Beispiel #1
0
function photos_post(&$a)
{
    logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
    logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
    logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
    $ph = photo_factory('');
    $phototypes = $ph->supportedTypes();
    $can_post = false;
    $page_owner_uid = $a->data['channel']['channel_id'];
    if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
        $can_post = true;
    }
    if (!$can_post) {
        notice(t('Permission denied.') . EOL);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $s = abook_self($page_owner_uid);
    if (!$s) {
        notice(t('Page owner information could not be retrieved.') . EOL);
        logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
        if (is_ajax()) {
            killme();
        }
        return;
    }
    $owner_record = $s[0];
    $acl = new AccessList($a->data['channel']);
    if (argc() > 3 && argv(2) === 'album') {
        $album = hex2bin(argv(3));
        if ($album === t('Profile Photos')) {
            // not allowed
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        if (!photos_album_exists($page_owner_uid, $album)) {
            notice(t('Album not found.') . EOL);
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        /*
         * RENAME photo album
         */
        $newalbum = notags(trim($_REQUEST['albumname']));
        if ($newalbum != $album) {
            // @fixme - syncronise with DAV or disallow completely
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
            //			$x = photos_album_rename($page_owner_uid,$album,$newalbum);
            //			if($x) {
            //				$newurl = str_replace(bin2hex($album),bin2hex($newalbum),$_SESSION['photo_return']);
            //				goaway($a->get_baseurl() . '/' . $newurl);
            //			}
        }
        /*
         * DELETE photo album and all its photos
         */
        if ($_REQUEST['dropalbum'] == t('Delete Album')) {
            $res = array();
            // get the list of photos we are about to delete
            if (remote_channel() && !local_channel()) {
                $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
            } elseif (local_channel()) {
                $str = photos_album_get_db_idstr(local_channel(), $album);
            } else {
                $str = null;
            }
            if (!$str) {
                goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
            }
            $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
            if ($r) {
                foreach ($r as $i) {
                    attach_delete($page_owner_uid, $i['resource_id'], 1);
                    // This is now being done in attach_delete()
                    //			drop_item($i['id'],false,DROPITEM_PHASE1,true /* force removal of linked items */);
                    //			proc_run('php','include/notifier.php','drop',$i['id']);
                }
            }
            // remove the associated photos in case they weren't attached to an item
            q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
            // @FIXME do the same for the linked attach
        }
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
    }
    if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
        // same as above but remove single photo
        $ob_hash = get_observer_hash();
        if (!$ob_hash) {
            goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        }
        $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc($a->argv[2]));
        if ($r) {
            /* this happens in attach_delete
            			q("DELETE FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s'",
            				intval($page_owner_uid),
            				dbesc($r[0]['resource_id'])
            			);
            			*/
            attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
            /* this happens in attach_delete
            			$i = q("SELECT * FROM `item` WHERE `resource_id` = '%s' AND resource_type = 'photo' and `uid` = %d LIMIT 1",
            				dbesc($r[0]['resource_id']),
            				intval($page_owner_uid)
            			);
            			if(count($i)) {
            				drop_item($i[0]['id'],true,DROPITEM_PHASE1);
            				$url = $a->get_baseurl();
            			}
            			*/
        }
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
    }
    if ($a->argc > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false) || x($_POST, 'albname') !== false) {
        $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
        $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
        $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
        $albname = x($_POST, 'albname') ? notags(trim($_POST['albname'])) : '';
        $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
        $acl->set_from_array($_POST);
        $perm = $acl->get();
        $resource_id = $a->argv[2];
        if (!strlen($albname)) {
            $albname = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y');
        }
        if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
            logger('rotate');
            $r = q("select * from photo where `resource_id` = '%s' and uid = %d and scale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
            if (count($r)) {
                $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['data']) : dbunescbin($r[0]['data']);
                $ph = photo_factory($d, $r[0]['type']);
                if ($ph->is_valid()) {
                    $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
                    $ph->rotate($rotate_deg);
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    if (intval($r[0]['os_storage'])) {
                        @file_put_contents($r[0]['data'], $ph->imageString());
                        $data = $r[0]['data'];
                        $fsize = @filesize($r[0]['data']);
                        q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
                    } else {
                        $data = $ph->imageString();
                        $fsize = strlen($data);
                    }
                    $x = q("update photo set data = '%s', `size` = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 1024 || $height > 1024) {
                        $ph->scaleImage(1024);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 640 || $height > 640) {
                        $ph->scaleImage(640);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                    if ($width > 320 || $height > 320) {
                        $ph->scaleImage(320);
                    }
                    $width = $ph->getWidth();
                    $height = $ph->getHeight();
                    $x = q("update photo set data = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and scale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                }
            }
        }
        $p = q("SELECT type, is_nsfw, description, resource_id, scale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY scale DESC", dbesc($resource_id), intval($page_owner_uid));
        if ($p) {
            $ext = $phototypes[$p[0]['type']];
            $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
        }
        $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
        $old_is_nsfw = $p[0]['is_nsfw'];
        if ($old_is_nsfw != $is_nsfw) {
            $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
        }
        /* Don't make the item visible if the only change was the album name */
        $visibility = 0;
        if ($p[0]['description'] !== $desc || strlen($rawtags)) {
            $visibility = 1;
        }
        if (!$item_id) {
            $item_id = photos_create_item($a->data['channel'], get_observer_hash(), $p[0], $visibility);
        }
        if ($item_id) {
            $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
            if ($r) {
                $old_tag = $r[0]['tag'];
                $old_inform = $r[0]['inform'];
            }
        }
        // make sure the linked item has the same permissions as the photo regardless of any other changes
        $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
        // make sure the attach has the same permissions as the photo regardless of any other changes
        $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
        if (strlen($rawtags)) {
            $str_tags = '';
            $inform = '';
            // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
            $x = substr($rawtags, 0, 1);
            if ($x !== '@' && $x !== '#') {
                $rawtags = '@' . $rawtags;
            }
            require_once 'include/text.php';
            $profile_uid = $a->profile['profile_uid'];
            $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
            $success = $results['success'];
            $post_tags = array();
            foreach ($results as $result) {
                $success = $result['success'];
                if ($success['replaced']) {
                    $post_tags[] = array('uid' => $profile_uid, 'type' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
                }
            }
            $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
            if ($r) {
                $r = fetch_post_tags($r, true);
                $datarray = $r[0];
                if ($post_tags) {
                    if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
                        $datarray['term'] = $post_tags;
                    } else {
                        $datarray['term'] = array_merge($datarray['term'], $post_tags);
                    }
                }
                item_store_update($datarray, $execflag);
            }
        }
        goaway($a->get_baseurl() . '/' . $_SESSION['photo_return']);
        return;
        // NOTREACHED
    }
    /**
     * default post action - upload a photo
     */
    $channel = $a->data['channel'];
    $observer = $a->data['observer'];
    $_REQUEST['source'] = 'photos';
    require_once 'include/attach.php';
    if (!local_channel()) {
        $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
        $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
        $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
        $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
    }
    $r = attach_store($a->channel, get_observer_hash(), '', $_REQUEST);
    if (!$r['success']) {
        notice($r['message'] . EOL);
    }
    if ($_REQUEST['newalbum']) {
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
    } else {
        goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
    }
}
Beispiel #2
0
 public function store($aid, $uid, $xchan, $rid, $filename, $album, $scale, $usage = PHOTO_NORMAL, $allow_cid = '', $allow_gid = '', $deny_cid = '', $deny_gid = '')
 {
     $x = q("select id from photo where `resource_id` = '%s' and uid = %d and `xchan` = '%s' and `imgscale` = %d limit 1", dbesc($rid), intval($uid), dbesc($xchan), intval($scale));
     if (count($x)) {
         $r = q("UPDATE `photo`\n\t\t\t\tset `aid` = %d,\n\t\t\t\t`uid` = %d,\n\t\t\t\t`xchan` = '%s',\n\t\t\t\t`resource_id` = '%s',\n\t\t\t\t`created` = '%s',\n\t\t\t\t`edited` = '%s',\n\t\t\t\t`filename` = '%s',\n\t\t\t\t`mimetype` = '%s',\n\t\t\t\t`album` = '%s',\n\t\t\t\t`height` = %d,\n\t\t\t\t`width` = %d,\n\t\t\t\t`content` = '%s',\n\t\t\t\t`filesize` = %d,\n\t\t\t\t`imgscale` = %d,\n\t\t\t\t`photo_usage` = %d,\n\t\t\t\t`allow_cid` = '%s',\n\t\t\t\t`allow_gid` = '%s',\n\t\t\t\t`deny_cid` = '%s',\n\t\t\t\t`deny_gid` = '%s'\n\t\t\t\twhere id = %d", intval($aid), intval($uid), dbesc($xchan), dbesc($rid), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename($filename)), dbesc($this->getType()), dbesc($album), intval($this->getHeight()), intval($this->getWidth()), dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($photo_usage), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid), intval($x[0]['id']));
     } else {
         $r = q("INSERT INTO `photo`\n\t\t\t\t( `aid`, `uid`, `xchan`, `resource_id`, `created`, `edited`, `filename`, mimetype, `album`, `height`, `width`, `content`, `filesize`, `imgscale`, `photo_usage`, `allow_cid`, `allow_gid`, `deny_cid`, `deny_gid` )\n\t\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', '%s', '%s' )", intval($aid), intval($uid), dbesc($xchan), dbesc($rid), dbesc(datetime_convert()), dbesc(datetime_convert()), dbesc(basename($filename)), dbesc($this->getType()), dbesc($album), intval($this->getHeight()), intval($this->getWidth()), dbescbin($this->imageString()), intval(strlen($this->imageString())), intval($scale), intval($photo_usage), dbesc($allow_cid), dbesc($allow_gid), dbesc($deny_cid), dbesc($deny_gid));
     }
     return $r;
 }
Beispiel #3
0
 /**
  * @brief Updates the data of the file.
  *
  * @param resource $data
  * @return void
  */
 public function put($data)
 {
     logger('put file: ' . basename($this->name), LOGGER_DEBUG);
     $size = 0;
     // @todo only 3 values are needed
     $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id));
     $is_photo = false;
     $album = '';
     $r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($r) {
         if (intval($r[0]['os_storage'])) {
             $d = q("select folder, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
             if ($d) {
                 if ($d[0]['folder']) {
                     $f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", dbesc($d[0]['folder']), intval($c[0]['channel_id']));
                     if ($f1) {
                         $album = $f1[0]['filename'];
                         $direct = $f1[0];
                     }
                 }
                 $fname = dbunescbin($d[0]['data']);
                 $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
                 // @todo check return value and set $size directly
                 @file_put_contents($f, $data);
                 $size = @filesize($f);
                 logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
             }
             $gis = @getimagesize($f);
             logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
             if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
                 $is_photo = 1;
             }
         } else {
             // this shouldn't happen any more
             $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
             $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
             if ($r) {
                 $size = $r[0]['fsize'];
             }
         }
     }
     // returns now()
     $edited = datetime_convert();
     $d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($is_photo) {
         require_once 'include/photos.php';
         $args = array('resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct);
         $p = photo_upload($c[0], get_app()->get_observer(), $args);
     }
     // update the folder's lastmodified timestamp
     $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
     // @todo do we really want to remove the whole file if an update fails
     // because of maxfilesize or quota?
     // There is an Exception "InsufficientStorage" or "PaymentRequired" for
     // our service class from SabreDAV we could use.
     $maxfilesize = get_config('system', 'maxfilesize');
     if ($maxfilesize && $size > $maxfilesize) {
         attach_delete($c[0]['channel_id'], $this->data['hash']);
         return;
     }
     $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
     if ($limit !== false) {
         $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
         if ($x && $x[0]['total'] + $size > $limit) {
             logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
             attach_delete($c[0]['channel_id'], $this->data['hash']);
             return;
         }
     }
 }
Beispiel #4
0
 function post()
 {
     logger('mod-photos: photos_post: begin', LOGGER_DEBUG);
     logger('mod_photos: REQUEST ' . print_r($_REQUEST, true), LOGGER_DATA);
     logger('mod_photos: FILES ' . print_r($_FILES, true), LOGGER_DATA);
     $ph = photo_factory('');
     $phototypes = $ph->supportedTypes();
     $can_post = false;
     $page_owner_uid = \App::$data['channel']['channel_id'];
     if (perm_is_allowed($page_owner_uid, get_observer_hash(), 'write_storage')) {
         $can_post = true;
     }
     if (!$can_post) {
         notice(t('Permission denied.') . EOL);
         if (is_ajax()) {
             killme();
         }
         return;
     }
     $s = abook_self($page_owner_uid);
     if (!$s) {
         notice(t('Page owner information could not be retrieved.') . EOL);
         logger('mod_photos: post: unable to locate contact record for page owner. uid=' . $page_owner_uid);
         if (is_ajax()) {
             killme();
         }
         return;
     }
     $owner_record = $s[0];
     $acl = new \Zotlabs\Access\AccessList(\App::$data['channel']);
     if (argc() > 3 && argv(2) === 'album') {
         $album = hex2bin(argv(3));
         if ($album === t('Profile Photos')) {
             // not allowed
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         if (!photos_album_exists($page_owner_uid, $album)) {
             notice(t('Album not found.') . EOL);
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         /*
          * DELETE photo album and all its photos
          */
         if ($_REQUEST['dropalbum'] == t('Delete Album')) {
             // This is dangerous because we combined file storage and photos into one interface
             // This function will remove all photos from any directory with the same name since
             // we have not passed the path value.
             // The correct solution would be to use a full pathname from your storage root for 'album'
             // We also need to prevent/block removing the storage root folder.
             $folder_hash = '';
             $r = q("select * from attach where is_dir = 1 and uid = %d and filename = '%s'", intval($page_owner_uid), dbesc($album));
             if (!$r) {
                 notice(t('Album not found.') . EOL);
                 return;
             }
             if (count($r) > 1) {
                 notice(t('Multiple storage folders exist with this album name, but within different directories. Please remove the desired folder or folders using the Files manager') . EOL);
                 return;
             } else {
                 $folder_hash = $r[0]['hash'];
             }
             $res = array();
             // get the list of photos we are about to delete
             if (remote_channel() && !local_channel()) {
                 $str = photos_album_get_db_idstr($page_owner_uid, $album, remote_channel());
             } elseif (local_channel()) {
                 $str = photos_album_get_db_idstr(local_channel(), $album);
             } else {
                 $str = null;
             }
             if (!$str) {
                 goaway(z_root() . '/' . $_SESSION['photo_return']);
             }
             $r = q("select id from item where resource_id in ( {$str} ) and resource_type = 'photo' and uid = %d " . item_normal(), intval($page_owner_uid));
             if ($r) {
                 foreach ($r as $i) {
                     attach_delete($page_owner_uid, $i['resource_id'], 1);
                 }
             }
             // remove the associated photos in case they weren't attached to an item
             q("delete from photo where resource_id in ( {$str} ) and uid = %d", intval($page_owner_uid));
             // @FIXME do the same for the linked attach
             if ($folder_hash) {
                 attach_delete($page_owner_uid, $folder_hash, 1);
                 $sync = attach_export_data(\App::$data['channel'], $folder_hash, true);
                 if ($sync) {
                     build_sync_packet($page_owner_uid, array('file' => array($sync)));
                 }
             }
         }
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address']);
     }
     if (argc() > 2 && x($_REQUEST, 'delete') && $_REQUEST['delete'] === t('Delete Photo')) {
         // same as above but remove single photo
         $ob_hash = get_observer_hash();
         if (!$ob_hash) {
             goaway(z_root() . '/' . $_SESSION['photo_return']);
         }
         $r = q("SELECT `id`, `resource_id` FROM `photo` WHERE ( xchan = '%s' or `uid` = %d ) AND `resource_id` = '%s' LIMIT 1", dbesc($ob_hash), intval(local_channel()), dbesc(\App::$argv[2]));
         if ($r) {
             attach_delete($page_owner_uid, $r[0]['resource_id'], 1);
             $sync = attach_export_data(\App::$data['channel'], $r[0]['resource_id'], true);
             if ($sync) {
                 build_sync_packet($page_owner_uid, array('file' => array($sync)));
             }
         }
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . $_SESSION['album_return']);
     }
     if (argc() > 2 && array_key_exists('move_to_album', $_POST)) {
         $m = q("select folder from attach where hash = '%s' and uid = %d limit 1", dbesc(argv(2)), intval($page_owner_uid));
         if ($m && $m[0]['folder'] != $_POST['move_to_album']) {
             attach_move($page_owner_uid, argv(2), $_POST['move_to_album']);
             if (!($_POST['desc'] && $_POST['newtag'])) {
                 goaway(z_root() . '/' . $_SESSION['photo_return']);
             }
         }
     }
     if (argc() > 2 && (x($_POST, 'desc') !== false || x($_POST, 'newtag') !== false)) {
         $desc = x($_POST, 'desc') ? notags(trim($_POST['desc'])) : '';
         $rawtags = x($_POST, 'newtag') ? notags(trim($_POST['newtag'])) : '';
         $item_id = x($_POST, 'item_id') ? intval($_POST['item_id']) : 0;
         $is_nsfw = x($_POST, 'adult') ? intval($_POST['adult']) : 0;
         $acl->set_from_array($_POST);
         $perm = $acl->get();
         $resource_id = argv(2);
         if (x($_POST, 'rotate') !== false && (intval($_POST['rotate']) == 1 || intval($_POST['rotate']) == 2)) {
             logger('rotate');
             $r = q("select * from photo where `resource_id` = '%s' and uid = %d and imgscale = 0 limit 1", dbesc($resource_id), intval($page_owner_uid));
             if (count($r)) {
                 $d = $r[0]['os_storage'] ? @file_get_contents($r[0]['content']) : dbunescbin($r[0]['content']);
                 $ph = photo_factory($d, $r[0]['mimetype']);
                 if ($ph->is_valid()) {
                     $rotate_deg = intval($_POST['rotate']) == 1 ? 270 : 90;
                     $ph->rotate($rotate_deg);
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     if (intval($r[0]['os_storage'])) {
                         @file_put_contents($r[0]['content'], $ph->imageString());
                         $data = $r[0]['content'];
                         $fsize = @filesize($r[0]['content']);
                         q("update attach set filesize = %d where hash = '%s' and uid = %d limit 1", intval($fsize), dbesc($resource_id), intval($page_owner_uid));
                     } else {
                         $data = $ph->imageString();
                         $fsize = strlen($data);
                     }
                     $x = q("update photo set content = '%s', filesize = %d, height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 0", dbescbin($data), intval($fsize), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 1024 || $height > 1024) {
                         $ph->scaleImage(1024);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 1", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 640 || $height > 640) {
                         $ph->scaleImage(640);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 2", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                     if ($width > 320 || $height > 320) {
                         $ph->scaleImage(320);
                     }
                     $width = $ph->getWidth();
                     $height = $ph->getHeight();
                     $x = q("update photo set content = '%s', height = %d, width = %d where `resource_id` = '%s' and uid = %d and imgscale = 3", dbescbin($ph->imageString()), intval($height), intval($width), dbesc($resource_id), intval($page_owner_uid));
                 }
             }
         }
         $p = q("SELECT mimetype, is_nsfw, description, resource_id, imgscale, allow_cid, allow_gid, deny_cid, deny_gid FROM photo WHERE resource_id = '%s' AND uid = %d ORDER BY imgscale DESC", dbesc($resource_id), intval($page_owner_uid));
         if ($p) {
             $ext = $phototypes[$p[0]['mimetype']];
             $r = q("UPDATE `photo` SET `description` = '%s', `allow_cid` = '%s', `allow_gid` = '%s', `deny_cid` = '%s', `deny_gid` = '%s' WHERE `resource_id` = '%s' AND `uid` = %d", dbesc($desc), dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
         }
         $item_private = $str_contact_allow || $str_group_allow || $str_contact_deny || $str_group_deny ? true : false;
         $old_is_nsfw = $p[0]['is_nsfw'];
         if ($old_is_nsfw != $is_nsfw) {
             $r = q("update photo set is_nsfw = %d where resource_id = '%s' and uid = %d", intval($is_nsfw), dbesc($resource_id), intval($page_owner_uid));
         }
         /* Don't make the item visible if the only change was the album name */
         $visibility = 0;
         if ($p[0]['description'] !== $desc || strlen($rawtags)) {
             $visibility = 1;
         }
         if (!$item_id) {
             $item_id = photos_create_item(\App::$data['channel'], get_observer_hash(), $p[0], $visibility);
         }
         if ($item_id) {
             $r = q("SELECT * FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1", intval($item_id), intval($page_owner_uid));
             if ($r) {
                 $old_tag = $r[0]['tag'];
                 $old_inform = $r[0]['inform'];
             }
         }
         // make sure the linked item has the same permissions as the photo regardless of any other changes
         $x = q("update item set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s', item_private = %d\n\t\t\t\twhere id = %d", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), intval($acl->is_private()), intval($item_id));
         // make sure the attach has the same permissions as the photo regardless of any other changes
         $x = q("update attach set allow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid = '%s' where hash = '%s' and uid = %d and is_photo = 1", dbesc($perm['allow_cid']), dbesc($perm['allow_gid']), dbesc($perm['deny_cid']), dbesc($perm['deny_gid']), dbesc($resource_id), intval($page_owner_uid));
         if (strlen($rawtags)) {
             $str_tags = '';
             $inform = '';
             // if the new tag doesn't have a namespace specifier (@foo or #foo) give it a mention
             $x = substr($rawtags, 0, 1);
             if ($x !== '@' && $x !== '#') {
                 $rawtags = '@' . $rawtags;
             }
             require_once 'include/text.php';
             $profile_uid = \App::$profile['profile_uid'];
             $results = linkify_tags($a, $rawtags, local_channel() ? local_channel() : $profile_uid);
             $success = $results['success'];
             $post_tags = array();
             foreach ($results as $result) {
                 $success = $result['success'];
                 if ($success['replaced']) {
                     $post_tags[] = array('uid' => $profile_uid, 'ttype' => $success['termtype'], 'otype' => TERM_OBJ_POST, 'term' => $success['term'], 'url' => $success['url']);
                 }
             }
             $r = q("select * from item where id = %d and uid = %d limit 1", intval($item_id), intval($page_owner_uid));
             if ($r) {
                 $r = fetch_post_tags($r, true);
                 $datarray = $r[0];
                 if ($post_tags) {
                     if (!array_key_exists('term', $datarray) || !is_array($datarray['term'])) {
                         $datarray['term'] = $post_tags;
                     } else {
                         $datarray['term'] = array_merge($datarray['term'], $post_tags);
                     }
                 }
                 item_store_update($datarray, $execflag);
             }
         }
         $sync = attach_export_data(\App::$data['channel'], $resource_id);
         if ($sync) {
             build_sync_packet($page_owner_uid, array('file' => array($sync)));
         }
         goaway(z_root() . '/' . $_SESSION['photo_return']);
         return;
         // NOTREACHED
     }
     /**
      * default post action - upload a photo
      */
     $channel = \App::$data['channel'];
     $observer = \App::$data['observer'];
     $_REQUEST['source'] = 'photos';
     require_once 'include/attach.php';
     if (!local_channel()) {
         $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
         $_REQUEST['group_allow'] = expand_acl($channel['channel_allow_gid']);
         $_REQUEST['contact_deny'] = expand_acl($channel['channel_deny_cid']);
         $_REQUEST['group_deny'] = expand_acl($channel['channel_deny_gid']);
     }
     $r = attach_store($channel, get_observer_hash(), '', $_REQUEST);
     if (!$r['success']) {
         notice($r['message'] . EOL);
     }
     if ($_REQUEST['newalbum']) {
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex($_REQUEST['newalbum']));
     } else {
         goaway(z_root() . '/photos/' . \App::$data['channel']['channel_address'] . '/album/' . bin2hex(datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y')));
     }
 }
Beispiel #5
0
/**
 * @brief 
 *
 * @param $channel channel array of owner
 * @param $observer_hash hash of current observer
 * @param $options (optional)
 * @param $arr (optional)
 */
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $sql_options = '';
    if (!perm_is_allowed($channel_id, get_observer_hash(), 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    // The 'update' option sets db values without uploading a new attachment
    // 'replace' replaces the existing uploaded data
    // 'revision' creates a new revision with new upload data
    // Default is to upload a new file
    // revise or update must provide $arr['hash'] of the thing to revise/update
    if ($options !== 'update') {
        if (!x($_FILES, 'userfile')) {
            $ret['message'] = t('No source file.');
            return $ret;
        }
        $src = $_FILES['userfile']['tmp_name'];
        $filename = basename($_FILES['userfile']['name']);
        $filesize = intval($_FILES['userfile']['size']);
    }
    $existing_size = 0;
    if ($options === 'replace') {
        /** @BUG $replace is undefined here */
        $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to replace');
            return $ret;
        }
        $existing_id = $x[0]['id'];
        $existing_size = intval($x[0]['filesize']);
        $hash = $x[0]['hash'];
    }
    if ($options === 'revise' || $options === 'update') {
        $sql_options = " order by revision desc ";
        if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
            $sql_options = " and revision = " . intval($arr['revision']) . " ";
        }
        $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to revise/update');
            return $ret;
        }
        $hash = $x[0]['hash'];
    }
    // Check storage limits
    if ($options !== 'update') {
        $maxfilesize = get_config('system', 'maxfilesize');
        if ($maxfilesize && $filesize > $maxfilesize) {
            $ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
            @unlink($src);
            return $ret;
        }
        $limit = service_class_fetch($channel_id, 'attach_upload_limit');
        if ($limit !== false) {
            $r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
            if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
                $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
                @unlink($src);
                return $ret;
            }
        }
        $mimetype = z_mime_content_type($filename);
    }
    if (!isset($hash)) {
        $hash = random_string();
    }
    $created = datetime_convert();
    if ($options === 'replace') {
        $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), intval($filesize), dbescbin(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id));
    } elseif ($options === 'revise') {
        $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), dbescbin(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
    } elseif ($options === 'update') {
        $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid  = '%s' where id = %d and uid = %d", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
    } else {
        $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval(0), dbescbin(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : ''), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : ''), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : ''));
    }
    if ($options !== 'update') {
        @unlink($src);
    }
    if (!$r) {
        $ret['message'] = t('File upload failed. Possible system limit or action terminated.');
        return $ret;
    }
    // Caution: This re-uses $sql_options set further above
    $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
    if (!$r) {
        $ret['message'] = t('Stored file could not be verified. Upload failed.');
        return $ret;
    }
    $ret['success'] = true;
    $ret['data'] = $r[0];
    return $ret;
}
Beispiel #6
0
 /**
  * @brief Updates the data of the file.
  *
  * @param resource $data
  * @return void
  */
 public function put($data)
 {
     logger('put file: ' . basename($this->name), LOGGER_DEBUG);
     $size = 0;
     // @todo only 3 values are needed
     $c = q("SELECT * FROM channel WHERE channel_id = %d AND (channel_pageflags & %d) = 0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED));
     $r = q("SELECT flags, folder, data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($r) {
         if ($r[0]['flags'] & ATTACH_FLAG_OS) {
             $fname = dbunescbin($r[0]['data']);
             $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
             // @todo check return value and set $size directly
             @file_put_contents($f, $data);
             $size = @filesize($f);
             logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
         } else {
             $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
             $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
             if ($r) {
                 $size = $r[0]['fsize'];
             }
         }
     }
     // returns now()
     $edited = datetime_convert();
     $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
     // update the folder's lastmodified timestamp
     $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
     // @todo do we really want to remove the whole file if an update fails
     // because of maxfilesize or quota?
     // There is an Exception "InsufficientStorage" or "PaymentRequired" for
     // our service class from SabreDAV we could use.
     $maxfilesize = get_config('system', 'maxfilesize');
     if ($maxfilesize && $size > $maxfilesize) {
         attach_delete($c[0]['channel_id'], $this->data['hash']);
         return;
     }
     $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
     if ($limit !== false) {
         $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
         if ($x && $x[0]['total'] + $size > $limit) {
             logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
             attach_delete($c[0]['channel_id'], $this->data['hash']);
             return;
         }
     }
 }