Ejemplo n.º 1
0
 function post()
 {
     $channel = \App::get_channel();
     check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
     $token_errs = 0;
     if (array_key_exists('token', $_POST)) {
         $atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
         $name = trim(escape_tags($_POST['name']));
         $token = trim($_POST['token']);
         if (!$name || !$token) {
             $token_errs++;
         }
         if (trim($_POST['expires'])) {
             $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
         } else {
             $expires = NULL_DATE;
         }
         $max_atokens = service_class_fetch(local_channel(), 'access_tokens');
         if ($max_atokens) {
             $r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
             if ($r && intval($r[0]['total']) >= $max_tokens) {
                 notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
                 return;
             }
         }
     }
     if ($token_errs) {
         notice(t('Name and Password are required.') . EOL);
         return;
     }
     if ($atoken_id) {
         $r = q("update atoken set atoken_name = '%s', atoken_token = '%s', atoken_expires = '%s' \n\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
     } else {
         $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
     }
     $atoken_xchan = substr($channel['channel_hash'], 0, 16) . '.' . $name;
     $all_perms = \Zotlabs\Access\Permissions::Perms();
     if ($all_perms) {
         foreach ($all_perms as $perm => $desc) {
             if (array_key_exists('perms_' . $perm, $_POST)) {
                 set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, intval($_POST['perms_' . $perm]));
             } else {
                 set_abconfig($channel['channel_id'], $atoken_xchan, 'my_perms', $perm, 0);
             }
         }
     }
     info(t('Token saved.') . EOL);
     return;
 }
Ejemplo n.º 2
0
Archivo: chat.php Proyecto: Mauru/red
function chatroom_enter($observer_xchan, $room_id, $status, $client)
{
    if (!$room_id || !$observer_xchan) {
        return;
    }
    $r = q("select * from chatroom where cr_id = %d limit 1", intval($room_id));
    if (!$r) {
        notice(t('Room not found.') . EOL);
        return false;
    }
    require_once 'include/security.php';
    $sql_extra = permissions_sql($r[0]['cr_uid']);
    $x = q("select * from chatroom where cr_id = %d and cr_uid = %d {$sql_extra} limit 1", intval($room_id), intval($r[0]['cr_uid']));
    if (!$x) {
        notice(t('Permission denied.') . EOL);
        return false;
    }
    $limit = service_class_fetch($r[0]['cr_uid'], 'chatters_inroom');
    if ($limit !== false) {
        $y = q("select count(*) as total from chatpresence where cp_room = %d", intval($room_id));
        if ($y && $y[0]['total'] > $limit) {
            notice(t('Room is full') . EOL);
            return false;
        }
    }
    if (intval($x[0]['cr_expire'])) {
        $sql = "delete from chat where created < UTC_TIMESTAMP() - INTERVAL " . intval($x[0]['cr_expire']) . " MINUTE and chat_room = " . intval($x[0]['cr_id']);
        $r = q($sql);
    }
    $r = q("select * from chatpresence where cp_xchan = '%s' and cp_room = %d limit 1", dbesc($observer_xchan), intval($room_id));
    if ($r) {
        q("update chatpresence set cp_last = '%s' where cp_id = %d and cp_client = '%s' limit 1", dbesc(datetime_convert()), intval($r[0]['cp_id']), dbesc($client));
        return true;
    }
    $r = q("insert into chatpresence ( cp_room, cp_xchan, cp_last, cp_status, cp_client )\n\t\tvalues ( %d, '%s', '%s', '%s', '%s' )", intval($room_id), dbesc($observer_xchan), dbesc(datetime_convert()), dbesc($status), dbesc($client));
    return $r;
}
Ejemplo n.º 3
0
function wall_attach_post(&$a)
{
    if ($a->argc > 1) {
        $nick = $a->argv[1];
        $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
        if (!count($r)) {
            return;
        }
    } else {
        return;
    }
    $can_post = false;
    $visitor = 0;
    $page_owner_uid = $r[0]['uid'];
    $page_owner_cid = $r[0]['id'];
    $page_owner_nick = $r[0]['nickname'];
    $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
    if (local_user() && local_user() == $page_owner_uid) {
        $can_post = true;
    } else {
        if ($community_page && remote_user()) {
            $cid = 0;
            if (is_array($_SESSION['remote'])) {
                foreach ($_SESSION['remote'] as $v) {
                    if ($v['uid'] == $page_owner_uid) {
                        $cid = $v['cid'];
                        break;
                    }
                }
            }
            if ($cid) {
                $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
                if (count($r)) {
                    $can_post = true;
                    $visitor = $cid;
                }
            }
        }
    }
    if (!$can_post) {
        notice(t('Permission denied.') . EOL);
        killme();
    }
    if (!x($_FILES, 'userfile')) {
        killme();
    }
    $src = $_FILES['userfile']['tmp_name'];
    $filename = basename($_FILES['userfile']['name']);
    $filesize = intval($_FILES['userfile']['size']);
    $maxfilesize = get_config('system', 'maxfilesize');
    /* Found html code written in text field of form,
     * when trying to upload a file with filesize
     * greater than upload_max_filesize. Cause is unknown.
     * Then Filesize gets <= 0.
     */
    if ($filesize <= 0) {
        notice(t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL . t('Or - did you try to upload an empty file?') . EOL);
        @unlink($src);
        killme();
    }
    if ($maxfilesize && $filesize > $maxfilesize) {
        notice(sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
        @unlink($src);
        return;
    }
    $r = q("select sum(octet_length(data)) as total from attach where uid = %d ", intval($page_owner_uid));
    $limit = service_class_fetch($page_owner_uid, 'attach_upload_limit');
    if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        echo upgrade_message(true) . EOL;
        @unlink($src);
        killme();
    }
    $filedata = @file_get_contents($src);
    $mimetype = z_mime_content_type($filename);
    $hash = random_string();
    $created = datetime_convert();
    $r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )\n\t\tVALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($page_owner_uid), dbesc($hash), dbesc($filename), dbesc($mimetype), intval($filesize), dbesc($filedata), dbesc($created), dbesc($created), dbesc('<' . $page_owner_cid . '>'), dbesc(''), dbesc(''), dbesc(''));
    @unlink($src);
    if (!$r) {
        echo t('File upload failed.') . EOL;
        killme();
    }
    $r = q("SELECT `id` FROM `attach` WHERE `uid` = %d AND `created` = '%s' AND `hash` = '%s' LIMIT 1", intval($page_owner_uid), dbesc($created), dbesc($hash));
    if (!count($r)) {
        echo t('File upload failed.') . EOL;
        killme();
    }
    $lf = "\n";
    echo $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
    killme();
    // NOTREACHED
}
Ejemplo n.º 4
0
function process_channel_sync_delivery($sender, $arr, $deliveries)
{
    /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */
    $result = array();
    foreach ($deliveries as $d) {
        $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']));
        if (!$r) {
            $result[] = array($d['hash'], 'not found');
            continue;
        }
        $channel = $r[0];
        $max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
        $max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds');
        if ($channel['channel_hash'] != $sender['hash']) {
            logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']);
            $result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], '');
            continue;
        }
        if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) {
            foreach ($arr['config'] as $cat => $k) {
                foreach ($arr['config'][$cat] as $k => $v) {
                    set_pconfig($channel['channel_id'], $cat, $k, $v);
                }
            }
        }
        if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) {
            $disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags');
            $clean = array();
            foreach ($arr['channel'] as $k => $v) {
                if (in_array($k, $disallowed)) {
                    continue;
                }
                $clean[$k] = $v;
            }
            if (count($clean)) {
                foreach ($clean as $k => $v) {
                    $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
                }
            }
        }
        if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) {
            $total_friends = 0;
            $total_feeds = 0;
            $r = q("select abook_id, abook_flags from abook where abook_channel = %d", intval($channel['channel_id']));
            if ($r) {
                // don't count yourself
                $total_friends = count($r) > 0 ? count($r) - 1 : 0;
                foreach ($r as $rr) {
                    if ($rr['abook_flags'] & ABOOK_FLAG_FEED) {
                        $total_feeds++;
                    }
                }
            }
            $disallowed = array('abook_id', 'abook_account', 'abook_channel');
            foreach ($arr['abook'] as $abook) {
                $clean = array();
                if ($abook['abook_xchan'] && $abook['entry_deleted']) {
                    logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
                    require_once 'include/Contact.php';
                    $r = q("select abook_id, abook_flags from abook where abook_xchan = '%s' and abook_channel = %d and not ( abook_flags & %d )>0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']), intval(ABOOK_FLAG_SELF));
                    if ($r) {
                        contact_remove($channel['channel_id'], $r[0]['abook_id']);
                        if ($total_friends) {
                            $total_friends--;
                        }
                        if ($r[0]['abook_flags'] & ABOOK_FLAG_FEED) {
                            $total_feeds--;
                        }
                    }
                    continue;
                }
                // Perform discovery if the referenced xchan hasn't ever been seen on this hub.
                // This relies on the undocumented behaviour that red sites send xchan info with the abook
                if ($abook['abook_xchan'] && $abook['xchan_address']) {
                    $h = zot_get_hublocs($abook['abook_xchan']);
                    if (!$h) {
                        $f = zot_finger($abook['xchan_address'], $channel);
                        if (!$f['success']) {
                            logger('process_channel_sync_delivery: abook not probe-able' . $abook['xchan_address']);
                            continue;
                        }
                        $j = json_decode($f['body'], true);
                        if (!($j['success'] && $j['guid'])) {
                            logger('process_channel_sync_delivery: probe failed.');
                            continue;
                        }
                        $x = import_xchan($j);
                        if (!$x['success']) {
                            logger('process_channel_sync_delivery: import failed.');
                            continue;
                        }
                    }
                }
                foreach ($abook as $k => $v) {
                    if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) {
                        continue;
                    }
                    $clean[$k] = $v;
                }
                if (!array_key_exists('abook_xchan', $clean)) {
                    continue;
                }
                $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
                // make sure we have an abook entry for this xchan on this system
                if (!$r) {
                    if ($max_friends !== false && $total_friends > $max_friends) {
                        logger('process_channel_sync_delivery: total_channels service class limit exceeded');
                        continue;
                    }
                    if ($max_feeds !== false && $clean['abook_flags'] & ABOOK_FLAG_FEED && $total_feeds > $max_feeds) {
                        logger('process_channel_sync_delivery: total_feeds service class limit exceeded');
                        continue;
                    }
                    q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
                    $total_friends++;
                    if ($clean['abook_flags'] & ABOOK_FLAG_FEED) {
                        $total_feeds++;
                    }
                }
                if (count($clean)) {
                    foreach ($clean as $k => $v) {
                        if ($k == 'abook_dob') {
                            $v = dbescdate($v);
                        }
                        $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
                    }
                }
            }
        }
        // sync collections (privacy groups) oh joy...
        if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) {
            $x = q("select * from groups where uid = %d", intval($channel['channel_id']));
            foreach ($arr['collections'] as $cl) {
                $found = false;
                if ($x) {
                    foreach ($x as $y) {
                        if ($cl['collection'] == $y['hash']) {
                            $found = true;
                            break;
                        }
                    }
                    if ($found) {
                        if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) {
                            q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id']));
                        }
                        if (intval($cl['deleted']) && !intval($y['deleted'])) {
                            q("delete from group_member where gid = %d", intval($y['id']));
                        }
                    }
                }
                if (!$found) {
                    $r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name']));
                }
                // now look for any collections locally which weren't in the list we just received.
                // They need to be removed by marking deleted and removing the members.
                // This shouldn't happen except for clones created before this function was written.
                if ($x) {
                    $found_local = false;
                    foreach ($x as $y) {
                        foreach ($arr['collections'] as $cl) {
                            if ($cl['collection'] == $y['hash']) {
                                $found_local = true;
                                break;
                            }
                        }
                        if (!$found_local) {
                            q("delete from group_member where gid = %d", intval($y['id']));
                            q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
                        }
                    }
                }
            }
            // reload the group list with any updates
            $x = q("select * from groups where uid = %d", intval($channel['channel_id']));
            // now sync the members
            if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) {
                // first sort into groups keyed by the group hash
                $members = array();
                foreach ($arr['collection_members'] as $cm) {
                    if (!array_key_exists($cm['collection'], $members)) {
                        $members[$cm['collection']] = array();
                    }
                    $members[$cm['collection']][] = $cm['member'];
                }
                // our group list is already synchronised
                if ($x) {
                    foreach ($x as $y) {
                        // for each group, loop on members list we just received
                        foreach ($members[$y['hash']] as $member) {
                            $found = false;
                            $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member));
                            if ($z) {
                                $found = true;
                            }
                            // if somebody is in the group that wasn't before - add them
                            if (!$found) {
                                q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member));
                            }
                        }
                        // now retrieve a list of members we have on this site
                        $m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
                        if ($m) {
                            foreach ($m as $mm) {
                                // if the local existing member isn't in the list we just received - remove them
                                if (!in_array($mm['xchan'], $members[$y['hash']])) {
                                    q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']));
                                }
                            }
                        }
                    }
                }
            }
        }
        if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) {
            $disallowed = array('id', 'aid', 'uid');
            foreach ($arr['profile'] as $profile) {
                $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
                if (!$x) {
                    q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id']));
                    $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
                    if (!$x) {
                        continue;
                    }
                }
                $clean = array();
                foreach ($profile as $k => $v) {
                    if (in_array($k, $disallowed)) {
                        continue;
                    }
                    $clean[$k] = $v;
                    /**
                     * @TODO check if these are allowed, otherwise we'll error
                     * We also need to import local photos if a custom photo is selected
                     */
                }
                if (count($clean)) {
                    foreach ($clean as $k => $v) {
                        $r = dbq("UPDATE profile set " . dbesc($k) . " = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
                    }
                }
            }
        }
        $result[] = array($d['hash'], 'channel sync updated', $channel['channel_name'], '');
    }
    return $result;
}
Ejemplo n.º 5
0
 public static function run($argc, $argv)
 {
     $maxsysload = intval(get_config('system', 'maxloadavg'));
     if ($maxsysload < 1) {
         $maxsysload = 50;
     }
     if (function_exists('sys_getloadavg')) {
         $load = sys_getloadavg();
         if (intval($load[0]) > $maxsysload) {
             logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.');
             return;
         }
     }
     $interval = intval(get_config('system', 'poll_interval'));
     if (!$interval) {
         $interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval'));
     }
     // Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
     $lockfile = 'store/[data]/poller';
     if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) {
         logger("poller: Already running");
         return;
     }
     // Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
     file_put_contents($lockfile, $x);
     logger('poller: start');
     $manual_id = 0;
     $generation = 0;
     $force = false;
     $restart = false;
     if ($argc > 1 && $argv[1] == 'force') {
         $force = true;
     }
     if ($argc > 1 && $argv[1] == 'restart') {
         $restart = true;
         $generation = intval($argv[2]);
         if (!$generation) {
             killme();
         }
     }
     if ($argc > 1 && intval($argv[1])) {
         $manual_id = intval($argv[1]);
         $force = true;
     }
     $sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : "";
     reload_plugins();
     $d = datetime_convert();
     // Only poll from those with suitable relationships
     $abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : '';
     $randfunc = db_getfunc('RAND');
     $contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\t\tLEFT JOIN account on abook_account = account_id\n\t\t\twhere abook_self = 0\n\t\t\t{$sql_extra} \n\t\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED));
     if ($contacts) {
         foreach ($contacts as $contact) {
             $update = false;
             $t = $contact['abook_updated'];
             $c = $contact['abook_connected'];
             if (intval($contact['abook_feed'])) {
                 $min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes');
                 if (!$min) {
                     $min = intval(get_config('system', 'minimum_feedcheck_minutes'));
                 }
                 if (!$min) {
                     $min = 60;
                 }
                 $x = datetime_convert('UTC', 'UTC', "now - {$min} minutes");
                 if ($c < $x) {
                     Master::Summon(array('Onepoll', $contact['abook_id']));
                     if ($interval) {
                         @time_sleep_until(microtime(true) + (double) $interval);
                     }
                 }
                 continue;
             }
             if ($contact['xchan_network'] !== 'zot') {
                 continue;
             }
             if ($c == $t) {
                 if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) {
                     $update = true;
                 }
             } else {
                 // if we've never connected with them, start the mark for death countdown from now
                 if ($c == NULL_DATE) {
                     $r = q("update abook set abook_connected = '%s'  where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']));
                     $c = datetime_convert();
                     $update = true;
                 }
                 // He's dead, Jim
                 if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) {
                     $r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id']));
                     $update = false;
                     continue;
                 }
                 if (intval($contact['abook_archived'])) {
                     $update = false;
                     continue;
                 }
                 // might be dead, so maybe don't poll quite so often
                 // recently deceased, so keep up the regular schedule for 3 days
                 if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) {
                     $update = true;
                 }
                 // After that back off and put them on a morphine drip
                 if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) {
                     $update = true;
                 }
             }
             if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) {
                 continue;
             }
             if (!$update && !$force) {
                 continue;
             }
             Master::Summon(array('Onepoll', $contact['abook_id']));
             if ($interval) {
                 @time_sleep_until(microtime(true) + (double) $interval);
             }
         }
     }
     if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
         $r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY'));
         if ($r) {
             foreach ($r as $rr) {
                 // If they didn't respond when we attempted before, back off to once a day
                 // After 7 days we won't bother anymore
                 if ($rr['ud_last'] != NULL_DATE) {
                     if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) {
                         continue;
                     }
                 }
                 Master::Summon(array('Onedirsync', $rr['ud_id']));
                 if ($interval) {
                     @time_sleep_until(microtime(true) + (double) $interval);
                 }
             }
         }
     }
     set_config('system', 'lastpoll', datetime_convert());
     //All done - clear the lockfile
     @unlink($lockfile);
     return;
 }
Ejemplo n.º 6
0
/**
 * @brief Check service_class restrictions.
 *
 * If there are no service_classes defined, everything is allowed.
 * If $usage is supplied, we check against a maximum count and return true if
 * the current usage is less than the subscriber plan allows. Otherwise we
 * return boolean true or false if the property is allowed (or not) in this
 * subscriber plan. An unset property for this service plan means the property
 * is allowed, so it is only necessary to provide negative properties for each
 * plan, or what the subscriber is not allowed to do.
 *
 * Like account_service_class_allows() but queries directly by account rather
 * than channel. Service classes are set for accounts, so we look up the
 * account for the channel and fetch the service class restrictions of the
 * account.
 *
 * @see account_service_class_allows() if you have a channel_id already
 * @see service_class_fetch()
 *
 * @param int $uid The channel_id to check
 * @param string $property The service class property to check for
 * @param string|boolean $usage (optional) The value to check against
 * @return boolean
 */
function service_class_allows($uid, $property, $usage = false)
{
    $limit = service_class_fetch($uid, $property);
    if ($limit === false) {
        return true;
    }
    // No service class set => everything is allowed
    if ($usage === false) {
        // We use negative values for not allowed properties in a subscriber plan
        return x($limit) ? (bool) $limit : true;
    } else {
        return intval($usage) < intval($limit) ? true : false;
    }
}
Ejemplo n.º 7
0
 /**
  * @brief Creates a form to add new folders and upload files.
  *
  * @param \Sabre\DAV\INode $node
  * @param string &$output
  */
 public function htmlActionsPanel(DAV\INode $node, &$output)
 {
     if (!$node instanceof DAV\ICollection) {
         return;
     }
     // We also know fairly certain that if an object is a non-extended
     // SimpleCollection, we won't need to show the panel either.
     if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') {
         return;
     }
     // Storage and quota for the account (all channels of the owner of this directory)!
     $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit'));
     $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
     $used = $r[0]['total'];
     if ($used) {
         $quotaDesc = t('You are using %1$s of your available file storage.');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used));
     }
     if ($limit && $used) {
         $quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s&#37;)');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100);
     }
     // prepare quota for template
     $quota = array();
     $quota['used'] = $used;
     $quota['limit'] = $limit;
     $quota['desc'] = $quotaDesc;
     $quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : '';
     // 10485760 bytes = 100MB
     $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota));
 }
Ejemplo n.º 8
0
/**
 * A lot going on in this function, and some of it is old cruft and some is new cruft
 * and the entire thing probably needs to be refactored. It started out just storing
 * files, before we had DAV. It was made extensible to do extra stuff like edit an 
 * existing file or optionally store a separate revision using $options to choose between different
 * storage models. Along the way we moved from
 * DB data storage to file system storage. 
 * Then DAV came along and used different upload methods depending on whether the 
 * file was stored as a DAV directory object or updated as a file object. One of these 
 * is essentially an update and the other is basically an upload, but doesn't use the traditional PHP
 * upload workflow. 
 * Then came hubzilla and we tried to merge photo functionality with the file storage. Most of
 * that integration occurs within this function. 
 * This required overlap with the old photo_upload stuff and photo albums were
 * completely different concepts from directories which needed to be reconciled somehow.
 * The old revision stuff is kind of orphaned currently. There's new revision stuff for photos
 * which attaches (2) etc. onto the name, but doesn't integrate with the attach table revisioning.
 * That's where it sits currently. I repeat it needs to be refactored, and this note is here
 * for future explorers and those who may be doing that work to understand where it came
 * from and got to be the monstrosity of tangled unrelated code that it currently is.
 */
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
    require_once 'include/photos.php';
    call_hooks('photo_upload_begin', $arr);
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $sql_options = '';
    $source = $arr ? $arr['source'] : '';
    $album = $arr ? $arr['album'] : '';
    $newalbum = $arr ? $arr['newalbum'] : '';
    $hash = $arr && $arr['hash'] ? $arr['hash'] : null;
    $upload_path = $arr && $arr['directory'] ? $arr['directory'] : '';
    $visible = $arr && $arr['visible'] ? $arr['visible'] : '';
    $observer = array();
    if ($observer_hash) {
        $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($observer_hash));
        if ($x) {
            $observer = $x[0];
        }
    }
    logger('arr: ' . print_r($arr, true));
    if (!perm_is_allowed($channel_id, $observer_hash, 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    $str_group_allow = perms2str($arr['group_allow']);
    $str_contact_allow = perms2str($arr['contact_allow']);
    $str_group_deny = perms2str($arr['group_deny']);
    $str_contact_deny = perms2str($arr['contact_deny']);
    // The 'update' option sets db values without uploading a new attachment
    // 'replace' replaces the existing uploaded data
    // 'revision' creates a new revision with new upload data
    // Default is to upload a new file
    // revise or update must provide $arr['hash'] of the thing to revise/update
    // By default remove $src when finished
    $remove_when_processed = true;
    if ($options === 'import') {
        $src = $arr['src'];
        $filename = $arr['filename'];
        $filesize = @filesize($src);
        $hash = $arr['resource_id'];
        if (array_key_exists('hash', $arr)) {
            $hash = $arr['hash'];
        }
        if (array_key_exists('type', $arr)) {
            $type = $arr['type'];
        }
        if ($arr['preserve_original']) {
            $remove_when_processed = false;
        }
        // if importing a directory, just do it now and go home - we're done.
        if (array_key_exists('is_dir', $arr) && intval($arr['is_dir'])) {
            $x = attach_mkdir($channel, $observer_hash, $arr);
            if ($x['message']) {
                logger('import_directory: ' . $x['message']);
            }
            return;
        }
    } elseif ($options !== 'update') {
        $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
        call_hooks('photo_upload_file', $f);
        call_hooks('attach_upload_file', $f);
        if (x($f, 'src') && x($f, 'filesize')) {
            $src = $f['src'];
            $filename = $f['filename'];
            $filesize = $f['filesize'];
            $type = $f['type'];
        } else {
            if (!x($_FILES, 'userfile')) {
                $ret['message'] = t('No source file.');
                return $ret;
            }
            $src = $_FILES['userfile']['tmp_name'];
            $filename = basename($_FILES['userfile']['name']);
            $filesize = intval($_FILES['userfile']['size']);
        }
    }
    $existing_size = 0;
    if ($options === 'replace') {
        $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($arr['id']), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to replace');
            return $ret;
        }
        $existing_id = $x[0]['id'];
        $existing_size = intval($x[0]['filesize']);
        $hash = $x[0]['hash'];
    }
    if ($options === 'revise' || $options === 'update') {
        $sql_options = " order by revision desc ";
        if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
            $sql_options = " and revision = " . intval($arr['revision']) . " ";
        }
        $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to revise/update');
            return $ret;
        }
        $hash = $x[0]['hash'];
    }
    $def_extension = '';
    $is_photo = 0;
    $gis = @getimagesize($src);
    logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
    if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
        $is_photo = 1;
        if ($gis[2] === IMAGETYPE_GIF) {
            $def_extension = '.gif';
        }
        if ($gis[2] === IMAGETYPE_JPEG) {
            $def_extension = '.jpg';
        }
        if ($gis[2] === IMAGETYPE_PNG) {
            $def_extension = '.png';
        }
    }
    $pathname = '';
    if ($is_photo) {
        if ($newalbum) {
            $pathname = filepath_macro($newalbum);
        } elseif (array_key_exists('folder', $arr)) {
            $x = q("select filename from attach where hash = '%s' and uid = %d limit 1", dbesc($arr['folder']), intval($channel['channel_id']));
            if ($x) {
                $pathname = $x[0]['filename'];
            }
        } else {
            $pathname = filepath_macro($album);
        }
    } else {
        $pathname = filepath_macro($upload_path);
    }
    $darr = array('pathname' => $pathname);
    // if we need to create a directory, use the channel default permissions.
    $darr['allow_cid'] = $channel['allow_cid'];
    $darr['allow_gid'] = $channel['allow_gid'];
    $darr['deny_cid'] = $channel['deny_cid'];
    $darr['deny_gid'] = $channel['deny_gid'];
    $direct = null;
    if ($pathname) {
        $x = attach_mkdirp($channel, $observer_hash, $darr);
        $folder_hash = $x['success'] ? $x['data']['hash'] : '';
        $direct = $x['success'] ? $x['data'] : null;
        if (!$str_contact_allow && !$str_group_allow && !$str_contact_deny && !$str_group_deny) {
            $str_contact_allow = $x['data']['allow_cid'];
            $str_group_allow = $x['data']['allow_gid'];
            $str_contact_deny = $x['data']['deny_cid'];
            $str_group_deny = $x['data']['deny_gid'];
        }
    } else {
        $folder_hash = $arr && array_key_exists('folder', $arr) ? $arr['folder'] : '';
    }
    if (!$options || $options === 'import') {
        // A freshly uploaded file. Check for duplicate and resolve with the channel's overwrite settings.
        $r = q("select filename, id, hash, filesize from attach where filename = '%s' and folder = '%s' ", dbesc($filename), dbesc($folder_hash));
        if ($r) {
            $overwrite = get_pconfig($channel_id, 'system', 'overwrite_dup_files');
            if ($overwrite) {
                $options = 'replace';
                $existing_id = $x[0]['id'];
                $existing_size = intval($x[0]['filesize']);
                $hash = $x[0]['hash'];
            } else {
                if (strpos($filename, '.') !== false) {
                    $basename = substr($filename, 0, strrpos($filename, '.'));
                    $ext = substr($filename, strrpos($filename, '.'));
                } else {
                    $basename = $filename;
                    $ext = $def_extension;
                }
                $r = q("select filename from attach where ( filename = '%s' OR filename like '%s' ) and folder = '%s' ", dbesc($basename . $ext), dbesc($basename . '(%)' . $ext), dbesc($folder_hash));
                if ($r) {
                    $x = 1;
                    do {
                        $found = false;
                        foreach ($r as $rr) {
                            if ($rr['filename'] === $basename . '(' . $x . ')' . $ext) {
                                $found = true;
                                break;
                            }
                        }
                        if ($found) {
                            $x++;
                        }
                    } while ($found);
                    $filename = $basename . '(' . $x . ')' . $ext;
                } else {
                    $filename = $basename . $ext;
                }
            }
        }
    }
    if (!$hash) {
        $hash = random_string();
    }
    // Check storage limits
    if ($options !== 'update') {
        $maxfilesize = get_config('system', 'maxfilesize');
        if ($maxfilesize && $filesize > $maxfilesize) {
            $ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
            if ($remove_when_processed) {
                @unlink($src);
            }
            call_hooks('photo_upload_end', $ret);
            return $ret;
        }
        $limit = service_class_fetch($channel_id, 'attach_upload_limit');
        if ($limit !== false) {
            $r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
            if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
                $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
                if ($remove_when_processed) {
                    @unlink($src);
                }
                call_hooks('photo_upload_end', $ret);
                return $ret;
            }
        }
        $mimetype = isset($type) && $type ? $type : z_mime_content_type($filename);
    }
    $os_basepath = 'store/' . $channel['channel_address'] . '/';
    $os_relpath = '';
    if ($folder_hash) {
        $curr = find_folder_hash_by_attach_hash($channel_id, $folder_hash, true);
        if ($curr) {
            $os_relpath .= $curr . '/';
        }
        $os_relpath .= $folder_hash . '/';
    }
    $os_relpath .= $hash;
    if ($src) {
        @file_put_contents($os_basepath . $os_relpath, @file_get_contents($src));
    }
    if (array_key_exists('created', $arr)) {
        $created = $arr['created'];
    } else {
        $created = datetime_convert();
    }
    if (array_key_exists('edited', $arr)) {
        $edited = $arr['edited'];
    } else {
        $edited = $created;
    }
    if ($options === 'replace') {
        $r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', filesize = %d, os_storage = %d, is_photo = %d, data = '%s', edited = '%s' where id = %d and uid = %d", dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), intval($existing_id), intval($channel_id));
    } elseif ($options === 'revise') {
        $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc($observer_hash), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval($x[0]['revision'] + 1), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
    } elseif ($options === 'update') {
        $r = q("update attach set filename = '%s', filetype = '%s', folder = '%s', edited = '%s', os_storage = %d, is_photo = %d, \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid  = '%s' where id = %d and uid = %d", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($folder_hash ? $folder_hash : $x[0]['folder']), dbesc($created), dbesc(array_key_exists('os_storage', $arr) ? $arr['os_storage'] : $x[0]['os_storage']), dbesc(array_key_exists('is_photo', $arr) ? $arr['is_photo'] : $x[0]['is_photo']), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
    } else {
        $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, folder, filesize, revision, os_storage, is_photo, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), dbesc($folder_hash), intval($filesize), intval(0), intval(1), intval($is_photo), dbesc($os_relpath), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $str_contact_allow), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $str_group_allow), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $str_contact_deny), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $str_group_deny));
    }
    if ($is_photo) {
        $args = array('source' => $source, 'visible' => $visible, 'resource_id' => $hash, 'album' => basename($pathname), 'os_path' => $os_basepath . $os_relpath, 'filename' => $filename, 'getimagesize' => $gis, 'directory' => $direct);
        if ($arr['contact_allow']) {
            $args['contact_allow'] = $arr['contact_allow'];
        }
        if ($arr['group_allow']) {
            $args['group_allow'] = $arr['group_allow'];
        }
        if ($arr['contact_deny']) {
            $args['contact_deny'] = $arr['contact_deny'];
        }
        if ($arr['group_deny']) {
            $args['group_deny'] = $arr['group_deny'];
        }
        if (array_key_exists('allow_cid', $arr)) {
            $args['allow_cid'] = $arr['allow_cid'];
        }
        if (array_key_exists('allow_gid', $arr)) {
            $args['allow_gid'] = $arr['allow_gid'];
        }
        if (array_key_exists('deny_cid', $arr)) {
            $args['deny_cid'] = $arr['deny_cid'];
        }
        if (array_key_exists('deny_gid', $arr)) {
            $args['deny_gid'] = $arr['deny_gid'];
        }
        $args['created'] = $created;
        $args['edited'] = $edited;
        if ($arr['item']) {
            $args['item'] = $arr['item'];
        }
        $p = photo_upload($channel, $observer, $args);
        if ($p['success']) {
            $ret['body'] = $p['body'];
        }
    }
    if ($options !== 'update' && $remove_when_processed) {
        @unlink($src);
    }
    if (!$r) {
        $ret['message'] = t('File upload failed. Possible system limit or action terminated.');
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    // Caution: This re-uses $sql_options set further above
    $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, os_storage, is_photo, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
    if (!$r) {
        $ret['message'] = t('Stored file could not be verified. Upload failed.');
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    $ret['success'] = true;
    $ret['data'] = $r[0];
    if (!$is_photo) {
        // This would've been called already with a success result in photos_upload() if it was a photo.
        call_hooks('photo_upload_end', $ret);
    }
    return $ret;
}
Ejemplo n.º 9
0
function photos_content(&$a)
{
    // URLs:
    // photos/name
    // photos/name/album/xxxxx (xxxxx is album name)
    // photos/name/image/xxxxx
    if (get_config('system', 'block_public') && !local_channel() && !remote_channel()) {
        notice(t('Public access denied.') . EOL);
        return;
    }
    $unsafe = array_key_exists('unsafe', $_REQUEST) && $_REQUEST['unsafe'] ? 1 : 0;
    require_once 'include/bbcode.php';
    require_once 'include/security.php';
    require_once 'include/conversation.php';
    if (!x($a->data, 'channel')) {
        notice(t('No photos selected') . EOL);
        return;
    }
    $ph = photo_factory('');
    $phototypes = $ph->supportedTypes();
    $_SESSION['photo_return'] = $a->cmd;
    //
    // Parse arguments
    //
    $can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments');
    if (argc() > 3) {
        $datatype = argv(2);
        $datum = argv(3);
    } else {
        if (argc() > 2) {
            $datatype = argv(2);
            $datum = '';
        } else {
            $datatype = 'summary';
        }
    }
    if (argc() > 4) {
        $cmd = argv(4);
    } else {
        $cmd = 'view';
    }
    //
    // Setup permissions structures
    //
    $can_post = false;
    $visitor = 0;
    $owner_uid = $a->data['channel']['channel_id'];
    $owner_aid = $a->data['channel']['channel_account_id'];
    $observer = $a->get_observer();
    $can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'write_storage');
    $can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_storage');
    if (!$can_view) {
        notice(t('Access to this item is restricted.') . EOL);
        return;
    }
    $sql_extra = permissions_sql($owner_uid);
    $o = "";
    $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
    // tabs
    $_is_owner = local_channel() && local_channel() == $owner_uid;
    $o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']);
    /**
     * Display upload form
     */
    if ($can_post) {
        $uploader = '';
        $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true);
        call_hooks('photo_upload_form', $ret);
        /* Show space usage */
        $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id']));
        $limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit');
        if ($limit !== false) {
            $usage_message = sprintf(t("%1\$.2f MB of %2\$.2f MB photo storage used."), $r[0]['total'] / 1024000, $limit / 1024000);
        } else {
            $usage_message = sprintf(t('%1$.2f MB photo storage used.'), $r[0]['total'] / 1024000);
        }
        if ($_is_owner) {
            $channel = $a->get_channel();
            $acl = new AccessList($channel);
            $channel_acl = $acl->get();
            $lockstate = $acl->is_private() ? 'lock' : 'unlock';
        }
        $aclselect = $_is_owner ? populate_acl($channel_acl, false) : '';
        $selname = $datum ? hex2bin($datum) : '';
        $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
        if (!$selname) {
            $def_album = get_pconfig($a->data['channel']['channel_id'], 'system', 'photo_path');
            if ($def_album) {
                $selname = filepath_macro($def_album);
                $albums['album'][] = array('text' => $selname);
            }
        }
        $tpl = get_markup_template('photos_upload.tpl');
        $upload_form = replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum_label' => t('Enter an album name'), '$newalbum_placeholder' => t('or select an existing album (doubleclick)'), '$visible' => array('visible', t('Create a status post for this upload'), 0, '', array(t('No'), t('Yes'))), '$albums' => $albums['albums'], '$selname' => $selname, '$permissions' => t('Permissions'), '$aclselect' => $aclselect, '$lockstate' => $lockstate, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? true : false, '$uploadurl' => $ret['post_url'], '$submit' => t('Submit')));
    }
    //
    // dispatch request
    //
    /*
     * Display a single photo album
     */
    if ($datatype === 'album') {
        if (strlen($datum)) {
            if (strlen($datum) & 1 || !ctype_xdigit($datum)) {
                notice(t('Album name could not be decoded') . EOL);
                logger('mod_photos: illegal album encoding: ' . $datum);
                $datum = '';
            }
        }
        $album = $datum ? hex2bin($datum) : '';
        $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe));
        if (count($r)) {
            $a->set_pager_total(count($r));
            $a->set_pager_itemspage(60);
        } else {
            goaway($a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address']);
        }
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.scale, p.description, p.created FROM photo p INNER JOIN\n\t\t\t\t(SELECT resource_id, max(scale) scale FROM photo WHERE uid = %d AND album = '%s' AND scale <= 4 AND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY resource_id) ph \n\t\t\t\tON (p.resource_id = ph.resource_id AND p.scale = ph.scale)\n\t\t\tORDER BY created {$order} LIMIT %d OFFSET %d", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']));
        //edit album name
        $album_edit = null;
        if ($album !== t('Profile Photos') && $album !== 'Profile Photos' && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
            if ($can_post) {
                if ($a->get_template_engine() === 'internal') {
                    $album_e = template_escape($album);
                } else {
                    $album_e = $album;
                }
                $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
                // @fixme - syncronise actions with DAV
                //				$edit_tpl = get_markup_template('album_edit.tpl');
                //				$album_edit = replace_macros($edit_tpl,array(
                //					'$nametext' => t('Enter a new album name'),
                //					'$name_placeholder' => t('or select an existing one (doubleclick)'),
                //					'$nickname' => $a->data['channel']['channel_address'],
                //					'$album' => $album_e,
                //					'$albums' => $albums['albums'],
                //					'$hexalbum' => bin2hex($album),
                //					'$submit' => t('Submit'),
                //					'$dropsubmit' => t('Delete Album')
                //				));
            }
        }
        if ($_GET['order'] === 'posted') {
            $order = array(t('Show Newest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album));
        } else {
            $order = array(t('Show Oldest First'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted');
        }
        $photos = array();
        if (count($r)) {
            $twist = 'rotright';
            foreach ($r as $rr) {
                if ($twist == 'rotright') {
                    $twist = 'rotleft';
                } else {
                    $twist = 'rotright';
                }
                $ext = $phototypes[$rr['type']];
                $imgalt_e = $rr['filename'];
                $desc_e = $rr['description'];
                $imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
                $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $imagelink, 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, 'alt' => $imgalt_e, 'desc' => $desc_e, 'ext' => $ext, 'hash' => $rr['resource_id'], 'unknown' => t('Unknown'));
            }
        }
        if ($_REQUEST['aj']) {
            if ($photos) {
                $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
            } else {
                $o = '<div id="content-complete"></div>';
            }
            echo $o;
            killme();
        } else {
            $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
            $tpl = get_markup_template('photo_album.tpl');
            $o .= replace_macros($tpl, array('$photos' => $photos, '$album' => $album, '$album_edit' => array(t('Edit Album'), $album_edit), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album)), '$order' => $order, '$upload_form' => $upload_form, '$usage' => $usage_message));
        }
        if (!$photos && $_REQUEST['aj']) {
            $o .= '<div id="content-complete"></div>';
            echo $o;
            killme();
        }
        //		$o .= paginate($a);
        return $o;
    }
    /** 
     * Display one photo
     */
    if ($datatype === 'image') {
        // fetch image, item containing image, then comments
        $ph = q("SELECT id,aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,photo_usage,is_nsfw,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum));
        if (!$ph) {
            /* Check again - this time without specifying permissions */
            $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' LIMIT 1", intval($owner_uid), dbesc($datum));
            if ($ph) {
                notice(t('Permission denied. Access to this item may be restricted.') . EOL);
            } else {
                notice(t('Photo not available') . EOL);
            }
            return;
        }
        $prevlink = '';
        $nextlink = '';
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid));
        if (count($prvnxt)) {
            for ($z = 0; $z < count($prvnxt); $z++) {
                if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) {
                    $prv = $z - 1;
                    $nxt = $z + 1;
                    if ($prv < 0) {
                        $prv = count($prvnxt) - 1;
                    }
                    if ($nxt >= count($prvnxt)) {
                        $nxt = 0;
                    }
                    break;
                }
            }
            $prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
            $nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
        }
        if (count($ph) == 1) {
            $hires = $lores = $ph[0];
        }
        if (count($ph) > 1) {
            if ($ph[1]['scale'] == 2) {
                // original is 640 or less, we can display it directly
                $hires = $lores = $ph[0];
            } else {
                $hires = $ph[0];
                $lores = $ph[1];
            }
        }
        $album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']);
        $tools = Null;
        $lock = Null;
        if ($can_post && $ph[0]['uid'] == $owner_uid) {
            $tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo')));
        }
        // lockstate
        $lockstate = strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid']) ? array('lock', t('Private Photo')) : array('unlock', Null);
        $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n";
        if ($prevlink) {
            $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
        }
        if ($nextlink) {
            $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
        }
        $a->page['htmlhead'] .= '});</script>';
        if ($prevlink) {
            $prevlink = array($prevlink, t('Previous'));
        }
        $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'));
        if ($nextlink) {
            $nextlink = array($nextlink, t('Next'));
        }
        // Do we have an item for this photo?
        $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum));
        $map = null;
        if ($linked_items) {
            xchan_query($linked_items);
            $linked_items = fetch_post_tags($linked_items, true);
            $link_item = $linked_items[0];
            $item_normal = item_normal();
            $r = q("select * from item where parent_mid = '%s' \n\t\t\t\t{$item_normal} and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid']));
            if ($r) {
                xchan_query($r);
                $r = fetch_post_tags($r, true);
                $r = conv_sort($r, 'commented');
            }
            $tags = array();
            if ($link_item['term']) {
                $cnt = 0;
                foreach ($link_item['term'] as $t) {
                    $tags[$cnt] = array(0 => format_term_for_display($t));
                    if ($can_post && $ph[0]['uid'] == $owner_uid) {
                        $tags[$cnt][1] = 'tagrm/drop/' . $link_item['id'] . '/' . bin2hex($t['term']);
                        //?f=&item=' . $link_item['id'];
                        $tags[$cnt][2] = t('Remove');
                    }
                    $cnt++;
                }
            }
            if (local_channel() && local_channel() == $link_item['uid']) {
                q("UPDATE `item` SET item_unseen = 0 WHERE parent = %d and uid = %d and item_unseen = 1", intval($link_item['parent']), intval(local_channel()));
            }
            if ($link_item['coord']) {
                $map = generate_map($link_item['coord']);
            }
        }
        //		logger('mod_photo: link_item' . print_r($link_item,true));
        // FIXME - remove this when we move to conversation module
        $r = $r[0]['children'];
        $edit = null;
        if ($can_post) {
            $album_e = $ph[0]['album'];
            $caption_e = $ph[0]['description'];
            $aclselect_e = $_is_owner ? populate_acl($ph[0]) : '';
            $albums = array_key_exists('albums', $a->data) ? $a->data['albums'] : photos_albums_list($a->data['channel'], $a->data['observer']);
            $_SESSION['album_return'] = bin2hex($ph[0]['album']);
            $edit = array('edit' => t('Edit photo'), 'id' => $link_item['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum_label' => t('Enter a new album name'), 'newalbum_placeholder' => t('or select an existing one (doubleclick)'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'lockstate' => $lockstate[0], 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'adult_enabled' => feature_enabled($owner_uid, 'adult_photo_flagging'), 'adult' => array('adult', t('Flag as adult in album view'), intval($ph[0]['is_nsfw']), ''), 'submit' => t('Submit'), 'delete' => t('Delete Photo'));
        }
        if (count($linked_items)) {
            $cmnt_tpl = get_markup_template('comment_item.tpl');
            $tpl = get_markup_template('photo_item.tpl');
            $return_url = $a->cmd;
            $like_tpl = get_markup_template('like_noshare.tpl');
            $likebuttons = '';
            if ($can_post || $can_comment) {
                $likebuttons = array('id' => $link_item['id'], 'likethis' => t("I like this (toggle)"), 'nolike' => t("I don't like this (toggle)"), 'share' => t('Share'), 'wait' => t('Please wait'));
            }
            $comments = '';
            if (!count($r)) {
                if ($can_post || $can_comment) {
                    $commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false));
                }
            }
            $alike = array();
            $dlike = array();
            $like = '';
            $dislike = '';
            $conv_responses = array('like' => array('title' => t('Likes', 'title')), 'dislike' => array('title' => t('Dislikes', 'title')), 'agree' => array('title' => t('Agree', 'title')), 'disagree' => array('title' => t('Disagree', 'title')), 'abstain' => array('title' => t('Abstain', 'title')), 'attendyes' => array('title' => t('Attending', 'title')), 'attendno' => array('title' => t('Not attending', 'title')), 'attendmaybe' => array('title' => t('Might attend', 'title')));
            if ($r) {
                foreach ($r as $item) {
                    builtin_activity_puller($item, $conv_responses);
                }
                $like_count = x($alike, $link_item['mid']) ? $alike[$link_item['mid']] : '';
                $like_list = x($alike, $link_item['mid']) ? $alike[$link_item['mid'] . '-l'] : '';
                if (count($like_list) > MAX_LIKERS) {
                    $like_list_part = array_slice($like_list, 0, MAX_LIKERS);
                    array_push($like_list_part, '<a href="#" data-toggle="modal" data-target="#likeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
                } else {
                    $like_list_part = '';
                }
                $like_button_label = tt('Like', 'Likes', $like_count, 'noun');
                //if (feature_enabled($conv->get_profile_owner(),'dislike')) {
                $dislike_count = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid']] : '';
                $dislike_list = x($dlike, $link_item['mid']) ? $dlike[$link_item['mid'] . '-l'] : '';
                $dislike_button_label = tt('Dislike', 'Dislikes', $dislike_count, 'noun');
                if (count($dislike_list) > MAX_LIKERS) {
                    $dislike_list_part = array_slice($dislike_list, 0, MAX_LIKERS);
                    array_push($dislike_list_part, '<a href="#" data-toggle="modal" data-target="#dislikeModal-' . $this->get_id() . '"><b>' . t('View all') . '</b></a>');
                } else {
                    $dislike_list_part = '';
                }
                //}
                $like = isset($alike[$link_item['mid']]) ? format_like($alike[$link_item['mid']], $alike[$link_item['mid'] . '-l'], 'like', $link_item['mid']) : '';
                $dislike = isset($dlike[$link_item['mid']]) ? format_like($dlike[$link_item['mid']], $dlike[$link_item['mid'] . '-l'], 'dislike', $link_item['mid']) : '';
                // display comments
                foreach ($r as $item) {
                    $comment = '';
                    $template = $tpl;
                    $sparkle = '';
                    if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
                        continue;
                    }
                    $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
                    $profile_url = zid($item['author']['xchan_url']);
                    $sparkle = '';
                    $profile_name = $item['author']['xchan_name'];
                    $profile_avatar = $item['author']['xchan_photo_m'];
                    $profile_link = $profile_url;
                    $drop = '';
                    if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) {
                        $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete')));
                    }
                    $name_e = $profile_name;
                    $title_e = $item['title'];
                    unobscure($item);
                    $body_e = prepare_text($item['body'], $item['mimetype']);
                    $comments .= replace_macros($template, array('$id' => $item['id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
                }
                if ($can_post || $can_comment) {
                    $commentbox = replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => ''));
                }
            }
            $paginate = paginate($a);
        }
        $album_e = array($album_link, $ph[0]['album']);
        $like_e = $like;
        $dislike_e = $dislike;
        $response_verbs = array('like');
        if (feature_enabled($owner_uid, 'dislike')) {
            $response_verbs[] = 'dislike';
        }
        $responses = get_responses($conv_responses, $response_verbs, '', $link_item);
        $photo_tpl = get_markup_template('photo_view.tpl');
        $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lockstate[1], '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$filename' => $ph[0]['filename'], '$unknown' => t('Unknown'), '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, 'responses' => $responses, '$edit' => $edit, '$map' => $map, '$map_text' => t('Map'), '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$like_count' => $like_count, '$like_list' => $like_list, '$like_list_part' => $like_list_part, '$like_button_label' => $like_button_label, '$like_modal_title' => t('Likes', 'noun'), '$dislike_modal_title' => t('Dislikes', 'noun'), '$dislike_count' => $dislike_count, '$dislike_list' => $dislike_list, '$dislike_list_part' => $dislike_list_part, '$dislike_button_label' => $dislike_button_label, '$modal_dismiss' => t('Close'), '$comments' => $comments, '$commentbox' => $commentbox, '$paginate' => $paginate));
        $a->data['photo_html'] = $o;
        return $o;
    }
    // Default - show recent photos with upload link (if applicable)
    //$o = '';
    $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand photo_usage in ( %d, %d ) and is_nsfw = %d {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe));
    if (count($r)) {
        $a->set_pager_total(count($r));
        $a->set_pager_itemspage(60);
    }
    $r = q("SELECT p.resource_id, p.id, p.filename, p.type, p.album, p.scale, p.created FROM photo p INNER JOIN \n\t\t(SELECT resource_id, max(scale) scale FROM photo \n\t\t\tWHERE uid=%d AND album != '%s' AND album != '%s' \n\t\t\tAND photo_usage IN ( %d, %d ) and is_nsfw = %d {$sql_extra} group by resource_id) ph \n\t\tON (p.resource_id = ph.resource_id and p.scale = ph.scale) ORDER by p.created DESC LIMIT %d OFFSET %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($unsafe), intval($a->pager['itemspage']), intval($a->pager['start']));
    $photos = array();
    if (count($r)) {
        $twist = 'rotright';
        foreach ($r as $rr) {
            if ($twist == 'rotright') {
                $twist = 'rotleft';
            } else {
                $twist = 'rotright';
            }
            $ext = $phototypes[$rr['type']];
            if ($a->get_template_engine() === 'internal') {
                $alt_e = template_escape($rr['filename']);
                $name_e = template_escape($rr['album']);
            } else {
                $alt_e = $rr['filename'];
                $name_e = $rr['album'];
            }
            $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
        }
    }
    if ($_REQUEST['aj']) {
        if ($photos) {
            $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
        } else {
            $o = '<div id="content-complete"></div>';
        }
        echo $o;
        killme();
    } else {
        $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
        $tpl = get_markup_template('photos_recent.tpl');
        $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos, '$upload_form' => $upload_form, '$usage' => $usage_message));
    }
    if (!$photos && $_REQUEST['aj']) {
        $o .= '<div id="content-complete"></div>';
        echo $o;
        killme();
    }
    //	paginate($a);
    return $o;
}
Ejemplo n.º 10
0
function item_check_service_class($channel_id, $iswebpage)
{
    $ret = array('success' => false, 'message' => '');
    if ($iswebpage) {
        $r = q("select count(i.id)  as total from item i \n\t\t\tright join channel c on (i.author_xchan=c.channel_hash and i.uid=c.channel_id )  \n\t\t\tand i.parent=i.id and i.item_type = %d and i.item_deleted = 0 and i.uid= %d ", intval(ITEM_TYPE_WEBPAGE), intval($channel_id));
    } else {
        $r = q("select count(id) as total from item where parent = id and item_wall = 1 and uid = %d " . item_normal(), intval($channel_id));
    }
    if (!$r) {
        $ret['message'] = t('Unable to obtain post information from database.');
        return $ret;
    }
    if (!$iswebpage) {
        $max = service_class_fetch($channel_id, 'total_items');
        if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) {
            $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max);
            return $result;
        }
    } else {
        $max = service_class_fetch($channel_id, 'total_pages');
        if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) {
            $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max);
            return $result;
        }
    }
    $ret['success'] = true;
    return $ret;
}
Ejemplo n.º 11
0
 /**
  * @brief Return quota usage.
  *
  * @fixme Should guests relly see the used/free values from filesystem of the
  * complete store directory?
  *
  * @return array with used and free values in bytes.
  */
 public function getQuotaInfo()
 {
     // values from the filesystem of the complete <i>store/</i> directory
     $limit = disk_total_space('store');
     $free = disk_free_space('store');
     if ($this->auth->owner_id) {
         $c = q("select * from channel where channel_id = %d and channel_removed = 0 limit 1", intval($this->auth->owner_id));
         $ulimit = engr_units_to_bytes(service_class_fetch($c[0]['channel_id'], 'attach_upload_limit'));
         $limit = $ulimit ? $ulimit : $limit;
         $x = q("select sum(filesize) as total from attach where aid = %d", intval($c[0]['channel_account_id']));
         $free = $x ? $limit - $x[0]['total'] : 0;
     }
     return array($limit - $free, $free);
 }
Ejemplo n.º 12
0
Archivo: photos.php Proyecto: Mauru/red
function photos_content(&$a)
{
    // URLs:
    // photos/name
    // photos/name/upload
    // photos/name/upload/xxxxx (xxxxx is album name)
    // photos/name/album/xxxxx
    // photos/name/album/xxxxx/edit
    // photos/name/image/xxxxx
    // photos/name/image/xxxxx/edit
    if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
        notice(t('Public access denied.') . EOL);
        return;
    }
    require_once 'include/bbcode.php';
    require_once 'include/security.php';
    require_once 'include/conversation.php';
    if (!x($a->data, 'channel')) {
        notice(t('No photos selected') . EOL);
        return;
    }
    $ph = photo_factory('');
    $phototypes = $ph->supportedTypes();
    $_SESSION['photo_return'] = $a->cmd;
    //
    // Parse arguments
    //
    $can_comment = perm_is_allowed($a->profile['profile_uid'], get_observer_hash(), 'post_comments');
    if (argc() > 3) {
        $datatype = argv(2);
        $datum = argv(3);
    } elseif (argc() > 2 && argv(2) === 'upload') {
        $datatype = 'upload';
    } else {
        $datatype = 'summary';
    }
    if (argc() > 4) {
        $cmd = argv(4);
    } else {
        $cmd = 'view';
    }
    //
    // Setup permissions structures
    //
    $can_post = false;
    $visitor = 0;
    $owner_uid = $a->data['channel']['channel_id'];
    $owner_aid = $a->data['channel']['channel_account_id'];
    $observer = $a->get_observer();
    $can_post = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'post_photos');
    $can_view = perm_is_allowed($owner_uid, $observer['xchan_hash'], 'view_photos');
    if (!$can_view) {
        notice(t('Access to this item is restricted.') . EOL);
        return;
    }
    $sql_extra = permissions_sql($owner_uid);
    $o = "";
    $o .= "<script> var profile_uid = " . $a->profile['profile_uid'] . "; var netargs = '?f='; var profile_page = " . $a->pager['page'] . "; </script>\r\n";
    // tabs
    $_is_owner = local_user() && local_user() == $owner_uid;
    $o .= profile_tabs($a, $_is_owner, $a->data['channel']['channel_address']);
    //
    // dispatch request
    //
    /**
     * Display upload form
     */
    if ($datatype === 'upload') {
        if (!$can_post) {
            notice(t('Permission denied.'));
            return;
        }
        if (array_key_exists('albums', $a->data)) {
            $albums = get_app()->data['albums'];
        } else {
            $albums = photos_albums_list($a->data['channel'], $a->data['observer']);
        }
        $selname = $datum ? hex2bin($datum) : '';
        $albumselect = '<select id="photos-upload-album-select" name="album" size="4">';
        $albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
        if (count($albums['albums'])) {
            foreach ($albums['albums'] as $album) {
                if (!$album['text']) {
                    continue;
                }
                $selected = $selname === $album['text'] ? ' selected="selected" ' : '';
                $albumselect .= '<option value="' . $album['text'] . '"' . $selected . '>' . $album['text'] . '</option>';
            }
        }
        $albumselect .= '</select>';
        $uploader = '';
        $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'], 'addon_text' => $uploader, 'default_upload' => true);
        call_hooks('photo_upload_form', $ret);
        $default_upload = '<input id="photos-upload-choose" type="file" name="userfile" /> 	<div class="photos-upload-submit-wrapper" >
		<input type="submit" name="submit" value="' . t('Submit') . '" id="photos-upload-submit" /> </div>';
        /* Show space usage */
        $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($a->data['channel']['channel_account_id']));
        $limit = service_class_fetch($a->data['channel']['channel_id'], 'photo_upload_limit');
        if ($limit !== false) {
            $usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
        } else {
            $usage_message = sprintf(t('You have used %1$.2f Mbytes of photo storage.'), $r[0]['total'] / 1024000);
        }
        if ($_is_owner) {
            $channel = $a->get_channel();
            $channel_acl = array('allow_cid' => $channel['channel_allow_cid'], 'allow_gid' => $channel['channel_allow_gid'], 'deny_cid' => $channel['channel_deny_cid'], 'deny_gid' => $channel['channel_deny_gid']);
        }
        $albumselect_e = $albumselect;
        $aclselect_e = $_is_owner ? populate_acl($channel_acl, false) : '';
        $tpl = get_markup_template('photos_upload.tpl');
        $o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['channel']['channel_address'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$uploader' => $ret['addon_text'], '$default' => $ret['default_upload'] ? $default_upload : '', '$uploadurl' => $ret['post_url']));
        return $o;
    }
    /*
     * Display a single photo album
     */
    if ($datatype === 'album') {
        if (strlen($datum) & 1 || !ctype_xdigit($datum)) {
            notice(t('Album name could not be decoded') . EOL);
            logger('mod_photos: illegal album encoding: ' . $datum);
            $datum = '';
        }
        $album = hex2bin($datum);
        $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($owner_uid), dbesc($album), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
        if (count($r)) {
            $a->set_pager_total(count($r));
            $a->set_pager_itemspage(60);
        }
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $r = q("SELECT `resource_id`, `id`, `filename`, type, max(`scale`) AS `scale`, `description` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 and (photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intvaL(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage']));
        $o .= '<h3>' . $album . '</h3>';
        if ($cmd === 'edit') {
            if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
                if ($can_post) {
                    if ($a->get_template_engine() === 'internal') {
                        $album_e = template_escape($album);
                    } else {
                        $album_e = $album;
                    }
                    $edit_tpl = get_markup_template('album_edit.tpl');
                    $o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['channel']['channel_address'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
                }
            }
        } else {
            if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
                if ($can_post) {
                    $o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
                }
            }
        }
        if ($_GET['order'] === 'posted') {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>';
        } else {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>';
        }
        if ($can_post) {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>';
        }
        $ajaxout = '';
        $tpl = get_markup_template('photo_album.tpl');
        if (count($r)) {
            $twist = 'rotright';
            $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
            $o .= '<div id="photo-album-contents">';
            foreach ($r as $rr) {
                if ($twist == 'rotright') {
                    $twist = 'rotleft';
                } else {
                    $twist = 'rotright';
                }
                $ext = $phototypes[$rr['type']];
                $imgalt_e = $rr['filename'];
                $desc_e = $rr['description'];
                // prettyphoto has potential license issues, so we can no longer include it in core
                // The following lines would need to be modified so that they are provided in theme specific files
                // instead of core modules for themes that wish to make use of prettyphoto. I would suggest
                // the feature as a per-theme display option and putting the rel line inside a template.
                //				if(feature_enabled($a->data['channel']['channel_id'],'prettyphoto')){
                //				      $imagelink = ($a->get_baseurl() . '/photo/' . $rr['resource_id'] . '.' . $ext );
                //				      $rel=("prettyPhoto[pp_gal]");
                //				}
                //				else {
                $imagelink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
                $rel = "photo";
                //				}
                $tmp = replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $imagelink, '$rel' => $rel, '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e, '$ext' => $ext, '$hash' => $rr['resource_id']));
                if ($_REQUEST['aj']) {
                    $ajaxout .= $tmp;
                } else {
                    $o .= $tmp;
                }
            }
        }
        if ($_REQUEST['aj']) {
            if (!$r) {
                $ajaxout .= '<div id="content-complete"></div>';
            }
            echo $ajaxout;
            killme();
        }
        $o .= '<div id="page-end"></div>';
        $o .= '</div>';
        // photo-album-contents
        $o .= '<div id="photo-album-end"></div>';
        $o .= '<script>$(document).ready(function() { loadingPage = false;});</script>';
        $o .= '<div id="page-spinner"></div>';
        //		$o .= paginate($a);
        return $o;
    }
    /** 
     * Display one photo
     */
    if ($datatype === 'image') {
        // fetch image, item containing image, then comments
        $ph = q("SELECT aid,uid,xchan,resource_id,created,edited,title,`description`,album,filename,`type`,height,width,`size`,scale,profile,photo_flags,allow_cid,allow_gid,deny_cid,deny_gid FROM `photo` WHERE `uid` = %d AND `resource_id` = '%s' \n\t\t\tand (photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
        if (!$ph) {
            /* Check again - this time without specifying permissions */
            $ph = q("SELECT id FROM photo WHERE uid = %d AND resource_id = '%s' \n\t\t\t\tand ( photo_flags = %d or photo_flags = %d )\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
            if ($ph) {
                notice(t('Permission denied. Access to this item may be restricted.') . EOL);
            } else {
                notice(t('Photo not available') . EOL);
            }
            return;
        }
        $prevlink = '';
        $nextlink = '';
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $prvnxt = q("SELECT `resource_id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0 \n\t\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
        if (count($prvnxt)) {
            for ($z = 0; $z < count($prvnxt); $z++) {
                if ($prvnxt[$z]['resource_id'] == $ph[0]['resource_id']) {
                    $prv = $z - 1;
                    $nxt = $z + 1;
                    if ($prv < 0) {
                        $prv = count($prvnxt) - 1;
                    }
                    if ($nxt >= count($prvnxt)) {
                        $nxt = 0;
                    }
                    break;
                }
            }
            $prevlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$prv]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
            $nextlink = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $prvnxt[$nxt]['resource_id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
        }
        if (count($ph) == 1) {
            $hires = $lores = $ph[0];
        }
        if (count($ph) > 1) {
            if ($ph[1]['scale'] == 2) {
                // original is 640 or less, we can display it directly
                $hires = $lores = $ph[0];
            } else {
                $hires = $ph[0];
                $lores = $ph[1];
            }
        }
        $album_link = $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($ph[0]['album']);
        $tools = Null;
        $lock = Null;
        if ($can_post && $ph[0]['uid'] == $owner_uid) {
            $tools = array('profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource_id'], t('Use as profile photo')));
            // lock
            $lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null;
        }
        $a->page['htmlhead'] .= '<script>$(document).keydown(function(event) {' . "\n";
        if ($prevlink) {
            $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 37) { event.preventDefault(); window.location.href = \'' . $prevlink . '\'; }' . "\n";
        }
        if ($nextlink) {
            $a->page['htmlhead'] .= 'if(event.ctrlKey && event.keyCode == 39) { event.preventDefault(); window.location.href = \'' . $nextlink . '\'; }' . "\n";
        }
        $a->page['htmlhead'] .= '});</script>';
        if ($prevlink) {
            $prevlink = array($prevlink, '<i class="icon-backward photo-icons""></i>');
        }
        $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource_id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource_id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'));
        if ($nextlink) {
            $nextlink = array($nextlink, '<i class="icon-forward photo-icons"></i>');
        }
        // Do we have an item for this photo?
        $linked_items = q("SELECT * FROM item WHERE resource_id = '%s' and resource_type = 'photo' \n\t\t\t{$sql_extra} LIMIT 1", dbesc($datum));
        if ($linked_items) {
            xchan_query($linked_items);
            $linked_items = fetch_post_tags($linked_items, true);
            $link_item = $linked_items[0];
            $r = q("select * from item where parent_mid = '%s' \n\t\t\t\tand item_restrict = 0 and uid = %d {$sql_extra} ", dbesc($link_item['mid']), intval($link_item['uid']));
            if ($r) {
                xchan_query($r);
                $r = fetch_post_tags($r, true);
                $r = conv_sort($r, 'commented');
            }
            $tags = array();
            if ($link_item['term']) {
                $cnt = 0;
                foreach ($link_item['term'] as $t) {
                    $tags[$cnt] = array(0 => format_term_for_display($t));
                }
                if ($can_post && $ph[0]['uid'] == $owner_uid) {
                    $tags[$cnt][1] = 'tagrm?f=&item=' . $link_item['id'];
                    $tags[$cnt][2] = t('Remove');
                }
                $cnt++;
            }
            if (local_user() && local_user() == $link_item['uid']) {
                q("UPDATE `item` SET item_flags = (item_flags ^ %d) WHERE parent = %d and uid = %d and (item_flags & %d)", intval(ITEM_UNSEEN), intval($link_item['parent']), intval(local_user()), intval(ITEM_UNSEEN));
            }
        }
        //		logger('mod_photo: link_item' . print_r($link_item,true));
        // FIXME - remove this when we move to conversation module
        $r = $r[0]['children'];
        $edit = null;
        if ($can_post) {
            if (array_key_exists('albums', $a->data)) {
                $albums = get_app()->data['albums'];
            } else {
                $albums = photos_albums_list($a->data['channel'], $a->data['observer']);
            }
            $album_e = $ph[0]['album'];
            $caption_e = $ph[0]['description'];
            $aclselect_e = populate_acl($ph[0]);
            $edit = array('edit' => t('Edit photo'), 'id' => $ph[0]['id'], 'rotatecw' => t('Rotate CW (right)'), 'rotateccw' => t('Rotate CCW (left)'), 'albums' => $albums['albums'], 'album' => $album_e, 'newalbum' => t('New album name'), 'nickname' => $a->data['channel']['channel_address'], 'resource_id' => $ph[0]['resource_id'], 'capt_label' => t('Caption'), 'caption' => $caption_e, 'tag_label' => t('Add a Tag'), 'permissions' => t('Permissions'), 'aclselect' => $aclselect_e, 'help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), 'item_id' => count($linked_items) ? $link_item['id'] : 0, 'submit' => t('Submit'), 'delete' => t('Delete Photo'));
        }
        if (count($linked_items)) {
            $cmnt_tpl = get_markup_template('comment_item.tpl');
            $tpl = get_markup_template('photo_item.tpl');
            $return_url = $a->cmd;
            $like_tpl = get_markup_template('like_noshare.tpl');
            $likebuttons = '';
            if ($can_post || $can_comment) {
                $likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => t("I don't like this (toggle)"), '$share' => t('Share'), '$wait' => t('Please wait')));
            }
            $comments = '';
            if (!count($r)) {
                if ($can_post || $can_comment) {
                    $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$mode' => 'photos', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$ww' => '', '$feature_encrypt' => false));
                }
            }
            $alike = array();
            $dlike = array();
            $like = '';
            $dislike = '';
            // display comments
            if ($r) {
                foreach ($r as $item) {
                    like_puller($a, $item, $alike, 'like');
                    like_puller($a, $item, $dlike, 'dislike');
                }
                $like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : '';
                $dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : '';
                foreach ($r as $item) {
                    $comment = '';
                    $template = $tpl;
                    $sparkle = '';
                    if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
                        continue;
                    }
                    $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
                    $profile_url = zid($item['author']['xchan_url']);
                    $sparkle = '';
                    $profile_name = $item['author']['xchan_name'];
                    $profile_avatar = $item['author']['xchan_photo_m'];
                    $profile_link = $profile_url;
                    $drop = '';
                    if ($observer['xchan_hash'] === $item['author_xchan'] || $observer['xchan_hash'] === $item['owner_xchan']) {
                        $drop = replace_macros(get_markup_template('photo_drop.tpl'), array('$id' => $item['id'], '$delete' => t('Delete')));
                    }
                    $name_e = $profile_name;
                    $title_e = $item['title'];
                    unobscure($item);
                    $body_e = prepare_text($item['body'], $item['mimetype']);
                    $comments .= replace_macros($template, array('$id' => $item['item_id'], '$mode' => 'photos', '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
                }
                if ($can_post || $can_comment) {
                    $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $observer['xchan_url'], '$mytitle' => t('This is you'), '$myphoto' => $observer['xchan_photo_s'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$ww' => ''));
                }
            }
            $paginate = paginate($a);
        }
        $album_e = array($album_link, $ph[0]['album']);
        $like_e = $like;
        $dislike_e = $dislike;
        $photo_tpl = get_markup_template('photo_view.tpl');
        $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['description'], '$tag_hdr' => t('In This Photo:'), '$tags' => $tags, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dislike_e, '$comments' => $comments, '$paginate' => $paginate));
        $a->data['photo_html'] = $o;
        return $o;
    }
    // Default - show recent photos with upload link (if applicable)
    //$o = '';
    $r = q("SELECT `resource_id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\tand ( photo_flags = %d or photo_flags = %d ) {$sql_extra} GROUP BY `resource_id`", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE));
    if (count($r)) {
        $a->set_pager_total(count($r));
        $a->set_pager_itemspage(60);
    }
    $r = q("SELECT `resource_id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'\n\t\tand ( photo_flags = %d or photo_flags = %d )  \n\t\t{$sql_extra} GROUP BY `resource_id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['channel']['channel_id']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval(PHOTO_NORMAL), intval(PHOTO_PROFILE), intval($a->pager['start']), intval($a->pager['itemspage']));
    $photos = array();
    if (count($r)) {
        $twist = 'rotright';
        foreach ($r as $rr) {
            if ($twist == 'rotright') {
                $twist = 'rotleft';
            } else {
                $twist = 'rotright';
            }
            $ext = $phototypes[$rr['type']];
            if ($a->get_template_engine() === 'internal') {
                $alt_e = template_escape($rr['filename']);
                $name_e = template_escape($rr['album']);
            } else {
                $alt_e = $rr['filename'];
                $name_e = $rr['album'];
            }
            $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/image/' . $rr['resource_id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource_id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
        }
    }
    if ($_REQUEST['aj']) {
        if ($photos) {
            $o = replace_macros(get_markup_template('photosajax.tpl'), array('$photos' => $photos));
        } else {
            $o = '<div id="content-complete"></div>';
        }
        echo $o;
        killme();
    } else {
        $o .= "<script> var page_query = '" . $_GET['q'] . "'; var extra_args = '" . extra_query_args() . "' ; </script>";
        $tpl = get_markup_template('photos_recent.tpl');
        $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['channel']['channel_address'] . '/upload'), '$photos' => $photos));
    }
    if (!$photos && $_REQUEST['aj']) {
        $o .= '<div id="content-complete"></div>';
        echo $o;
        killme();
    }
    //	$o .= paginate($a);
    return $o;
}
Ejemplo n.º 13
0
/**
 * @brief
 *
 * @param array $channel
 * @param array $observer
 * @param array $args
 * @return array
 */
function photo_upload($channel, $observer, $args)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $account_id = $channel['channel_account_id'];
    if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    //	call_hooks('photo_upload_begin', $args);
    /*
     * Determine the album to use
     */
    $album = $args['album'];
    if (intval($args['visible']) || $args['visible'] === 'true') {
        $visible = 1;
    } else {
        $visible = 0;
    }
    $deliver = true;
    if (array_key_exists('deliver', $args)) {
        $deliver = intval($args['deliver']);
    }
    // Set to default channel permissions. If the parent directory (album) has permissions set,
    // use those instead. If we have specific permissions supplied, they take precedence over
    // all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
    // ...messy... needs re-factoring once the photos/files integration stabilises
    $acl = new Zotlabs\Access\AccessList($channel);
    if (array_key_exists('directory', $args) && $args['directory']) {
        $acl->set($args['directory']);
    }
    if (array_key_exists('allow_cid', $args)) {
        $acl->set($args);
    }
    if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
        $acl->set_from_array($args);
    }
    $ac = $acl->get();
    $os_storage = 0;
    if ($args['os_path'] && $args['getimagesize']) {
        $imagedata = @file_get_contents($args['os_path']);
        $filename = $args['filename'];
        $filesize = strlen($imagedata);
        // this is going to be deleted if it exists
        $src = '/tmp/deletemenow';
        $type = $args['getimagesize']['mime'];
        $os_storage = 1;
    } elseif ($args['data'] || $args['content']) {
        // allow an import from a binary string representing the image.
        // This bypasses the upload step and max size limit checking
        $imagedata = $args['content'] ? $args['content'] : $args['data'];
        $filename = $args['filename'];
        $filesize = strlen($imagedata);
        // this is going to be deleted if it exists
        $src = '/tmp/deletemenow';
        $type = $args['mimetype'] ? $args['mimetype'] : $args['type'];
    } else {
        $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
        //		call_hooks('photo_upload_file',$f);
        if (x($f, 'src') && x($f, 'filesize')) {
            $src = $f['src'];
            $filename = $f['filename'];
            $filesize = $f['filesize'];
            $type = $f['type'];
        } else {
            $src = $_FILES['userfile']['tmp_name'];
            $filename = basename($_FILES['userfile']['name']);
            $filesize = intval($_FILES['userfile']['size']);
            $type = $_FILES['userfile']['type'];
        }
        if (!$type) {
            $type = guess_image_type($filename);
        }
        logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
        $maximagesize = get_config('system', 'maximagesize');
        if ($maximagesize && $filesize > $maximagesize) {
            $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
            @unlink($src);
            call_hooks('photo_upload_end', $ret);
            return $ret;
        }
        if (!$filesize) {
            $ret['message'] = t('Image file is empty.');
            @unlink($src);
            call_hooks('photo_post_end', $ret);
            return $ret;
        }
        logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
        $imagedata = @file_get_contents($src);
    }
    $r = q("select sum(filesize) as total from photo where aid = %d and imgscale = 0 ", intval($account_id));
    $limit = engr_units_to_bytes(service_class_fetch($channel_id, 'photo_upload_limit'));
    if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        $ret['message'] = upgrade_message();
        @unlink($src);
        call_hooks('photo_post_end', $ret);
        return $ret;
    }
    $ph = photo_factory($imagedata, $type);
    if (!$ph->is_valid()) {
        $ret['message'] = t('Unable to process image');
        logger('photo_upload: unable to process image');
        @unlink($src);
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    $exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
    @unlink($src);
    $max_length = get_config('system', 'max_image_length');
    if (!$max_length) {
        $max_length = MAX_IMAGE_LENGTH;
    }
    if ($max_length > 0) {
        $ph->scaleImage($max_length);
    }
    $width = $ph->getWidth();
    $height = $ph->getHeight();
    $smallest = 0;
    $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
    $visitor = '';
    if ($channel['channel_hash'] !== $observer['xchan_hash']) {
        $visitor = $observer['xchan_hash'];
    }
    $errors = false;
    $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'imgscale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
    if ($args['created']) {
        $p['created'] = $args['created'];
    }
    if ($args['edited']) {
        $p['edited'] = $args['edited'];
    }
    if ($args['title']) {
        $p['title'] = $args['title'];
    }
    if ($args['description']) {
        $p['description'] = $args['description'];
    }
    $link = array();
    $r0 = $ph->save($p);
    $link[0] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-0.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
    if (!$r0) {
        $errors = true;
    }
    unset($p['os_storage']);
    unset($p['os_path']);
    if (($width > 1024 || $height > 1024) && !$errors) {
        $ph->scaleImage(1024);
    }
    $p['imgscale'] = 1;
    $r1 = $ph->save($p);
    $link[1] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-1.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
    if (!$r1) {
        $errors = true;
    }
    if (($width > 640 || $height > 640) && !$errors) {
        $ph->scaleImage(640);
    }
    $p['imgscale'] = 2;
    $r2 = $ph->save($p);
    $link[2] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-2.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
    if (!$r2) {
        $errors = true;
    }
    if (($width > 320 || $height > 320) && !$errors) {
        $ph->scaleImage(320);
    }
    $p['imgscale'] = 3;
    $r3 = $ph->save($p);
    $link[3] = array('rel' => 'alternate', 'type' => 'text/html', 'href' => z_root() . '/photo/' . $photo_hash . '-3.' . $ph->getExt(), 'width' => $ph->getWidth(), 'height' => $ph->getHeight());
    if (!$r3) {
        $errors = true;
    }
    if ($errors) {
        q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
        $ret['message'] = t('Photo storage failed.');
        logger('photo_upload: photo store failed.');
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    $item_hidden = $visible ? 0 : 1;
    $lat = $lon = null;
    if ($exif && $exif['GPS']) {
        if (feature_enabled($channel_id, 'photo_location')) {
            $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
            $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
        }
    }
    $title = $args['description'] ? $args['description'] : $args['filename'];
    $large_photos = feature_enabled($channel['channel_id'], 'large_photos');
    linkify_tags($a, $args['body'], $channel_id);
    if ($large_photos) {
        $scale = 1;
        $width = $link[1]['width'];
        $height = $link[1]['height'];
        $tag = $r1 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
    } else {
        $scale = 2;
        $width = $link[2]['width'];
        $height = $link[2]['height'];
        $tag = $r2 ? '[zmg=' . $width . 'x' . $height . ']' : '[zmg]';
    }
    $author_link = '[zrl=' . z_root() . '/channel/' . $channel['channel_address'] . ']' . $channel['channel_name'] . '[/zrl]';
    $photo_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . t('a new photo') . '[/zrl]';
    $album_link = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album) . ']' . (strlen($album) ? $album : '/') . '[/zrl]';
    $activity_format = sprintf(t('%1$s posted %2$s to %3$s', 'photo_upload'), $author_link, $photo_link, $album_link);
    $summary = ($args['body'] ? $args['body'] : '') . '[footer]' . $activity_format . '[/footer]';
    $obj_body = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$scale}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
    // Create item object
    $object = array('type' => ACTIVITY_OBJ_PHOTO, 'title' => $title, 'created' => $p['created'], 'edited' => $p['edited'], 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash, 'link' => $link, 'body' => $obj_body);
    $target = array('type' => ACTIVITY_OBJ_ALBUM, 'title' => $album ? $album : '/', 'id' => z_root() . '/photos/' . $channel['channel_address'] . '/album/' . bin2hex($album));
    // Create item container
    if ($args['item']) {
        foreach ($args['item'] as $i) {
            $item = get_item_elements($i);
            $force = false;
            if ($item['mid'] === $item['parent_mid']) {
                $item['body'] = $summary;
                $item['obj_type'] = ACTIVITY_OBJ_PHOTO;
                $item['obj'] = json_encode($object);
                $item['tgt_type'] = ACTIVITY_OBJ_ALBUM;
                $item['target'] = json_encode($target);
                if ($item['author_xchan'] === $channel['channel_hash']) {
                    $item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
                    $item['item_verified'] = 1;
                } else {
                    $item['sig'] = '';
                }
                $force = true;
            }
            $r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
            if ($r) {
                if ($item['edited'] > $r[0]['edited'] || $force) {
                    $item['id'] = $r[0]['id'];
                    $item['uid'] = $channel['channel_id'];
                    item_store_update($item, false, $deliver);
                    continue;
                }
            } else {
                $item['aid'] = $channel['channel_account_id'];
                $item['uid'] = $channel['channel_id'];
                $item_result = item_store($item, false, $deliver);
            }
        }
    } else {
        $mid = item_message_id();
        $arr = array();
        if ($lat && $lon) {
            $arr['coord'] = $lat . ' ' . $lon;
        }
        $arr['aid'] = $account_id;
        $arr['uid'] = $channel_id;
        $arr['mid'] = $mid;
        $arr['parent_mid'] = $mid;
        $arr['item_hidden'] = $item_hidden;
        $arr['resource_type'] = 'photo';
        $arr['resource_id'] = $photo_hash;
        $arr['owner_xchan'] = $channel['channel_hash'];
        $arr['author_xchan'] = $observer['xchan_hash'];
        $arr['title'] = $title;
        $arr['allow_cid'] = $ac['allow_cid'];
        $arr['allow_gid'] = $ac['allow_gid'];
        $arr['deny_cid'] = $ac['deny_cid'];
        $arr['deny_gid'] = $ac['deny_gid'];
        $arr['verb'] = ACTIVITY_POST;
        $arr['obj_type'] = ACTIVITY_OBJ_PHOTO;
        $arr['obj'] = json_encode($object);
        $arr['tgt_type'] = ACTIVITY_OBJ_ALBUM;
        $arr['target'] = json_encode($target);
        $arr['item_wall'] = 1;
        $arr['item_origin'] = 1;
        $arr['item_thread_top'] = 1;
        $arr['item_private'] = intval($acl->is_private());
        $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
        $arr['body'] = $summary;
        // this one is tricky because the item and the photo have the same permissions, those of the photo.
        // Use the channel read_stream permissions to get the correct public_policy for the item and recalculate the
        // private flag accordingly. This may cause subtle bugs due to custom permissions roles. We want to use
        // public policy when federating items to other sites, but should probably ignore them when accessing the item
        // in the photos pages - using the photos permissions instead. We need the public policy to keep the photo
        // linked item from leaking into the feed when somebody has a channel with read_stream restrictions.
        $arr['public_policy'] = map_scope($channel['channel_r_stream'], true);
        if ($arr['public_policy']) {
            $arr['item_private'] = 1;
        }
        $result = item_store($arr, false, $deliver);
        $item_id = $result['item_id'];
        if ($visible && $deliver) {
            Zotlabs\Daemon\Master::Summon(array('Notifier', 'wall-new', $item_id));
        }
    }
    $ret['success'] = true;
    $ret['item'] = $arr;
    $ret['body'] = $obj_body;
    $ret['resource_id'] = $photo_hash;
    $ret['photoitem_id'] = $item_id;
    call_hooks('photo_upload_end', $ret);
    return $ret;
}
Ejemplo n.º 14
0
 /**
  * @brief Creates the directory listing for the given path.
  *
  * @param string $path which should be displayed
  */
 public function generateDirectoryIndex($path)
 {
     // (owner_id = channel_id) is visitor owner of this directory?
     $is_owner = local_channel() && $this->auth->owner_id == local_channel() ? true : false;
     if ($this->auth->getTimezone()) {
         date_default_timezone_set($this->auth->getTimezone());
     }
     require_once 'include/conversation.php';
     require_once 'include/text.php';
     if ($this->auth->owner_nick) {
         $html = profile_tabs(get_app(), $is_owner ? true : false, $this->auth->owner_nick);
     }
     $files = $this->server->getPropertiesForPath($path, array('{DAV:}displayname', '{DAV:}resourcetype', '{DAV:}getcontenttype', '{DAV:}getcontentlength', '{DAV:}getlastmodified'), 1);
     $parent = $this->server->tree->getNodeForPath($path);
     $parentpath = array();
     // only show parent if not leaving /cloud/; TODO how to improve this?
     if ($path && $path != "cloud") {
         list($parentUri) = DAV\URLUtil::splitPath($path);
         $fullPath = DAV\URLUtil::encodePath($this->server->getBaseUri() . $parentUri);
         $parentpath['icon'] = $this->enableAssets ? '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl('icons/parent' . $this->iconExtension) . '" width="24" alt="' . t('parent') . '"></a>' : '';
         $parentpath['path'] = $fullPath;
     }
     $f = array();
     foreach ($files as $file) {
         $ft = array();
         $type = null;
         // This is the current directory, we can skip it
         if (rtrim($file['href'], '/') == $path) {
             continue;
         }
         list(, $name) = DAV\URLUtil::splitPath($file['href']);
         if (isset($file[200]['{DAV:}resourcetype'])) {
             $type = $file[200]['{DAV:}resourcetype']->getValue();
             // resourcetype can have multiple values
             if (!is_array($type)) {
                 $type = array($type);
             }
             foreach ($type as $k => $v) {
                 // Some name mapping is preferred
                 switch ($v) {
                     case '{DAV:}collection':
                         $type[$k] = t('Collection');
                         break;
                     case '{DAV:}principal':
                         $type[$k] = t('Principal');
                         break;
                     case '{urn:ietf:params:xml:ns:carddav}addressbook':
                         $type[$k] = t('Addressbook');
                         break;
                     case '{urn:ietf:params:xml:ns:caldav}calendar':
                         $type[$k] = t('Calendar');
                         break;
                     case '{urn:ietf:params:xml:ns:caldav}schedule-inbox':
                         $type[$k] = t('Schedule Inbox');
                         break;
                     case '{urn:ietf:params:xml:ns:caldav}schedule-outbox':
                         $type[$k] = t('Schedule Outbox');
                         break;
                     case '{http://calendarserver.org/ns/}calendar-proxy-read':
                         $type[$k] = 'Proxy-Read';
                         break;
                     case '{http://calendarserver.org/ns/}calendar-proxy-write':
                         $type[$k] = 'Proxy-Write';
                         break;
                 }
             }
             $type = implode(', ', $type);
         }
         // If no resourcetype was found, we attempt to use
         // the contenttype property
         if (!$type && isset($file[200]['{DAV:}getcontenttype'])) {
             $type = $file[200]['{DAV:}getcontenttype'];
         }
         if (!$type) {
             $type = t('Unknown');
         }
         $size = isset($file[200]['{DAV:}getcontentlength']) ? (int) $file[200]['{DAV:}getcontentlength'] : '';
         $lastmodified = isset($file[200]['{DAV:}getlastmodified']) ? $file[200]['{DAV:}getlastmodified']->getTime()->format('Y-m-d H:i:s') : '';
         $fullPath = DAV\URLUtil::encodePath('/' . trim($this->server->getBaseUri() . ($path ? $path . '/' : '') . $name, '/'));
         $displayName = isset($file[200]['{DAV:}displayname']) ? $file[200]['{DAV:}displayname'] : $name;
         $displayName = $this->escapeHTML($displayName);
         $type = $this->escapeHTML($type);
         $icon = '';
         if ($this->enableAssets) {
             $node = $this->server->tree->getNodeForPath(($path ? $path . '/' : '') . $name);
             foreach (array_reverse($this->iconMap) as $class => $iconName) {
                 if ($node instanceof $class) {
                     $icon = '<a href="' . $fullPath . '"><img src="' . $this->getAssetUrl($iconName . $this->iconExtension) . '" alt="" width="24"></a>';
                     break;
                 }
             }
         }
         $parentHash = '';
         $owner = $this->auth->owner_id;
         $splitPath = split('/', $fullPath);
         if (count($splitPath) > 3) {
             for ($i = 3; $i < count($splitPath); $i++) {
                 $attachName = urldecode($splitPath[$i]);
                 $attachHash = $this->findAttachHash($owner, $parentHash, $attachName);
                 $parentHash = $attachHash;
             }
         }
         $attachIcon = "";
         // "<a href=\"attach/".$attachHash."\" title=\"".$displayName."\"><i class=\"icon-download\"></i></a>";
         // put the array for this file together
         $ft['attachId'] = $this->findAttachIdByHash($attachHash);
         $ft['fileStorageUrl'] = substr($fullPath, 0, strpos($fullPath, "cloud/")) . "filestorage/" . $this->auth->getCurrentUser();
         $ft['icon'] = $icon;
         $ft['attachIcon'] = $size ? $attachIcon : '';
         // @todo Should this be an item value, not a global one?
         $ft['is_owner'] = $is_owner;
         $ft['fullPath'] = $fullPath;
         $ft['displayName'] = $displayName;
         $ft['type'] = $type;
         $ft['size'] = $size;
         $ft['sizeFormatted'] = userReadableSize($size);
         $ft['lastmodified'] = $lastmodified ? datetime_convert('UTC', date_default_timezone_get(), $lastmodified) : '';
         $ft['iconFromType'] = getIconFromType($type);
         $f[] = $ft;
     }
     // Storage and quota for the account (all channels of the owner of this directory)!
     $limit = service_class_fetch($owner, 'attach_upload_limit');
     $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
     $used = $r[0]['total'];
     if ($used) {
         $quotaDesc = t('%1$s used');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used));
     }
     if ($limit && $used) {
         $quotaDesc = t('%1$s used of %2$s (%3$s&#37;)');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1));
     }
     // prepare quota for template
     $quota = array();
     $quota['used'] = $used;
     $quota['limit'] = $limit;
     $quota['desc'] = $quotaDesc;
     $output = '';
     if ($this->enablePost) {
         $this->server->broadcastEvent('onHTMLActionsPanel', array($parent, &$output));
     }
     $html .= replace_macros(get_markup_template('cloud.tpl'), array('$header' => t('Files') . ": " . $this->escapeHTML($path) . "/", '$quota' => $quota, '$total' => t('Total'), '$actionspanel' => $output, '$shared' => t('Shared'), '$create' => t('Create'), '$upload' => t('Upload'), '$is_owner' => $is_owner, '$parentpath' => $parentpath, '$entries' => $f, '$name' => t('Name'), '$type' => t('Type'), '$size' => t('Size'), '$lastmod' => t('Last Modified'), '$parent' => t('parent'), '$edit' => t('Edit'), '$delete' => t('Delete'), '$nick' => $this->auth->getCurrentUser()));
     $a = get_app();
     $a->page['content'] = $html;
     load_pdl($a);
     $theme_info_file = "view/theme/" . current_theme() . "/php/theme.php";
     if (file_exists($theme_info_file)) {
         require_once $theme_info_file;
         if (function_exists(str_replace('-', '_', current_theme()) . '_init')) {
             $func = str_replace('-', '_', current_theme()) . '_init';
             $func($a);
         }
     }
     construct_page($a);
 }
Ejemplo n.º 15
0
/**
 * @brief
 *
 * @param array $channel
 * @param array $observer
 * @param array $args
 * @return array
 */
function photo_upload($channel, $observer, $args)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $account_id = $channel['channel_account_id'];
    if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'post_photos')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    call_hooks('photo_upload_begin', $args);
    /*
     * Determine the album to use
     */
    $album = $args['album'];
    $newalbum = $args['newalbum'];
    logger('photo_upload: album= ' . $album . ' newalbum= ' . $newalbum, LOGGER_DEBUG);
    if (!$album) {
        if ($newalbum) {
            $album = $newalbum;
        } else {
            $album = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m');
        }
    }
    if (intval($args['visible']) || $args['visible'] === 'true') {
        $visible = 1;
    } else {
        $visible = 0;
    }
    $str_group_allow = perms2str(is_array($args['group_allow']) ? $args['group_allow'] : explode(',', $args['group_allow']));
    $str_contact_allow = perms2str(is_array($args['contact_allow']) ? $args['contact_allow'] : explode(',', $args['contact_allow']));
    $str_group_deny = perms2str(is_array($args['group_deny']) ? $args['group_deny'] : explode(',', $args['group_deny']));
    $str_contact_deny = perms2str(is_array($args['contact_deny']) ? $args['contact_deny'] : explode(',', $args['contact_deny']));
    if ($args['data']) {
        // allow an import from a binary string representing the image.
        // This bypasses the upload step and max size limit checking
        $imagedata = $args['data'];
        $filename = $args['filename'];
        $filesize = strlen($imagedata);
        // this is going to be deleted if it exists
        $src = '/tmp/deletemenow';
        $type = $args['type'];
    } else {
        $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
        call_hooks('photo_upload_file', $f);
        if (x($f, 'src') && x($f, 'filesize')) {
            $src = $f['src'];
            $filename = $f['filename'];
            $filesize = $f['filesize'];
            $type = $f['type'];
        } else {
            $src = $_FILES['userfile']['tmp_name'];
            $filename = basename($_FILES['userfile']['name']);
            $filesize = intval($_FILES['userfile']['size']);
            $type = $_FILES['userfile']['type'];
        }
        if (!$type) {
            $type = guess_image_type($filename);
        }
        logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
        $maximagesize = get_config('system', 'maximagesize');
        if ($maximagesize && $filesize > $maximagesize) {
            $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
            @unlink($src);
            call_hooks('photo_upload_end', $ret);
            return $ret;
        }
        if (!$filesize) {
            $ret['message'] = t('Image file is empty.');
            @unlink($src);
            call_hooks('photo_post_end', $ret);
            return $ret;
        }
        logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
        $imagedata = @file_get_contents($src);
    }
    $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
    $limit = service_class_fetch($channel_id, 'photo_upload_limit');
    if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        $ret['message'] = upgrade_message();
        @unlink($src);
        call_hooks('photo_post_end', $ret);
        return $ret;
    }
    $ph = photo_factory($imagedata, $type);
    if (!$ph->is_valid()) {
        $ret['message'] = t('Unable to process image');
        logger('photo_upload: unable to process image');
        @unlink($src);
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    $exif = $ph->orient($src);
    @unlink($src);
    $max_length = get_config('system', 'max_image_length');
    if (!$max_length) {
        $max_length = MAX_IMAGE_LENGTH;
    }
    if ($max_length > 0) {
        $ph->scaleImage($max_length);
    }
    $width = $ph->getWidth();
    $height = $ph->getHeight();
    $smallest = 0;
    $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
    $visitor = '';
    if ($channel['channel_hash'] !== $observer['xchan_hash']) {
        $visitor = $observer['xchan_hash'];
    }
    $errors = false;
    $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_flags' => PHOTO_NORMAL, 'allow_cid' => $str_contact_allow, 'allow_gid' => $str_group_allow, 'deny_cid' => $str_contact_deny, 'deny_gid' => $str_group_deny);
    if ($args['created']) {
        $p['created'] = $args['created'];
    }
    if ($args['edited']) {
        $p['edited'] = $args['edited'];
    }
    if ($args['title']) {
        $p['title'] = $args['title'];
    }
    if ($args['description']) {
        $p['description'] = $args['description'];
    }
    $r1 = $ph->save($p);
    if (!$r1) {
        $errors = true;
    }
    if (($width > 640 || $height > 640) && !$errors) {
        $ph->scaleImage(640);
        $p['scale'] = 1;
        $r2 = $ph->save($p);
        $smallest = 1;
        if (!$r2) {
            $errors = true;
        }
    }
    if (($width > 320 || $height > 320) && !$errors) {
        $ph->scaleImage(320);
        $p['scale'] = 2;
        $r3 = $ph->save($p);
        $smallest = 2;
        if (!$r3) {
            $errors = true;
        }
    }
    if ($errors) {
        q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
        $ret['message'] = t('Photo storage failed.');
        logger('photo_upload: photo store failed.');
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    // This will be the width and height of the smallest representation
    $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
    $mid = item_message_id();
    // Create item container
    $lat = $lon = null;
    if ($exif && $exif['GPS']) {
        if (feature_enabled($channel_id, 'photo_location')) {
            $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
            $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
        }
    }
    $item_flags = ITEM_WALL | ITEM_ORIGIN | ITEM_THREAD_TOP;
    $item_restrict = $visible ? ITEM_VISIBLE : ITEM_HIDDEN;
    $title = '';
    $mid = item_message_id();
    $arr = array();
    if ($lat && $lon) {
        $arr['coord'] = $lat . ' ' . $lon;
    }
    $arr['aid'] = $account_id;
    $arr['uid'] = $channel_id;
    $arr['mid'] = $mid;
    $arr['parent_mid'] = $mid;
    $arr['item_flags'] = $item_flags;
    $arr['item_restrict'] = $item_restrict;
    $arr['resource_type'] = 'photo';
    $arr['resource_id'] = $photo_hash;
    $arr['owner_xchan'] = $channel['channel_hash'];
    $arr['author_xchan'] = $observer['xchan_hash'];
    $arr['title'] = $title;
    $arr['allow_cid'] = $str_contact_allow;
    $arr['allow_gid'] = $str_group_allow;
    $arr['deny_cid'] = $str_contact_deny;
    $arr['deny_gid'] = $str_group_deny;
    $arr['verb'] = ACTIVITY_POST;
    $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
    // We should also put a width_x_height on large photos. Left as an exercise for
    // devs looking fo simple stuff to fix.
    $larger = feature_enabled($channel['channel_id'], 'large_photos');
    if ($larger) {
        $tag = '[zmg]';
        if ($r2) {
            $smallest = 1;
        } else {
            $smallest = 0;
        }
    } else {
        if ($width_x_height) {
            $tag = '[zmg=' . $width_x_height . ']';
        } else {
            $tag = '[zmg]';
        }
    }
    $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
    $result = item_store($arr);
    $item_id = $result['item_id'];
    if ($visible) {
        proc_run('php', "include/notifier.php", 'wall-new', $item_id);
    }
    $ret['success'] = true;
    $ret['item'] = $arr;
    $ret['body'] = $arr['body'];
    $ret['resource_id'] = $photo_hash;
    $ret['photoitem_id'] = $item_id;
    call_hooks('photo_upload_end', $ret);
    return $ret;
}
Ejemplo n.º 16
0
function poller_run($argv, $argc)
{
    cli_startup();
    $a = get_app();
    $maxsysload = intval(get_config('system', 'maxloadavg'));
    if ($maxsysload < 1) {
        $maxsysload = 50;
    }
    if (function_exists('sys_getloadavg')) {
        $load = sys_getloadavg();
        if (intval($load[0]) > $maxsysload) {
            logger('system: load ' . $load . ' too high. Poller deferred to next scheduled run.');
            return;
        }
    }
    $interval = intval(get_config('system', 'poll_interval'));
    if (!$interval) {
        $interval = get_config('system', 'delivery_interval') === false ? 3 : intval(get_config('system', 'delivery_interval'));
    }
    // Check for a lockfile.  If it exists, but is over an hour old, it's stale.  Ignore it.
    $lockfile = 'store/[data]/poller';
    if (file_exists($lockfile) && filemtime($lockfile) > time() - 3600 && !get_config('system', 'override_poll_lockfile')) {
        logger("poller: Already running");
        return;
    }
    // Create a lockfile.  Needs two vars, but $x doesn't need to contain anything.
    file_put_contents($lockfile, $x);
    logger('poller: start');
    // run queue delivery process in the background
    proc_run('php', "include/queue.php");
    // maintenance for mod sharedwithme - check for updated items and remove them
    require_once 'include/sharedwithme.php';
    apply_updates();
    // expire any expired mail
    q("delete from mail where expires != '%s' and expires < %s ", dbesc(NULL_DATE), db_utcnow());
    // expire any expired items
    $r = q("select id from item where expires != '%s' and expires < %s \n\t\tand item_deleted = 0 ", dbesc(NULL_DATE), db_utcnow());
    if ($r) {
        require_once 'include/items.php';
        foreach ($r as $rr) {
            drop_item($rr['id'], false);
        }
    }
    // Ensure that every channel pings a directory server once a month. This way we can discover
    // channels and sites that quietly vanished and prevent the directory from accumulating stale
    // or dead entries.
    $r = q("select channel_id from channel where channel_dirdate < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY'));
    if ($r) {
        foreach ($r as $rr) {
            proc_run('php', 'include/directory.php', $rr['channel_id'], 'force');
            if ($interval) {
                @time_sleep_until(microtime(true) + (double) $interval);
            }
        }
    }
    // publish any applicable items that were set to be published in the future
    // (time travel posts). Restrict to items that have come of age in the last
    // couple of days to limit the query to something reasonable.
    $r = q("select id from item where item_delayed = 1 and created <= %s  and created > '%s' ", db_utcnow(), dbesc(datetime_convert('UTC', 'UTC', 'now - 2 days')));
    if ($r) {
        foreach ($r as $rr) {
            $x = q("update item set item_delayed = 0 where id = %d", intval($rr['id']));
            if ($x) {
                proc_run('php', 'include/notifier.php', 'wall-new', $rr['id']);
            }
        }
    }
    $abandon_days = intval(get_config('system', 'account_abandon_days'));
    if ($abandon_days < 1) {
        $abandon_days = 0;
    }
    // once daily run birthday_updates and then expire in background
    // FIXME: add birthday updates, both locally and for xprof for use
    // by directory servers
    $d1 = intval(get_config('system', 'last_expire_day'));
    $d2 = intval(datetime_convert('UTC', 'UTC', 'now', 'd'));
    // Allow somebody to staggger daily activities if they have more than one site on their server,
    // or if it happens at an inconvenient (busy) hour.
    $h1 = intval(get_config('system', 'cron_hour'));
    $h2 = intval(datetime_convert('UTC', 'UTC', 'now', 'G'));
    $dirmode = get_config('system', 'directory_mode');
    /**
     * Cron Daily
     *
     * Actions in the following block are executed once per day, not on every poller run
     *
     */
    if ($d2 != $d1 && $h1 == $h2) {
        require_once 'include/dir_fns.php';
        check_upstream_directory();
        call_hooks('cron_daily', datetime_convert());
        $d3 = intval(datetime_convert('UTC', 'UTC', 'now', 'N'));
        if ($d3 == 7) {
            /**
             * Cron Weekly
             * 
             * Actions in the following block are executed once per day only on Sunday (once per week).
             *
             */
            call_hooks('cron_weekly', datetime_convert());
            z_check_cert();
            require_once 'include/hubloc.php';
            prune_hub_reinstalls();
            require_once 'include/Contact.php';
            mark_orphan_hubsxchans();
            // get rid of really old poco records
            q("delete from xlink where xlink_updated < %s - INTERVAL %s and xlink_static = 0 ", db_utcnow(), db_quoteinterval('14 DAY'));
            $dirmode = intval(get_config('system', 'directory_mode'));
            if ($dirmode === DIRECTORY_MODE_SECONDARY || $dirmode === DIRECTORY_MODE_PRIMARY) {
                logger('regdir: ' . print_r(z_fetch_url(get_directory_primary() . '/regdir?f=&url=' . urlencode(z_root()) . '&realm=' . urlencode(get_directory_realm())), true));
            }
            // Check for dead sites
            proc_run('php', 'include/checksites.php');
            // update searchable doc indexes
            proc_run('php', 'include/importdoc.php');
            /**
             * End Cron Weekly
             */
        }
        update_birthdays();
        //update statistics in config
        require_once 'include/statistics_fns.php';
        update_channels_total_stat();
        update_channels_active_halfyear_stat();
        update_channels_active_monthly_stat();
        update_local_posts_stat();
        // expire any read notifications over a month old
        q("delete from notify where seen = 1 and date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('30 DAY'));
        // expire old delivery reports
        $keep_reports = intval(get_config('system', 'expire_delivery_reports'));
        if ($keep_reports === 0) {
            $keep_reports = 30;
        }
        q("delete from dreport where dreport_time < %s - INTERVAL %s", db_utcnow(), db_quoteinterval($keep_reports . ' DAY'));
        // expire any expired accounts
        downgrade_accounts();
        // If this is a directory server, request a sync with an upstream
        // directory at least once a day, up to once every poll interval.
        // Pull remote changes and push local changes.
        // potential issue: how do we keep from creating an endless update loop?
        if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
            require_once 'include/dir_fns.php';
            sync_directories($dirmode);
        }
        set_config('system', 'last_expire_day', $d2);
        proc_run('php', 'include/expire.php');
        proc_run('php', 'include/cli_suggest.php');
        require_once 'include/hubloc.php';
        remove_obsolete_hublocs();
        /**
         * End Cron Daily
         */
    }
    // update any photos which didn't get imported properly
    // This should be rare
    $r = q("select xchan_photo_l, xchan_hash from xchan where xchan_photo_l != '' and xchan_photo_m = '' \n\t\tand xchan_photo_date < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('1 DAY'));
    if ($r) {
        require_once 'include/photo/photo_driver.php';
        foreach ($r as $rr) {
            $photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash']);
            $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s'\n\t\t\t\twhere xchan_hash = '%s'", dbesc($photos[0]), dbesc($photos[1]), dbesc($photos[2]), dbesc($photos[3]), dbesc($rr['xchan_hash']));
        }
    }
    // pull in some public posts
    if (!get_config('system', 'disable_discover_tab')) {
        proc_run('php', 'include/externals.php');
    }
    $manual_id = 0;
    $generation = 0;
    $force = false;
    $restart = false;
    if ($argc > 1 && $argv[1] == 'force') {
        $force = true;
    }
    if ($argc > 1 && $argv[1] == 'restart') {
        $restart = true;
        $generation = intval($argv[2]);
        if (!$generation) {
            killme();
        }
    }
    if ($argc > 1 && intval($argv[1])) {
        $manual_id = intval($argv[1]);
        $force = true;
    }
    $sql_extra = $manual_id ? " AND abook_id = " . intval($manual_id) . " " : "";
    reload_plugins();
    $d = datetime_convert();
    // TODO check to see if there are any cronhooks before wasting a process
    if (!$restart) {
        proc_run('php', 'include/cronhooks.php');
    }
    // Only poll from those with suitable relationships
    $abandon_sql = $abandon_days ? sprintf(" AND account_lastlog > %s - INTERVAL %s ", db_utcnow(), db_quoteinterval(intval($abandon_days) . ' DAY')) : '';
    $randfunc = db_getfunc('RAND');
    $contacts = q("SELECT * FROM abook LEFT JOIN xchan on abook_xchan = xchan_hash \n\t\tLEFT JOIN account on abook_account = account_id\n\t\twhere abook_self = 0\n\t\t{$sql_extra} \n\t\tAND (( account_flags = %d ) OR ( account_flags = %d )) {$abandon_sql} ORDER BY {$randfunc}", intval(ACCOUNT_OK), intval(ACCOUNT_UNVERIFIED));
    if ($contacts) {
        foreach ($contacts as $contact) {
            $update = false;
            $t = $contact['abook_updated'];
            $c = $contact['abook_connected'];
            if (intval($contact['abook_feed'])) {
                $min = service_class_fetch($contact['abook_channel'], 'minimum_feedcheck_minutes');
                if (!$min) {
                    $min = intval(get_config('system', 'minimum_feedcheck_minutes'));
                }
                if (!$min) {
                    $min = 60;
                }
                $x = datetime_convert('UTC', 'UTC', "now - {$min} minutes");
                if ($c < $x) {
                    proc_run('php', 'include/onepoll.php', $contact['abook_id']);
                    if ($interval) {
                        @time_sleep_until(microtime(true) + (double) $interval);
                    }
                }
                continue;
            }
            if ($contact['xchan_network'] !== 'zot') {
                continue;
            }
            if ($c == $t) {
                if (datetime_convert('UTC', 'UTC', 'now') > datetime_convert('UTC', 'UTC', $t . " + 1 day")) {
                    $update = true;
                }
            } else {
                // if we've never connected with them, start the mark for death countdown from now
                if ($c == NULL_DATE) {
                    $r = q("update abook set abook_connected = '%s'  where abook_id = %d", dbesc(datetime_convert()), intval($contact['abook_id']));
                    $c = datetime_convert();
                    $update = true;
                }
                // He's dead, Jim
                if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 30 day")) > 0) {
                    $r = q("update abook set abook_archived = 1 where abook_id = %d", intval($contact['abook_id']));
                    $update = false;
                    continue;
                }
                if (intval($contact['abook_archived'])) {
                    $update = false;
                    continue;
                }
                // might be dead, so maybe don't poll quite so often
                // recently deceased, so keep up the regular schedule for 3 days
                if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $c . " + 3 day")) > 0 && strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 1 day")) > 0) {
                    $update = true;
                }
                // After that back off and put them on a morphine drip
                if (strcmp(datetime_convert('UTC', 'UTC', 'now'), datetime_convert('UTC', 'UTC', $t . " + 2 day")) > 0) {
                    $update = true;
                }
            }
            if (intval($contact['abook_pending']) || intval($contact['abook_archived']) || intval($contact['abook_ignored']) || intval($contact['abook_blocked'])) {
                continue;
            }
            if (!$update && !$force) {
                continue;
            }
            proc_run('php', 'include/onepoll.php', $contact['abook_id']);
            if ($interval) {
                @time_sleep_until(microtime(true) + (double) $interval);
            }
        }
    }
    if ($dirmode == DIRECTORY_MODE_SECONDARY || $dirmode == DIRECTORY_MODE_PRIMARY) {
        $r = q("SELECT u.ud_addr, u.ud_id, u.ud_last FROM updates AS u INNER JOIN (SELECT ud_addr, max(ud_id) AS ud_id FROM updates WHERE ( ud_flags & %d ) = 0 AND ud_addr != '' AND ( ud_last = '%s' OR ud_last > %s - INTERVAL %s ) GROUP BY ud_addr) AS s ON s.ud_id = u.ud_id ", intval(UPDATE_FLAGS_UPDATED), dbesc(NULL_DATE), db_utcnow(), db_quoteinterval('7 DAY'));
        if ($r) {
            foreach ($r as $rr) {
                // If they didn't respond when we attempted before, back off to once a day
                // After 7 days we won't bother anymore
                if ($rr['ud_last'] != NULL_DATE) {
                    if ($rr['ud_last'] > datetime_convert('UTC', 'UTC', 'now - 1 day')) {
                        continue;
                    }
                }
                proc_run('php', 'include/onedirsync.php', $rr['ud_id']);
                if ($interval) {
                    @time_sleep_until(microtime(true) + (double) $interval);
                }
            }
        }
    }
    set_config('system', 'lastpoll', datetime_convert());
    //All done - clear the lockfile
    @unlink($lockfile);
    return;
}
Ejemplo n.º 17
0
 /**
  * @brief Updates the data of the file.
  *
  * @param resource $data
  * @return void
  */
 public function put($data)
 {
     logger('put file: ' . basename($this->name), LOGGER_DEBUG);
     $size = 0;
     // @todo only 3 values are needed
     $c = q("SELECT * FROM channel WHERE channel_id = %d AND (channel_pageflags & %d) = 0 LIMIT 1", intval($this->auth->owner_id), intval(PAGE_REMOVED));
     $r = q("SELECT flags, folder, data FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($r) {
         if ($r[0]['flags'] & ATTACH_FLAG_OS) {
             $fname = dbunescbin($r[0]['data']);
             $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
             // @todo check return value and set $size directly
             @file_put_contents($f, $data);
             $size = @filesize($f);
             logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
         } else {
             $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
             $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
             if ($r) {
                 $size = $r[0]['fsize'];
             }
         }
     }
     // returns now()
     $edited = datetime_convert();
     $d = q("UPDATE attach SET filesize = '%s', edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
     // update the folder's lastmodified timestamp
     $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
     // @todo do we really want to remove the whole file if an update fails
     // because of maxfilesize or quota?
     // There is an Exception "InsufficientStorage" or "PaymentRequired" for
     // our service class from SabreDAV we could use.
     $maxfilesize = get_config('system', 'maxfilesize');
     if ($maxfilesize && $size > $maxfilesize) {
         attach_delete($c[0]['channel_id'], $this->data['hash']);
         return;
     }
     $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
     if ($limit !== false) {
         $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
         if ($x && $x[0]['total'] + $size > $limit) {
             logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
             attach_delete($c[0]['channel_id'], $this->data['hash']);
             return;
         }
     }
 }
Ejemplo n.º 18
0
 /**
  * @brief Creates a form to add new folders and upload files.
  *
  * @param \Sabre\DAV\INode $node
  * @param string &$output
  */
 public function htmlActionsPanel(DAV\INode $node, &$output, $path)
 {
     if (!$node instanceof DAV\ICollection) {
         return;
     }
     // We also know fairly certain that if an object is a non-extended
     // SimpleCollection, we won't need to show the panel either.
     if (get_class($node) === 'Sabre\\DAV\\SimpleCollection') {
         return;
     }
     require_once 'include/acl_selectors.php';
     $aclselect = null;
     $lockstate = '';
     if ($this->auth->owner_id) {
         $channel = channelx_by_n($this->auth->owner_id);
         if ($channel) {
             $acl = new \Zotlabs\Access\AccessList($channel);
             $channel_acl = $acl->get();
             $lockstate = $acl->is_private() ? 'lock' : 'unlock';
             $aclselect = local_channel() == $this->auth->owner_id ? populate_acl($channel_acl, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_storage')) : '';
         }
     }
     // Storage and quota for the account (all channels of the owner of this directory)!
     $limit = engr_units_to_bytes(service_class_fetch($owner, 'attach_upload_limit'));
     $r = q("SELECT SUM(filesize) AS total FROM attach WHERE aid = %d", intval($this->auth->channel_account_id));
     $used = $r[0]['total'];
     if ($used) {
         $quotaDesc = t('You are using %1$s of your available file storage.');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used));
     }
     if ($limit && $used) {
         $quotaDesc = t('You are using %1$s of %2$s available file storage. (%3$s&#37;)');
         $quotaDesc = sprintf($quotaDesc, userReadableSize($used), userReadableSize($limit), round($used / $limit, 1) * 100);
     }
     // prepare quota for template
     $quota = array();
     $quota['used'] = $used;
     $quota['limit'] = $limit;
     $quota['desc'] = $quotaDesc;
     $quota['warning'] = $limit && round($used / $limit, 1) * 100 >= 90 ? t('WARNING:') : '';
     // 10485760 bytes = 100MB
     $path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path), '/');
     $output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array('$folder_header' => t('Create new folder'), '$folder_submit' => t('Create'), '$upload_header' => t('Upload file'), '$upload_submit' => t('Upload'), '$quota' => $quota, '$channick' => $this->auth->owner_nick, '$aclselect' => $aclselect, '$allow_cid' => acl2json($channel_acl['allow_cid']), '$allow_gid' => acl2json($channel_acl['allow_gid']), '$deny_cid' => acl2json($channel_acl['deny_cid']), '$deny_gid' => acl2json($channel_acl['deny_gid']), '$lockstate' => $lockstate, '$return_url' => \App::$cmd, '$path' => $path, '$folder' => find_folder_hash_by_path($this->auth->owner_id, $path), '$dragdroptext' => t('Drop files here to immediately upload')));
 }
Ejemplo n.º 19
0
 /**
  * @brief Updates the data of the file.
  *
  * @param resource $data
  * @return void
  */
 public function put($data)
 {
     logger('put file: ' . basename($this->name), LOGGER_DEBUG);
     $size = 0;
     // @todo only 3 values are needed
     $c = q("SELECT * FROM channel WHERE channel_id = %d AND channel_removed = 0 LIMIT 1", intval($this->auth->owner_id));
     $is_photo = false;
     $album = '';
     $r = q("SELECT flags, folder, os_storage, filename, is_photo FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($r) {
         if (intval($r[0]['os_storage'])) {
             $d = q("select folder, data from attach where hash = '%s' and uid = %d limit 1", dbesc($this->data['hash']), intval($c[0]['channel_id']));
             if ($d) {
                 if ($d[0]['folder']) {
                     $f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", dbesc($d[0]['folder']), intval($c[0]['channel_id']));
                     if ($f1) {
                         $album = $f1[0]['filename'];
                         $direct = $f1[0];
                     }
                 }
                 $fname = dbunescbin($d[0]['data']);
                 $f = 'store/' . $this->auth->owner_nick . '/' . ($fname ? $fname : '');
                 // @todo check return value and set $size directly
                 @file_put_contents($f, $data);
                 $size = @filesize($f);
                 logger('filename: ' . $f . ' size: ' . $size, LOGGER_DEBUG);
             }
             $gis = @getimagesize($f);
             logger('getimagesize: ' . print_r($gis, true), LOGGER_DATA);
             if ($gis && ($gis[2] === IMAGETYPE_GIF || $gis[2] === IMAGETYPE_JPEG || $gis[2] === IMAGETYPE_PNG)) {
                 $is_photo = 1;
             }
         } else {
             // this shouldn't happen any more
             $r = q("UPDATE attach SET data = '%s' WHERE hash = '%s' AND uid = %d", dbescbin(stream_get_contents($data)), dbesc($this->data['hash']), intval($this->data['uid']));
             $r = q("SELECT length(data) AS fsize FROM attach WHERE hash = '%s' AND uid = %d LIMIT 1", dbesc($this->data['hash']), intval($this->data['uid']));
             if ($r) {
                 $size = $r[0]['fsize'];
             }
         }
     }
     // returns now()
     $edited = datetime_convert();
     $d = q("UPDATE attach SET filesize = '%s', is_photo = %d, edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($size), intval($is_photo), dbesc($edited), dbesc($this->data['hash']), intval($c[0]['channel_id']));
     if ($is_photo) {
         require_once 'include/photos.php';
         $args = array('resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct);
         $p = photo_upload($c[0], get_app()->get_observer(), $args);
     }
     // update the folder's lastmodified timestamp
     $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", dbesc($edited), dbesc($r[0]['folder']), intval($c[0]['channel_id']));
     // @todo do we really want to remove the whole file if an update fails
     // because of maxfilesize or quota?
     // There is an Exception "InsufficientStorage" or "PaymentRequired" for
     // our service class from SabreDAV we could use.
     $maxfilesize = get_config('system', 'maxfilesize');
     if ($maxfilesize && $size > $maxfilesize) {
         attach_delete($c[0]['channel_id'], $this->data['hash']);
         return;
     }
     $limit = service_class_fetch($c[0]['channel_id'], 'attach_upload_limit');
     if ($limit !== false) {
         $x = q("select sum(filesize) as total from attach where aid = %d ", intval($c[0]['channel_account_id']));
         if ($x && $x[0]['total'] + $size > $limit) {
             logger('service class limit exceeded for ' . $c[0]['channel_name'] . ' total usage is ' . $x[0]['total'] . ' limit is ' . $limit);
             attach_delete($c[0]['channel_id'], $this->data['hash']);
             return;
         }
     }
 }
Ejemplo n.º 20
0
function wall_upload_post(&$a)
{
    logger("wall upload: starting new upload", LOGGER_DEBUG);
    if ($a->argc > 1) {
        if (!x($_FILES, 'media')) {
            $nick = $a->argv[1];
            $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
            if (!count($r)) {
                return;
            }
        } else {
            $user_info = api_get_user($a);
            $r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
        }
    } else {
        return;
    }
    $can_post = false;
    $visitor = 0;
    $page_owner_uid = $r[0]['uid'];
    $default_cid = $r[0]['id'];
    $page_owner_nick = $r[0]['nickname'];
    $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
    if (local_user() && local_user() == $page_owner_uid) {
        $can_post = true;
    } else {
        if ($community_page && remote_user()) {
            $cid = 0;
            if (is_array($_SESSION['remote'])) {
                foreach ($_SESSION['remote'] as $v) {
                    if ($v['uid'] == $page_owner_uid) {
                        $cid = $v['cid'];
                        break;
                    }
                }
            }
            if ($cid) {
                $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
                if (count($r)) {
                    $can_post = true;
                    $visitor = $cid;
                }
            }
        }
    }
    if (!$can_post) {
        notice(t('Permission denied.') . EOL);
        killme();
    }
    if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
        killme();
    }
    if (x($_FILES, 'userfile')) {
        $src = $_FILES['userfile']['tmp_name'];
        $filename = basename($_FILES['userfile']['name']);
        $filesize = intval($_FILES['userfile']['size']);
        $filetype = $_FILES['userfile']['type'];
    } elseif (x($_FILES, 'media')) {
        $src = $_FILES['media']['tmp_name'];
        $filename = basename($_FILES['media']['name']);
        $filesize = intval($_FILES['media']['size']);
        $filetype = $_FILES['media']['type'];
    }
    if ($filetype == "") {
        $filetype = guess_image_type($filename);
    }
    $maximagesize = get_config('system', 'maximagesize');
    if ($maximagesize && $filesize > $maximagesize) {
        echo sprintf(t('Image exceeds size limit of %d'), $maximagesize) . EOL;
        @unlink($src);
        killme();
    }
    $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
    $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
    if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        echo upgrade_message(true) . EOL;
        @unlink($src);
        killme();
    }
    $imagedata = @file_get_contents($src);
    $ph = new Photo($imagedata, $filetype);
    if (!$ph->is_valid()) {
        echo t('Unable to process image.') . EOL;
        @unlink($src);
        killme();
    }
    $ph->orient($src);
    @unlink($src);
    $max_length = get_config('system', 'max_image_length');
    if (!$max_length) {
        $max_length = MAX_IMAGE_LENGTH;
    }
    if ($max_length > 0) {
        $ph->scaleImage($max_length);
    }
    $width = $ph->getWidth();
    $height = $ph->getHeight();
    $hash = photo_new_resource();
    $smallest = 0;
    $defperm = '<' . $default_cid . '>';
    $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
    if (!$r) {
        echo t('Image upload failed.') . EOL;
        killme();
    }
    if ($width > 640 || $height > 640) {
        $ph->scaleImage(640);
        $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
        if ($r) {
            $smallest = 1;
        }
    }
    if ($width > 320 || $height > 320) {
        $ph->scaleImage(320);
        $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
        if ($r) {
            $smallest = 2;
        }
    }
    $basename = basename($filename);
    /* mod Waitman Gobble NO WARRANTY */
    //if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
    if ($_REQUEST['hush'] != 'yeah') {
        if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
            echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
        } else {
            echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
        }
    } else {
        $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
        return $m;
    }
    /* mod Waitman Gobble NO WARRANTY */
    killme();
    // NOTREACHED
}
Ejemplo n.º 21
0
Archivo: attach.php Proyecto: Mauru/red
/**
 * @brief 
 *
 * @param $channel channel array of owner
 * @param $observer_hash hash of current observer
 * @param $options (optional)
 * @param $arr (optional)
 */
function attach_store($channel, $observer_hash, $options = '', $arr = null)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $sql_options = '';
    if (!perm_is_allowed($channel_id, get_observer_hash(), 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    // The 'update' option sets db values without uploading a new attachment
    // 'replace' replaces the existing uploaded data
    // 'revision' creates a new revision with new upload data
    // Default is to upload a new file
    // revise or update must provide $arr['hash'] of the thing to revise/update
    if ($options !== 'update') {
        if (!x($_FILES, 'userfile')) {
            $ret['message'] = t('No source file.');
            return $ret;
        }
        $src = $_FILES['userfile']['tmp_name'];
        $filename = basename($_FILES['userfile']['name']);
        $filesize = intval($_FILES['userfile']['size']);
    }
    $existing_size = 0;
    if ($options === 'replace') {
        $x = q("select id, hash, filesize from attach where id = %d and uid = %d limit 1", intval($replace), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to replace');
            return $ret;
        }
        $existing_id = $x[0]['id'];
        $existing_size = intval($x[0]['filesize']);
        $hash = $x[0]['hash'];
    }
    if ($options === 'revise' || $options === 'update') {
        $sql_options = " order by revision desc ";
        if ($options === 'update' && $arr && array_key_exists('revision', $arr)) {
            $sql_options = " and revision = " . intval($arr['revision']) . " ";
        }
        $x = q("select id, aid, uid, filename, filetype, filesize, hash, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where hash = '%s' and uid = %d {$sql_options} limit 1", dbesc($arr['hash']), intval($channel_id));
        if (!$x) {
            $ret['message'] = t('Cannot locate file to revise/update');
            return $ret;
        }
        $hash = $x[0]['hash'];
    }
    // Check storage limits
    if ($options !== 'update') {
        $maxfilesize = get_config('system', 'maxfilesize');
        if ($maxfilesize && $filesize > $maxfilesize) {
            $ret['message'] = sprintf(t('File exceeds size limit of %d'), $maxfilesize);
            @unlink($src);
            return $ret;
        }
        $limit = service_class_fetch($channel_id, 'attach_upload_limit');
        if ($limit !== false) {
            $r = q("select sum(filesize) as total from attach where aid = %d ", intval($channel['channel_account_id']));
            if ($r && $r[0]['total'] + $filesize > $limit - $existing_size) {
                $ret['message'] = upgrade_message(true) . sprintf(t("You have reached your limit of %1\$.0f Mbytes attachment storage."), $limit / 1024000);
                @unlink($src);
                return $ret;
            }
        }
        $mimetype = z_mime_content_type($filename);
    }
    if (!isset($hash)) {
        $hash = random_string();
    }
    $created = datetime_convert();
    if ($options === 'replace') {
        $r = q("update attach set filename = '%s', filetype = '%s', filesize = %d, data = '%s', edited = '%s' where id = %d and uid = %d limit 1", dbesc($filename), dbesc($mimetype), intval($filesize), dbesc(@file_get_contents($src)), dbesc($created), intval($existing_id), intval($channel_id));
    } elseif ($options === 'revise') {
        $r = q("insert into attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($x[0]['aid']), intval($channel_id), dbesc($x[0]['hash']), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval($x[0]['revision'] + 1), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($x[0]['allow_cid']), dbesc($x[0]['allow_gid']), dbesc($x[0]['deny_cid']), dbesc($x[0]['deny_gid']));
    } elseif ($options === 'update') {
        $r = q("update attach set filename = '%s', filetype = '%s', edited = '%s', \n\t\t\tallow_cid = '%s', allow_gid = '%s', deny_cid = '%s', deny_gid  = '%s' where id = %d and uid = %d limit 1", dbesc(array_key_exists('filename', $arr) ? $arr['filename'] : $x[0]['filename']), dbesc(array_key_exists('filetype', $arr) ? $arr['filetype'] : $x[0]['filetype']), dbesc($created), dbesc(array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : $x[0]['allow_cid']), dbesc(array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : $x[0]['allow_gid']), dbesc(array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : $x[0]['deny_cid']), dbesc(array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : $x[0]['deny_gid']), intval($x[0]['id']), intval($x[0]['uid']));
    } else {
        $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, filetype, filesize, revision, data, created, edited, allow_cid, allow_gid,deny_cid, deny_gid )\n\t\t\tVALUES ( %d, %d, '%s', '%s', '%s', '%s', %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel_id), dbesc($hash), dbesc(get_observer_hash()), dbesc($filename), dbesc($mimetype), intval($filesize), intval(0), dbesc(@file_get_contents($src)), dbesc($created), dbesc($created), dbesc($arr && array_key_exists('allow_cid', $arr) ? $arr['allow_cid'] : '<' . $channel['channel_hash'] . '>'), dbesc($arr && array_key_exists('allow_gid', $arr) ? $arr['allow_gid'] : ''), dbesc($arr && array_key_exists('deny_cid', $arr) ? $arr['deny_cid'] : ''), dbesc($arr && array_key_exists('deny_gid', $arr) ? $arr['deny_gid'] : ''));
    }
    if ($options !== 'update') {
        @unlink($src);
    }
    if (!$r) {
        $ret['message'] = t('File upload failed. Possible system limit or action terminated.');
        return $ret;
    }
    // Caution: This re-uses $sql_options set further above
    $r = q("select id, aid, uid, hash, creator, filename, filetype, filesize, revision, folder, flags, created, edited, allow_cid, allow_gid, deny_cid, deny_gid from attach where uid = %d and hash = '%s' {$sql_options} limit 1", intval($channel_id), dbesc($hash));
    if (!$r) {
        $ret['message'] = t('Stored file could not be verified. Upload failed.');
        return $ret;
    }
    $ret['success'] = true;
    $ret['data'] = $r[0];
    return $ret;
}
Ejemplo n.º 22
0
 public static function run($argc, $argv)
 {
     cli_startup();
     // perform final cleanup on previously delete items
     $r = q("select id from item where item_deleted = 1 and item_pending_remove = 0 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('10 DAY'));
     if ($r) {
         foreach ($r as $rr) {
             drop_item($rr['id'], false, DROPITEM_PHASE2);
         }
     }
     // physically remove anything that has been deleted for more than two months
     /** @FIXME - this is a wretchedly inefficient query */
     $r = q("delete from item where item_pending_remove = 1 and changed < %s - INTERVAL %s", db_utcnow(), db_quoteinterval('36 DAY'));
     /** @FIXME make this optional as it could have a performance impact on large sites */
     if (intval(get_config('system', 'optimize_items'))) {
         q("optimize table item");
     }
     logger('expire: start', LOGGER_DEBUG);
     $site_expire = get_config('system', 'default_expire_days');
     logger('site_expire: ' . $site_expire);
     $r = q("SELECT channel_id, channel_system, channel_address, channel_expire_days from channel where true");
     if ($r) {
         foreach ($r as $rr) {
             // expire the sys channel separately
             if (intval($rr['channel_system'])) {
                 continue;
             }
             // service class default (if non-zero) over-rides the site default
             $service_class_expire = service_class_fetch($rr['channel_id'], 'expire_days');
             if (intval($service_class_expire)) {
                 $channel_expire = $service_class_expire;
             } else {
                 $channel_expire = $site_expire;
             }
             if (intval($channel_expire) && intval($channel_expire) < intval($rr['channel_expire_days']) || intval($rr['channel_expire_days'] == 0)) {
                 $expire_days = $channel_expire;
             } else {
                 $expire_days = $rr['channel_expire_days'];
             }
             // if the site or service class expiration is non-zero and less than person expiration, use that
             logger('Expire: ' . $rr['channel_address'] . ' interval: ' . $expire_days, LOGGER_DEBUG);
             item_expire($rr['channel_id'], $expire_days);
         }
     }
     $x = get_sys_channel();
     if ($x) {
         // this should probably just fetch the channel_expire_days from the sys channel,
         // but there's no convenient way to set it.
         $expire_days = get_config('system', 'sys_expire_days');
         if ($expire_days === false) {
             $expire_days = 30;
         }
         if (intval($site_expire) && intval($site_expire) < intval($expire_days)) {
             $expire_days = $site_expire;
         }
         logger('Expire: sys interval: ' . $expire_days, LOGGER_DEBUG);
         if ($expire_days) {
             item_expire($x['channel_id'], $expire_days);
         }
         logger('Expire: sys: done', LOGGER_DEBUG);
     }
 }
Ejemplo n.º 23
0
function item_check_service_class($channel_id, $iswebpage)
{
    $ret = array('success' => false, 'message' => '');
    if ($iswebpage) {
        // note: we aren't counting comanche templates and blocks, only webpages
        $r = q("select count(id) as total from item where parent = id \n\t\t\tand ( item_restrict & %d ) > 0 and ( item_restrict & %d ) = 0 and uid = %d ", intval(ITEM_WEBPAGE), intval(ITEM_DELETED), intval($channel_id));
    } else {
        $r = q("select count(id) as total from item where parent = id and item_restrict = 0 and (item_flags & %d) > 0 and uid = %d ", intval(ITEM_WALL), intval($channel_id));
    }
    if (!$r) {
        $ret['message'] = t('Unable to obtain post information from database.');
        return $ret;
    }
    if (!$iswebpage) {
        $max = service_class_fetch($channel_id, 'total_items');
        if (!service_class_allows($channel_id, 'total_items', $r[0]['total'])) {
            $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f top level posts.'), $max);
            return $result;
        }
    } else {
        $max = service_class_fetch($channel_id, 'total_pages');
        if (!service_class_allows($channel_id, 'total_pages', $r[0]['total'])) {
            $result['message'] .= upgrade_message() . sprintf(t('You have reached your limit of %1$.0f webpages.'), $max);
            return $result;
        }
    }
    $ret['success'] = true;
    return $ret;
}
Ejemplo n.º 24
0
 function post()
 {
     if (!local_channel()) {
         return;
     }
     if ($_SESSION['delegate']) {
         return;
     }
     $channel = \App::get_channel();
     logger('mod_settings: ' . print_r($_REQUEST, true));
     if (argc() > 1 && argv(1) === 'oauth' && x($_POST, 'remove')) {
         check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
         $key = $_POST['remove'];
         q("DELETE FROM tokens WHERE id='%s' AND uid=%d", dbesc($key), local_channel());
         goaway(z_root() . "/settings/oauth/");
         return;
     }
     if (argc() > 2 && argv(1) === 'oauth' && (argv(2) === 'edit' || argv(2) === 'add') && x($_POST, 'submit')) {
         check_form_security_token_redirectOnErr('/settings/oauth', 'settings_oauth');
         $name = x($_POST, 'name') ? $_POST['name'] : '';
         $key = x($_POST, 'key') ? $_POST['key'] : '';
         $secret = x($_POST, 'secret') ? $_POST['secret'] : '';
         $redirect = x($_POST, 'redirect') ? $_POST['redirect'] : '';
         $icon = x($_POST, 'icon') ? $_POST['icon'] : '';
         $ok = true;
         if ($name == '') {
             $ok = false;
             notice(t('Name is required') . EOL);
         }
         if ($key == '' || $secret == '') {
             $ok = false;
             notice(t('Key and Secret are required') . EOL);
         }
         if ($ok) {
             if ($_POST['submit'] == t("Update")) {
                 $r = q("UPDATE clients SET\n\t\t\t\t\t\t\t\tclient_id='%s',\n\t\t\t\t\t\t\t\tpw='%s',\n\t\t\t\t\t\t\t\tclname='%s',\n\t\t\t\t\t\t\t\tredirect_uri='%s',\n\t\t\t\t\t\t\t\ticon='%s',\n\t\t\t\t\t\t\t\tuid=%d\n\t\t\t\t\t\t\tWHERE client_id='%s'", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()), dbesc($key));
             } else {
                 $r = q("INSERT INTO clients (client_id, pw, clname, redirect_uri, icon, uid)\n\t\t\t\t\t\tVALUES ('%s','%s','%s','%s','%s',%d)", dbesc($key), dbesc($secret), dbesc($name), dbesc($redirect), dbesc($icon), intval(local_channel()));
                 $r = q("INSERT INTO xperm (xp_client, xp_channel, xp_perm) VALUES ('%s', %d, '%s') ", dbesc($key), intval(local_channel()), dbesc('all'));
             }
         }
         goaway(z_root() . "/settings/oauth/");
         return;
     }
     if (argc() > 1 && argv(1) == 'featured') {
         check_form_security_token_redirectOnErr('/settings/featured', 'settings_featured');
         call_hooks('feature_settings_post', $_POST);
         build_sync_packet();
         return;
     }
     if (argc() > 1 && argv(1) == 'tokens') {
         check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
         $token_errs = 0;
         if (array_key_exists('token', $_POST)) {
             $atoken_id = $_POST['atoken_id'] ? intval($_POST['atoken_id']) : 0;
             $name = trim(escape_tags($_POST['name']));
             $token = trim($_POST['token']);
             if (!$name || !$token) {
                 $token_errs++;
             }
             if (trim($_POST['expires'])) {
                 $expires = datetime_convert(date_default_timezone_get(), 'UTC', $_POST['expires']);
             } else {
                 $expires = NULL_DATE;
             }
             $max_atokens = service_class_fetch(local_channel(), 'access_tokens');
             if ($max_atokens) {
                 $r = q("select count(atoken_id) as total where atoken_uid = %d", intval(local_channel()));
                 if ($r && intval($r[0]['total']) >= $max_tokens) {
                     notice(sprintf(t('This channel is limited to %d tokens'), $max_tokens) . EOL);
                     return;
                 }
             }
         }
         if ($token_errs) {
             notice(t('Name and Password are required.') . EOL);
             return;
         }
         if ($atoken_id) {
             $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' \n\t\t\t\t\twhere atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), dbesc($expires), intval($atoken_id), intval($channel['channel_id']));
         } else {
             $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )\n\t\t\t\t\tvalues ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), dbesc($name), dbesc($token), dbesc($expires));
         }
         info(t('Token saved.') . EOL);
         return;
     }
     if (argc() > 1 && argv(1) === 'features') {
         check_form_security_token_redirectOnErr('/settings/features', 'settings_features');
         // Build list of features and check which are set
         $features = get_features();
         $all_features = array();
         foreach ($features as $k => $v) {
             foreach ($v as $f) {
                 $all_features[] = $f[0];
             }
         }
         foreach ($all_features as $k) {
             if (x($_POST, "feature_{$k}")) {
                 set_pconfig(local_channel(), 'feature', $k, 1);
             } else {
                 set_pconfig(local_channel(), 'feature', $k, 0);
             }
         }
         build_sync_packet();
         return;
     }
     if (argc() > 1 && argv(1) == 'display') {
         check_form_security_token_redirectOnErr('/settings/display', 'settings_display');
         $theme = x($_POST, 'theme') ? notags(trim($_POST['theme'])) : \App::$channel['channel_theme'];
         $mobile_theme = x($_POST, 'mobile_theme') ? notags(trim($_POST['mobile_theme'])) : '';
         $preload_images = x($_POST, 'preload_images') ? intval($_POST['preload_images']) : 0;
         $user_scalable = x($_POST, 'user_scalable') ? intval($_POST['user_scalable']) : 0;
         $nosmile = x($_POST, 'nosmile') ? intval($_POST['nosmile']) : 0;
         $title_tosource = x($_POST, 'title_tosource') ? intval($_POST['title_tosource']) : 0;
         $channel_list_mode = x($_POST, 'channel_list_mode') ? intval($_POST['channel_list_mode']) : 0;
         $network_list_mode = x($_POST, 'network_list_mode') ? intval($_POST['network_list_mode']) : 0;
         $channel_divmore_height = x($_POST, 'channel_divmore_height') ? intval($_POST['channel_divmore_height']) : 400;
         if ($channel_divmore_height < 50) {
             $channel_divmore_height = 50;
         }
         $network_divmore_height = x($_POST, 'network_divmore_height') ? intval($_POST['network_divmore_height']) : 400;
         if ($network_divmore_height < 50) {
             $network_divmore_height = 50;
         }
         $browser_update = x($_POST, 'browser_update') ? intval($_POST['browser_update']) : 0;
         $browser_update = $browser_update * 1000;
         if ($browser_update < 10000) {
             $browser_update = 10000;
         }
         $itemspage = x($_POST, 'itemspage') ? intval($_POST['itemspage']) : 20;
         if ($itemspage > 100) {
             $itemspage = 100;
         }
         if ($mobile_theme == "---") {
             del_pconfig(local_channel(), 'system', 'mobile_theme');
         } else {
             set_pconfig(local_channel(), 'system', 'mobile_theme', $mobile_theme);
         }
         set_pconfig(local_channel(), 'system', 'preload_images', $preload_images);
         set_pconfig(local_channel(), 'system', 'user_scalable', $user_scalable);
         set_pconfig(local_channel(), 'system', 'update_interval', $browser_update);
         set_pconfig(local_channel(), 'system', 'itemspage', $itemspage);
         set_pconfig(local_channel(), 'system', 'no_smilies', 1 - intval($nosmile));
         set_pconfig(local_channel(), 'system', 'title_tosource', $title_tosource);
         set_pconfig(local_channel(), 'system', 'channel_list_mode', $channel_list_mode);
         set_pconfig(local_channel(), 'system', 'network_list_mode', $network_list_mode);
         set_pconfig(local_channel(), 'system', 'channel_divmore_height', $channel_divmore_height);
         set_pconfig(local_channel(), 'system', 'network_divmore_height', $network_divmore_height);
         if ($theme == \App::$channel['channel_theme']) {
             // call theme_post only if theme has not been changed
             if (($themeconfigfile = $this->get_theme_config_file($theme)) != null) {
                 require_once $themeconfigfile;
                 theme_post($a);
             }
         }
         $r = q("UPDATE channel SET channel_theme = '%s' WHERE channel_id = %d", dbesc($theme), intval(local_channel()));
         call_hooks('display_settings_post', $_POST);
         build_sync_packet();
         goaway(z_root() . '/settings/display');
         return;
         // NOTREACHED
     }
     if (argc() > 1 && argv(1) === 'account') {
         check_form_security_token_redirectOnErr('/settings/account', 'settings_account');
         call_hooks('account_settings_post', $_POST);
         //		call_hooks('settings_account', $_POST);
         $errs = array();
         $email = x($_POST, 'email') ? trim(notags($_POST['email'])) : '';
         $account = \App::get_account();
         if ($email != $account['account_email']) {
             if (!valid_email($email)) {
                 $errs[] = t('Not valid email.');
             }
             $adm = trim(get_config('system', 'admin_email'));
             if ($adm && strcasecmp($email, $adm) == 0) {
                 $errs[] = t('Protected email address. Cannot change to that email.');
                 $email = \App::$user['email'];
             }
             if (!$errs) {
                 $r = q("update account set account_email = '%s' where account_id = %d", dbesc($email), intval($account['account_id']));
                 if (!$r) {
                     $errs[] = t('System failure storing new email. Please try again.');
                 }
             }
         }
         if ($errs) {
             foreach ($errs as $err) {
                 notice($err . EOL);
             }
             $errs = array();
         }
         if (x($_POST, 'npassword') || x($_POST, 'confirm')) {
             $origpass = trim($_POST['origpass']);
             require_once 'include/auth.php';
             if (!account_verify_password($email, $origpass)) {
                 $errs[] = t('Password verification failed.');
             }
             $newpass = trim($_POST['npassword']);
             $confirm = trim($_POST['confirm']);
             if ($newpass != $confirm) {
                 $errs[] = t('Passwords do not match. Password unchanged.');
             }
             if (!x($newpass) || !x($confirm)) {
                 $errs[] = t('Empty passwords are not allowed. Password unchanged.');
             }
             if (!$errs) {
                 $salt = random_string(32);
                 $password_encoded = hash('whirlpool', $salt . $newpass);
                 $r = q("update account set account_salt = '%s', account_password = '******', account_password_changed = '%s' \n\t\t\t\t\t\twhere account_id = %d", dbesc($salt), dbesc($password_encoded), dbesc(datetime_convert()), intval(get_account_id()));
                 if ($r) {
                     info(t('Password changed.') . EOL);
                 } else {
                     $errs[] = t('Password update failed. Please try again.');
                 }
             }
         }
         if ($errs) {
             foreach ($errs as $err) {
                 notice($err . EOL);
             }
         }
         goaway(z_root() . '/settings/account');
     }
     check_form_security_token_redirectOnErr('/settings', 'settings');
     call_hooks('settings_post', $_POST);
     $set_perms = '';
     $role = x($_POST, 'permissions_role') ? notags(trim($_POST['permissions_role'])) : '';
     $oldrole = get_pconfig(local_channel(), 'system', 'permissions_role');
     if ($role != $oldrole || $role === 'custom') {
         if ($role === 'custom') {
             $hide_presence = x($_POST, 'hide_presence') && intval($_POST['hide_presence']) == 1 ? 1 : 0;
             $publish = x($_POST, 'profile_in_directory') && intval($_POST['profile_in_directory']) == 1 ? 1 : 0;
             $def_group = x($_POST, 'group-selection') ? notags(trim($_POST['group-selection'])) : '';
             $r = q("update channel set channel_default_group = '%s' where channel_id = %d", dbesc($def_group), intval(local_channel()));
             $global_perms = get_perms();
             foreach ($global_perms as $k => $v) {
                 $set_perms .= ', ' . $v[0] . ' = ' . intval($_POST[$k]) . ' ';
             }
             $acl = new \Zotlabs\Access\AccessList($channel);
             $acl->set_from_array($_POST);
             $x = $acl->get();
             $r = q("update channel set channel_allow_cid = '%s', channel_allow_gid = '%s', \n\t\t\t\t\tchannel_deny_cid = '%s', channel_deny_gid = '%s' where channel_id = %d", dbesc($x['allow_cid']), dbesc($x['allow_gid']), dbesc($x['deny_cid']), dbesc($x['deny_gid']), intval(local_channel()));
         } else {
             $role_permissions = get_role_perms($_POST['permissions_role']);
             if (!$role_permissions) {
                 notice('Permissions category could not be found.');
                 return;
             }
             $hide_presence = 1 - intval($role_permissions['online']);
             if ($role_permissions['default_collection']) {
                 $r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
                 if (!$r) {
                     require_once 'include/group.php';
                     group_add(local_channel(), t('Friends'));
                     group_add_member(local_channel(), t('Friends'), $channel['channel_hash']);
                     $r = q("select hash from groups where uid = %d and gname = '%s' limit 1", intval(local_channel()), dbesc(t('Friends')));
                 }
                 if ($r) {
                     q("update channel set channel_default_group = '%s', channel_allow_gid = '%s', channel_allow_cid = '', channel_deny_gid = '', channel_deny_cid = '' where channel_id = %d", dbesc($r[0]['hash']), dbesc('<' . $r[0]['hash'] . '>'), intval(local_channel()));
                 } else {
                     notice(sprintf('Default privacy group \'%s\' not found. Please create and re-submit permission change.', t('Friends')) . EOL);
                     return;
                 }
             } else {
                 q("update channel set channel_default_group = '', channel_allow_gid = '', channel_allow_cid = '', channel_deny_gid = '', \n\t\t\t\t\t\tchannel_deny_cid = '' where channel_id = %d", intval(local_channel()));
             }
             $r = q("update abook set abook_my_perms  = %d where abook_channel = %d and abook_self = 1", intval(array_key_exists('perms_accept', $role_permissions) ? $role_permissions['perms_accept'] : 0), intval(local_channel()));
             set_pconfig(local_channel(), 'system', 'autoperms', $role_permissions['perms_auto'] ? intval($role_permissions['perms_accept']) : 0);
             foreach ($role_permissions as $p => $v) {
                 if (strpos($p, 'channel_') !== false) {
                     $set_perms .= ', ' . $p . ' = ' . intval($v) . ' ';
                 }
                 if ($p === 'directory_publish') {
                     $publish = intval($v);
                 }
             }
         }
         set_pconfig(local_channel(), 'system', 'hide_online_status', $hide_presence);
         set_pconfig(local_channel(), 'system', 'permissions_role', $role);
     }
     $username = x($_POST, 'username') ? notags(trim($_POST['username'])) : '';
     $timezone = x($_POST, 'timezone_select') ? notags(trim($_POST['timezone_select'])) : '';
     $defloc = x($_POST, 'defloc') ? notags(trim($_POST['defloc'])) : '';
     $openid = x($_POST, 'openid_url') ? notags(trim($_POST['openid_url'])) : '';
     $maxreq = x($_POST, 'maxreq') ? intval($_POST['maxreq']) : 0;
     $expire = x($_POST, 'expire') ? intval($_POST['expire']) : 0;
     $evdays = x($_POST, 'evdays') ? intval($_POST['evdays']) : 3;
     $photo_path = x($_POST, 'photo_path') ? escape_tags(trim($_POST['photo_path'])) : '';
     $attach_path = x($_POST, 'attach_path') ? escape_tags(trim($_POST['attach_path'])) : '';
     $channel_menu = x($_POST['channel_menu']) ? htmlspecialchars_decode(trim($_POST['channel_menu']), ENT_QUOTES) : '';
     $expire_items = x($_POST, 'expire_items') ? intval($_POST['expire_items']) : 0;
     $expire_starred = x($_POST, 'expire_starred') ? intval($_POST['expire_starred']) : 0;
     $expire_photos = x($_POST, 'expire_photos') ? intval($_POST['expire_photos']) : 0;
     $expire_network_only = x($_POST, 'expire_network_only') ? intval($_POST['expire_network_only']) : 0;
     $allow_location = x($_POST, 'allow_location') && intval($_POST['allow_location']) == 1 ? 1 : 0;
     $blocktags = x($_POST, 'blocktags') && intval($_POST['blocktags']) == 1 ? 0 : 1;
     // this setting is inverted!
     $unkmail = x($_POST, 'unkmail') && intval($_POST['unkmail']) == 1 ? 1 : 0;
     $cntunkmail = x($_POST, 'cntunkmail') ? intval($_POST['cntunkmail']) : 0;
     $suggestme = x($_POST, 'suggestme') ? intval($_POST['suggestme']) : 0;
     $post_newfriend = $_POST['post_newfriend'] == 1 ? 1 : 0;
     $post_joingroup = $_POST['post_joingroup'] == 1 ? 1 : 0;
     $post_profilechange = $_POST['post_profilechange'] == 1 ? 1 : 0;
     $adult = $_POST['adult'] == 1 ? 1 : 0;
     $cal_first_day = x($_POST, 'first_day') && intval($_POST['first_day']) == 1 ? 1 : 0;
     $channel = \App::get_channel();
     $pageflags = $channel['channel_pageflags'];
     $existing_adult = $pageflags & PAGE_ADULT ? 1 : 0;
     if ($adult != $existing_adult) {
         $pageflags = $pageflags ^ PAGE_ADULT;
     }
     $notify = 0;
     if (x($_POST, 'notify1')) {
         $notify += intval($_POST['notify1']);
     }
     if (x($_POST, 'notify2')) {
         $notify += intval($_POST['notify2']);
     }
     if (x($_POST, 'notify3')) {
         $notify += intval($_POST['notify3']);
     }
     if (x($_POST, 'notify4')) {
         $notify += intval($_POST['notify4']);
     }
     if (x($_POST, 'notify5')) {
         $notify += intval($_POST['notify5']);
     }
     if (x($_POST, 'notify6')) {
         $notify += intval($_POST['notify6']);
     }
     if (x($_POST, 'notify7')) {
         $notify += intval($_POST['notify7']);
     }
     if (x($_POST, 'notify8')) {
         $notify += intval($_POST['notify8']);
     }
     $vnotify = 0;
     if (x($_POST, 'vnotify1')) {
         $vnotify += intval($_POST['vnotify1']);
     }
     if (x($_POST, 'vnotify2')) {
         $vnotify += intval($_POST['vnotify2']);
     }
     if (x($_POST, 'vnotify3')) {
         $vnotify += intval($_POST['vnotify3']);
     }
     if (x($_POST, 'vnotify4')) {
         $vnotify += intval($_POST['vnotify4']);
     }
     if (x($_POST, 'vnotify5')) {
         $vnotify += intval($_POST['vnotify5']);
     }
     if (x($_POST, 'vnotify6')) {
         $vnotify += intval($_POST['vnotify6']);
     }
     if (x($_POST, 'vnotify7')) {
         $vnotify += intval($_POST['vnotify7']);
     }
     if (x($_POST, 'vnotify8')) {
         $vnotify += intval($_POST['vnotify8']);
     }
     if (x($_POST, 'vnotify9')) {
         $vnotify += intval($_POST['vnotify9']);
     }
     if (x($_POST, 'vnotify10')) {
         $vnotify += intval($_POST['vnotify10']);
     }
     if (x($_POST, 'vnotify11')) {
         $vnotify += intval($_POST['vnotify11']);
     }
     $always_show_in_notices = x($_POST, 'always_show_in_notices') ? 1 : 0;
     $channel = \App::get_channel();
     $err = '';
     $name_change = false;
     if ($username != $channel['channel_name']) {
         $name_change = true;
         require_once 'include/channel.php';
         $err = validate_channelname($username);
         if ($err) {
             notice($err);
             return;
         }
     }
     if ($timezone != $channel['channel_timezone']) {
         if (strlen($timezone)) {
             date_default_timezone_set($timezone);
         }
     }
     set_pconfig(local_channel(), 'system', 'use_browser_location', $allow_location);
     set_pconfig(local_channel(), 'system', 'suggestme', $suggestme);
     set_pconfig(local_channel(), 'system', 'post_newfriend', $post_newfriend);
     set_pconfig(local_channel(), 'system', 'post_joingroup', $post_joingroup);
     set_pconfig(local_channel(), 'system', 'post_profilechange', $post_profilechange);
     set_pconfig(local_channel(), 'system', 'blocktags', $blocktags);
     set_pconfig(local_channel(), 'system', 'channel_menu', $channel_menu);
     set_pconfig(local_channel(), 'system', 'vnotify', $vnotify);
     set_pconfig(local_channel(), 'system', 'always_show_in_notices', $always_show_in_notices);
     set_pconfig(local_channel(), 'system', 'evdays', $evdays);
     set_pconfig(local_channel(), 'system', 'photo_path', $photo_path);
     set_pconfig(local_channel(), 'system', 'attach_path', $attach_path);
     set_pconfig(local_channel(), 'system', 'cal_first_day', $cal_first_day);
     $r = q("update channel set channel_name = '%s', channel_pageflags = %d, channel_timezone = '%s', channel_location = '%s', channel_notifyflags = %d, channel_max_anon_mail = %d, channel_max_friend_req = %d, channel_expire_days = %d {$set_perms} where channel_id = %d", dbesc($username), intval($pageflags), dbesc($timezone), dbesc($defloc), intval($notify), intval($unkmail), intval($maxreq), intval($expire), intval(local_channel()));
     if ($r) {
         info(t('Settings updated.') . EOL);
     }
     if (!is_null($publish)) {
         $r = q("UPDATE profile SET publish = %d WHERE is_default = 1 AND uid = %d", intval($publish), intval(local_channel()));
     }
     if ($name_change) {
         $r = q("update xchan set xchan_name = '%s', xchan_name_date = '%s' where xchan_hash = '%s'", dbesc($username), dbesc(datetime_convert()), dbesc($channel['channel_hash']));
         $r = q("update profile set fullname = '%s' where uid = %d and is_default = 1", dbesc($username), intval($channel['channel_id']));
     }
     \Zotlabs\Daemon\Master::Summon(array('Directory', local_channel()));
     build_sync_packet();
     //$_SESSION['theme'] = $theme;
     if ($email_changed && \App::$config['system']['register_policy'] == REGISTER_VERIFY) {
         // FIXME - set to un-verified, blocked and redirect to logout
         // Why? Are we verifying people or email addresses?
     }
     goaway(z_root() . '/settings');
     return;
     // NOTREACHED
 }
Ejemplo n.º 25
0
function wall_upload_post(&$a, $desktopmode = true)
{
    logger("wall upload: starting new upload", LOGGER_DEBUG);
    $r_json = x($_GET, 'response') && $_GET['response'] == 'json';
    if ($a->argc > 1) {
        if (!x($_FILES, 'media')) {
            $nick = $a->argv[1];
            $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($nick));
            if (!count($r)) {
                if ($r_json) {
                    echo json_encode(['error' => t('Invalid request.')]);
                    killme();
                }
                return;
            }
        } else {
            $user_info = api_get_user($a);
            $r = q("SELECT `user`.*, `contact`.`id` FROM `user` INNER JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1", dbesc($user_info['screen_name']));
        }
    } else {
        if ($r_json) {
            echo json_encode(['error' => t('Invalid request.')]);
            killme();
        }
        return;
    }
    $can_post = false;
    $visitor = 0;
    $page_owner_uid = $r[0]['uid'];
    $default_cid = $r[0]['id'];
    $page_owner_nick = $r[0]['nickname'];
    $community_page = $r[0]['page-flags'] == PAGE_COMMUNITY ? true : false;
    if (local_user() && local_user() == $page_owner_uid) {
        $can_post = true;
    } else {
        if ($community_page && remote_user()) {
            $cid = 0;
            if (is_array($_SESSION['remote'])) {
                foreach ($_SESSION['remote'] as $v) {
                    if ($v['uid'] == $page_owner_uid) {
                        $cid = $v['cid'];
                        break;
                    }
                }
            }
            if ($cid) {
                $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($cid), intval($page_owner_uid));
                if (count($r)) {
                    $can_post = true;
                    $visitor = $cid;
                }
            }
        }
    }
    if (!$can_post) {
        if ($r_json) {
            echo json_encode(['error' => t('Permission denied.')]);
            killme();
        }
        notice(t('Permission denied.') . EOL);
        killme();
    }
    if (!x($_FILES, 'userfile') && !x($_FILES, 'media')) {
        if ($r_json) {
            echo json_encode(['error' => t('Invalid request.')]);
            killme();
        }
        killme();
    }
    $src = "";
    if (x($_FILES, 'userfile')) {
        $src = $_FILES['userfile']['tmp_name'];
        $filename = basename($_FILES['userfile']['name']);
        $filesize = intval($_FILES['userfile']['size']);
        $filetype = $_FILES['userfile']['type'];
    } elseif (x($_FILES, 'media')) {
        if (is_array($_FILES['media']['tmp_name'])) {
            $src = $_FILES['media']['tmp_name'][0];
        } else {
            $src = $_FILES['media']['tmp_name'];
        }
        if (is_array($_FILES['media']['name'])) {
            $filename = basename($_FILES['media']['name'][0]);
        } else {
            $filename = basename($_FILES['media']['name']);
        }
        if (is_array($_FILES['media']['size'])) {
            $filesize = intval($_FILES['media']['size'][0]);
        } else {
            $filesize = intval($_FILES['media']['size']);
        }
        if (is_array($_FILES['media']['type'])) {
            $filetype = $_FILES['media']['type'][0];
        } else {
            $filetype = $_FILES['media']['type'];
        }
    }
    if ($src == "") {
        if ($r_json) {
            echo json_encode(['error' => t('Invalid request.')]);
            killme();
        }
        notice(t('Invalid request.') . EOL);
        killme();
    }
    // This is a special treatment for picture upload from Twidere
    if ($filename == "octet-stream" and $filetype != "") {
        $filename = $filetype;
        $filetype = "";
    }
    if ($filetype == "") {
        $filetype = guess_image_type($filename);
    }
    // If there is a temp name, then do a manual check
    // This is more reliable than the provided value
    $imagedata = getimagesize($src);
    if ($imagedata) {
        $filetype = $imagedata['mime'];
    }
    logger("File upload src: " . $src . " - filename: " . $filename . " - size: " . $filesize . " - type: " . $filetype, LOGGER_DEBUG);
    $maximagesize = get_config('system', 'maximagesize');
    if ($maximagesize && $filesize > $maximagesize) {
        $msg = sprintf(t('Image exceeds size limit of %s'), formatBytes($maximagesize));
        if ($r_json) {
            echo json_encode(['error' => $msg]);
        } else {
            echo $msg . EOL;
        }
        @unlink($src);
        killme();
    }
    $r = q("select sum(octet_length(data)) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($page_owner_uid));
    $limit = service_class_fetch($page_owner_uid, 'photo_upload_limit');
    if ($limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        $msg = upgrade_message(true);
        if ($r_json) {
            echo json_encode(['error' => $msg]);
        } else {
            echo $msg . EOL;
        }
        @unlink($src);
        killme();
    }
    $imagedata = @file_get_contents($src);
    $ph = new Photo($imagedata, $filetype);
    if (!$ph->is_valid()) {
        $msg = t('Unable to process image.');
        if ($r_json) {
            echo json_encode(['error' => $msg]);
        } else {
            echo $msg . EOL;
        }
        @unlink($src);
        killme();
    }
    $ph->orient($src);
    @unlink($src);
    $max_length = get_config('system', 'max_image_length');
    if (!$max_length) {
        $max_length = MAX_IMAGE_LENGTH;
    }
    if ($max_length > 0) {
        $ph->scaleImage($max_length);
        logger("File upload: Scaling picture to new size " . $max_length, LOGGER_DEBUG);
    }
    $width = $ph->getWidth();
    $height = $ph->getHeight();
    $hash = photo_new_resource();
    $smallest = 0;
    $defperm = '<' . $default_cid . '>';
    $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 0, 0, $defperm);
    if (!$r) {
        $msg = t('Image upload failed.');
        if ($r_json) {
            echo json_encode(['error' => $msg]);
        } else {
            echo $msg . EOL;
        }
        killme();
    }
    if ($width > 640 || $height > 640) {
        $ph->scaleImage(640);
        $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 1, 0, $defperm);
        if ($r) {
            $smallest = 1;
        }
    }
    if ($width > 320 || $height > 320) {
        $ph->scaleImage(320);
        $r = $ph->store($page_owner_uid, $visitor, $hash, $filename, t('Wall Photos'), 2, 0, $defperm);
        if ($r and $smallest == 0) {
            $smallest = 2;
        }
    }
    $basename = basename($filename);
    if (!$desktopmode) {
        $r = q("SELECT `id`, `datasize`, `width`, `height`, `type` FROM `photo` WHERE `resource-id` = '%s' ORDER BY `width` DESC LIMIT 1", $hash);
        if (!$r) {
            if ($r_json) {
                echo json_encode(['error' => '']);
                killme();
            }
            return false;
        }
        $picture = array();
        $picture["id"] = $r[0]["id"];
        $picture["size"] = $r[0]["datasize"];
        $picture["width"] = $r[0]["width"];
        $picture["height"] = $r[0]["height"];
        $picture["type"] = $r[0]["type"];
        $picture["albumpage"] = $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash;
        $picture["picture"] = $a->get_baseurl() . "/photo/{$hash}-0." . $ph->getExt();
        $picture["preview"] = $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt();
        if ($r_json) {
            echo json_encode(['picture' => $picture]);
            killme();
        }
        return $picture;
    }
    if ($r_json) {
        echo json_encode(['ok' => true]);
        killme();
    }
    /* mod Waitman Gobble NO WARRANTY */
    //if we get the signal then return the image url info in BBCODE, otherwise this outputs the info and bails (for the ajax image uploader on wall post)
    if ($_REQUEST['hush'] != 'yeah') {
        if (local_user() && (!feature_enabled(local_user(), 'richtext') || x($_REQUEST['nomce']))) {
            echo "\n\n" . '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]\n\n";
        } else {
            echo '<br /><br /><a href="' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '" ><img src="' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "\" alt=\"{$basename}\" /></a><br /><br />";
        }
    } else {
        $m = '[url=' . $a->get_baseurl() . '/photos/' . $page_owner_nick . '/image/' . $hash . '][img]' . $a->get_baseurl() . "/photo/{$hash}-{$smallest}." . $ph->getExt() . "[/img][/url]";
        return $m;
    }
    /* mod Waitman Gobble NO WARRANTY */
    killme();
    // NOTREACHED
}
Ejemplo n.º 26
0
function photos_content(&$a)
{
    // URLs:
    // photos/name
    // photos/name/upload
    // photos/name/upload/xxxxx (xxxxx is album name)
    // photos/name/album/xxxxx
    // photos/name/album/xxxxx/edit
    // photos/name/image/xxxxx
    // photos/name/image/xxxxx/edit
    if (get_config('system', 'block_public') && !local_user() && !remote_user()) {
        notice(t('Public access denied.') . EOL);
        return;
    }
    require_once 'include/bbcode.php';
    require_once 'include/security.php';
    require_once 'include/conversation.php';
    if (!x($a->data, 'user')) {
        notice(t('No photos selected') . EOL);
        return;
    }
    $phototypes = Photo::supportedTypes();
    $_SESSION['photo_return'] = $a->cmd;
    //
    // Parse arguments
    //
    if ($a->argc > 3) {
        $datatype = $a->argv[2];
        $datum = $a->argv[3];
    } elseif ($a->argc > 2 && $a->argv[2] === 'upload') {
        $datatype = 'upload';
    } else {
        $datatype = 'summary';
    }
    if ($a->argc > 4) {
        $cmd = $a->argv[4];
    } else {
        $cmd = 'view';
    }
    //
    // Setup permissions structures
    //
    $can_post = false;
    $visitor = 0;
    $contact = null;
    $remote_contact = false;
    $contact_id = 0;
    $owner_uid = $a->data['user']['uid'];
    $community_page = $a->data['user']['page-flags'] == PAGE_COMMUNITY ? true : false;
    if (local_user() && local_user() == $owner_uid) {
        $can_post = true;
    } else {
        if ($community_page && remote_user()) {
            if (is_array($_SESSION['remote'])) {
                foreach ($_SESSION['remote'] as $v) {
                    if ($v['uid'] == $owner_uid) {
                        $contact_id = $v['cid'];
                        break;
                    }
                }
            }
            if ($contact_id) {
                $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
                if (count($r)) {
                    $can_post = true;
                    $contact = $r[0];
                    $remote_contact = true;
                    $visitor = $cid;
                }
            }
        }
    }
    // perhaps they're visiting - but not a community page, so they wouldn't have write access
    if (remote_user() && !$visitor) {
        $contact_id = 0;
        if (is_array($_SESSION['remote'])) {
            foreach ($_SESSION['remote'] as $v) {
                if ($v['uid'] == $owner_uid) {
                    $contact_id = $v['cid'];
                    break;
                }
            }
        }
        if ($contact_id) {
            $groups = init_groups_visitor($contact_id);
            $r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id), intval($owner_uid));
            if (count($r)) {
                $contact = $r[0];
                $remote_contact = true;
            }
        }
    }
    if (!$remote_contact) {
        if (local_user()) {
            $contact_id = $_SESSION['cid'];
            $contact = $a->contact;
        }
    }
    if ($a->data['user']['hidewall'] && local_user() != $owner_uid && !$remote_contact) {
        notice(t('Access to this item is restricted.') . EOL);
        return;
    }
    $sql_extra = permissions_sql($owner_uid, $remote_contact, $groups);
    $o = "";
    // tabs
    $_is_owner = local_user() && local_user() == $owner_uid;
    $o .= profile_tabs($a, $_is_owner, $a->data['user']['nickname']);
    //
    // dispatch request
    //
    if ($datatype === 'upload') {
        if (!$can_post) {
            notice(t('Permission denied.'));
            return;
        }
        $selname = $datum ? hex2bin($datum) : '';
        $albumselect = '';
        $albumselect .= '<option value="" ' . (!$selname ? ' selected="selected" ' : '') . '>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
        if (count($a->data['albums'])) {
            foreach ($a->data['albums'] as $album) {
                if ($album['album'] === '' || $album['album'] === 'Contact Photos' || $album['album'] === t('Contact Photos')) {
                    continue;
                }
                $selected = $selname === $album['album'] ? ' selected="selected" ' : '';
                $albumselect .= '<option value="' . $album['album'] . '"' . $selected . '>' . $album['album'] . '</option>';
            }
        }
        $celeb = $a->user['page-flags'] == PAGE_SOAPBOX || $a->user['page-flags'] == PAGE_COMMUNITY ? true : false;
        $uploader = '';
        $ret = array('post_url' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'], 'addon_text' => $uploader, 'default_upload' => true);
        call_hooks('photo_upload_form', $ret);
        $default_upload_box = replace_macros(get_markup_template('photos_default_uploader_box.tpl'), array());
        $default_upload_submit = replace_macros(get_markup_template('photos_default_uploader_submit.tpl'), array('$submit' => t('Submit')));
        $usage_message = '';
        $limit = service_class_fetch($a->data['user']['uid'], 'photo_upload_limit');
        if ($limit !== false) {
            $r = q("select sum(datasize) as total from photo where uid = %d and scale = 0 and album != 'Contact Photos' ", intval($a->data['user']['uid']));
            $usage_message = sprintf(t("You have used %1\$.2f Mbytes of %2\$.2f Mbytes photo storage."), $r[0]['total'] / 1024000, $limit / 1024000);
        }
        // Private/public post links for the non-JS ACL form
        $private_post = 1;
        if ($_REQUEST['public']) {
            $private_post = 0;
        }
        $query_str = $a->query_string;
        if (strpos($query_str, 'public=1') !== false) {
            $query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
        }
        // I think $a->query_string may never have ? in it, but I could be wrong
        // It looks like it's from the index.php?q=[etc] rewrite that the web
        // server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
        if (strpos($query_str, '?') === false) {
            $public_post_link = '?public=1';
        } else {
            $public_post_link = '&public=1';
        }
        $tpl = get_markup_template('photos_upload.tpl');
        if ($a->theme['template_engine'] === 'internal') {
            $albumselect_e = template_escape($albumselect);
            $aclselect_e = $visitor ? '' : template_escape(populate_acl($a->user, $celeb));
        } else {
            $albumselect_e = $albumselect;
            $aclselect_e = $visitor ? '' : populate_acl($a->user, $celeb);
        }
        $o .= replace_macros($tpl, array('$pagename' => t('Upload Photos'), '$sessid' => session_id(), '$usage' => $usage_message, '$nickname' => $a->data['user']['nickname'], '$newalbum' => t('New album name: '), '$existalbumtext' => t('or existing album name: '), '$nosharetext' => t('Do not show a status post for this upload'), '$albumselect' => $albumselect_e, '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$alt_uploader' => $ret['addon_text'], '$default_upload_box' => $ret['default_upload'] ? $default_upload_box : '', '$default_upload_submit' => $ret['default_upload'] ? $default_upload_submit : '', '$uploadurl' => $ret['post_url'], '$acl_data' => construct_acl_data($a, $a->user), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private Photo'), '$public' => t('Public Photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
        return $o;
    }
    if ($datatype === 'album') {
        $album = hex2bin($datum);
        $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id`", intval($owner_uid), dbesc($album));
        if (count($r)) {
            $a->set_pager_total(count($r));
            $a->set_pager_itemspage(20);
        }
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $r = q("SELECT `resource-id`, `id`, `filename`, type, max(`scale`) AS `scale`, `desc` FROM `photo` WHERE `uid` = %d AND `album` = '%s' \n\t\t\tAND `scale` <= 4 {$sql_extra} GROUP BY `resource-id` ORDER BY `created` {$order} LIMIT %d , %d", intval($owner_uid), dbesc($album), intval($a->pager['start']), intval($a->pager['itemspage']));
        $o .= '<h3 id="photo-album-title">' . $album . '</h3>';
        if ($cmd === 'edit') {
            if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
                if ($can_post) {
                    $edit_tpl = get_markup_template('album_edit.tpl');
                    if ($a->theme['template_engine'] === 'internal') {
                        $album_e = template_escape($album);
                    } else {
                        $album_e = $album;
                    }
                    $o .= replace_macros($edit_tpl, array('$nametext' => t('New album name: '), '$nickname' => $a->data['user']['nickname'], '$album' => $album_e, '$hexalbum' => bin2hex($album), '$submit' => t('Submit'), '$dropsubmit' => t('Delete Album')));
                }
            }
        } else {
            if ($album !== t('Profile Photos') && $album !== 'Contact Photos' && $album !== t('Contact Photos')) {
                if ($can_post) {
                    $o .= '<div id="album-edit-link"><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '/edit' . '">' . t('Edit Album') . '</a></div>';
                }
            }
        }
        if ($_GET['order'] === 'posted') {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '" >' . t('Show Newest First') . '</a></div>';
        } else {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($album) . '?f=&order=posted" >' . t('Show Oldest First') . '</a></div>';
        }
        if ($can_post) {
            $o .= '<div class="photos-upload-link" ><a href="' . $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload/' . bin2hex($album) . '" >' . t('Upload New Photos') . '</a></div>';
        }
        $tpl = get_markup_template('photo_album.tpl');
        if (count($r)) {
            $twist = 'rotright';
        }
        foreach ($r as $rr) {
            if ($twist == 'rotright') {
                $twist = 'rotleft';
            } else {
                $twist = 'rotright';
            }
            $ext = $phototypes[$rr['type']];
            if ($a->theme['template_engine'] === 'internal') {
                $imgalt_e = template_escape($rr['filename']);
                $desc_e = template_escape($rr['desc']);
            } else {
                $imgalt_e = $rr['filename'];
                $desc_e = $rr['desc'];
            }
            $o .= replace_macros($tpl, array('$id' => $rr['id'], '$twist' => ' ' . $twist . rand(2, 4), '$photolink' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'] . ($_GET['order'] === 'posted' ? '?f=&order=posted' : ''), '$phototitle' => t('View Photo'), '$imgsrc' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . $rr['scale'] . '.' . $ext, '$imgalt' => $imgalt_e, '$desc' => $desc_e));
        }
        $o .= '<div id="photo-album-end"></div>';
        $o .= paginate($a);
        return $o;
    }
    if ($datatype === 'image') {
        //$o = '';
        // fetch image, item containing image, then comments
        $ph = q("SELECT * FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s' \n\t\t\t{$sql_extra} ORDER BY `scale` ASC ", intval($owner_uid), dbesc($datum));
        if (!count($ph)) {
            $ph = q("SELECT `id` FROM `photo` WHERE `uid` = %d AND `resource-id` = '%s'\n\t\t\t\tLIMIT 1", intval($owner_uid), dbesc($datum));
            if (count($ph)) {
                notice(t('Permission denied. Access to this item may be restricted.'));
            } else {
                notice(t('Photo not available') . EOL);
            }
            return;
        }
        $prevlink = '';
        $nextlink = '';
        if ($_GET['order'] === 'posted') {
            $order = 'ASC';
        } else {
            $order = 'DESC';
        }
        $prvnxt = q("SELECT `resource-id` FROM `photo` WHERE `album` = '%s' AND `uid` = %d AND `scale` = 0\n\t\t\t{$sql_extra} ORDER BY `created` {$order} ", dbesc($ph[0]['album']), intval($owner_uid));
        if (count($prvnxt)) {
            for ($z = 0; $z < count($prvnxt); $z++) {
                if ($prvnxt[$z]['resource-id'] == $ph[0]['resource-id']) {
                    $prv = $z - 1;
                    $nxt = $z + 1;
                    if ($prv < 0) {
                        $prv = count($prvnxt) - 1;
                    }
                    if ($nxt >= count($prvnxt)) {
                        $nxt = 0;
                    }
                    break;
                }
            }
            $edit_suffix = $cmd === 'edit' && $can_post ? '/edit' : '';
            $prevlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$prv]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
            $nextlink = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $prvnxt[$nxt]['resource-id'] . $edit_suffix . ($_GET['order'] === 'posted' ? '?f=&order=posted' : '');
        }
        if (count($ph) == 1) {
            $hires = $lores = $ph[0];
        }
        if (count($ph) > 1) {
            if ($ph[1]['scale'] == 2) {
                // original is 640 or less, we can display it directly
                $hires = $lores = $ph[0];
            } else {
                $hires = $ph[0];
                $lores = $ph[1];
            }
        }
        $album_link = $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($ph[0]['album']);
        $tools = Null;
        $lock = Null;
        if ($can_post && $ph[0]['uid'] == $owner_uid) {
            $tools = array('edit' => array($a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $datum . ($cmd === 'edit' ? '' : '/edit'), $cmd === 'edit' ? t('View photo') : t('Edit photo')), 'profile' => array($a->get_baseurl() . '/profile_photo/use/' . $ph[0]['resource-id'], t('Use as profile photo')));
            // lock
            $lock = $ph[0]['uid'] == local_user() && (strlen($ph[0]['allow_cid']) || strlen($ph[0]['allow_gid']) || strlen($ph[0]['deny_cid']) || strlen($ph[0]['deny_gid'])) ? t('Private Message') : Null;
        }
        if ($cmd === 'edit') {
            $tpl = get_markup_template('photo_edit_head.tpl');
            $a->page['htmlhead'] .= replace_macros($tpl, array('$prevlink' => $prevlink, '$nextlink' => $nextlink));
        }
        if ($prevlink) {
            $prevlink = array($prevlink, '<div class="icon prev"></div>');
        }
        $photo = array('href' => $a->get_baseurl() . '/photo/' . $hires['resource-id'] . '-' . $hires['scale'] . '.' . $phototypes[$hires['type']], 'title' => t('View Full Size'), 'src' => $a->get_baseurl() . '/photo/' . $lores['resource-id'] . '-' . $lores['scale'] . '.' . $phototypes[$lores['type']] . '?f=&_u=' . datetime_convert('', '', '', 'ymdhis'), 'height' => $hires['height'], 'width' => $hires['width'], 'album' => $hires['album'], 'filename' => $hires['filename']);
        if ($nextlink) {
            $nextlink = array($nextlink, '<div class="icon next"></div>');
        }
        // Do we have an item for this photo?
        // FIXME! - replace following code to display the conversation with our normal
        // conversation functions so that it works correctly and tracks changes
        // in the evolving conversation code.
        // The difference is that we won't be displaying the conversation head item
        // as a "post" but displaying instead the photo it is linked to
        $linked_items = q("SELECT * FROM `item` WHERE `resource-id` = '%s' {$sql_extra} LIMIT 1", dbesc($datum));
        if (count($linked_items)) {
            $link_item = $linked_items[0];
            $r = q("SELECT COUNT(*) AS `total`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra} ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']));
            if (count($r)) {
                $a->set_pager_total($r[0]['total']);
            }
            $r = q("SELECT `item`.*, `item`.`id` AS `item_id`,\n\t\t\t\t`contact`.`name`, `contact`.`photo`, `contact`.`url`, `contact`.`network`,\n\t\t\t\t`contact`.`rel`, `contact`.`thumb`, `contact`.`self`,\n\t\t\t\t`contact`.`id` AS `cid`, `contact`.`uid` AS `contact-uid`\n\t\t\t\tFROM `item` LEFT JOIN `contact` ON `contact`.`id` = `item`.`contact-id`\n\t\t\t\tWHERE `parent-uri` = '%s' AND `uri` != '%s' AND `item`.`deleted` = 0 and `item`.`moderated` = 0\n\t\t\t\tAND `contact`.`blocked` = 0 AND `contact`.`pending` = 0\n\t\t\t\tAND `item`.`uid` = %d\n\t\t\t\t{$sql_extra}\n\t\t\t\tORDER BY `parent` DESC, `id` ASC LIMIT %d ,%d ", dbesc($link_item['uri']), dbesc($link_item['uri']), intval($link_item['uid']), intval($a->pager['start']), intval($a->pager['itemspage']));
            if (local_user() && local_user() == $link_item['uid']) {
                q("UPDATE `item` SET `unseen` = 0 WHERE `parent` = %d and `uid` = %d", intval($link_item['parent']), intval(local_user()));
                update_thread($link_item['parent']);
            }
        }
        $tags = Null;
        if (count($linked_items) && strlen($link_item['tag'])) {
            $arr = explode(',', $link_item['tag']);
            // parse tags and add links
            $tag_str = '';
            foreach ($arr as $t) {
                if (strlen($tag_str)) {
                    $tag_str .= ', ';
                }
                $tag_str .= bbcode($t);
            }
            $tags = array(t('Tags: '), $tag_str);
            if ($cmd === 'edit') {
                $tags[] = $a->get_baseurl() . '/tagrm/' . $link_item['id'];
                $tags[] = t('[Remove any tag]');
            }
        }
        $edit = Null;
        if ($cmd === 'edit' && $can_post) {
            $edit_tpl = get_markup_template('photo_edit.tpl');
            // Private/public post links for the non-JS ACL form
            $private_post = 1;
            if ($_REQUEST['public']) {
                $private_post = 0;
            }
            $query_str = $a->query_string;
            if (strpos($query_str, 'public=1') !== false) {
                $query_str = str_replace(array('?public=1', '&public=1'), array('', ''), $query_str);
            }
            // I think $a->query_string may never have ? in it, but I could be wrong
            // It looks like it's from the index.php?q=[etc] rewrite that the web
            // server does, which converts any ? to &, e.g. suggest&ignore=61 for suggest?ignore=61
            if (strpos($query_str, '?') === false) {
                $public_post_link = '?public=1';
            } else {
                $public_post_link = '&public=1';
            }
            if ($a->theme['template_engine'] === 'internal') {
                $album_e = template_escape($ph[0]['album']);
                $caption_e = template_escape($ph[0]['desc']);
                $aclselect_e = template_escape(populate_acl($ph[0]));
            } else {
                $album_e = $ph[0]['album'];
                $caption_e = $ph[0]['desc'];
                $aclselect_e = populate_acl($ph[0]);
            }
            $edit = replace_macros($edit_tpl, array('$id' => $ph[0]['id'], '$rotatecw' => t('Rotate CW (right)'), '$rotateccw' => t('Rotate CCW (left)'), '$album' => $album_e, '$newalbum' => t('New album name'), '$nickname' => $a->data['user']['nickname'], '$resource_id' => $ph[0]['resource-id'], '$capt_label' => t('Caption'), '$caption' => $caption_e, '$tag_label' => t('Add a Tag'), '$tags' => $link_item['tag'], '$permissions' => t('Permissions'), '$aclselect' => $aclselect_e, '$help_tags' => t('Example: @bob, @Barbara_Jensen, @jim@example.com, #California, #camping'), '$item_id' => count($linked_items) ? $link_item['id'] : 0, '$submit' => t('Submit'), '$delete' => t('Delete Photo'), '$acl_data' => construct_acl_data($a, $ph[0]), '$group_perms' => t('Show to Groups'), '$contact_perms' => t('Show to Contacts'), '$private' => t('Private photo'), '$public' => t('Public photo'), '$is_private' => $private_post, '$return_path' => $query_str, '$public_link' => $public_post_link));
        }
        if (count($linked_items)) {
            $cmnt_tpl = get_markup_template('comment_item.tpl');
            $tpl = get_markup_template('photo_item.tpl');
            $return_url = $a->cmd;
            $like_tpl = get_markup_template('like_noshare.tpl');
            $likebuttons = '';
            if ($can_post || can_write_wall($a, $owner_uid)) {
                $likebuttons = replace_macros($like_tpl, array('$id' => $link_item['id'], '$likethis' => t("I like this (toggle)"), '$nolike' => feature_enabled(local_user(), 'dislike') ? t("I don't like this (toggle)") : '', '$share' => t('Share'), '$wait' => t('Please wait'), '$return_path' => $a->query_string));
            }
            $comments = '';
            if (!count($r)) {
                if ($can_post || can_write_wall($a, $owner_uid)) {
                    if ($link_item['last-child']) {
                        $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
                    }
                }
            }
            $alike = array();
            $dlike = array();
            $like = '';
            $dislike = '';
            // display comments
            if (count($r)) {
                foreach ($r as $item) {
                    like_puller($a, $item, $alike, 'like');
                    like_puller($a, $item, $dlike, 'dislike');
                }
                $like = isset($alike[$link_item['id']]) ? format_like($alike[$link_item['id']], $alike[$link_item['id'] . '-l'], 'like', $link_item['id']) : '';
                $dislike = isset($dlike[$link_item['id']]) ? format_like($dlike[$link_item['id']], $dlike[$link_item['id'] . '-l'], 'dislike', $link_item['id']) : '';
                if ($can_post || can_write_wall($a, $owner_uid)) {
                    if ($link_item['last-child']) {
                        $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $link_item['id'], '$parent' => $link_item['id'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
                    }
                }
                foreach ($r as $item) {
                    $comment = '';
                    $template = $tpl;
                    $sparkle = '';
                    if ((activity_match($item['verb'], ACTIVITY_LIKE) || activity_match($item['verb'], ACTIVITY_DISLIKE)) && $item['id'] != $item['parent']) {
                        continue;
                    }
                    $redirect_url = $a->get_baseurl() . '/redir/' . $item['cid'];
                    if (local_user() && $item['contact-uid'] == local_user() && $item['network'] == 'dfrn' && !$item['self']) {
                        $profile_url = $redirect_url;
                        $sparkle = ' sparkle';
                    } else {
                        $profile_url = $item['url'];
                        $sparkle = '';
                    }
                    $diff_author = $item['url'] !== $item['author-link'] ? true : false;
                    $profile_name = strlen($item['author-name']) && $diff_author ? $item['author-name'] : $item['name'];
                    $profile_avatar = strlen($item['author-avatar']) && $diff_author ? $item['author-avatar'] : $item['thumb'];
                    $profile_link = $profile_url;
                    $dropping = $item['contact-id'] == $contact_id || $item['uid'] == local_user();
                    $drop = array('dropping' => $dropping, 'pagedrop' => false, 'select' => t('Select'), 'delete' => t('Delete'));
                    if ($a->theme['template_engine'] === 'internal') {
                        $name_e = template_escape($profile_name);
                        $title_e = template_escape($item['title']);
                        $body_e = template_escape(bbcode($item['body']));
                    } else {
                        $name_e = $profile_name;
                        $title_e = $item['title'];
                        $body_e = bbcode($item['body']);
                    }
                    $comments .= replace_macros($template, array('$id' => $item['item_id'], '$profile_url' => $profile_link, '$name' => $name_e, '$thumb' => $profile_avatar, '$sparkle' => $sparkle, '$title' => $title_e, '$body' => $body_e, '$ago' => relative_date($item['created']), '$indent' => $item['parent'] != $item['item_id'] ? ' comment' : '', '$drop' => $drop, '$comment' => $comment));
                    if ($can_post || can_write_wall($a, $owner_uid)) {
                        if ($item['last-child']) {
                            $comments .= replace_macros($cmnt_tpl, array('$return_path' => '', '$jsreload' => $return_url, '$type' => 'wall-comment', '$id' => $item['item_id'], '$parent' => $item['parent'], '$profile_uid' => $owner_uid, '$mylink' => $contact['url'], '$mytitle' => t('This is you'), '$myphoto' => $contact['thumb'], '$comment' => t('Comment'), '$submit' => t('Submit'), '$preview' => t('Preview'), '$sourceapp' => t($a->sourcename), '$ww' => '', '$rand_num' => random_digits(12)));
                        }
                    }
                }
            }
            $paginate = paginate($a);
        }
        $photo_tpl = get_markup_template('photo_view.tpl');
        if ($a->theme['template_engine'] === 'internal') {
            $album_e = array($album_link, template_escape($ph[0]['album']));
            $tags_e = template_escape($tags);
            $like_e = template_escape($like);
            $dislike_e = template_escape($dislike);
        } else {
            $album_e = array($album_link, $ph[0]['album']);
            $tags_e = $tags;
            $like_e = $like;
            $dislike_e = $dislike;
        }
        $o .= replace_macros($photo_tpl, array('$id' => $ph[0]['id'], '$album' => $album_e, '$tools' => $tools, '$lock' => $lock, '$photo' => $photo, '$prevlink' => $prevlink, '$nextlink' => $nextlink, '$desc' => $ph[0]['desc'], '$tags' => $tags_e, '$edit' => $edit, '$likebuttons' => $likebuttons, '$like' => $like_e, '$dislike' => $dikslike_e, '$comments' => $comments, '$paginate' => $paginate));
        $a->page['htmlhead'] .= "\n" . '<meta name="twitter:card" content="photo" />' . "\n";
        $a->page['htmlhead'] .= '<meta name="twitter:title" content="' . $photo["album"] . '" />' . "\n";
        $a->page['htmlhead'] .= '<meta name="twitter:image" content="' . $photo["href"] . '" />' . "\n";
        $a->page['htmlhead'] .= '<meta name="twitter:image:width" content="' . $photo["width"] . '" />' . "\n";
        $a->page['htmlhead'] .= '<meta name="twitter:image:height" content="' . $photo["height"] . '" />' . "\n";
        return $o;
    }
    // Default - show recent photos with upload link (if applicable)
    //$o = '';
    $r = q("SELECT `resource-id`, max(`scale`) AS `scale` FROM `photo` WHERE `uid` = %d AND `album` != '%s' AND `album` != '%s' \n\t\t{$sql_extra} GROUP BY `resource-id`", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')));
    if (count($r)) {
        $a->set_pager_total(count($r));
        $a->set_pager_itemspage(20);
    }
    $r = q("SELECT `resource-id`, `id`, `filename`, type, `album`, max(`scale`) AS `scale` FROM `photo`\n\t\tWHERE `uid` = %d AND `album` != '%s' AND `album` != '%s'  \n\t\t{$sql_extra} GROUP BY `resource-id` ORDER BY `created` DESC LIMIT %d , %d", intval($a->data['user']['uid']), dbesc('Contact Photos'), dbesc(t('Contact Photos')), intval($a->pager['start']), intval($a->pager['itemspage']));
    $photos = array();
    if (count($r)) {
        $twist = 'rotright';
        foreach ($r as $rr) {
            if ($twist == 'rotright') {
                $twist = 'rotleft';
            } else {
                $twist = 'rotright';
            }
            $ext = $phototypes[$rr['type']];
            if ($a->theme['template_engine'] === 'internal') {
                $alt_e = template_escape($rr['filename']);
                $name_e = template_escape($rr['album']);
            } else {
                $alt_e = $rr['filename'];
                $name_e = $rr['album'];
            }
            $photos[] = array('id' => $rr['id'], 'twist' => ' ' . $twist . rand(2, 4), 'link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/image/' . $rr['resource-id'], 'title' => t('View Photo'), 'src' => $a->get_baseurl() . '/photo/' . $rr['resource-id'] . '-' . ($rr['scale'] == 6 ? 4 : $rr['scale']) . '.' . $ext, 'alt' => $alt_e, 'album' => array('link' => $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/album/' . bin2hex($rr['album']), 'name' => $name_e, 'alt' => t('View Album')));
        }
    }
    $tpl = get_markup_template('photos_recent.tpl');
    $o .= replace_macros($tpl, array('$title' => t('Recent Photos'), '$can_post' => $can_post, '$upload' => array(t('Upload New Photos'), $a->get_baseurl() . '/photos/' . $a->data['user']['nickname'] . '/upload'), '$photos' => $photos));
    $o .= paginate($a);
    return $o;
}
Ejemplo n.º 27
0
Archivo: zot.php Proyecto: 23n/hubzilla
/**
 * @brief
 *
 * @param array $sender
 * @param array $arr
 * @param array $deliveries
 * @return array
 */
function process_channel_sync_delivery($sender, $arr, $deliveries)
{
    require_once 'include/import.php';
    /** @FIXME this will sync red structures (channel, pconfig and abook). Eventually we need to make this application agnostic. */
    $result = array();
    foreach ($deliveries as $d) {
        $r = q("select * from channel where channel_hash = '%s' limit 1", dbesc($d['hash']));
        if (!$r) {
            $result[] = array($d['hash'], 'not found');
            continue;
        }
        $channel = $r[0];
        $max_friends = service_class_fetch($channel['channel_id'], 'total_channels');
        $max_feeds = account_service_class_fetch($channel['channel_account_id'], 'total_feeds');
        if ($channel['channel_hash'] != $sender['hash']) {
            logger('process_channel_sync_delivery: possible forgery. Sender ' . $sender['hash'] . ' is not ' . $channel['channel_hash']);
            $result[] = array($d['hash'], 'channel mismatch', $channel['channel_name'], '');
            continue;
        }
        if (array_key_exists('config', $arr) && is_array($arr['config']) && count($arr['config'])) {
            foreach ($arr['config'] as $cat => $k) {
                foreach ($arr['config'][$cat] as $k => $v) {
                    set_pconfig($channel['channel_id'], $cat, $k, $v);
                }
            }
        }
        if (array_key_exists('obj', $arr) && $arr['obj']) {
            sync_objs($channel, $arr['obj']);
        }
        if (array_key_exists('likes', $arr) && $arr['likes']) {
            import_likes($channel, $arr['likes']);
        }
        if (array_key_exists('app', $arr) && $arr['app']) {
            sync_apps($channel, $arr['app']);
        }
        if (array_key_exists('chatroom', $arr) && $arr['chatroom']) {
            sync_chatrooms($channel, $arr['chatroom']);
        }
        if (array_key_exists('conv', $arr) && $arr['conv']) {
            import_conv($channel, $arr['conv']);
        }
        if (array_key_exists('mail', $arr) && $arr['mail']) {
            import_mail($channel, $arr['mail']);
        }
        if (array_key_exists('event', $arr) && $arr['event']) {
            sync_events($channel, $arr['event']);
        }
        if (array_key_exists('event_item', $arr) && $arr['event_item']) {
            sync_items($channel, $arr['event_item']);
        }
        if (array_key_exists('item', $arr) && $arr['item']) {
            sync_items($channel, $arr['item']);
        }
        if (array_key_exists('item_id', $arr) && $arr['item_id']) {
            sync_items($channel, $arr['item_id']);
        }
        if (array_key_exists('menu', $arr) && $arr['menu']) {
            sync_menus($channel, $arr['menu']);
        }
        if (array_key_exists('channel', $arr) && is_array($arr['channel']) && count($arr['channel'])) {
            if (array_key_exists('channel_pageflags', $arr['channel']) && intval($arr['channel']['channel_pageflags'])) {
                // These flags cannot be sync'd.
                // remove the bits from the incoming flags.
                // These correspond to PAGE_REMOVED and PAGE_SYSTEM on redmatrix
                if ($arr['channel']['channel_pageflags'] & 0x8000) {
                    $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x8000;
                }
                if ($arr['channel']['channel_pageflags'] & 0x1000) {
                    $arr['channel']['channel_pageflags'] = $arr['channel']['channel_pageflags'] - 0x1000;
                }
            }
            $disallowed = array('channel_id', 'channel_account_id', 'channel_primary', 'channel_prvkey', 'channel_address', 'channel_notifyflags', 'channel_removed', 'channel_deleted', 'channel_system');
            $clean = array();
            foreach ($arr['channel'] as $k => $v) {
                if (in_array($k, $disallowed)) {
                    continue;
                }
                $clean[$k] = $v;
            }
            if (count($clean)) {
                foreach ($clean as $k => $v) {
                    $r = dbq("UPDATE channel set " . dbesc($k) . " = '" . dbesc($v) . "' where channel_id = " . intval($channel['channel_id']));
                }
            }
        }
        if (array_key_exists('abook', $arr) && is_array($arr['abook']) && count($arr['abook'])) {
            $total_friends = 0;
            $total_feeds = 0;
            $r = q("select abook_id, abook_feed from abook where abook_channel = %d", intval($channel['channel_id']));
            if ($r) {
                // don't count yourself
                $total_friends = count($r) > 0 ? count($r) - 1 : 0;
                foreach ($r as $rr) {
                    if (intval($rr['abook_feed'])) {
                        $total_feeds++;
                    }
                }
            }
            $disallowed = array('abook_id', 'abook_account', 'abook_channel', 'abook_rating', 'abook_rating_text');
            foreach ($arr['abook'] as $abook) {
                if (!array_key_exists('abook_blocked', $abook)) {
                    // convert from redmatrix
                    $abook['abook_blocked'] = $abook['abook_flags'] & 0x1 ? 1 : 0;
                    $abook['abook_ignored'] = $abook['abook_flags'] & 0x2 ? 1 : 0;
                    $abook['abook_hidden'] = $abook['abook_flags'] & 0x4 ? 1 : 0;
                    $abook['abook_archived'] = $abook['abook_flags'] & 0x8 ? 1 : 0;
                    $abook['abook_pending'] = $abook['abook_flags'] & 0x10 ? 1 : 0;
                    $abook['abook_unconnected'] = $abook['abook_flags'] & 0x20 ? 1 : 0;
                    $abook['abook_self'] = $abook['abook_flags'] & 0x80 ? 1 : 0;
                    $abook['abook_feed'] = $abook['abook_flags'] & 0x100 ? 1 : 0;
                }
                $clean = array();
                if ($abook['abook_xchan'] && $abook['entry_deleted']) {
                    logger('process_channel_sync_delivery: removing abook entry for ' . $abook['abook_xchan']);
                    require_once 'include/Contact.php';
                    $r = q("select abook_id, abook_feed from abook where abook_xchan = '%s' and abook_channel = %d and abook_self = 0 limit 1", dbesc($abook['abook_xchan']), intval($channel['channel_id']));
                    if ($r) {
                        contact_remove($channel['channel_id'], $r[0]['abook_id']);
                        if ($total_friends) {
                            $total_friends--;
                        }
                        if (intval($r[0]['abook_feed'])) {
                            $total_feeds--;
                        }
                    }
                    continue;
                }
                // Perform discovery if the referenced xchan hasn't ever been seen on this hub.
                // This relies on the undocumented behaviour that red sites send xchan info with the abook
                // and import_author_xchan will look them up on all federated networks
                if ($abook['abook_xchan'] && $abook['xchan_addr']) {
                    $h = zot_get_hublocs($abook['abook_xchan']);
                    if (!$h) {
                        $xhash = import_author_xchan(encode_item_xchan($abook));
                        if (!$xhash) {
                            logger('process_channel_sync_delivery: import of ' . $abook['xchan_addr'] . ' failed.');
                            continue;
                        }
                    }
                }
                foreach ($abook as $k => $v) {
                    if (in_array($k, $disallowed) || strpos($k, 'abook') !== 0) {
                        continue;
                    }
                    $clean[$k] = $v;
                }
                if (!array_key_exists('abook_xchan', $clean)) {
                    continue;
                }
                $r = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
                // make sure we have an abook entry for this xchan on this system
                if (!$r) {
                    if ($max_friends !== false && $total_friends > $max_friends) {
                        logger('process_channel_sync_delivery: total_channels service class limit exceeded');
                        continue;
                    }
                    if ($max_feeds !== false && intval($clean['abook_feed']) && $total_feeds > $max_feeds) {
                        logger('process_channel_sync_delivery: total_feeds service class limit exceeded');
                        continue;
                    }
                    q("insert into abook ( abook_xchan, abook_channel ) values ('%s', %d ) ", dbesc($clean['abook_xchan']), intval($channel['channel_id']));
                    $total_friends++;
                    if (intval($clean['abook_feed'])) {
                        $total_feeds++;
                    }
                }
                if (count($clean)) {
                    foreach ($clean as $k => $v) {
                        if ($k == 'abook_dob') {
                            $v = dbescdate($v);
                        }
                        $r = dbq("UPDATE abook set " . dbesc($k) . " = '" . dbesc($v) . "' where abook_xchan = '" . dbesc($clean['abook_xchan']) . "' and abook_channel = " . intval($channel['channel_id']));
                    }
                }
            }
        }
        // sync collections (privacy groups) oh joy...
        if (array_key_exists('collections', $arr) && is_array($arr['collections']) && count($arr['collections'])) {
            $x = q("select * from groups where uid = %d", intval($channel['channel_id']));
            foreach ($arr['collections'] as $cl) {
                $found = false;
                if ($x) {
                    foreach ($x as $y) {
                        if ($cl['collection'] == $y['hash']) {
                            $found = true;
                            break;
                        }
                    }
                    if ($found) {
                        if ($y['name'] != $cl['name'] || $y['visible'] != $cl['visible'] || $y['deleted'] != $cl['deleted']) {
                            q("update groups set name = '%s', visible = %d, deleted = %d where hash = '%s' and uid = %d", dbesc($cl['name']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['hash']), intval($channel['channel_id']));
                        }
                        if (intval($cl['deleted']) && !intval($y['deleted'])) {
                            q("delete from group_member where gid = %d", intval($y['id']));
                        }
                    }
                }
                if (!$found) {
                    $r = q("INSERT INTO `groups` ( hash, uid, visible, deleted, name )\n\t\t\t\t\t\tVALUES( '%s', %d, %d, %d, '%s' ) ", dbesc($cl['collection']), intval($channel['channel_id']), intval($cl['visible']), intval($cl['deleted']), dbesc($cl['name']));
                }
                // now look for any collections locally which weren't in the list we just received.
                // They need to be removed by marking deleted and removing the members.
                // This shouldn't happen except for clones created before this function was written.
                if ($x) {
                    $found_local = false;
                    foreach ($x as $y) {
                        foreach ($arr['collections'] as $cl) {
                            if ($cl['collection'] == $y['hash']) {
                                $found_local = true;
                                break;
                            }
                        }
                        if (!$found_local) {
                            q("delete from group_member where gid = %d", intval($y['id']));
                            q("update groups set deleted = 1 where id = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
                        }
                    }
                }
            }
            // reload the group list with any updates
            $x = q("select * from groups where uid = %d", intval($channel['channel_id']));
            // now sync the members
            if (array_key_exists('collection_members', $arr) && is_array($arr['collection_members']) && count($arr['collection_members'])) {
                // first sort into groups keyed by the group hash
                $members = array();
                foreach ($arr['collection_members'] as $cm) {
                    if (!array_key_exists($cm['collection'], $members)) {
                        $members[$cm['collection']] = array();
                    }
                    $members[$cm['collection']][] = $cm['member'];
                }
                // our group list is already synchronised
                if ($x) {
                    foreach ($x as $y) {
                        // for each group, loop on members list we just received
                        foreach ($members[$y['hash']] as $member) {
                            $found = false;
                            $z = q("select xchan from group_member where gid = %d and uid = %d and xchan = '%s' limit 1", intval($y['id']), intval($channel['channel_id']), dbesc($member));
                            if ($z) {
                                $found = true;
                            }
                            // if somebody is in the group that wasn't before - add them
                            if (!$found) {
                                q("INSERT INTO `group_member` (`uid`, `gid`, `xchan`)\n\t\t\t\t\t\t\t\t\tVALUES( %d, %d, '%s' ) ", intval($channel['channel_id']), intval($y['id']), dbesc($member));
                            }
                        }
                        // now retrieve a list of members we have on this site
                        $m = q("select xchan from group_member where gid = %d and uid = %d", intval($y['id']), intval($channel['channel_id']));
                        if ($m) {
                            foreach ($m as $mm) {
                                // if the local existing member isn't in the list we just received - remove them
                                if (!in_array($mm['xchan'], $members[$y['hash']])) {
                                    q("delete from group_member where xchan = '%s' and gid = %d and uid = %d", dbesc($mm['xchan']), intval($y['id']), intval($channel['channel_id']));
                                }
                            }
                        }
                    }
                }
            }
        }
        if (array_key_exists('profile', $arr) && is_array($arr['profile']) && count($arr['profile'])) {
            $disallowed = array('id', 'aid', 'uid');
            foreach ($arr['profile'] as $profile) {
                $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
                if (!$x) {
                    q("insert into profile ( profile_guid, aid, uid ) values ('%s', %d, %d)", dbesc($profile['profile_guid']), intval($channel['channel_account_id']), intval($channel['channel_id']));
                    $x = q("select * from profile where profile_guid = '%s' and uid = %d limit 1", dbesc($profile['profile_guid']), intval($channel['channel_id']));
                    if (!$x) {
                        continue;
                    }
                }
                $clean = array();
                foreach ($profile as $k => $v) {
                    if (in_array($k, $disallowed)) {
                        continue;
                    }
                    $clean[$k] = $v;
                    /**
                     * @TODO check if these are allowed, otherwise we'll error
                     * We also need to import local photos if a custom photo is selected
                     */
                }
                if (count($clean)) {
                    foreach ($clean as $k => $v) {
                        $r = dbq("UPDATE profile set `" . dbesc($k) . "` = '" . dbesc($v) . "' where profile_guid = '" . dbesc($profile['profile_guid']) . "' and uid = " . intval($channel['channel_id']));
                    }
                }
            }
        }
        if (array_key_exists('item', $arr) && $arr['item']) {
            sync_items($channel, $arr['item']);
        }
        if (array_key_exists('item_id', $arr) && $arr['item_id']) {
            sync_items($channel, $arr['item_id']);
        }
        $addon = array('channel' => $channel, 'data' => $arr);
        call_hooks('process_channel_sync_delivery', $addon);
        // we should probably do this for all items, but usually we only send one.
        require_once 'include/DReport.php';
        if (array_key_exists('item', $arr) && is_array($arr['item'][0])) {
            $DR = new DReport(z_root(), $d['hash'], $d['hash'], $arr['item'][0]['message_id'], 'channel sync processed');
            $DR->addto_recipient($channel['channel_name'] . ' <' . $channel['channel_address'] . '@' . get_app()->get_hostname() . '>');
        } else {
            $DR = new DReport(z_root(), $d['hash'], $d['hash'], 'sync packet', 'channel sync delivered');
        }
        $result[] = $DR->get();
    }
    return $result;
}
Ejemplo n.º 28
0
Archivo: manage.php Proyecto: Mauru/red
function manage_content(&$a)
{
    if (!get_account_id()) {
        notice(t('Permission denied.') . EOL);
        return;
    }
    require_once 'include/security.php';
    $change_channel = argc() > 1 ? intval(argv(1)) : 0;
    if (argc() > 2 && argv(2) === 'default') {
        $r = q("select channel_id from channel where channel_id = %d and channel_account_id = %d limit 1", intval($change_channel), intval(get_account_id()));
        if ($r) {
            q("update account set account_default_channel = %d where account_id = %d limit 1", intval($change_channel), intval(get_account_id()));
        }
        goaway(z_root() . '/manage');
    }
    if ($change_channel) {
        $r = change_channel($change_channel);
        if ($r && $r['channel_startpage']) {
            goaway(z_root() . '/' . $r['channel_startpage']);
        }
        goaway(z_root());
    }
    $channels = null;
    if (local_user()) {
        $r = q("select channel.*, xchan.* from channel left join xchan on channel.channel_hash = xchan.xchan_hash where channel.channel_account_id = %d and not ( channel_pageflags & %d ) order by channel_name ", intval(get_account_id()), intval(PAGE_REMOVED));
        $selected_channel = null;
        $account = get_app()->get_account();
        if ($r && count($r)) {
            $channels = $r;
            for ($x = 0; $x < count($channels); $x++) {
                $channels[$x]['link'] = 'manage/' . intval($channels[$x]['channel_id']);
                if ($channels[$x]['channel_id'] == local_user()) {
                    $selected_channel = $channels[$x];
                }
                $channels[$x]['default'] = $channels[$x]['channel_id'] == $account['account_default_channel'] ? "1" : '';
                $channels[$x]['default_links'] = '1';
                $c = q("SELECT id, item_restrict, item_flags FROM item\n\t\t\t\t\tWHERE (item_restrict = %d) and ( item_flags & %d ) and uid = %d", intval(ITEM_VISIBLE), intval(ITEM_UNSEEN), intval($channels[$x]['channel_id']));
                if ($c) {
                    foreach ($c as $it) {
                        if ($it['item_flags'] & ITEM_WALL) {
                            $channels[$x]['home']++;
                        } else {
                            $channels[$x]['network']++;
                        }
                    }
                }
                $intr = q("SELECT COUNT(abook.abook_id) AS total FROM abook left join xchan on abook.abook_xchan = xchan.xchan_hash where abook_channel = %d and (abook_flags & %d) and not ((abook_flags & %d) or (xchan_flags & %d))", intval($channels[$x]['channel_id']), intval(ABOOK_FLAG_PENDING), intval(ABOOK_FLAG_SELF | ABOOK_FLAG_IGNORED), intval(XCHAN_FLAGS_DELETED | XCHAN_FLAGS_ORPHAN));
                if ($intr) {
                    $channels[$x]['intros'] = intval($intr[0]['total']);
                }
                $mails = q("SELECT count(id) as total from mail WHERE channel_id = %d AND not (mail_flags & %d) and from_xchan != '%s' ", intval($channels[$x]['channel_id']), intval(MAIL_SEEN), dbesc($channels[$x]['channel_hash']));
                if ($mails) {
                    $channels[$x]['mail'] = intval($mails[0]['total']);
                }
                $events = q("SELECT type, start, adjust FROM `event`\n\t\t\t\t\tWHERE `event`.`uid` = %d AND start < '%s' AND start > '%s' and `ignore` = 0\n\t\t\t\t\tORDER BY `start` ASC ", intval($channels[$x]['channel_id']), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now + 7 days')), dbesc(datetime_convert('UTC', date_default_timezone_get(), 'now - 1 days')));
                if ($events) {
                    $channels[$x]['all_events'] = count($events);
                    if ($channels[$x]['all_events']) {
                        $str_now = datetime_convert('UTC', date_default_timezone_get(), 'now', 'Y-m-d');
                        foreach ($events as $e) {
                            $bd = false;
                            if ($e['type'] === 'birthday') {
                                $channels[$x]['birthdays']++;
                                $bd = true;
                            } else {
                                $channels[$x]['events']++;
                            }
                            if (datetime_convert('UTC', intval($e['adjust']) ? date_default_timezone_get() : 'UTC', $e['start'], 'Y-m-d') === $str_now) {
                                $channels[$x]['all_events_today']++;
                                if ($bd) {
                                    $channels[$x]['birthdays_today']++;
                                } else {
                                    $channels[$x]['events_today']++;
                                }
                            }
                        }
                    }
                }
            }
        }
        $r = q("select count(channel_id) as total from channel where channel_account_id = %d and not ( channel_pageflags & %d )", intval(get_account_id()), intval(PAGE_REMOVED));
        $limit = service_class_fetch(local_user(), 'total_identities');
        if ($limit !== false) {
            $channel_usage_message = sprintf(t("You have created %1\$.0f of %2\$.0f allowed channels."), $r[0]['total'], $limit);
        } else {
            $channel_usage_message = '';
        }
    }
    $links = array(array('new_channel', t('Create a new channel'), t('Create a new channel')));
    $o = replace_macros(get_markup_template('channels.tpl'), array('$header' => t('Channel Manager'), '$msg_selected' => t('Current Channel'), '$selected' => $selected_channel, '$desc' => t('Attach to one of your channels by selecting it.'), '$msg_default' => t('Default Channel'), '$msg_make_default' => t('Make Default'), '$links' => $links, '$all_channels' => $channels, '$channel_usage_message' => $channel_usage_message));
    return $o;
}
Ejemplo n.º 29
0
function widget_follow($args)
{
    if (!local_user()) {
        return '';
    }
    $a = get_app();
    $uid = $a->channel['channel_id'];
    $r = q("select count(*) as total from abook where abook_channel = %d and not (abook_flags & %d) ", intval($uid), intval(ABOOK_FLAG_SELF));
    if ($r) {
        $total_channels = $r[0]['total'];
    }
    $limit = service_class_fetch($uid, 'total_channels');
    if ($limit !== false) {
        $abook_usage_message = sprintf(t("You have %1\$.0f of %2\$.0f allowed connections."), $total_channels, $limit);
    } else {
        $abook_usage_message = '';
    }
    return replace_macros(get_markup_template('follow.tpl'), array('$connect' => t('Add New Connection'), '$desc' => t('Enter the channel address'), '$hint' => t('Example: bob@example.com, http://example.com/barbara'), '$follow' => t('Connect'), '$abook_usage_message' => $abook_usage_message));
}
Ejemplo n.º 30
0
/**
 * @brief
 *
 * @param array $channel
 * @param array $observer
 * @param array $args
 * @return array
 */
function photo_upload($channel, $observer, $args)
{
    $ret = array('success' => false);
    $channel_id = $channel['channel_id'];
    $account_id = $channel['channel_account_id'];
    if (!perm_is_allowed($channel_id, $observer['xchan_hash'], 'write_storage')) {
        $ret['message'] = t('Permission denied.');
        return $ret;
    }
    //	call_hooks('photo_upload_begin', $args);
    /*
     * Determine the album to use
     */
    $album = $args['album'];
    if (intval($args['visible']) || $args['visible'] === 'true') {
        $visible = 1;
    } else {
        $visible = 0;
    }
    // Set to default channel permissions. If the parent directory (album) has permissions set,
    // use those instead. If we have specific permissions supplied, they take precedence over
    // all other settings. 'allow_cid' being passed from an external source takes priority over channel settings.
    // ...messy... needs re-factoring once the photos/files integration stabilises
    $acl = new AccessList($channel);
    if (array_key_exists('directory', $args) && $args['directory']) {
        $acl->set($args['directory']);
    }
    if (array_key_exists('allow_cid', $args)) {
        $acl->set($args);
    }
    if (array_key_exists('group_allow', $args) || array_key_exists('contact_allow', $args) || array_key_exists('group_deny', $args) || array_key_exists('contact_deny', $args)) {
        $acl->set_from_array($args);
    }
    $ac = $acl->get();
    $os_storage = 0;
    if ($args['os_path'] && $args['getimagesize']) {
        $imagedata = @file_get_contents($args['os_path']);
        $filename = $args['filename'];
        $filesize = strlen($imagedata);
        // this is going to be deleted if it exists
        $src = '/tmp/deletemenow';
        $type = $args['getimagesize']['mime'];
        $os_storage = 1;
    } elseif ($args['data']) {
        // allow an import from a binary string representing the image.
        // This bypasses the upload step and max size limit checking
        $imagedata = $args['data'];
        $filename = $args['filename'];
        $filesize = strlen($imagedata);
        // this is going to be deleted if it exists
        $src = '/tmp/deletemenow';
        $type = $args['type'];
    } else {
        $f = array('src' => '', 'filename' => '', 'filesize' => 0, 'type' => '');
        //		call_hooks('photo_upload_file',$f);
        if (x($f, 'src') && x($f, 'filesize')) {
            $src = $f['src'];
            $filename = $f['filename'];
            $filesize = $f['filesize'];
            $type = $f['type'];
        } else {
            $src = $_FILES['userfile']['tmp_name'];
            $filename = basename($_FILES['userfile']['name']);
            $filesize = intval($_FILES['userfile']['size']);
            $type = $_FILES['userfile']['type'];
        }
        if (!$type) {
            $type = guess_image_type($filename);
        }
        logger('photo_upload: received file: ' . $filename . ' as ' . $src . ' (' . $type . ') ' . $filesize . ' bytes', LOGGER_DEBUG);
        $maximagesize = get_config('system', 'maximagesize');
        if ($maximagesize && $filesize > $maximagesize) {
            $ret['message'] = sprintf(t('Image exceeds website size limit of %lu bytes'), $maximagesize);
            @unlink($src);
            call_hooks('photo_upload_end', $ret);
            return $ret;
        }
        if (!$filesize) {
            $ret['message'] = t('Image file is empty.');
            @unlink($src);
            call_hooks('photo_post_end', $ret);
            return $ret;
        }
        logger('photo_upload: loading the contents of ' . $src, LOGGER_DEBUG);
        $imagedata = @file_get_contents($src);
    }
    $r = q("select sum(size) as total from photo where aid = %d and scale = 0 ", intval($account_id));
    $limit = service_class_fetch($channel_id, 'photo_upload_limit');
    if ($r && $limit !== false && $r[0]['total'] + strlen($imagedata) > $limit) {
        $ret['message'] = upgrade_message();
        @unlink($src);
        call_hooks('photo_post_end', $ret);
        return $ret;
    }
    $ph = photo_factory($imagedata, $type);
    if (!$ph->is_valid()) {
        $ret['message'] = t('Unable to process image');
        logger('photo_upload: unable to process image');
        @unlink($src);
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    $exif = $ph->orient($args['os_path'] ? $args['os_path'] : $src);
    @unlink($src);
    $max_length = get_config('system', 'max_image_length');
    if (!$max_length) {
        $max_length = MAX_IMAGE_LENGTH;
    }
    if ($max_length > 0) {
        $ph->scaleImage($max_length);
    }
    $width = $ph->getWidth();
    $height = $ph->getHeight();
    $smallest = 0;
    $photo_hash = $args['resource_id'] ? $args['resource_id'] : photo_new_resource();
    $visitor = '';
    if ($channel['channel_hash'] !== $observer['xchan_hash']) {
        $visitor = $observer['xchan_hash'];
    }
    $errors = false;
    $p = array('aid' => $account_id, 'uid' => $channel_id, 'xchan' => $visitor, 'resource_id' => $photo_hash, 'filename' => $filename, 'album' => $album, 'scale' => 0, 'photo_usage' => PHOTO_NORMAL, 'allow_cid' => $ac['allow_cid'], 'allow_gid' => $ac['allow_gid'], 'deny_cid' => $ac['deny_cid'], 'deny_gid' => $ac['deny_gid'], 'os_storage' => $os_storage, 'os_path' => $args['os_path']);
    if ($args['created']) {
        $p['created'] = $args['created'];
    }
    if ($args['edited']) {
        $p['edited'] = $args['edited'];
    }
    if ($args['title']) {
        $p['title'] = $args['title'];
    }
    if ($args['description']) {
        $p['description'] = $args['description'];
    }
    $r1 = $ph->save($p);
    if (!$r1) {
        $errors = true;
    }
    unset($p['os_storage']);
    unset($p['os_path']);
    if (($width > 640 || $height > 640) && !$errors) {
        $ph->scaleImage(640);
        $p['scale'] = 1;
        $r2 = $ph->save($p);
        $smallest = 1;
        if (!$r2) {
            $errors = true;
        }
    }
    if (($width > 320 || $height > 320) && !$errors) {
        $ph->scaleImage(320);
        $p['scale'] = 2;
        $r3 = $ph->save($p);
        $smallest = 2;
        if (!$r3) {
            $errors = true;
        }
    }
    if ($errors) {
        q("delete from photo where resource_id = '%s' and uid = %d", dbesc($photo_hash), intval($channel_id));
        $ret['message'] = t('Photo storage failed.');
        logger('photo_upload: photo store failed.');
        call_hooks('photo_upload_end', $ret);
        return $ret;
    }
    // This will be the width and height of the smallest representation
    $width_x_height = $ph->getWidth() . 'x' . $ph->getHeight();
    // Create item container
    $item_hidden = $visible ? 0 : 1;
    $lat = $lon = null;
    if ($exif && $exif['GPS']) {
        if (feature_enabled($channel_id, 'photo_location')) {
            $lat = getGps($exif['GPS']['GPSLatitude'], $exif['GPS']['GPSLatitudeRef']);
            $lon = getGps($exif['GPS']['GPSLongitude'], $exif['GPS']['GPSLongitudeRef']);
        }
    }
    if ($args['item']) {
        foreach ($args['item'] as $i) {
            $item = get_item_elements($i);
            $force = false;
            if ($item['mid'] === $item['parent_mid']) {
                $item['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
                if ($item['author_xchan'] === $channel['channel_hash']) {
                    $item['sig'] = base64url_encode(rsa_sign($item['body'], $channel['channel_prvkey']));
                    $item['item_verified'] = 1;
                } else {
                    $item['sig'] = '';
                }
                $force = true;
            }
            $r = q("select id, edited from item where mid = '%s' and uid = %d limit 1", dbesc($item['mid']), intval($channel['channel_id']));
            if ($r) {
                if ($item['edited'] > $r[0]['edited'] || $force) {
                    $item['id'] = $r[0]['id'];
                    $item['uid'] = $channel['channel_id'];
                    item_store_update($item);
                    continue;
                }
            } else {
                $item['aid'] = $channel['channel_account_id'];
                $item['uid'] = $channel['channel_id'];
                $item_result = item_store($item);
            }
        }
    } else {
        $title = '';
        $mid = item_message_id();
        $arr = array();
        if ($lat && $lon) {
            $arr['coord'] = $lat . ' ' . $lon;
        }
        $arr['aid'] = $account_id;
        $arr['uid'] = $channel_id;
        $arr['mid'] = $mid;
        $arr['parent_mid'] = $mid;
        $arr['item_hidden'] = $item_hidden;
        $arr['resource_type'] = 'photo';
        $arr['resource_id'] = $photo_hash;
        $arr['owner_xchan'] = $channel['channel_hash'];
        $arr['author_xchan'] = $observer['xchan_hash'];
        $arr['title'] = $title;
        $arr['allow_cid'] = $ac['allow_cid'];
        $arr['allow_gid'] = $ac['allow_gid'];
        $arr['deny_cid'] = $ac['deny_cid'];
        $arr['deny_gid'] = $ac['deny_gid'];
        $arr['verb'] = ACTIVITY_POST;
        $arr['item_wall'] = 1;
        $arr['item_origin'] = 1;
        $arr['item_thread_top'] = 1;
        $arr['item_private'] = intval($acl->is_private());
        $arr['plink'] = z_root() . '/channel/' . $channel['channel_address'] . '/?f=&mid=' . $arr['mid'];
        // We should also put a width_x_height on large photos. Left as an exercise for
        // devs looking for simple stuff to fix.
        $larger = feature_enabled($channel['channel_id'], 'large_photos');
        if ($larger) {
            $tag = '[zmg]';
            if ($r2) {
                $smallest = 1;
            } else {
                $smallest = 0;
            }
        } else {
            if ($width_x_height) {
                $tag = '[zmg=' . $width_x_height . ']';
            } else {
                $tag = '[zmg]';
            }
        }
        $arr['body'] = '[zrl=' . z_root() . '/photos/' . $channel['channel_address'] . '/image/' . $photo_hash . ']' . $tag . z_root() . "/photo/{$photo_hash}-{$smallest}." . $ph->getExt() . '[/zmg]' . '[/zrl]';
        $result = item_store($arr);
        $item_id = $result['item_id'];
        if ($visible) {
            proc_run('php', "include/notifier.php", 'wall-new', $item_id);
        }
    }
    $ret['success'] = true;
    $ret['item'] = $arr;
    $ret['body'] = $arr['body'];
    $ret['resource_id'] = $photo_hash;
    $ret['photoitem_id'] = $item_id;
    call_hooks('photo_upload_end', $ret);
    return $ret;
}