | 
315 | 		#install {
316 | 			background: #4A3;
317 | 			background: linear-gradient(#5B5, #4A3);
318 | 			border: 0;
319 | 			border-bottom: 3px solid #184;
320 | 			padding: 16px;
321 | 			width: 100%;
322 | 			color: #F2F2F2;
323 | 			font-weight: 700;
324 | 			font-size: 16px;
325 | 			border-radius: 6px;
326 | 			transition: margin 0.1s linear, border 0.1s linear;
327 | 		}
328 | 
329 | 		#install:active {
330 | 			margin: 2px 0 0;
331 | 			border-bottom: 1px solid #184;
332 | 		}
333 | 	</style>
334 | </head>
335 | <body>
336 | 	<h1>Install Microlight</h1>
337 | 	<?php if (!empty($errors)): ?>
338 | 	<div class='p w'>
339 | 		Some errors occurred during installation:
340 | 		<ul>
341 | 		<?php
342 | 			foreach ($errors as $err) {
343 | 				echo "<li>$err</li>";
344 | 			}
345 | 		?>
346 | 		</ul>
347 | 	</div>
348 | 	<?php elseif (isset($_POST['submit'])): ?>
349 | 	<p class='p s'>
350 | 		Installation successful! You can now create posts using a
351 | 		micropub editor/publisher.
352 | 	</p>
353 | 	<a class='f' href="<?php echo ml_base_url(); ?>">&lt; Go Home</a>
354 | 	</body></html>
355 | 	<?php die(); ?>
356 | 	<?php else: ?>
357 | 	<p class='p w'>
358 | 		You are viewing this page because Microlight has not been
359 | 		completely set up. You will need to create an identity to begin
360 | 		using Microlight.
361 | 	</p>
362 | 	<?php endif; ?>
363 | 	<form action='' method='POST' enctype="multipart/form-data">
364 | 		<div class='f'>
365 | 			<label for='name'>
366 | 				Name
367 | 				<span class='r'>required</span>
368 | 			</label>
369 | 			<input
370 | 				required
371 | 				type='text'
372 | 				name='name'
373 | 				id='name'
374 | 				value='<?php put_value('name'); ?>'
375 | 			/>
376 | 			<span class='d p'>
377 | 				Who do you identify as? This will be displayed
378 | 				prominently on your homepage and by every post
379 | 				you make.
380 | 			</span>
381 | 		</div>
382 | 		<div class='f'>
383 | 			<label for='email'>
384 | 				Email Address
385 | 				<span class='r'>required</span>
386 | 			</label>
387 | 			<input
388 | 				required
389 | 				type='email'
390 | 				name='email'
391 | 				id='email'
392 | 				value='<?php put_value('email'); ?>'
393 | 			/>
394 | 			<span class='d p'>
395 | 				Your email is not sent anywhere, it is simply to
396 | 				display on your homepage as contact information.
397 | 				Also, if no social media profiles are provided
398 | 				below, you will still be able to log into this
399 | 				blog to administer it.
400 | 			</span>
401 | 		</div>
402 | 		<div class='f'>
403 | 			<label for='name'>
404 | 				Photo
405 | 				<span class='r'>required</span>
406 | 			</label>
407 | 			<input
408 | 				required
409 | 				type='file'
410 | 				name='photo'
411 | 				id='photo'
412 | 				accept='image/*'
413 | 			/>
414 | 			<span class='d p'>
415 | 				What do you look like? This will act as your
416 | 				"profile picture", and be used when interacting
417 | 				with other websites.
418 | 			</span>
419 | 		</div>
420 | 		<div class='f'>
421 | 			<label for='note'>Note / Tagline</label>
422 | 			<input type='text' name='note' id='note' />
423 | 			<span class='d p'>
424 | 				Describe yourself. What makes you, you?
425 | 			</span>
426 | 		</div>
427 | 		<div class='f'>
428 | 			<label for='l'>
429 | 				Social Media Accounts
430 | 			</label>
431 | 			<div id='l'>
432 | 				<div class='account'>
433 | 					<input
434 | 						type='text'
435 | 						placeholder='Name (eg. "Twitter")'
436 | 						name='sm_service_names[]'
437 | 						class='i-left'
438 | 						value='<?php put_value('sm_service_names', 0); ?>'
439 | 					/><input
440 | 						type='url'
441 | 						placeholder='URL'
442 | 						name='sm_service_urls[]'
443 | 						class='i-right'
444 | 						value='<?php put_value('sm_service_urls', 0); ?>'
445 | 					/>
446 | 				</div>
447 | 				<div class='account'>
448 | 					<input
449 | 						type='text'
450 | 						placeholder='Name (eg. "GitHub")'
451 | 						name='sm_service_names[]'
452 | 						class='i-left'
453 | 						value='<?php put_value('sm_service_names', 1); ?>'
454 | 					/><input
455 | 						type='url'
456 | 						placeholder='URL'
457 | 						name='sm_service_urls[]'
458 | 						class='i-right'
459 | 						value='<?php put_value('sm_service_urls', 1); ?>'
460 | 					/>
461 | 				</div>
462 | 				<div class='account'>
463 | 					<input
464 | 						type='text'
465 | 						placeholder='Name'
466 | 						name='sm_service_names[]'
467 | 						class='i-left'
468 | 						value='<?php put_value('sm_service_names', 2); ?>'
469 | 					/><input
470 | 						type='url'
471 | 						placeholder='URL'
472 | 						name='sm_service_urls[]'
473 | 						class='i-right'
474 | 						value='<?php put_value('sm_service_urls', 2); ?>'
475 | 					/>
476 | 				</div>
477 | 			</div>
478 | 			<span class='d p b'>
479 | 				To authenticate using your website with one of
480 | 				these social media accounts (instead of email),
481 | 				<a href='<?php echo ml_base_url(); ?>'>your
482 | 				homepage</a> must appear on the accounts you
483 | 				have specified. See
484 | 				<a target='_blank' href='https://indieweb.org/IndieAuth'>IndieAuth</a>
485 | 				for more information.
486 | 			</span>
487 | 			<span class="d p b">
488 | 				If you'd like to add more links, you can edit
489 | 				the <code>user.config.php</code> in the
490 | 				<code>includes</code> folder after the
491 | 				installation process.
492 | 			</span>
493 | 		</div>
494 | 		<input
495 | 			type='hidden'
496 | 			name='token'
497 | 			value='<?php echo $_SESSION['csrf_token']; ?>'
498 | 		/>
499 | 		<div class='f b'>
500 | 			<input
501 | 				id='install'
502 | 				name='submit'
503 | 				type='submit'
504 | 				value='Install'
505 | 			/>
506 | 		</div>
507 | 	</form>
508 | </body>
509 | </html>
510 | <?php
511 | 
512 | die();
513 | 


--------------------------------------------------------------------------------
/media/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | define('MICROLIGHT', 'v1.0.1');
 4 | 
 5 | chdir('..');
 6 | require_once('includes/config.php');
 7 | require_once('includes/lib/media.php');
 8 | require_once('includes/api.include.php');
 9 | 
10 | if (ml_api_method() !== HTTPMethod::POST) {
11 | 	header('Allow: POST');
12 | 	ml_http_response(HTTPStatus::METHOD_NOT_ALLOWED);
13 | 	return;
14 | }
15 | 
16 | // Initialise POST
17 | if (!ml_api_post_decode()) return;
18 | 
19 | $bearer = ml_api_access_token();
20 | 
21 | // If there is no token, end processing early with a warning.
22 | if (empty($bearer)) {
23 | 	ml_http_error(HTTPStatus::UNAUTHORIZED, 'Bearer token has not been provided');
24 | 	return;
25 | }
26 | 
27 | if (ml_api_validate_token($bearer) === false) {
28 | 	ml_http_error(HTTPStatus::FORBIDDEN, 'Bearer token is invalid or does not exist');
29 | 	return;
30 | }
31 | 
32 | // Require `media` in scope
33 | if (!in_array(TokenScope::MEDIA, $auth['scope'], true)) {
34 | 	ml_http_error(
35 | 		HTTPStatus::INSUFFICIENT_SCOPE,
36 | 		'Token is missing `' . TokenScope::MEDIA . '` scope'
37 | 	);
38 | 	return;
39 | }
40 | 
41 | try {
42 | 	if (!isset($_FILES['file'])) {
43 | 		throw new Exception('Provide an image named `file`');
44 | 	}
45 | 
46 | 	$image = new ImageResizer($_FILES['file']);
47 | 	ml_http_response(HTTPStatus::CREATED, null, null, $image->get_permalink());
48 | 	return;
49 | } catch (\Throwable $err) {
50 | 	ml_http_error(HTTPStatus::INVALID_REQUEST, $err->getMessage());
51 | 	return;
52 | }
53 | 


--------------------------------------------------------------------------------
/micropub/PostEntry.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('includes/api.include.php');
  6 | 
  7 | class PostEntry {
  8 | 	public $name;
  9 | 	public $summary;
 10 | 	public $content;
 11 | 	public $published;
 12 | 	public $category;
 13 | 	public $photo;
 14 | 	public $bookmark_of;
 15 | 	public $in_reply_to;
 16 | 	public $like_of;
 17 | 	public $repost_of;
 18 | 	public $mp_slug;
 19 | 
 20 | 	/**
 21 | 	 * Convert a post from the database into a PostEntry
 22 | 	 * @param array[] $properties
 23 | 	 * @return void
 24 | 	 */
 25 | 	public function parse_entry ($properties) {
 26 | 		$this->name = $properties['name'];
 27 | 		$this->summary = $properties['summary'];
 28 | 		$this->content = $properties['content'];
 29 | 		$this->published = $properties['published'];
 30 | 		$this->category = $properties['tags'];
 31 | 		$this->mp_slug = $properties['slug'];
 32 | 
 33 | 		switch ($properties['post_type']) {
 34 | 		case 'photo':
 35 | 			$this->photo = $properties['url'];
 36 | 			break;
 37 | 		case 'bookmark':
 38 | 			$this->bookmark_of = $properties['url'];
 39 | 			break;
 40 | 		case 'reply':
 41 | 			$this->in_reply_to = $properties['url'];
 42 | 			break;
 43 | 		case 'like':
 44 | 			$this->like_of = $properties['url'];
 45 | 			break;
 46 | 		case 'repost':
 47 | 			$this->repost_of = $properties['url'];
 48 | 			break;
 49 | 		}
 50 | 	}
 51 | 
 52 | 	/**
 53 | 	 * Parse the body of a JSON/form encoded request
 54 | 	 * @param bool $is_json
 55 | 	 * @return void
 56 | 	 */
 57 | 	public function parse_post (bool $is_json = false) {
 58 | 		if ($is_json === true) {
 59 | 			$this->parse_json();
 60 | 		} else {
 61 | 			$this->parse_form();
 62 | 		}
 63 | 	}
 64 | 
 65 | 	/**
 66 | 	 * Parses the body of a form encoded request
 67 | 	 *
 68 | 	 * @return void
 69 | 	 */
 70 | 	private function parse_form () {
 71 | 		$this->name = ml_api_post('name');
 72 | 		$this->summary = ml_api_post('summary');
 73 | 		$this->content = ml_api_post('content');
 74 | 		$this->published = ml_api_post('published');
 75 | 		$this->category = ml_api_post('category');
 76 | 		$this->photo = ml_api_post('photo');
 77 | 		$this->bookmark_of = ml_api_post('bookmark-of');
 78 | 		$this->in_reply_to = ml_api_post('in-reply-to');
 79 | 		$this->like_of = ml_api_post('like-of');
 80 | 		$this->repost_of = ml_api_post('repost-of');
 81 | 		$this->mp_slug = ml_api_post('mp-slug');
 82 | 	}
 83 | 
 84 | 	/**
 85 | 	 * Parses the body of a JSON encoded request
 86 | 	 *
 87 | 	 * @return void
 88 | 	 * @throws Exception
 89 | 	 */
 90 | 	private function parse_json () {
 91 | 		global $post;
 92 | 
 93 | 		// Get all post properties from within properties
 94 | 		$props = ml_api_post_json($post, 'properties', false);
 95 | 
 96 | 		// Get all easy values here
 97 | 		$this->name = ml_api_post_json($props, 'name', true);
 98 | 		$this->summary = ml_api_post_json($props, 'summary', true);
 99 | 		$this->published = ml_api_post_json($props, 'published', true);
100 | 		$this->category = ml_api_post_json($props, 'category', false);
101 | 		$this->photo = ml_api_post_json($props, 'photo', true);
102 | 		$this->bookmark_of = ml_api_post_json($props, 'bookmark-of', true);
103 | 		$this->in_reply_to = ml_api_post_json($props, 'in-reply-to', true);
104 | 		$this->like_of = ml_api_post_json($props, 'like-of', true);
105 | 		$this->repost_of = ml_api_post_json($props, 'repost-of', true);
106 | 		$this->mp_slug = ml_api_post_json($props, 'mp-slug', true);
107 | 
108 | 		// Parse content - May either be in text form or HTML, so figure it out
109 | 		$content = ml_api_post_json($props, 'content', true);
110 | 
111 | 		// We know that if the single element in $content is an array, it
112 | 		// probably has the `html` or `value` keys inside
113 | 		if (is_array($content)) {
114 | 			$html = ml_api_post_json($content, 'html', false);
115 | 			$value = ml_api_post_json($content, 'value', false);
116 | 
117 | 			if ($html !== null) {
118 | 				$this->content = $html;
119 | 			} else if ($value !== null) {
120 | 				$this->content = $value;
121 | 			} else {
122 | 				// Couldn't find content?
123 | 				$this->content = '';
124 | 			}
125 | 		} else {
126 | 			$this->content = $content;
127 | 		}
128 | 	}
129 | }
130 | 


--------------------------------------------------------------------------------
/micropub/get.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | if (!defined('MICROLIGHT')) die();
 4 | 
 5 | // See: https://www.w3.org/TR/micropub/#syndication-targets
 6 | function syndicate_to () {
 7 | 	return [];
 8 | }
 9 | 
10 | /**
11 |  * Get details about syndication target  
12 |  * URL: `micropub?q=syndicate-to`
13 |  * @return array
14 |  */
15 | function query_syndicate_to () {
16 | 	return [
17 | 		'syndicate-to' => syndicate_to(),
18 | 	];
19 | }
20 | 
21 | /**
22 |  * Get details about the server, including its media endpoint and
23 |  * syndication targets.  
24 |  * URL: `micropub?q=config`
25 |  * @return array
26 |  */
27 | function query_config () {
28 | 	return [
29 | 		'media-endpoint' => ml_base_url() . 'media/index.php',
30 | 		'syndicate-to' => syndicate_to(),
31 | 	];
32 | }
33 | 
34 | /**
35 |  * Get all details about a specific post  
36 |  * URL: `micropub?q=source&url=...`
37 |  * @return array
38 |  */
39 | function query_source () {
40 | 	$url = ml_api_get('url');
41 | 	$slug = ml_slug_from_url($url);
42 | 
43 | 	$db = new DB();
44 | 	$post = new Post($db);
45 | 	
46 | 	$where = [
47 | 		// ALWAYS ONLY show public posts
48 | 		SQL::where_create('status', 'public'),
49 | 		SQL::where_create('slug', $slug, SQLOP::EQUAL, SQLEscape::SLUG),
50 | 	];
51 | 
52 | 	$single = $post->find_one($where);
53 | 
54 | 	if ($single === null) {
55 | 		throw new Exception('Post does not exist');
56 | 	}
57 | 
58 | 	// Get post details in microformat syntax
59 | 	$details = Post::to_microformats($single);
60 | 
61 | 	// Only display properties requested
62 | 	$properties = ml_api_get('properties');
63 | 	if ($properties !== null && is_array($properties) && !empty($properties)) {
64 | 		// Type is not required when requesting properties
65 | 		unset($details['type']);
66 | 
67 | 		// Delete any properties that aren't those requested
68 | 		foreach ($details['properties'] as $key => $value) {
69 | 			if (!in_array($key, $properties, true)) {
70 | 				unset($details['properties'][$key]);
71 | 			}
72 | 		}
73 | 	}
74 | 
75 | 	return $details;
76 | }
77 | 


--------------------------------------------------------------------------------
/micropub/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | define('MICROLIGHT', 'v1.0.1');
  4 | 
  5 | chdir('..');
  6 | require_once('includes/config.php');
  7 | require_once('includes/api.include.php');
  8 | 
  9 | // Initialise POST
 10 | if (!ml_api_post_decode()) return;
 11 | 
 12 | require_once('get.php');
 13 | require_once('post/index.php');
 14 | require_once('PostEntry.php');
 15 | 
 16 | $bearer = ml_api_access_token();
 17 | 
 18 | // If there is no token, end processing early with a warning.
 19 | if (empty($bearer)) {
 20 | 	ml_http_error(HTTPStatus::UNAUTHORIZED, 'Bearer token has not been provided');
 21 | 	return;
 22 | }
 23 | 
 24 | if (ml_api_validate_token($bearer) === false) {
 25 | 	ml_http_error(HTTPStatus::FORBIDDEN, 'Bearer token is invalid or does not exist');
 26 | 	return;
 27 | }
 28 | 
 29 | try {
 30 | 	switch (ml_api_method()) {
 31 | 	case 'GET':
 32 | 		switch (ml_api_get('q')) {
 33 | 		case 'config':
 34 | 			ml_http_response(HTTPStatus::OK, query_config());
 35 | 			return;
 36 | 
 37 | 		case 'syndicate-to':
 38 | 			ml_http_response(HTTPStatus::OK, query_syndicate_to());
 39 | 			return;
 40 | 
 41 | 		case 'source':
 42 | 			ml_http_response(HTTPStatus::OK, query_source());
 43 | 			return;
 44 | 
 45 | 		default:
 46 | 			ml_http_error(
 47 | 				HTTPStatus::INVALID_REQUEST,
 48 | 				'Invalid q parameter. Pick one of "config", "syndicate-to", or "source"'
 49 | 			);
 50 | 			return;
 51 | 		}
 52 | 
 53 | 	case 'POST':
 54 | 		// Micropub can either have actions via the `action` value, or assume
 55 | 		// an entity is being created via the `type` (if JSON) or `h` (if form
 56 | 		// encoded) values. Yeah, gets a little inconvenient with all the
 57 | 		// different edge cases.
 58 | 
 59 | 		switch (ml_api_post('action')) {
 60 | 		case 'delete':
 61 | 			if (!in_array(TokenScope::DELETE, $auth['scope'], true)) {
 62 | 				ml_http_error(
 63 | 					HTTPStatus::INSUFFICIENT_SCOPE,
 64 | 					'Token is missing `' . TokenScope::DELETE . '` scope'
 65 | 				);
 66 | 				return;
 67 | 			}
 68 | 
 69 | 			$url = ml_api_post('url');
 70 | 			$slug = ml_slug_from_url($url);
 71 | 
 72 | 			post_delete_post($slug);
 73 | 			ml_http_response(HTTPStatus::NO_CONTENT);
 74 | 			return;
 75 | 			break;
 76 | 
 77 | 		case 'update':
 78 | 			if (!in_array(TokenScope::UPDATE, $auth['scope'], true)) {
 79 | 				ml_http_error(
 80 | 					HTTPStatus::INSUFFICIENT_SCOPE,
 81 | 					'Token is missing `' . TokenScope::UPDATE . '` scope'
 82 | 				);
 83 | 				return;
 84 | 			}
 85 | 			$url = ml_api_post('url');
 86 | 			$slug = ml_slug_from_url($url);
 87 | 			$properties = [
 88 | 				'add' => ml_api_post('add'),
 89 | 				'replace' => ml_api_post('replace'),
 90 | 				'delete' => ml_api_post('delete'),
 91 | 			];
 92 | 
 93 | 			post_update_entry($slug, $properties);
 94 | 			ml_http_response(HTTPStatus::NO_CONTENT);
 95 | 			return;
 96 | 			break;
 97 | 		}
 98 | 
 99 | 		if (!in_array(TokenScope::CREATE, $auth['scope'], true)) {
100 | 			ml_http_error(
101 | 				HTTPStatus::INSUFFICIENT_SCOPE,
102 | 				'Token is missing `' . TokenScope::CREATE . '` scope'
103 | 			);
104 | 			return;
105 | 		}
106 | 
107 | 		$is_json = ml_api_content_type() === 'application/json';
108 | 
109 | 		$type = $is_json === true
110 | 			? ml_api_post_json($post, 'type', true)
111 | 			: ml_api_post('h');
112 | 
113 | 		switch ($type) {
114 | 		case 'entry':
115 | 		case 'h-entry':
116 | 			$entry = new PostEntry();
117 | 			$entry->parse_post($is_json);
118 | 			post_create_entry($entry);
119 | 			return;
120 | 		}
121 | 	}
122 | } catch (\Throwable $err) {
123 | 	ml_http_error(HTTPStatus::INVALID_REQUEST, $err->getMessage());
124 | 	return;
125 | }
126 | 
127 | ml_http_response(HTTPStatus::REDIRECT, null, null, ml_base_url());
128 | return;
129 | 


--------------------------------------------------------------------------------
/micropub/post/create.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('includes/lib/media.php');
  6 | require_once('includes/webmention-send.include.php');
  7 | 
  8 | /**
  9 |  * Inserts a post into the database, returning any errors if they occur,
 10 |  * otherwise returning a 201 CREATED response to the new post.
 11 |  * @param array $post
 12 |  * @return string Post's final slug
 13 |  * @throws Exception
 14 |  */
 15 | function insert_post ($post) {
 16 | 	$slug = $post['slug'];
 17 | 
 18 | 	try {
 19 | 		$db = new DB();
 20 | 		$db_post = new Post($db);
 21 | 		
 22 | 		$existing = $db_post->count([
 23 | 			[
 24 | 				'column' => 'slug',
 25 | 				'operator' => SQLOP::EQUAL,
 26 | 				'value' => $slug,
 27 | 				'escape' => SQLEscape::SLUG,
 28 | 			],
 29 | 		]);
 30 | 
 31 | 		// Loop through suffixed slugs until one doesn't exist, or until we've
 32 | 		// tried 50 times, in which case return an error.
 33 | 		$suffix = 1;
 34 | 		while ($existing > 0) {
 35 | 			$new_slug = $slug . '-' . $suffix;
 36 | 
 37 | 			$existing = $db_post->count([
 38 | 				[
 39 | 					'column' => 'slug',
 40 | 					'operator' => SQLOP::EQUAL,
 41 | 					'value' => $new_slug,
 42 | 					'escape' => SQLEscape::SLUG,
 43 | 				],
 44 | 			]);
 45 | 
 46 | 			// Overwrite the existing slug with the new slug
 47 | 			$post['slug'] = $new_slug;
 48 | 			$suffix += 1;
 49 | 
 50 | 			if ($suffix > 50) {
 51 | 				throw new Exception('This slug is used by too many slugs');
 52 | 			}
 53 | 		}
 54 | 
 55 | 		$postId = $db_post->insert($post);
 56 | 		$postId = intval($postId);
 57 | 
 58 | 		if (is_int($postId) && $postId !== 0) {
 59 | 			ml_http_response(
 60 | 				HTTPStatus::CREATED,
 61 | 				null,
 62 | 				null,
 63 | 				ml_post_permalink($post['slug'])
 64 | 			);
 65 | 			return $post['slug'];
 66 | 		} else {
 67 | 			throw new Exception('Could not create entry. Unknown reason.');
 68 | 		}
 69 | 	} catch (DBError $e) {
 70 | 		throw new Exception($e->getMessage());
 71 | 	}
 72 | }
 73 | 
 74 | /**
 75 |  * The main logic for the Micropub `h=entry` request. Takes various POST values
 76 |  * and converts them into an object suitable for the microlight database.
 77 |  * Any errors will be returned to the user.
 78 |  *
 79 |  * @param PostEntry $entry
 80 |  * @return void
 81 |  * @throws Exception
 82 |  */
 83 | function post_create_entry (PostEntry $entry){
 84 | 	$new_post = post_create_post($entry);
 85 | 
 86 | 	try {
 87 | 		$final_slug = insert_post($new_post);
 88 | 	} catch (\Throwable $error) {
 89 | 		ml_http_error(HTTPStatus::SERVER_ERROR, $error->getMessage());
 90 | 		return;
 91 | 	}
 92 | 
 93 | 	if (should_perform_webmention($new_post) === true) {
 94 | 		try {
 95 | 			ml_webmention_perform($new_post['url'], $final_slug);
 96 | 		} catch (\Throwable $error) {
 97 | 			// This error is not critical, as such, so a failing webmention does
 98 | 			// not really warrant it to be handled as such, hence the simple
 99 | 			// error logging.
100 | 			error_log('Could not perform webmention. Here is why:');
101 | 			error_log('Code: ' . $error->getCode());
102 | 			error_log('Message: ' . $error->getMessage());
103 | 		}
104 | 	}
105 | 
106 | 	return;
107 | }
108 | 


--------------------------------------------------------------------------------
/micropub/post/delete.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | if (!defined('MICROLIGHT')) die();
 4 | 
 5 | function post_delete_post ($slug) {
 6 | 	$db = new DB();
 7 | 	$post = new Post($db);
 8 | 
 9 | 	$where = [
10 | 		SQL::where_create('slug', $slug, SQLOP::EQUAL, SQLEscape::SLUG),
11 | 		SQL::where_create('status', 'deleted', SQLOP::NEQUAL, SQLEscape::POST_TYPE),
12 | 	];
13 | 
14 | 	$existing_post = $post->find_one($where);
15 | 
16 | 	// Check if the post exists before trying to delete it
17 | 	if ($existing_post === null) throw new Exception('Post does not exist');
18 | 
19 | 	$properties = [
20 | 		'status' => 'deleted',
21 | 	];
22 | 
23 | 	try {
24 | 		$post->update($properties, $where);
25 | 	} catch (\Throwable $error) {
26 | 		ml_http_error(HTTPStatus::SERVER_ERROR, $error->getMessage());
27 | 		return;
28 | 	}
29 | 
30 | 	if (should_perform_webmention($existing_post) === true) {
31 | 		try {
32 | 			ml_webmention_perform($existing_post['url'], $existing_post['slug']);
33 | 		} catch (\Throwable $error) {
34 | 			// This error is not critical, as such, so a failing webmention does
35 | 			// not really warrant it to be handled as such, hence the simple
36 | 			// error logging.
37 | 			error_log('Could not perform webmention. Here is why:');
38 | 			error_log('Code: ' . $error->getCode());
39 | 			error_log('Message: ' . $error->getMessage());
40 | 		}
41 | 	}
42 | }
43 | 


--------------------------------------------------------------------------------
/micropub/post/index.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | if (!defined('MICROLIGHT')) die();
4 | 
5 | require_once('lib.php');
6 | require_once('create.php');
7 | require_once('delete.php');
8 | require_once('update.php');
9 | 


--------------------------------------------------------------------------------
/micropub/post/lib.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | /**
  6 |  * Validates the `published` or `updated` field
  7 |  *
  8 |  * @param string|null $date The date at which the post should be published/updated
  9 |  * @return string|false Return the date in ISO8601 if valid, otherwise false
 10 |  */
 11 | function validate_date ($date) {
 12 | 	if ($date === null || $date === '') {
 13 | 		// Use the current timestamp, if not provided.
 14 | 		return gmdate("c");
 15 | 	} else {
 16 | 		$date = strtotime($date);
 17 | 		if ($date !== false) return date('c', $date);
 18 | 		return false;
 19 | 	}
 20 | }
 21 | 
 22 | /**
 23 |  * If not provided, the summary will be taken from the first 160 characters of
 24 |  * the actual content. It is assumed that `content` has already been validated.
 25 |  *
 26 |  * @param string|null $summary
 27 |  * @param string $content
 28 |  * @return string
 29 |  */
 30 | function validate_summary ($summary, $content) {
 31 | 	if (empty($summary)) {
 32 | 		// Summary should be a snippet from the content, limited to 160 chars.
 33 | 		// It's 157 here because if it reaches that value we will append an
 34 | 		// ellipsis to bring it to the total 160.
 35 | 		$summary = strip_tags($content);
 36 | 		$summary = substr($summary, 0, 157);
 37 | 		$summary = preg_replace('/\s+/', ' ', $summary);
 38 | 		if (strlen($summary) === 157) $summary .= "...";
 39 | 	}
 40 | 
 41 | 	return strip_tags($summary);
 42 | }
 43 | 
 44 | /**
 45 |  * Ensures that every category provided is a valid alphanumeric string,
 46 |  * otherwise returning false.
 47 |  *
 48 |  * @param string[] $category
 49 |  * @return string[]|false
 50 |  */
 51 | function validate_category ($category) {
 52 | 	if (empty($category)) return [];
 53 | 	if (is_array($category) === false) {
 54 | 		if (is_string($category)) {
 55 | 			$category = [ $category ];
 56 | 		} else {
 57 | 			return false;
 58 | 		}
 59 | 	};
 60 | 
 61 | 	foreach ($category as $key => $value) {
 62 | 		if (!mb_check_encoding($value, 'ASCII')) return false;
 63 | 		if (!preg_match('/^[a-zA-Z0-9_\- ]+$/', $value)) return false;
 64 | 	}
 65 | 
 66 | 	return $category;
 67 | }
 68 | 
 69 | /**
 70 |  * Generates a slug based on either the name (if provided), or the post's
 71 |  * summary.
 72 |  *
 73 |  * @param string|null $name The post's currently working name
 74 |  * @param string $summary Post's summary, assumed to already be validated
 75 |  * @return string The final slug to be used for this post
 76 |  */
 77 | function generate_slug ($name, $summary) {
 78 | 	if (empty($name)) {
 79 | 		// Take the first 10 words from the summary
 80 | 		return slugify(implode('-', array_slice(preg_split('/\s/m', $summary), 0, 10)));
 81 | 	}
 82 | 
 83 | 	// Alternatively, if the name is already populated, slugify it.
 84 | 	return slugify($name);
 85 | }
 86 | 
 87 | /**
 88 |  * Determines the post type depending on whether other optional fields to POST
 89 |  * were provided.
 90 |  *
 91 |  * @param PostEntry $entry
 92 |  * @return array|false If a valid post type was detected, an array containing
 93 |  *                     "type" and "url" keys, otherwise false.
 94 |  */
 95 | function validate_post_type ($entry) {
 96 | 	if (!empty($entry->photo) && filter_var($entry->photo, FILTER_VALIDATE_URL) !== false) {
 97 | 		return [
 98 | 			'type' => 'photo',
 99 | 			'url' => $entry->photo,
100 | 		];
101 | 	}
102 | 
103 | 	// Perhaps an image was uploaded in the request itself
104 | 	if (isset($_FILES['photo']) && is_array($_FILES['photo'])) {
105 | 		$photo = new ImageResizer($_FILES['photo']);
106 | 
107 | 		return [
108 | 			'type' => 'photo',
109 | 			'url' => $photo->get_permalink(),
110 | 		];
111 | 	}
112 | 
113 | 	if (!empty($entry->bookmark_of)) {
114 | 		return [
115 | 			'type' => 'bookmark',
116 | 			'url' => $entry->bookmark_of,
117 | 		];
118 | 	}
119 | 
120 | 	if (!empty($entry->in_reply_to)) {
121 | 		return [
122 | 			'type' => 'reply',
123 | 			'url' => $entry->in_reply_to,
124 | 		];
125 | 	}
126 | 
127 | 	if (!empty($entry->like_of)) {
128 | 		return [
129 | 			'type' => 'like',
130 | 			'url' => $entry->like_of,
131 | 		];
132 | 	}
133 | 
134 | 	if (!empty($entry->repost_of)) {
135 | 		return [
136 | 			'type' => 'repost',
137 | 			'url' => $entry->repost_of,
138 | 		];
139 | 	}
140 | 
141 | 	return false;
142 | }
143 | 
144 | /**
145 |  * Convert a PostEntry into something that can be handled by the database.
146 |  * @param PostEntry $entry
147 |  * @return array
148 |  */
149 | function post_create_post (PostEntry $entry) {
150 | 	// Internally calculated values
151 | 	$post_type = 'article';
152 | 	$post_slug = '';
153 | 	$post_status = 'public';
154 | 	$post_url = null;
155 | 
156 | 	// VALIDATION / PROCESSING
157 | 
158 | 	if (empty($entry->name)) $post_type = 'note';
159 | 
160 | 	$entry->published = validate_date($entry->published);
161 | 	if ($entry->published === false) {
162 | 		ml_http_error(
163 | 			HTTPStatus::INVALID_REQUEST,
164 | 			'Invalid `published` value'
165 | 		);
166 | 		return;
167 | 	}
168 | 
169 | 	$entry->summary = validate_summary($entry->summary, $entry->content);
170 | 
171 | 	if ($entry->mp_slug !== null) {
172 | 		$post_slug = $entry->mp_slug;
173 | 	} else {
174 | 		$post_slug = generate_slug($entry->name, $entry->summary);
175 | 	}
176 | 
177 | 	$entry->category = validate_category($entry->category);
178 | 	if ($entry->category === false) {
179 | 		ml_http_error(
180 | 			HTTPStatus::INVALID_REQUEST,
181 | 			'Invalid `category` value'
182 | 		);
183 | 		return;
184 | 	}
185 | 
186 | 	// Check for a 'private' category specified.
187 | 	// If present, remove it from the categories and make the post invisible to
188 | 	// the archive.
189 | 	$private_category_key = array_search('private', $entry->category, true);
190 | 	if ($private_category_key !== false) {
191 | 		array_splice($entry->category, $private_category_key, 1);
192 | 		$post_status = 'private';
193 | 	}
194 | 	$entry->category = implode(',', $entry->category);
195 | 	if (strlen($entry->category) > 0) $entry->category .= ',';
196 | 
197 | 	// Determine post type if `in-reply-to`, `like-of`, `repost-of` or
198 | 	// `bookmark-of` URLs are provided.
199 | 	$new_post_type = validate_post_type($entry);
200 | 	if ($new_post_type !== false) {
201 | 		$post_type = $new_post_type['type'];
202 | 		$post_url = $new_post_type['url'];
203 | 	}
204 | 
205 | 	$post = [
206 | 		'name' => $entry->name,
207 | 		'summary' => $entry->summary,
208 | 		'content' => $entry->content,
209 | 		'post_type' => $post_type,
210 | 		'slug' => $post_slug,
211 | 		'published' => $entry->published,
212 | 		'tags' => $entry->category,
213 | 		'status' => $post_status,
214 | 		'url' => $post_url,
215 | 	];
216 | 
217 | 	return $post;
218 | }
219 | 
220 | /**
221 |  * Determine whether the post to be created, updated, or deleted should perform
222 |  * a webmention to the URL provided in the post
223 |  * @param array $properties
224 |  * @return bool
225 |  */
226 | function should_perform_webmention ($properties) {
227 | 	// Make sure URL is provided
228 | 	if (!isset($properties['url'])) return false;
229 | 	if (empty($properties['url'])) return false;
230 | 	if (!isset($properties['post_type'])) return false;
231 | 
232 | 	// Assume URL is provided - Check for post type
233 | 	switch ($properties['post_type']) {
234 | 	case 'reply':
235 | 	case 'like':
236 | 	case 'repost':
237 | 		return true;
238 | 		break;
239 | 	default:
240 | 		return false;
241 | 		break;
242 | 	}
243 | }
244 | 


--------------------------------------------------------------------------------
/micropub/post/update.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | if (!defined('MICROLIGHT')) die();
  4 | 
  5 | require_once('includes/webmention-send.include.php');
  6 | 
  7 | /**
  8 |  * Update an existing post in the database based on a given slug.
  9 |  * @param string $original_slug
 10 |  * @param array $properties
 11 |  * @return void
 12 |  */
 13 | function post_update_entry (string $original_slug, array $properties) {
 14 | 	global $post;
 15 | 
 16 | 	$db = new DB();
 17 | 	$db_post = new Post($db);
 18 | 	
 19 | 	// 1. Get original post
 20 | 	$original_post = $db_post->find_one([
 21 | 		SQL::where_create(
 22 | 			'slug',
 23 | 			$original_slug,
 24 | 			SQLOP::EQUAL,
 25 | 			SQLEscape::SLUG
 26 | 		)
 27 | 	]);
 28 | 	
 29 | 	if ($original_post === null) {
 30 | 		ml_http_error(
 31 | 			HTTPStatus::INVALID_REQUEST,
 32 | 			'Post does not already exist'
 33 | 		);
 34 | 		return;
 35 | 	}
 36 | 	
 37 | 	// 2. Convert into PostEntry
 38 | 	$original_entry = new PostEntry();
 39 | 	$original_entry->parse_entry($original_post);
 40 | 
 41 | 	// Track to see if the original URL was changed, so we can send a webmention
 42 | 	// to it again.
 43 | 	$original_url = $original_post['url'];
 44 | 
 45 | 	// Make sure we traverse an array regardless of whether a value was provided
 46 | 	// for each field or not
 47 | 	if (empty($properties['add'])) {
 48 | 		$properties['add'] = [];
 49 | 	} elseif (!is_array($properties['add'])) {
 50 | 		throw new Exception('Property "add" must be an array');
 51 | 	}
 52 | 	if (empty($properties['replace'])) {
 53 | 		$properties['replace'] = [];
 54 | 	} elseif (!is_array($properties['replace'])) {
 55 | 		throw new Exception('Property "replace" must be an array');
 56 | 	}
 57 | 	if (empty($properties['delete'])) {
 58 | 		$properties['delete'] = [];
 59 | 	} elseif (!is_array($properties['delete'])) {
 60 | 		throw new Exception('Property "delete" must be an array');
 61 | 	}
 62 | 	
 63 | 	// 3. Perform add/replace/removes on the original PostEntry
 64 | 	foreach ($properties['add'] as $key => $values) {
 65 | 		if (!property_exists($original_entry, $key) || !is_array($original_entry->$key)) {
 66 | 			throw new Exception('Cannot add to the "' . $key . '" property');
 67 | 		}
 68 | 
 69 | 		// According to micropub spec, all values must be inside an array, even
 70 | 		// if only one value is provided.
 71 | 		if (!is_array($values)) {
 72 | 			throw new Exception('Values for "' . $key . '" must be an array');
 73 | 		}
 74 | 
 75 | 		$original_entry->$key = array_merge($original_entry->$key, $values);
 76 | 	}
 77 | 
 78 | 	foreach ($properties['replace'] as $key => $values) {
 79 | 		if (!property_exists($original_entry, $key)) {
 80 | 			throw new Exception('Cannot replace values in the "' . $key . '" property');
 81 | 		}
 82 | 
 83 | 		// According to micropub spec, all values must be inside an array, even
 84 | 		// if only one value is provided.
 85 | 		if (!is_array($values)) {
 86 | 			throw new Exception('Values for "' . $key . '" must be an array');
 87 | 		}
 88 | 
 89 | 		// Depending on whether the original field was an array or not (eg.
 90 | 		// `name` is a string field), use the entire array, or just the first
 91 | 		// value.
 92 | 		if (is_array($original_entry->$key)) {
 93 | 			$original_entry->$key = $values;
 94 | 		} else {
 95 | 			$original_entry->$key = $values[0];
 96 | 		}
 97 | 	}
 98 | 
 99 | 	foreach ($properties['delete'] as $key => $values) {
100 | 		// If provided a list of fields to delete, check that here.
101 | 		if (is_numeric($key)) {
102 | 			if (!property_exists($original_entry, $values)) {
103 | 				throw new Exception('Cannot delete the "' . $values . '" property');
104 | 			}
105 | 
106 | 			// Nullifying the value should behave in a particular way depending
107 | 			// on its type. For exaemple, we don't want to set a required string
108 | 			// field to `null`, it should be an empty string instead.
109 | 			switch(gettype($original_entry->$values)) {
110 | 			case 'string':
111 | 				$original_entry->$values = '';
112 | 				break;
113 | 			case 'array':
114 | 				$original_entry->$values = [];
115 | 				break;
116 | 			default:
117 | 				$original_entry->$values = null;
118 | 			}
119 | 			continue;
120 | 		}
121 | 
122 | 		if (!property_exists($original_entry, $key) || !is_array($original_entry->$key)) {
123 | 			throw new Exception('Cannot delete from the "' . $key . '" property');
124 | 		}
125 | 
126 | 		// Delete individual values from an array
127 | 		foreach ($values as $value) {
128 | 			// Go through every value provided and check that it already exists
129 | 			// in the array. If not, just ignore it.
130 | 			$index = array_search($value, $original_entry->$key, true);
131 | 			if ($index === false || $index === null) continue;
132 | 
133 | 			// Remove the value from the array
134 | 			array_splice($original_entry->$key, $index, 1);
135 | 		}
136 | 	}
137 | 
138 | 	// 4. Insert back into database
139 | 	$new_post = post_create_post($original_entry);
140 | 	$new_post['updated'] = validate_date(null);
141 | 
142 | 	try {
143 | 		$db_post->update(
144 | 			$new_post,
145 | 			[ SQL::where_create('slug', $original_slug, SQLOP::EQUAL, SQLEscape::SLUG) ]
146 | 		);
147 | 	} catch (\Throwable $error) {
148 | 		ml_http_error(HTTPStatus::SERVER_ERROR, $error->getMessage());
149 | 		return;
150 | 	}
151 | 
152 | 	if (should_perform_webmention($new_post) === true) {
153 | 		try {
154 | 			ml_webmention_perform($new_post['url'], $new_post['slug']);
155 | 
156 | 			// Also send a webmention to the URL this post used to point to
157 | 			// (making sure it actually did point somewhere beforehand)
158 | 			if (!empty($original_url) && $original_url !== $new_post['url']) {
159 | 				ml_webmention_perform($original_url, $new_post['slug']);
160 | 			}
161 | 		} catch (\Throwable $error) {
162 | 			// This error is not critical, as such, so a failing webmention does
163 | 			// not really warrant it to be handled as such, hence the simple
164 | 			// error logging.
165 | 			error_log('Could not perform webmention. Here is why:');
166 | 			error_log('Code: ' . $error->getCode());
167 | 			error_log('Message: ' . $error->getMessage());
168 | 		}
169 | 	}
170 | 
171 | 	return;
172 | }
173 | 


--------------------------------------------------------------------------------
/themes/microlight-default/README.md:
--------------------------------------------------------------------------------
1 | # "Microlight" Theme
2 | 
3 | This is a single column theme that includes support for most of the common post types, tags, and metadata.
4 | 
5 | **Author:** Tom Gardiner (tom@tombofry.co.uk)
6 | 


--------------------------------------------------------------------------------
/themes/microlight-default/css/style-dark.css:
--------------------------------------------------------------------------------
  1 | * {
  2 | 	margin: 0;
  3 | 	padding: 0;
  4 | 	box-sizing: border-box;
  5 | }
  6 | 
  7 | body {
  8 | 	background-color: #111;
  9 | 	color: #eee;
 10 | 	max-width: 640px;
 11 | 	width: 100%;
 12 | 	margin: 0 auto;
 13 | 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
 14 | }
 15 | 
 16 | a {
 17 | 	color: #ccc;
 18 | 	text-decoration: none;
 19 | }
 20 | 
 21 | a:hover {
 22 | 	text-decoration: underline;
 23 | 	color: #ff4700;
 24 | }
 25 | 
 26 | h1, h2, h3, h4, h5, h6 {
 27 | 	line-height: 1.1;
 28 | 	/* https://www.client9.com/css-system-font-stack-serif-medium-v1/ */
 29 | 	/* font-family: "Iowan Old Style", "Palatino Linotype", Palatino, "URW Palladio L", serif; */
 30 | }
 31 | 
 32 | p, .e-content, img {
 33 | 	line-height: 20px;
 34 | 	margin-bottom: 10px;
 35 | }
 36 | 
 37 | ul {
 38 | 	margin-left: 24px;
 39 | }
 40 | 
 41 | header {
 42 | 	padding: 32px 32px 16px;
 43 | 	max-width: 640px;
 44 | 	margin: 0 auto;
 45 | }
 46 | 
 47 | header .u-photo {
 48 | 	float: left;
 49 | 	width: 160px;
 50 | 	margin-right: 16px;
 51 | 	border-radius: 50%;
 52 | }
 53 | 
 54 | .p-note {
 55 | 	margin-top: 16px;
 56 | }
 57 | 
 58 | h2.p-name {
 59 | 	font-size: 24px;
 60 | }
 61 | 
 62 | h2.p-name, h2.p-name a {
 63 | 	word-break: normal;
 64 | 	overflow-wrap: break-word;
 65 | }
 66 | 
 67 | .p-name-emoji {
 68 | 	margin-right: 12px;
 69 | 	line-height: 20px;
 70 | 	height: 20px;
 71 | 	font-size: 20px;
 72 | 	-moz-user-select: none;
 73 | 	-webkit-user-select: none;
 74 | 	user-select: none;
 75 | }
 76 | 
 77 | .me-links {
 78 | 	list-style-type: none;
 79 | 	margin-left: 0;
 80 | 	margin-top: 16px;
 81 | }
 82 | .me-links li {
 83 | 	display: inline-block;
 84 | 	margin-right: 12px;
 85 | }
 86 | .me-links li:not(:last-child):after {
 87 | 	content: '';
 88 | 	width: 12px;
 89 | 	margin-left: 12px;
 90 | 	border-top: 1px solid #666;
 91 | 	display: inline-block;
 92 | 	vertical-align: middle;
 93 | }
 94 | 
 95 | article {
 96 | 	padding: 32px;
 97 | }
 98 | 
 99 | article h2 {
100 | 	margin-bottom: 16px;
101 | }
102 | 
103 | .page article h2 {
104 | 	font-weight: 700;
105 | 	font-style: italic;
106 | 	font-size: 28pt;
107 | 	margin-bottom: 16px;
108 | }
109 | 
110 | .page article .e-content {
111 | 	font-size: 12pt;
112 | 	line-height: 1.618;
113 | 	margin-bottom: 16px;
114 | }
115 | 
116 | .dt-published-link, .dt-updated, #entry-interactions .dt-published {
117 | 	display: block;
118 | 	color: #999;
119 | 	text-decoration: none;
120 | 	font-size: 11pt;
121 | 	font-weight: 500;
122 | 	margin-bottom: 4px;
123 | }
124 | 
125 | .h-geo, .h-adr {
126 | 	margin-top: 12px;
127 | 	margin-bottom: 16px;
128 | }
129 | 
130 | img {
131 | 	max-width: 100%;
132 | }
133 | 
134 | audio {
135 | 	width: 100%;
136 | }
137 | 
138 | .tags {
139 | 	text-align: right;
140 | 	float: right;
141 | 	font-size: 11pt;
142 | 	max-width: 50%;
143 | }
144 | 
145 | .tags a {
146 | 	font-weight: 700;
147 | 	color: #ccc;
148 | 	text-decoration: none;
149 | 	text-transform: lowercase;
150 | 	margin-left: 6px;
151 | }
152 | 
153 | .tags a:before {
154 | 	content: '#';
155 | 	color: #666;
156 | }
157 | 
158 | .pagination {
159 | 	display: block;
160 | 	padding: 32px;
161 | }
162 | .pagination:after {
163 | 	clear: both;
164 | 	content: '';
165 | 	float: none;
166 | 	display: block;
167 | }
168 | 
169 | .pagination-left, .pagination-right {
170 | 	width: 50%;
171 | 	width: calc(50% - 8px);
172 | 	display: inline-block;
173 | 	padding: 16px;
174 | 	text-align: center;
175 | 	border-radius: 8px;
176 | 	text-decoration: none;
177 | 	border: 1px solid #191919;
178 | 	font-weight: 700;
179 | }
180 | 
181 | .pagination-left:hover, .pagination-right:hover {
182 | 	background-color: #191919;
183 | }
184 | 
185 | .pagination-left {
186 | 	float: left;
187 | }
188 | 
189 | .pagination-right {
190 | 	float: right;
191 | }
192 | 
193 | .hidden {
194 | 	display: none;
195 | }
196 | 
197 | #entry-interactions {
198 | 	padding-top: 40px;
199 | }
200 | 
201 | #entry-interactions:empty {
202 | 	display: none;
203 | }
204 | 
205 | #entry-interactions::before {
206 | 	content: 'INTERACTIONS';
207 | 	color: #666;
208 | 	font-weight: 700;
209 | }
210 | 
211 | #entry-interactions > div {
212 | 	padding: 10px 16px;
213 | 	border: 1px solid #333;
214 | 	border-radius: 6px;
215 | 	margin-top: 10px;
216 | }
217 | 
218 | #entry-interactions .p-name {
219 | 	font-weight: 700;
220 | }
221 | 
222 | .entry-interaction-emoji, #entry-interactions .u-photo {
223 | 	float: left;
224 | 	line-height: 40px;
225 | 	width: 40px;
226 | 	height: 40px;
227 | 	font-size: 40px;
228 | 	margin-right: 10px;
229 | 	-moz-user-select: none;
230 | 	-webkit-user-select: none;
231 | 	user-select: none;
232 | }
233 | 
234 | @media (max-width: 500px) {
235 | 	header .u-photo {
236 | 		float: none;
237 | 		display: block;
238 | 		width: 100%;
239 | 		max-width: 240px;
240 | 		margin: 0 auto 16px auto;
241 | 	}
242 | 
243 | 	header {
244 | 		text-align: center;
245 | 	}
246 | 
247 | 	.tags {
248 | 		text-align: left;
249 | 		float: none;
250 | 		display: block;
251 | 		margin-bottom: 10px;
252 | 		max-width: 100%;
253 | 	}
254 | 	.tags a {
255 | 		display: inline-block;
256 | 		margin: 0 5px 0 0;
257 | 		padding: 0 0 5px 0;
258 | 	}
259 | }
260 | 


--------------------------------------------------------------------------------
/themes/microlight-default/css/style.css:
--------------------------------------------------------------------------------
  1 | * {
  2 | 	margin: 0;
  3 | 	padding: 0;
  4 | 	box-sizing: border-box;
  5 | }
  6 | 
  7 | body {
  8 | 	max-width: 640px;
  9 | 	width: 100%;
 10 | 	margin: 0 auto;
 11 | 	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol";
 12 | }
 13 | 
 14 | a {
 15 | 	color: #333;
 16 | 	text-decoration: none;
 17 | }
 18 | 
 19 | a:hover {
 20 | 	text-decoration: underline;
 21 | 	color: #ff4700;
 22 | }
 23 | 
 24 | h1, h2, h3, h4, h5, h6 {
 25 | 	line-height: 1.1;
 26 | 	/* https://www.client9.com/css-system-font-stack-serif-medium-v1/ */
 27 | 	/* font-family: "Iowan Old Style", "Palatino Linotype", Palatino, "URW Palladio L", serif; */
 28 | }
 29 | 
 30 | p, .e-content, img {
 31 | 	line-height: 20px;
 32 | 	margin-bottom: 10px;
 33 | }
 34 | 
 35 | ul {
 36 | 	margin-left: 24px;
 37 | }
 38 | 
 39 | header {
 40 | 	padding: 32px 32px 16px;
 41 | 	max-width: 640px;
 42 | 	margin: 0 auto;
 43 | }
 44 | 
 45 | header .u-photo {
 46 | 	float: left;
 47 | 	width: 160px;
 48 | 	margin-right: 16px;
 49 | 	border-radius: 50%;
 50 | }
 51 | 
 52 | .p-note {
 53 | 	margin-top: 16px;
 54 | }
 55 | 
 56 | h2.p-name {
 57 | 	font-size: 24px;
 58 | }
 59 | 
 60 | h2.p-name, h2.p-name a {
 61 | 	word-break: normal;
 62 | 	overflow-wrap: break-word;
 63 | }
 64 | 
 65 | .p-name-emoji {
 66 | 	margin-right: 12px;
 67 | 	line-height: 20px;
 68 | 	height: 20px;
 69 | 	font-size: 20px;
 70 | 	-moz-user-select: none;
 71 | 	-webkit-user-select: none;
 72 | 	user-select: none;
 73 | }
 74 | 
 75 | .me-links {
 76 | 	list-style-type: none;
 77 | 	margin-left: 0;
 78 | 	margin-top: 16px;
 79 | }
 80 | .me-links li {
 81 | 	display: inline-block;
 82 | 	margin-right: 12px;
 83 | }
 84 | .me-links li:not(:last-child):after {
 85 | 	content: '';
 86 | 	width: 12px;
 87 | 	margin-left: 12px;
 88 | 	border-top: 1px solid #ccc;
 89 | 	display: inline-block;
 90 | 	vertical-align: middle;
 91 | }
 92 | 
 93 | article {
 94 | 	padding: 32px;
 95 | }
 96 | 
 97 | article h2 {
 98 | 	margin-bottom: 16px;
 99 | }
100 | 
101 | .page article h2 {
102 | 	font-weight: 700;
103 | 	font-style: italic;
104 | 	font-size: 28pt;
105 | 	margin-bottom: 16px;
106 | }
107 | 
108 | .page article .e-content {
109 | 	font-size: 12pt;
110 | 	line-height: 1.618;
111 | 	margin-bottom: 16px;
112 | }
113 | 
114 | .dt-published-link, .dt-updated, #entry-interactions .dt-published {
115 | 	display: block;
116 | 	color: #666;
117 | 	text-decoration: none;
118 | 	font-size: 11pt;
119 | 	font-weight: 500;
120 | 	margin-bottom: 4px;
121 | }
122 | 
123 | .h-geo, .h-adr {
124 | 	margin-top: 12px;
125 | 	margin-bottom: 16px;
126 | }
127 | 
128 | img {
129 | 	max-width: 100%;
130 | }
131 | 
132 | audio {
133 | 	width: 100%;
134 | }
135 | 
136 | .tags {
137 | 	text-align: right;
138 | 	float: right;
139 | 	font-size: 11pt;
140 | 	max-width: 50%;
141 | }
142 | 
143 | .tags a {
144 | 	font-weight: 700;
145 | 	color: #666;
146 | 	text-decoration: none;
147 | 	text-transform: lowercase;
148 | 	margin-left: 6px;
149 | }
150 | 
151 | .tags a:before {
152 | 	content: '#';
153 | 	color: #999;
154 | }
155 | 
156 | .pagination {
157 | 	display: block;
158 | 	padding: 32px;
159 | }
160 | .pagination:after {
161 | 	clear: both;
162 | 	content: '';
163 | 	float: none;
164 | 	display: block;
165 | }
166 | 
167 | .pagination-left, .pagination-right {
168 | 	width: 50%;
169 | 	width: calc(50% - 8px);
170 | 	display: inline-block;
171 | 	padding: 16px;
172 | 	text-align: center;
173 | 	border-radius: 8px;
174 | 	text-decoration: none;
175 | 	border: 1px solid #eee;
176 | 	font-weight: 700;
177 | }
178 | 
179 | .pagination-left:hover, .pagination-right:hover {
180 | 	background-color: #eee;
181 | }
182 | 
183 | .pagination-left {
184 | 	float: left;
185 | }
186 | 
187 | .pagination-right {
188 | 	float: right;
189 | }
190 | 
191 | .hidden {
192 | 	display: none;
193 | }
194 | 
195 | #entry-interactions {
196 | 	padding-top: 40px;
197 | }
198 | 
199 | #entry-interactions:empty {
200 | 	display: none;
201 | }
202 | 
203 | #entry-interactions::before {
204 | 	content: 'INTERACTIONS';
205 | 	color: #ccc;
206 | 	font-weight: 700;
207 | }
208 | 
209 | #entry-interactions > div {
210 | 	padding: 10px 16px;
211 | 	border: 1px solid #ddd;
212 | 	border-radius: 6px;
213 | 	margin-top: 10px;
214 | }
215 | 
216 | #entry-interactions .p-name {
217 | 	font-weight: 700;
218 | }
219 | 
220 | .entry-interaction-emoji, #entry-interactions .u-photo {
221 | 	float: left;
222 | 	line-height: 40px;
223 | 	width: 40px;
224 | 	height: 40px;
225 | 	font-size: 40px;
226 | 	margin-right: 10px;
227 | 	-moz-user-select: none;
228 | 	-webkit-user-select: none;
229 | 	user-select: none;
230 | }
231 | 
232 | @media (max-width: 500px) {
233 | 	header .u-photo {
234 | 		float: none;
235 | 		display: block;
236 | 		width: 100%;
237 | 		max-width: 240px;
238 | 		margin: 0 auto 16px auto;
239 | 	}
240 | 
241 | 	header {
242 | 		text-align: center;
243 | 	}
244 | 
245 | 	.tags {
246 | 		text-align: left;
247 | 		float: none;
248 | 		display: block;
249 | 		margin-bottom: 10px;
250 | 		max-width: 100%;
251 | 	}
252 | 	.tags a {
253 | 		display: inline-block;
254 | 		margin: 0 5px 0 0;
255 | 		padding: 0 0 5px 0;
256 | 	}
257 | }
258 | 


--------------------------------------------------------------------------------
/themes/microlight-default/elements.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | function html_head () {
 8 | 	global $dark_mode;
 9 | 
10 | 	echo "<head>";
11 | 		echo "<meta charset='UTF-8' />";
12 | 		echo "<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0' />";
13 | 		echo "<meta http-equiv='X-UA-Compatible' content='ie=edge' />";
14 | 
15 | 		// Add pre-generated headers
16 | 		ml_page_headers();
17 | 
18 | 		$css = isset($dark_mode) && $dark_mode === true
19 | 			? '/css/style-dark.css'
20 | 			: '/css/style.css';
21 | 
22 | 		// Add this theme's stylesheet
23 | 		echo "<link rel='stylesheet' href='";
24 | 		echo ml_get_theme_dir();
25 | 		echo $css . "' />";
26 | 	echo "</head>";
27 | }
28 | 
29 | function html_author_links () {
30 | 	echo "<ul class='me-links'>";
31 | 
32 | 	// Display email first
33 | 	echo "<li>";
34 | 		echo "<a rel='me' class='u-email' href='mailto:" . User::EMAIL . "'>";
35 | 			echo User::EMAIL;
36 | 		echo "</a>";
37 | 	echo "</li>";
38 | 
39 | 	// Display all links underneath
40 | 	foreach (User::IDENTITIES as $value) {
41 | 		echo "<li>";
42 | 			echo "<a rel='me' target='_blank' href='" . $value['url'] . "'>";
43 | 				echo $value['name'];
44 | 			echo "</a>";
45 | 		echo "</li>";
46 | 	}
47 | 
48 | 	echo "</ul>";
49 | }
50 | 
51 | function html_author () {
52 | 	echo "<header class='p-author vcard hcard h-card'>";
53 | 		if (ml_user_has_icon()) {
54 | 			echo "<img class='u-photo' alt='" . User::NAME . "' src='" . ml_icon_url() . "' />";
55 | 		}
56 | 		echo "<h1>";
57 | 			echo "<a href='";
58 | 			echo ml_base_url();
59 | 			echo "' class='p-name u-url uid fn' rel='me'>";
60 | 				echo User::NAME;
61 | 			echo "</a>";
62 | 		echo "</h1>";
63 | 
64 | 		if (!empty(User::NOTE)) {
65 | 			echo "<p class='p-note'>" . User::NOTE . "</p>";
66 | 		}
67 | 
68 | 		echo html_author_links();
69 | 	echo "</header>";
70 | }
71 | 
72 | function html_pagination () {
73 | 	if (ml_pagination_enabled()) {
74 | 		echo "<div class='pagination'>";
75 | 
76 | 		if (ml_pagination_left_enabled()) {
77 | 			echo "<a class='pagination-left' href='";
78 | 			echo ml_pagination_left_link();
79 | 			echo "'>&lt;&lt; Newer</a>";
80 | 		}
81 | 		if (ml_pagination_right_enabled()) {
82 | 			echo "<a class='pagination-right' href='";
83 | 			echo ml_pagination_right_link();
84 | 			echo "'>Older &gt;&gt;</a>";
85 | 		}
86 | 
87 | 		echo '</div>';
88 | 	}
89 | }
90 | 


--------------------------------------------------------------------------------
/themes/microlight-default/entry/formats.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | function fmt_default ($post, $is_archive) {
 8 | 	entry_title($post, $is_archive);
 9 | 	entry_content($post, $is_archive);
10 | }
11 | 
12 | function fmt_image ($post, $is_archive) {
13 | 	entry_title($post, $is_archive);
14 | 	echo "<img ";
15 | 	echo "class='u-photo' ";
16 | 	echo "alt='" . $post['name'] . "' ";
17 | 	echo "src='" . $post['url'] . "' />";
18 | 	entry_content($post, $is_archive);
19 | }
20 | 
21 | function fmt_audio ($post, $is_archive) {
22 | 	entry_title($post, $is_archive);
23 | 	echo "<audio class='u-audio' controls>";
24 | 		echo "<source src='" . $post['url'] . "' />";
25 | 		echo "<p>Your browser does not support this audio format</p>";
26 | 	echo "</audio>";
27 | 	entry_content($post, $is_archive);
28 | }
29 | 
30 | function fmt_scrobble ($post, $is_archive) {
31 | 	$url = $post['url'];
32 | 	if (empty($url)) {
33 | 		$url = ml_post_permalink($post['slug']);
34 | 	}
35 | 	echo "<h2 class='p-name'>";
36 | 		echo "<span class='p-name-emoji'>&#127911;</span>";
37 | 		echo "<a class='u-listen-of' href='" . $url . "'>";
38 | 			echo $post['name'];
39 | 		echo "</a>";
40 | 	echo "</h2>";
41 | 	entry_content($post, $is_archive);
42 | }
43 | 
44 | function fmt_bookmark ($post, $is_archive) {
45 | 	echo "<h2 class='p-name'>";
46 | 		echo "<span class='p-name-emoji'>&#128278;</span>";
47 | 		echo "<a class='u-bookmark-of h-cite' href='" . $post['url'] . "'>";
48 | 		if (empty($post['name'])) {
49 | 			echo $post['url'];
50 | 		} else {
51 | 			echo $post['name'];
52 | 		}
53 | 		echo "</a>";
54 | 	echo "</h2>";
55 | 	entry_content($post, $is_archive);
56 | }
57 | 
58 | function fmt_like ($post, $is_archive) {
59 | 	echo "<h2 class='p-name'>";
60 | 		echo "<span class='p-name-emoji'>&#10084;&#65039;</span>";
61 | 		echo "<a class='u-like-of' href='" . $post['url'] . "'>";
62 | 		if (empty($post['name'])) {
63 | 			echo $post['url'];
64 | 		} else {
65 | 			echo $post['name'];
66 | 		}
67 | 		echo "</a>";
68 | 	echo "</h2>";
69 | 	entry_content($post, $is_archive);
70 | }
71 | 
72 | function fmt_repost ($post, $is_archive) {
73 | 	echo "<h2 class='p-name'>";
74 | 		echo "<span class='p-name-emoji'>&#128260;</span>";
75 | 		echo "<a class='u-repost-of' href='" . $post['url'] . "'>";
76 | 		if (empty($post['name'])) {
77 | 			echo $post['url'];
78 | 		} else {
79 | 			echo $post['name'];
80 | 		}
81 | 		echo "</a>";
82 | 	echo "</h2>";
83 | 	entry_content($post, $is_archive);
84 | }
85 | 
86 | function fmt_reply ($post, $is_archive) {
87 | 	echo "<h2 class='p-name'>";
88 | 		echo "<span class='p-name-emoji'>&#128172;</span>";
89 | 		echo "<a class='u-in-reply-to' href='" . $post['url'] . "'>";
90 | 		if (empty($post['name'])) {
91 | 			echo $post['url'];
92 | 		} else {
93 | 			echo $post['name'];
94 | 		}
95 | 		echo "</a>";
96 | 	echo "</h2>";
97 | 	entry_content($post, $is_archive);
98 | }
99 | 


--------------------------------------------------------------------------------
/themes/microlight-default/entry/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | require_once('meta.php');
 8 | require_once('formats.php');
 9 | require_once('interaction.php');
10 | 
11 | /**
12 |  * The main logic for displaying entries
13 |  *
14 |  * @param Post $post
15 |  * @param boolean $is_archive
16 |  * @return void
17 |  */
18 | function entry ($post, $is_archive = true) {
19 | 	echo "<article class='h-entry'>";
20 | 
21 | 	// Show different content for different post types
22 | 	switch ($post['post_type']) {
23 | 	case 'audio':
24 | 		fmt_audio($post, $is_archive);
25 | 		break;
26 | 	case 'photo':
27 | 		fmt_image($post, $is_archive);
28 | 		break;
29 | 	case 'bookmark':
30 | 		fmt_bookmark($post, $is_archive);
31 | 		break;
32 | 	case 'like':
33 | 		fmt_like($post, $is_archive);
34 | 		break;
35 | 	case 'repost':
36 | 		fmt_repost($post, $is_archive);
37 | 		break;
38 | 	case 'reply':
39 | 		fmt_reply($post, $is_archive);
40 | 		break;
41 | 	case 'scrobble':
42 | 		fmt_scrobble($post, $is_archive);
43 | 		break;
44 | 	default:
45 | 		fmt_default($post, $is_archive);
46 | 		break;
47 | 	}
48 | 
49 | 	entry_footer($post, $is_archive);
50 | 
51 | 	entry_hcard();
52 | 
53 | 	entry_interactions($post);
54 | 
55 | 	// Everything below this point is for metadata
56 | 	echo '</article>';
57 | }
58 | 


--------------------------------------------------------------------------------
/themes/microlight-default/entry/interaction.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // Stop the rest of the page from processing if we're not actually loading this
  4 | // file from within microlight itself.
  5 | if (!defined('MICROLIGHT')) die();
  6 | 
  7 | /**
  8 |  * Add interactions to a single post
  9 |  * @param Post $post
 10 |  * @return void
 11 |  */
 12 | function entry_interactions ($post) {
 13 | 	if (isset($post['interactions']) === false) return;
 14 | 
 15 | 	// Open interactions section container
 16 | 	echo "<div id='entry-interactions'>";
 17 | 
 18 | 	foreach ($post['interactions'] as $interaction) {
 19 | 		switch ($interaction['type']) {
 20 | 		case 'like':
 21 | 		case 'favourite':
 22 | 			entry_like($interaction);
 23 | 			break;
 24 | 
 25 | 		case 'repost':
 26 | 			entry_repost($interaction);
 27 | 			break;
 28 | 
 29 | 		case 'bookmark':
 30 | 			entry_bookmark($interaction);
 31 | 			break;
 32 | 
 33 | 		case 'reply':
 34 | 		case 'comment':
 35 | 		default:
 36 | 			entry_reply($interaction);
 37 | 			break;
 38 | 		}
 39 | 	}
 40 | 
 41 | 	// Close interactions section container
 42 | 	echo "</div>";
 43 | }
 44 | 
 45 | function entry_interaction_metadata ($interaction) {
 46 | 	// Metadata (date, link to post, etc).
 47 | 	echo "<a class='u-url' href='" . $interaction['url'] . "'>";
 48 | 	echo "<time class='dt-published'>" . ml_date_pretty($interaction['datetime']) . "</time>";
 49 | 	echo "</a>";
 50 | }
 51 | 
 52 | function entry_interaction_author_image ($author) {
 53 | 	$src = ml_get_theme_dir() . "/images/default.png";
 54 | 	if ($author['photo_url'] !== null) {
 55 | 		$src = $author['photo_url'];
 56 | 	}
 57 | 
 58 | 	echo "<img src='" . $src . "' class='u-photo'>";
 59 | }
 60 | 
 61 | /**
 62 |  * Markup for 'reply' interactions
 63 |  * @param Interaction $interaction
 64 |  * @return void
 65 |  */
 66 | function entry_reply ($interaction) {
 67 | 	// Open container
 68 | 	echo "<div class='p-comment u-comment h-cite'>";
 69 | 
 70 | 	echo "<div class='p-author u-author h-card'>";
 71 | 	entry_interaction_author_image($interaction['person']);
 72 | 	echo "<a class='u-url p-name' href='" . $interaction['person']['url'] . "'>";
 73 | 	echo $interaction['person']['name'];
 74 | 	echo "</a>";
 75 | 	echo "</div>";
 76 | 
 77 | 	// Content
 78 | 	echo "<p class='p-content'>";
 79 | 	echo $interaction['contents'];
 80 | 	echo "</p>";
 81 | 
 82 | 	entry_interaction_metadata($interaction);
 83 | 
 84 | 	// Close container
 85 | 	echo "</div>";
 86 | }
 87 | 
 88 | /**
 89 |  * Markup for 'like' or 'favourite' interactions
 90 |  * @param Interaction $interaction
 91 |  * @return void
 92 |  */
 93 | function entry_like ($interaction) {
 94 | 	// Open container
 95 | 	echo "<div class='p-like u-like h-cite'>";
 96 | 
 97 | 	echo "<span class='entry-interaction-emoji'>&#10084;&#65039;</span>";
 98 | 
 99 | 	// Author
100 | 	echo "<div class='p-author u-author h-card'>";
101 | 	entry_interaction_author_image($interaction['person']);
102 | 	echo "<a class='u-url p-name' href='" . $interaction['person']['url'] . "'>";
103 | 	echo $interaction['person']['name'];
104 | 	echo "</a> liked this post.";
105 | 	echo "</div>";
106 | 
107 | 	entry_interaction_metadata($interaction);
108 | 
109 | 	// Close container
110 | 	echo "</div>";
111 | }
112 | 
113 | /**
114 |  * Markup for 'repost' interactions
115 |  * @param Interaction $interaction
116 |  * @return void
117 |  */
118 | function entry_repost ($interaction) {
119 | 	// Open container
120 | 	echo "<div class='p-repost u-repost h-cite'>";
121 | 
122 | 	// Repost emoji
123 | 	echo "<span class='entry-interaction-emoji'>&#128260;</span>";
124 | 
125 | 	// Author
126 | 	echo "<div class='p-author u-author h-card'>";
127 | 	entry_interaction_author_image($interaction['person']);
128 | 	echo "<a class='u-url p-name' href='" . $interaction['person']['url'] . "'>";
129 | 	echo $interaction['person']['name'];
130 | 	echo "</a> reposted this post.";
131 | 	echo "</div>";
132 | 
133 | 	entry_interaction_metadata($interaction);
134 | 
135 | 	// Close container
136 | 	echo "</div>";
137 | }
138 | 
139 | /**
140 |  * Markup for 'bookmark' interactions
141 |  * @param Interaction $interaction
142 |  * @return void
143 |  */
144 | function entry_bookmark ($interaction) {
145 | 	// Open container
146 | 	echo "<div class='p-bookmark u-bookmark h-cite'>";
147 | 
148 | 	echo "<span class='entry-interaction-emoji'>&#128278;</span>";
149 | 
150 | 	// Author
151 | 	echo "<div class='p-author u-author h-card'>";
152 | 	entry_interaction_author_image($interaction['person']);
153 | 	echo "<a class='u-url p-name' href='" . $interaction['person']['url'] . "'>";
154 | 	echo $interaction['person']['name'];
155 | 	echo "</a> bookmarked this post.";
156 | 	echo "</div>";
157 | 
158 | 	entry_interaction_metadata($interaction);
159 | 
160 | 	// Close container
161 | 	echo "</div>";
162 | }
163 | 


--------------------------------------------------------------------------------
/themes/microlight-default/entry/meta.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // Stop the rest of the page from processing if we're not actually loading this
  4 | // file from within microlight itself.
  5 | if (!defined('MICROLIGHT')) die();
  6 | 
  7 | /**
  8 |  * Displays the title of the post, if there is one, with an optional permalink
  9 |  *
 10 |  * @param Post $post
 11 |  * @param boolean $is_archive
 12 |  * @return void
 13 |  */
 14 | function entry_title ($post, $is_archive) {
 15 | 	if (ml_post_has_title($post) !== true) return;
 16 | 
 17 | 	if ($is_archive === true) {
 18 | 		echo "<a href='" . ml_post_permalink($post['slug']) . "'>";
 19 | 	}
 20 | 
 21 | 	echo "<h2 class='p-name'>";
 22 | 	echo $post['name'];
 23 | 	echo "</h2>";
 24 | 
 25 | 	if ($is_archive === true) {
 26 | 		echo "</a>";
 27 | 	}
 28 | }
 29 | 
 30 | /**
 31 |  * Displays the post's actual content, although may show the summary if viewing
 32 |  * the archive/index page
 33 |  *
 34 |  * @param Post $post
 35 |  * @param boolean $is_archive
 36 |  * @return void
 37 |  */
 38 | function entry_content ($post, $is_archive) {
 39 | 	if ($is_archive === true) {
 40 | 		echo "<p class='p-summary'>" . $post['summary'] . "</p>";
 41 | 	} else {
 42 | 		echo "<div class='e-content'>" . $post['content'] . "</div>";
 43 | 	}
 44 | }
 45 | 
 46 | /**
 47 |  * Displays the metadata at the bottom of a post
 48 |  *
 49 |  * @param Post $post
 50 |  * @param boolean $is_archive
 51 |  * @return void
 52 |  */
 53 | function entry_footer ($post, $is_archive) {
 54 | 	?>
 55 | 	<footer>
 56 | 	<div class='tags'>
 57 | 		<a href='<?php echo ml_type_permalink($post['post_type']); ?>'><?php
 58 | 			echo $post['post_type'];
 59 | 		?></a>
 60 | 		<?php
 61 | 		foreach ($post['tags'] as $key) {
 62 | 			echo "<a class='p-category' href='" . ml_tag_permalink($key) . "'>" . $key . "</a> ";
 63 | 		}
 64 | 		?>
 65 | 	</div>
 66 | 	<a class='u-url u-uid dt-published-link' href='<?php echo ml_post_permalink($post['slug']); ?>'>
 67 | 		<time class='dt-published' datetime='<?php echo $post['published']; ?>'>
 68 | 			<?php echo ml_date_pretty($post['published']); ?>
 69 | 		</time>
 70 | 	</a>
 71 | 	<?php if ($post['updated'] !== null && $is_archive === false): ?>
 72 | 	<time class='dt-updated' datetime='<?php echo $post['updated']; ?>'>
 73 | 		Updated on <?php echo ml_date_pretty($post['updated']); ?>
 74 | 	</time>
 75 | 	<?php endif; ?>
 76 | 	<?php
 77 | 
 78 | 	// Print Location
 79 | 	if (!$is_archive):
 80 | 		$geo = ml_location_geo($post['location']);
 81 | 		if (is_array($geo)):
 82 | 			$link = 'https://www.openstreetmap.org/?mlat=' . $geo['lat'] . '&mlon=' . $geo['long'];
 83 | 			?>
 84 | 			<div class='h-geo'>
 85 | 				&#x1F4CD;
 86 | 				<a
 87 | 					target='_blank'
 88 | 					href='<?php echo $link; ?>'
 89 | 				>
 90 | 					<span class='p-latitude'><?php echo $geo['lat']; ?></span>,
 91 | 					<span class='p-longitude'><?php echo $geo['long']; ?></span>
 92 | 				</a>
 93 | 			</div>
 94 | 		<?php
 95 | 		elseif (is_string($geo)):
 96 | 			?>
 97 | 			<div class='h-adr'>
 98 | 				&#x1F4CD;
 99 | 				<a
100 | 					target='_blank'
101 | 					class='p-street-address'
102 | 					href='https://www.openstreetmap.org/search?query=<?php echo $geo; ?>'
103 | 				>
104 | 					<?php echo $geo; ?>
105 | 				</a>
106 | 			</div>
107 | 		<?php
108 | 		endif;
109 | 	endif;
110 | 
111 | 	echo '</footer>';
112 | }
113 | 
114 | function entry_hcard () {
115 | 	echo "<div class='p-author vcard hcard h-card hidden'>";
116 | 		if (ml_user_has_icon()) {
117 | 			echo "<img class='u-photo' alt='" . User::NAME . "' src='" . ml_icon_url() . "' />";
118 | 		}
119 | 		echo "<a href='";
120 | 		echo ml_base_url();
121 | 		echo "' class='p-name u-url uid fn' rel='me'>";
122 | 			echo User::NAME;
123 | 		echo "</a>";
124 | 	echo "</div>";
125 | }
126 | 


--------------------------------------------------------------------------------
/themes/microlight-default/images/default.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/moonfloof/microlight/ac22389ae805bacfd65598a93d09346b485d4dfd/themes/microlight-default/images/default.png


--------------------------------------------------------------------------------
/themes/microlight-default/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | // Should this theme be dark or light? You decide!
 8 | $dark_mode = false;
 9 | 
10 | // Contains various elements for this page
11 | require_once('elements.php');
12 | 
13 | // Contains everything needed to display a single post
14 | require_once('entry/index.php');
15 | 
16 | ?>
17 | <!DOCTYPE html>
18 | <html lang="en">
19 | <?php html_head(); ?>
20 | <body>
21 | 	<?php html_author(); ?>
22 | 	<div class="<?php echo strtolower($showing); ?>">
23 | 		<?php
24 | 		switch ($showing) {
25 | 			case Show::ERROR404:
26 | 				echo 'That post could not be found.';
27 | 				break;
28 | 			case Show::DELETED:
29 | 				entry($posts, false);
30 | 				break;
31 | 			case Show::ARCHIVE:
32 | 				foreach ($posts as $Post) {
33 | 					entry($Post);
34 | 				}
35 | 				break;
36 | 			case Show::POST:
37 | 			case Show::PAGE:
38 | 				entry($posts, false);
39 | 				break;
40 | 		}
41 | 		?>
42 | 	</div>
43 | 	<?php html_pagination(); ?>
44 | </body>
45 | </html>
46 | 


--------------------------------------------------------------------------------
/themes/microlight-default/microlight-default-screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/moonfloof/microlight/ac22389ae805bacfd65598a93d09346b485d4dfd/themes/microlight-default/microlight-default-screenshot.png


--------------------------------------------------------------------------------
/themes/uberlight/README.md:
--------------------------------------------------------------------------------
 1 | # "Uberlight" Theme
 2 | 
 3 | This is an ultra lightweight theme that represents the bare minimum you need. It
 4 | is mainly used as a guide for making your own themes.
 5 | 
 6 | ## 1. Global Variables
 7 | 
 8 | While global variables and functions aren't the nicest thing ever to use, they
 9 | make theme support so much easier. Here is a list of what you can access when
10 | making your own themes:
11 | 
12 | * **`$showing`**: What page is being shown? The archive, a page or post? This
13 |   value uses the enum `Show`, which is one of:
14 |   * **`Show::ARCHIVE`**: The list of posts, usually the homepage.
15 |   * **`Show::POST`**: A single post.
16 |   * **`Show::ERROR404`**: For when a post you're trying to view is missing.
17 | * **`$posts`**: Either a list of posts, or a single post, loaded from the
18 |   database. This will either be an array of posts, with one or more posts if
19 |   `$showing` is `Show::ARCHIVE`, zero if `$showing` is `Show::ERROR404`, or a
20 |   single post (not an array) if `$showing` is `Show::POST`.
21 | * **`User`**: All user details, like name, email, and identities.
22 |   * **`User::NAME`**
23 |   * **`User::EMAIL`**
24 |   * **`User::IDENTITIES`**: A list of external profiles, each item contains:
25 |     * `name`: The name of the site
26 |     * `url`: A link to your profile on that site
27 |   * **`User::NOTE`**: If you've got a description about yourself set, it's here.
28 | * **`ml_*` functions**: There is a relatively large number of functions in the
29 |   `functions.include.php` file that is worth taking a look at to help
30 | 
31 | ## 2. `index.php`
32 | 
33 | Here is where all themes start. All you need to do is output some HTML, but
34 | we've separated some of the logic into other files.
35 | 
36 | For simplicity's sake, no CSS is provided at all.
37 | 
38 | ## 3. `meta.php`
39 | 
40 | This is where all the non-post metadata is processed, like the `<head>` tags and
41 | pagination at the bottom of the page. It shows that using the right class names
42 | is important for micropub and h-entry microformats to work correctly.
43 | 
44 | ## 4. `entry.php`
45 | 
46 | All entry displaying logic is located here. The `entry` function inside it will
47 | display an entire entry/post, with a couple of extra separated functions for
48 | easier reading.
49 | 
50 | ---
51 | 
52 | **Author:** Tom Gardiner (tom@tombofry.co.uk)
53 | 


--------------------------------------------------------------------------------
/themes/uberlight/entry.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | // Stop the rest of the page from processing if we're not actually loading this
  4 | // file from within microlight itself.
  5 | if (!defined('MICROLIGHT')) die();
  6 | 
  7 | /**
  8 |  * Display an entry on the page
  9 |  * @param Post $post
 10 |  * @param bool $show_permalink
 11 |  * @return void
 12 |  */
 13 | function entry ($post, $show_permalink = true) {
 14 | 	echo "<article class='h-entry'>";
 15 | 
 16 | 	entry_title($post, $show_permalink);
 17 | 
 18 | 	if ($show_permalink === true) {
 19 | 		echo "<div class='p-summary'>" . $post['summary'] . "</div>";
 20 | 	} else {
 21 | 		echo "<div class='e-content'>" . $post['content'] . "</div>";
 22 | 	}
 23 | 
 24 | 	entry_footer($post);
 25 | 	entry_interactions($post);
 26 | 
 27 | 	echo "</article>";
 28 | }
 29 | 
 30 | /**
 31 |  * Show the title, if there is one
 32 |  * @param Post $post
 33 |  * @param bool $show_permalink
 34 |  * @return void
 35 |  */
 36 | function entry_title ($post, $show_permalink = true) {
 37 | 	if (!ml_post_has_title($post)) return;
 38 | 
 39 | 	if ($show_permalink == true) {
 40 | 		echo "<a href='" . ml_post_permalink($post['slug']) . "'>";
 41 | 	}
 42 | 
 43 | 	echo "<h2 class='p-name'>";
 44 | 	echo $post['name'];
 45 | 	echo "</h2>";
 46 | 
 47 | 	if ($show_permalink == true) {
 48 | 		echo "</a>";
 49 | 	}
 50 | }
 51 | 
 52 | /**
 53 |  * Show the post's footer, including any tags, the date/time, and the type
 54 |  * @param Post $post
 55 |  * @return void
 56 |  */
 57 | function entry_footer ($post) {
 58 | 	$type_link = ml_type_permalink($post['post_type']);
 59 | 	$post_link = ml_post_permalink($post['slug']);
 60 | 	$date = ml_date_pretty($post['published']);
 61 | 
 62 | 	// Open footer
 63 | 	echo "<footer>";
 64 | 
 65 | 	// Open tags
 66 | 	echo "<div class='tags'>";
 67 | 
 68 | 	// Display a link to the post-type archive
 69 | 	echo "<a href='" . $type_link . "'>";
 70 | 	echo $post['post_type'];
 71 | 	echo "</a>; ";
 72 | 
 73 | 	// Display links to each of the post's tags
 74 | 	foreach ($post['tags'] as $key) {
 75 | 		$link = ml_tag_permalink($key);
 76 | 		echo "<a class='p-category' href='" . $link . "'>" . $key . "</a>; ";
 77 | 	}
 78 | 
 79 | 	// Close tags
 80 | 	echo "</div>";
 81 | 
 82 | 	// Display the time the post was created, with a link to the post included
 83 | 	echo "<a class='u-url u-uid dt-published-link' href='" . $post_link . "'>";
 84 | 	echo "<time class='dt-published' datetime='" . $post['published'] . "'>";
 85 | 	echo $date;
 86 | 	echo "</time>";
 87 | 	echo "</a>";
 88 | 
 89 | 	// Close footer
 90 | 	echo "</footer>";
 91 | }
 92 | 
 93 | function entry_interactions ($post) {
 94 | 	if (isset($post['interactions']) === false) return;
 95 | 
 96 | 	// Open interactions container
 97 | 	echo "<div class='entry-interactions'>";
 98 | 
 99 | 	foreach ($post['interactions'] as $interaction) {
100 | 		entry_interaction_single($interaction);
101 | 	}
102 | 
103 | 	// Close interactions container
104 | 	echo "</div>";
105 | }
106 | 
107 | function entry_interaction_single ($interaction) {
108 | 	// Open container
109 | 	echo "<div class='p-comment u-comment h-cite'>";
110 | 
111 | 	// Open author container
112 | 	echo "<div class='p-author u-author h-card'>";
113 | 
114 | 	// Display the image, only if the person has one.
115 | 	if ($interaction['person']['photo_url'] !== null) {
116 | 		echo "<img src='" . $interaction['person']['photo_url'] . "' class='u-photo'>";
117 | 	}
118 | 
119 | 	// Display the person's name and URL to their homepage
120 | 	echo "<a class='u-url p-name' href='" . $interaction['person']['url'] . "'>";
121 | 	echo $interaction['person']['name'];
122 | 	echo "</a>";
123 | 	echo "</div>";
124 | 
125 | 	// Open content container
126 | 	echo "<p class='p-content'>";
127 | 
128 | 	if ($interaction['type'] === 'reply') {
129 | 		// Display webmention contents
130 | 		echo $interaction['contents'];
131 | 	} else {
132 | 		// Convert the interaction type into a verb and display it.
133 | 		$type = $interaction['type'];
134 | 		// Add an 'e' to the end if there isn't one already
135 | 		if ($type[-1] !== 'e') $type .= 'e';
136 | 		// Always add the D ;)
137 | 		$type .= 'd';
138 | 		// Print it out.
139 | 		echo $type . ' this post.';
140 | 	}
141 | 
142 | 	// Close content container
143 | 	echo "</p>";
144 | 
145 | 	// Display metadata (date, link to post, etc).
146 | 	echo "<a class='u-url' href='" . $interaction['url'] . "'>";
147 | 	echo "<time class='dt-published'>" . ml_date_pretty($interaction['datetime']) . "</time>";
148 | 	echo "</a>";
149 | 
150 | 	// Close container
151 | 	echo "</div>";
152 | }
153 | 


--------------------------------------------------------------------------------
/themes/uberlight/index.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | require_once('meta.php');
 8 | require_once('entry.php');
 9 | 
10 | ?>
11 | <!DOCTYPE html>
12 | <html lang="en">
13 | <head>
14 | 	<?php
15 | 	ml_page_headers(); // Add pre-generated headers
16 | 	?>
17 | </head>
18 | <body>
19 | 	<?php html_author(); ?>
20 | 	<main>
21 | 
22 | 		<?php
23 | 		switch ($showing) {
24 | 			case Show::ERROR404:
25 | 				echo 'That post could not be found.';
26 | 				break;
27 | 			case Show::ARCHIVE:
28 | 				foreach ($posts as $Post) {
29 | 					entry($Post);
30 | 				}
31 | 				break;
32 | 			case Show::POST:
33 | 			case Show::PAGE:
34 | 				entry($posts, false);
35 | 				break;
36 | 		}
37 | 
38 | 		html_pagination();
39 | 		?>
40 | 	</main>
41 | </body>
42 | </html>
43 | 


--------------------------------------------------------------------------------
/themes/uberlight/meta.php:
--------------------------------------------------------------------------------
 1 | <?php
 2 | 
 3 | // Stop the rest of the page from processing if we're not actually loading this
 4 | // file from within microlight itself.
 5 | if (!defined('MICROLIGHT')) die();
 6 | 
 7 | function html_author_links () {
 8 | 	echo "<ul class='me-links'>";
 9 | 
10 | 	// Display email first
11 | 	echo "<li>";
12 | 	// Using the `rel=me` attribute and `u-email` class for `h-entry` sites
13 | 	echo "<a rel='me' class='u-email' href='mailto:" . User::EMAIL . "'>";
14 | 	echo User::EMAIL;
15 | 	echo "</a>";
16 | 	echo "</li>";
17 | 
18 | 	// Display all links underneath
19 | 	foreach (User::IDENTITIES as $identity) {
20 | 		echo "<li>";
21 | 		// Be sure to include `rel=me` for all user links
22 | 		echo "<a rel='me' target='_blank' href='" . $identity['url'] . "'>";
23 | 		echo $identity['name'];
24 | 		echo "</a>";
25 | 		echo "</li>";
26 | 	}
27 | 
28 | 	echo "</ul>";
29 | }
30 | 
31 | function html_author () {
32 | 	// These classes indicate the author
33 | 	echo "<header class='p-author vcard hcard h-card'>";
34 | 	echo "<h1>";
35 | 	echo "<a href='";
36 | 	echo ml_base_url();
37 | 	// These classes represent the author's full name
38 | 	echo "' class='p-name u-url uid fn' rel='me'>";
39 | 	echo User::NAME;
40 | 	echo "</a>";
41 | 	echo "</h1>";
42 | 
43 | 	if (!empty(User::NOTE)) {
44 | 		echo "<p class='p-note'>" . User::NOTE . "</p>";
45 | 	}
46 | 
47 | 	echo html_author_links();
48 | 	echo "</header>";
49 | }
50 | 
51 | function html_pagination () {
52 | 	// Only display pagination if we need to
53 | 	if (!ml_pagination_enabled()) return;
54 | 
55 | 	// Open pagination
56 | 	echo "<div class='pagination'>";
57 | 
58 | 	// Display left pagination
59 | 	if (ml_pagination_left_enabled()) {
60 | 		echo "<a class='pagination-left' href='";
61 | 		echo ml_pagination_left_link();
62 | 		echo "'>&lt;&lt; Newer</a>";
63 | 	}
64 | 
65 | 	// Display right pagination
66 | 	if (ml_pagination_right_enabled()) {
67 | 		echo "<a class='pagination-right' href='";
68 | 		echo ml_pagination_right_link();
69 | 		echo "'>Older &gt;&gt;</a>";
70 | 	}
71 | 
72 | 	// Close pagination
73 | 	echo '</div>';
74 | }
75 | 


--------------------------------------------------------------------------------
/webmention/index.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | define('MICROLIGHT', 'v1.0.1');
  4 | 
  5 | chdir('..');
  6 | require_once('includes/config.php');
  7 | require_once('includes/api.include.php');
  8 | 
  9 | if (ml_api_method() !== HTTPMethod::POST) {
 10 | 	header('Allow: POST');
 11 | 	ml_http_response(HTTPStatus::METHOD_NOT_ALLOWED);
 12 | 	return;
 13 | }
 14 | 
 15 | // Initialise POST
 16 | if (!ml_api_post_decode()) return;
 17 | 
 18 | /**
 19 |  * Ensure that the provided URL is a fully valid, absolute URL
 20 |  *
 21 |  * @param string $url
 22 |  * @return boolean
 23 |  */
 24 | function ml_webmention_validate_url ($url) {
 25 | 	$url_parts = parse_url($url);
 26 | 
 27 | 	// URL must be absolute, so check for a scheme (http(s)) and a hostname/IP
 28 | 	if (!isset($url_parts['scheme']) || !isset($url_parts['host'])) return false;
 29 | 
 30 | 	// Must be a HTTP URL, do not allow `mailto` or `ftp`, etc.
 31 | 	if ($url_parts['scheme'] !== 'http' && $url_parts['scheme'] !== 'https') {
 32 | 		return false;
 33 | 	}
 34 | 
 35 | 	// According to the webmention spec, should not contain localhost or a
 36 | 	// loopback address
 37 | 	// if ($url_parts['host'] === 'localhost' || substr($url_parts['host'], 0, 4) === '127.') {
 38 | 	// 	return false;
 39 | 	// }
 40 | 
 41 | 	// Validate the URL we've created to make sure it's valid
 42 | 	if (filter_var($url, FILTER_VALIDATE_URL) === false) return false;
 43 | 
 44 | 	// If both tests passed, return true.
 45 | 	return true;
 46 | }
 47 | 
 48 | /**
 49 |  * Validate the POST body of the incoming request. Validates two URLs according
 50 |  * to the following link:
 51 |  * https://www.w3.org/TR/webmention/#request-verification
 52 |  *
 53 |  * @global array $post
 54 |  * @return void
 55 |  */
 56 | function ml_webmention_validate_post () {
 57 | 	global $post;
 58 | 
 59 | 	// Make sure both `source` and `target` URLs are provided
 60 | 	if (!isset($post['source'])) return 'Source URL was not provided';
 61 | 	if (!isset($post['target'])) return 'Target URL was not provided';
 62 | 
 63 | 	// Make sure both URLs are not the same
 64 | 	if ($post['source'] === $post['target']) {
 65 | 		return 'Source and Target URLs cannot be the same';
 66 | 	}
 67 | 
 68 | 	// Make sure provided URLs *are actually* URLs.
 69 | 	if (ml_webmention_validate_url($post['source']) === false) {
 70 | 		return 'Source URL is not a valid URL';
 71 | 	}
 72 | 	if (ml_webmention_validate_url($post['target']) === false) {
 73 | 		return 'Target URL is not a valid URL';
 74 | 	}
 75 | 
 76 | 	return true;
 77 | }
 78 | 
 79 | /**
 80 |  * Make sure the target URL provided by the request is actually an entry that
 81 |  * exists in the system. Loads data from the database.
 82 |  *
 83 |  * @param DB $db The database connection
 84 |  * @param string $target Target URL, should be provided by POST body
 85 |  * @return void
 86 |  * @throws Exception
 87 |  */
 88 | function ml_webmention_validate_target ($db, $target) {
 89 | 	// May throw if the URL does not match
 90 | 	$slug = ml_slug_from_url($target);
 91 | 
 92 | 	// Attempt to fetch the post from the database
 93 | 	$post_db = new Post($db);
 94 | 	$post_where = [ SQL::where_create('slug', $slug, SQLOP::EQUAL, SQLEscape::SLUG) ];
 95 | 	$post = $post_db->find_one($post_where);
 96 | 
 97 | 	// Validate post
 98 | 	if ($post === null) throw new Exception('Target post does not exist');
 99 | 	if ($post['status'] === 'deleted') throw new Exception('Target post has been deleted');
100 | 
101 | 	return $post['id'];
102 | }
103 | 
104 | /**
105 |  * Helper function to generate part of an XPath query to match an element's
106 |  * class name
107 |  *
108 |  * @param string $class_name
109 |  * @return string
110 |  */
111 | function xpath_class ($class_name) {
112 | 	return 'contains(concat(" ", normalize-space(@class), " "), " ' . $class_name . ' ")';
113 | }
114 | 
115 | /**
116 |  * Perform a GET request on the source URL to try and find the Target URL within
117 |  * the entry somewhere.
118 |  *
119 |  * @param string $source Source URL
120 |  * @param string $target Target URL
121 |  * @return array Post's details
122 |  * @throws Exception
123 |  */
124 | function ml_webmention_validate_source_contents ($source, $target) {
125 | 	// Load the page, including the headers, but specifically setting the user-agent
126 | 	$response = ml_http_request($source, HTTPMethod::GET, null, [
127 | 		'User-Agent: Microlight/' . MICROLIGHT . ' (webmention)'
128 | 	]);
129 | 
130 | 	// For multiple reuse, this is the structure of a "deleted" webmention.
131 | 	$deleted = [
132 | 		'author' => false,
133 | 		'deleted' => true,
134 | 	];
135 | 
136 | 	// Make sure the webpage returned a successful response, unless it has been deleted.
137 | 	if ($response['code'] === 410) {
138 | 		return $deleted;
139 | 	} elseif ($response['code'] < 200 || $response['code'] > 299) {
140 | 		throw new Exception('Source URL returned non-success status code');
141 | 	}
142 | 
143 | 	// Parse the document
144 | 	$doc = new DOMDocument();
145 | 	@$doc->loadHTML($response['body']);
146 | 	$xpath = new DOMXPath($doc);
147 | 
148 | 	// Perform an XPath query with the following expression.
149 | 	// This selects any <a/> tags that contain the target URL in their href
150 | 	// attribute.
151 | 	$target_links = $xpath->query('//a[@href="' . $target . '"]');
152 | 
153 | 	// Make sure there is at least one link on the page with an exactly matching
154 | 	// target URL.
155 | 	if ($target_links->length < 1) return $deleted;
156 | 
157 | 	// If the page is indeed valid, determine the:
158 | 	// * entry type
159 | 	// * post content
160 | 	// * published date
161 | 	// * author details (name, image, home URL)
162 | 
163 | 	// Entry Type!
164 | 	// We're only going to see what the first link contains. If this becomes a
165 | 	// problem, I will update this to check all links.
166 | 	$type = 'reply';
167 | 	$target_link_classes = explode(" ", $target_links[0]->getAttribute('class'));
168 | 	foreach ($target_link_classes as $class) {
169 | 		switch ($class) {
170 | 		case 'u-in-reply-to':
171 | 			$type = 'reply';
172 | 			break;
173 | 		case 'u-like-of':
174 | 			$type = 'like';
175 | 			break;
176 | 		case 'u-repost-of':
177 | 			$type = 'repost';
178 | 			break;
179 | 		case 'u-bookmark-of':
180 | 			$type = 'bookmark';
181 | 			break;
182 | 		}
183 | 	}
184 | 
185 | 	// First, get the entry containers and use the first one.
186 | 	$entry = $xpath->query('//*[' . xpath_class('h-entry') . ']');
187 | 	if ($entry->length < 1) {
188 | 		throw new Exception('Source URL does not contain a h-entry container');
189 | 	}
190 | 	$entry = $entry[0];
191 | 
192 | 	// Determine the published date of the entry
193 | 	$published = $xpath->query('.//*[' . xpath_class("dt-published") . ']', $entry);
194 | 	if ($published->length < 1) {
195 | 		throw new Exception('Source URL does not contain a published date');
196 | 	}
197 | 	if ($published[0]->hasAttribute('datetime')) {
198 | 		$published = $published[0]->getAttribute('datetime');
199 | 	} else {
200 | 		$published = trim(strip_tags($published[0]->textContent));
201 | 	}
202 | 
203 | 	// Determine author card details
204 | 	$author_query = './/*[';
205 | 	$author_query .= xpath_class("p-author") . ' or ';
206 | 	$author_query .= xpath_class("h-card") . ' or ';
207 | 	$author_query .= xpath_class("hcard") . ' or ';
208 | 	$author_query .= xpath_class("vcard") . ']';
209 | 	$author = $xpath->query($author_query, $entry);
210 | 	if ($author->length < 1) {
211 | 		throw new Exception('Source URL does not contain an author card within the post');
212 | 	}
213 | 	$author = $author[0];
214 | 
215 | 	// With the author h-card, get the image, name, and URL
216 | 	$images = $xpath->query('.//img[' . xpath_class("u-photo") . ']', $author);
217 | 	$author_image = null;
218 | 	foreach ($images as $image) {
219 | 		if ($image->hasAttribute('src')) {
220 | 			$author_image = $image->getAttribute('src');
221 | 			break;
222 | 		}
223 | 	}
224 | 
225 | 	$names = $xpath->query('.//*[' . xpath_class("p-name") . ']', $author);
226 | 	$author_name = '';
227 | 	if ($names->length > 0) {
228 | 		$author_name = trim(strip_tags($names[0]->textContent));
229 | 	}
230 | 
231 | 	$urls = $xpath->query('.//a[' . xpath_class("u-url") . ']', $author);
232 | 	if ($urls->length < 1) {
233 | 		throw new Exception('Source URL does not contain the author\'s home URL');
234 | 	}
235 | 	$author_url = $urls[0]->getAttribute('href');
236 | 
237 | 	// Assume normal post type for the meantime.
238 | 
239 | 	// Determine the post's content
240 | 	// There may be no content if the post type is `like`, `repost`, or `bookmark`
241 | 	$content_query = './/*[';
242 | 	$content_query .= xpath_class("e-content") . ' or ';
243 | 	$content_query .= xpath_class("p-content") . ']';
244 | 	$content_dom = $xpath->query($content_query, $entry);
245 | 	$content = '';
246 | 	if ($content_dom->length > 0) {
247 | 		$content = trim(strip_tags($content_dom[0]->textContent));
248 | 	}
249 | 
250 | 	return [
251 | 		'author' => [
252 | 			'name' => $author_name,
253 | 			'url' => $author_url,
254 | 			'photo_url' => $author_image,
255 | 		],
256 | 		'type' => $type,
257 | 		'datetime' => $published,
258 | 		'contents' => $content,
259 | 		'deleted' => false,
260 | 	];
261 | }
262 | 
263 | /**
264 |  * Match the discovered author with one from the database. If one is not found,
265 |  * insert it and return the new ID. If one does exist, update any fields that
266 |  * have changed and return the existing ID.
267 |  *
268 |  * @param DB $db Database connection
269 |  * @param array $author Array/object containing source's author details
270 |  * @param string $author['name'] Author's name
271 |  * @param string $author['url'] Author's URL
272 |  * @param string $author['photo_url'] Author's Photo URL
273 |  * @return array Contains same details but with a Person ID from the database
274 |  */
275 | function ml_webmention_validate_author ($db, $author) {
276 | 	$person_db = new Person($db);
277 | 
278 | 	// The author may be false if the post was deleted, in which case return early.
279 | 	if ($author === false) return false;
280 | 
281 | 	// Find a person
282 | 	$where = [ SQL::where_create('url', $author['url']) ];
283 | 	$person = $person_db->find_one($where);
284 | 
285 | 	// If they don't exist, insert their details and
286 | 	// associate the new ID with the author
287 | 	if ($person === null) {
288 | 		$person_id = $person_db->insert($author);
289 | 		$author['id'] = $person_id;
290 | 		return $author;
291 | 
292 | 	// Otherwise, update their details and return the updated cache
293 | 	} else {
294 | 		// Keep track of any changes
295 | 		$changes = [];
296 | 
297 | 		// Update Photo URL
298 | 		if ($person['photo_url'] !== $author['photo_url']) {
299 | 			$changes['photo_url'] = $author['photo_url'];
300 | 		}
301 | 
302 | 		// Update Name
303 | 		if ($person['name'] !== $author['name']) {
304 | 			$changes['name'] = $author['name'];
305 | 		}
306 | 
307 | 		// Only update if necessary
308 | 		if (count($changes) === 0) return $person;
309 | 
310 | 		// Make the changes
311 | 		$update_where = [ SQL::where_create(
312 | 			'id',
313 | 			$person['id'],
314 | 			SQLOP::EQUAL,
315 | 			SQLEscape::INT
316 | 		) ];
317 | 		$person_db->update($changes, $update_where);
318 | 
319 | 		// If all went well, just make sure the Person ID is included
320 | 		return $person;
321 | 	}
322 | }
323 | 
324 | /**
325 |  * Store the new interaction in the database. Everything at this point should be
326 |  * correctly validated and ready to go straight in!
327 |  *
328 |  * @param DB $db
329 |  * @param integer $post_id
330 |  * @param array $post_details
331 |  * @param array $author
332 |  * @return int
333 |  * @throws DBError
334 |  */
335 | function ml_webmention_interaction_store ($db, $source, $post_id, $post_details, $author) {
336 | 	$interaction_db = new Interaction($db);
337 | 
338 | 	// See if this URL has already been entered into the database
339 | 	$where = [ SQL::where_create('url', $source) ];
340 | 	$existing = $interaction_db->find_one($where);
341 | 
342 | 	// Delete and return early, only if the post has been deleted and the
343 | 	// interaction *does* actually exist.
344 | 	if ($post_details['deleted'] === true) {
345 | 		if ($existing !== null) $interaction_db->delete($where);
346 | 		return;
347 | 	}
348 | 
349 | 	$interaction_properties = [
350 | 		'type' => $post_details['type'],
351 | 		'datetime' => $post_details['datetime'],
352 | 		'contents' => $post_details['contents'],
353 | 		'url' => $source,
354 | 		'person_id' => $author['id'],
355 | 		'post_id' => $post_id,
356 | 	];
357 | 
358 | 	// Update the existing record, or create a new one.
359 | 	if ($existing !== null) {
360 | 		$interaction_db->update($interaction_properties, $where);
361 | 		return $existing['id'];
362 | 	} else {
363 | 		$interaction_id = $interaction_db->insert($interaction_properties);
364 | 	}
365 | 
366 | 	return $interaction_id;
367 | }
368 | 
369 | try {
370 | 	// Step 1: Validate input, can't proceed if the URLs aren't set up properly!
371 | 	$post_validation = ml_webmention_validate_post();
372 | 	if ($post_validation !== true) throw new Exception($post_validation);
373 | 
374 | 	// Easier variable names to type :D
375 | 	$source = $post['source'];
376 | 	$target = $post['target'];
377 | 
378 | 	$db = new DB();
379 | 
380 | 	// Step 2: Make sure the post actually exists before adding a comment to it
381 | 	$post_id = ml_webmention_validate_target($db, $target);
382 | 
383 | 	// Step 3: Fetch source contents to insert into database
384 | 	$post_details = ml_webmention_validate_source_contents($source, $target);
385 | 
386 | 	// Step 4: See if the post's author is already in the database, adding them
387 | 	//         if not.
388 | 	$author = ml_webmention_validate_author($db, $post_details['author']);
389 | 
390 | 	// Step 5: Finally, store the webmention in the database, updating or
391 | 	//         deleting the interaction if it has changed.
392 | 	$interaction_id = ml_webmention_interaction_store(
393 | 		$db,
394 | 		$source,
395 | 		$post_id,
396 | 		$post_details,
397 | 		$author
398 | 	);
399 | 
400 | 	ml_http_response(HTTPStatus::OK);
401 | 	return;
402 | } catch (\Throwable $err) {
403 | 	ml_http_error(HTTPStatus::INVALID_REQUEST, $err->getMessage());
404 | 	return;
405 | }
406 | 


--------------------------------------------------------------------------------